After a long journey of iteration, troubleshooting, and learning, I’m excited to share that I’ve successfully redeployed the Feeditout service using Ansible.

This wasn’t just a redeployment — it was a full re-architecture of how the system is provisioned, secured, monitored, and maintained. I went deep into infrastructure-as-code territory and came out the other side with a more robust, modular, and maintainable setup than ever before.

Lessons from My Ansible Journey

At the heart of this process was Ansible — and it’s fair to say I’ve come a long way in mastering it. What began as a handful of playbooks quickly evolved into a library of roles, reusable tasks, and templated configuration files.

I focused heavily on idempotency, readability, and separation of concerns. Along the way, I developed a strong preference for minimal inline logic and clean, descriptive variable names. I also became comfortable enforcing good practices like avoiding item as a loop variable and steering clear of unnecessary block statements unless needed.

Roles I Wrote

Here’s a snapshot of the roles I built and used during this process — each one crafted with purpose:

• aide
• alert_manager
• ansible_pull
• apache2
• apparmor
• apt
• auditd
• base_packages
• certbot
• chkrootkit
• chuckbot
• clamav
• clean
• cockpit
• cron
• dns
• entropy
• fail2ban
• fail2counter
• grafana
• grub
• hostname
• iptables
• kernel
• keyboard
• locale
• logrotate
• logwatch
• memcached
• motd
• mysql
• network_manager
• node_exporter
• ntp
• opendkim
• opendmarc
• pam
• passwd
• php_fpm
• postfix
• postsrsd
• prometheus
• rclone
• redis
• root_password
• rsyslog
• saslauthd
• services
• spamassassin
• sshd
• sudo
• swap
• wayland

From security hardening (auditd, chkrootkit, aide, fail2ban) to service monitoring (grafana, prometheus, alert_manager), mail stack configuration (postfix, opendkim, opendmarc, postsrsd, saslauthd), and even custom integrations like chuckbot, every role played a part.

Each role encapsulates everything needed to configure a specific service — packages, configuration files, systemd services, and sensible defaults — while remaining fully overrideable via host_vars.

The Payoff

Feeditout is now:

• Secure by default with automated auditing, logging, and spam controls.
• Monitored with a complete Prometheus + Grafana setup and alert routing.
• Configured from scratch using a fully automated Ansible repo.
• Easier to maintain, extend, and recover from disaster.

Most importantly, I now have confidence in my infrastructure, because it’s reproducible and self-documented through code.

What’s Next?

Now that the foundation is solid, I’ll be iterating on:

• Self-healing features (auto-restart, watchdogs),
• Zero-downtime deployments,
• Better observability dashboards,
• Maybe even a public Git repo or guide for others to use and learn from.

If you’re thinking about doing something similar — take the plunge. It’s a challenge, but you’ll learn more about your systems and tools than you ever could from reading docs alone.