Skip to content

tubby1981/ansible

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

42 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Tubby1981 System Collection

Ansible Galaxy CI License Ansible Version

Ansible collection for Linux system management featuring advanced nftables-based firewall automation, Apache web server management with Let's Encrypt SSL, database server configuration, Hetzner Cloud network optimization, and production-ready mail server deployment.

πŸ“¦ Included Roles

foomuuri

Configure and manage Foomuuri, a modern multizone bidirectional nftables firewall for Debian, Ubuntu, and Arch Linux systems.

  • βœ… Multi-distribution support (Debian/Ubuntu/Arch)
  • πŸ”’ Multi-zone firewall architecture
  • 🎯 Declarative nftables configuration
  • 🌐 NAT/SNAT/DNAT support
  • πŸ“Š Dynamic IP lists (DNS/URL-based)
  • πŸ”„ Idempotent operations
  • πŸš€ Production-ready

apache

Deploy and manage Apache web server with automatic Let's Encrypt SSL certificate provisioning.

  • βœ… Automated SSL certificate provisioning and renewal
  • πŸ”’ Security hardened with modern TLS configuration
  • 🌐 HTTP-01 and DNS-01 ACME challenge support
  • πŸ”„ Automatic certificate renewal via systemd timer
  • 🎯 Multi-domain support with aliases
  • πŸ“‹ Pre-flight DNS validation checks
  • πŸ”§ Flexible per-host/per-group configuration

mariadb

Configure and manage the MariaDB or MySQL database server, including secure installation, user/database creation, and replication setup.

  • βœ… Install and secure MariaDB server
  • πŸ‘₯ Automated user and database management
  • πŸ”„ Idempotent password and privilege management
  • πŸ’Ύ Configuration of key performance settings (InnoDB, memory buffers)
  • βš™οΈ Support for Master/Slave replication setup
  • πŸ”’ Hardening steps (e.g., remove test database)

hetzner_network_override

Override cloud-init network configuration on Hetzner Cloud VMs with static networking and configure PowerDNS Recursor for true recursive DNS resolution.

  • βœ… Automatic Hetzner Cloud environment detection
  • 🌐 Static network configuration with IPv4/IPv6 support
  • πŸ”§ Disables cloud-init network management
  • πŸ” PowerDNS Recursor for true recursive DNS (essential for mail servers)
  • πŸ›‘οΈ DNSSEC validation support
  • πŸ“§ Spamhaus compliant (prevents spam filter issues)
  • πŸ’Ύ Automatic configuration backups
  • πŸ”’ Immutable resolv.conf to prevent overwrites
  • πŸ”Œ Optional Hetzner Cloud API integration
  • 🚨 Safe network restart with connection retry

Perfect for mail servers and other services requiring local recursive DNS resolution to avoid issues with spam filters like Spamhaus.

mailserver

Deploy and manage a production-ready mail server with Postfix, Dovecot, PostfixAdmin, and comprehensive spam/virus protection.

  • βœ… Complete mail server stack (SMTP/IMAP)
  • πŸ“§ Postfix for mail transfer with virtual domain support
  • πŸ“¬ Dovecot for IMAP/POP3 with SQL authentication
  • πŸŽ›οΈ PostfixAdmin for web-based administration
  • πŸ›‘οΈ SpamAssassin for spam filtering
  • 🦠 ClamAV antivirus integration
  • βœ‰οΈ OpenDKIM for email authentication
  • πŸ”’ Security-hardened configuration
  • πŸ—„οΈ MySQL/MariaDB backend for virtual users

roundcube

Deploy and manage Roundcube webmail with database integration, plugin support, and web server configuration.

  • βœ… Automated installation and configuration
  • πŸ“§ IMAP/SMTP integration with mail servers
  • πŸ”Œ Plugin support (managesieve, password, enigma, etc.)
  • πŸ—„οΈ MySQL/PostgreSQL database backend
  • 🌐 Apache or Nginx web server support
  • πŸ”’ Security hardening (deny sensitive directories)
  • 🎨 Multiple themes and language support

πŸš€ Installation

Via Ansible Galaxy

ansible-galaxy collection install tubby1981.system

Via Git (development)

git clone https://github.com/tubby1981/ansible.git
cd ansible
ansible-galaxy collection build
ansible-galaxy collection install tubby1981-system-*.tar.gz

Via requirements.yml

---
collections:
  - name: tubby1981.system
    version: ">=1.0.0"

Then install:

ansible-galaxy collection install -r requirements.yml

πŸ”§ Requirements

  • Ansible: >= 2.10
  • Python: >= 3.6
  • Target systems:
    • Debian 11+, Ubuntu 20.04+, or Arch Linux (foomuuri)
    • Ubuntu 20.04+, Debian 10+, CentOS 8+, RHEL 8+ (apache)
    • Debian 11+, Ubuntu 20.04+ (hetzner_network_override)
    • Ubuntu 20.04+, Debian 11+ (mailserver)
    • Ubuntu 20.04+, Debian 10+ (roundcube)
  • Privileges: Root or sudo access required
  • Arch Linux: base-devel and git for AUR builds (foomuuri)
  • Mail server: MariaDB/MySQL database server and Apache web server recommended
  • Hetzner: Running on Hetzner Cloud (auto-detected by hetzner_network_override)

πŸ“– Documentation

πŸ’‘ Quick Start Examples

Deploy Foomuuri Firewall

- hosts: servers
  become: yes
  roles:
    - tubby1981.system.foomuuri
  vars:
    foomuuri_zones:
      - name: wan
        interface: eth0

Apache with Let's Encrypt SSL

- hosts: webservers
  become: yes
  roles:
    - tubby1981.system.apache
  vars:
    apache_domains:
      - name: example.com
        ssl: true

Hetzner Cloud Network Setup

- hosts: hetzner_servers
  become: yes
  roles:
    - tubby1981.system.hetzner_network_override
  vars:
    hetzner_use_local_dns: true
    hetzner_install_pdns_recursor: true

Complete Mail Server

- hosts: mailserver
  become: yes
  roles:
    - tubby1981.system.mariadb
    - tubby1981.system.apache
    - tubby1981.system.hetzner_network_override
    - tubby1981.system.mailserver

Roundcube Webmail

- hosts: webmail
  become: yes
  roles:
    - tubby1981.system.apache
    - tubby1981.system.php
    - tubby1981.system.mariadb
    - tubby1981.system.roundcube
  vars:
    roundcube_server_name: webmail.example.com
    roundcube_default_host: ssl://mail.example.com

🀝 Contributing

Contributions are welcome! Please read our Contributing Guidelines first.

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

πŸ› Bug Reports

Found a bug? Please open an issue with:

  • Description of the problem
  • Steps to reproduce
  • Expected vs actual behavior
  • Ansible version and target OS

πŸ“„ License

MIT

πŸ”— Links

⭐ Support

If you find this collection useful, please consider:

  • Starring the repository on GitHub
  • Rating the collection on Ansible Galaxy
  • Sharing it with others

Keywords: ansible collection, nftables firewall, foomuuri ansible, multizone firewall, linux firewall automation, debian ansible role, ubuntu firewall configuration, archlinux security, infrastructure as code, ansible galaxy collection, advanced firewall, nat configuration, system hardening, devops automation, network security, apache webserver, letsencrypt ssl, certbot automation, https configuration, dns-01 challenge, http-01 challenge, wildcard certificates, apache ansible role, mariadb ansible role, mysql configuration, database server, replication setup, sql automation, hetzner cloud, cloud-init override, powerdns recursor, recursive dns, dnssec, network automation, static networking, mail server, postfix, dovecot, postfixadmin, spamassassin, clamav, opendkim, email server, smtp server, imap server, virtual mailboxes, spam filtering, antivirus, email security, roundcube webmail, webmail server, roundcube ansible, imap webmail

About

πŸ”₯ Production Ansible collection: Foomuuri nftables firewall | Apache SSL automation | MariaDB clustering | Hetzner Cloud DNS | Full mail server stack (Postfix/Dovecot/Roundcube/SpamAssassin/ClamAV) | PHP 7.4-8.4 | Multi-distro automation

Topics

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors