this post was submitted on 15 Nov 2025
224 points (98.3% liked)

Selfhosted

53095 readers
754 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
224
I made a project that can install/configure/orchestrate 115+ applications on your homelab using Ansible! (github.com)
submitted 1 week ago by Dylancyclone@programming.dev to c/selfhosted@lemmy.world
15 comments fedilink hide all child comments
 

Hi! I wanted to share a project I've been working on that lets you set up a huge variety of applications really quickly and painlessly. For example, instead of setting up and configuring a large docker compose for a complicated application like Immich, this playbook lets you simply write:

immich_enabled: true

And it will orchestrate all the containers, networks, directories, etc for you with reasonable defaults. All of which can be overwritten, for example to enable extra features like hardware acceleration:

immich_hardware_acceleration: "-cuda"

Or to automatically get a letsencrypt cert and expose the application on a subdomain to the outside world:

immich_available_externally: true

Included in the playbook is a ton of complicated applications, like Paperless, Meelo, TTRSS, Dawarich, as well as common self-hosted apps like Jellyfin, Home Assistant, Syncthing, Navidrome, Grafana, and a whole lot more (totaling 116 right now!).

It also comes with scripts and tests to help add your own applications (ansible roles) and ensure they work properly

I've been using this project myself for awhile, including to assist with moving from one homelab computer to another (point the playbook to the new address, run it to install everything, and restore a backup from the previous computer for data), and I hope it can help someone else build up their homelab without sinking too much time into setting things up

Here's the repository: https://github.com/Dylancyclone/ansible-homelab-orchestration

And the documentation (that I'm really proud of :D): https://dylancyclone.github.io/ansible-homelab-orchestration/

you are viewing a single comment's thread
view the rest of the comments
[–] Dylancyclone@programming.dev 10 points 1 week ago (2 children)

This is definitely inspired by ansible-nas! I'd also used it for awhile, and made my own fork to add/fix things since the project has gone a little dormant. I started making so many changes though that I started fresh and it turned it into a whole project of it's own. You can see a list of differences here: https://dylancyclone.github.io/ansible-homelab-orchestration/guides/introduction/

Or copy-pasted:

  • Does not require root to run
  • Runs containers with minimum privileges (no root unless absolutely necessary)
  • Allow any application to have it's name, image name and version overridden (in case of version pinning or running forks)
  • Does not modify existing system settings/configuration
  • Separates DNS access from external access (for example, access portainer.example.com on local network without exposing it to the internet)
  • Notifies the user of breaking changes in an application's ansible role before updating them
  • Everything is optional, doesn't install anything except what's configured by the user
  • Cleans up networks and containers more gracefully after disabling applications, and ensure nothing is left dangling
  • Supports more OSs than just Ubuntu
  • Includes suite of tests to ensure clean code and functionality
    • All created containers and networks are removed when stopping applications
    • Ensures all applications have consistent variable names and settings
    • Ensures all applications properly implement DNS and external access settings
    • Ensures no port conflicts between applications
    • etc
[–] moonpiedumplings@programming.dev 1 points 5 days ago (1 children)

Does it require docker installed and being in the docker group, with the docker daemon running?

Just an FYI, having the ability to create containers and do other docker is equivalent to root: https://docs.docker.com/engine/security/#docker-daemon-attack-surface

It's not really accurate to say that your playbooks don't require root to run when they basically do.

[–] Dylancyclone@programming.dev 1 points 5 days ago

That is very true, I suppose a more accurate way to say it would be the playbook does not need to run as the root user, and can instead use the permissions of a regular user. This lets all the volume mounts be owned by your user, instead of root. I think it's still an important distinction to make though, since by not running the playbook as root, the playbook can't directly change any of your server's settings, and only has the access the user you're SSHing as has.

Yes, this playbook is intended to orchestrate an already set up environment. I know Ansible can easily install and set up docker (using something like the awesome https://github.com/geerlingguy/ansible-role-docker), but I decided against it (at least for now) for two main reasons: Firstly to avoid becoming the root user, and secondly to avoid the Ansible role installing a second version of Docker, causing things to break. I ran into that myself while testing this playbook, where I had set up a Ubuntu VM, told the installer to install Docker during setup not knowing it would install it through snap, then the Ansible playbook would install docker again through conventional means causing a lot of strange problems. So instead I opted to let the user install docker however they'd like and not have any gotchas like "Remember to add --skip-tags="docker" if you installed Docker during OS installation on Ubuntu" or uninstalling their version of docker for them

[–] picnicolas@slrpnk.net 6 points 1 week ago

Awesome improvements! Really nice work. I’ll definitely be switching at some point when I have a reason to mess with it. Thanks for all the extra work you’ve done to improve the fork and gift the project to the commons.