logo

Ansible Playbooks

The Mint Systemopen in new window collection of Ansible playbooks and roles.

Requirements

Usage

Clone this repository.

git clone https://github.com/Mint-System/Ansible-Playbooks.git

Set this task alias.

alias task=./task

Setup

Navigate to the playbook folder.

cd Ansible-Playbooks

Generate a password file for Ansible vault.

task generate-passwordfile $PASSWORD

Install Ansible and Python dependencies.

task install

Create an inventory and configure a role.

Ansbile Documentation > Build Your Inventoryopen in new window

Docs

Roles

List of all available Ansible roles.

RoleDescription
bigbluebutton-exporterDeploy BigBlueButton exporter container.
bigbluebuttonInstall BigBlueButton with https and greenlight.
birtDeploy BIRT container.
blackbox-exporterDeploy Blackbox exporter container.
bookstackDeploy BookStack container.
cadvisorDeploy cAdvisor Docker container.
cargoSetup Rust toolchain and cargo package manager.
certbotDeploy Let's Encrypt certificates.
cleanCleanup Ansible roles.
commentoDeploy Commento container.
cronSetup cron jobs.
debugDebug Ansible variables.
docker-composeDeploy Docker Compose project.
docker-networkConfigure Docker network.
docker-swarmConfigure Docker Swarm.
docker-volumeConfigure Docker volume.
dockerInstall Docker for Ubuntu and CentOS.
dribdatDeploy dribdat container.
elasticsearchDeploy Elasticsearch Docker cluster.
fail2banInstall and configure fail2ban.
fathomDeploy Fathom container.
fstabConfigure the fstab file.
giteaDeploy Gitea container.
grafanaDeploy Grafana Docker container.
htpasswdConfigure .htpasswd basic auth file.
iamConfigures users and groups.
innernet-clientSetup WireGuard based internal network.
innernet-serverSetup WireGuard based internal network.
keycloak-clientConfigure Keycloak client.
keycloakDeploy Keycloak Docker container.
kibanaDeploy Kibana Docker container.
localeSet system locale.
logstashDeploy Logstash Docker container.
lokiDeploy Loki container.
mailhogDeploy MailHog Docker container.
maintenanceMaintain operating system and disk space.
mariadbDeploy MariaDB database container.
metricbeatDeploy Metricbeat Docker container.
moodleDeploy Moodle container.
mysqlDeploy MySQL database container.
nextcloud-appsInstall, update and remove Nextcloud apps.
nextcloud-exporterDeploy Nextcloud exporter container.
nextcloudDeploy Nextcloud container.
nginx-wafDeploy Nginx with ModSecurity and Core Rule Set.
nginxDeploy Nginx proxy with Certbot.
node-exporterDeploy Node exporter container and install custom metric script.
odoo-appsInstall Odoo apps from file, url, public or private GitHub repo.
odoo-dataGenerate Odoo data modules.
odoo-databasesConfigure Odoo databases.
odoo-enterpriseCheckout the Odoo Enterprise git repository.
odoo-patchesApply custom Odoo patches.
odoo-scriptsInstall Odoo scripts.
odooDeploy Odoo container.
onlyoffice-documentserverDeploy OnlyOffice Document Server container.
openldapDeploy OpenLDAP Docker container.
packageSet env vars and install packages.
pgadminInstall pgAdmin container.
postfixDeploy Postfix relay host.
postgres-exporterDeploy PostgreSQL exporter container.
postgresDeploy PostgreSQL database container.
prometheusDeploy Prometheus Docker container.
promtailDeploy Promtail container.
rcloneSync files with RClone.
redisDeploy RabbitMQ container.
redisDeploy Redis container.
remark42Deploy Remark42 container.
resolvManage resolv configuration.
restic-clientConfigure Restic client backup jobs.
restic-serverDeploy Restic server container.
s3cmdInstall and configure s3cmd.
simple-mail-forwarderDeploy Simple Mail Forwarder container container.
systemdSetup systemd service.
ufwConfigure UFW rules.
updateInstall system and package updates.
vercelManage vercel domain and dns entries.
wordpressDeploy WordPress container.

Work in progress:

RoleDescription
collabora-codeDeploy Collabora Code container.
coturnDeploy Coturn container.
synapseDeploy Matrix Synapse container.

Commands

List hosts in inventory.
task list-hosts inventories/setup

Load virtualenv.
source task source

Test connection.
ansible all -m ping -i inventories/odoo

Deploy multiple inventories.
ansible-playbook -i inventories/setup -i inventories/odoo -i inventories/proxy play-odoo.yml

Deploy Odoo stack.
ansible-playbook -i inventories/odoo play-odoo.yml

Deploy role only.
ansible-playbook -i inventories/odoo play-odoo.yml -t postgres

Deploy without dependencies.
ansible-playbook -i inventories/odoo play-odoo.yml --skip-tags depends

Deploy role to specific host.
ansible-playbook -i inventories/odoo play-odoo.yml -t docker -l host.example.com

Deploy role to specific group with non-default user.
ansible-playbook -i inventories/odoo play-odoo.yml -t docker -l europe -u username

Clean Odoo stack.
ansible-playbook -i inventories/odoo play-clean.yml -t odoo,odoo-volume,odoo-data,postgres,postgres-volume

Clean role only.
ansible-playbook -i inventories/odoo play-clean.yml -t docker-network

Clean dry run.
ansible-playbook -i inventories/odoo play-odoo.yml -t odoo --check

Install odoo-scripts and odoo-apps locally.
ansible-playbook -i inventories/odoo play-localhost.yml --skip-tags depends

List all Odoo databses.
ansible all -i inventories/odoo -a "docker-postgres-list -c {{ postgres_hostname }}"

Quality

Lint the project using Ansible lint.

task lint

Configuration

Whenever possible use env variables to configure the container.

Env Config

env:
  POSTGRES_USER: "{{ postgres_user }}"
  POSTGRES_PASSWORD: "{{ postgres_password }}"
  POSTGRES_DB: "{{ postgres_db }}"

Data

To persist data use Docker volumes.

Volume Mount

Mount the folder without subfolder.

volumes:
  - "{{ postgres_volume_name }}:/var/lib/postgresql/data"

For Ansible config files use file mounts.

Bind Mount

volumes:
  - "{{ nginx_data_dir }}/:/etc/nginx/conf.d/:ro"

Guidelines

Every role folder must contain a README.md file.

Mark fix-me-comments with # FIXME: <your text>.

Naming

Template for role vars:

# Basics:
# Url to Docker repsitory
ROLENAME_image: URL
ROLENAME_hostname: SHORTNAME + COUNTER
ROLENAME_port:
ROLENAME_volume_name: SHORTNAME_data + COUNTER
ROLENAME_data_dir: /usr/share/SHORTNAME + COUNTER
# Database connection:
ROLENAME_db_type: mysql
ROLENAME_db_user:
ROLENAME_db_password: "{{ vault_ROLENAME_db_password }}"
ROLENAME_db_hostname:
ROLENAME_db_name:
# Credentials user:
ROLENAME_user:
ROLENAME_password: "{{ vault_ROLENAME_password }}"
# Credentials admin:
ROLENAME_admin_user:
ROLENAME_admin_password: "{{ vault_ROLENAME_admin_password }}"
# Named database connection:
ROLENAME_postgres_hostname:
ROLENAME_postgres_user:
ROLENAME_postgres_password: "{{ vault_ROLENAME_postgres_password }}"
# SMTP
ROLENAME_smtp_hostname:
ROLENAME_smtp_auth:
ROLENAME_smtp_secure:
ROLENAME_smtp_port:
ROLENAME_smtp_domain:
ROLENAME_smtp_from:
ROLENAME_smtp_username:
ROLENAME_smtp_password:

Role names must be lower case and may contain a -.

Role and Tags

Roles can have multiple tags.

example one tag

To define a Postgres role, you would:

  • Create role postges
  • Assign the tag postgres
  • Create a task file postgres.yml

example multiple tags

To define a Nginx role with a config tag, you would:

  • Create role nginx
  • Assign the tags nginx and nginx-config
  • Create the task files nginx.yml and nginx-config.yml

In the main.yml you would include the tasks as followed:

- name: "Include {{ role_name }} config tasks"
  include_tasks: "{{ role_name }}-config.yml"
  when: nginx_data_dir is defined
  tags:
    - nginx
    - nginx-config

- name: "Include {{ role_name }} tasks"
  include_tasks: "{{ role_name }}.yml"
  when: nginx_image is defined
  tags:
    - nginx