Project to manage my services.
https://viyurz.fr
playbooks | ||
projects | ||
roles | ||
.gitignore | ||
ansible-playbook-selector.sh | ||
ansible.cfg | ||
env.yml | ||
fstab | ||
manage.py | ||
monitoring.py | ||
monitoring.service | ||
nftables.conf.mako | ||
psql-create-db-user.sh | ||
pyenv.yml | ||
pysecrets.yml.example | ||
README.md | ||
secrets.yml.example | ||
setup.sh |
vps
This repository contains all the files I use to manage services hosted on viyurz.fr.
Requirements
Ansible
Install Ansible:
sudo apt install -y ansible
SSL certificates
Install Certbot:
sudo apt install -y certbot python3-certbot-dns-ovh python3-certbot-nginx
Request certificates:
# For the NGINX reverse proxy
sudo certbot certonly --nginx -d viyurz.fr,*.viyurz.fr
# For Coturn
bash <(wget -q -O - https://github.com/zerossl/zerossl-bot/raw/master/get-zerosslbot.sh)
sudo zerossl-bot certonly --nginx -m viyurz@viyurz.fr -d turn.viyurz.fr
# For the mailserver
sudo certbot certonly --nginx -d mail.viyurz.fr
Storagebox
Add credential:
/etc/storagebox-cifs-credentials.txt
---
username=MYUSERNAME
password=MYPASSWORD
Copy & edit file fstab
.
Secrets
Copy the existing secrets.yml.example
to secrets.yml
, run ansible-vault encrypt secrets.yml
to encrypt the file with a password, and finally edit the newly encrypted file with ansible-vault edit secrets.yml
.
If you want to change the vault password run ansible-vault rekey secrets.yml
.
Backups
Run the backup-services.yml
playbook once to setup the passphrase file.
After that, you can create a root cronjob to run this playbook without requiring interactivity:
0 4 * * * export ANSIBLE_ROLES_PATH=/home/viyurz/vps/roles/; /usr/bin/ansible-playbook /home/viyurz/vps/playbooks/backup-services.yml -e include_secrets=false -e selected_projects=''
Here we leave selected_projects
empty to backup all projects.