inventory | ||
playbooks | ||
roles | ||
ansible.cfg | ||
LICENSE | ||
Makefile | ||
README.md |
Homeservers
This repository contains Ansible scripts to setup our home servers.
The common
role executes some common OS tasks.
The docker
role installs Docker.
The other roles are specifically for the various services we run.
Running services
All services below are running under Docker, except NSD because I couldn't figure out how to enable IPv6 for it.
- Authoritative DNS using NSD (ns.pizzapim.nl)
- Reverse proxy using Traefik
- Git server using Forgejo (git.pizzapim.nl)
- Static website using Hugo (pizzapim.nl)
- File sychronisation using Syncthing
- Microblogging server using Mastodon (social.pizzapim.nl)
- Calendar and contact synchronisation using Radicale (dav.pizzapim.nl)
- KMS server using vlmcsd
Possible future services
- matrix
- peertube?
- jitsi
TODO
NSD
ZSK Rollover
Could make automatic key rollovers with cron or some other tool.
Idempotency
Currently I always resign zones. But for idempotency I should probably only do it if the zone has changed or the keys have changed.
Borg Backup
Ideal situation is to backup all of (and only) /data. Issue with Mastodon: the cache is saved at /data as well. Should put this in a location that is not backed up.
After investigating, borg backup with borgmatic is excellent. Instead of cron, I will use systemd timers to schedule borgmatic. https://dev.to/bowmanjd/schedule-jobs-with-systemd-timers-a-cron-alternative-15l8
Firewall
A little more difficult because of docker networking but probably doable.