Ansible playbook to configure a home server

Warning

Still In Progress

Requirements

• Ubuntu Server 22.04 LTS
• First installation should be finished before this playbook to run

Recommended configurations

• Boot system and root in a dedicated SSD drive with the default ext4 partitioning and stores nothing but OS
• All other drives are formatted into ZFS pools
  • a "fast" pool with 2 SSD in a mirror mode (~256Gb each)
    • to store applications data, caches and other I/O demanded files
  • a "slow" pool with 2 HDD in a mirror mode (~2Tb each)
    • to store media files or other big amoung of applications data (like photos or documents)
  • a "very big and slow" pool with 1 HDD in a stripe mode (~8Tb)
    • to store big files that doesn't need to be redundant or backed up (for example, something that easily retractable from the internet)

Remarks

• Users
  • apps to run all non-priviliged contaners
  • homessh to connect via ssh
  • sambashare to connect to SMB share via clients
• Permissions
  • 0644 - More relevant for files
    • Owner can read & write.
    • Group and Other can only read
  • 0754 - More relevant for directories
    • Owner can everything
    • Group can read and "open" directory (see what inside), but can't write
    • Other can only see the directory, but can't "go inside" nor write.
• Directory structure
  • / only for OS
  • /mnt/pools to mount ZFS pools
  • /mnt/pools/<fast|slow>/apps-data/<app's name> stores all stuff dedicated to the given app directly
  • /mnt/pools/fast/docker/data-root is dedicated to store all docker related stuff instead of /var/lib/docker
• Files Structure

Docker daemon configuration

{
  "data-root": "/mnt/pools/fast/docker/data-root",
  "storage-driver": "zfs",
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "1m",
    "max-file": "1"
  },
  "metrics-addr" : "0.0.0.0:9323",
  "experimental" : true
}

---

ToDo

Server

• Configure observability
  • Configure Docker containers observability with Loki/Prometheus/Grafana
  • Configure internal bridges between Prometheus and apps that pushes metrics
    • Fix docker metrics providing
    • Fix immich metrics providing
  • Configure host logs and metrics
    • Install Promtail to push /var/log/* logs to Loki
    • Push Storage/RAM/CPU of host machine to Prometheus
    • Collect ZFS related metrics
• Configure Samba
• Configure reverse-proxy
• Configure HTTPS
• Configure backups
  • Install backrest
  • Configure scheduled local backups
  • Configure rclone to copy local repo to Remote (Cloude/WebDAV/S3)
• Configure Tailscale

Docker Applications

• Immich
• Dockge
• Paperless
• Nextcloud
• homepage
• Portainer
• AriaNg
• metube
• Stirling-PDF
• Jellyfin
• Grist
• n8n
• NoteCalc
• Open Speed Test
• PiHole (for local DNS)

"Bare metal" Applications

• Cockpit
• Kasm