History

Tobias Petrich 8af8eafaf7 languagetool: increase java memory		2025-10-15 15:46:59 +02:00
..
borg_scripts	add borg backup automation	2025-01-23 15:59:33 +01:00
my_service_templates	languagetool: increase java memory	2025-10-15 15:46:59 +02:00
rootless-podman-service	add task to create service directories	2025-04-23 13:13:41 +02:00
traefik_config	add sgnarva, add ansible tags	2025-09-27 12:06:30 +02:00
allow_privileged_ports_rootless.yml	initial commit	2024-07-15 16:03:01 +02:00
automate_backup.yml	add borg backup automation	2025-01-23 15:59:33 +01:00
common_programs.yml	add toolbox to list of common programs	2025-05-04 18:55:34 +02:00
custom_hardening.yml	initial commit	2024-07-15 16:03:01 +02:00
deploy_services.yml	add sgnarva, add ansible tags	2025-09-27 12:06:30 +02:00
deploy_traefik_config.yml	initial commit	2024-07-15 16:03:01 +02:00
hardening.yml	initial commit	2024-07-15 16:03:01 +02:00
main.yml	add borg backup automation	2025-01-23 15:59:33 +01:00
README.md	add some common programs and main playbook	2025-01-23 12:45:56 +01:00

Ansible MicroOS VM setup

Run the custom_hardening playbook. This mostly sets SSH parameters to best practice values.

ansible-playbook -i inventory.txt custom_hardening.yml

Run the allow_privileged_ports_rootless playbook. This allows a rootless traefik container to use ports 80 and 443.

ansible-playbook -i inventory.txt allow_privileged_ports_rootless.yml

Run the deploy_services playbook. This creates groups and users for each service, creates a btrfs subvolume for data and copies the quadlet files to the correct location, then activates the service.

ansible-playbook -i inventory.txt deploy_services.yml

Run the deploy_traefik_config playbool. This copies the traefik configuration to the correct location.

ansible-playbook -i inventory.txt deploy_traefik_config.yml