Ansible playbook for automating personal servers
|
||
---|---|---|
group_vars | ||
roles | ||
tasks | ||
.gitignore | ||
ansible.cfg | ||
inventory.example.yml | ||
README.md | ||
run.yml |
installation steps
-
Install required packages:
- sshpass
- python-passlib
-
Copy
inventory.example.yml
toinventory.yml
, modifying fields as adequate. -
Look at
group_vars/all/50-vars.yml
, and set needed settings inhost_vars/<hostname>/vars.yml
, orgroup_vars/all/90-overlay.yml
. (Files in group vars with a larger number have more precedence.) -
Look at the following roles, and for each of them override their
defaults/vars.yml
in host or group vars:networking/connection
networking/nameserver
caddy
containers
filesystems
firewall
syncthing
website
-
Create vault for secrets:
ansible-vault create group_vars/all/80-vault.yml ansible-vault edit group_vars/all/80-vault.yml
Copy-paste
group_vars/all/00-secret_template.yml
into this vault, and modify as needed. -
Add secret files:
# Keyfile for LUKS disk encryption dd if=/dev/random of=roles/filesystems/files/host1.secret bs=1024 count=2 ansible-vault encrypt roles/filesystems/files/host1.secret # repeat the above for every host with encrypted external storage
-
Run the playbook:
ansible-playbook run.yml --ask-vault-pass