--- # ============================================================================= # NetBird v1.6 Deployment - SSL Mode (Let's Encrypt) # ============================================================================= # Lightweight deployment without Authentik SSO. # Uses NetBird native user management. # # Prerequisites: # 1. Domain with DNS A record pointing to VPS IP # 2. Port 80 open for ACME challenge # 3. Update inventory.yml with your VPS IP/domain # 4. Update group_vars/netbird_servers.yml with your domain # 5. Create group_vars/vault.yml from vault.yml.example # # Run: # ansible-playbook -i inventory.yml playbook-ssl.yml --ask-vault-pass # ============================================================================= - name: Deploy NetBird v1.6 (SSL Mode) hosts: netbird_servers become: true vars_files: - group_vars/netbird_servers.yml - group_vars/vault.yml vars: # SSL-specific settings netbird_protocol: "https" relay_protocol: "rels" relay_port: 443 signal_port: 443 tasks: # ========================================================================= # Prerequisites # ========================================================================= - name: Update apt cache ansible.builtin.apt: update_cache: true cache_valid_time: 3600 - name: Install prerequisites ansible.builtin.apt: name: - apt-transport-https - ca-certificates - curl - gnupg - lsb-release - jq state: present # ========================================================================= # Docker Installation # ========================================================================= - name: Check if Docker is installed ansible.builtin.command: docker --version register: docker_installed changed_when: false failed_when: false - name: Create keyrings directory ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: "0755" when: docker_installed.rc != 0 - name: Add Docker GPG key ansible.builtin.shell: | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg args: creates: /etc/apt/keyrings/docker.gpg when: docker_installed.rc != 0 - name: Add Docker repository ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present filename: docker when: docker_installed.rc != 0 - name: Install Docker packages ansible.builtin.apt: name: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin state: present update_cache: true when: docker_installed.rc != 0 - name: Start and enable Docker ansible.builtin.systemd: name: docker state: started enabled: true # ========================================================================= # NetBird Directory Structure # ========================================================================= - name: Create NetBird directory ansible.builtin.file: path: "{{ netbird_base_dir }}" state: directory mode: "0755" # ========================================================================= # Deploy Configuration Files # ========================================================================= - name: Deploy docker-compose.yml ansible.builtin.template: src: templates/docker-compose.yml.j2 dest: "{{ netbird_base_dir }}/docker-compose.yml" mode: "0644" # Caddyfile is NOT deployed here - shared Caddy handles reverse proxy # See ../caddy/playbook.yml - name: Deploy management.json ansible.builtin.template: src: templates/management.json.j2 dest: "{{ netbird_base_dir }}/management.json" mode: "0644" - name: Deploy dashboard.env ansible.builtin.template: src: templates/dashboard.env.j2 dest: "{{ netbird_base_dir }}/dashboard.env" mode: "0640" - name: Deploy relay.env ansible.builtin.template: src: templates/relay.env.j2 dest: "{{ netbird_base_dir }}/relay.env" mode: "0640" - name: Deploy turnserver.conf ansible.builtin.template: src: templates/turnserver.conf.j2 dest: "{{ netbird_base_dir }}/turnserver.conf" mode: "0644" # ========================================================================= # Firewall (UFW) # ========================================================================= - name: Install UFW ansible.builtin.apt: name: ufw state: present - name: Allow SSH community.general.ufw: rule: allow port: "22" proto: tcp - name: Allow HTTP (ACME challenge) community.general.ufw: rule: allow port: "80" proto: tcp - name: Allow HTTPS community.general.ufw: rule: allow port: "443" proto: tcp - name: Allow TURN UDP community.general.ufw: rule: allow port: "3478" proto: udp - name: Allow TURN TCP community.general.ufw: rule: allow port: "3478" proto: tcp - name: Enable UFW community.general.ufw: state: enabled policy: deny # ========================================================================= # Start Services # ========================================================================= - name: Pull Docker images ansible.builtin.command: cmd: docker compose pull chdir: "{{ netbird_base_dir }}" changed_when: true - name: Start NetBird services ansible.builtin.command: cmd: docker compose up -d chdir: "{{ netbird_base_dir }}" changed_when: true # ========================================================================= # Wait for Services # ========================================================================= - name: Wait for management container to be running ansible.builtin.command: cmd: docker compose ps management --format json chdir: "{{ netbird_base_dir }}" register: management_container until: "'running' in management_container.stdout" retries: 12 delay: 5 changed_when: false # ========================================================================= # Display Summary # ========================================================================= - name: Display deployment status ansible.builtin.debug: msg: | ============================================ NetBird v1.6 Containers Deployed! ============================================ Containers: dashboard, signal, relay, management, coturn ============================================ NEXT STEPS: ============================================ 1. Deploy shared Caddy: cd ../caddy && ansible-playbook -i poc-inventory.yml playbook.yml 2. Then access https://{{ netbird_domain }} ============================================ View logs: ssh root@{{ ansible_host }} "cd {{ netbird_base_dir }} && docker compose logs -f" ============================================