Bootstrap Digital Ocean droplets using Ansible to:
- Configure SSH key
- Launch a droplet
- Configure DNS domain
- Destroy droplet
Inspired by yoshz/ansible-digitalocean.
- Install Ansible
- Install pip
- Install dopy
- Copy vars.yml.dist to vars.yml and change the variables to your needs
- Copy the id_rsa for pulling from github to files/id_rsa
- Make your hosts file
Create a new API key on the API access page.
Add the api_token to vars.yml
.
Create a personal access token GitHub Developer Settings.
Add the access token to vars.yml
.
Launch and provision a new server on Digital Ocean.
ansible-playbook -i hosts launch.yml
What this Playbook do for you?
- configure swap file
- install ufw, fail2ban
- configure ufw allow ports for SSH
- make sshd more secure:
- PermitRootLogin=no
- PasswordAuthentication=no
- AllowGroups=sudo
- config sudoers
- clones git repos
- generates virtual hosts
- secures hosts with Let's Encrypt
Adds a user and their public key.
ansible-playbook -i hosts add_user.yml
Destroys a server on Digital Ocean.
ansible-playbook -i hosts destroy.yml
- Separate tasks into roles
- Automatically add hostkey