This repository configures the base setup for servers that @wheresalice manages.
- services.wheresalice.info
Note that I probably won't approve this unless I already know you
- Raise an issue to request access, which will include the private git repo for managing docker compose
- Raise a PR to get yourself added to
group_vars/wheresalice.ymlto get ssh access to the servers
Install a recent version of Ansible first
Then clone the repository and install dependencies:
git clone https://github.com/wheresalice/docker-ansible.git docker-ansible/
ansible-galaxy install -r requirements.yml
# Check your setup
ansible all -m ping -i hosts
# converge all servers
ansible-playbook site.yml -v -i hosts
# converge services.wheresalice.info
ansible-playbook wheresalice.yml -v -i hosts
# lint the ansible code
docker run --rm -ti -v `pwd`:/src/playbook -w /src/playbook ghcr.io/ansible/creator-ee:latest ansible-lint
The hosts file defines all hosts and groups which they belong to. Note that a single host can be member of multiple groups. Define groups for each rack, for each network, or for each environment (e.g. production vs. test).
The group playbooks (e.g. wheresalice.yml) simply associate hosts with roles
| role | description |
|---|---|
| common | create and manage users and common base setup across all servers |
| geerlingguy.docker | install Docker |
| oefenweb.fail2ban | configure fail2ban |
| ssh_hardening | harden ssh configuration from devsec.hardening |
| os_hardening | harden os configuration from devsec.hardening |