{"id":18360983,"url":"https://github.com/spetex/practical-ansible","last_synced_at":"2026-05-02T03:07:07.100Z","repository":{"id":129267385,"uuid":"80366681","full_name":"spetex/practical-ansible","owner":"spetex","description":"Infrastructure for personal use.","archived":false,"fork":false,"pushed_at":"2017-10-21T17:48:38.000Z","size":24,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-01-19T22:33:20.437Z","etag":null,"topics":["ansible","fail2ban","iptables","ldap","nginx","owncloud","postfix","webserver"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spetex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-29T19:23:56.000Z","updated_at":"2023-03-04T06:22:30.000Z","dependencies_parsed_at":"2023-03-22T23:01:32.780Z","dependency_job_id":null,"html_url":"https://github.com/spetex/practical-ansible","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/spetex/practical-ansible","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spetex%2Fpractical-ansible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spetex%2Fpractical-ansible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spetex%2Fpractical-ansible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spetex%2Fpractical-ansible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spetex","download_url":"https://codeload.github.com/spetex/practical-ansible/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spetex%2Fpractical-ansible/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32521113,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-02T01:12:54.858Z","status":"online","status_checked_at":"2026-05-02T02:00:05.923Z","response_time":132,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","fail2ban","iptables","ldap","nginx","owncloud","postfix","webserver"],"created_at":"2024-11-05T22:30:43.433Z","updated_at":"2026-05-02T03:07:07.072Z","avatar_url":"https://github.com/spetex.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# practical-ansible\n[![CircleCI](https://circleci.com/gh/spetex/practical-ansible/tree/master.svg?style=svg)](https://circleci.com/gh/spetex/practical-ansible/tree/master)\n\nHello, this is a practical setup for personal infrastructure.\n\n## Goal\nCreate ansible setup for secure server with ownCloud, webserver (nginx), LDAP and Postfix mail server.\n\n## Roles\nFor this purpose the stack will contain some roles.\n\n-   common (iptables, fail2ban, notifying about behavior using mail)\n-   Encryption with Lets Encrypt\n-   webserver (nginx)\n-   cloud (php, mysql/postgress and owncloud server)\n-   OpenLDAP\n-   Mailserver with Postfix and Dovecot\n\n\n# Install\n\n## General requirements\n\nPlease don't forget to install python on your target host. It's quite common mistake. AWS EC2 instances do not have python installed by default.\n\n1. Your first step should be to update all packages on target host. You can use update.yml for that.\n\n## OpenLDAP role\n\nInstalls Open LDAP (slapd) as service on specified nodes and configures its structure and permissions to identify users and services among multiple domains.\n\nDefine `organizations` in your playbook or inventory as array of domains and the role will configure the directory structure for all of them.\n\nYou also need to define `base_domain` to keep your passwords stored in password storage.\n\n### Example\n\n```\n# playbook.yml\n---\n- name: Setup LDAP\n  hosts: all\n  become: yes\n  vars:\n    base_domain: my.custom.ldap.domain.com\n    organizations:\n      - example.com\n\n  roles:\n    - ldap\n\n```\n\n```\n# LDAP Structure\ndc=ldap\n├─ ou=admin\n├─ ou=services\n└─ dc=example.com\n   ├─ ou=groups\n   └─ ou=users\n```\n\n## Mail role\n\nInstalls Postfix and Dovecot and configures them to act together as IMAP/SMTP mail server with virtual database of mailboxes and domains provided by OpenLDAP. Uses Lets Encrypt to generate certificates for communication.\n\nYou need to define `{{base_domain}}` to keep your passwords stored in password storage. Hostname of your mail server will be configured as `mail.{{base_domain}}` unless you override variable `{{mail_host}}`.\n\n### Manual configuration\n\nAnsible role is not able to configure DNS for you. You will need to configure few DNS records.\n\n#### DNS Before playing role\n\n* an A and/or AAAA with `{{mail_host}}` pointing to the IP address of mail server, it is required to configure Letsencrypt certificates\n\n#### After playing role\n\n* TXT record with your DKIM key, you need this to sign your e-mails\n* TXT record with your DKIM version, you need this to sign your e-mails\n* PTR record, some mail servers will not talk to you if you skip this\n\nFor each organization, you will need to configure a TXT record with Open DKIM key. You will find the DKIM keys in folder `remote/{{organization}}`. The file might look like this:\n\n```\n\nmail._domainkey IN      TXT     ( \"v=DKIM1; k=rsa; \"\n          \"p=VERY_LONG_SECRET_KEY\" )  ; ----- DKIM key mail for example.com\n```\n\nYour TXT records would look like this:\n\n```\nTXT \"mail._domainkey.example.com\" \"v=DKIM1; k=rsa; p=VERY_LONG_SECRET_KEY\"\nTXT \"example.com\" \"v=spf1 mx a -all\"\n```\n\n### Client configuration\n\nTo configure your e-mail client use following settings:\n\n```\nIMAP\n----\nhost: {{mail_host}}:143\nuser: user@{{organization}}\nencryption: STARTTLS\n\nSMTP\n----\nhost: {{mail_host}}:587\nuser: user@{{organization}}\nencryption: STARTTLS\n```\n\n## EC2 Management and Provisioning Notes\n\nIn order to run `amazon.yml` EC2 provisioning playbook you need to install and configure [boto](https://github.com/boto/boto3boto) python library.\n\nAlso pay attention to the `vars` section where you need to specify the instance type, image, aws region, etc... for instances you want to spawn.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspetex%2Fpractical-ansible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspetex%2Fpractical-ansible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspetex%2Fpractical-ansible/lists"}