This repository contains an Ansible playbook to setup server configuration.
To update and execute the serverconfig.yml playbook locally for the current machine, run:
./update.sh
./setup.sh
The playbook can be tested in an isolated environment with Docker and Docker Compose. Run one of the following commands depending on the target OS:
./test.sh debian11
./test.sh debian12
./test.sh rocky8
./test.sh rocky9
./test.sh ubuntu2204
Tests are run against a localhost host in the test group.
Note that some steps (e.g. enabling services) cannot be run in Docker and will be skipped.
The following roles are available in this repository:
base: common packages and system configurationdocker: Docker daemon setupfirewall: firewall configurationhomeserver: services for home automation, file sharing and media centerk8s: Kubernetes master, control plane or worker nodekodi: Kodi media centeropenvpn: OpenVPN server or clientotelcol: OpenTelemetry Collector
Role names can be used as tags to include/exclude some of them during execution, for example:
./setup.sh --tags base
./setup.sh --skip-tags k8s
As a best practice, secret variables should be named with a vault_ prefix, placed in an encrypted vault.yml file and referenced from a vars.yml file.
The Vault password must be specified in a vault.password file at the root of this repository.
To encrypt/view/decrypt files, use one of the following commands:
./vault.sh encrypt roles/<rolename>/defaults/main/vault.yml
./vault.sh view roles/<rolename>/defaults/main/vault.yml
./vault.sh decrypt roles/<rolename>/defaults/main/vault.yml