Ansible Playbook for Loki Server with client-side encryption for S3 storage


We're looking for help writing an Ansible playbook that:

  • Assumes a new and empty Ubuntu 22.04 server
  • Installs Docker, Docker Compose, and enables Swarm mode
  • Installs Loki as a docker-compose stack
  • Installs Grafana as a docker-compose stack
  • Sets up an SSL (wildcard) certificate (pre-provided, not let's encrypt) to use by apache
  • Installs Apache2 and configures it to reverse-proxy + TLS offload the Docker stacks
  • Installs and configures a firewall (iptables/nftables)
  • Loki should use Minio object-storage as a backend
  • Firewalling allows access from restricted list of source IP addresses to port 443 (Apache2)
  • Firewalling allows access from restricted list of source IP addresses to port 22 (SSH)

Requirements of the playbook:

  • The playbook will live in a standalone private github repository
  • Usage of existing high-quality Roles and Collections (Ansible Galaxy) is encouraged
  • All environment-specific variables should be provided through an inventory file. No real hostnames, IPs, usernames, etc should be present in the repository
  • The repo contains clear documentation in the README.md file, explaining how to use the playbook and explaining the variables that can be set in the inventory file
  • The repo contains a documented example (ficticious) inventory file (.dist) as an example / template
  • The repo passes ansible-lint and ansible-review. Exceptions should be documented in the README.md file
  • The playbook should be written in a way that makes Loki and Grafana optional.

Deployment to production:

  • The playbook should be written in a way that makes it easy to deploy to production and staging environments by our admins
  • High quality documentation is essential
  • You'll be expected to support our admins to deploy the playbook to production (and to update the docs based on these experiences)


At LinkORB, we work with the Badge System for qualification and learning. Candidates will be evaluated on their ability to achieve the following badges:

  • 🏅 Git Basics Understand and apply basic Git concepts
  • 🏅 GitHub Basics Understand and apply basic GitHub concepts
  • 🏅 Ansible Basics Uses Ansible automation
  • 🏅 YAML Basics Able to read, create and maintain YAML files.

That said, at LinkORB we understand that no one knows everything and the learning journey is part of what we love about the work.

Ready to take on this gig?

Great, we are excited to hear from you! Please send us your proposal at engineering@linkorb.com.

Working at LinkORB

LinkORB Engineering is the sub-group of LinkORB focused on the development and operations of our products and platforms: innovative healthcare solutions for healthcare professionals and their patients.

We are a fully remote team collaborating almost entirely asynchronously to build and support products used by millions of families and thousands of healthcare professionals.

Read more about LinkORB Engineering. Specifically, you might check out our: