config-tasks | ||
files | ||
templates | ||
vars | ||
.gitignore | ||
back-up.yaml | ||
deploy.yaml | ||
LICENSE | ||
README.md | ||
staging |
Ansible playbook for Opnxng deployment
An Ansible playbook to deploy Docker services to our servers and another to back up important data.
ansible-playbook -i "production" "deploy.yaml"
ansible-playbook -i "production" "back-up.yaml"
Services
The services are hosted on one Vultr and four Oracle servers. A variables file defines the services to be deployed or already deployed.
They are deployed with Compose files and load balanced according to the Caddyfile.
Configurations
Our caddy server blocks IP ranges that have been involved in mass spams. The block range file is created by ProjectSegfault. Thanks to their team.
Our SearXNG instance uses a custom settings.yml. It is updated by hand with reference to Pussthecat.org's configuration. Thanks to TheFrenchGhosty.
Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.
Passwords and other sensitive data are kept locally as encrypted variables in secrets.yaml. We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
Contact
Please contact us via email if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.