Ansible Playbook for Servers of BananaNetwork
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Felix Stupp cf03e0520c
Added LICENSE
4 years ago
.vscode vscode: Removed python path from repository configuration 5 years ago
filter_plugins domain_relative_to: Fixed missing input parameter zone 4 years ago
group_vars acme: Changed underlying package from acme.sh to certbot 4 years ago
host_vars Renamed zone khitomer to eridon 5 years ago
misc/blocklists blocklists: Added ipv4 of known SemrushBots 5 years ago
playbooks Moved conversion from domain to username into filter with shorts table 4 years ago
public_keys Added role dns/entries for configuring dns entries 5 years ago
roles acme: Changed underlying package from acme.sh to certbot 4 years ago
.gitignore gitignore: Added pycache to excluded files 4 years ago
LICENSE Added LICENSE 4 years ago
README.md Added LICENSE 4 years ago
ansible.cfg ansible.cfg: Changed type of python detection 5 years ago
credentials.tar.gpg Updated credentials 5 years ago
hosts.py hosts.py: Added missing json.dumps 5 years ago
hosts.yml Added group contabo_vserver 5 years ago
makefile makefile: Added rules for load/store credentials 5 years ago
site.yml site: Extracted playbook local.yml 5 years ago

README.md

Playbook for BananaNetwork

This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.

All systems are expected to run a Debian GNU/Linux or a similiar distribution.

Roles

Following roles have been defined for making a server configuration easy:

  • account installs an user account preconfigured with tmux, vim and zsh.
  • acme defines roles for handling the automatic handling of certificates with certbot
    • application installs main application
    • certificate issues a given certificate
  • bootstrap defines a way to connect to a server which has not been configured yet, changes user password and hardening SSH access
  • common defines the installation of common packages and common configurations like firewall
  • dns defines roles for handling dns authorities and slaves, uses bind9
    • application installs main application (installs from bind9 official repository)
    • entries configures given dns entries on authoritive dns server (authoritive must be configured by this repository)
    • master configures a dns authority with support of DNSSEC for a domain
    • server_entries configures default A/AAAA/SSHFP and additional records for current host and given domain (uses dns/entries)
    • slave configures an automatic cloning slave for a domain
  • fail2ban defines roles for configuring fail2ban for different systems
    • application installs main application
    • rule configures a filter + jail for a given server / use case
  • git_auto_update adds an auto update mechanism for a git repository based on signed release tags
  • hostname configures the hostname for a given host
  • misc contains some required but small roles
    • backup_files configures auto backup for a given directory
    • deb_unstable enables Debian unstable on low priority
    • docker installs Docker (from official Docker repository)
    • handlers contains some handlers used by other roles
    • ip_discover configures a server to automatically discover its ip addresses to a supported service
    • system_user creates a system user
  • mysql defines roles for handling mysql databases and users, uses MariaDB
    • application installs the main application with automatic backup
    • backup_database configures auto backup for a given mysql database
    • database configures a database for an external application with its own user (uses mysql/backup_database)
  • nginx defines roles to set up virtual servers, certificates will be requested by default
    • application installs and configures the main requirements
    • default_server configures default server for hostname fqdn with status info (only accessable from localhost)
    • forward sets up a forwarding from one domain to another
    • php sets up a PHP webpage with files at the given directory
    • php-fpm installs php-fpm and requirements
    • php-pool sets up a php-fpm pool running its own user account
    • proxy sets up a reverse proxy to a local port / proxy
    • server sets up a nginx server with custom directives
    • static sets up a static web root
    • upstream sets up an upstream accessible to nginx virtual servers
  • node defines roles for setting up node applications
    • application installs node (installs from node official repository)
  • server defines roles using different kind of server applications, applications will be configured using separated system users
    • firefox-sync sets up a Firefox sync server for bookmarks, history, etc.
    • gitea sets up a git repository using Gitea as web overlay (fail2ban)
    • minecraft sets up a Minecraft server at the given version (AppArmor, no Web UI)
    • nextcloud sets up a cloud storage using NextCloud
    • node sets up a Node.js server from a repository with a database expecting it can be configured using environment variables
    • spotme sets up a SpotMe server
    • static sets up a static virtual server with files from a repository
    • tt-rss sets up a Tiny Tiny RSS Feed Reader server
  • wireguard defines roles to handle a WireGuard configuration across different servers
    • application installs and configures the main application
    • backbone configures a system to allow all other WireGuard systems to connect to this server
    • client configures a system to connect to WireGuard backbones
    • handlers contains special handlers effecting all WireGuard backbones and clients
    • special_client creates a configuration for a device not configurable by Ansible and stores it locally

License

This repository is licensed under MIT. This configuration comes with no warranty.