single-node ansible-managed infrastructure for a tiny personal webserver. powered by openresty, docker, and ansible.
first, set:
HCLOUD_TOKEN=<your hetzner API key>
this allows the hetzner dynamic inventory to discover your hosts.
then, run:
ansible-playbook main.yml --vault-pass-file path/to/secretadditional services can be added easily via config.yml. for example:
containers:
- subdomain: subdomain # available via subdomain.luuucyyy.net
name: container # name for container
image: ghcr.io/lucykowal/repo:main # image to run
container_port: "80" # image listens on port 80
host_port: "8080" # container is available via localhost:8080
- subdomain: another
name: another
image: ghcr.io/lucykowal/other:main
container_port: "80"
host_port: "8081"the process is as follows:
- build and deploy a docker image to ghcr
- add an entry to
config.yml. pull the above image, use the expected container port, use an unused host port, and pick a unique name and subdomain. - if this is the first time setting up this route, run the entire playbook with
ansible-playbook main.yml --vault-pass-file <secret file>. if you only need to update the image, add the--tags dockerfilter.
both subdomain and host_port should be unique.
health is taken.
- automatically create DNS A records for subdomains
- support docker compose based services
- use github action to run playbook on merge/manual trigger/trigger by other action(s)