Skip to content
My provisioning scripts for private servers
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Provisioning scripts

I decided to move from manually configuring my servers to automating the process with ansible. Maybe you find these useful.


  • Install ansible (preferably 2.4.0 or higher)
  • Run ansible-galaxy install --roles-path roles -r roles.yml
  • Run ./


Add your hosts to host.yml. Give each host a hostname (this will be used to modify /etc/hostname on the remote). Optionally, use a nice name for the host and set ansible_ssh_host.

Set some variables you may not want to be publically available in host_vars/<host>. I set the (crypted) root password, user password and my mail address. To generate crypted passwords, check out

Modify file/authorized_keys. Add your own, optionally remove mine.

Global configuration can be done in provision.yml: Default user name, dotfiles source, some log files, ...

Run it

ansible-playbook -i hosts.yml provision.yml for the initial setup steps. This bootstraps python on the remote if not already installed.

ansible-playbook -i hosts.yml update-dotfiles.yml to update dotfiles on all users and /etc/skel after changes have been pushed to master.

ansible-playbook -i hosts.yml services.yml to install all services. Use --tags <tag> to limit what services to install, but note that there are some internal dependencies.

Provided roles


Generates a user, configures zsh and sets authorized_keys.

Required variables:

  • user
  • password
  • mail


  • ugroups: List of groups that the user should be added to


Has two modes:

  • Setup acme-tiny environment (with some apache specific configuration)
  • Request a certificate for a domain (apache vhost must be configured)


  • do_setup: true for setup, false to request certificate
  • domain: set to fqdn if requesting a certificate
  • aliases: optionally, specify aliases to name in certificate


Set up apache2, configured for an arch environment.

Has two modes:

  • setup: Setup apache
  • vhost: Configure vhost


Required variables:

  • host
  • mail


Required variables

  • vhost: Domain prefix
  • host: Domain suffix
  • root_path or root_dir: If root_path is set, use that as DocumentRoot. Otherwise, /srv/http/<root_dir>

Optional variables:

  • aliases: List of full domain aliases. Defaults to []
  • options: Directory options for DocumentRoot. Defaults to None
  • allow_override: AllowOverride setting for DocumentRoot. Defaults to None
  • additional_settings: anything else that should go into the vhost configuration. Defaults to []
  • docroot_addtional_settings: anything else that should go into the Directory setting for the DocumentRoot


Install and configure znc

Required variables:

  • znc_user_pass: Password of the system account (called znc)
  • znc_listeners:
    • Port
    • Optional: ipv4 (Y/n), ipv6 (Y/n), ssl (Y/n)
  • znc_modules: Names of global modules to load. webadmin is always loaded.
  • znc_users:
    • name
    • admin (y/N)
    • altname (= name_)
    • ident (= name)
    • realname (= [REDACTED])
    • modules (= [])
    • settings (= [])
    • networks:
      • name
      • address
      • ssl (y/N)
      • port
      • modules (= [])
      • settings (= [])
  • znc_passwords: map from user to (method,hash,salt) (see
  • znc_settings:
    • Additional settings
  • znc_host: hostname for irc (used in cert)


Install postgres


Install and configure nextcloud

Required variables

  • nextcloud_db_password: A password in hashed format: "md5" + md5(pass+"nextcloud")
  • nc_conf_db_pass: The same password, in cleartext (sorry)
  • nc_admin_user: Admin account user name
  • nc_admin_pass: Admin account password, in cleartext


  • nc_additional_users: List of user/pass (cleartext) combinations
  • nextcloud_purge_install_yes_really: Remove old nc installation, if one exists. THIS WILL WIPE ALL YOUR DATA
You can’t perform that action at this time.