Personal collection of Ansible roles for FreeBSD hosts
Configure nginx client_body_buffer_size
Setup accept_filter in Nginx directive only once
Do not rely on Ansible CPU count for nginx workers


browse log



Ansible Roles

This repository hosts a personal collection of Ansible roles for FreeBSD hosts. These are common configurations that I use in my own servers in various projects. To use this repository, add the following line to your requirements.yml:

- src: git+
  version: master
  name: freebsd-roles

Then you can refer the role in playbook with, for example:

- hosts: freebsd
      - import_role:
            name: freebsd-roles/freebsd-pf

Most roles in this repository uses s6 supervision suite to perform process supervision.


These roles configure packages in base:

  • freebsd-hardening — performs a basic hardening
  • freebsd-ntpd — sets up the ntpd for time sync
  • freebsd-pf — sets up the pf firewall
  • freebsd-tuning — common tuning for FreeBSD systems

These roles are for pkg-installed packages:

These roles are for pkg-installed packages that are managed using S6 supervision suite and require freebsd-s6 to be installed:

  • freebsd-s6-dehydrated — sets up Dehydrated and Lexicon for Let's Encrypt certificate provision
  • freebsd-s6-duplicity — sets up Duplicity for periodic backups
  • freebsd-s6-hitch — sets up Hitch for SSL/TLS terminating
  • freebsd-s6-mysql — sets up MariaDB database server
  • freebsd-s6-nginx — sets up Nginx for serving web sites
  • freebsd-s6-openntpd — sets up OpenNTPd via pkg to replace ntpd in base
  • freebsd-s6-openssh — sets up OpenSSH via pkg to replace OpenSSH in base
  • freebsd-s6-php — sets up PHP runtime
  • freebsd-s6-postgresql — sets up PostgreSQL database server
  • freebsd-s6-redis — sets up Redis key-value store
  • freebsd-s6-varnish — sets up Varnish caching server

See also

  • ansible-openbsd — Personal collection of Ansible roles for OpenBSD hosts.