# My ansible files These are my ansible files that i use to deploy my two servers. i'm using alpine linux on all my servers. #### one of them (called wanderduene) runs the following services: * __acme-redirect__ handles acme-cert stuff with lets-encrypt and redirects everything else to https * __bind__ dns server - it serves dns zones for all my domains, master * __nginx__ webserver - terminates all https stuff for other services and serves static content * __maddy__ my mailserver - using it actively for all my mail business * __pleroma__ a mastodon compatible ActivityPub server - using it for all my social-media needs * __synapse__ a homeserver for the matrix protocol - using it to communicate with others * __gitolite & cgit__ (or providing git hosting via ssh and a webinterface * __prometheus & grafana__ for some basic monitoring * __radicale__ cal- & card-dav server - using it to sync contacts and calendar across my devices * __oeffisearch__ web based journey planner for Germany and partly Europe * __frps__ a reverseproxy for services benhind nat - using it to make my machines at home accessible online #### And the other one (called taurus): * __acme-redirect__ handles acme-cert stuff with lets-encrypt and redirects everything else to https * __bind__ dns server - it serves dns zones for all my domains, slave * __nginx__ webserver - terminates all https stuff for other services and serves static content * __syncthing__ decentralized peer-to-peer file sync - using it to sync files across all my devices, on this server as a online backup * __rest-server__ http-server for restic's protocol - using it to sync my restic backups to this server ## Port mappings ### wanderduene | Port | tcp | udp | Service | Protocol | Description | Firewalled | |:------:|:---:|:---:|-------------------|------------|----------------|:----------:| | 22 | x | | sshd | ssh | | no | | 25 | x | | maddy | smtp | | no | | 53 | x | x | bind | dns | | no | | 80 | x | | acme-redirect | http | | no | | 143 | x | | maddy | imaps | | no | | 443 | x | | nginx | https | | no | | 465 | x | | maddy | smtps | | no | | 587 | x | | maddy | smtps | | no | | 993 | x | | maddy | imaps | | no | | 1234 | x | | fritzbox-exporter | http | | no | | 2201 | x | | frps | ssh | ? | yes | | 3000 | x | | grafana | http | | yes | | 4000 | x | | pleroma | http | | yes | | 4369 | ? | ? | epmd | ? | ? | yes | | 5001 | x | | oeffi-web | http | instance1 | yes | | 5002 | x | | oeffi-web | http | instance2 | yes | | 5003 | x | | oeffi-web | http | instance3 | yes | | 5004 | x | | oeffi-web | http | instance4 | yes | | 5050 | x | | frps | frp | | no | | 5232 | x | | radicale | http | | yes | | 5432 | x | | postgres | postgresql | | yes | | 8008 | x | | synapse | http | | yes | | 8001 | x | | fcgiwrap (cgit) | ? | | yes | | 8081 | x | | oeffisearch | http | instance1 | yes | | 8082 | x | | oeffisearch | http | instance2 | yes | | 8083 | x | | oeffisearch | http | instance3 | yes | | 8084 | x | | oeffisearch | http | instance4 | yes | | 8088 | x | | frps | http | vhost | yes | | 8142 | x | | chartsrv | http | | yes | | 9090 | x | | prometheus | http | | yes | | 9100 | x | | node_exporter | http | | yes | | 37311 | ? | ? | ? | ? | | yes | ### taurus | Port | tcp | udp | Service | Protocol | Description | Firewalled | |:------:|:---:|:---:|-------------------|------------|----------------|:----------:| | 22 | x | | sshd | ssh | | no | | 53 | x | x | bind | dns | | no | | 80 | x | | acme-redirect | http | | no | | 443 | x | | nginx | https | | no | | 8060 | x | | rest-server | http | | yes | | 8384 | x | | syncthing | http | | yes | | 9100 | x | | node_exporter | http | | yes | | 22000 | x | | syncthing | | | no | | 21027 | | x | syncthing | | | no | this file might be out of date, i don't plan to update it regularly