Ansible collection for Linux system management featuring advanced nftables-based firewall automation, Apache web server management with Let's Encrypt SSL, database server configuration, Hetzner Cloud network optimization, and production-ready mail server deployment.
Configure and manage Foomuuri, a modern multizone bidirectional nftables firewall for Debian, Ubuntu, and Arch Linux systems.
- β Multi-distribution support (Debian/Ubuntu/Arch)
- π Multi-zone firewall architecture
- π― Declarative nftables configuration
- π NAT/SNAT/DNAT support
- π Dynamic IP lists (DNS/URL-based)
- π Idempotent operations
- π Production-ready
Deploy and manage Apache web server with automatic Let's Encrypt SSL certificate provisioning.
- β Automated SSL certificate provisioning and renewal
- π Security hardened with modern TLS configuration
- π HTTP-01 and DNS-01 ACME challenge support
- π Automatic certificate renewal via systemd timer
- π― Multi-domain support with aliases
- π Pre-flight DNS validation checks
- π§ Flexible per-host/per-group configuration
Configure and manage the MariaDB or MySQL database server, including secure installation, user/database creation, and replication setup.
- β Install and secure MariaDB server
- π₯ Automated user and database management
- π Idempotent password and privilege management
- πΎ Configuration of key performance settings (InnoDB, memory buffers)
- βοΈ Support for Master/Slave replication setup
- π Hardening steps (e.g., remove test database)
Override cloud-init network configuration on Hetzner Cloud VMs with static networking and configure PowerDNS Recursor for true recursive DNS resolution.
- β Automatic Hetzner Cloud environment detection
- π Static network configuration with IPv4/IPv6 support
- π§ Disables cloud-init network management
- π PowerDNS Recursor for true recursive DNS (essential for mail servers)
- π‘οΈ DNSSEC validation support
- π§ Spamhaus compliant (prevents spam filter issues)
- πΎ Automatic configuration backups
- π Immutable resolv.conf to prevent overwrites
- π Optional Hetzner Cloud API integration
- π¨ Safe network restart with connection retry
Perfect for mail servers and other services requiring local recursive DNS resolution to avoid issues with spam filters like Spamhaus.
Deploy and manage a production-ready mail server with Postfix, Dovecot, PostfixAdmin, and comprehensive spam/virus protection.
- β Complete mail server stack (SMTP/IMAP)
- π§ Postfix for mail transfer with virtual domain support
- π¬ Dovecot for IMAP/POP3 with SQL authentication
- ποΈ PostfixAdmin for web-based administration
- π‘οΈ SpamAssassin for spam filtering
- π¦ ClamAV antivirus integration
- βοΈ OpenDKIM for email authentication
- π Security-hardened configuration
- ποΈ MySQL/MariaDB backend for virtual users
Deploy and manage Roundcube webmail with database integration, plugin support, and web server configuration.
- β Automated installation and configuration
- π§ IMAP/SMTP integration with mail servers
- π Plugin support (managesieve, password, enigma, etc.)
- ποΈ MySQL/PostgreSQL database backend
- π Apache or Nginx web server support
- π Security hardening (deny sensitive directories)
- π¨ Multiple themes and language support
ansible-galaxy collection install tubby1981.systemgit clone https://github.com/tubby1981/ansible.git
cd ansible
ansible-galaxy collection build
ansible-galaxy collection install tubby1981-system-*.tar.gz---
collections:
- name: tubby1981.system
version: ">=1.0.0"Then install:
ansible-galaxy collection install -r requirements.yml- Ansible: >= 2.10
- Python: >= 3.6
- Target systems:
- Debian 11+, Ubuntu 20.04+, or Arch Linux (foomuuri)
- Ubuntu 20.04+, Debian 10+, CentOS 8+, RHEL 8+ (apache)
- Debian 11+, Ubuntu 20.04+ (hetzner_network_override)
- Ubuntu 20.04+, Debian 11+ (mailserver)
- Ubuntu 20.04+, Debian 10+ (roundcube)
- Privileges: Root or sudo access required
- Arch Linux:
base-develandgitfor AUR builds (foomuuri) - Mail server: MariaDB/MySQL database server and Apache web server recommended
- Hetzner: Running on Hetzner Cloud (auto-detected by hetzner_network_override)
- Apache Role Documentation
- Foomuuri Role Documentation
- MariaDB Role Documentation
- Hetzner Network Override Role Documentation
- Mailserver Role Documentation
- Roundcube Role Documentation
- Example Playbooks
- Contributing Guidelines
- Changelog
- Troubleshooting Guide
- hosts: servers
become: yes
roles:
- tubby1981.system.foomuuri
vars:
foomuuri_zones:
- name: wan
interface: eth0- hosts: webservers
become: yes
roles:
- tubby1981.system.apache
vars:
apache_domains:
- name: example.com
ssl: true- hosts: hetzner_servers
become: yes
roles:
- tubby1981.system.hetzner_network_override
vars:
hetzner_use_local_dns: true
hetzner_install_pdns_recursor: true- hosts: mailserver
become: yes
roles:
- tubby1981.system.mariadb
- tubby1981.system.apache
- tubby1981.system.hetzner_network_override
- tubby1981.system.mailserver- hosts: webmail
become: yes
roles:
- tubby1981.system.apache
- tubby1981.system.php
- tubby1981.system.mariadb
- tubby1981.system.roundcube
vars:
roundcube_server_name: webmail.example.com
roundcube_default_host: ssl://mail.example.comContributions are welcome! Please read our Contributing Guidelines first.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Found a bug? Please open an issue with:
- Description of the problem
- Steps to reproduce
- Expected vs actual behavior
- Ansible version and target OS
- Ansible Galaxy: https://galaxy.ansible.com/tubby1981/system
- Issues: https://github.com/tubby1981/ansible/issues
- Repository: https://github.com/tubby1981/ansible
- Foomuuri Project: https://github.com/FoobarOy/foomuuri
- Documentation: https://tubby1981.github.io/ansible/
If you find this collection useful, please consider:
- Starring the repository on GitHub
- Rating the collection on Ansible Galaxy
- Sharing it with others
Keywords: ansible collection, nftables firewall, foomuuri ansible, multizone firewall, linux firewall automation, debian ansible role, ubuntu firewall configuration, archlinux security, infrastructure as code, ansible galaxy collection, advanced firewall, nat configuration, system hardening, devops automation, network security, apache webserver, letsencrypt ssl, certbot automation, https configuration, dns-01 challenge, http-01 challenge, wildcard certificates, apache ansible role, mariadb ansible role, mysql configuration, database server, replication setup, sql automation, hetzner cloud, cloud-init override, powerdns recursor, recursive dns, dnssec, network automation, static networking, mail server, postfix, dovecot, postfixadmin, spamassassin, clamav, opendkim, email server, smtp server, imap server, virtual mailboxes, spam filtering, antivirus, email security, roundcube webmail, webmail server, roundcube ansible, imap webmail