opnxng-deploy-playbook/README.md

# Ansible playbook for Opnxng deployment

An Ansible playbook to deploy Docker services to our servers and another to back up important data.

`ansible-playbook -i "production" "deploy.yaml"`

`ansible-playbook -i "production" "back-up.yaml"`

## Services

The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.

They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).

## Configurations

Our caddy server blocks IP ranges that have been involved in mass spams. The [block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). Thanks to their team.

Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.

Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.

## Contact
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.
Added back-up.yml 2023-11-11 21:15:57 +08:00			`# Ansible playbook for Opnxng deployment`
Inital commit 2023-11-06 10:39:27 +08:00
Added back-up.yml 2023-11-11 21:15:57 +08:00			`An Ansible playbook to deploy Docker services to our servers and another to back up important data.`
Inital commit 2023-11-06 10:39:27 +08:00
Use .yaml 2023-11-13 20:27:07 +08:00			`ansible-playbook -i "production" "deploy.yaml"`
Inital commit 2023-11-06 10:39:27 +08:00
Use .yaml 2023-11-13 20:27:07 +08:00			`ansible-playbook -i "production" "back-up.yaml"`
Added back-up.yml 2023-11-11 21:15:57 +08:00
Inital commit 2023-11-06 10:39:27 +08:00			`## Services`

Use .yaml 2023-11-13 20:27:07 +08:00			`The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.`
Inital commit 2023-11-06 10:39:27 +08:00
			`They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).`

			`## Configurations`

Caddy: blocked IP ranges involved in spam. Thanks to ProjectSegfault 2024-05-30 23:29:39 +08:00			`Our caddy server blocks IP ranges that have been involved in mass spams. The [block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). Thanks to their team.`

Scribe: switched to Lomanic's image 2023-11-22 08:37:19 +08:00			`Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.`
Inital commit 2023-11-06 10:39:27 +08:00
Use .yaml 2023-11-13 20:27:07 +08:00			`Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.`
Inital commit 2023-11-06 10:39:27 +08:00
			`## Contact`
Scribe: switched to Lomanic's image 2023-11-22 08:37:19 +08:00			`Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.`