An Ansible role for infrastructure components as Docker containers. Handles tasks for deploying various services relating to self-hosting infrastructure.
| Service | Purpose | Enabled by default |
|---|---|---|
| Pi-Hole | DNS, Ad-block | Yes |
| Graylog | Log management | Yes |
| Uptime-Kuma | Uptime monitoring | Yes |
| Vaultwarden | Password management | Yes |
| Authentik | Identity management | Yes |
| godns | Dynamic DNS | No |
| Wireguard | Remote access VPN | No |
| Unifi | Unifi network management | No |
$ ansible-galaxy install git+https://github.com/netr0m/ansible-role-infra.gitRequires the role netr0m.svc
Available variables are listed in docs/default-variables.md (see defaults/main.yml)
Most of the defaults variables can be used as-is, but there are a few variables that must be set:
For netr0m.svc
# Username of the user owning the files
svc_user_name: 'service_username'
# Group name of the group that should own the files
svc_group_name: 'service_groupname'# If `infra_use_authentik` is true, then
# Secret key used for Authentik cookie signing
infra_authentik_secret_key: "some-long-random-string"
# Database password
infra_authentik_db_password: ""
# If `infra_use_graylog` is true, then
# Secret used to 'pepper' the passwords - make sure to change this BEFORE deploying.
infra_graylog_password_secret: "super-long-random-string-minimum-64-chars"
# Hash of the password used for the root user [run `echo -n yourpassword | shasum -a 256`]
infra_graylog_password_sha2: "sha256-sum-of-your-password"
# Password for Pihole web UI. Autogenerated if not set.
infra_pihole_password: donkeys-gamble-on-broadway55# Enable Wireguard
infra_use_wireguard: true
# Set the external domain name
infra_domain_ext: mydomain.tld
# Peers to create. See https://github.com/linuxserver/docker-wireguard#parameters
infra_wireguard_peers:
- laptop
- desktop
- phone# Optionally enable godns for DDNS (if you have dynamic DNS)
infra_use_godns: true
# DNS provider to use
infra_godns_provider: Cloudflare
# Email address for the DNS provider account
infra_godns_email: ~
# Password/Global API key (cloudflare) for the DNS provider account
infra_godns_password: ~
# Token for the DNS provider account
infra_godns_token: ~
# List of domains and subdomains to update
infra_godns_domains:
- domain_name: "{{ infra_domain_ext }}"
sub_domains:
- "{{ infra_wireguard_container_hostname }}"See netr0m.svc - Recommended configuration changes for recommended changes (automated HTTPS and more).
See ansible-requirements.yml for a list
ansible-galaxy collection install -r ansible-requirements.yml
ansible-galaxy role install -r ansible-requirements.yml---
- name: Example Playbook
hosts: all
become: true
gather facts: true
roles:
- { role: netr0m.infra }
...
This project uses pre-commit.
Currently, there are three hooks:
To run pre-commit manually, run pre-commit run -a
To run pre-commit, you need three things:
- A virtual environment in the parent directory of this repository
$ python3 -m venv ../.venv$ source ../.venv/bin/activate
- The Python dependencies (see requirements.txt)
$ pip install -r requirements.txt
- Pre-commit hooks installed
$ pre-commit install
This project provides a script for generating markdown files representing ansible (YAML) variable definitions.
An example can be seen in docs/default-variables.md, which is generated from the variables defined in defaults/main.yml.
To run the generator, issue the following command. If no parameters are specified, this will generate a markdown file based on the variables in defaults/main.yml, and write it to docs/default-variables.md.
$ python3 generate-vars-md.py
# Display help message
$ python3 generate-vars-md.py --help
# Specify alternative input and output paths
$ python3 generate-vars-md.py --in-file vars/debian.yml --out-file docs/debian-vars.md --title "Debian Variables"This role was created in 2022 by netr0m