Skip to content
/ infra Public
forked from notthebee/infra

IaC for my Linux/Unix machines

Notifications You must be signed in to change notification settings

pankyada/infra

Repository files navigation

notthebee/infra

An Ansible playbook that sets up an Ubuntu-based home media server/NAS with reasonable security, auto-updates, e-mail notifications for S.M.A.R.T. and Snapraid errors and dynamic DNS.

It assumes a fresh Ubuntu Server 20.04 install, access to a non-root user with sudo privileges and a public SSH key. This can be configured during the installation process.

The playbook is mostly being developed for personal use, so stuff is going to be constantly changing and breaking. Use at your own risk and don't expect any help in setting it up on your machine.

Special thanks

  • David Stephens for his Ansible NAS project. This is where I got the idea and "borrowed" a lot of concepts and implementations from.
  • Jeff Geerling for his book, Ansible for DevOps and his Ansible 101 series on YouTube.
  • Jonathan Hanson for his SSH port juggling implementation.
  • Alex Kretzschmar and Chris Fisher from Self Hosted Show for introducing me to the idea of Infrastracture as Code
  • TylerAlterio for the mergerfs role
  • Jake Howard and Alex Kretzschmar for the snapraid role

Services included:

Media

  • Plex (A media server)
  • Radarr (A movie tracker/downloader)
  • Jackett (A torrent/NZB indexer)
  • Sonarr (A TV show tracker/downloader)
  • Arch-DelugeVPN (An Arch Linux container running Deluge and an Wireguard/OpenVPN client with a kill switch)

Services

  • Homer (A static home page)
  • Nextcloud (A self-hosted cloud platform)
  • MariaDB (A database server for Nextcloud)
  • Vaultwarden (A FOSS Bitwarden fork written in Rust)
  • Wireguard (A VPN server)
  • IKEv2 (An IKEv2 VPN server for Apple devices)

Misc

  • Watchtower (An automated updater for Docker images)
  • DuckDNS (A dynamic DNS client for DuckDNS)
  • SWAG (A reverse proxy with built-in support for dynamic DNS, Certbot and fail2ban)

Home Automation

Other features:

  • MergerFS with Snapraid
  • Samba
  • Netatalk (AFP) for Time Machine

Usage

Install Ansible (macOS):

brew install ansible

Clone the repository:

git clone https://github.com/notthebee/infra

Copy the sample inventory and adjust the variables in vars.yml:

cd infra/ansible
cp -r group_vars/sample group_vars/YOUR_HOSTNAME
vi group_vars/YOUR_HOSTNAME/vars.yml

Create a Keychain item for your Ansible Vault password (on macOS):

security add-generic-password \
               -a YOUR_USERNAME \
               -s ansible-vault-password \
               -w

The pass.sh script will extract the Ansible Vault password from your Keychain automatically each time Ansible requests it.

Encrypt the secret.yml file and adjust the variables:

ansible-vault encrypt group_vars/YOUR_HOSTNAME/secret.yml
ansible-vault edit group_vars/YOUR_HOSTNAME/secret.yml

Add your custom inventory file to hosts:

cp hosts_example hosts
vi hosts

Install the dependencies:

ansible-galaxy install -r requirements.yml

Finally, run the playbook:

ansible-playbook run.yml -l your-host-here -K

The "-K" parameter is only necessary for the first run, since the playbook configures passwordless sudo for the main login user

For consecutive runs, if you only want to update the Docker containers, you can run the playbook like this:

ansible-playbook run.yml --tags="port,containers"

About

IaC for my Linux/Unix machines

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Jinja 64.3%
  • Shell 31.6%
  • CSS 4.1%