These are the Ansible playbooks I use for setting up my servers. I use FreeBSD on them exclusively, so they may be of limited utility to people using other OSs.
See the TODO file for details on what work I have left.
Initial setup of a fresh machine can be done with bootstrap.yml. This ensures that Python and sudo are installed on the target machine and ensures that users in the wheel group don't need to provide a password when using sudo. Run this with:
make bootstrap
Once all hosts have been bootstrapped, you can run the rest of the main playbooks with:
make
This runs all the playbooks listed in site.yml.
The sites themselves are subsequently deployed from the sites repo.
My user configuration sits under the 'user' directory. This sets up the 'keith' user with anything I might want/need to have present on the servers.
This role just does basic setup needed for both primary and secondary nameservers. The actual heavy lifting is in a seperate repo which contains the zonefiles.
The 'pgsql' user can act as a superuser for creating subsequent users, databases, &c. To list databases, use:
sudo -u pgsql psql --list
To create a user, use:
sudo -u pgsql createuser --interactive <username>
manann used to become uncommunicative when Hetzner would do network maintenance. I found https://forums.freebsd.org/threads/60675/#post-350427, which states:
IIRC these problems are due to buggy/crappy offloading in some (all?) Realtek NICs. Try disabling LRO and TSO on them. I don't think Realtek NICs do checksum-offloading, but you could also try to disable tx/rcsum (it returns an error if the driver/card doesn't support it).
To do this:
ifconfig re0 -tso -lro
I haven't had issues since, and should probably make that a task, but haven't thought of a nice way to do it.