Project to manage my services. https://viyurz.fr
Find a file
2024-10-08 09:23:51 +02:00
playbooks [playbooks] update-services.yml: Don't ask to update 2024-07-06 10:50:15 +02:00
projects [podman] Add pasta networking & fix Syncthing 2024-10-08 09:23:51 +02:00
roles Ansible: Migrate to docker_compose_v2 2024-10-07 14:08:50 +02:00
.gitignore Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00
ansible-playbook-selector.sh The Great Ansible Update. 2024-02-17 19:01:04 +01:00
ansible.cfg The Great Ansible Update. 2024-02-17 19:01:04 +01:00
env.yml Added DIUN 2024-09-07 10:16:47 +02:00
fstab [manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00
manage.py [manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00
monitoring.py [monitoring] Update thresholds 2024-09-21 12:27:20 +02:00
monitoring.service Add monitoring.service 2024-10-01 14:46:22 +02:00
nftables.conf.mako [manage.py] Add setNftables() & sudoRun() 2024-10-01 13:44:53 +02:00
psql-create-db-user.sh Add script to create PostgreSQL user/database. 2024-03-30 17:23:15 +01:00
pyenv.yml [podman] Add pasta networking & fix Syncthing 2024-10-08 09:23:51 +02:00
pysecrets.yml.example [python] Add fstab/storagebox 2024-10-07 15:06:44 +02:00
README.md Format README 2024-10-07 15:09:54 +02:00
secrets.yml.example Added DIUN 2024-09-07 10:16:47 +02:00
setup.sh [manage.py] Add borgbackup 2024-10-07 16:57:45 +02:00

vps

This repository contains all the files I use to manage services hosted on viyurz.fr.

Requirements

Ansible

Install Ansible:

sudo apt install -y ansible

SSL certificates

Install Certbot:

sudo apt install -y certbot python3-certbot-dns-ovh python3-certbot-nginx

Request certificates:

# For the NGINX reverse proxy
sudo certbot certonly --nginx -d viyurz.fr,*.viyurz.fr

# For Coturn
bash <(wget -q -O - https://github.com/zerossl/zerossl-bot/raw/master/get-zerosslbot.sh)
sudo zerossl-bot certonly --nginx -m viyurz@viyurz.fr -d turn.viyurz.fr

# For the mailserver
sudo certbot certonly --nginx -d mail.viyurz.fr

Storagebox

Add credential:

/etc/storagebox-cifs-credentials.txt
---
username=MYUSERNAME
password=MYPASSWORD

Copy & edit file fstab.

Secrets

Copy the existing secrets.yml.example to secrets.yml, run ansible-vault encrypt secrets.yml to encrypt the file with a password, and finally edit the newly encrypted file with ansible-vault edit secrets.yml.

If you want to change the vault password run ansible-vault rekey secrets.yml.

Backups

Run the backup-services.yml playbook once to setup the passphrase file.

After that, you can create a root cronjob to run this playbook without requiring interactivity:

0 4 * * * export ANSIBLE_ROLES_PATH=/home/viyurz/vps/roles/; /usr/bin/ansible-playbook /home/viyurz/vps/playbooks/backup-services.yml -e include_secrets=false -e selected_projects=''

Here we leave selected_projects empty to backup all projects.