last commits
clone
- read-only
- https://git.ctu.cx/ansible-configs
- read-write
- git@trabbi-new.ctu.cx:ansible-configs
My ansible files
These are my ansible files that i use to deploy my two servers. i'm using alpine linux on all my servers.
one of them (called wanderduene) runs the following services:
- acme-redirect handles acme-cert stuff with lets-encrypt and redirects everything else to https
- bind dns server - it serves dns zones for all my domains, master
- nginx webserver - terminates all https stuff for other services and serves static content
- maddy my mailserver - using it actively for all my mail business
- pleroma a mastodon compatible ActivityPub server - using it for all my social-media needs
- synapse a homeserver for the matrix protocol - using it to communicate with others
- gitolite & cgit (or providing git hosting via ssh and a webinterface
- prometheus & grafana for some basic monitoring
- radicale cal- & card-dav server - using it to sync contacts and calendar across my devices
- oeffisearch web based journey planner for Germany and partly Europe
- frps a reverseproxy for services benhind nat - using it to make my machines at home accessible online
And the other one (called taurus):
- acme-redirect handles acme-cert stuff with lets-encrypt and redirects everything else to https
- bind dns server - it serves dns zones for all my domains, slave
- nginx webserver - terminates all https stuff for other services and serves static content
- syncthing decentralized peer-to-peer file sync - using it to sync files across all my devices, on this server as a online backup
- rest-server http-server for restic's protocol - using it to sync my restic backups to this server
Port mappings
wanderduene
| Port | tcp | udp | Service | Protocol | Description | Firewalled |
|---|---|---|---|---|---|---|
| 22 | x | sshd | ssh | no | ||
| 25 | x | maddy | smtp | no | ||
| 53 | x | x | bind | dns | no | |
| 80 | x | acme-redirect | http | no | ||
| 143 | x | maddy | imaps | no | ||
| 443 | x | nginx | https | no | ||
| 465 | x | maddy | smtps | no | ||
| 587 | x | maddy | smtps | no | ||
| 993 | x | maddy | imaps | no | ||
| 1234 | x | fritzbox-exporter | http | no | ||
| 2201 | x | frps | ssh | ? | yes | |
| 3000 | x | grafana | http | yes | ||
| 4000 | x | pleroma | http | yes | ||
| 4369 | ? | ? | epmd | ? | ? | yes |
| 5001 | x | oeffi-web | http | instance1 | yes | |
| 5002 | x | oeffi-web | http | instance2 | yes | |
| 5003 | x | oeffi-web | http | instance3 | yes | |
| 5004 | x | oeffi-web | http | instance4 | yes | |
| 5050 | x | frps | frp | no | ||
| 5232 | x | radicale | http | yes | ||
| 5432 | x | postgres | postgresql | yes | ||
| 8008 | x | synapse | http | yes | ||
| 8001 | x | fcgiwrap (cgit) | ? | yes | ||
| 8081 | x | oeffisearch | http | instance1 | yes | |
| 8082 | x | oeffisearch | http | instance2 | yes | |
| 8083 | x | oeffisearch | http | instance3 | yes | |
| 8084 | x | oeffisearch | http | instance4 | yes | |
| 8088 | x | frps | http | vhost | yes | |
| 8142 | x | chartsrv | http | yes | ||
| 9090 | x | prometheus | http | yes | ||
| 9100 | x | node_exporter | http | yes | ||
| 37311 | ? | ? | ? | ? | yes |
taurus
| Port | tcp | udp | Service | Protocol | Description | Firewalled |
|---|---|---|---|---|---|---|
| 22 | x | sshd | ssh | no | ||
| 53 | x | x | bind | dns | no | |
| 80 | x | acme-redirect | http | no | ||
| 443 | x | nginx | https | no | ||
| 8060 | x | rest-server | http | yes | ||
| 8384 | x | syncthing | http | yes | ||
| 9100 | x | node_exporter | http | yes | ||
| 22000 | x | syncthing | no | |||
| 21027 | x | syncthing | no |
this file might be out of date, i don't plan to update it regularly