server_automation

This repo is destined for my server automations and setup.

3.7 KB•YML

connectivity.yml

3.7 KB • 109 lines • yaml

1---
2# ============================================================================
3# Connectivity Server Playbook
4# ============================================================================
5#
6# Deploys WireGuard VPN, Nginx Proxy Manager, Pi-hole + Unbound DNS, and DDNS
7#
8# PREREQUISITES:
9# - Fresh Debian 11+ or Ubuntu 20.04+ installation
10# - SSH access with sudo privileges for ansible_user
11# - Internet connectivity for package downloads
12#
13# ============================================================================
14
15- name: "Connectivity Server Complete Setup"
16  hosts: connectivity_servers
17  become: true
18  gather_facts: true
19
20  pre_tasks:
21    - name: Verify connectivity server requirements
22      assert:
23        that:
24          - ansible_distribution in ["Debian", "Ubuntu"]
25          - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 20)
26        fail_msg: "Requires Debian 11+ or Ubuntu 20.04+"
27        success_msg: "System requirements validated"
28      tags: always
29
30    - name: Display deployment information
31      debug:
32        msg: |
33          Connectivity Server Installation
34          Target: {{ inventory_hostname }} ({{ ansible_default_ipv4.address }})
35          OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
36          Services:
37          - WireGuard VPN: {{ 'Enabled' if connectivity_wireguard_enabled else 'Disabled' }}
38          - Nginx Proxy Manager: {{ 'Enabled' if connectivity_npm_enabled else 'Disabled' }}
39          - DNS Stack (Pi-hole + Unbound): {{ 'Enabled' if connectivity_dns_stack_enabled else 'Disabled' }}
40          - DDNS (ddclient): {{ 'Enabled' if connectivity_ddns_enabled else 'Disabled' }}
41      tags: always
42
43  roles:
44    # 1. SYSTEM SETUP
45    - role: system
46      tags: [system, setup]
47
48    # 2. DOCKER
49    - role: geerlingguy.docker
50      tags: [docker, setup]
51
52    # 3. USER MANAGEMENT
53    - role: user
54      tags: [user, setup]
55
56    # 4. DOCKER FRAMEWORK
57    - role: docker-framework
58      tags: [docker, framework]
59
60    # 5. SECURITY HARDENING
61    - role: geerlingguy.security
62      tags: [security, hardening]
63
64    # 6. CONNECTIVITY SERVICES
65    - role: connectivity
66      tags: [connectivity, services]
67
68    # 7. MONITORING
69    - role: monitoring
70      tags: [monitoring, glances]
71
72  post_tasks:
73    - name: Verify core services
74      systemd:
75        name: "{{ item }}"
76        state: started
77        enabled: true
78      loop:
79        - docker
80        - NetworkManager
81      tags: [verification]
82
83    - name: Check Docker containers
84      command: docker ps --format "table {% raw %}{{.Names}}\t{{.Status}}{% endraw %}"
85      register: docker_status
86      changed_when: false
87      tags: [verification]
88
89    - name: Display deployment summary
90      debug:
91        msg: |
92          Connectivity Server Deployment Complete
93          Host: {{ inventory_hostname }} ({{ ansible_default_ipv4.address }})
94          {% if connectivity_wireguard_enabled %}
95          WireGuard VPN: udp://{{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_port }}
96          WireGuard Web UI: http://{{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_web_port }}
97          {% endif %}
98          {% if connectivity_npm_enabled %}
99          NPM Admin: http://{{ ansible_default_ipv4.address }}:{{ connectivity_npm_admin_port }}
100          {% endif %}
101          {% if connectivity_dns_stack_enabled %}
102          Pi-hole Admin: http://{{ ansible_default_ipv4.address }}:{{ connectivity_pihole_web_port }}/admin
103          DNS Server: {{ ansible_default_ipv4.address }}:{{ connectivity_pihole_dns_port }}
104          {% endif %}
105
106          Docker Containers:
107          {{ docker_status.stdout }}
108      tags: always
109

1--- 2# ============================================================================ 3# Connectivity Server Playbook 4# ============================================================================ 5# 6# Deploys WireGuard VPN, Nginx Proxy Manager, Pi-hole + Unbound DNS, and DDNS 7# 8# PREREQUISITES: 9# - Fresh Debian 11+ or Ubuntu 20.04+ installation 10# - SSH access with sudo privileges for ansible_user 11# - Internet connectivity for package downloads 12# 13# ============================================================================ 14 15- name: "Connectivity Server Complete Setup" 16 hosts: connectivity_servers 17 become: true 18 gather_facts: true 19 20 pre_tasks: 21 - name: Verify connectivity server requirements 22 assert: 23 that: 24 - ansible_distribution in ["Debian", "Ubuntu"] 25 - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 20) 26 fail_msg: "Requires Debian 11+ or Ubuntu 20.04+" 27 success_msg: "System requirements validated" 28 tags: always 29 30 - name: Display deployment information 31 debug: 32 msg: | 33 Connectivity Server Installation 34 Target: {{ inventory_hostname }} ({{ ansible_default_ipv4.address }}) 35 OS: {{ ansible_distribution }} {{ ansible_distribution_version }} 36 Services: 37 - WireGuard VPN: {{ 'Enabled' if connectivity_wireguard_enabled else 'Disabled' }} 38 - Nginx Proxy Manager: {{ 'Enabled' if connectivity_npm_enabled else 'Disabled' }} 39 - DNS Stack (Pi-hole + Unbound): {{ 'Enabled' if connectivity_dns_stack_enabled else 'Disabled' }} 40 - DDNS (ddclient): {{ 'Enabled' if connectivity_ddns_enabled else 'Disabled' }} 41 tags: always 42 43 roles: 44 # 1. SYSTEM SETUP 45 - role: system 46 tags: [system, setup] 47 48 # 2. DOCKER 49 - role: geerlingguy.docker 50 tags: [docker, setup] 51 52 # 3. USER MANAGEMENT 53 - role: user 54 tags: [user, setup] 55 56 # 4. DOCKER FRAMEWORK 57 - role: docker-framework 58 tags: [docker, framework] 59 60 # 5. SECURITY HARDENING 61 - role: geerlingguy.security 62 tags: [security, hardening] 63 64 # 6. CONNECTIVITY SERVICES 65 - role: connectivity 66 tags: [connectivity, services] 67 68 # 7. MONITORING 69 - role: monitoring 70 tags: [monitoring, glances] 71 72 post_tasks: 73 - name: Verify core services 74 systemd: 75 name: "{{ item }}" 76 state: started 77 enabled: true 78 loop: 79 - docker 80 - NetworkManager 81 tags: [verification] 82 83 - name: Check Docker containers 84 command: docker ps --format "table {% raw %}{{.Names}}\t{{.Status}}{% endraw %}" 85 register: docker_status 86 changed_when: false 87 tags: [verification] 88 89 - name: Display deployment summary 90 debug: 91 msg: | 92 Connectivity Server Deployment Complete 93 Host: {{ inventory_hostname }} ({{ ansible_default_ipv4.address }}) 94 {% if connectivity_wireguard_enabled %} 95 WireGuard VPN: udp://{{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_port }} 96 WireGuard Web UI: http://{{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_web_port }} 97 {% endif %} 98 {% if connectivity_npm_enabled %} 99 NPM Admin: http://{{ ansible_default_ipv4.address }}:{{ connectivity_npm_admin_port }} 100 {% endif %} 101 {% if connectivity_dns_stack_enabled %} 102 Pi-hole Admin: http://{{ ansible_default_ipv4.address }}:{{ connectivity_pihole_web_port }}/admin 103 DNS Server: {{ ansible_default_ipv4.address }}:{{ connectivity_pihole_dns_port }} 104 {% endif %} 105 106 Docker Containers: 107 {{ docker_status.stdout }} 108 tags: always 109