An Ansible Playbook to deploy my home servers and network setup.

Earlier I used a TrueNAS based server in VirtualBox. It had several problems:

• Absence of SMART tests capabilities
• I am not fond of TrueNAS plugins
• Complicated GPU setup

I really like Ansible and figured why not create a 100% ansible-based server setup. Also this project helped me to learn a lot about:

• Reverse proxy
• Cool Ansible tricks
• Docker Networking
• DHCP and DNS servers
• DNS-over-HTTPS/TLS
• Bridge
• VLAN
• Security
• Firewall
• VPN
• TLS certificates
• Cloudflare
• S.M.A.R.T
• Filesystem

The playbook is mostly being developed for personal use. It assumes my home setup of 2 Fedora-based servers (38 Server):

• Alice - main server with the cool stuff.
• Bravo - handles monitoring and logs.

Everything is deployed as docker containers.

• Add Authelia to public services
• Add Mikrotik RouterOS provisioning

All of the values in hierarchy below are tags (lowercased) in main.yml. Highlighted words indicate servers the tag is being used with. There are few mistakes in the structure below probably.

• VPN - WireGuard Easy container Bravo.
• Essential - essential setup like users, groups and powersaving Alice/Bravo.
  • Packages - install dnf packages.
• Filesystem - setup filesystem Alice.
  • ZFS - setup pool and filesystem from SATA disks.
  • MergerFS - merge separate disks and pools together.
  • Samba - setup SMB filesystem.
  • CRON - create scheduled jobs.
• Docker - install and enable docker (optionally nvidia-docker2).
• Apps - available applications in the system Alice.
  • Network - setup and enable everything related to network.
    • Traefik - web proxy and TLS certificates manager.
    • Gluetun - VPN client in a thin Docker container for multiple VPN providers, written in Go.
  • Containers - docker containers connected with traefik network.
    • Containers/System - everything that assists me in monitoring and controlling my services.
      • cAdvisor - analyzes resource usage and performance characteristics of running containers.
      • Portainer - easily manage Docker and running containers.
      • Diun - receive notifications when a Docker image is updated on a Docker registry.
      • Uptime Kuma - a fancy self-hosted monitoring tool.
    • Containers/Media - everything to consume my media.
      • Bazarr - companion to Radarr and Sonarr for downloading subtitles.
      • Jackett - API Support for your favorite torrent trackers.
      • Jellyfin - the free software media system.
      • Plex - you know... plex media server.
      • Prowlarr - indexer aggregator for Sonarr, Radarr, Lidarr, etc.
      • Radarr - for organising and downloading movies.
      • Readarr - for organising and downloading books.
      • Sonarr - for downloading and managing TV episodes.
      • Komga - Free and open source comics/mangas media server.
      • Tanoshi - self-hosted web manga reader/downloader.
      • Kaizoku - self-hosted manga downloader.
      • Lazylibrarian - follow authors and grab metadata for all your digital reading needs.
    • Containers/Services - everything that is not Containers/Media.
      • Pi-Hole - protects your devices from unwanted content.
      • Transmission - my favorite BitTorrent client.
      • Nextcloud - on-premise Universal File Access and sync platform.
  • Dashboard - dashboards for my applications.
    • Homer - a very simple static homepage for your server.
• Monitoring - more metrics is always better.
  • SMART - S.M.A.R.T monitoring of SATA disks Home.
  • Exporters - setup and enable metrics exporters for Prometheus Home/Monitoring.
    • Node - exporter for hardware and OS metrics.
    • Nvidia - Nvidia GPU exporter for prometheus, using nvidia-smi binary to gather metrics.
    • APC UPS - exporter for UPS.
    • Pi-Hole - exporter for Pi-Hole.
    • Mikrotik - exporter for Mikrotik RouterOS devices.
  • Prometheus - an open-source systems monitoring and alerting toolkit Monitoring.
  • Grafana - an open source analytics & monitoring solution for every database Monitoring.
• Security - security measures for my servers Home/Monitoring.
  • Security/Endlessh - SSH tarpit that slowly sends an endless banner.

• Wolfgang for his Infra project. I was inspired by this project and "borrowed" a lot of ideas.
• David Stephens for his Ansible NAS project. Traefik setup and dockerized applications helped me a lot.
• Larry Smith Jr. did an amazing job with Ansible ZFS role.
• Jeff Geerling for his book Ansible for DevOps. One of the best books I read in 2022.

• Refactor inventories/dev
• Create universal role to run docker containers
• Create a new role to manage users and groups
• Better filesystem management
• Support Authelia

• Refactor dashboard/homer
• Refactor enabling management
• Exclude open-vpn from cron docker backup
• Better project structure
• Refactor grafana dashboards management (templating)
• Rename home -> alice, monitoring -> bravo
• yml -> yaml
• Support telegram notifications

• Add example inventory with comments
• Add CI inventory to run github-workflows