USAGE:
# Install ansible
brew install ansible || apt install ansible
# Clone and setup the repository
git clone https://github.com/akhlakm/ansible.git
cd ansible
git config core.hooksPath .githooks
# Setup password
vi .password
# Install ansible collections
ansible-galaxy collection install -r ansible-collections.yml
# View tags
ansible-playbook -i "192.168.0.100," main.yml --list-tags
# Run tag(s), example:
ansible-playbook -i server.com, main.yml --tags setup,boot
# Decrypt/encrypt the configuration:
ansible-vault decrypt config.yml
ansible-vault encrypt config.yml
Run ansible-playbook --help
for additional options.
To handover the control to ansible, the following intialization should be done first
by logging into a new machine using the root
account with the default ssh port 22.
curl -L https://raw.githubusercontent.com/akhlakm/ansible/main/setup.sh -o /root/setup.sh && bash /root/setup.sh
Reboot the system and exit.
Now update the ansible_user
and ansible_port
in config.yml
and run the server.yml
playbook.
All important data must be inside the containers volume mounts.
A cron job is set to run every night to backup the containers.
The cron job will stop, perform backup and restart the container.
If a container should not be restarted, set it to remove in config.yml
.
# Manually add a backup of a directory using restic.
backup.sh <directory>
# View available backups.
backup.sh snapshots
# Manually download the restic repo for offsite backup.
rsync server.com:/data/restic.tar.gz .
Login to the server and use certbot to obtain certificate per subdomain.
certbot certonly --nginx -d www.server.com -d server.com
Then set ssl: yes
in config.yml
to enable SSL in nginx.
To renew all certificates that are due for a renewal, run
sudo certbot renew