I decided to move from manually configuring my servers to automating the process with ansible. Maybe you find these useful.
- Install ansible (preferably 2.4.0 or higher)
- Run
ansible-galaxy install --roles-path roles -r roles.yml
- Run
./setup-deps.sh
Add your hosts to host.yml
. Give each host a hostname
(this will be used to modify /etc/hostname on the remote). Optionally, use a nice name for the host and set ansible_ssh_host
.
Set some variables you may not want to be publically available in host_vars/<host>
. I set the (crypted) root password, user password and my mail address. To generate crypted passwords, check out mkpasswd.py
.
Modify file/authorized_keys
. Add your own, optionally remove mine.
Global configuration can be done in provision.yml
: Default user name, dotfiles source, some log files, ...
ansible-playbook -i hosts.yml provision.yml
for the initial setup steps. This bootstraps python on the remote if not already installed.
ansible-playbook -i hosts.yml update-dotfiles.yml
to update dotfiles on all users and /etc/skel after changes have been pushed to master.
ansible-playbook -i hosts.yml services.yml
to install all services. Use --tags <tag>
to limit what services to install, but note that there are some internal dependencies.
Generates a user, configures zsh and sets authorized_keys.
Required variables:
- user
- password
Optional:
- ugroups: List of groups that the user should be added to
Has two modes:
- Setup acme-tiny environment (with some apache specific configuration)
- Request a certificate for a domain (apache vhost must be configured)
Variables:
- do_setup: true for setup, false to request certificate
- domain: set to fqdn if requesting a certificate
- aliases: optionally, specify aliases to name in certificate
Set up apache2, configured for an arch environment.
Has two modes:
- setup: Setup apache
- vhost: Configure vhost
Required variables:
- host
Required variables
- vhost: Domain prefix
- host: Domain suffix
- root_path or root_dir: If root_path is set, use that as DocumentRoot. Otherwise, /srv/http/<root_dir>
Optional variables:
- aliases: List of full domain aliases. Defaults to []
- options: Directory options for DocumentRoot. Defaults to None
- allow_override: AllowOverride setting for DocumentRoot. Defaults to None
- additional_settings: anything else that should go into the vhost configuration. Defaults to []
- docroot_addtional_settings: anything else that should go into the Directory setting for the DocumentRoot
Install and configure znc
Required variables:
- znc_user_pass: Password of the system account (called
znc
) - znc_listeners:
- Port
- Optional: ipv4 (Y/n), ipv6 (Y/n), ssl (Y/n)
- znc_modules: Names of global modules to load.
webadmin
is always loaded. - znc_users:
- name
- admin (y/N)
- altname (= name_)
- ident (= name)
- realname (=
[REDACTED]
) - modules (= [])
- settings (= [])
- networks:
- name
- address
- ssl (y/N)
- port
- modules (= [])
- settings (= [])
- znc_passwords: map from user to (method,hash,salt) (see
znc-mkpasswd.py
) - znc_settings:
- Additional settings
- znc_host: hostname for irc (used in cert)
Install postgres
Install and configure nextcloud
Required variables
- nextcloud_db_password: A password in hashed format: "md5" + md5(pass+"nextcloud")
- nc_conf_db_pass: The same password, in cleartext (sorry)
- nc_admin_user: Admin account user name
- nc_admin_pass: Admin account password, in cleartext
Optional:
- nc_additional_users: List of user/pass (cleartext) combinations
- nextcloud_purge_install_yes_really: Remove old nc installation, if one exists. THIS WILL WIPE ALL YOUR DATA