How slowb.ro's services are configured in #docker containers managed by #ansible https://slowb.ro
Go to file
Tim 5e7bf0f408
ansible-lint / Playbook Lint (push) Failing after 2m25s Details
fix: status needs become
2023-09-27 09:57:45 +10:00
.config fix: linting 2023-05-10 15:07:11 +10:00
.gitea/workflows fix: linting 2023-05-10 15:07:11 +10:00
roles feat: 421 via nginx instead of 0x0 2023-09-27 09:56:43 +10:00
.gitignore feat: mumble server 2021-10-19 11:11:16 +11:00
README.md feat: opennic & readme re-write (#7) 2021-11-22 00:37:15 +00:00
hosts chore: re-organising 2023-06-06 18:46:27 +10:00
makefile fix: status needs become 2023-09-27 09:57:45 +10:00
playbook_games.yml chore: re-organising 2023-06-06 18:46:27 +10:00
playbook_remote_0x1a.yml feat: 0x1a & l3lv 2022-08-08 15:53:19 +10:00
playbook_remote_archiveteam.yml feat: archive team & minor amendments 2023-05-05 10:34:52 +10:00
playbook_remote_fishnet.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
playbook_remote_git.yml chore: update gitea to show donation goals 2023-05-20 12:03:20 +10:00
playbook_remote_mailcow.yml chore: re-organising 2023-06-06 18:46:27 +10:00
playbook_remote_mumble.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
playbook_remote_nginx_site.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
playbook_remote_opennic.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
playbook_remote_search.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
playbook_remote_status.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
playbook_remote_update.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
playbook_remote_wallabag.yml feat: fcqn-builtins, gitea templates & renovate, proper linting 2022-05-30 18:04:12 +10:00
renovate.json Configure Renovate (#11) 2023-05-15 05:32:01 +00:00
requirements.yml fix: they changed their role upstream! 2023-05-10 15:12:32 +10:00

README.md

Ansible Configuration Management for Slowb.ro

The current build status (it should always be green...)

The showcases our configuration management system utilised by slowb.ro.

Our tech stack consists of:

  • Ansible (for configuration management)
  • Docker (for running all the contains)
  • debian/ubuntu (for underlying hosting)

Using the tech stack above enables slowbro to have:

  • acme.sh to generate wildcard LE certs via he.net for DNS
  • traefik for web ingress, routing, & authentication
  • mailcow for self-hosted e-mail
  • wallabag as a read-it-later app
  • gitea to host this git
    • woodpecker-ci for automated testing (& deployments)
    • image/registry for our own builds
  • mumble for instant voice communications
  • nginx for website hosting (https://blog.slowb.ro)
  • tor relay(s) & onion(s) for a secure & libre internet
  • (Suggest what else I should use)

Secrets are pulled in from pass

App Deployment(s)

If you have a copy of this repository and wish to build any of these services/tech stack you will need to do a couple things before deploying:

  • Install ansible & pass on your local machine and setup the secrets needed.
  • Make changes to the defaults under roles/{role}/defaults/main.yml in nearly all roles.
    • You can find what path we look for secrets in there.
  • Create your own hosts file with the servers.

Once that is done all you need is SSH access and you are ready to deploy.

Mailcow

After rolling my own role, mailcow actually provide an ansible role under mailcow.mailcow. So we have migrated over to that. We recommend at a minimum 4GB of ram for your mailserver. Due to rspamd (anti-spam) & clamav (anti-virus), they take up about 600M & 1.3G respectively.

ansible-playbook playbook_remote_mailcow.yml -i hosts --ask-become-pass

Wallabag

A great read-it-later application with solid android support.

ansible-playbook playbook_remote_wallabag.yml -i hosts

Git (Gitea/Woodpecker/Docker Registry)

ansible-playbook playbook_remote_git.yml -i hosts

Mumble

ansible-playbook playbook_remote_mumble.yml -i hosts

Extra Services:

Fishnet

Fishnet is a distributed service to help lichess.org run their analysis of the Stockfish engine. We contribute our excess cpu to help others improve their performace. Read more about Fishnet here: https://github.com/niklasf/fishnet#readme

ansible-playbook playbook_remote_fishnet.yml -i hosts

OpenNic

We contribute back to the OpenNIC Project with multiple Tier 2 DNS resolvers.

The role utilises:

  • srvzone method for automating BIND9 updates
  • Has zero logging by default
  • Integrates the Tier 2 Security Measures via iptables for some minor form of security

We will be setting up dnscrypt/DoH/DoT in the future

Note:

If you utilise this role, it will remove all iptable INPUT rules you have and replace then with only allowing SSH & DNS queries. Use at your own risk! I welcome a more efficient solution for this problem. If you have any ideas please feel free to contact me.

ansible-playbook playbook_remote_opennic.yml -i hosts

Tor

We run tor relays on nearly all systems to contribute back our excess bandwidth If you use our common role, you are also contributing!