This is a collection of Ansible roles for Debian-based systems.

These are based on my own personal needs, and the needs of projects that I contribute to. Consequently, the selection of choices is still quite limited, but it will grow.

• common - Configuration common to most Debian systems

  Configures APT sources and preferences, but can also configure some hardware and system aspects of a target.

• apache2 - Apache 2.x web server

  Performs installation and basic configuration of the Apache 2 web server, including management of Let's Encrypt certificates.

• approx - APT cache server

  Sets up an APT cache server using approx.

• debci_master - debci master server

  Configures a host to server as the master within a debci CI instance. The master queues tests, collects results from workers, and published them via a web application.

• debci_worker - debci worker

  Configures a host to serve as a worker within a debci CI instance. A worker reads and executes jobs queued by the debci master.

• rabbitmq - RabbitMQ server

  Configures a host to run as a RabbitMQ server.

• reprepro - reprepro APT repository

  Sets up a reprepro repository, to which selected users can upload. The repository is made available via http/s, including signed Release files.

• wireguard - WireGuard VPN

  Configures a host for participation in a WireGuard VPN, including network interface and peer management.

If you want to use Ansible Vault together with a GnuPG-encrypted passphrase, a helper is provided. You'll need to create the file local/vault-passphrase.gpg first. See bin.

Some roles may need custom certificates to communicate via TLS. To this end, the pki/ contains a utility and an OpenSSL configuration for quickly creating CA, server, and client certificates.