4e72ddf4ef
Completed Issue #2: Ansible Base Configuration All objectives met: - ✅ Hetzner Cloud dynamic inventory (hcloud plugin) - ✅ Common role (SSH hardening, UFW firewall, fail2ban, auto-updates) - ✅ Docker role (Docker Engine + Compose + networks) - ✅ Traefik role (reverse proxy with Let's Encrypt SSL) - ✅ Setup playbook (orchestrates all base roles) - ✅ Successfully tested on live test server (91.99.210.204) Additional improvements: - Fixed ansible.cfg for Ansible 2.20+ compatibility - Updated ADR dates to 2025 - All roles follow Infrastructure Agent patterns Test Results: - SSH hardening applied (key-only auth) - UFW firewall active (ports 22, 80, 443) - Fail2ban protecting SSH - Automatic security updates enabled - Docker running with traefik network - Traefik deployed and ready for SSL Files added: - ansible/playbooks/setup.yml - ansible/roles/docker/* (complete) - ansible/roles/traefik/* (complete) Closes #2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
40 lines
960 B
YAML
40 lines
960 B
YAML
---
|
|
# Initial server setup playbook
|
|
# Provisions base infrastructure: hardening, Docker, Traefik
|
|
|
|
- name: Setup base infrastructure
|
|
hosts: all
|
|
become: yes
|
|
|
|
vars:
|
|
# Override these in group_vars or host_vars
|
|
traefik_acme_email: "admin@postxsociety.cloud"
|
|
|
|
pre_tasks:
|
|
- name: Wait for system to be ready
|
|
wait_for_connection:
|
|
timeout: 300
|
|
|
|
- name: Gather facts
|
|
setup:
|
|
|
|
roles:
|
|
- role: common
|
|
tags: ['common', 'security']
|
|
|
|
- role: docker
|
|
tags: ['docker']
|
|
|
|
- role: traefik
|
|
tags: ['traefik', 'proxy']
|
|
|
|
post_tasks:
|
|
- name: Display server information
|
|
debug:
|
|
msg:
|
|
- "✅ Server setup complete!"
|
|
- "Hostname: {{ ansible_hostname }}"
|
|
- "IP Address: {{ ansible_default_ipv4.address }}"
|
|
- "SSH hardened, UFW enabled, fail2ban active"
|
|
- "Docker installed and running"
|
|
- "Traefik managing SSL certificates automatically"
|