Phil
7fdb52e91b
- Add main README with infrastructure overview and usage instructions - Document bootstrap role for server initialization and security hardening - Document common role for shared server configuration - Document cron role for scheduled tasks and automation - Document docker role with detailed service descriptions and deployment patterns - Include MMDL service documentation with setup requirements - Add troubleshooting guides and security considerations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
1.2 KiB
1.2 KiB
Bootstrap Role
Purpose
Performs initial server setup and hardening for new Ubuntu/Debian servers.
What It Does
User Management
- Creates a new user account with sudo privileges (specified by
created_usernamevariable) - Configures passwordless sudo for the sudo group
- Sets up SSH key authentication using your local
~/.ssh/id_ed25519.pubkey - Disables root password authentication
System Packages
- Installs
aptitudefor better package management - Installs essential packages:
curl- HTTP clientvim- Text editorgit- Version controlufw- Uncomplicated Firewall
Security Configuration
- Configures UFW firewall to:
- Allow SSH connections
- Enable firewall with default deny policy
- Hardens SSH configuration
Variables Required
created_username: The username to create (typically set in bootstrap.yml)tailscale_key: Tailscale authentication key (prompted during playbook run)
Dependencies
- Requires the
artis3n.tailscalerole for VPN setup - Requires your SSH public key at
~/.ssh/id_ed25519.pub
Usage
ansible-playbook bootstrap.yml -i hosts.yml
This role is designed to be run once on a fresh server before deploying other services.