jotbe/ansible-selfhosted-services
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Initial commit

Browse source
This commit is contained in:
Jan Beilicke 2020-03-24 01:04:18 +01:00
commit a27071c06a
16 changed files with 275 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
README.md Normal file
View file

@ -0,0 +1,27 @@
# Self-host all the things!
A repository containing a set of [Ansible](https://www.ansible.com/) roles and playbooks to provision self-hosted Open Source services to regain control of your data.
## Services
- Nextcloud Hub
- Jitsi Meet
## Prerequisites
- A server running Ubuntu or Debian and working SSH access
- Ansible on another computer that will send SSH commands to the target server to provision it
## Quickstart: Vagrant
By default, a `vagrant` user will be provisioned (if not already available) and used throughout the provisioning.
**TODO: Provide Vagrantfile and further documentation!**
## Quickstart: Regular server/VM
- Clone this repo
- Install dependencies (roles): `ansible-galaxy install -r requirements.yml`
- Adapt the inventory and choose the services
- Configure each desired service by following the README of its role.
- Run the playbook `site.yml` or one of the service playbooks.

21
ansible.cfg Normal file
View file

@ -0,0 +1,21 @@
[defaults]
inventory = ./inventory.ini
roles_path = ./roles
forks = 20
gathering = smart
fact_caching = jsonfile
fact_caching_connection = ./facts
fact_caching_timeout = 600
log_path = ./ansible.log
nocows = 1
#callback_whitelist = profile_tasks
private_key_file = ~/.ssh/keys.d/id_ansible
[privilege_escalation]
become = false
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ServerAliveInterval=60
control_path = %(directory)s/%%h-%%r
pipelining = True
timeout = 10

6
common.yml Normal file
View file

@ -0,0 +1,6 @@
---
# Common provisioning
- hosts: all
roles:
- jotbe.common

9
docker.yml Normal file
View file

@ -0,0 +1,9 @@
---
# Basic Docker environment
- hosts: docker
become: true
roles:
- geerlingguy.pip
- geerlingguy.docker
- jotbe.traefik-docker

0
files/public_keys/.keep Normal file
View file

67
files/tmux.conf Normal file
View file

@ -0,0 +1,67 @@
#new-session -n $HOST
unbind C-b
set -g prefix C-y
bind-key y send-prefix # For nested tmux sessions
set -g default-terminal "screen-256color"
# BEGIN it
#set-option -g default-shell "/bin/fish"
# END it
# BEGIN tp
#set-option -g default-shell "/usr/bin/fish"
# END tp
set -g history-limit 10000
set -g update-environment "DBUS_SESSION_BUS_ADDRESS DISPLAY SSH_AUTH_SOCK XAUTHORITY"
set -g base-index 1
set-window-option -g pane-base-index 1
#set -g mouse-select-pane on
#set -g mouse on
############################################################################
## Status Bar
#############################################################################
#set-option -g status-utf8 on
#set-option -g status-justify right
#set-option -g status-bg black # colour213 # pink
#set-option -g status-fg cyan
#set-option -g status-interval 5
#set-option -g status-left-length 30
#set-option -g status-left '#[fg=magenta]» #[fg=blue,bold]#T#[default]'
#set-option -g status-right '#[fg=red,bold][[ #(git branch) branch ]] #[fg=cyan]»» #[fg=blue,bold]###S #[fg=magenta]%R %m-%d#(acpi | cut -d ',' -f 2)#[default]'
#set-option -g visual-activity on
# Titles (window number, program name, active (or not)
set-option -g set-titles on
set-option -g set-titles-string '#H:#S.#I.#P #W #T'
set -s escape-time 0
setw -g automatic-rename
setw -g aggressive-resize on
setw -g mode-keys vi
#bind - set default-path $PWD \; split-window -v\; set default-path ~/
#bind | set default-path $PWD \; split-window -h\; set default-path ~/
unbind %
#unbind :
bind - split-window -v
bind | split-window -h
bind-key C-y last-window
bind-key k kill-window
bind-key K kill-session
bind-key c new-window -c "#{pane_current_path}"
# force a reload of the config file
unbind r
bind r source-file ~/.tmux.conf \; display-message "Config reloaded."
unbind ^A
bind ^A select-pane -t :.+

0
group_vars/.keep Normal file
View file

10
group_vars/docker.yml Normal file
View file

@ -0,0 +1,10 @@
pip_install_packages:
- name: docker
- name: docker-compose
docker_edition: "ce"
docker_version: "19.03.5"
docker_package: "docker-{{ docker_edition }}"
docker_package_state: present
docker_compose_version: "1.25.0"
docker_users:
- deploy

17
inventory.ini.sample Normal file
View file

@ -0,0 +1,17 @@
# All hosts
vagrant ansible_user
[docker]
vagrant
[ubuntu]
vagrant
[debian:children]
ubuntu
[nextcloud]
vagrant
[jitsi-docker]
vagrant

7
jitsi.yml Normal file
View file

@ -0,0 +1,7 @@
---
# Jitsi Meet
- hosts: jitsi-docker
become: true
roles:
- jotbe.jitsi-docker

7
nextcloud.yml Normal file
View file

@ -0,0 +1,7 @@
---
# Nextcloud Hub
- hosts: nextcloud
become: true
roles:
- jotbe.nextcloud-docker

22
playbooks/base-upgrade.yml Normal file
View file

@ -0,0 +1,22 @@
---
- hosts: debian
become: true
tasks:
- name: Upgrade base system
apt: upgrade=yes update_cache=yes
notify: restart server
# - name: Waiting for server to become available
# wait_for:
# port: 22
# host: "{{ (ansible_ssh_host|default(ansible_host))|default(inventory_hostname) }}"
# search_regex: OpenSSH
# delay: 10
# timeout: 60
# connection: local
# handlers:
# - name: restart server
# become: true
# become_user: root
# reboot:
# See also: https://www.middlewareinventory.com/blog/ansible_wait_for_reboot_to_complete/

21
playbooks/bootstrap-python.yml Normal file
View file

@ -0,0 +1,21 @@
---
- hosts:
- ubuntu
- debian
gather_facts: false
become: true
pre_tasks:
- name: Print env
raw: env
- name: Generate locals
raw: |
export LC_ALL="de_DE.UTF-8";
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin;
locale-gen de_DE.UTF-8
changed_when: false
- name: Install Python
raw: |
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin;
test -e /usr/bin/python || (apt -y update && apt -y install python python-apt)
changed_when: false
- setup: # gather facts

39
playbooks/nsupdate.yml Normal file
View file

@ -0,0 +1,39 @@
---
- hosts: localhost
connection: local
tasks:
- name: Add subdomains as CNAMEs to hh01.jotbe.io
nsupdate:
key_name: "{{ nsupdate_key_name }}"
key_algorithm: "{{ nsupdate_key_algorithm }}"
key_secret: "{{ nsupdate_private_key }}"
server: "{{ nsupdate_dns_server_name }}"
zone: hh01.jotbe.io
record: "{{ item }}"
type: CNAME
ttl: 600
value: hh01.jotbe.io.
with_items:
- cloud
- hl
- nextcloud
- gitea
- trilium
- drone
- name: Remove subdomain CNAMEs from hh01.jotbe.io
nsupdate:
key_name: "{{ nsupdate_key_name }}"
key_algorithm: "{{ nsupdate_key_algorithm }}"
key_secret: "{{ nsupdate_private_key }}"
server: "{{ nsupdate_dns_server_name }}"
zone: hh01.jotbe.io
record: "{{ item }}"
type: CNAME
ttl: 600
value: hh01.jotbe.io.
state: absent
with_items:
- notes
- plex
- emby
- jellyfin

15
requirements.yml Normal file
View file

@ -0,0 +1,15 @@
- geerlingguy.pip
- geerlingguy.docker
- name: jotbe.common
src: https://git.jotbe.io/jotbe/ansible-role-common.git
scm: git
- name: jotbe.traefik-docker
src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git
scm: git
- name: jotbe.nextcloud-docker
src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git
scm: git
- name: jotbe.jitsi-docker
src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git
scm: git

7
site.yml Normal file
View file

@ -0,0 +1,7 @@
---
# Deploy all the things
- import_playbook: common.yml
- import_playbook: docker.yml
- import_playbook: nextcloud.yml
- import_playbook: jitsi.yml