My ansible playbooks for setting up servers and services.
- Setup SSH server with dotfiles on the remote host
- Setup server connection in the inventory file
[$GROUP_NAME] $SERVER_NAME ansible_host=$SERVER_IP
- Run the
ansible-setup.ymlplaybook - Run the rest of the playbooks needed
ansible-playbook -l some-host service/.../playbook.yml- Non-Root User
- Use the public key from 1Password
- Use the public key from GitHub
- Setup Firewall
- Setup Docker Engine
-
Keep a link to the documentation at the top of the playbook
-
Only setting
become: truewhen needed -
Only setting
gather_facts: truewhen needed -
Use
docker composeoverdocker -
Create an actual
docker-compose.ymlinstead of inline-create them in playbooks -
Don't use
community.docker.docker_composeat the moment 1 -
Inject network configs to compose file, instead of attaching container with ansible task
vars_prompt: - name: "docker_network" prompt: "Enter the name of the docker network to use" default: "a-default-network-name-goes-here" tasks: ... - name: Add networks block if docker_network is set when: docker_network is defined blockinfile: path: "{{ service_dir }}/docker-compose.yml" block: | networks: default: external: true name: "{{ docker_network }}"
-
Always offer to add DNS entry when applicable
tasks: ... - name: Setup DNS record import_tasks: ../utils/cloudflare-dns.yml
- Don't add the service prefix to compose service name (e.g., use
apporportainerinstead ofportainer_app) - Don't add the service prefix to compose volume name 2
- Always set the
container_namefor each service - Pin image version at a minor level (e.g.,
image:nginx:1.19`) if not specified in the documentation - Do not expose ports if not required to