This Ansible playbook sets up an Nginx reverse proxy server at the specified host. The reverse proxy server acts as an entry point into a Tailscale network and proxies web traffic to a specified Tailnet host/port. These configurations are intended for use with an OpenBSD host server.
- OpenBSD server running at specified host name
- Password-authenticated root user accessible on SSH port 22
- If running on macOS: install
passlib
andbcrypt==3.2.2
via pip
bootstrap
: Run once on first-time setup for SSH user/port and firewall configsmain
: Set up host system and reverse proxy (can be run multiple times)
Edit secrets using ansible-vault edit group_vars/vault.yml
. The host is set
up under the vault
group and inherits these variables.