| playbooks | ||
| .gitignore | ||
| ansible-navigator.yml | ||
| execution-environment.yml | ||
| forgejo-vars.yml | ||
| LICENSE | ||
| nginx-https-vars.yml | ||
| README.MD | ||
| vars.yml | ||
Ansible Debian Bootstrap
Here is my ansible configuration which I use to initialize debian vps. Bootstrap playbook is used first ton configure the server, while Site playbook is used for maintenance and server evolution.
I could have use a bash script but..
Ansible idempotency makes it easy to iterate over modifications without caring about what's already in place. This repository can also be used as a base config that can evolve with more services depending on server needs. Finally, it can handle bootstrapping multiple servers at the same time.
How to use it
To use it, you must complete your variable secrets in vault represented in vars.yml with ansible-vault:
ansible-vault create vault.yml
Then, run :
ansible-navigator run playbooks/[PLAYBOOKNAME].yml --vault-password-file [PASSWORDFILENAME].txt
Bootstrap playbook
Bootstrap playbook is used to setup at first launch a debian server with :
- New user
- No root login
- A custom ssh port
- Fail2ban basic setup
- UFW as firewall
- no password authentification, only ssh key.
To use the bootstrap playbook:
- Write your inventory.ini with your ip and root login prodided by your hosting service.
- Make a vault file with your secret variables corresponding to those in vars.yml
- Launch your playbook mentionning your var file and secret
- If successful, rewrite your inventory.ini with the good ansible_user variable.
Site playbook
Site playbook is used to maintain the server.