You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/README.md

56 lines
3.6 KiB
Markdown

# Playbook for BananaNetwork
This playbook defines the configuration for all servers / devices controlled by the BananaNetwork.
## Roles
Following roles have been defined to make creating a server configuration easy:
- **account** installs an user account preconfigured with tmux, vim and zsh.
- **acme** defines roles for handling the automatic handling of certificates with *acme.sh*
- **application** installs main application
- **certificate** issues a given certificate
- **bootstrap** defines a way to connect to a server which has not been configured yet
- **common** defines the installation of common packages and common configurations like firewall
- **dns** defines roles for handling dns authorities and slaves, uses *bind9*
- **application** installs main application
- **master** configures a dns authority with support of DNSSEC for a domain
- **slave** configures an automatic cloning slave for a domain
- **git_auto_update** adds an auto update mechanism for a git repository based on signed release tags
- **hostname** configures the hostname for a given host
- **misc** contains some required but small roles
- **deb_unstable** enables debian unstable on low priority
- **handlers** contains some handlers used by other roles
- **ip_discover** configures a server to automatically send its ip addresses to a supported service
- **system_user** creates a system user
- **mysql** defines roles for handling mysql databases and users, uses *MariaDB*
- **application** installs the main application with automatic backup
- **database** configures a database for an external application with its own user
- **nginx** defines roles to set up virtual servers, certificates will be requested by default
- **application** installs and configures the main requirements
- **forward** sets up a forwarding from one domain to another
- **php-fpm** installs php-fpm and requirements
- **php-pool** sets up a php-fpm pool running its own user account
- **php** sets up a PHP webpage with files at the given directory
- **proxy** sets up a reverse proxy to a local port / proxy
- **server** sets up a nginx server with custom directives
- **static** sets up a static web root
- **upstream** sets up an upstream accessible to nginx servers
- **node** defines roles for setting up node applications
- **application** installs the main application
- **server** defines roles using different kind of server applications, applications will be configured using separated system users
- **firefox-sync** sets up a Firefox sync server for bookmarks, history, etc.
- **gitea** sets up a git repository using *Gitea* as web overlay
- **minecraft** sets up a Minecraft server at the given version (AppArmor, no Web UI)
- **nextcloud** sets up a cloud storage using *NextCloud*
- **node** sets up a *Node.js* server from a repository with a database expecting it can be configured by command arguments
- **spotme** sets up a SpotMe server
- **static** sets up a static virtual server with files from a repository
- **tt-rss** sets up a Tiny Tiny RSS Feed Reader Server
- **wireguard** defines roles to handle a *WireGuard* configuration across different servers
- **application** installs and configures the main application
- **backbone** configures a system to allow all other *WireGuard* systems to connect to this server
- **client** configures a system to connect to *WireGuard* backbones
- **handlers** contains special handlers effecting all *WireGuard* backbones and clients
- **special_client** creates a configuration for a device not configurable by Ansible and stores it locally