phil/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
166 Commits 3 Branches 0 Tags
bbb9f50eff020bd62ffd88134b12a2bd532af2a1
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Personal Infrastructure Ansible Playbook

This Ansible playbook automates the setup and management of a personal self-hosted infrastructure running Docker containers for various services.

Overview

The playbook manages two main environments:

  • Bootstrap server (netcup): Initial server setup with Tailscale VPN
  • Docker server (docker-01): Main application server running containerized services

Services Deployed

The Docker role deploys and manages 27 self-hosted services organized into logical categories:

Infrastructure

  • Caddy (Reverse proxy with automatic HTTPS)
  • Authentik (SSO/Identity Provider)
  • Dockge (Container management)

Development

  • Gitea (Git repository hosting)
  • Code Server (VS Code in browser)
  • ByteStash (Code snippet management)

Media

  • Audiobookshelf (Audiobook server)
  • Calibre (E-book management)
  • Ghost (Blog platform)
  • Pinchflat (Media downloader)
  • Pinry (Pinterest-like board)
  • Hoarder (Bookmark manager)
  • Manyfold (3D model organizer)

Productivity

  • Paperless-NGX (Document management)
  • MMDL (Task management)
  • Baikal (CalDAV/CardDAV server)
  • Syncthing (File synchronization)
  • HeyForm (Form builder)
  • Dawarich (Location tracking)
  • Palmr (File sharing)
  • Obsidian LiveSync (Note synchronization)

Communication

  • GoToSocial (Fediverse/Mastodon)
  • Postiz (Social media management)

Monitoring

  • Changedetection (Website change monitoring)
  • Glance (Dashboard)
  • AppriseAPI (Notification service)
  • Gotify (Push notifications)

Structure

├── site.yml           # Main playbook
├── bootstrap.yml      # Server bootstrap playbook
├── dns.yml           # AWS Route53 DNS management
├── hosts.yml         # Inventory file
├── requirements.yml  # External role dependencies
└── roles/
    ├── bootstrap/    # Initial server setup
    ├── common/       # Common server configuration
    ├── cron/         # Scheduled tasks
    └── docker/       # Docker services deployment

Roles Documentation

Each role has detailed documentation in its respective directory:

Bootstrap Role

Performs initial server setup and hardening:

  • Creates user accounts with SSH key authentication
  • Configures passwordless sudo and security hardening
  • Installs essential packages and configures UFW firewall
  • Sets up Tailscale VPN for secure network access

Common Role

Provides shared configuration for all servers:

  • Installs common packages (aptitude)
  • Enables UFW firewall with default deny policy
  • Ensures consistent base configuration across infrastructure

Cron Role

Manages scheduled tasks and automation:

  • Warhammer RSS Feed Updater: Daily job that generates and updates RSS feeds
  • Integrates with Docker services for content generation
  • Supports easy addition of new scheduled tasks

Docker Role

The most comprehensive role, deploying 25 containerized services organized into logical categories:

  • Infrastructure: Caddy reverse proxy, Authentik SSO, Dockge management
  • Development: Gitea, Code Server, Matrix communication
  • Media: Audiobookshelf, Calibre, Ghost blog, Pinchflat, and more
  • Productivity: Paperless-NGX, MMDL task management, Baikal calendar
  • Communication: GoToSocial, Postiz social media management
  • Monitoring: Glance dashboard, Changedetection, AppriseAPI notifications
  • Template-Driven: All services use Jinja2 templates for consistent configuration
  • Category-Based Deployment: Deploy services by category using Ansible tags

Usage

Prerequisites

  1. Install Ansible and required collections:

    ansible-galaxy install -r requirements.yml

  2. Configure your inventory in hosts.yml with your server details

Bootstrap a New Server

ansible-playbook bootstrap.yml -i hosts.yml

This will:

  • Create a user account
  • Install and configure Tailscale VPN
  • Set up basic security

Deploy Docker Services

ansible-playbook site.yml -i hosts.yml

Deploy specific services using tags:

# Deploy by service category
ansible-playbook site.yml -i hosts.yml --tags infrastructure
ansible-playbook site.yml -i hosts.yml --tags media,productivity

# Deploy individual services
ansible-playbook site.yml -i hosts.yml --tags caddy
ansible-playbook site.yml -i hosts.yml --tags authentik
ansible-playbook site.yml -i hosts.yml --tags mmdl

Manage DNS Records

ansible-playbook dns.yml -i hosts.yml

Updates AWS Route53 DNS records for configured domains (thesatelliteoflove.com and nerder.land).

Configuration

  • Service configurations are templated in roles/docker/templates/
  • Environment variables and secrets should be managed through Ansible Vault
  • Docker Compose files are generated from Jinja2 templates

Security Notes

  • Uses Tailscale for secure network access
  • Caddy provides automatic HTTPS with Let's Encrypt
  • Services are containerized for isolation
  • UFW firewall rules are managed via Docker integration
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 632 KiB
Languages
Jinja 76.9%
Shell 23.1%