Joakim
846ab74f87
- Enable IP forwarding in security playbook (net.ipv4.ip_forward = 1) - Add podman network firewall rules to fix container DNS/HTTPS access - Implement systemd timer for reliable Nextcloud background job execution - Add database optimization tasks (indices, bigint conversion, mimetypes) - Configure maintenance window (04:00 UTC) and phone region (NO) - Add security headers (X-Robots-Tag, X-Permitted-Cross-Domain-Policies) - Create Nextcloud removal playbook for clean uninstall - Fix nftables interface matching (podman0 vs podman+) Root cause: nftables FORWARD chain blocked container egress traffic Solution: Explicit firewall rules for podman0 bridge interface
38 lines
856 B
YAML
38 lines
856 B
YAML
---
|
|
# Homelab Infrastructure Deployment
|
|
#
|
|
# Deploys personal homelab services to arch-vps including:
|
|
# - PostgreSQL database
|
|
# - Valkey cache/session store
|
|
# - Podman container runtime
|
|
# - Caddy web server
|
|
# - Nextcloud cloud storage
|
|
# - Authentik SSO/authentication
|
|
# - Gitea git hosting
|
|
#
|
|
# Usage:
|
|
# ansible-playbook playbooks/homelab.yml
|
|
|
|
# - import_playbook: playbooks/security.yml
|
|
- name: Deploy Homelab Infrastructure
|
|
hosts: homelab
|
|
become: true
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
# - name: Deploy Authentik
|
|
# include_role:
|
|
# name: authentik
|
|
# tags: ['authentik', 'sso', 'auth']
|
|
|
|
# - name: Deploy Gitea
|
|
# include_role:
|
|
# name: gitea
|
|
# tags: ['gitea', 'git', 'development']
|
|
|
|
- name: Deploy Nextcloud
|
|
include_role:
|
|
name: nextcloud
|
|
tags: ['nextcloud', 'cloud', 'storage']
|
|
|