147 lines
4.5 KiB
Markdown
147 lines
4.5 KiB
Markdown
Server
|
|
=========
|
|
|
|
Essential server setup tasks, like sshd config, ddns cronjobs (+ mail output), etc used by Jannik Beyerstedt.
|
|
|
|
|
|
Requirements
|
|
------------
|
|
|
|
none
|
|
|
|
|
|
Role Variables
|
|
--------------
|
|
|
|
There are several variables, that should be set per host (e.g. in the inventory).
|
|
|
|
Some of the tasks listed below, will not run, if the corresponding variables are not set.
|
|
Therefore you can use the same playbook for multiple servers and activate the needed features with host variables.
|
|
|
|
### Borgbakup
|
|
If you want to configure borgbackup backups, these variables need to be set:
|
|
- `borgbackup_passphrase`: Passphrase of the borgbackup repo
|
|
- `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`)
|
|
- `borgbackup_hostname`: Hostname to prefix the snapshots
|
|
|
|
Optional configuration:
|
|
- `borgbackup_ssh_id`: Path to the used ssh id (default: `{{ ansible_user_dir }}/.ssh/id_ed25519`)
|
|
|
|
Attention: You still need to setup the borgbackup repository manually.
|
|
|
|
### Caddy
|
|
Mandatory variable:
|
|
- `caddy_email`: Email address to use for getting let's encrypt certificates
|
|
|
|
### Cronmails
|
|
Mandatory variable:
|
|
- `cron_email`: Sender email address used by cron
|
|
- `exim_etc_mailname`: Exim4 /etc/mailname (default: inventory_hostname)
|
|
|
|
### Docker
|
|
Optional variable:
|
|
- none
|
|
|
|
### DynDNS
|
|
This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container.
|
|
|
|
Mandatory variables:
|
|
- `ddns_server_domain`: Domain name of the DynDNS server
|
|
- `ddns_passphrase`: Passphrase for updating dynDNS entries
|
|
- `ddns_zone`: Domain where the host's entries are created as `$hostname.$ddns_zone`
|
|
|
|
Optional variable:
|
|
- `ddns_silence`: Set to true to silence stderr too
|
|
|
|
### Telegraf
|
|
Mandatory variables:
|
|
- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086`
|
|
- `telegraf_server_user`: Username of the influxDB user
|
|
- `telegraf_server_passwd`: Password of the influxDB user
|
|
|
|
Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
|
|
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`)
|
|
- `telegraf_unifi_usg_ips`: Specify a list of USG IPs, if SNMP telemetry should be collected (uses file from `telegraf_unifi_file`)
|
|
- `telegraf_unifi_ap_ips`: Specify a list of AP IPs, if SNMP telemetry should be collected (uses file from `telegraf_unifi_file`)
|
|
- `telegraf_ubnt_ns_ips`: Specify a list of Ubiquiti NanoStation IPs, if SNMP telemetry should be collected (uses file from `telegraf_airmax_file`)
|
|
- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`).
|
|
- `telegraf_unifi_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-UniFi.conf.j2`).
|
|
- `telegraf_airmax_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-AirMAX.conf.j2`).
|
|
|
|
Optional settings:
|
|
- `telegraf_interval`: Data sampling interval (default `300s`)
|
|
|
|
|
|
Dependencies
|
|
------------
|
|
|
|
none
|
|
|
|
|
|
Example Playbook
|
|
----------------
|
|
|
|
The different tasks should be used on a case-by-case basis:
|
|
```yml
|
|
- name: Common Server Configuration
|
|
hosts: servers
|
|
tasks:
|
|
- name: Servers - Generic setup tasks
|
|
ansible.builtin.import_role:
|
|
name: server
|
|
tasks_from: setup
|
|
- name: Servers - Setup cronjob mails
|
|
ansible.builtin.import_role:
|
|
name: server
|
|
tasks_from: cronmails
|
|
- name: Servers - Setup dyndns cronjob
|
|
ansible.builtin.import_role:
|
|
name: server
|
|
tasks_from: dyndns
|
|
- name: Servers - Setup monitoring
|
|
ansible.builtin.import_role:
|
|
name: server
|
|
tasks_from: telegraf
|
|
- name: Servers - Setup backups (if variables are set)
|
|
ansible.builtin.import_role:
|
|
name: server
|
|
tasks_from: borgbackup
|
|
|
|
# Docker
|
|
- name: Servers - Install docker
|
|
ansible.builtin.import_role:
|
|
name: server
|
|
tasks_from: docker
|
|
- name: Servers - Add telegraf to docker group
|
|
become: yes
|
|
ansible.builtin.user:
|
|
name: telegraf
|
|
groups: docker
|
|
append: yes
|
|
|
|
# Caddy Webserver
|
|
- name: Servers - Install and setup caddy
|
|
ansible.builtin.import_role:
|
|
name: server
|
|
tasks_from: caddyserver
|
|
- name: Servers - Start caddy service
|
|
become: yes
|
|
ansible.builtin.service:
|
|
name: caddy
|
|
enabled: yes
|
|
state: started
|
|
|
|
# UFW Firewall
|
|
- name: Servers - Install UFW
|
|
become: yes
|
|
ansible.builtin.apt:
|
|
name: ufw
|
|
state: present
|
|
```
|
|
|
|
|
|
License
|
|
-------
|
|
|
|
GPLv3
|