49 lines
1.7 KiB
Markdown
49 lines
1.7 KiB
Markdown
# Ansible configuration for $HOST
|
|
|
|
This repository configures a server based on Ubuntu 20.04
|
|
|
|
If contains:
|
|
- Ansible files for deployment
|
|
- Vagrantfile for local testing
|
|
|
|
## Local VM for testing using Vagrant
|
|
|
|
You can spin up a local staging VM and provision it using [Vagrant](https://www.vagrantup.com/) and [VirtualBox](https://www.virtualbox.org/).
|
|
Test the playbook before tagging/deploying it. See the `/test` directory
|
|
|
|
| Command | Description |
|
|
| --- | --- |
|
|
| `vagrant up` | Spin up a staging VM and provision it. |
|
|
| `vagrant provision` | Provision (redo) a running VM with the Ansible playbook. |
|
|
| `vagrant destroy -f` | Destroy the VM completely |
|
|
|
|
By default, it uses two cores with 2GB RAM, which can be overwritten with the environment variables `VB_CPUS` and `VB_RAM`.
|
|
|
|
## Provisioning the target system with Ansible
|
|
|
|
You need the secret for the vault to decrypt the secrets. Editing the secrets can be done via `ansible-vault group_vars/all/vault.yml`.
|
|
|
|
To provision the actual server completely:
|
|
> ansible-playbook site.yml
|
|
|
|
Each role has an ansible-tag with the same name. You can run individual roles using the tags, e.g.:
|
|
> ansible-playbook site.yml --tags "traefik"
|
|
|
|
## Playbook Contents
|
|
|
|
This project should contain at least these roles:
|
|
|
|
- borg
|
|
- responsible for backups of vital persisted data of a hosts services
|
|
- bootstrap
|
|
- the united usership of the server and their representative ssh keys and permissions
|
|
- Some bootstrap stuff like logrotate, etc.
|
|
- docker
|
|
- responsible for provisioning a docker environment
|
|
- traefik
|
|
- responsible for providing traefik and its configuration
|
|
- unattended-upgrades
|
|
- watchtower
|
|
- configures a container which is responsible for autoamtically updating other containers
|
|
- wireguard
|