🚀✨🙌💡🔥🌟🎉🥇👏
this is my ansible repo for managing infrastructure and deployments including:
- linux system config
- k3s cluster setup
- postgresql server
- all other deployments are managed with argocd for deployment on k3s
directory structure:
- inventories holds different environment inventories (e.g., production, staging)
- roles contains reusable Ansible roles for various services and configurations
- playbooks contains playbooks for deploying and managing services
| Role | Description |
|---|---|
| docker-compose | Docker Engine + Compose plugin from the official apt repo |
| dyndns_client | Keeps a dynamic DNS record up to date via cron |
| k3s | k3s Kubernetes cluster with cert-manager + ArgoCD |
| linux_base | Base configuration applied to every host |
| linux_bootstrap | First run against a fresh cloud-init host |
| linux_router | Turns a host into a router/gateway |
| netplan | Deploys per-host netplan network config |
| pihole | Pi-hole DNS sinkhole / ad blocker |
| postgresql | PostgreSQL 17 server |
| powerdns | Authoritative PowerDNS server + zone management |
| shared | Shared tasks like dynamic task loader used by every role (never deployed directly) |
| ufw | UFW firewall: policies, rules and WireGuard NAT |
| wireguard | WireGuard VPN server + client config generation |
- start mtn-shell (see github.com/mtnstar/mtn-shell)
- clone this repository
ansible-galaxy role install -r requirements.yml -p ./.galaxy/roles- copy test inventory directory and customize it (e.g. ./inventories/test -> ./inventories/production)
- add desired public ssh keys to
inventories/production/ssh_keys/*.pub
after bootstrapping new ubuntu system with cloud-init:
- add new host to inventory (e.g.
inventories/production/hosts) - specify ansible_user and ansible_port if needed
- run
ansible-playbook -i inventories/production/hosts playbooks/linux_bootstrap.yml -l mynewhost - remove ansible_user in inventory hosts
- apply linux_base playbook to set up basic linux configuration and users:
ansible-playbook -i inventories/production/hosts playbooks/linux_base.yml -l mynewhost - remove ansible_port if you specified it in inventory hosts
Roles split their tasks into ordered, individually runnable files via a shared dynamic task loader. See roles/shared.
inside mtn-shell in this repo run molecule test -s linux_base
see Molecule Testing for more details on how to run molecule tests.