ansible/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
55 commits 3 branches 0 tags 534 KiB
  • Jinja 85.1%
  • Python 13.7%
  • Shell 1.2%
Find a file
Exact
Stefan Lindecke f125c6ec01 Merge branch 'develop' into main 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-14 10:41:27 +02:00
.ansible Add AGENTS.md and commit pending changes 2025-11-21 13:18:41 +01:00
backup Weitere Cleanups und Anpassungen 2025-12-20 21:17:00 +01:00
garagehq repo: add wireguard + garagehq playbooks 2026-05-06 10:04:21 +02:00
home Ansible Playbooks für Home- und Server-Updates 2026-04-08 12:42:04 +02:00
host_vars roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00
inventory feat: fail2ban, uptime-kuma, neue Instanzen und sshkeys-Fix 2026-04-11 19:09:38 +02:00
molecule/_commons initial 2025-05-21 13:10:32 +02:00
roles roles/updates: unattended-upgrades, Idempotenz und Verbesserungen 2026-05-14 10:36:07 +02:00
scripts updates/mail: fixes und tooling 2026-02-04 14:43:37 +01:00
server instances: default log dir mode 0770 2026-05-11 01:06:52 +02:00
sshKeys Merge branch 'develop' into main 2026-05-14 10:41:27 +02:00
templates roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00
vendor/roles/powerdns.pdns initial 2025-05-21 13:10:32 +02:00
wireguard repo: add wireguard + garagehq playbooks 2026-05-06 10:04:21 +02:00
.gitignore Merge remote-tracking branch 'origin/main' 2026-05-11 01:07:38 +02:00
AGENTS.md Docs: document unified instances + server aliases and Vault workflow (locations, key pattern, run commands) 2025-11-21 15:15:51 +01:00
ansible.cfg Merge branch 'develop' into main 2026-05-14 10:41:27 +02:00
CLAUDE.md feat: fail2ban, uptime-kuma, neue Instanzen und sshkeys-Fix 2026-04-11 19:09:38 +02:00
create_instances.yml roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00
dns_config.yml roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00
dns_install.yml roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00
enusre_host_vars.yml roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00
instances_done.yml roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00
mail-config.yml mail_local: erweitere rspamd und mail setup 2026-01-22 11:35:29 +01:00
README.md updates/mail: fixes und tooling 2026-02-04 14:43:37 +01:00
server-install.yml provisioning: Traefik durch Caddy ersetzt und weitere Verbesserungen 2025-12-05 16:32:52 +01:00
server-uninstall.yml initial 2025-05-21 13:10:32 +02:00
server-update.yml Add updates role with hosts file generation and DNSControl updates 2025-12-20 12:47:00 +01:00
share_sshkeys.yml Merge branch 'develop' into main 2026-05-14 10:41:27 +02:00
unattendes.yml roles/provisioning: Umstellung auf Traefik und Apache 2025-11-21 17:14:27 +01:00
wireguard-manage.yml roles/instances: reload php-fpm via systemctl 'php*-fpm.service' and reload units with xargs 2026-01-18 13:51:01 +01:00

README.md

Ansible Server Repository

This repository manages server instances and roles using a unified configuration.

Quick start

  • Define server aliases and host mapping in inventory/group_vars/all.yml.
  • Add instances to inventory/instance_vars/instances.yml with server: <alias> and reference passwords as {{ mysql_passwords['user__domain'] }}.
  • Store MySQL passwords in the vaulted file inventory/hosts/group_vars/all/mysql_passwords.yml using the key pattern username__domain.

Run

  • All hosts: ansible-playbook -i inventory/hosts create_instances.yml --check --diff
  • With Vault prompt: --ask-vault-pass or with file: --vault-password-file .vault_pass.txt
  • Limit to one host: -l sv01.server.ktrion.de

Key files

  • create_instances.yml filters instances per host by resolved alias.
  • inventory/group_vars/all.yml holds aliases and FQDN mappings.
  • inventory/instance_vars/instances.yml is the single source of instances.
  • inventory/hosts/group_vars/all/mysql_passwords.yml contains vaulted MySQL passwords.
  • inventory/hosts/group_vars/all/mail_passwords.yml contains vaulted Mail/IMAP passwords.

Mail passwords (mail_local)

  • Add password hashes to inventory/hosts/group_vars/all/mail_passwords.yml using keys:
    • <username>__<domainname>__system
    • <username>__<domainname>__mail
  • Hash generation:
    • System hash: openssl passwd -6
    • Dovecot hash: doveadm pw -s SHA512-CRYPT
  • Edit via Vault: ansible-vault edit inventory/hosts/group_vars/all/mail_passwords.yml
  • Script to set a mail password (Vault required):
    • scripts/set_mail_password.sh <username> <domain> [password]
    • Optional: FILE=inventory/hosts/group_vars/all/mail_passwords.yml

Contributing

  • Keep playbooks idempotent and use FQCN modules (ansible.builtin.*).
  • Validate with --check --diff; lint with ansible-lint and yamllint if available.