This Ansible playbook deploys a container orchestration cluster on a group of servers distributed over several data centers. In this particular setup, the assumption on infrastructure is:
| NODE | ROLE | DATACENTER |
|---|---|---|
| apex | Manager / Worker | 1 |
| horreum | Worker | 1 |
| arca | Manager / Worker | 2 |
| arm | Manger / Worker | 3 |
- Orchestration: The cluster is orchestrated by Nomad (default) or Docker Swarm mode
- Encryption: Cluster nodes communicate exclusively over a private Wireguard mesh network
- Security: CrowdSec (default) or Fail2ban; reasonably hardened
sshconfig; unattended upgrades - Need-to-know: Service ports (
HTTPS,IMAP,DoT, etc.) are open on ingress nodes only; all requests get reverse-proxied to services over the encrypted mesh network - Cloud storage: Rclone as a Docker volume plugin or systemd-managed FUSE mounts (default) for using almost any cloud storage as a storage backend for services
- Distributed storage: GlusterFS or Syncthing (default)
This is a personalized setup, not a cookie-cutter playbook, so any use outside of the intended environment requires the appropriate adjustments to roles and variables.