You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Felix Stupp cf03e0520c | 4 years ago | |
---|---|---|
.vscode | 5 years ago | |
filter_plugins | 4 years ago | |
group_vars | 4 years ago | |
host_vars | 5 years ago | |
misc/blocklists | 5 years ago | |
playbooks | 4 years ago | |
public_keys | 5 years ago | |
roles | 4 years ago | |
.gitignore | 4 years ago | |
LICENSE | 4 years ago | |
README.md | 4 years ago | |
ansible.cfg | 5 years ago | |
credentials.tar.gpg | 5 years ago | |
hosts.py | 5 years ago | |
hosts.yml | 5 years ago | |
makefile | 5 years ago | |
site.yml | 5 years ago |
README.md
Playbook for BananaNetwork
This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.
All systems are expected to run a Debian GNU/Linux or a similiar distribution.
Roles
Following roles have been defined for making a server configuration easy:
- account installs an user account preconfigured with tmux, vim and zsh.
- acme defines roles for handling the automatic handling of certificates with certbot
- application installs main application
- certificate issues a given certificate
- bootstrap defines a way to connect to a server which has not been configured yet, changes user password and hardening SSH access
- common defines the installation of common packages and common configurations like firewall
- dns defines roles for handling dns authorities and slaves, uses bind9
- application installs main application (installs from bind9 official repository)
- entries configures given dns entries on authoritive dns server (authoritive must be configured by this repository)
- master configures a dns authority with support of DNSSEC for a domain
- server_entries configures default A/AAAA/SSHFP and additional records for current host and given domain (uses dns/entries)
- slave configures an automatic cloning slave for a domain
- fail2ban defines roles for configuring fail2ban for different systems
- application installs main application
- rule configures a filter + jail for a given server / use case
- git_auto_update adds an auto update mechanism for a git repository based on signed release tags
- hostname configures the hostname for a given host
- misc contains some required but small roles
- backup_files configures auto backup for a given directory
- deb_unstable enables Debian unstable on low priority
- docker installs Docker (from official Docker repository)
- handlers contains some handlers used by other roles
- ip_discover configures a server to automatically discover its ip addresses to a supported service
- system_user creates a system user
- mysql defines roles for handling mysql databases and users, uses MariaDB
- application installs the main application with automatic backup
- backup_database configures auto backup for a given mysql database
- database configures a database for an external application with its own user (uses mysql/backup_database)
- nginx defines roles to set up virtual servers, certificates will be requested by default
- application installs and configures the main requirements
- default_server configures default server for hostname fqdn with status info (only accessable from localhost)
- forward sets up a forwarding from one domain to another
- php sets up a PHP webpage with files at the given directory
- php-fpm installs php-fpm and requirements
- php-pool sets up a php-fpm pool running its own user account
- proxy sets up a reverse proxy to a local port / proxy
- server sets up a nginx server with custom directives
- static sets up a static web root
- upstream sets up an upstream accessible to nginx virtual servers
- node defines roles for setting up node applications
- application installs node (installs from node official repository)
- server defines roles using different kind of server applications, applications will be configured using separated system users
- firefox-sync sets up a Firefox sync server for bookmarks, history, etc.
- gitea sets up a git repository using Gitea as web overlay (fail2ban)
- minecraft sets up a Minecraft server at the given version (AppArmor, no Web UI)
- nextcloud sets up a cloud storage using NextCloud
- node sets up a Node.js server from a repository with a database expecting it can be configured using environment variables
- spotme sets up a SpotMe server
- static sets up a static virtual server with files from a repository
- tt-rss sets up a Tiny Tiny RSS Feed Reader server
- wireguard defines roles to handle a WireGuard configuration across different servers
- application installs and configures the main application
- backbone configures a system to allow all other WireGuard systems to connect to this server
- client configures a system to connect to WireGuard backbones
- handlers contains special handlers effecting all WireGuard backbones and clients
- special_client creates a configuration for a device not configurable by Ansible and stores it locally
License
This repository is licensed under MIT. This configuration comes with no warranty.