Repos:
After living through the pain of a snowflake server, I decided to look into reproducible setups. For my intents and purposes ansible seemed like a great choice. The main goal was to have a secure server, serving a basic website and a few game servers.
Every single aspect about the following parts can be configured by copying the vars.yml file under
group_vars/all to group_vars/devservers and adjusting it. That way individual features can even be en- or disabled.
One of the easiest """security""" measures is changing the default ssh port. To account for that the ansible playbook needs to juggle the ssh port. Just for fun, I also set up endlessh on port 22.
Next up, geerlingguy provides two fantastic roles for security and firewall settings.
Finally the content is served by bunkerized nginx. I'm not perfectly happy with it, so this may change.
System related setup tasks include user creation, installing packages and copying over dot files. It will also set up docker for other components like nginx.
These tasks create this very website. They will obviously setup all nginx related directories. However, they will also
build kiba's documentation to host it. In addition to that, they will convert the markdown based wiki into HTML
files to serve. The root of the wiki, corresponds to the root index.html.
The look (including light and dark theme support) are achieved with simple CSS and fonts injected via an HTML template. The navigation bar in the top left is generated from relative path links with a bit of JavaScript code. Besides that feature (and the doxygen documentation) this website is completely static.
Currently the server containerizes:
- nginx
- minecraft
- assetto corsa