- spin up machine
- add the ansible SSH key to the machine
- add machine to hosts
ansible-playbook site.yml
| role | function | deployed under |
|---|---|---|
| baseline | basic config | |
| bitwarden | password manager | vault |
| caddy | reverse proxy | |
| docker | containerization (may install podman) | |
| duo | 2FA SSH | |
| firewalld | firewall configuration | |
| letsencrypt | certificates | |
| nginx | reverse proxy | |
| plex | media server | plex |
| proxmox | configures proxmox after install | |
| step-ca | ACME server | ca |
| group | meaning |
|---|---|
| bastion | something public facing. Gets fail2ban installed |
| homeServer | gets telegraf installed and pointed to influx |
| var | reason | required by |
|---|---|---|
| domain | url, duh | revprxy, step-ca |
| dns_digitalocean_token | DNS validation for wildcard certs | letsencrypt |
| for DNS validation | letsencrypt | |
| duo | duo 2fa | duo |
| fail2ban_destemail | where fail2ban emails go | baseline |
| influxdb_urls | where to send metrics | baseline |
| telegraf | metrics configuration | baseline |