# Ansible scripts for our private Intel NUC servers

## TODO

### nsd

https://github.com/The-Kube-Way/nsd
Maybe put zone files in a data directory.
KSK in ansible vault.
Then in ansible role:
- Generate ZSK if needed
- Sign role if needed
- ZSK key roll over

### reverse proxy + certbot

nginx? HA-proxy? Traefik?
Enable reverse proxy rules if service is enabled.
Should probably start creating a seperate cert for each subdomain.

### Git server

GitLab? Gitea?

### Firewall

Seems to be a little annoying with all the docker stuff

### Mastodon

Fix cache filling up so much space: cronjob to remove them?