computer-playbook/README.md

CyMaIS - Cyber Master Infrastructure Solution

This playbook, powered by Ansible, is designed to streamline the setup and administration of a wide range of applications and Docker images on Linux-based systems. It's a versatile tool for configuring both bare metal servers and personal computers, offering solutions for base system setup, administration tools, backup solutions, system monitoring, updates, driver management, security enhancements, VPN configurations, and more. Whether for desktop computing, development environments, server management, or Docker containerization, this playbook provides comprehensive and customizable Ansible roles for efficient system management.

CyMaIS Implementation

If you're seeking professional implementation of the CyMaIS - Cyber Master Infrastructure Solution and its components, look no further. I offer tailored software development, infrastructure setup, and security solutions, particularly for small and medium-sized businesses. My expertise spans various areas, including server administration, digital corporate infrastructure, custom software development, and information security. With a strong focus on Open Source solutions, I ensure that your IT infrastructure aligns with the highest industry standards. For more detailed information about my services and how I can assist in optimizing your IT environment, please visit CyberMaster.Space.

Integrated Solutions

Base Setup

Provides essential configurations for system initialization, including hostname setting, systemd journal management, locale configurations, and swapfile handling.

• Hostname: Sets the system's hostname.
• Journalctl: Configures systemd journal settings.
• Locales: Configures system locales.
• System-Swapfile: Configures swapfile creation and management.

Administration Tools

Includes necessary tools for effective system administration, such as Git setup, Linux admin tools, and sudo configuration.

• Git: Basic Git version control system setup.
• PC-Administrator-Tools: Installs basic Linux administration tools.
• Sudo: Installs and configures sudo.

Backup Solutions

Focuses on comprehensive backup strategies and cleanup procedures, encompassing data backups, remote server backups, and maintenance of backup storage efficiency.

Backups

• backup-data-to-usb: Automates data backup to USB devices.
• backup-docker-to-local: Backs up Docker volumes to local storage.
• backup-remote-to-local: Pulls backups from remote servers for local storage.
• backups-provider: Manages backup processes and storage solutions.
• backups-provider-user: Creates and configures users for backup processes.

Backups Cleanup

• cleanup-backups-service: Service to clean up old backups automatically.
• cleanup-backups-timer: Timer for scheduling the backup cleanup service.
• cleanup-disc-space: Manages and frees up disk space on the system.
• cleanup-failed-docker-backups: Cleans up failed Docker backups.

Monitoring

Notifier

Introduces roles for setting up system event notifications, with options for email and Telegram alerts.

• Systemd-Notifier: Notifier service for systemd.
• Systemd-Notifier-Email: Email notifications for systemd services.
• Systemd-Notifier-Telegram: Telegram notifications for systemd services.

Server Health

Addresses server maintenance and health monitoring, ensuring optimal performance and reliability of the server infrastructure.

• Health Btrfs: Monitors the health of Btrfs filesystems.
• Health Disc Space: Checks for available disk space.
• Health Docker Container: Monitors the health of Docker containers.
• Health Docker Volumes: Checks the status of Docker volumes.
• Health Journalctl: Monitors and manages the system journal.
• Health Nginx: Ensures the Nginx server is running smoothly.
• Heal Docker: Automated healing and maintenance tasks for Docker.

Update

Covers automated updates and maintenance for the system and its components, including package managers and Docker containers.

• update: Automates the process of system updates.
• update-apt: Updates system packages using apt (for Debian-based systems).
• update-docker: Keeps Docker containers up to date.
• update-pacman: Updates system packages using Pacman (for Arch-based systems).

Driver

Deals with the installation and configuration of various hardware drivers, catering to a range of devices and needs.

• driver-epson-multiprinter: Installs drivers for Epson multi-function printers.
• driver-intel: Installs Intel drivers, typically for graphics and other hardware.
• driver-msi-keyboard-color: Configures MSI keyboard color settings.
• driver-non-free: Installs non-free drivers, generally for specific hardware needs.

Security

Enhances system security through roles focused on security measures, swap file management, user configurations, and SSH settings.

• System Security: Enhances overall system security.
• System Swapfile: Manages swap files for system memory.
• User Administrator: Setup for system administrator user.
• User Alarm: Manages the alarm user.
• PC SSH: Configuration of SSH for secure remote access.
• SSHD: Configures SSH daemon settings.

Virtual Private Network (VPN)

Centers on VPN configurations, specifically for Wireguard, providing secure and efficient network connectivity.

• client-wireguard: Configures Wireguard VPN client.
• client-wireguard-behind-firewall: Sets up Wireguard client functionality behind a firewall.
• wireguard: Installs and configures Wireguard for secure VPN connections.

Desktop and Personal Computing

Offers a range of tools and software to enhance the personal computing experience on desktops and laptops, covering multimedia, productivity, and virtualization.

• PC Bluray Player Tools: Software for playing Blu-ray media on personal computers.
• PC Caffeine: Utility to keep your computer awake.
• PC Designer Tools: Graphic design and 3D modeling software.
• PC Games: Installation of various computer games.
• PC Gnome: Installation and configuration of Gnome desktop environment.
• PC LibreOffice: Installation of the LibreOffice suite.
• PC Network Analyze Tools: Network analysis and troubleshooting utilities.
• PC Nextcloud: Client setup for Nextcloud cloud storage service.
• PC Office: Various office productivity tools.
• PC Qbittorrent: Installation of qBittorrent for file sharing.
• PC Spotify: Installation of Spotify for music streaming.
• PC Streaming Tools: Software for video streaming and recording.
• PC Torbrowser: Installation of Tor Browser for anonymous browsing.
• PC Video Conference: Video conferencing software setup.
• PC Virtual Box: VirtualBox setup for creating virtual machines.

Development Environment

Targets software developers with tools and environments for various programming languages and development needs.

• PC Developer Tools: Basic developer tools setup.
• PC Developer Tools Arduino: Setup for Arduino development.
• PC Developer Tools Bash: Tools for Bash scripting.
• PC Developer Tools Java: Java development environment setup.
• PC Developer Tools PHP: PHP development environment setup.
• PC Developer Tools Python: Python development environment setup.

Other

Encompasses miscellaneous essential tools and systems, including AUR helper, spellchecking, typesetting, and package management.

• System-Aur-Helper: Installs and configures AUR helper (yay).
• Hunspell: Installation of Hunspell spellchecker.
• Latex: Installation of LaTeX typesetting system.
• Java: Installs Java Development Kit (JDK).
• Python Pip: Installation of Python Pip package manager.

Server

Webserver

Focuses on web server roles and applications, covering SSL certificates, Nginx configurations, reverse proxies, and email services.

• Letsencrypt: Configures Let's Encrypt for SSL certificates.
• Nginx: Installs and configures Nginx web server.
• Nginx-Docker-Reverse-Proxy: Sets up a reverse proxy for Docker containers.
• Nginx-Homepage: Configures a homepage for Nginx.
• Nginx-Https: Enables HTTPS configuration for Nginx.
• Nginx-Matomo-Tracking: Integrates Matomo tracking with Nginx.
• Nginx-Redirect: Manages URL redirects in Nginx.
• Certbot Nginx: Integrates Certbot with Nginx for SSL certificates.
• Postfix: Setup for the Postfix mail transfer agent.

Docker and Containerization

Dedicated to Docker container setups and application management, offering a wide array of software deployment options.

• Docker: Basic Docker and Docker Compose setup.
• Docker Akaunting: Deployment of the Akaunting finance software.
• Docker Attendize: Setup for the Attendize event management tool.
• Docker Baserow: Deployment of Baserow, an open-source no-code database tool.
• Docker BigBlueButton: Setup for the BigBlueButton video conferencing tool.
• Docker ELK: Elasticsearch, Logstash, and Kibana (ELK) stack setup.
• Docker Funkwhale: Deployment of Funkwhale, a federated music streaming server.
• Docker Gitea: Setup for the Gitea git server.
• Docker Jenkins: Jenkins automation server setup.
• Docker Joomla: Joomla content management system setup.
• Docker Listmonk: Setup for Listmonk, a self-hosted newsletter and mailing list manager.
• Docker Mailu: Complete mail server solution.
• Docker Mastodon: Deployment of the Mastodon social network server.
• Docker Matomo: Setup for Matomo, an open-source analytics platform.
• Docker MediaWiki: MediaWiki setup for creating wikis.
• Docker MyBB: Setup for MyBB forum software.
• Docker Nextcloud: Cloud storage solution setup.
• Docker Peertube: Deployment of the PeerTube video platform.
• Docker Pixelfed: Pixelfed, a federated image sharing platform, setup.
• Docker Roulette Wheel: Setup for a custom roulette wheel application.
• Docker Wordpress: Wordpress blog and website platform setup.
• Docker YOURLS: Setup for YOURLS, a URL shortening service.

Setup

Run:

ansible-galaxy collection install -r requirements.yml

Addidional Parameters

• activate_all_timers (bool): Activates matomo tracking on all html pages
• nginx_matomo_tracking_active (bool): Activates matomo tracking on all html pages

The role specific parameters are descriped in the README.md of the roles

Author

Kevin Veen-Birkenbach

• 📧 Email: kevin@veen.world
• 🌍 Website: https://www.veen.world/

License

This project is licensed under the GNU Affero General Public License v3.0. The full license text is available in the LICENSE file of this repository.