--- - name: "all" hosts: "all" tasks: - name: "block domains" ansible.builtin.lineinfile: path: "/etc/hosts" line: "{{ address }} {{ item }}" vars: address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address | default('127.0.0.1') }}" loop: "{{ [system_mail_smtp_server | default([])] | union( [vpn_wireguard_server_address | default([])] ) | union( [backups_restic_user_aws_bucket_endpoint | default([])] ) | flatten }}" when: not (the_nine_worlds_production | bool) tags: "always" - name: "baldur" hosts: "baldur" vars_files: - "vars/services/volumes.yml" - "vars/services/deploy/versions.yml" roles: # ---------------------------------------------------------------------------------------------- # system # ---------------------------------------------------------------------------------------------- - role: "system/base/nftables" tags: - "system:base" - "system:base:nftables" - role: "system/base/sshd" tags: - "system:base" - "system:base:sshd" - role: "system/base/ntp" tags: - "system:base" - "system:base:ntp" - role: "system/base/fail2ban" tags: - "system:base" - "system:base:fail2ban" - role: "system/base/utils" tags: - "system:base" - "system:base:utils" - role: "system/base/root" tags: - "system:base" - "system:base:root" - role: "system/base/user" tags: - "system:base" - "system:base:user" vars: system_base_user_become_user: "{{ system_base_ssh_user }}" - role: "system/directories" tags: "system:directories" vars: system_directories_create_etc: true system_directories_create_var: true # ---------------------------------------------------------------------------------------------- # backups # ---------------------------------------------------------------------------------------------- - role: "backups/restic/setup" tags: "backups:restic:setup" # ---------------------------------------------------------------------------------------------- # music # ---------------------------------------------------------------------------------------------- - role: "music/user" tags: "music:user" vars: music_user_public_key_file: "~/.ssh/debian-virt.pub" - role: "music/collection" tags: "music:collection" - role: "backups/restic/user" vars: backups_restic_user_name: "{{ music_user_name }}" backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}" backups_restic_user_data_dataset: "{{ music_user_data_dataset | default('') }}" backups_restic_user_data_directory: "{{ music_user_data_directory }}" backups_restic_user_data_exclude_list: [] backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}" tags: - "music:backups" - "music:backups:restic" - "music:backups:restic:user" # ---------------------------------------------------------------------------------------------- # vpn # ---------------------------------------------------------------------------------------------- - role: "vpn/base" tags: "vpn:base" - role: "vpn/bridge" tags: "vpn:bridge" # ---------------------------------------------------------------------------------------------- # services # ---------------------------------------------------------------------------------------------- - role: "services/setup/system" tags: - "services:setup" - "services:setup:system" vars: services_setup_system_containers_storage_fuse_overlay: "{{ 'zfs' in group_names }}" tasks: - name: "setup : user" ansible.builtin.include_role: name: "services/setup/user" apply: tags: - "services:{{ services_service_name }}" - "services:setup" - "services:setup:user" - "services:setup:user:{{ services_service_name }}" - "services:{{ services_service_name }}:setup:user" vars: services_service_volumes: "{{ services_volumes[services_service_name] }}" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always" - name: "deploy rproxy" ansible.builtin.include_role: name: "services/deploy/rproxy" apply: tags: - "services:rproxy" - "services:deploy" - "services:deploy:rproxy" - "services:rproxy:deploy" vars: services_service_name: "rproxy" services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf" services_deploy_rproxy_nginx_subdomain_config_files: - "files/services/deploy/rproxy/nginx-conf.d/http-default.conf" - "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf" - "files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf" services_service_deploy_versions: "{{ services_deploy_versions.rproxy }}" when: "'rproxy' in services_host_services" tags: "always" - name: "deploy lrproxy" ansible.builtin.include_role: name: "services/deploy/rproxy" apply: tags: - "services:lrproxy" - "services:deploy" - "services:deploy:lrproxy" - "services:lrproxy:deploy" vars: services_service_name: "lrproxy" services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf" services_deploy_rproxy_nginx_subdomain_config_files: - "files/services/deploy/lrproxy/nginx-conf.d/archive.music.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/cloud.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/dash.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf" services_service_deploy_versions: "{{ services_deploy_versions.lrproxy }}" when: "'lrproxy' in services_host_services" tags: "always" - name: "deploy" ansible.builtin.include_role: name: "services/deploy/{{ services_service_name }}" apply: tags: - "services:{{ services_service_name }}" - "services:deploy" - "services:deploy:{{ services_service_name }}" - "services:{{ services_service_name }}:deploy" vars: services_service_deploy_versions: "{{ services_deploy_versions[services_service_name] }}" loop: "{{ services_host_services | dict2items | rejectattr('key', '==', 'rproxy') | rejectattr('key', '==', 'lrproxy') | map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always" - name: "backups : restic" ansible.builtin.include_role: name: "backups/restic/user" apply: tags: - "services:{{ services_service_name }}" - "services:backups" - "services:backups:restic:user" - "services:backups:restic:user:{{ services_service_name }}" - "services:{{ services_service_name }}:backups:restic:user" vars: backups_restic_user_name: "\ {{ services_backups_restic_services[services_service_name].user_name }}" backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}" backups_restic_user_data_dataset: "\ {{ services_backups_restic_services[services_service_name].data_dataset | default('') }}" backups_restic_user_data_directory: "\ {{ services_backups_restic_services[services_service_name].data_directory }}" backups_restic_user_data_exclude_list: "\ {{ services_backups_restic_services[services_service_name].exclude }}" backups_restic_user_aws_bucket_prefix: "\ {{ services_backups_restic_services[services_service_name].aws_bucket_prefix }}" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" when: "services_host_services[services_service_name].restic" loop_control: loop_var: "services_service_name" tags: "always"