Base Service Configuration

This Repository will be handle the base configuration of Public Services, like Minecraft Server or Personal S3 Storage, a try dont get any Snowflake Server. Mostly hosted at, and created with Terraform.


  • harder sshd
    • configure fail2ban
  • install restic
  • base logrotate configuration
  • install python3
  • configure system ntp for time handling
  • configure docker (optional)
  • Security Scans
    • execute open-scap-scan
    • root kit analyse with rkhunter
    • configure aide (planed)

Supported Distributions

Distribution Molecule tested Packer Vagrant Boxed Description
Ubuntu 20.04
Alpine (planed)

Prepare Python Env

virtualenv -p python3 ~/venvs/develop-ansible_role-vagrant
source ~/venvs/develop-ansible_role-vagrant/bin/activate
pip install -r requirements.txt
pre-commit install
ansible-galaxy install -r requirements.yml

Start SSH Agent

pass private/keyfiles/ssh/ansible_rollout/passphrase -c
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/ansible_id_ed25519


playbook ansible_group description
master-configure-system.yml master playbook for combine the base and docker playbook.
playbook-base-configureation.yml all Configure the base system.
playbook-docker-configureation.yml dockerbased Prepare the System for docker Usage
export ANSIBLE_INVENTORY=$(pwd)/prod
export HCLOUD_TOKEN=$(pass .../token)

ansible-playbook master-configure-system.yml


For Locally automatical testing we use a Combination of Molecule and Vagrant

virtualenv -p python3 ~/venvs/ansible-vagrant/
source ~/venvs/ansible-vagrant/bin/activate
pip install -r requirements.txt
pre-commit install


running the tests:

molecule test

Infrastructure Tests

pytest --connection=ansible --hosts=all test/*

Reusing and Sharing

For reusing and sharing you can create own vagrant box with the Packer /packer.

Must be executed from the develop branch.

pre-commit uninstall \
    && bump2version --tag release --commit \
    && git checkout master && git merge develop && git checkout develop \
    && bump2version --no-tag patch --commit \
    && git push origin master --tags \
    && git push origin develop \
    && pre-commit install

Setup Local Env

asdf plugin-add packer
asdf plugin-add terraform
asdf plugin-add python
asdf plugin-test act --asdf-tool-version latest
python -m venv env
source env/bin/activate
pip install -r requirements.txt