Assuming \texttt{ansible} is built according to section \ref{ssec:bansdpac}
on p.\pageref{ssec:bansdpac}, the following requirements are met.
\subsection{Requirements}
The following applications are required to utilize this this section objectives.
Ansible can be installed using Python PIP.
\begin{itemize}
\item\texttt{Ansible} 2.4.x+
\item\texttt{Python} 2.7.9+
\textcolor[rgb]{0.80,0.00,0.00}{Todo clarify confusion over version requirements}
\end{itemize}
\subsection{Quick Start}
The following steps will help quickly set up and execute this section objectives.
\texttt{Project Configuration}
The following files need to be edited and configured before executing this playbook.
\begin{table}[!htb]
\caption{Files to be edited}% \label{tab:tech}
\begin{tabular}{|l|l|}
\hline
\multicolumn{1}{|l|}{ File}&
\multicolumn{1}{l|}{ Description}\\\hline
groups\char`_vars/all.yml & Server credential information and domain variables \\\hline
inventory.yml & List of server IPs to connect to \\\hline
\end{tabular}
\end{table}
\texttt{Playbook Execution}
After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook.
\begin{minted}{sh}
ansible-playbook -i inventory.yml site.yml`
\end{minted}
\subsection{Project Structure}
The following tree depicts the high level structure of this Ansible project.
\begin{minted}{sh}
|-- ansible.cfg
|-- group_vars
|<7C><> -- all.yml
|-- inventory.yml
|-- LICENSE.AGPLv3
|-- LICENSE.GPLv3
|-- README.md
|-- roles
|<7C><> |-- dkim_configuration
|<7C><> |-- dovecot_configuration
|<7C><> |-- fail2ban_configuration
|<7C><> |-- letsencrypt_configuration
|<7C><> |-- mikegleasonjr.firewall
|<7C><> |-- outputs
|<7C><> |-- postfix_configuration
|<7C><> |-- server_tasks
|<7C><> |-- spamassassin_configuration
|<7C><> -- sqlgrey_configuration
|-- playbook_execution.log
-- site.yml
\end{minted}
\texttt{File and Directory Descriptions}
The following table consists of a description of what each file and directory stands for.
\begin{table}[!htb]
\caption{File and Directory Descriptions}% \label{tab:tech}
\begin{tabular}{|l|l|}
\hline
\multicolumn{1}{|l|}{ Name}&
\multicolumn{1}{l|}{ Description}\\\hline
site.yml & Master playbook. Executes all roles in sequential order \\\hline
inventory.yml & Inventory file containing server IP addresses \\\hline
ansible.cfg & Ansible configuration file for various Ansible options. \\\hline
group\char`_vars/ & Group\char`_vars directory contains variable files for the entire group. \\
& The files are named according to the group name. 'all.yml' = group 'all' \\\hline
group\char`_vars/all.yml & Group variables for the 'all' group. Contains server connection \\
& information along with domain variables \\\hline
roles/ & Directory containing all roles needed by this project \\\hline
\end{tabular}
\end{table}
\texttt{Role descriptions}
The following table consists of descriptions of each role and their purpose. The roles listed below are listed in the required order of execution to ensure successful completion of the playbook.
\begin{table}[!htb]
\caption{Role descriptions}% \label{tab:tech}
\begin{tabular}{|l|l|l|}
\hline
\multicolumn{1}{|l|}{Role Name}&
\multicolumn{1}{|l|}{Role Description}&
\multicolumn{1}{l|}{Depends on}\\\hline
server\char`_tasks & This roles performs all server tasks. Updating & mikebleasonjr.firewall \\
& server, configuring SSH, disable IPv6, etc. &\\
& Depends on the mikegleasonjr.firewall role. &\\\hline
mikegleasonjr.firewall & This role set up iptables rules. It is called & None \\
& and ran by the server\char`_tasks roles. &\\\hline
letsencrypt\char`_configuration & This role installs and executes let's encrypt & None \\\hline
dkim\char`_configuration & This roles installs OpenDKIM, OpenDMARC & None \\
& and configures them. &\\\hline
dovecot\char`_configuration & This role installs and configures dovecot & letsencrypt\char`_configuration \\\hline
spamassassin\char`_configuration & This role installs spamassassin. & None \\\hline
sqlgrey\char`_configuration & This role installs sqlgrey. & None \\\hline
fail2ban\char`_configuration & This role installs fail2ban. & None \\\hline
outputs & This role gathers DNS information for the & None \\
& SPF, DMARC, and DKIM records and &\\
& outputs them to the screen. &\\\hline
\end{tabular}
\end{table}
\subsection{Ansible Logging}
Execution processes described in this section are automatically logged to a file called `playbook-execution.log` in the root directory of the project. The path to this log file can be changed by editing `ansible.cfg` in the project root directory and specifying a different path.
\subsection{Troubleshooting}
Ansible has a built in debug output. Simply run Ansible with a `-v`. There are 5 levels of debug output and they are denoted by the number of v's listed. Each level up provide more debug output than the level before it.
\begin{minted}{sh}
Level 1: `-v`
Level 2: `-vv`
Level 3: `-vvv`
Level 4: `-vvvv`
Level 5: `-vvvvv`
\end{minted}
Example execution with level 3 debug output:
\begin{minted}{sh}
ansible-playbook -i inventory.yml site.yml -vvv
\end{minted}
\section{Ansible Gitea}
Assuming \texttt{ansible} is built according to section \ref{ssec:bansdpac}
on p.\pageref{ssec:bansdpac}, the following requirements are met.
\subsection{Requirements}
The following applications are required to utilize this this section objectives.
Ansible can be installed using Python PIP.
\begin{itemize}
\item\texttt{Ansible} 2.4.x+
\item\texttt{Python} 2.7.9+
\textcolor[rgb]{0.80,0.00,0.00}{Todo clarify confusion over version requirements}
\end{itemize}
\subsection{Quick Start}
The following steps will help quickly set up and execute this section objectives.
\texttt{Project Configuration}
The following files need to be edited and configured before executing this playbook.
\begin{table}[!htb]
\caption{Files to be edited}% \label{tab:tech}
\begin{tabular}{|l|l|}
\hline
\multicolumn{1}{|l|}{ File}&
\multicolumn{1}{l|}{ Description}\\\hline
roles/gitea/default/main.yml & Variables for Gitea configuration \\
& (default - standalone with sqlite) \\\hline
roles/nginx/default/main.yml & Variables for Nginx and Letsencrypt configuration \\\hline
inventory.yml & List of server IPs to connect to \\\hline
\end{tabular}
\end{table}
\qquad\\
\texttt{Playbook Execution}
After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook.
\begin{minted}{sh}
ansible-playbook -i inventory.yml site.yml`
\end{minted}
\subsection{Project Structure}
The following tree depicts the high level structure of this Ansible project.
\begin{minted}{sh}
|-- inventory.yml
|-- LICENSE.AGPLv3
|-- LICENSE.GPLv3
|-- README.md
|-- roles
|<7C><> |-- gitea
|<7C><> -- nginx
|-- playbook_execution.log
-- site.yml
\end{minted}
\texttt{File and Directory Descriptions}
The following table consists of a description of what each file and directory stands for.
\begin{table}[!htb]
\caption{File and Directory Descriptions}% \label{tab:tech}
\begin{tabular}{|l|l|}
\hline
\multicolumn{1}{|l|}{ Name}&
\multicolumn{1}{l|}{ Description}\\\hline
site.yml & Master playbook. Executes all roles in sequential order \\\hline
inventory.yml & Inventory file containing server IP addresses \\\hline
ansible.cfg & Ansible configuration file for various Ansible options. \\\hline
roles/ & Directory containing all roles needed by this project \\\hline
\end{tabular}
\end{table}
\qquad\\
\texttt{Role descriptions}
The following table consists of descriptions of each role and their purpose. The roles listed below are listed in the required order of execution to ensure successful completion of the playbook.
\begin{table}[!htb]
\caption{Role descriptions}% \label{tab:tech}
\begin{tabular}{|l|l|l|}
\hline
\multicolumn{1}{|l|}{Role Name}&
\multicolumn{1}{|l|}{Role Description}\\\hline
gitea & This roles performs installation and configuration of Gitea server \\\hline
nginx & This roles performs installation and configuration of Nginx server \\\hline
\end{tabular}
\end{table}
\texttt{Role parameters}
\qquad\\
\texttt{\qquad Gitea role parameters}
\begin{minted}{sh}
# Application name
gitea_app_name: "Gitea"
# Application gitea_user_repo_limit
gitea_user: "gitea"
# Application home
gitea_home: "/var/lib/gitea"
# Repo Limit
gitea_user_repo_limit: -1
# Domain Name (FOR REVER PROXY LEAVE AS DEFAULT)
gitea_http_domain: localhost
# Gitea url (FOR REVER PROXY LEAVE AS DEFAULT)
gitea_root_url: http://localhost:3000
# Protocol (FOR REVER PROXY LEAVE AS DEFAULT)
gitea_protocol: http
# listen IP (FOR REVER PROXY LEAVE AS DEFAULT)
gitea_http_listen: 127.0.0.1
# Listen port (FOR REVER PROXY LEAVE AS DEFAULT)
gitea_http_port: 3000
# HTTP git Options
gitea_disable_http_git: false
# Offline mode options
gitea_offline_mode: true
\end{minted}
\qquad\qquad DB details
\begin{minted}{sh}
# DB Type 'mysql', 'postgres' or 'sqlite3'
gitea_db_type: sqlite3
# DB host
gitea_db_host: 127.0.0.0:3306
# DB name
gitea_db_name: root
# DB username
gitea_db_user: gitea
# DB password
gitea_db_passord: lel
# DB ssl options
gitea_db_ssl: disable
# DB path (Not needed for postgres and mysql hash it in template file )
gitea_db_path: "{{ gitea_home }}/data/gitea.db"
\end{minted}
\qquad\qquad SSH Details
\begin{minted}{sh}
# SSH Listen IP
gitea_ssh_listen: 0.0.0.0
# SSH domain
gitea_ssh_domain: localhost
# SSH options
gitea_start_ssh: true
# SSH post
gitea_ssh_port: 2222
\qquad\qquad Gitea secret key
\begin{minted}{sh}
# gitea key (GENERATE A NEW KEY)
gitea_secret_key: T0pS3cr31
\end{minted}
\qquad\qquad General Settings
\begin{minted}{sh}
# User email settings
gitea_show_user_email: false
# User avatar settings
gitea_disable_gravatar: true
# User register options
gitea_disable_registration: false
# User signup options
gitea_require_signin: true
# User captcha options
gitea_enable_captcha: true
\end{minted}
\qquad\\
\texttt{\qquad Nginx roles parameters}
\begin{minted}{sh}
# Domain name for the server
nginx_domain_name: "test.hostnats.com"
# Gitea listening port
gitea_http_port: 3000
# letsencrypt email address
letsencrypt_email: "test@example.com"
\end{minted}
\subsection{Ansible Logging}
Execution processes described in this section are automatically logged to a file called `playbook-execution.log` in the root directory of the project. The path to this log file can be changed by editing `ansible.cfg` in the project root directory and specifying a different path.
\subsection{Troubleshooting}
Ansible has a built in debug output. Simply run Ansible with a `-v`. There are 5 levels of debug output and they are denoted by the number of v's listed. Each level up provide more debug output than the level before it.