Ansible Playbook for Servers of BananaNetwork
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Felix Stupp 02fe2cfbc6
gitignore: Allow README files in fact directories
5 years ago
.vscode
group_vars group os_debian: Force python3 interpreter to be used 5 years ago
helpers
host_vars
misc/blocklists blocklists/ipv4: Added North Korean IP subnets 5 years ago
playbooks server/{linx,spotme}: Removed default bind_port 5 years ago
roles common: Used variable global_ssh_key_directory for public_keys path 5 years ago
.gitignore gitignore: Allow README files in fact directories 5 years ago
README.md
ansible.cfg ansible.cfg: Changed type of python detection 5 years ago
credentials.tar.gpg
hosts.py
hosts.yml
makefile
site.yml global vars: Added var for username "zocker" 5 years ago

README.md

Playbook for BananaNetwork

This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.

Roles

Following roles have been defined to make creating a server configuration easy:

  • account installs an user account preconfigured with tmux, vim and zsh.
  • acme defines roles for handling the automatic handling of certificates with acme.sh
    • application installs main application
    • certificate issues a given certificate
  • bootstrap defines a way to connect to a server which has not been configured yet
  • common defines the installation of common packages and common configurations like firewall
  • dns defines roles for handling dns authorities and slaves, uses bind9
    • application installs main application
    • master configures a dns authority with support of DNSSEC for a domain
    • slave configures an automatic cloning slave for a domain
  • git_auto_update adds an auto update mechanism for a git repository based on signed release tags
  • hostname configures the hostname for a given host
  • misc contains some required but small roles
    • backup_files configures auto backup for a given directory
    • deb_unstable enables debian unstable on low priority
    • docker installs Docker
    • handlers contains some handlers used by other roles
    • ip_discover configures a server to automatically send its ip addresses to a supported service
    • system_user creates a system user
  • mysql defines roles for handling mysql databases and users, uses MariaDB
    • application installs the main application with automatic backup
    • backup_database configures auto backup for a given mysql database
    • database configures a database for an external application with its own user
  • nginx defines roles to set up virtual servers, certificates will be requested by default
    • application installs and configures the main requirements
    • forward sets up a forwarding from one domain to another
    • php-fpm installs php-fpm and requirements
    • php-pool sets up a php-fpm pool running its own user account
    • php sets up a PHP webpage with files at the given directory
    • proxy sets up a reverse proxy to a local port / proxy
    • server sets up a nginx server with custom directives
    • static sets up a static web root
    • upstream sets up an upstream accessible to nginx servers
  • node defines roles for setting up node applications
    • application installs the main application
  • server defines roles using different kind of server applications, applications will be configured using separated system users
    • firefox-sync sets up a Firefox sync server for bookmarks, history, etc.
    • gitea sets up a git repository using Gitea as web overlay
    • minecraft sets up a Minecraft server at the given version (AppArmor, no Web UI)
    • nextcloud sets up a cloud storage using NextCloud
    • node sets up a Node.js server from a repository with a database expecting it can be configured by command arguments
    • spotme sets up a SpotMe server
    • static sets up a static virtual server with files from a repository
    • tt-rss sets up a Tiny Tiny RSS Feed Reader Server
  • wireguard defines roles to handle a WireGuard configuration across different servers
    • application installs and configures the main application
    • backbone configures a system to allow all other WireGuard systems to connect to this server
    • client configures a system to connect to WireGuard backbones
    • handlers contains special handlers effecting all WireGuard backbones and clients
    • special_client creates a configuration for a device not configurable by Ansible and stores it locally