ansible-edda/playbooks/baldur.yml

160 lines
6.0 KiB
YAML
Raw Normal View History

2023-02-13 00:12:49 +01:00
---
- name: "all"
hosts: "all"
tasks:
- name: "block domains"
ansible.builtin.lineinfile:
path: "/etc/hosts"
line: "{{ address }} {{ item }}"
vars:
- address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address |
default('127.0.0.1') }}"
loop: "{{ [system_mail_smtp_server | default([])] |
union( [vpn_wireguard_server_address | default([])] ) |
2023-07-15 19:48:50 +02:00
union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |
2023-02-13 00:12:49 +01:00
flatten }}"
when: not (the_nine_worlds_production | bool)
tags: "always"
- name: "baldur"
hosts: "baldur"
roles:
# ----------------------------------------------------------------------------------------------
# system
# ----------------------------------------------------------------------------------------------
- role: "system/base/nftables"
tags:
- "system:base"
- "system:base:nftables"
- role: "system/base/sshd"
tags:
- "system:base"
- "system:base:sshd"
- role: "system/base/ntp"
tags:
- "system:base"
- "system:base:ntp"
- role: "system/base/fail2ban"
tags:
- "system:base"
- "system:base:fail2ban"
- role: "system/base/utils"
tags:
- "system:base"
- "system:base:utils"
- role: "system/base/root"
tags:
- "system:base"
- "system:base:root"
- role: "system/base/user"
tags:
- "system:base"
- "system:base:user"
2023-07-15 19:48:50 +02:00
vars:
system_base_user_become_user: "{{ system_base_ssh_user }}"
- role: "system/directories"
tags: "system:directories"
# ----------------------------------------------------------------------------------------------
# backups
# ----------------------------------------------------------------------------------------------
- role: "backups/restic/setup"
tags: "backups:restic:setup"
# ----------------------------------------------------------------------------------------------
# music
# ----------------------------------------------------------------------------------------------
- role: "music/user"
tags: "music:user"
vars:
music_user_public_key_file: "~/.ssh/debian-virt.pub"
- role: "music/collection"
tags: "music:collection"
- role: "backups/restic/user"
vars:
backups_restic_user_name: "{{ music_user_name }}"
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
backups_restic_user_data_dataset: "{{ music_user_data_dataset | default('') }}"
backups_restic_user_data_directory: "{{ music_user_data_directory }}"
backups_restic_user_data_exclude_list: []
2023-07-15 19:48:50 +02:00
backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
tags:
- "music:backups"
- "music:backups:restic"
- "music:backups:restic:user"
2023-02-13 00:12:49 +01:00
# ----------------------------------------------------------------------------------------------
# vpn
# ----------------------------------------------------------------------------------------------
- role: "vpn/base"
tags: "vpn:base"
- role: "vpn/bridge"
tags: "vpn:bridge"
# ----------------------------------------------------------------------------------------------
# services
# ----------------------------------------------------------------------------------------------
- role: "services/setup/system"
tags:
- "services:setup"
- "services:setup:system"
tasks:
- name: "setup : user"
ansible.builtin.include_role:
name: "services/setup/user"
apply:
tags:
- "services:{{ services_service_name }}"
- "services:setup"
- "services:setup:user"
- "services:setup:user:{{ services_service_name }}"
- "services:{{ services_service_name }}:setup:user"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"
tags: "always"
- name: "deploy"
ansible.builtin.include_role:
name: "services/deploy/{{ services_service_name }}"
apply:
tags:
- "services:{{ services_service_name }}"
- "services:deploy"
- "services:deploy:{{ services_service_name }}"
- "services:{{ services_service_name }}:deploy"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"
tags: "always"
- name: "backups : restic"
ansible.builtin.include_role:
2023-07-15 19:48:50 +02:00
name: "backups/restic/user"
2023-02-13 00:12:49 +01:00
apply:
tags:
- "services:{{ services_service_name }}"
- "services:backups"
2023-07-15 19:48:50 +02:00
- "services:backups:restic:user"
- "services:backups:restic:user:{{ services_service_name }}"
- "services:{{ services_service_name }}:backups:restic:user"
vars:
backups_restic_user_name: "\
{{ services_backups_restic_services[services_service_name].user_name }}"
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
backups_restic_user_data_dataset: "\
{{ services_backups_restic_services[services_service_name].data_dataset | default('') }}"
backups_restic_user_data_directory: "\
{{ services_backups_restic_services[services_service_name].data_directory }}"
backups_restic_user_data_exclude_list: "\
{{ services_backups_restic_services[services_service_name].exclude }}"
2023-07-15 19:48:50 +02:00
backups_restic_user_aws_bucket_prefix: "\
{{ services_backups_restic_services[services_service_name].aws_bucket_prefix }}"
2023-02-13 00:12:49 +01:00
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
2023-07-15 19:48:50 +02:00
when: "services_host_services[services_service_name].restic"
2023-02-13 00:12:49 +01:00
loop_control:
loop_var: "services_service_name"
tags: "always"