ansible-role-server/README.md

149 lines
4.5 KiB
Markdown
Raw Normal View History

Server
=========
2019-10-12 11:10:26 +00:00
Essential server setup tasks, like sshd config, ddns cronjobs (+ mail output), etc used by Jannik Beyerstedt.
Requirements
------------
2019-10-12 11:10:26 +00:00
none
Role Variables
--------------
2019-10-12 11:10:26 +00:00
There are several variables, that should be set per host (e.g. in the inventory).
Some of the tasks listed below, will not run, if the corresponding variables are not set.
Therefore you can use the same playbook for multiple servers and activate the needed features with host variables.
### Borgbakup
If you want to configure borgbackup backups, these variables need to be set:
- `borgbackup_passphrase`: Passphrase of the borgbackup repo
- `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`)
- `borgbackup_hostname`: Hostname to prefix the snapshots
2019-10-12 11:10:26 +00:00
Optional configuration:
- `borgbackup_ssh_id`: Path to the used ssh id (default: `{{ ansible_user_dir }}/.ssh/id_ed25519`)
Attention: You still need to setup the borgbackup repository manually.
### Caddy
Mandatory variable:
- `caddy_email`: Email address to use for getting let's encrypt certificates
Optional variable:
- `caddy_plugins`: Comma separated list of caddyserver v1 plugins (default: `http.ratelimit`)
### Cronmails
Mandatory variable:
- `cron_email`: Sender email address used by cron
2019-11-12 20:34:35 +00:00
### Docker
Optional variable:
- `dockercompose_use_pip`: boolean to use pip instead of manual download (default: false)
### DynDNS
This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container.
Mandatory variables:
- `ddns_server_domain`: Domain name of the DynDNS server
- `ddns_passphrase`: Passphrase for updating dynDNS entries
- `ddns_domain`: Domain where the host's entries are created as `$hostname.$ddns_domain`
2019-10-12 11:10:26 +00:00
Optional variable:
- `ddns_silence`: Set to true to silence stderr too
2019-10-12 11:10:26 +00:00
### Telegraf
Mandatory variables:
- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086`
- `telegraf_server_user`: Username of the influxDB user
- `telegraf_server_passwd`: Password of the influxDB user
2019-10-12 11:10:26 +00:00
Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`)
- `telegraf_unifi_usg_ips`: Specify a list of USG IPs, if SNMP telemetry should be collected (uses file from `telegraf_unifi_file`)
- `telegraf_unifi_ap_ips`: Specify a list of AP IPs, if SNMP telemetry should be collected (uses file from `telegraf_unifi_file`)
- `telegraf_ubnt_ns_ips`: Specify a list of Ubiquiti NanoStation IPs, if SNMP telemetry should be collected (uses file from `telegraf_airmax_file`)
- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`).
- `telegraf_unifi_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-UniFi.conf.j2`).
- `telegraf_airmax_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-AirMAX.conf.j2`).
Optional settings:
- `telegraf_interval`: Data sampling interval (default `300s`)
2019-10-12 11:10:26 +00:00
Dependencies
------------
none
2019-10-12 11:10:26 +00:00
Example Playbook
----------------
2019-10-12 11:10:26 +00:00
The different tasks should be used on a case-by-case basis:
```yml
- name: Common Server Configuration
hosts: servers
tasks:
- name: Servers - Generic setup tasks
import_role:
name: server
tasks_from: setup
- name: Servers - Setup cronjob mails
import_role:
name: server
tasks_from: cronmails
- name: Servers - Setup dyndns cronjob
import_role:
name: server
tasks_from: dyndns
- name: Servers - Setup monitoring
import_role:
name: server
tasks_from: telegraf
- name: Servers - Setup backups (if variables are set)
import_role:
name: server
tasks_from: borgbackup
# Docker
- name: Servers - Install docker
import_role:
name: server
tasks_from: docker
- name: Servers - Add telegraf to docker group
become: yes
user:
name: telegraf
groups: docker
append: yes
# Caddy Webserver
- name: Servers - Install and setup caddy
import_role:
name: server
tasks_from: caddyserver
- name: Servers - Start caddy service
become: yes
service:
name: caddy
enabled: yes
state: started
# UFW Firewall
- name: Servers - Install UFW
become: yes
apt:
name: ufw
state: present
2019-10-12 11:10:26 +00:00
```
License
-------
GPLv3