# Playbook for BananaNetwork This playbook defines the configuration for all servers / devices controlled by the BananaNetwork. All systems are expected to run a Debian GNU/Linux or a similiar distribution. ## Roles Following roles have been defined for making a server configuration easy: - **account** installs an user account preconfigured with tmux, vim and zsh. - **acme** defines roles for handling the automatic handling of certificates with *certbot* - **application** installs main application - **certificate** issues a given certificate - **bootstrap** defines a way to connect to a server which has not been configured yet, changes user password and hardening SSH access - **common** defines the installation of common packages and common configurations like firewall - **dns** defines roles for handling dns authorities and slaves, uses *bind9* - **application** installs main application (installs from bind9 official repository) - **entries** configures given dns entries on authoritive dns server (authoritive must be configured by this repository) - **master** configures a dns authority with support of DNSSEC for a domain - **server_entries** configures default A/AAAA/SSHFP and additional records for current host and given domain (uses **dns/entries**) - **slave** configures an automatic cloning slave for a domain - **fail2ban** defines roles for configuring fail2ban for different systems - **application** installs main application - **rule** configures a filter + jail for a given server / use case - **git_auto_update** adds an auto update mechanism for a git repository based on signed release tags - **hostname** configures the hostname for a given host - **misc** contains some required but small roles - **backup_files** configures auto backup for a given directory - **deb_unstable** enables Debian unstable on low priority - **docker** installs *Docker* (from official Docker repository) - **handlers** contains some handlers used by other roles - **ip_discover** configures a server to automatically discover its ip addresses to a supported service - **system_user** creates a system user - **mysql** defines roles for handling mysql databases and users, uses *MariaDB* - **application** installs the main application with automatic backup - **backup_database** configures auto backup for a given mysql database - **database** configures a database for an external application with its own user (uses **mysql/backup_database**) - **nginx** defines roles to set up virtual servers, certificates will be requested by default - **application** installs and configures the main requirements - **default_server** configures default server for hostname fqdn with status info (only accessable from localhost) - **forward** sets up a forwarding from one domain to another - **php** sets up a PHP webpage with files at the given directory - **php-fpm** installs php-fpm and requirements - **php-pool** sets up a php-fpm pool running its own user account - **proxy** sets up a reverse proxy to a local port / proxy - **server** sets up a nginx server with custom directives - **static** sets up a static web root - **upstream** sets up an upstream accessible to nginx virtual servers - **node** defines roles for setting up node applications - **application** installs node (installs from node official repository) - **server** defines roles using different kind of server applications, applications will be configured using separated system users - **firefox-sync** sets up a Firefox sync server for bookmarks, history, etc. - **gitea** sets up a git repository using *Gitea* as web overlay (fail2ban) - **minecraft** sets up a Minecraft server at the given version (AppArmor, no Web UI) - **nextcloud** sets up a cloud storage using *NextCloud* - **node** sets up a *Node.js* server from a repository with a database expecting it can be configured using environment variables - **spotme** sets up a SpotMe server - **static** sets up a static virtual server with files from a repository - **tt-rss** sets up a Tiny Tiny RSS Feed Reader server - **wireguard** defines roles to handle a *WireGuard* configuration across different servers - **application** installs and configures the main application - **backbone** configures a system to allow all other *WireGuard* systems to connect to this server - **client** configures a system to connect to *WireGuard* backbones - **handlers** contains special handlers effecting all *WireGuard* backbones and clients - **special_client** creates a configuration for a device not configurable by Ansible and stores it locally ## License This repository is licensed under MIT. This configuration comes with no warranty.