Successfully Redeploying the Feeditout Service with Ansible June 7, 2025
Say What?
0 Comment

After a long journey of iteration, troubleshooting, and learning, I’m excited to share that I’ve successfully redeployed the Feeditout service using Ansible.

This wasn’t just a redeployment — it was a full re-architecture of how the system is provisioned, secured, monitored, and maintained. I went deep into infrastructure-as-code territory and came out the other side with a more robust, modular, and maintainable setup than ever before.

Lessons from My Ansible Journey

At the heart of this process was Ansible — and it’s fair to say I’ve come a long way in mastering it. What began as a handful of playbooks quickly evolved into a library of roles, reusable tasks, and templated configuration files.

I focused heavily on idempotency, readability, and separation of concerns. Along the way, I developed a strong preference for minimal inline logic and clean, descriptive variable names. I also became comfortable enforcing good practices like avoiding item as a loop variable and steering clear of unnecessary block statements unless needed.

Roles I Wrote

Here’s a snapshot of the roles I built and used during this process — each one crafted with purpose:

  • aide apache2 auditd chkrootkit clean dns fail2counter hostname keyboard
  • logwatch mysql ntp pam postfix rclone rsyslog spamassassin swap alert_manager
  • apparmor base_packages chuckbot cockpit entropy grafana iptables locale memcached
  • network_manager opendkim passwd postsrsd redis saslauthd sshd wayland ansible_pull
  • apt certbot clamav cron fail2ban grub kernel logrotate motd node_exporter
  • opendmarc php_fpm prometheus root_password services sudo

From security hardening (auditd, chkrootkit, aide, fail2ban) to service monitoring (grafana, prometheus, alert_manager), mail stack configuration (postfix, opendkim, opendmarc, postsrsd, saslauthd), and even custom integrations like chuckbot, every role played a part.

Each role encapsulates everything needed to configure a specific service — packages, configuration files, systemd services, and sensible defaults — while remaining fully overrideable via host_vars.

The Payoff

Feeditout is now:

Secure by default with automated auditing, logging, and spam controls.  Monitored with a complete Prometheus + Grafana setup and alert routing.  Configured from scratch using a fully automated Ansible repo.  Easier to maintain, extend, and recover from disaster

Most importantly, I now have confidence in my infrastructure, because it’s reproducible and self-documented through code.

What’s Next?

Now that the foundation is solid, I’ll be iterating on:

  • Self-healing features (auto-restart, watchdogs),
  • Zero-downtime deployments,
  • Better , observability dashboards
  • Maybe even a public Git repo or guide for others to use and learn from

If you’re thinking about doing something similar — take the plunge. It’s a challenge, but you’ll learn more about your systems and tools than you ever could from reading docs alone.