Ansible Automation

Welcome fellow Internet user 👋

This is a collection of my personal automation tasks and roles I created for managing several different applications inside my Homelab.

Feel free to explore some of them.

Warning

Many of those roles and tasks may only support Ubuntu / Debian-based distros!

Others are not tested by me.

Roles

Roles dedicated for complex tasks:

• NFS-Share Deployment
• SMB-Share Deployment
• Steam Game Server Deployment
• Minecraft Game Server
• Minecraft Paper Game Server
• Minecraft Velocity Proxy Server
• Cronjob Setup

Task Setups

Simple automation tasks

• Disable resolved stub listener (default on Ubuntu, listens on port 53)
• Deploy an emby server instance
• Firewall control (via UFW)
• Timezone settings
• Deploy an unbound instance
• Update apt packages
• Install cronjobs
• Deploy automated Python scripts

---

Control tasks for complex role setups

Each role has its own variables. See their references for those.

• Manage a Minecraft Vanilla Server instance
• Manage a Minecraft Paper Server instance
• Deploy NFS network shares
• Deploy SMB network shares
• Install a crontab via a control file

---

Host selection

Generally (also for my personal Ansible Semaphore setup) hosts will be passed via the variable vm_hosts. This defaults to an empty list. It can be supplied via the -e switch

ansible-playbook -K some_tasks.yaml -e vm_hosts=myhostgroup

Further defined are special variables for simpler tasks setups that can be set:

Firewall Setup

Requires a list of allowed ports, rules and protocols defined.

For the general policy a value is needed.

Vars

fw_allow:
  - { port: 420, rule: allow, proto: tcp }
  - { port: 420, rule: allow, proto: udp }
fw_rule_general: deny

Timezone Setup

The timezone setup requires the timezone string.

Vars

timezone_string: "Europe/Berlin"

Apt Update control

The apt updater needs a Telegram Bot token to notify the user. Yes, this is hardcoded 😎.

Vars

telegram_api_token:
telegram_chat_id: 

Unbound

Unbound needs an access control list. This is specified in l3d's repository under unbound_access_control

Vars

unbound_access_allow: ...

Python Automation Deploy

Deploys an automated Python script to the host with supported crontab entry. Besides the cron and SMB setup roles only the automation user needs to be specified. Additionally a list of necessary packages can be supplied as well.

Vars

automation_user:
automation_user_group:
automation_user_pw_hash:
automation_dependencies:
  - package_1
  - package_2
  - ...

Dev

Prerequisites

• Python (>= 3.11)
• Installed requirements.txt
• Installed Ansible Galaxy roles inside roles/requirements.yml

Util

ansible_gen_hashed_pw.sh

• Generates a hashed password
• For usage inside roles for hashed pw values when deploying new users