phil/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bca7e7dbaef35a72420b9ad47e76495854c435e7
ansible/README.md
T
Phillip Skentelbery bca7e7dbae update documentation and config to reflect 21 active services 
Removed references to 9 decommissioned services from CLAUDE.md,
README.md, domains.yml, services.yml, and Glance release tracking.
Added services tag and Cronmaster to docs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-05 22:43:01 -06:00

158 lines
5.0 KiB
Markdown
Raw Blame History

# Personal Infrastructure Ansible Playbook
This Ansible playbook automates the setup and management of a personal self-hosted infrastructure running Docker containers for various services.
## Overview
The playbook manages two main environments:
- **Bootstrap server** (`netcup`): Initial server setup with Tailscale VPN
- **Docker server** (`docker-01`): Main application server running containerized services
## Services Deployed
The Docker role deploys and manages 21 self-hosted services organized into logical categories:
### Infrastructure
- **Caddy** (Reverse proxy with automatic HTTPS)
- **Authentik** (SSO/Identity Provider)
- **Dockge** (Container management)
### Development
- **Gitea** (Git repository hosting)
- **ByteStash** (Code snippet management)
### Media
- **Audiobookshelf** (Audiobook server)
- **Calibre** (E-book management)
- **Karakeep** (Bookmark manager, formerly Hoarder)
- **Manyfold** (3D model organizer)
### Productivity
- **Paperless-NGX** (Document management)
- **Baikal** (CalDAV/CardDAV server)
- **Syncthing** (File synchronization)
- **HeyForm** (Form builder)
- **Dawarich** (Location tracking)
- **Obsidian LiveSync** (Note synchronization)
### Communication
- **GoToSocial** (Fediverse/Mastodon)
### Monitoring
- **Changedetection** (Website change monitoring)
- **Glance** (Dashboard)
- **AppriseAPI** (Notification service)
- **Gotify** (Push notifications)
- **Cronmaster** (Scheduled container tasks)
## Structure
```
├── site.yml # Main playbook
├── bootstrap.yml # Server bootstrap playbook
├── dns.yml # AWS Route53 DNS management
├── hosts.yml # Inventory file
├── requirements.yml # External role dependencies
└── roles/
├── bootstrap/ # Initial server setup
├── common/ # Common server configuration
├── cron/ # Scheduled tasks
└── docker/ # Docker services deployment
```
## Roles Documentation
Each role has detailed documentation in its respective directory:
### [Bootstrap Role](roles/bootstrap/README.md)
Performs initial server setup and hardening:
- Creates user accounts with SSH key authentication
- Configures passwordless sudo and security hardening
- Installs essential packages and configures UFW firewall
- Sets up Tailscale VPN for secure network access
### [Common Role](roles/common/README.md)
Provides shared configuration for all servers:
- Installs common packages (aptitude)
- Enables UFW firewall with default deny policy
- Ensures consistent base configuration across infrastructure
### [Cron Role](roles/cron/README.md)
Manages scheduled tasks and automation:
- **Warhammer RSS Feed Updater**: Daily job that generates and updates RSS feeds
- Integrates with Docker services for content generation
- Supports easy addition of new scheduled tasks
### [Docker Role](roles/docker/README.md)
The most comprehensive role, deploying 21 containerized services organized into logical categories:
- **Infrastructure**: Caddy reverse proxy, Authentik SSO, Dockge management
- **Development**: Gitea, ByteStash
- **Media**: Audiobookshelf, Calibre, Karakeep, Manyfold
- **Productivity**: Paperless-NGX, Baikal, Syncthing, HeyForm, Dawarich, Obsidian LiveSync
- **Communication**: GoToSocial
- **Monitoring**: Glance dashboard, Changedetection, AppriseAPI, Gotify, Cronmaster
- **Template-Driven**: All services use Jinja2 templates for consistent configuration
- **Category-Based Deployment**: Deploy services by category using Ansible tags
## Usage
### Prerequisites
1. Install Ansible and required collections:
```bash
ansible-galaxy install -r requirements.yml
```
2. Configure your inventory in `hosts.yml` with your server details
### Bootstrap a New Server
```bash
ansible-playbook bootstrap.yml -i hosts.yml
```
This will:
- Create a user account
- Install and configure Tailscale VPN
- Set up basic security
### Deploy Docker Services
```bash
ansible-playbook site.yml -i hosts.yml
```
Deploy specific services using tags:
```bash
# Deploy by service category
ansible-playbook site.yml -i hosts.yml --tags infrastructure
ansible-playbook site.yml -i hosts.yml --tags media,productivity
# Deploy all services (skips system setup)
ansible-playbook site.yml -i hosts.yml --tags services
# Deploy individual services
ansible-playbook site.yml -i hosts.yml --tags caddy
ansible-playbook site.yml -i hosts.yml --tags authentik
```
### Manage DNS Records
```bash
ansible-playbook dns.yml -i hosts.yml
```
Updates AWS Route53 DNS records for configured domains (`thesatelliteoflove.com` and `nerder.land`).
## Configuration
- Service configurations are templated in `roles/docker/templates/`
- Environment variables and secrets should be managed through Ansible Vault
- Docker Compose files are generated from Jinja2 templates
## Security Notes
- Uses Tailscale for secure network access
- Caddy provides automatic HTTPS with Let's Encrypt
- Services are containerized for isolation
- UFW firewall rules are managed via Docker integration
Reference in New Issue View Git Blame Copy Permalink