initial commit, here be dragons

README.md

@@ -0,0 +1,48 @@
+# Ansible configuration for $HOST
+
+This repository configures a server based on Ubuntu 20.04
+
+If contains:
+- Ansible files for deployment
+- Vagrantfile for local testing
+
+## Local VM for testing using Vagrant
+
+You can spin up a local staging VM and provision it using [Vagrant](https://www.vagrantup.com/) and [VirtualBox](https://www.virtualbox.org/).
+Test the playbook before tagging/deploying it. See the `/test` directory
+
+| Command   | Description   |
+| ---       | ---           |
+| `vagrant up` | Spin up a staging VM and provision it. |
+| `vagrant provision` | Provision (redo) a running VM with the Ansible playbook. |
+| `vagrant destroy -f` | Destroy the VM completely |
+
+By default, it uses two cores with 2GB RAM, which can be overwritten with the environment variables `VB_CPUS` and `VB_RAM`.
+
+## Provisioning the target system with Ansible
+
+You need the secret for the vault to decrypt the secrets. Editing the secrets can be done via `ansible-vault group_vars/all/vault.yml`.
+
+To provision the actual server completely:
+> ansible-playbook site.yml
+
+Each role has an ansible-tag with the same name. You can run individual roles using the tags, e.g.:
+> ansible-playbook site.yml --tags "traefik"
+
+## Playbook Contents
+
+This project should contain at least these roles:
+
+- borg
+  - responsible for backups of vital persisted data of a hosts services
+- bootstrap
+  - the united usership of the server and their representative ssh keys and permissions
+  - Some bootstrap stuff like logrotate, etc.
+- docker
+  - responsible for provisioning a docker environment
+- traefik
+  - responsible for providing traefik and its configuration
+- unattended-upgrades
+- watchtower
+  - configures a container which is responsible for autoamtically updating other containers
+- wireguard