Design Decisions
Below are some of the ideas behind why certain decisions were made within this project (and for me to remember why I did things this way)
Variable Layout
Section titled “Variable Layout”The variables being stored in inventory/group_vars/all was decided due to Ansible variable precedence.
This layout allows someone to specify multiple hosts in the inventory/hosts.yml file (or other custom inventory file) each with their own specific variable settings with a “common” shared config between them. See the Remote Host docs.
Use case: development instance with different domain and/or SSL certificate but all other settings the same
Containers
Section titled “Containers”Gluetun
Section titled “Gluetun”Gluetun was not implemented because adding network_mode: "service:gluetun" to other containers, such as qbittorrent, did not fully protect the traffic (see this discussion post)
DNS Service
Section titled “DNS Service”The lack of a DNS service, like PiHole or AdGuard Home, is intentional since a crucial network service like that should be decoupled from this setup.
Key Material Storage
Section titled “Key Material Storage”Authentik and Tracerr Secret Keys
Section titled “Authentik and Tracerr Secret Keys”Since the .env file will be continually updated with new values and the 2 randomly generated values for Authentik need to remain persistent, Ansible will read/slurp these 2 files created and retrieve the values, ensuring the values within the .env are the same each time during every playbook run.
To ensure these key and pgpass files are not changed by Ansible, force: no is set on the template resource that creates these files.