Ansible playbook for automating personal servers
Go to file
dogeystamp 5def6181ce
roles/filesystems: moved dataroot creation here
it's an issue if the dataroot is created before its mount is created
2023-09-10 20:19:51 -04:00
group_vars fix details 2023-09-10 19:25:29 -04:00
roles roles/filesystems: moved dataroot creation here 2023-09-10 20:19:51 -04:00
tasks moved hosts to yml format 2023-08-23 17:31:22 -04:00
.gitignore fix vars 2023-09-09 11:45:54 -04:00
ansible.cfg initial commit: upload essentials from original playbook 2023-08-21 17:19:29 -04:00
inventory.example.yml fix minor issues 2023-08-26 22:02:29 -04:00
README.md fix details 2023-09-10 19:25:29 -04:00
run.yml roles/synapse: added 2023-09-07 21:47:16 -04:00

installation steps

  • Install required packages:

    • sshpass
    • python-passlib
  • Copy inventory.example.yml to inventory.yml, modifying fields as adequate.

  • Look at group_vars/all/50-vars.yml, and set needed settings in host_vars/<hostname>/vars.yml, or group_vars/all/90-overlay.yml. (Files in group vars with a larger number have more precedence.)

  • Look at the following roles, and for each of them override their defaults/vars.yml in host or group vars:

    • networking/connection
    • networking/nameserver
    • caddy
    • containers
    • filesystems
    • firewall
    • syncthing
    • website
  • Create vault for secrets:

    ansible-vault create group_vars/all/80-vault.yml
    ansible-vault edit group_vars/all/80-vault.yml
    

    Copy-paste group_vars/all/00-secret_template.yml into this vault, and modify as needed.

  • Add secret files:

    # Keyfile for LUKS disk encryption
    dd if=/dev/random of=roles/filesystems/files/host1.secret bs=1024 count=2
    ansible-vault encrypt roles/filesystems/files/host1.secret
    # repeat the above for every host with encrypted external storage
    
  • Run the playbook:

    ansible-playbook run.yml --ask-vault-pass