A highly opinionated example for a host deployment with docker using ansible.
Go to file
Chris 58137668b7
initial commit, here be dragons
2022-02-06 20:38:54 +01:00
group_vars/all initial commit, here be dragons 2022-02-06 20:38:54 +01:00
roles initial commit, here be dragons 2022-02-06 20:38:54 +01:00
test initial commit, here be dragons 2022-02-06 20:38:54 +01:00
.editorconfig initial commit, here be dragons 2022-02-06 20:38:54 +01:00
.gitignore initial commit, here be dragons 2022-02-06 20:38:54 +01:00
README.md initial commit, here be dragons 2022-02-06 20:38:54 +01:00
ansible.cfg initial commit, here be dragons 2022-02-06 20:38:54 +01:00
hosts.yml initial commit, here be dragons 2022-02-06 20:38:54 +01:00
site.yml initial commit, here be dragons 2022-02-06 20:38:54 +01:00
vault-password.sh initial commit, here be dragons 2022-02-06 20:38:54 +01:00

README.md

Ansible configuration for $HOST

This repository configures a server based on Ubuntu 20.04

If contains:

  • Ansible files for deployment
  • Vagrantfile for local testing

Local VM for testing using Vagrant

You can spin up a local staging VM and provision it using Vagrant and VirtualBox. Test the playbook before tagging/deploying it. See the /test directory

Command Description
vagrant up Spin up a staging VM and provision it.
vagrant provision Provision (redo) a running VM with the Ansible playbook.
vagrant destroy -f Destroy the VM completely

By default, it uses two cores with 2GB RAM, which can be overwritten with the environment variables VB_CPUS and VB_RAM.

Provisioning the target system with Ansible

You need the secret for the vault to decrypt the secrets. Editing the secrets can be done via ansible-vault group_vars/all/vault.yml.

To provision the actual server completely:

ansible-playbook site.yml

Each role has an ansible-tag with the same name. You can run individual roles using the tags, e.g.:

ansible-playbook site.yml --tags "traefik"

Playbook Contents

This project should contain at least these roles:

  • borg
    • responsible for backups of vital persisted data of a hosts services
  • bootstrap
    • the united usership of the server and their representative ssh keys and permissions
    • Some bootstrap stuff like logrotate, etc.
  • docker
    • responsible for provisioning a docker environment
  • traefik
    • responsible for providing traefik and its configuration
  • unattended-upgrades
  • watchtower
    • configures a container which is responsible for autoamtically updating other containers
  • wireguard