# Ansible Setup Documentation

## Overview
Ansible wird für das automatisierte Deployment des Automated Office Systems verwendet.

## Roles Structure

### Common Role
- Basis-Systemkonfiguration
- Sicherheitseinstellungen (fail2ban, UFW)
- Grundlegende Systempakete

```yaml
# Standardvariablen
timezone: "Europe/Berlin"
fail2ban_bantime: 600
fail2ban_findtime: 600
fail2ban_maxretry: 3
```

### Docker Role
- Docker Installation und Konfiguration
- Docker Compose Setup
- Docker Netzwerk-Konfiguration

```yaml
# Docker Standardvariablen
docker_version: "latest"
docker_compose_version: "2.21.0"
docker_users: ["{{ ansible_user }}"]
```

### NGINX Role
- NGINX Installation
- SSL/TLS Setup
- Virtual Host Konfiguration

```yaml
# NGINX Standardvariablen
nginx_worker_processes: auto
nginx_worker_connections: 1024
nginx_client_max_body_size: "100M"
```

### Services Role
- Deployment der Docker-Container
- Service-spezifische Konfigurationen
- Datenpersistenz-Setup

## Inventory Structure
```plaintext
inventory/
├── production/
└── staging/
    └── hosts
```

## Variables
```yaml
# vars/defaults/main.yml
base_domain: "example.com"
ssl_email: "admin@example.com"

services:
  keycloak: true
  nextcloud: true
  paperless: true
  nodered: true
```

## Deployment Flow
1. Common Role: Systemvorbereitung
2. Docker Role: Container-Runtime
3. NGINX Role: Reverse Proxy
4. Services Role: Anwendungen

## Wichtige Befehle
```bash
# Staging Deployment
ansible-playbook -i inventory/staging site.yml

# Production Deployment
ansible-playbook -i inventory/production site.yml
```

## Sicherheitsaspekte
- Automatische Passwortverwaltung
- SSL/TLS-Konfiguration
- Firewall-Einstellungen
- Fail2ban-Integration

## Entwicklungshinweise
- Lokales Testing über WSL
- Staging-Umgebung für Tests
- Produktionsumgebung für finale Deployments

## Updates und Wartung
- Regelmäßige Updates über Ansible
- Backup-Integration
- Monitoring-Setup