# Ansible Setup Documentation ## Overview Ansible wird für das automatisierte Deployment des Automated Office Systems verwendet. ## Roles Structure ### Common Role - Basis-Systemkonfiguration - Sicherheitseinstellungen (fail2ban, UFW) - Grundlegende Systempakete ```yaml # Standardvariablen timezone: "Europe/Berlin" fail2ban_bantime: 600 fail2ban_findtime: 600 fail2ban_maxretry: 3 ufw_allowed_ports: - { port: 22, proto: tcp } # SSH - { port: 80, proto: tcp } # HTTP - { port: 443, proto: tcp } # HTTPS ``` ### Docker Role - Docker Installation und Konfiguration - Docker Compose Setup - Docker Netzwerk-Konfiguration ```yaml # Docker Standardvariablen docker_compose_version: "2.21.0" docker_users: ["{{ ansible_user }}"] ``` ### NGINX Role - NGINX Installation - SSL/TLS Setup - Virtual Host Konfiguration ```yaml # NGINX Standardvariablen nginx_worker_processes: auto nginx_worker_connections: 1024 nginx_client_max_body_size: "100M" ``` ### Services Role - Deployment der Docker-Container - Service-spezifische Konfigurationen - Datenpersistenz-Setup ## Inventory Structure ```plaintext inventory/ ├── production/ └── staging/ └── hosts ``` ## Variables ```yaml # vars/defaults/main.yml base_domain: "example.com" ssl_email: "admin@example.com" services: keycloak: true nextcloud: true paperless: true nodered: true # Ports keycloak_port: 8080 nextcloud_port: 8081 paperless_port: 8000 nodered_port: 1880 docker_compose_version: "2.21.0" ``` ## Deployment Flow 1. Common Role: Systemvorbereitung 2. Docker Role: Container-Runtime 3. NGINX Role: Reverse Proxy 4. Services Role: Anwendungen ## Wichtige Befehle ```bash # Staging Deployment ansible-playbook -i inventory/staging site.yml ``` ## Sicherheitsaspekte - Automatische Passwortverwaltung - SSL/TLS-Konfiguration - Firewall-Einstellungen - Fail2ban-Integration ## Entwicklungshinweise - Lokales Testing über WSL - Staging-Umgebung für Tests - Produktionsumgebung für finale Deployments ## Updates und Wartung - Regelmäßige Updates über Ansible - Backup-Integration - Monitoring-Setup