This collection contains roles and playbooks for bootstrapping my homelab and workstation.
Refer to docs/roles.md for documentation.
goss
installs and runs Goss server validationnfs
mounts given NFS sharessecurity
provides basic hardening such as configuringsudo
, SSH hardening, installing ufw and fail2banssl
generates TLS certificates from root and intermediate CAsnginx
configures and starts nginx as systemd servicecertbot
provisions Let's Encrypt certificates for given domainswebhook
configures and starts webhook as systemd service
- ansible[lint]
- molecule[docker,vagrant]
- Docker
- Vagrant
- make
When testing locally, the collection can be quickly installed to the local collections path with
$ make galaxy-install
To debug and test roles, run:
$ make converge scen=security
$ make verify scen=security
When running roles with service
, systemd is required. However,
there are
issues with
running systemd in Docker containers. As such, these roles require Vagrant and
molecule-vagrant. Affected roles:
security
Additionally, apt update
is not working well in Debian 10 container due to
"oldstable".