0
0
opnxng-deploy-playbook/README.md

25 lines
1.4 KiB
Markdown
Raw Normal View History

2023-11-11 21:15:57 +08:00
# Ansible playbook for Opnxng deployment
2023-11-06 10:39:27 +08:00
2023-11-11 21:15:57 +08:00
An Ansible playbook to deploy Docker services to our servers and another to back up important data.
2023-11-06 10:39:27 +08:00
2023-11-13 20:27:07 +08:00
`ansible-playbook -i "production" "deploy.yaml"`
2023-11-06 10:39:27 +08:00
2023-11-13 20:27:07 +08:00
`ansible-playbook -i "production" "back-up.yaml"`
2023-11-11 21:15:57 +08:00
2023-11-06 10:39:27 +08:00
## Services
2023-11-13 20:27:07 +08:00
The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.
2023-11-06 10:39:27 +08:00
They are deployed with [Compose files](templates/compose) and load balanced according to the [Caddyfile](templates/conf/Caddyfile.j2).
## Configurations
2024-09-16 09:40:13 +08:00
Our caddy server blocks IP ranges that have been involved in mass spams or botnets. The [mass spam block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). The [botnet block range file](https://github.com/return42/sandbox/blob/main/data/searxng/ipv4_botnet.lst) is created by [return42](https://github.com/return42). Thanks to their team.
2023-11-22 08:37:19 +08:00
Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.
2023-11-06 10:39:27 +08:00
2024-09-06 23:38:31 +08:00
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml).
2023-11-06 10:39:27 +08:00
## Contact
2023-11-22 08:37:19 +08:00
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.