From ab65c723c00717aad19549bde33ed26e6b441f5f Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Mon, 9 Apr 2018 16:06:02 +0800 Subject: Update README.md --- README.md | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 70 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f305ef5..d73f92f 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,13 @@ -Ansible Playbooks for Configuring DragonFly BSD as a Personal Server -==================================================================== +Ansible Playbooks for Personal DragonFly BSD Server +=================================================== -Aaron LI +**Aaron LI** Created: 2018-02-14 Introduction ------------ +TODO ... Playbooks --------- @@ -16,21 +17,85 @@ Playbooks **NOTE**: - Use the `bootstrap.sh` script instead. - The new host should be configured that allow `root` ssh into it using - a password. (This will be disabled during the bootstrap.) + a password. (This will be *disabled* during the bootstrap.) * `deploy.yml`: - The main playbook that deploy services on the target host. + The main playbook that deploys services on the target host. + +Configurations +-------------- +* `ansible.cfg` + Ansible configuration file + +* `inventory.yml` + Remote host specifications + +* `group_vars/all/vars.yml` + Variables for hosts in the `all` group, i.e., all hosts + +* `group_vars/all/vault.yml` + Encrypted variables that will merged into the above `vars.yml` upon + Ansible playing the playbook. + +* `host_vars/vultr` + Variables specific to this host. Roles ----- * `bootstrap` + Only used in the `bootstrap.yml` playbook to bootstrap a newly installed + DragonFly BSD host. + * `basic` + Basic settings, includes: + - Tune basic services in `/etc/rc.conf` + - Set some system tunables in `/boot/loader.conf` + - Enable `/var/log/console.log` in syslog + - Tune csh/tcsh + - Tweak pkg and install basic packages + * `security` + - Setup PF firewall + - Enable `sshlockout` + * `dns` + - Setup local DNS cache with [Unbound](https://www.nlnetlabs.nl/projects/unbound/about/) + - Configure [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) as + the authoritative name server in *hidden master* mode for several + personal domains + * `web` + - Obtain SSL/TLS certificates from *Let's Encrypt*, as well as for other + services (SMTP, IMAP, CalDAV/CardDAV, ZNC). + - Serve personal website + - Serve CalDAV/CardDAV via [Radicale](http://radicale.org/) + - Serve git repositories via [cgit](https://git.zx2c4.com/cgit/) + - Useful reverse proxies to popular websites + * `mail` + - SMTP client & server by [Postfix](http://www.postfix.org/) + - IMAP server by [Dovecot](https://dovecot.org/) + - DKIM signing via [OpenDKIM](http://opendkim.org/) + - SPF, DKIM, DMARC records managed through NSD above + - Do *not* use database + - No web interface + * `shadowsocks` + Setup ShadowSocks-libev for a useful proxy. + * `znc` + Setup [ZNC](https://wiki.znc.in/ZNC) IRC bouncer connecting to channel + `#dragonflybsd` on [EFNet](http://www.efnet.org/). + +* `radicale` + Setup [Radicale](http://radicale.org/) as a lightweight CalDAV/CardDAV + server for personal calendars and contacts. + Served via Nginx and [uWSGI](http://projects.unbit.it/uwsgi). + +Extensions +---------- +* `filter_plugins/` + Custom template filters References ---------- -- cgit v1.2.2