My ansible playbooks for setting up servers and services.
- Setup SSH server with dotfiles on the remote host
- Setup server connection in the inventory file
[$GROUP_NAME] $SERVER_NAME ansible_host=$SERVER_IP
- Run the
ansible-setup.yml
playbook - Run the rest of the playbooks needed
ansible-playbook -l some-host service/.../playbook.yml
- Non-Root User
- Use the public key from 1Password
- Use the public key from GitHub
- Setup Firewall
- Setup Docker Engine
-
Keep a link to the documentation at the top of the playbook
-
Only setting
become: true
when needed -
Only setting
gather_facts: true
when needed -
Use
docker compose
overdocker
-
Create an actual
docker-compose.yml
instead of inline-create them in playbooks -
Don't use
community.docker.docker_compose
at the moment 1 -
Inject network configs to compose file, instead of attaching container with ansible task
vars_prompt: - name: "docker_network" prompt: "Enter the name of the docker network to use" default: "a-default-network-name-goes-here" tasks: ... - name: Add networks block if docker_network is set when: docker_network is defined blockinfile: path: "{{ service_dir }}/docker-compose.yml" block: | networks: default: external: true name: "{{ docker_network }}"
-
Always offer to add DNS entry when applicable
tasks: ... - name: Setup DNS record import_tasks: ../utils/cloudflare-dns.yml
- Don't add the service prefix to compose service name (e.g., use
app
orportainer
instead ofportainer_app
) - Don't add the service prefix to compose volume name 2
- Always set the
container_name
for each service - Pin image version at a minor level (e.g.,
image:
nginx:1.19`) if not specified in the documentation - Do not expose ports if not required to