- spin up machine
- add the ansible SSH key to the machine
- add machine to hosts
ansible-playbook site.yml
role | function | deployed under |
---|---|---|
baseline | basic config | |
bitwarden | password manager | vault |
caddy | reverse proxy | |
docker | containerization (may install podman) | |
duo | 2FA SSH | |
firewalld | firewall configuration | |
letsencrypt | certificates | |
nginx | reverse proxy | |
plex | media server | plex |
proxmox | configures proxmox after install | |
step-ca | ACME server | ca |
group | meaning |
---|---|
bastion | something public facing. Gets fail2ban installed |
homeServer | gets telegraf installed and pointed to influx |
var | reason | required by |
---|---|---|
domain | url, duh | revprxy, step-ca |
dns_digitalocean_token | DNS validation for wildcard certs | letsencrypt |
for DNS validation | letsencrypt | |
duo | duo 2fa | duo |
fail2ban_destemail | where fail2ban emails go | baseline |
influxdb_urls | where to send metrics | baseline |
telegraf | metrics configuration | baseline |