This is a collection of Ansible roles for free software self-hosting.
This collection mainly targets individuals or eventually small companies, but is done with professional quality standards.
These roles are done with in mind:
- Up to date and fully featured software.
- Security.
- Minimal maintenance.
To achieve well the two first points, Fedora is used as the base OS because it always provides up-to-date versions of software and advanced security feature like SELinux by default. To again improve security, hardening roles are applied in addition of some security configuration. To achieve the minimal maintenance, auto-updates (with auto-reboot, if required) are set for all packages every day.
Of course, there are always drawbacks with all choices. In that case, it is the risk of an update that breaks something and makes the service unavailable.
If you absolutely require a perfectly stable service with a 99.99% availability, use some other role based on LTS OS and software versions. No guarantee is provided with the use of these roles.
- common: Perform common machine initialisation tasks like configuring: auto-updates, firewall, NTP server, SSH and OS security hardening,...
- nextcloud: Install a Nextcloud server.
- kodi: Install a Kodi home theater personal computer.
- musicplayer: Install a standalone music player, by default Lollypop.
- mail: Install a mail server using Postfix and Dovecot.
- mpd: Install a Music Player Daemon server.
- squid: Install Squid caching proxy server.
The common role is intended to be used with all other roles and may be required by some of them.
These roles are used as main roles dependencies:
- clamav: Install ClamAV antivirus.
- coturn: Install CoTURN TURN/STUN server.
- nginx: Install a Nginx web server.
- postgresql: Install a PostgreSQL database.
- php_fpm: Install a PHP-FPM server.
- valkey: Install Valkey in memory data store.
- rpmfusion: Enable RPMFusion repositories.
This collection is available on Ansible Galaxy.
ansible-galaxy collection install jgoutin.home---
- hosts: all
become: true
collections:
- jgoutin.home
roles:
- common
- kodiWhy recommend "Fedora Minimal" over "Fedora Server"?
Fedora minimal is the Fedora version with the fewest pre-installed packages. Less packages means: less potential security vulnerabilities, less disc space usage, less background services consuming RAM/CPU, less network usage on packages update, ...
In summary, this improves server security and energy consumption. This can also help when running multiple virtual machines on the same host.
Finally, if the Ansible role is done to work with the minimal version, it should work on any version with more packages. So any variant can be freely used, the choice is yours.
Where find "Fedora Minimal"?
Fedora Minimal is hidden and not directly provided as ISO on the Fedora website.
To install it, use the
Netinstall ISO imageof "Fedora Server" and select "Fedora Minimal" in theSoftware Selectionscreen.
How to upgrade Fedora when using these roles?
A new Fedora version is released every 6 months, and it is highly recommended to keep it up to date.
Always ensure to have a back-up of your system before upgrading.
Upgrade Fedora as normal (Replace
NEW_VERSIONwith the new Fedora version):sudo dnf upgrade --refresh -y sudo dnf system-upgrade download -y --releasever=NEW_VERSION sudo dnf system-upgrade rebootThen, simply re-apply your Ansible playbook to ensure everything is OK.
Some components like databases may require extra steps to upgrade. This is specified in the relevant role documentation.