/struct

IaC (Infrastructure as Code) for my Raspberry Pi and Ubuntu Server

Primary LanguageYAMLDo What The F*ck You Want To Public LicenseWTFPL

struct: Raspberry Pi/Ubuntu Server Ansible Playbooks


These are my two Ansible playbooks that I use to automatically provision settings and applications on my Raspberry Pi 4 using Ubuntu Server, as well as my main server, named Nova, also running Ubuntu Server.

Ansible is an awesome tool by Red Hat that allows idempotent and reproducible configuration for one or many servers. It only takes one command to run through all the tasks.

Personally, I am learning this to be able to re-provision my Raspberry Pi and Nova server if anything goes wrong. I actually discovered Ansible just before I nuked my Pi's permission system (chown gone wrong). Therefore, I decided to configure everything via Ansible instead of sshing into the Pi and re-downloading all of my docker-compose files. Just run the playbook and it will do the rest.

I learned the very basics of Ansible (and that it exists) from Wolfgang's Channel. His infra playbook he uses to provision his Ubuntu NAS has been very handy. Most of the roles and tasks are from there. Kudos!

EDIT (Nov 2023): I still use Ansible to configure Nginx using templates! However, I use Docker Compose more frequently, and just backup the docker-compose.yml files. I find it way easier than integrating it with Ansible. If my servers ever go down, or I want to re-install for any reason, I can still use Ansible to help me recover with ease.

Features

General

  • Installs/updates/upgrades packages, disables password SSH and sets custom hostname
  • Installs zsh with oh-my-zsh and a custom Powerline10k theme, sets the default shell as zsh
  • Installs and configures Docker (as well as docker-compose and the Ansible Docker module)

Networking

  • Installs and configures Nginx
    • I use Jinja templates to create a file for each service that points the port of the service to a custom URL, such as jellyfin.box. In PiHole, I use Local DNS to assign jellyfin.box to the correct IP, and Nginx routes it accordingly.
    • Each service is configured with an SSL cert, automatic re-writes to HTTPS, CORS and HTTS rules, and the required proxy headers for the service to function.

Services

Installs and configures the following on the Raspberry Pi:

  • PiHole (DNS filter)
  • Wireguard VPN (access home network from anywhere)
    • Also fetches client QR codes and config files from the Docker container for use

Installs and configures the following on my Nova server:

  • hd-idle (spins down disks when idle for a specified time)

Configures the Nginx reverse proxy on my Nova server for the following Docker containers:

  • Dashy (home page for self-hosted services)
  • Deluge (torrent client)
  • Grafana (data visualisation)
  • Jellyfin (free software media system)
  • Jellyseerr (media library request system for Jellyfin)
  • Librespeed (local speedtests)
  • Photoprism (self-hosted online photo browser)
  • Nextcloud (basically self-hosted MS365)
  • Prometheus (data provider to Grafana)
  • Radarr (legally obtained Linux ISO collection manager)
  • Sonarr (same as Radarr but for Linux ISO series)
  • Uptime Kuma (self-hosted monitoring tool and status site)
  • Wakapi (WakaTime-compatible coding statistics dashboard for developers)

Usage

All you need is something running Ubuntu Server.

  1. Install Ansible.
  2. Clone the repo.
git clone https://github.com/xMdb/structure
  1. Edit the hosts file and adjust the variables so it can connect to your server using SSH.
  2. Run the playbook.
ansible-playbook run.yml -K

For future runs, omit the -K, as passwordless sudo will be enabled.

For more information, please see the Ansible docs.