Collection of ansible playbooks for most popular IT infastructure tools ready for deploy and maintainance.
Bootstrap from zero to playground in 30 minutes with automated vagrant tests.
Build your own team IT infrastructure with blackjack encrypted private cloud, messenger, VPN and GitLab.
- Encrypted file storage, sharing, mobile app, messenger powered by nextcloud
- GitLab CE on docker based on sameersbn's pack
- Continuous integration with gitlab-runner
- Software distribution server storage and docker registry based on Nexus Repository Manager 3 behind nginx for SSL termination
- Media server from openmediavault.org
- Infrastructure monitoring & alerting with Grafana + Prometheus based on dockprom
- Infrastructure monitoring & alerting with collectd and Graphite + Grafana + Zabbix + nginx/certbot with SSL cert autorenewal
- BIND DNS server bundled with the Webmin UI based on sameersbn's docker-bind
- OpenVPN and keys management based on Stouts.openvpn ansible role
- SSH users ACL and management with public ssh keys and common sudoer user
.. and more in the roadmap
- Python to run ansible playbooks
- Vagrant with Virtualbox is optional for automated testing sandbox
apt install python3-pip
pip3 install -r requirements.txt
ansible-galaxy install -r requirements.yml
curl -O https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
dpkg -i vagrant_2.2.9_x86_64.deb
apt install virtualboxansible-playbook playbooks/openvpn-server.ymlSee example test test_deploy_openvpn.sh
-
Add
usernameentry into list of openvpn_clients_active in environments/test/group_vars/openvpn. Client may reserve static VPN IP or dynamic otherwise. -
Generate OpenVPN server keys for client:
ansible-playbook -i environments/test/inventory playbooks/openvpn-server.ymlVPN keys are now downloaded to local dir ./.vpnkeys/test.
Encrypt zip with strong key and send username.7z and the password via separate channels.
ls -l ./.vpnkeys/test/
7za a -p${ATLEAST16SYMBOLS_PASSWORD} -mhe=on vpnkeys/username.7z vpnkeys/username.zip- Deploy client keys (add host to VPN network)
Add target host VM to openvpn_clients_group, tag it with openvpn_client_name=username variable and run playbook:
ansible-playbook -i environments/test/inventory playbooks/openvpn-client.yml- Add client's name into
openvpn_clients_revokeblacklist of environments/test/inventory - Update OpenVPN server:
ansible-playbook -i environments/test/inventory playbooks/openvpn-server.yml --limit openvpn-server- put user's public ssh key into
roles/users/files(or download viaroles/users/files/update_pub_keys.sh) - add pub key file to
Add userslist ofroles/users/tasks/main.yml - add to
authorized_keylists ofroles/users/tasks/main.yml - update environment:
ansible-playbook playbooks/users.yml- delete user's public ssh key file from
roles/users/files - add to blacklist
Delete usersofroles/users/tasks/main.yml - remove from
authorized_keylist - update environment:
ansible-playbook playbooks/users.yml-
Deploy example in vagrant vbox with tests/test_deploy_monitoring.sh
-
Open Grafana UI in http://192.168.10.101:3000 with login admin and password admin configured in docker-compose.yml
ansible-playbook -i environments/test/inventory playbooks/dns.yml -l dns-
Deploy example in vagrant vbox with test_deploy_dns.sh
-
Open Webmin UI in https://192.168.10.101:10000 with root password secretpassword configured in docker-compose.yml
- Provisioning with Terraform in addition to Vagrant
- Errors tracking with Sentry
Use cases:
- Expose port from docker internal network via additional docker container with sockat tunnel.
- tcp port forwarding from local to remote host
0.0.0.0:$HOSTPORT -> $TARGET_HOST:$TARGET_PORT (via socat on port 12345 in docker container named socat-tunnel)
- trivial command-line: docat-tunnel/docker-run-socat.sh
- convinient compose config: socat-tunnel/docker-compose.yml