Ansible Playbook for Servers of BananaNetwork
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Felix Stupp 72ee42d539
dns/master: Allow configure default ttl
4 years ago
.vscode vscode configuration: Fixed path to python3 executable for syntax check 5 years ago
group_vars dns/application: Added configuration for session-key 4 years ago
host_vars Renamed zone khitomer to eridon 5 years ago
misc/blocklists blocklists: Added ipv4 of known SemrushBots 5 years ago
playbooks Added role nginx/default_server 5 years ago
public_keys Added role dns/entries for configuring dns entries 5 years ago
roles dns/master: Allow configure default ttl 4 years ago
.gitignore public_keys: Allow scripts in gitignore for usage in Ansible 5 years ago
README.md README: Added description for mysql/backup_database 5 years ago
ansible.cfg ansible.cfg: Changed type of python detection 5 years ago
credentials.tar.gpg Updated credentials 5 years ago
hosts.py hosts.py: Added missing json.dumps 5 years ago
hosts.yml Added group contabo_vserver 5 years ago
makefile makefile: Added rules for load/store credentials 5 years ago
site.yml site: Extracted playbook local.yml 5 years ago

README.md

Playbook for BananaNetwork

This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.

Roles

Following roles have been defined to make creating a server configuration easy:

  • account installs an user account preconfigured with tmux, vim and zsh.
  • acme defines roles for handling the automatic handling of certificates with acme.sh
    • application installs main application
    • certificate issues a given certificate
  • bootstrap defines a way to connect to a server which has not been configured yet
  • common defines the installation of common packages and common configurations like firewall
  • dns defines roles for handling dns authorities and slaves, uses bind9
    • application installs main application
    • master configures a dns authority with support of DNSSEC for a domain
    • slave configures an automatic cloning slave for a domain
  • git_auto_update adds an auto update mechanism for a git repository based on signed release tags
  • hostname configures the hostname for a given host
  • misc contains some required but small roles
    • backup_files configures auto backup for a given directory
    • deb_unstable enables debian unstable on low priority
    • docker installs Docker
    • handlers contains some handlers used by other roles
    • ip_discover configures a server to automatically send its ip addresses to a supported service
    • system_user creates a system user
  • mysql defines roles for handling mysql databases and users, uses MariaDB
    • application installs the main application with automatic backup
    • backup_database configures auto backup for a given mysql database
    • database configures a database for an external application with its own user
  • nginx defines roles to set up virtual servers, certificates will be requested by default
    • application installs and configures the main requirements
    • forward sets up a forwarding from one domain to another
    • php-fpm installs php-fpm and requirements
    • php-pool sets up a php-fpm pool running its own user account
    • php sets up a PHP webpage with files at the given directory
    • proxy sets up a reverse proxy to a local port / proxy
    • server sets up a nginx server with custom directives
    • static sets up a static web root
    • upstream sets up an upstream accessible to nginx servers
  • node defines roles for setting up node applications
    • application installs the main application
  • server defines roles using different kind of server applications, applications will be configured using separated system users
    • firefox-sync sets up a Firefox sync server for bookmarks, history, etc.
    • gitea sets up a git repository using Gitea as web overlay
    • minecraft sets up a Minecraft server at the given version (AppArmor, no Web UI)
    • nextcloud sets up a cloud storage using NextCloud
    • node sets up a Node.js server from a repository with a database expecting it can be configured by command arguments
    • spotme sets up a SpotMe server
    • static sets up a static virtual server with files from a repository
    • tt-rss sets up a Tiny Tiny RSS Feed Reader Server
  • wireguard defines roles to handle a WireGuard configuration across different servers
    • application installs and configures the main application
    • backbone configures a system to allow all other WireGuard systems to connect to this server
    • client configures a system to connect to WireGuard backbones
    • handlers contains special handlers effecting all WireGuard backbones and clients
    • special_client creates a configuration for a device not configurable by Ansible and stores it locally