Ansible Playbook for Servers of BananaNetwork
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Felix Stupp 67deed23a0
server/nextcloud: Remove become_user at include_tasks
Raised error
5 years ago
.vscode vscode: Restricted excluding of links in playbooks dir 5 years ago
group_vars Reworked wireguard configurations 5 years ago
helpers
host_vars Configured wireguard ip addresses for hosts 5 years ago
playbooks Reworked wireguard configurations 5 years ago
roles server/nextcloud: Remove become_user at include_tasks 5 years ago
.gitignore gitignore: Added facts directory 5 years ago
README.md Added role ip_discover 5 years ago
ansible.cfg ansible.cfg: Enabled force_handlers 5 years ago
credentials.tar.gpg Refreshed credentials 5 years ago
hosts hosts: Added wireguard_backbones group 5 years ago
makefile makefile: Added rules for load/store credentials 5 years ago
site.yml Disable keys server at nvak 5 years ago

README.md

Playbook for BananaNetwork

This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.

Roles

Following roles have been defined to make creating a server configuration easy:

  • account installs an user account preconfigured with tmux, vim and zsh.
  • acme defines roles for handling the automatic handling of certificates with acme.sh
    • application installs main application
    • certificate issues a given certificate
  • bootstrap defines a way to connect to a server which has not been configured yet
  • common defines the installation of common packages and common configurations like firewall
  • dns defines roles for handling dns authorities and slaves, uses bind9
    • application installs main application
    • master configures a dns authority with support of DNSSEC for a domain
    • slave configures an automatic cloning slave for a domain
  • git_auto_update adds an auto update mechanism for a git repository based on signed release tags
  • hostname configures the hostname for a given host
  • misc contains some required but small roles
    • deb_unstable enables debian unstable on low priority
    • handlers contains some handlers used by other roles
    • ip_discover configures a server to automatically send its ip addresses to a supported service
    • system_user creates a system user
  • mysql defines roles for handling mysql databases and users, uses MariaDB
    • application installs the main application with automatic backup
    • database configures a database for an external application with its own user
  • nginx defines roles to set up virtual servers, certificates will be requested by default
    • application installs and configures the main requirements
    • forward sets up a forwarding from one domain to another
    • php-fpm installs php-fpm and requirements
    • php-pool sets up a php-fpm pool running its own user account
    • php sets up a PHP webpage with files at the given directory
    • proxy sets up a reverse proxy to a local port / proxy
    • server sets up a nginx server with custom directives
    • static sets up a static web root
    • upstream sets up an upstream accessible to nginx servers
  • node defines roles for setting up node applications
    • application installs the main application
  • server defines roles using different kind of server applications, applications will be configured using separated system users
    • firefox-sync sets up a Firefox sync server for bookmarks, history, etc.
    • gitea sets up a git repository using Gitea as web overlay
    • nextcloud sets up a cloud storage using NextCloud
    • node sets up a Node.js server from a repository with a database expecting it can be configured by command arguments
    • spotme sets up a SpotMe server
    • static sets up a static virtual server with files from a repository
  • wireguard defines roles to handle a WireGuard configuration across different servers
    • application installs and configures the main application
    • special_client creates a configuration for a device not configurable by Ansible and stores it locally