ansible-anu
debops
ansible-anu | debops | |
---|---|---|
1 | 7 | |
13 | 1,195 | |
- | 2.5% | |
2.7 | 8.6 | |
about 1 year ago | 6 days ago | |
Jinja | ||
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ansible-anu
-
Ask HN: How do you securely self-host a server?
I prefer to run Ubuntu machines and at least in terms of provisioning a new secure server I built an Ansible playbook I called 'ANU' (as in A New Ubuntu). I'd expand to other distros, but then I'd have to change the name!
https://github.com/MitchellCash/ansible-anu
It is based on the DevSec OS/SSH hardening playbooks, but I lean closer towards ease-of-use over security where I think it makes sense. For example, I disable forced password rotation and I keep the default umask value of '022' instead of the more secure '027'.
When I come across something the upstream playbooks change that "gets in my way", I will disable it if the security trade off makes sense for me. I'm not running highly sensitive systems, so these trade-offs make sense for me, and maybe they will for you as well!
In terms of ongoing security upkeep, I run the usual `apt update && apt dist-upgrade` when I can, but I’ll be keeping my eye on this thread for additional advice.
debops
-
Moving to production - How to properly config nginx and gunicorn to Django? I've been scouring the internet and I need some clear explanation
I'm planning on adding to the litany of tutorials on this soon. My process is to use debops to provision and secure a VPS and install the docker service. The app is spun up with docker-compose and the appropriate containers - if you use something like cookiecutter-django you can get a basis for the docker compose files you need. This uses traefik as the proxy for gunicorn instead of nginx, and then you'll need to serve static and media either with whitenoise or with S3.
-
is LXD package for debian in the works?
I wrote a set of Ansible roles in DebOps that let you build and install LXD from source on Debian. You can check out the role itself and it's documentation. It's not a perfect solution, but it can enable you to use LXD without snaps on Debian.
-
FreeIPA-ish options on Debian10 or Ubuntu
If you are committed to Debian environment, perhaps DebOps would be an interesting alternative (disclaimer: I'm the maintainer of the project). DebOps is a set of Ansible playbooks and roles + some scripts that let you deploy and manage Debian-based clusters. It has extensive documentation, supports LDAP deployment and is actively maintained.
-
New stable DebOps release: v2.3.0
GitHub: https://github.com/debops/debops/releases/tag/v2.3.0
-
Where to find enterprise level code examples
It's not strictly for Azure, but you can check out DebOps (disclaimer: I'm the maintainer). It's a set of Ansible playbooks and roles to manage Debian-based infrastructure, created completely in the open. You can use it as a base to build up your own infrastructure. Roles are designed to be reusable and can pass configuration between them using dependent variables, everything can be configured through Ansible inventory since you are not expected to modify the roles themselves.
-
DebOps and Linux Mint?
Looks like that apt role has a Linuxmint dictionary key missing, somewhere where OS distributions are specified. You can look at the apt role defaults and add it in a few places where Debian, Devuan and Ubuntu are specified. The role's fact script could also be fixed to handle cases like that gracefully. I'll see what I can do.
-
openLDAP Client PAM-Setup Playbook?
DebOps has you covered - there are roles for slapd, nslcd, nscd, ldap role can be used to manage objects in the LDAP directory itself from other roles, and so on. Check the slapd role documentation for the server-side details, and the ldap role documentation for the client-side details.
What are some alternatives?
pibox-os - 📦💻 The Official PiBox Operating System
Mailcow - mailcow: dockerized - 🐮 + 🐋 = 💕
ops-utils - Scripts for setting up and running web infrastructures
Mail-in-a-Box - Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
docker-mailserver - A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker. [Moved to: https://github.com/docker-mailserver/docker-mailserver]
Mailu - Insular email distribution - mail server as Docker images
wildduck - Opinionated email server
ansible-netplan - Ansible role to manage Netplan
modoboa - Mail hosting made simple
iRedMail
Inboxen - Main repo for Inboxen.org