How we use Ansible at josef.digital

In many of the organisation I have previously worked in, they seem to always configure their containers and vms using Terraform. After switching to Ansible, just for the configuration element, it really is an amazing tool that we can't live without now!

At josef.digital, Ansible is our go-to tool for provisioning and managing infrastructure. It helps us automate everything from setting up new servers to deploying our full application stack (We have a database stack as well) so we don't have to tear down infrastructure unless we actually require it, then we use Terraform.

Server setup

We use Ansible playbooks to install Docker, configure firewall rules (UFW), mount DigitalOcean volumes (for persistent SSL certs), and set up environment files and cron jobs. This keeps our server setup consistent and repeatable.

Deploying the platform

Our entire platform — including the API, web frontend, Caddy, and CI/CD stack (Woodpecker) — runs in Docker. Ansible copies over the relevant docker-compose files and spins up the stack with a single command. This makes deployments fast and reliable.

Secrets and environment management

Secrets and .env files are handled as part of the Ansible workflow. Everything is securely copied to the server during provisioning, so we don’t have to hardcode anything sensitive into the project itself. We will use Vault in the future but as this is still in early MVP, .env files works for now.

If you’re looking to automate infrastructure without adding too much overhead, I definitely recommend Ansible — it’s simple, powerful, and just works.