Jannik Beyerstedt
f97ef4dee6
Debian 10 (currently oldstable) has v1.1.9, so we should be save to depend on at least v1.1.0. |
||
---|---|---|
defaults | ||
files | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
LICENSE | ||
README.md |
Server
Essential server setup tasks, like sshd config, ddns cronjobs (+ mail output), etc used by Jannik Beyerstedt.
Requirements
none
Role Variables
There are several variables, that should be set per host (e.g. in the inventory).
Some of the tasks listed below, will not run, if the corresponding variables are not set. Therefore you can use the same playbook for multiple servers and activate the needed features with host variables.
Borgbakup
If you want to configure borgbackup backups, these variables need to be set:
borgbackup_passphrase
: Passphrase of the borgbackup repoborgbackup_repo
: Repository path (e.g.ssh://$user@$hostname/$path
)borgbackup_hostname
: Hostname to prefix the snapshots
Optional configuration:
borgbackup_ssh_id
: Path to the used ssh id (default:{{ ansible_user_dir }}/.ssh/id_ed25519
)
Attention: You still need to setup the borgbackup repository manually.
Caddy
Mandatory variable:
caddy_email
: Email address to use for getting let's encrypt certificates
Cronmails
Mandatory variable:
cron_email
: Sender email address used by cronexim_etc_mailname
: Exim4 /etc/mailname (default: inventory_hostname)
Optional settings:
exim_skip_install
: Skip installing Exim4 as MTA (defaultfalse
)
Docker
Optional variable:
- none
DynDNS
This task and it's configuration files might be quite specific for the davd/docker-ddns docker container.
Mandatory variables:
ddns_server_domain
: Domain name of the DynDNS serverddns_passphrase
: Passphrase for updating dynDNS entriesddns_zone
: Domain where the host's entries are created as$hostname.$ddns_zone
Optional variable:
ddns_silence
: Set to true to silence stderr too
Telegraf
Mandatory variables:
telegraf_server_url
: URL of the influxDB server, e.g.https://example.com:8086
telegraf_server_user
: Username of the influxDB usertelegraf_server_passwd
: Password of the influxDB user
Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
telegraf_docker
: Set totrue
, if docker telemetry should be collected (uses file fromtelegraf_docker_file
)telegraf_unifi_usg_ips
: Specify a list of USG IPs, if SNMP telemetry should be collected (uses file fromtelegraf_unifi_file
)telegraf_unifi_ap_ips
: Specify a list of AP IPs, if SNMP telemetry should be collected (uses file fromtelegraf_unifi_file
)telegraf_ubnt_ns_ips
: Specify a list of Ubiquiti NanoStation IPs, if SNMP telemetry should be collected (uses file fromtelegraf_airmax_file
)telegraf_docker_file
: filename of the docker telegraf config part in{{role_path}}/templates
(defaulttelegraf-docker.conf
).telegraf_unifi_file
: filename of the SNMP telegraf config part in{{role_path}}/templates
(defaulttelegraf-UniFi.conf.j2
).telegraf_airmax_file
: filename of the SNMP telegraf config part in{{role_path}}/templates
(defaulttelegraf-AirMAX.conf.j2
).telegraf_enable_zfs
: gather ZFS stats (defaultfalse
).
Optional settings:
telegraf_interval
: Data sampling interval (default300s
)
Dependencies
none
Example Playbook
The different tasks should be used on a case-by-case basis:
- name: Common Server Configuration
hosts: servers
tasks:
- name: Servers - Generic setup tasks
ansible.builtin.import_role:
name: server
tasks_from: setup
- name: Servers - Setup cronjob mails
ansible.builtin.import_role:
name: server
tasks_from: cronmails
- name: Servers - Setup dyndns cronjob
ansible.builtin.import_role:
name: server
tasks_from: dyndns
- name: Servers - Setup monitoring
ansible.builtin.import_role:
name: server
tasks_from: telegraf
- name: Servers - Setup backups (if variables are set)
ansible.builtin.import_role:
name: server
tasks_from: borgbackup
# Docker
- name: Servers - Install docker
ansible.builtin.import_role:
name: server
tasks_from: docker
- name: Servers - Add telegraf to docker group
become: yes
ansible.builtin.user:
name: telegraf
groups: docker
append: yes
# Caddy Webserver
- name: Servers - Install and setup caddy
ansible.builtin.import_role:
name: server
tasks_from: caddyserver
- name: Servers - Start caddy service
become: yes
ansible.builtin.service:
name: caddy
enabled: yes
state: started
# UFW Firewall
- name: Servers - Install UFW
become: yes
ansible.builtin.apt:
name: ufw
state: present
License
GPLv3