This the Ansible configuration for my VM, thething.mattbostock.com.
'The Thing' is a reference to the excellent 1982 film of the same name.
It's also my first foray with Ansible.
The playbooks here:
- Provision a new VM from Digital Ocean
- Do some basic configuration of Ubuntu for security
- Configure an instance of the ZNC IRC bouncer
- Configure an instance of Ghost, the blogging platform
Each daemon runs inside a Docker container.
Note that I'm fronting Ghost with Fastly CDN so haven't opted to proxy it through a web server for simplicity.
I've made use of Ansible's file lookups and vars_prompt to pull in configuration variables, such as:
- A ZNC username and password
- An SSL PEM file for ZNC
The main reason for this is that it allows me to host this repo publicly without exposing any secrets. I also don't expect to need to run this playbook often enough that entering these variables would be a hassle.
This repo relies on librarian-ansible to pull in external playbooks. Unfortunately librarian-ansible is written in Ruby rather than Python (Ansible uses Python), so I recommend using Bundler to install the librarian-ansible gem.
There are two playbooks used; provision.yml
creates and bootstraps the
Digital Ocean VM and site.yml
installs the services. These need to be
run separately, to allow the Digital Ocean inventory script
to refresh the list of hosts once the VM has been created.
pip install -r requirements.txt
bundle install
librarian-ansible install
export DO_API_KEY=<Digital Ocean API key here>
export DO_CLIENT_ID=<Digital Ocean client ID here>
ANSIBLE_ROLES_PATH=librarian_roles/ ansible-playbook -i hosts provision.yml
ANSIBLE_ROLES_PATH=librarian_roles/ ansible-playbook -i hosts site.yml
- Restrict Ghost on port 80 to Fastly edge nodes (AKA dark origin)
- Configure bitlbee and Campervan for ZNC
- Figure out how to run provision.yml and site.yml together in one run