How slowb.ro's services are configured in #docker containers managed by #ansible https://slowb.ro
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Tim 37029bc9f4
ansible-lint / Playbook Lint (push) Failing after 23s Details
feat: themes, template, donate goals
1 week ago
.config fix: linting 3 weeks ago
.gitea/workflows fix: linting 3 weeks ago
roles feat: themes, template, donate goals 1 week ago
.gitignore feat: mumble server 2 years ago
README.md feat: opennic & readme re-write (#7) 2 years ago
hosts feat: goodbye woodpecker 3 weeks ago
makefile chore: update gitea to show donation goals 1 week ago
playbook_games.yml feat: actions-lint-ci (#10) 3 weeks ago
playbook_remote_0x1a.yml feat: 0x1a & l3lv 10 months ago
playbook_remote_archiveteam.yml feat: archive team & minor amendments 4 weeks ago
playbook_remote_fishnet.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
playbook_remote_git.yml chore: update gitea to show donation goals 1 week ago
playbook_remote_mailcow.yml fix: they changed their role upstream! 3 weeks ago
playbook_remote_mumble.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
playbook_remote_nginx_site.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
playbook_remote_opennic.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
playbook_remote_search.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
playbook_remote_status.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
playbook_remote_update.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
playbook_remote_wallabag.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 1 year ago
renovate.json Configure Renovate (#11) 2 weeks ago
requirements.yml fix: they changed their role upstream! 3 weeks ago

README.md

Ansible Configuration Management for Slowb.ro

The current build status (it should always be green...)

The showcases our configuration management system utilised by slowb.ro.

Our tech stack consists of:

  • Ansible (for configuration management)
  • Docker (for running all the contains)
  • debian/ubuntu (for underlying hosting)

Using the tech stack above enables slowbro to have:

  • acme.sh to generate wildcard LE certs via he.net for DNS
  • traefik for web ingress, routing, & authentication
  • mailcow for self-hosted e-mail
  • wallabag as a read-it-later app
  • gitea to host this git
    • woodpecker-ci for automated testing (& deployments)
    • image/registry for our own builds
  • mumble for instant voice communications
  • nginx for website hosting (https://blog.slowb.ro)
  • tor relay(s) & onion(s) for a secure & libre internet
  • (Suggest what else I should use)

Secrets are pulled in from pass

App Deployment(s)

If you have a copy of this repository and wish to build any of these services/tech stack you will need to do a couple things before deploying:

  • Install ansible & pass on your local machine and setup the secrets needed.
  • Make changes to the defaults under roles/{role}/defaults/main.yml in nearly all roles.
    • You can find what path we look for secrets in there.
  • Create your own hosts file with the servers.

Once that is done all you need is SSH access and you are ready to deploy.

Mailcow

After rolling my own role, mailcow actually provide an ansible role under mailcow.mailcow. So we have migrated over to that. We recommend at a minimum 4GB of ram for your mailserver. Due to rspamd (anti-spam) & clamav (anti-virus), they take up about 600M & 1.3G respectively.

ansible-playbook playbook_remote_mailcow.yml -i hosts --ask-become-pass

Wallabag

A great read-it-later application with solid android support.

ansible-playbook playbook_remote_wallabag.yml -i hosts

Git (Gitea/Woodpecker/Docker Registry)

ansible-playbook playbook_remote_git.yml -i hosts

Mumble

ansible-playbook playbook_remote_mumble.yml -i hosts

Extra Services:

Fishnet

Fishnet is a distributed service to help lichess.org run their analysis of the Stockfish engine. We contribute our excess cpu to help others improve their performace. Read more about Fishnet here: https://github.com/niklasf/fishnet#readme

ansible-playbook playbook_remote_fishnet.yml -i hosts

OpenNic

We contribute back to the OpenNIC Project with multiple Tier 2 DNS resolvers.

The role utilises:

  • srvzone method for automating BIND9 updates
  • Has zero logging by default
  • Integrates the Tier 2 Security Measures via iptables for some minor form of security

We will be setting up dnscrypt/DoH/DoT in the future

Note:

If you utilise this role, it will remove all iptable INPUT rules you have and replace then with only allowing SSH & DNS queries. Use at your own risk! I welcome a more efficient solution for this problem. If you have any ideas please feel free to contact me.

ansible-playbook playbook_remote_opennic.yml -i hosts

Tor

We run tor relays on nearly all systems to contribute back our excess bandwidth If you use our common role, you are also contributing!