{"id":13510381,"url":"https://github.com/reefactor/org.backbone","last_synced_at":"2025-03-30T15:31:21.513Z","repository":{"id":146904182,"uuid":"174177374","full_name":"reefactor/org.backbone","owner":"reefactor","description":"Ansible playbooks to build your team's encrypted private cloud, messenger, VPN with blackjack and GitLab","archived":false,"fork":false,"pushed_at":"2021-06-17T13:00:41.000Z","size":1031,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-01T10:35:19.585Z","etag":null,"topics":["ansible","ansible-playbook","devops","gitlab-ci","immutable-infrastructure","infrastructure-as-code","openvpn-client","openvpn-server","ssh-key","vagrant","vpn"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reefactor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-03-06T16:08:39.000Z","updated_at":"2021-12-17T20:47:40.000Z","dependencies_parsed_at":"2024-01-13T19:26:40.201Z","dependency_job_id":"aa2d67f0-b309-45ce-afa6-2ead2c220e52","html_url":"https://github.com/reefactor/org.backbone","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reefactor%2Forg.backbone","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reefactor%2Forg.backbone/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reefactor%2Forg.backbone/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reefactor%2Forg.backbone/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reefactor","download_url":"https://codeload.github.com/reefactor/org.backbone/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246338947,"owners_count":20761461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-playbook","devops","gitlab-ci","immutable-infrastructure","infrastructure-as-code","openvpn-client","openvpn-server","ssh-key","vagrant","vpn"],"created_at":"2024-08-01T02:01:36.679Z","updated_at":"2025-03-30T15:31:16.505Z","avatar_url":"https://github.com/reefactor.png","language":"Jinja","readme":"# org.backbone\n\nCollection of [ansible](https://www.ansible.com/) playbooks for most popular IT infastructure tools\nready for [deploy and maintainance](https://en.wikipedia.org/wiki/Infrastructure_as_code).\n\nBootstrap from zero to playground in 30 minutes with automated [vagrant tests](tests).\n\nBuild your own team IT infrastructure with ~blackjack~ encrypted private cloud, messenger, VPN and GitLab.\n\n\n### Features\n\n##### Collaboration\n\n* Encrypted file storage, sharing, mobile app, messenger powered by [nextcloud](https://nextcloud.com/)\n* [GitLab CE](tests/test_deploy_gitlab.sh) on docker based on [sameersbn's pack](https://github.com/sameersbn/docker-gitlab)\n* Continuous integration with [gitlab-runner](roles/gitlab-runner/tasks/main.yml)\n\n##### Infrastructure\n\n* Software distribution server [storage and docker registry](roles/distribution_hub) based on [Nexus Repository Manager 3](https://github.com/sonatype/docker-nexus3)\nbehind [nginx for SSL termination](roles/nginx)\n* Media [server](playbooks/openmediavault.yml) from [openmediavault.org](https://www.openmediavault.org)\n* [Infrastructure monitoring \u0026 alerting](tests/test_deploy_monitoring.sh) with [Grafana + Prometheus](roles/monitoring_hub/files/dockprom)\nbased on [dockprom](https://github.com/stefanprodan/dockprom)\n* [Infrastructure monitoring \u0026 alerting](tests/test_deploy_monitoring.sh) with [collectd](roles/collectd_beacon) and [Graphite + Grafana + Zabbix + nginx/certbot with SSL cert autorenewal](roles/monitoring_hub/files/monitoring_hub)\n* BIND DNS server bundled with the Webmin UI based on [sameersbn's docker-bind](https://github.com/sameersbn/docker-bind)\n\n###### Privacy\n* [OpenVPN](tests/test_deploy_openvpn.sh) and [keys management](environments/test/group_vars/openvpn.yml) based on [Stouts.openvpn ansible role](https://github.com/Stouts/Stouts.openvpn/)\n\n###### Security\n* [SSH users ACL and management](tests/test_deploy_users.sh) with public ssh keys and common sudoer user\n\n.. and more in the [roadmap](#roadmap)\n\n\n### Prerequisites\n\n* Python to run ansible playbooks\n* Vagrant with Virtualbox is optional for automated testing sandbox\n```bash\napt install python3-pip\npip3 install -r requirements.txt\nansible-galaxy install -r requirements.yml\ncurl -O https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb\ndpkg -i vagrant_2.2.9_x86_64.deb\napt install virtualbox\n```\n\n### HOW-TO\n\n#### VPN\n```bash\nansible-playbook playbooks/openvpn-server.yml\n```\n\n##### Add user key to VPN\n\nSee example test [test_deploy_openvpn.sh](tests/test_deploy_openvpn.sh)\n\n1. Add `username` entry into list of **openvpn_clients_active** in [environments/test/group_vars/openvpn](environments/test/group_vars/openvpn.yml).\nClient may reserve static VPN IP or dynamic otherwise.\n\n\n2. Generate OpenVPN server keys for client:\n```bash\nansible-playbook -i environments/test/inventory playbooks/openvpn-server.yml\n```\nVPN keys are now downloaded to local dir `./.vpnkeys/test`.\n\nEncrypt zip with strong key and send username.7z and the password via separate channels.\n```bash\nls -l ./.vpnkeys/test/\n7za a -p${ATLEAST16SYMBOLS_PASSWORD} -mhe=on vpnkeys/username.7z vpnkeys/username.zip\n```\n\n3. Deploy client keys (add host to VPN network)\n\nAdd target host VM to **openvpn_clients_group**, tag it with `openvpn_client_name=username` variable and run playbook:\n```bash\nansible-playbook -i environments/test/inventory playbooks/openvpn-client.yml\n```\n\n##### Revoke VPN key\n1. Add client's name into `openvpn_clients_revoke` blacklist of [environments/test/inventory](environments/test/inventory)\n2. Update OpenVPN server:\n```bash\nansible-playbook -i environments/test/inventory playbooks/openvpn-server.yml --limit openvpn-server\n```\n\n\n##### Add ssh user\n\n* put user's public ssh key into `roles/users/files` (or download via `roles/users/files/update_pub_keys.sh`)\n* add pub key file to `Add users` list of `roles/users/tasks/main.yml`\n* add to `authorized_key` lists of `roles/users/tasks/main.yml`\n* update environment:\n```bash\nansible-playbook playbooks/users.yml\n```\n\n##### Remove ssh user\n\n* delete user's public ssh key file from `roles/users/files`\n* add to blacklist `Delete users` of `roles/users/tasks/main.yml`\n* remove from `authorized_key` list\n* update environment:\n```bash\nansible-playbook playbooks/users.yml\n```\n\n\n#### Monitoring\n\n1. Deploy example in vagrant vbox with [tests/test_deploy_monitoring.sh](tests/test_deploy_monitoring.sh)\n\n2. Open Grafana UI in [http://192.168.10.101:3000](http://192.168.10.101:3000/) with login *admin* and password *admin* configured in [docker-compose.yml](roles/monitoring_hub/files/dockprom/docker-compose.yml)\n\n\n#### DNS\n\n```bash\nansible-playbook -i environments/test/inventory playbooks/dns.yml -l dns\n```\n\n1. Deploy example in vagrant vbox with [test_deploy_dns.sh](tests/test_deploy_dns.sh)\n\n2. Open Webmin UI in [https://192.168.10.101:10000](https://192.168.10.101:10000/) with *root* password *secretpassword* configured in [docker-compose.yml](roles/dns/files/docker-compose.yml)\n\n\n### Roadmap\n\n* Provisioning with Terraform in addition to Vagrant\n* Errors tracking with [Sentry](https://sentry.io/) \n\n\n#### Tools\n\n##### TCP tunnel with docker and socat\n\nUse cases:\n* Expose port from docker internal network via additional docker container with [sockat](https://wiki.ipfire.org/addons/socat) tunnel.\n* tcp port forwarding from local to remote host\n\n0.0.0.0:$HOSTPORT -\u003e $TARGET_HOST:$TARGET_PORT (via socat on port 12345 in docker container named socat-tunnel)\n\n* trivial command-line: [docat-tunnel/docker-run-socat.sh](./socat-tunnel/docker-run-socat.sh)\n* convinient compose config: [socat-tunnel/docker-compose.yml](./socat-tunnel/docker-run-socat.sh)\n","funding_links":[],"categories":["Jinja","ansible"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freefactor%2Forg.backbone","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freefactor%2Forg.backbone","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freefactor%2Forg.backbone/lists"}