{"id":21158271,"url":"https://github.com/simbo/srvkist","last_synced_at":"2025-03-14T15:27:12.152Z","repository":{"id":141796022,"uuid":"103207136","full_name":"simbo/srvkist","owner":"simbo","description":"Ansible scripts for bootstrapping, securing and managing an ubuntu server.","archived":false,"fork":false,"pushed_at":"2018-07-25T00:12:08.000Z","size":33,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-21T09:09:17.468Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simbo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-12T01:35:28.000Z","updated_at":"2024-04-27T22:57:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"b20475e0-5a61-4a8b-82bf-534136cfb355","html_url":"https://github.com/simbo/srvkist","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simbo%2Fsrvkist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simbo%2Fsrvkist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simbo%2Fsrvkist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simbo%2Fsrvkist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simbo","download_url":"https://codeload.github.com/simbo/srvkist/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243599808,"owners_count":20317166,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T12:19:27.243Z","updated_at":"2025-03-14T15:27:12.127Z","avatar_url":"https://github.com/simbo.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"srvkist\n=======\n\n  \u003e Ansible scripts for bootstrapping, securing and managing an ubuntu server.\n\n---\n\n\u003c!-- TOC --\u003e\n\n- [Requirements](#requirements)\n- [Preparations](#preparations)\n  - [First Run](#first-run)\n- [Usage](#usage)\n  - [Playbook `setup.yml`](#playbook-setupyml)\n    - [Tag `bootstrap`](#tag-bootstrap)\n    - [Tag `acme-sh`](#tag-acme-sh)\n    - [Tag `nginx`](#tag-nginx)\n    - [Tag `nginxconf`](#tag-nginxconf)\n    - [Tag `docker`](#tag-docker)\n  - [Playbook `issue-cert.yml`](#playbook-issue-certyml)\n  - [Playbook `user.yml`](#playbook-useryml)\n  - [Playbook `reboot.yml`](#playbook-rebootyml)\n- [Development](#development)\n- [License](#license)\n\n\u003c!-- /TOC --\u003e\n\n---\n\n\n## Requirements\n\n  - [ansible](http://docs.ansible.com/ansible/latest/intro_installation.html)  \n    Install via pip: `sudo easy_install pip \u0026\u0026 sudo pip install ansible`\n\n  - `passlib` for creating hashes with ansible  \n    Install via pip: `sudo pip install passlib`\n\n  - [vagrant](https://www.vagrantup.com/downloads.html) and\n    [VirtualBox](https://www.virtualbox.org/wiki/Downloads)  \n    (if you want to run playbooks against a local vm for development)\n\n\n## Preparations\n\nWe're assuming, you have just set up a server with **Ubuntu 18.04 LTS** minimum\ninstallation and you have root access using ssh (password or keyfile)\n\nEdit the project files according to your needs:\n\n  - Edit `./hosts` to match your server ip and port.\n\n  - Create `vault_password_file` containing the password for ansible vault:\n\n    ``` sh\n    echo -n \"secret-password\" \u003e vault_password_file\n    ```\n\n  - Edit settings in `./group_vars/all` if necessary\n\n\n### First Run\n\nRun `first-run.yml` to install minimum requirements and create the admin user\nfor ansible. This is the only playbook that uses the root user. Specify keyfile\nor password if necessary:\n\n``` sh\nansible-playbook --user root [--ask-pass] [--key-file path/to/id] first-run.yml\n```\n\n\n## Usage\n\n``` sh\nansible-playbook \u003cPLAYBOOK\u003e [-t \u003cTAG\u003e]\n```\n\nSee `./group_vars/` for common task settings.\n\nRead through playbooks and tasks. They are self-explaining.\n\n\n### Playbook `setup.yml`\n\nRuns all tags by order:\n\n``` sh\nansible-playbook setup.yml\n```\n\n\n#### Tag `bootstrap`\n\n``` sh\nansible-playbook setup.yml -t bootstrap\n```\n\nChanges:\n\n  - set the hostname\n  - update apt package cache; upgrade apt to the latest packages; install\n    unattended-upgrades package; adjust apt update intervals; only installs from\n    security channel\n  - create `sftponly` group\n  - setup iptables (see `./roles/bootstrap/templates/iptables/iptables.sh`)\n  - setup fail2ban\n  - disallow password authentication for all users; disallow ssh access for\n    root; delete root password\n  - set locale and timezone\n  - setup ntp\n  - install optional packages\n\n\n#### Tag `acme-sh`\n\n``` sh\nansible-playbook setup.yml -t acme-sh\n```\n\n  - setup acme.sh for letsencrypt certificate creation and renewal\n  - set letsencrypt account email for notifications\n\n\n#### Tag `nginx`\n\n``` sh\nansible-playbook setup.yml -t nginx\n```\n\nChanges:\n\n  - install nginx\n  - copy nginx.conf, common configs and sites configs (see `./roles/nginx/templates/`)\n  - remove unmanaged configs\n  - ensure nginx cache and public html directory properties\n  - remove default nginx site configuration\n\n\n#### Tag `nginxconf`\n\n``` sh\nansible-playbook setup.yml -t nginxconf\n```\n\nChanges:\n\n  - copy nginx.conf, common configs and sites configs (see `./roles/nginx/templates/`)\n  - remove unmanaged configs\n\n\n#### Tag `docker`\n\n``` sh\nansible-playbook setup.yml -t docker\n```\n\nChanges:\n\n  - iXnstall docker and docker-compose with required dependencies and apt sources\n\n\n### Playbook `issue-cert.yml`\n\n``` sh\nansible-playbook issue-cert.yml\n```\n\nIssue a certificate using acme.sh for prompted domain (also cares for renewal).\n\n\n### Playbook `user.yml`\n\n``` sh\nansible-playbook user.yml\n```\n\nCreate a system user from prompted options.\n\n\n### Playbook `reboot.yml`\n\n``` sh\nansible-playbook reboot.yml\n```\n\nReboot the system and wait for it to come back.\n\n\n## Development\n\nYou can use vargrant to create a virtual server for testing and development.\n\n``` sh\nvagrant up\nln -s .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory vagranthosts\nansible-playbook -i vagranthosts \u003cPLAYBOOK\u003e [-t \u003cTAG\u003e]\n```\n\nCalling `vagrant up` will automatically use `first-run-yml` for provisioning.\n\n\n## License\n\nThe MIT License (MIT)  \nCopyright © 2016 Simon Lepel \u003csimbo@simbo.de\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimbo%2Fsrvkist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimbo%2Fsrvkist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimbo%2Fsrvkist/lists"}