# Ansible configuration for $HOST

This repository configures a server based on Ubuntu 20.04

If contains:
- Ansible files for deployment
- Vagrantfile for local testing

## Local VM for testing using Vagrant

You can spin up a local staging VM and provision it using [Vagrant](https://www.vagrantup.com/) and [VirtualBox](https://www.virtualbox.org/).
Test the playbook before tagging/deploying it. See the `/test` directory

| Command   | Description   |
| ---       | ---           |
| `vagrant up` | Spin up a staging VM and provision it. |
| `vagrant provision` | Provision (redo) a running VM with the Ansible playbook. |
| `vagrant destroy -f` | Destroy the VM completely |

By default, it uses two cores with 2GB RAM, which can be overwritten with the environment variables `VB_CPUS` and `VB_RAM`.

## Provisioning the target system with Ansible

You need the secret for the vault to decrypt the secrets. Editing the secrets can be done via `ansible-vault group_vars/all/vault.yml`.

To provision the actual server completely:
> ansible-playbook site.yml

Each role has an ansible-tag with the same name. You can run individual roles using the tags, e.g.:
> ansible-playbook site.yml --tags "traefik"

## Playbook Contents

This project should contain at least these roles:

- borg
  - responsible for backups of vital persisted data of a hosts services
- bootstrap
  - the united usership of the server and their representative ssh keys and permissions
  - Some bootstrap stuff like logrotate, etc.
- docker
  - responsible for provisioning a docker environment
- traefik
  - responsible for providing traefik and its configuration
- unattended-upgrades
- watchtower
  - configures a container which is responsible for autoamtically updating other containers
- wireguard