No description
inventory | ||
playbooks | ||
roles | ||
util | ||
.gitignore | ||
ansible.cfg | ||
LICENSE | ||
Makefile | ||
README.md |
Max
This repository contains Ansible scripts to setup our main home server max
.
The common
role executes some common OS tasks.
The docker
role installs Docker.
The other roles are specifically for the various services we run.
Running services
All services below are running under Docker, except NSD and Borg.
- Reverse proxy using Traefik
- Git server using Forgejo (git.pizzapim.nl)
- Static website using Jekyll (pizzapim.nl)
- File sychronisation using Syncthing
- Microblogging server using Mastodon (social.pizzapim.nl)
- Calendar and contact synchronisation using Radicale (dav.pizzapim.nl)
- KMS server using vlmcsd
- Cloud file storage using Seafile
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
- Cyberchef (https://cyberchef.geokunis2.nl)
- Jitsi Meet (https://meet.jit.si)
- Backups using Borg and Borgmatic
- RSS feed reader using FreshRSS
- Metrics using Prometheus
Possible future services
- matrix
- peertube?
- Pixelfed?
- Prometheus
- Concourse CI?
TODO
- Clear view of what services + which versions we are running. This way, we can track security updates better.
- Host tobb website?
- Move from Ubuntu to Debian
- move Mastodon to pim.kunis.nl
- Podman
- Replace watchtower with Podman features
NSD
ZSK Rollover
Could make automatic key rollovers with cron or some other tool.
Idempotency
Currently I always resign zones. But for idempotency I should probably only do it if the zone has changed or the keys have changed.
Firewall
A little more difficult because of docker networking but probably doable.