blog-server Setup Scripts

Ansible scripts for creating and setting up a simple web server on Hetzner Cloud.

Secrets are managed using Ansible Vault.

Note that this repo was created without prior knowledge of Ansible and might not adhere to best practices 😉

Creation of a Cloud Server

Creates a new cloud server
Uses access token from vault
Uses SSH key authentication by providing ~/.ssh/id_rsa.pub to the Hetzner console

Command to create the server:

ansible-playbook create.yaml --vault-password-file secrets/vault.password

A dynamic Ansible inventory is used to retrieve matching servers from Hetzner.

Installs basic tools (vim, tmux, htop)
Configures Debian
- Enables unattended-upgrades
- Add sftp-user which can be used to deploy the static blog
Set up basic hardening
- fail2ban
- firewall
Installs Nginx and configures it
- Supports rate limit using fail2ban
Installs certbot and provides a Let's Encrypt certificate
- Variables domain_name and letsencrypt_mail are taken from host_vars
- Mail address is encrypted using ansible vault

Command to run playbook:

ansible-playbook bootstrap.yaml --vault-password-file secrets/vault.password -i inventories/hosts.hcloud.yaml

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
host_vars		host_vars
inventories		inventories
roles		roles
.gitignore		.gitignore
README.md		README.md
ansible.cfg		ansible.cfg
bootstrap.yaml		bootstrap.yaml
create.yaml		create.yaml
credentials.yaml		credentials.yaml