An ansible playbook for setting up and maintaining our servers, including docker-compose configuration for our internal tools. We set up SSL encryption as well as oauth via GitHub for accessing internal services.
MinecraftWe use our own Docker images for our Minecraft serversPortainerto deploy docker-compose stacks and manage server consolefilebrowserfor managing server files and more granular permission managementTraefikas a docker-friendly reverse proxyOAuth2 proxyfor authentication via GitHub on our internal subdomain
Set up a machine running Debian, have root SSH access.
Install ansible on local machine and cd into this repo.
Run ansible-galaxy install -r requirements.yml
Set ANSIBLE_PRIVATE to point to a path with vault.yml inside it for secrets as defined in secrets-def.yml.
Set up inventory (playbook will run on a host/group named rootserver) and vault password in a system ansible.cgf file (ex in /etc/ansible/ansible.cfg):
[defaults]
vault_password_file=/path/to/vault_pass
inventory=/path/to/inventory.iniRun ansible-playbook run.yml, it will find the vault file on its own, and decrypt it thanks to the ansible config.
We currently don't automate deploying stacks in portainer, so deploy manually as needed from the portainer_stacks folder. These should be manually kept up to date as we make changes in portainer.
Point DNS to this machine, specifically internal subdomain and wildcard *., and all our Minecraft server subdomains.
- https://github.com/notthebee/infra for general setup with our ansible roles
- Self-hosting SSO with Traefik (Part 2): OAuth2 Proxy for getting OAuth2 proxy working
- Jeff Geerling for great Ansible tutorials and roles