- Shell 64.1%
- Jinja 35.9%
| .ansible_cache | ||
| inventories | ||
| logs | ||
| roles | ||
| vault | ||
| .editorconfig | ||
| .gitignore | ||
| ansible.cfg | ||
| bootstrap_ansible_user.yml | ||
| dbservers.yml | ||
| delete_specific_user.yml | ||
| homelab_services.yml | ||
| LICENSE | ||
| package_updates.yml | ||
| README.md | ||
| requirements.yml | ||
| reverse_proxies.yml | ||
| site.yml | ||
| webservers.yml | ||
Ansible Configuration
This Ansible project provides a modular and extensible framework to automate the provisioning, hardening, and management of (primarily Debian) servers.
Overview
The project includes roles and playbooks to:
- Create a dedicated Ansible user
- Configure and secure system access
- Manage users and permissions
- Harden SSH and firewall settings
- Install and update essential packages and software
- Automate system updates, security patches, and service restarts
- Install and configure Podman for container management with rootless best practices
- Configure system-level settings like timezone and hostname
Structure
- Inventories: Environment-specific host and variable definitions
- Roles: Reusable components encapsulating logical configuration units
- Playbooks: Top-level orchestration scripts invoking roles and tasks
- Vault: Secure storage of sensitive credentials and secrets
Dependencies
This project has a requirements.yml file that outlines any extra/third-party modules that are required.
These dependencies can be installed by running the following:
ansible-galaxy collection install -r requirements.yml
Note: installing Ansible via Homebrew installs a lot of extra modules. You can check what modules you already have installed by running the following:
ansible-galaxy collection list
Features
- Environment-aware configuration for staging, production, and more
- Support for encrypted secrets using Ansible Vault
- Automated security hardening including fail2ban and firewall configuration
- User management with enforced password policies
- Package and service management tailored for Debian-based systems
- Automated system updates with service restarts and conditional reboots to keep servers up-to-date and secure
Getting Started
- Define your inventory and environment-specific variables.
- Customize variables and credentials securely using Ansible Vault.
- Run playbooks targeting your infrastructure to apply configurations.
- Extend by adding new roles and playbooks as your environment grows.
Requirements
- Ansible 2.18+
- Note: this might work on older versions of Ansible, but it was developed using Ansible 2.18.
- Debian 13 or newer servers
- Access with sufficient privileges to perform configuration changes
Contributions
If you have any suggestions or fixes for this repository, feel free to open an issue to discuss it further.
License
Copyright (c) 2025 Ryan Hendrickson. Released under the MIT License. See LICENSE for details.
This project is designed to be flexible and easily expandable to accommodate evolving operational needs. Contribution and customization are encouraged to fit specific deployment scenarios. For detailed usage, role descriptions, and examples, consult the documentation and inline comments within the project files.