Initial commit

README.md

@@ -0,0 +1,27 @@
+# Self-host all the things!
+
+A repository containing a set of [Ansible](https://www.ansible.com/) roles and playbooks to provision self-hosted Open Source services to regain control of your data.
+
+## Services
+
+- Nextcloud Hub
+- Jitsi Meet
+
+## Prerequisites
+
+- A server running Ubuntu or Debian and working SSH access
+- Ansible on another computer that will send SSH commands to the target server to provision it
+
+## Quickstart: Vagrant
+
+By default, a `vagrant` user will be provisioned (if not already available) and used throughout the provisioning.
+
+**TODO: Provide Vagrantfile and further documentation!**
+
+## Quickstart: Regular server/VM
+
+- Clone this repo
+- Install dependencies (roles): `ansible-galaxy install -r requirements.yml`
+- Adapt the inventory and choose the services
+- Configure each desired service by following the README of its role.
+- Run the playbook `site.yml` or one of the service playbooks.

ansible.cfg

@@ -0,0 +1,21 @@
+[defaults]
+inventory = ./inventory.ini
+roles_path = ./roles
+forks = 20
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = ./facts
+fact_caching_timeout = 600
+log_path = ./ansible.log
+nocows = 1
+#callback_whitelist = profile_tasks
+private_key_file = ~/.ssh/keys.d/id_ansible
+
+[privilege_escalation]
+become = false
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ServerAliveInterval=60
+control_path = %(directory)s/%%h-%%r
+pipelining = True
+timeout = 10

common.yml

@@ -0,0 +1,6 @@
+---
+# Common provisioning
+
+- hosts: all
+  roles:
+    - jotbe.common

docker.yml

@@ -0,0 +1,9 @@
+---
+# Basic Docker environment
+
+- hosts: docker
+  become: true
+  roles:
+    - geerlingguy.pip
+    - geerlingguy.docker
+    - jotbe.traefik-docker

files/tmux.conf

@@ -0,0 +1,67 @@
+#new-session -n $HOST
+unbind C-b
+
+set -g prefix C-y
+bind-key y send-prefix # For nested tmux sessions
+
+set -g default-terminal "screen-256color"
+
+# BEGIN it
+#set-option -g default-shell "/bin/fish"
+# END it
+
+# BEGIN tp
+#set-option -g default-shell "/usr/bin/fish"
+# END tp
+
+set -g history-limit 10000
+set -g update-environment "DBUS_SESSION_BUS_ADDRESS DISPLAY SSH_AUTH_SOCK XAUTHORITY"
+
+set -g base-index 1
+set-window-option -g pane-base-index 1
+#set -g mouse-select-pane on
+#set -g mouse on
+
+############################################################################
+## Status Bar
+#############################################################################
+#set-option -g status-utf8 on
+#set-option -g status-justify right
+#set-option -g status-bg black # colour213 # pink
+#set-option -g status-fg cyan
+#set-option -g status-interval 5
+#set-option -g status-left-length 30
+#set-option -g status-left '#[fg=magenta]» #[fg=blue,bold]#T#[default]'
+#set-option -g status-right '#[fg=red,bold][[ #(git branch) branch ]] #[fg=cyan]»» #[fg=blue,bold]###S #[fg=magenta]%R %m-%d#(acpi | cut -d ',' -f 2)#[default]'
+#set-option -g visual-activity on
+
+# Titles (window number, program name, active (or not)
+set-option -g set-titles on
+set-option -g set-titles-string '#H:#S.#I.#P #W #T'
+
+set -s escape-time 0
+
+setw -g automatic-rename
+setw -g aggressive-resize on
+setw -g mode-keys vi
+
+#bind - set default-path $PWD \; split-window -v\; set default-path ~/
+#bind | set default-path $PWD \; split-window -h\; set default-path ~/
+unbind %
+#unbind :
+bind - split-window -v
+bind | split-window -h
+
+bind-key C-y last-window
+bind-key k  kill-window
+bind-key K  kill-session
+
+bind-key c  new-window -c "#{pane_current_path}"
+
+# force a reload of the config file
+unbind r
+bind r source-file ~/.tmux.conf \; display-message "Config reloaded."
+
+unbind ^A
+bind ^A select-pane -t :.+
+

group_vars/docker.yml

@@ -0,0 +1,10 @@
+pip_install_packages:
+  - name: docker
+  - name: docker-compose
+docker_edition: "ce"
+docker_version: "19.03.5"
+docker_package: "docker-{{ docker_edition }}"
+docker_package_state: present
+docker_compose_version: "1.25.0"
+docker_users:
+  - deploy

inventory.ini.sample

@@ -0,0 +1,17 @@
+# All hosts
+vagrant ansible_user
+
+[docker]
+vagrant
+
+[ubuntu]
+vagrant
+
+[debian:children]
+ubuntu
+
+[nextcloud]
+vagrant
+
+[jitsi-docker]
+vagrant

jitsi.yml

@@ -0,0 +1,7 @@
+---
+# Jitsi Meet
+
+- hosts: jitsi-docker
+  become: true
+  roles:
+    - jotbe.jitsi-docker

nextcloud.yml

@@ -0,0 +1,7 @@
+---
+# Nextcloud Hub
+
+- hosts: nextcloud
+  become: true
+  roles:
+    - jotbe.nextcloud-docker

playbooks/base-upgrade.yml

@@ -0,0 +1,22 @@
+---
+- hosts: debian
+  become: true
+  tasks:
+    - name: Upgrade base system
+      apt: upgrade=yes update_cache=yes
+      notify: restart server
+  #   - name: Waiting for server to become available
+  #     wait_for:
+  #       port: 22
+  #       host: "{{ (ansible_ssh_host|default(ansible_host))|default(inventory_hostname) }}"
+  #       search_regex: OpenSSH
+  #       delay: 10
+  #       timeout: 60
+  #     connection: local
+  # handlers:
+  #   - name: restart server
+  #     become: true
+  #     become_user: root
+  #     reboot:
+
+  # See also: https://www.middlewareinventory.com/blog/ansible_wait_for_reboot_to_complete/

playbooks/bootstrap-python.yml

@@ -0,0 +1,21 @@
+---
+- hosts:
+    - ubuntu
+    - debian
+  gather_facts: false
+  become: true
+  pre_tasks:
+    - name: Print env
+      raw: env
+    - name: Generate locals
+      raw: |
+        export LC_ALL="de_DE.UTF-8";
+        export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin;
+        locale-gen de_DE.UTF-8
+      changed_when: false
+    - name: Install Python
+      raw: |
+        export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin;
+        test -e /usr/bin/python || (apt -y update && apt -y install python python-apt)
+      changed_when: false
+    - setup: # gather facts

playbooks/nsupdate.yml

@@ -0,0 +1,39 @@
+---
+- hosts: localhost
+  connection: local
+  tasks:
+    - name: Add subdomains as CNAMEs to hh01.jotbe.io
+      nsupdate:
+        key_name: "{{ nsupdate_key_name }}"
+        key_algorithm: "{{ nsupdate_key_algorithm }}"
+        key_secret: "{{ nsupdate_private_key }}"
+        server: "{{ nsupdate_dns_server_name }}"
+        zone: hh01.jotbe.io
+        record: "{{ item }}"
+        type: CNAME
+        ttl: 600
+        value: hh01.jotbe.io.
+      with_items:
+        - cloud
+        - hl
+        - nextcloud
+        - gitea
+        - trilium
+        - drone
+    - name: Remove subdomain CNAMEs from hh01.jotbe.io
+      nsupdate:
+        key_name: "{{ nsupdate_key_name }}"
+        key_algorithm: "{{ nsupdate_key_algorithm }}"
+        key_secret: "{{ nsupdate_private_key }}"
+        server: "{{ nsupdate_dns_server_name }}"
+        zone: hh01.jotbe.io
+        record: "{{ item }}"
+        type: CNAME
+        ttl: 600
+        value: hh01.jotbe.io.
+        state: absent
+      with_items:
+        - notes
+        - plex
+        - emby
+        - jellyfin

requirements.yml

@@ -0,0 +1,15 @@
+- geerlingguy.pip
+- geerlingguy.docker
+
+- name: jotbe.common
+  src: https://git.jotbe.io/jotbe/ansible-role-common.git
+  scm: git
+- name: jotbe.traefik-docker
+  src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git
+  scm: git
+- name: jotbe.nextcloud-docker
+  src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git
+  scm: git
+- name: jotbe.jitsi-docker
+  src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git
+  scm: git

site.yml

@@ -0,0 +1,7 @@
+---
+# Deploy all the things
+
+- import_playbook: common.yml
+- import_playbook: docker.yml
+- import_playbook: nextcloud.yml
+- import_playbook: jitsi.yml