A highly opinionated example for a host deployment with docker using ansible.
| group_vars/all | ||
| roles | ||
| test | ||
| .editorconfig | ||
| .gitignore | ||
| ansible.cfg | ||
| hosts.yml | ||
| README.md | ||
| site.yml | ||
| vault-password.sh | ||
Ansible configuration for $HOST
This repository configures a server based on Ubuntu 20.04
If contains:
- Ansible files for deployment
- Vagrantfile for local testing
Local VM for testing using Vagrant
You can spin up a local staging VM and provision it using Vagrant and VirtualBox.
Test the playbook before tagging/deploying it. See the /test directory
| Command | Description |
|---|---|
vagrant up |
Spin up a staging VM and provision it. |
vagrant provision |
Provision (redo) a running VM with the Ansible playbook. |
vagrant destroy -f |
Destroy the VM completely |
By default, it uses two cores with 2GB RAM, which can be overwritten with the environment variables VB_CPUS and VB_RAM.
Provisioning the target system with Ansible
You need the secret for the vault to decrypt the secrets. Editing the secrets can be done via ansible-vault group_vars/all/vault.yml.
To provision the actual server completely:
ansible-playbook site.yml
Each role has an ansible-tag with the same name. You can run individual roles using the tags, e.g.:
ansible-playbook site.yml --tags "traefik"
Playbook Contents
This project should contain at least these roles:
- borg
- responsible for backups of vital persisted data of a hosts services
- bootstrap
- the united usership of the server and their representative ssh keys and permissions
- Some bootstrap stuff like logrotate, etc.
- docker
- responsible for provisioning a docker environment
- traefik
- responsible for providing traefik and its configuration
- unattended-upgrades
- watchtower
- configures a container which is responsible for autoamtically updating other containers
- wireguard