Ansible playbook for automating personal servers
dogeystamp
0288cea768
arch doesn't package python-docker-compose so just docker compose up via systemd instead of ansible |
||
---|---|---|
group_vars | ||
roles | ||
tasks | ||
.gitignore | ||
ansible.cfg | ||
inventory.example.yml | ||
README.md | ||
run.yml |
installation steps
-
Install required packages:
- sshpass
-
Copy
inventory.example.yml
toinventory.yml
, modifying fields as adequate. -
Look at
group_vars/all/vars.yml
, and set needed settings inhost_vars/<hostname>/vars.yml
. -
Look at the following roles, and for each of them override their
defaults/vars.yml
in host or group vars:networking/connection
networking/ddclient
networking/nameserver
filesystems
firewall
-
Create vault for secrets:
ansible-vault create host_vars/[hostname]/vault.yml ansible-vault edit host_vars/[hostname]/vault.yml
Copy-paste
group_vars/all/secret_template.yml
into this vault, and modify as needed. -
Add secret files:
# Keyfile for LUKS disk encryption dd if=/dev/random of=roles/filesystems/files/host1.secret bs=1024 count=2 ansible-vault encrypt roles/filesystems/files/host1.secret # repeat the above for every host with encrypted external storage
-
Start avahi-daemon (install
avahi
if not installed):systemctl start avahi-daemon
-
Run the playbook:
ansible-playbook run.yml --ask-vault-pass