dogeystamp/homeserver-ansible
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Ansible playbook for automating server deployment.
This repository has been archived on 2023-09-13. You can view files and clone it, but cannot push or open issues or pull requests.
56 Commits 1 Branch 0 Tags 465 KiB
Jinja 99.8%
Shell 0.2%
main
Go to file
dogeystamp 5deae53737
Update README.md
2023-09-10 21:06:54 -04:00
group_vars/all group_vars/all/vars.yml: disable mediawiki and coturn 2023-06-22 18:44:02 -04:00
roles gitea: absolutely butchered api.ini to remove deprecated options 2023-07-19 12:52:35 -04:00
tasks Bootstrap Python onto the system 2022-03-04 07:30:52 -05:00
.gitignore Reorganise file structure into roles 2022-03-01 17:43:44 -05:00
ansible.cfg ansible.cfg: do not quote jinja var 2023-06-19 21:49:41 -04:00
hosts.example Make process generally smoother 2022-03-02 19:58:31 -05:00
README.md Update README.md 2023-09-10 21:06:54 -04:00
requirements.yml requirements.yml: add core modules 2023-02-18 10:37:26 -05:00
run.yml sftp: removed service 2023-05-14 12:28:58 -04:00

README.md

IMPORTANT: This repository is deprecated in favor of homeserver-iac, a major rewrite.

Homeserver Ansible playbook

This is the Ansible playbook I use to automate installation and configuration of the services on my homeserver. Do note that this is for personal use, so do not rely on this repo for anything important.

The playbook assumes you have Arch Linux ARM installed on a machine in your LAN, connected to ethernet. It should have default credentials (alarm - alarm, root - root). Installation of Python and use of pacman-key is handled.

Special thanks to Wolfgang for the idea of automating the installation process. This project was largely inspired by his own infra repo.

Services

  • Gitea
  • Exim mailserver (for local use only)
  • Matrix Synapse
  • Nginx webserver
  • MediaWiki farm
  • Navidrome music server
  • Syncthing
  • Firewall (UFW)

Miscellaneous features

  • Bootstrapping Python
  • Setting up a LAN static IP address (NetworkManager)
  • Filesystem decryption and mounting
  • Dotfile installation

Usage

Install ansible. Install guide

Install python-passlib. This is necessary for syncthing because for some reason Ansible can't compute hashes for bcrypt with the usual library. If you don't do this, you will not be able to log into Syncthing via web GUI.

Clone the repo:

git clone https://github.com/dogeystamp/homeserver-ansible

Create a hosts file based on hosts.example:

cd homeserver-ansible
cp hosts.example hosts
vim hosts

Adjust group variables (remember this is for all your hosts):

vim group_vars/all/vars.yml

Adjust host variables:

mkdir -p host_vars/[hostname]/
vim host_vars/[hostname]/vars.yml

Create vault for secrets:

ansible-vault create host_vars/[hostname]/vault.yml
ansible-vault edit host_vars/[hostname]/vault.yml

A template for secret variables can be found near the end of group_vars/all/vars.yml

Add secret files:

# Keyfile for LUKS disk encryption
dd if=/dev/random of=roles/filesystems/files/k5e.secret bs=1024 count=2
ansible-vault encrypt roles/filesystems/files/k5e.secret

# This is a signing key for Matrix Synapse. It should be from a previous install.
# If you don't have one, it should be generated by Synapse.
ansible-vault encrypt roles/services/synapse/files/signing.key.secret