Skip to content
Ansible playbooks for my servers (modulo anything sensitive).
Python Shell PHP Makefile Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin
filter_plugins
group_vars
host_vars
library
roles
user
.gitignore
Makefile
README
TODO
ansible.cfg
bootstrap-do.yml
bootstrap.yml
hosts
site.yml
upgrade.yml

README

My Server Playbooks

These are the Ansible playbooks I use for setting up my servers. I use FreeBSD on them exclusively, so they may be of limited utility to people using other OSs.

See the TODO file for details on what work I have left.

Use

Initial setup of a fresh machine can be done with bootstrap.yml. This ensures that Python and sudo are installed on the target machine and ensures that users in the wheel group don't need to provide a password when using sudo. Run this with:

make bootstrap

Once all hosts have been bootstrapped, you can run the rest of the main playbooks with:

make

This runs all the playbooks listed in site.yml.

The sites themselves are subsequently deployed from the sites repo.

My user configuration sits under the 'user' directory. This sets up the 'keith' user with anything I might want/need to have present on the servers.

Nameserver role

This role just does basic setup needed for both primary and secondary nameservers. The actual heavy lifting is in a seperate repo which contains the zonefiles.

pgsql role

The 'pgsql' user can act as a superuser for creating subsequent users, databases, &c. To list databases, use:

sudo -u pgsql psql --list

To create a user, use:

sudo -u pgsql createuser --interactive <username>

Hetzner

manann used to become uncommunicative when Hetzner would do network maintenance. I found https://forums.freebsd.org/threads/60675/#post-350427, which states:

IIRC these problems are due to buggy/crappy offloading in some (all?) Realtek NICs. Try disabling LRO and TSO on them. I don't think Realtek NICs do checksum-offloading, but you could also try to disable tx/rcsum (it returns an error if the driver/card doesn't support it).

To do this:

ifconfig re0 -tso -lro

I haven't had issues since, and should probably make that a task, but haven't thought of a nice way to do it.

You can’t perform that action at this time.