jannik/ansible-role-server
1
1
Fork 0
Code Issues 3 Releases Activity
51 commits 1 branch 0 tags 138 KiB
Jinja 79.9%
Shell 20.1%
Find a file
Jannik Beyerstedt f97ef4dee6 borgbackup: Replace deprecated option (borg >= v1.1) 
Debian 10 (currently oldstable) has v1.1.9, so we should be save to
depend on at least v1.1.0.
2023-03-11 19:42:29 +01:00
defaults telegraf: Add parameter to enable ZFS stats 2022-12-04 15:17:43 +01:00
files telegraf: add support for UBNT NanoStation 2020-05-22 13:18:45 +02:00
handlers [TIDY] Update to ansible 4 module names 2021-08-28 18:01:53 +02:00
meta change license, add license file 2020-04-08 19:35:17 +02:00
tasks Telegraf: New package signing key 2023-03-11 18:37:29 +01:00
templates borgbackup: Replace deprecated option (borg >= v1.1) 2023-03-11 19:42:29 +01:00
LICENSE change license, add license file 2020-04-08 19:35:17 +02:00
README.md telegraf: Add parameter to enable ZFS stats 2022-12-04 15:17:43 +01:00

README.md

Server

Essential server setup tasks, like sshd config, ddns cronjobs (+ mail output), etc used by Jannik Beyerstedt.

Requirements

none

Role Variables

There are several variables, that should be set per host (e.g. in the inventory).

Some of the tasks listed below, will not run, if the corresponding variables are not set. Therefore you can use the same playbook for multiple servers and activate the needed features with host variables.

Borgbakup

If you want to configure borgbackup backups, these variables need to be set:

  • borgbackup_passphrase: Passphrase of the borgbackup repo
  • borgbackup_repo: Repository path (e.g. ssh://$user@$hostname/$path)
  • borgbackup_hostname: Hostname to prefix the snapshots

Optional configuration:

  • borgbackup_ssh_id: Path to the used ssh id (default: {{ ansible_user_dir }}/.ssh/id_ed25519)

Attention: You still need to setup the borgbackup repository manually.

Caddy

Mandatory variable:

  • caddy_email: Email address to use for getting let's encrypt certificates

Cronmails

Mandatory variable:

  • cron_email: Sender email address used by cron
  • exim_etc_mailname: Exim4 /etc/mailname (default: inventory_hostname)

Optional settings:

  • exim_skip_install: Skip installing Exim4 as MTA (default false)

Docker

Optional variable:

  • none

DynDNS

This task and it's configuration files might be quite specific for the davd/docker-ddns docker container.

Mandatory variables:

  • ddns_server_domain: Domain name of the DynDNS server
  • ddns_passphrase: Passphrase for updating dynDNS entries
  • ddns_zone: Domain where the host's entries are created as $hostname.$ddns_zone

Optional variable:

  • ddns_silence: Set to true to silence stderr too

Telegraf

Mandatory variables:

  • telegraf_server_url: URL of the influxDB server, e.g. https://example.com:8086
  • telegraf_server_user: Username of the influxDB user
  • telegraf_server_passwd: Password of the influxDB user

Telegraf is configured with basic host telemetry by default. You can add more features, if you like:

  • telegraf_docker: Set to true, if docker telemetry should be collected (uses file from telegraf_docker_file)
  • telegraf_unifi_usg_ips: Specify a list of USG IPs, if SNMP telemetry should be collected (uses file from telegraf_unifi_file)
  • telegraf_unifi_ap_ips: Specify a list of AP IPs, if SNMP telemetry should be collected (uses file from telegraf_unifi_file)
  • telegraf_ubnt_ns_ips: Specify a list of Ubiquiti NanoStation IPs, if SNMP telemetry should be collected (uses file from telegraf_airmax_file)
  • telegraf_docker_file: filename of the docker telegraf config part in {{role_path}}/templates (default telegraf-docker.conf).
  • telegraf_unifi_file: filename of the SNMP telegraf config part in {{role_path}}/templates (default telegraf-UniFi.conf.j2).
  • telegraf_airmax_file: filename of the SNMP telegraf config part in {{role_path}}/templates (default telegraf-AirMAX.conf.j2).
  • telegraf_enable_zfs: gather ZFS stats (default false).

Optional settings:

  • telegraf_interval: Data sampling interval (default 300s)

Dependencies

none

Example Playbook

The different tasks should be used on a case-by-case basis:

- name: Common Server Configuration
  hosts: servers
  tasks:
  - name: Servers - Generic setup tasks
    ansible.builtin.import_role:
      name: server
      tasks_from: setup
  - name: Servers - Setup cronjob mails
    ansible.builtin.import_role:
      name: server
      tasks_from: cronmails
  - name: Servers - Setup dyndns cronjob
    ansible.builtin.import_role:
      name: server
      tasks_from: dyndns
  - name: Servers - Setup monitoring
    ansible.builtin.import_role:
      name: server
      tasks_from: telegraf
  - name: Servers - Setup backups (if variables are set)
    ansible.builtin.import_role:
      name: server
      tasks_from: borgbackup

  # Docker
  - name: Servers - Install docker
    ansible.builtin.import_role:
      name: server
      tasks_from: docker
  - name: Servers - Add telegraf to docker group
    become: yes
    ansible.builtin.user:
      name: telegraf
      groups: docker
      append: yes

  # Caddy Webserver
  - name: Servers - Install and setup caddy
    ansible.builtin.import_role:
      name: server
      tasks_from: caddyserver
  - name: Servers - Start caddy service
    become: yes
    ansible.builtin.service:
      name: caddy
      enabled: yes
      state: started

  # UFW Firewall
  - name: Servers - Install UFW
    become: yes
    ansible.builtin.apt:
      name: ufw
      state: present

License

GPLv3