You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Felix Stupp 72ee42d539 | 4 years ago | |
---|---|---|
.vscode | 5 years ago | |
group_vars | 4 years ago | |
host_vars | 5 years ago | |
misc/blocklists | 5 years ago | |
playbooks | 5 years ago | |
public_keys | 5 years ago | |
roles | 4 years ago | |
.gitignore | 5 years ago | |
README.md | 5 years ago | |
ansible.cfg | 5 years ago | |
credentials.tar.gpg | 5 years ago | |
hosts.py | 5 years ago | |
hosts.yml | 5 years ago | |
makefile | 5 years ago | |
site.yml | 5 years ago |
README.md
Playbook for BananaNetwork
This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.
Roles
Following roles have been defined to make creating a server configuration easy:
- account installs an user account preconfigured with tmux, vim and zsh.
- acme defines roles for handling the automatic handling of certificates with acme.sh
- application installs main application
- certificate issues a given certificate
- bootstrap defines a way to connect to a server which has not been configured yet
- common defines the installation of common packages and common configurations like firewall
- dns defines roles for handling dns authorities and slaves, uses bind9
- application installs main application
- master configures a dns authority with support of DNSSEC for a domain
- slave configures an automatic cloning slave for a domain
- git_auto_update adds an auto update mechanism for a git repository based on signed release tags
- hostname configures the hostname for a given host
- misc contains some required but small roles
- backup_files configures auto backup for a given directory
- deb_unstable enables debian unstable on low priority
- docker installs Docker
- handlers contains some handlers used by other roles
- ip_discover configures a server to automatically send its ip addresses to a supported service
- system_user creates a system user
- mysql defines roles for handling mysql databases and users, uses MariaDB
- application installs the main application with automatic backup
- backup_database configures auto backup for a given mysql database
- database configures a database for an external application with its own user
- nginx defines roles to set up virtual servers, certificates will be requested by default
- application installs and configures the main requirements
- forward sets up a forwarding from one domain to another
- php-fpm installs php-fpm and requirements
- php-pool sets up a php-fpm pool running its own user account
- php sets up a PHP webpage with files at the given directory
- proxy sets up a reverse proxy to a local port / proxy
- server sets up a nginx server with custom directives
- static sets up a static web root
- upstream sets up an upstream accessible to nginx servers
- node defines roles for setting up node applications
- application installs the main application
- server defines roles using different kind of server applications, applications will be configured using separated system users
- firefox-sync sets up a Firefox sync server for bookmarks, history, etc.
- gitea sets up a git repository using Gitea as web overlay
- minecraft sets up a Minecraft server at the given version (AppArmor, no Web UI)
- nextcloud sets up a cloud storage using NextCloud
- node sets up a Node.js server from a repository with a database expecting it can be configured by command arguments
- spotme sets up a SpotMe server
- static sets up a static virtual server with files from a repository
- tt-rss sets up a Tiny Tiny RSS Feed Reader Server
- wireguard defines roles to handle a WireGuard configuration across different servers
- application installs and configures the main application
- backbone configures a system to allow all other WireGuard systems to connect to this server
- client configures a system to connect to WireGuard backbones
- handlers contains special handlers effecting all WireGuard backbones and clients
- special_client creates a configuration for a device not configurable by Ansible and stores it locally