Ansible playbook for self-hosted infrastructure on Ubuntu ARM64. Manages reverse proxy, authentication, DNS, security, monitoring, VPN, and application services.
Provision the ansible user on a fresh server (generates SSH key, creates user, configures sudo):
./setup.sh <SERVER_IP>Copy and fill in the config templates:
cp .custom.yml custom.yml # server connection, email, deploy settings
cp .secret.yml secret.yml # all secrets (vault encrypted)
chmod 600 secret.ymlansible-galaxy install -r requirements.ymlFull deploy:
ansible-playbook playbook.yml -i inventory.yml -e @custom.yml -e @secret.yml --vault-password-file ~/.vault_passDeploy specific role(s):
ansible-playbook playbook.yml -i inventory.yml -e @custom.yml -e @secret.yml --vault-password-file ~/.vault_pass --tags "traefik,authelia"After first CrowdSec deploy, enroll the agent:
docker exec crowdsec cscli console enroll -e context <key>