A highly opinionated example for a host deployment with docker using ansible.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Chris 58137668b7
initial commit, here be dragons
10 months ago
group_vars/all initial commit, here be dragons 10 months ago
roles initial commit, here be dragons 10 months ago
test initial commit, here be dragons 10 months ago
.editorconfig initial commit, here be dragons 10 months ago
.gitignore initial commit, here be dragons 10 months ago
README.md initial commit, here be dragons 10 months ago
ansible.cfg initial commit, here be dragons 10 months ago
hosts.yml initial commit, here be dragons 10 months ago
site.yml initial commit, here be dragons 10 months ago
vault-password.sh initial commit, here be dragons 10 months ago

README.md

Ansible configuration for $HOST

This repository configures a server based on Ubuntu 20.04

If contains:

  • Ansible files for deployment
  • Vagrantfile for local testing

Local VM for testing using Vagrant

You can spin up a local staging VM and provision it using Vagrant and VirtualBox. Test the playbook before tagging/deploying it. See the /test directory

Command Description
vagrant up Spin up a staging VM and provision it.
vagrant provision Provision (redo) a running VM with the Ansible playbook.
vagrant destroy -f Destroy the VM completely

By default, it uses two cores with 2GB RAM, which can be overwritten with the environment variables VB_CPUS and VB_RAM.

Provisioning the target system with Ansible

You need the secret for the vault to decrypt the secrets. Editing the secrets can be done via ansible-vault group_vars/all/vault.yml.

To provision the actual server completely:

ansible-playbook site.yml

Each role has an ansible-tag with the same name. You can run individual roles using the tags, e.g.:

ansible-playbook site.yml --tags "traefik"

Playbook Contents

This project should contain at least these roles:

  • borg
    • responsible for backups of vital persisted data of a hosts services
  • bootstrap
    • the united usership of the server and their representative ssh keys and permissions
    • Some bootstrap stuff like logrotate, etc.
  • docker
    • responsible for provisioning a docker environment
  • traefik
    • responsible for providing traefik and its configuration
  • unattended-upgrades
  • watchtower
    • configures a container which is responsible for autoamtically updating other containers
  • wireguard