Kamal Ansible Manager

This is an Ansible playbook to automatically optimize and secure your servers for Kamal, for Ubuntu only.

Here's a quick video walkthrough of how this repo works:

What's inside?

It will automatically update your packages and configure these packages to secure your server(s):

• Docker
• Fail2ban
• UFW
• NTP

The playbook also:

• Remove Snap.
• Disable ssh password login.
• Configure swap using geerlingguy/ansible-role-swap.

Getting Started

Clone the repo:

$ git clone git@github.com:guillaumebriday/kamal-ansible-manager.git
$ cd kamal-ansible-manager

Copy the inventory example file:

$ cp hosts.ini.example hosts.ini

Update the <host1> with your server's IP address (you can have multiple servers):

$ vim hosts.ini

Install the requirements:

$ ansible-galaxy install -r requirements.yml

Configuring vars

Variables can be configured in the playbook.yml file. Also, you can override default variables provided in geerlingguy/ansible-role-swap to adjust the swap settings.

For instance:

  vars:
    security_autoupdate_reboot: "true"
    security_autoupdate_reboot_time: "03:00"
    swap_file_size_mb: '1024'

Running the playbook

Run the playbook:

$ ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini playbook.yml

Provisioning Servers with Scaleway (Optional)

If you want to automatically create new compute instances on Scaleway, you can use the community.general.scaleway_compute module. Follow these steps:

Copy the example variables file and adjust the variables as needed:

$ cp roles/scaleway/vars/main.yml.example roles/scaleway/vars/main.yml

Run the playbook:

$ ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook scaleway.yml

Then, it will continue the provisioning process on the newly created servers.

Contributing

Do not hesitate to contribute to the project by adapting or adding features ! Bug reports or pull requests are welcome.

License

This project is released under the MIT license.