aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.md75
1 files changed, 70 insertions, 5 deletions
diff --git a/README.md b/README.md
index f305ef5..d73f92f 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,13 @@
-Ansible Playbooks for Configuring DragonFly BSD as a Personal Server
-====================================================================
+Ansible Playbooks for Personal DragonFly BSD Server
+===================================================
-Aaron LI
+**Aaron LI**
Created: 2018-02-14
Introduction
------------
+TODO ...
Playbooks
---------
@@ -16,21 +17,85 @@ Playbooks
**NOTE**:
- Use the `bootstrap.sh` script instead.
- The new host should be configured that allow `root` ssh into it using
- a password. (This will be disabled during the bootstrap.)
+ a password. (This will be *disabled* during the bootstrap.)
* `deploy.yml`:
- The main playbook that deploy services on the target host.
+ The main playbook that deploys services on the target host.
+
+Configurations
+--------------
+* `ansible.cfg`
+ Ansible configuration file
+
+* `inventory.yml`
+ Remote host specifications
+
+* `group_vars/all/vars.yml`
+ Variables for hosts in the `all` group, i.e., all hosts
+
+* `group_vars/all/vault.yml`
+ Encrypted variables that will merged into the above `vars.yml` upon
+ Ansible playing the playbook.
+
+* `host_vars/vultr`
+ Variables specific to this host.
Roles
-----
* `bootstrap`
+ Only used in the `bootstrap.yml` playbook to bootstrap a newly installed
+ DragonFly BSD host.
+
* `basic`
+ Basic settings, includes:
+ - Tune basic services in `/etc/rc.conf`
+ - Set some system tunables in `/boot/loader.conf`
+ - Enable `/var/log/console.log` in syslog
+ - Tune csh/tcsh
+ - Tweak pkg and install basic packages
+
* `security`
+ - Setup PF firewall
+ - Enable `sshlockout`
+
* `dns`
+ - Setup local DNS cache with [Unbound](https://www.nlnetlabs.nl/projects/unbound/about/)
+ - Configure [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) as
+ the authoritative name server in *hidden master* mode for several
+ personal domains
+
* `web`
+ - Obtain SSL/TLS certificates from *Let's Encrypt*, as well as for other
+ services (SMTP, IMAP, CalDAV/CardDAV, ZNC).
+ - Serve personal website
+ - Serve CalDAV/CardDAV via [Radicale](http://radicale.org/)
+ - Serve git repositories via [cgit](https://git.zx2c4.com/cgit/)
+ - Useful reverse proxies to popular websites
+
* `mail`
+ - SMTP client & server by [Postfix](http://www.postfix.org/)
+ - IMAP server by [Dovecot](https://dovecot.org/)
+ - DKIM signing via [OpenDKIM](http://opendkim.org/)
+ - SPF, DKIM, DMARC records managed through NSD above
+ - Do *not* use database
+ - No web interface
+
* `shadowsocks`
+ Setup ShadowSocks-libev for a useful proxy.
+
* `znc`
+ Setup [ZNC](https://wiki.znc.in/ZNC) IRC bouncer connecting to channel
+ `#dragonflybsd` on [EFNet](http://www.efnet.org/).
+
+* `radicale`
+ Setup [Radicale](http://radicale.org/) as a lightweight CalDAV/CardDAV
+ server for personal calendars and contacts.
+ Served via Nginx and [uWSGI](http://projects.unbit.it/uwsgi).
+
+Extensions
+----------
+* `filter_plugins/`
+ Custom template filters
References
----------