banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Ansible Playbook for Servers of BananaNetwork
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
389 Commits
3 Branches
0 Tags
1.7 MiB
Python 46.8%
Shell 30.3%
PHP 18.3%
Makefile 4.6%
 
 
 
 
master
dehydrated
wip
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bc8233990f'
${ noResults }
Go to file
Felix Stupp bc8233990f
common: Scheduled removal of old backups at 0:30 
So for the most time two states are stored on the server.
The storage which will stay free can be better used to calculate the
storage which can still be used by dividing the free storage by 3.
 		5 years ago
.vscode vscode: Restricted excluding of links in playbooks dir 5 years ago
group_vars common: Configured auto remove of backups 5 years ago
helpers common: Added downloading and processing ssh host keys 5 years ago
host_vars hardie: Corrected wireguard ip 5 years ago
playbooks site: Configured wg minecraft server on nvak 5 years ago
roles common: Scheduled removal of old backups at 0:30 5 years ago
.gitignore gitignore: Added facts directory 5 years ago
README.md README: Added description for mysql/backup_database 5 years ago
ansible.cfg ansible.cfg: Enabled force_handlers 5 years ago
credentials.tar.gpg Updated credentials 5 years ago
hosts hosts: Added wireguard_backbones group 5 years ago
makefile makefile: Added rules for load/store credentials 5 years ago
site.yml Added forwarding of www.spotme.fun => spotme.fun 5 years ago

README.md

Playbook for BananaNetwork

This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.

Roles

Following roles have been defined to make creating a server configuration easy:

  • account installs an user account preconfigured with tmux, vim and zsh.
  • acme defines roles for handling the automatic handling of certificates with acme.sh
    • application installs main application
    • certificate issues a given certificate
  • bootstrap defines a way to connect to a server which has not been configured yet
  • common defines the installation of common packages and common configurations like firewall
  • dns defines roles for handling dns authorities and slaves, uses bind9
    • application installs main application
    • master configures a dns authority with support of DNSSEC for a domain
    • slave configures an automatic cloning slave for a domain
  • git_auto_update adds an auto update mechanism for a git repository based on signed release tags
  • hostname configures the hostname for a given host
  • misc contains some required but small roles
    • backup_files configures auto backup for a given directory
    • deb_unstable enables debian unstable on low priority
    • docker installs Docker
    • handlers contains some handlers used by other roles
    • ip_discover configures a server to automatically send its ip addresses to a supported service
    • system_user creates a system user
  • mysql defines roles for handling mysql databases and users, uses MariaDB
    • application installs the main application with automatic backup
    • backup_database configures auto backup for a given mysql database
    • database configures a database for an external application with its own user
  • nginx defines roles to set up virtual servers, certificates will be requested by default
    • application installs and configures the main requirements
    • forward sets up a forwarding from one domain to another
    • php-fpm installs php-fpm and requirements
    • php-pool sets up a php-fpm pool running its own user account
    • php sets up a PHP webpage with files at the given directory
    • proxy sets up a reverse proxy to a local port / proxy
    • server sets up a nginx server with custom directives
    • static sets up a static web root
    • upstream sets up an upstream accessible to nginx servers
  • node defines roles for setting up node applications
    • application installs the main application
  • server defines roles using different kind of server applications, applications will be configured using separated system users
    • firefox-sync sets up a Firefox sync server for bookmarks, history, etc.
    • gitea sets up a git repository using Gitea as web overlay
    • minecraft sets up a Minecraft server at the given version (AppArmor, no Web UI)
    • nextcloud sets up a cloud storage using NextCloud
    • node sets up a Node.js server from a repository with a database expecting it can be configured by command arguments
    • spotme sets up a SpotMe server
    • static sets up a static virtual server with files from a repository
    • tt-rss sets up a Tiny Tiny RSS Feed Reader Server
  • wireguard defines roles to handle a WireGuard configuration across different servers
    • application installs and configures the main application
    • backbone configures a system to allow all other WireGuard systems to connect to this server
    • client configures a system to connect to WireGuard backbones
    • handlers contains special handlers effecting all WireGuard backbones and clients
    • special_client creates a configuration for a device not configurable by Ansible and stores it locally