← Back

Ubuntu server provisioning

A modular Ansible provisioning repo for Ubuntu hosts with baseline hardening, optional virtualization, and Kubernetes-friendly setup.

AnsibleUbuntuKVMK3sKata ContainersNetplan
Visit project
Ubuntu Provisioning Repo screenshot

Highlights

  • Base hardening: SSH, journald sizing, optional UFW, timezone/hostname
  • Optional building blocks: KVM/libvirt, K3s, Kata runtime, bridge networking
  • Inventory + group vars driven to keep hosts repeatable

This repo provisions Ubuntu servers using Ansible, with a small set of roles that can be combined depending on the target host. The goal is repeatable, auditable host setup for homelab infrastructure.

What it demonstrates

  • Role-based provisioning to keep responsibilities isolated and composable
  • Host hardening defaults that are easy to review and re-apply
  • A clean entrypoint workflow via Makefile and a verification playbook

Provisioning roles

Each role is scoped to one concern: baseline configuration, virtualization, networking, Kubernetes install, or runtime isolation. Variables are centralised via inventory and group vars.

  • base: SSH hardening, journald limits, optional UFW, system settings
  • network: netplan-based bridge config for VM/container networking
  • kvm: KVM/libvirt installation and basic configuration
  • k3s: lightweight Kubernetes install and configuration
  • kata: Kata runtime setup for additional isolation where needed

How it is run

  • Makefile provides entrypoints like bootstrap/apply and verify
  • site.yml applies the desired roles to the inventory targets
  • verify.yml runs post-provision checks to confirm expected state