--- - name: "all" hosts: "all" tasks: - name: "block domains" ansible.builtin.lineinfile: path: "/etc/hosts" line: "{{ address }} {{ item }}" vars: - address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address | default('127.0.0.1') }}" loop: "{{ [system_mail_smtp_server | default([])] | union( [vpn_wireguard_server_address | default([])] ) | union( [backups_restic_user_aws_bucket_endpoint | default([])] ) | flatten }}" when: not (the_nine_worlds_production | bool) tags: "always" - name: "baldur" hosts: "baldur" roles: # ---------------------------------------------------------------------------------------------- # system # ---------------------------------------------------------------------------------------------- - role: "system/base/nftables" tags: - "system:base" - "system:base:nftables" - role: "system/base/sshd" tags: - "system:base" - "system:base:sshd" - role: "system/base/ntp" tags: - "system:base" - "system:base:ntp" - role: "system/base/fail2ban" tags: - "system:base" - "system:base:fail2ban" - role: "system/base/utils" tags: - "system:base" - "system:base:utils" - role: "system/base/root" tags: - "system:base" - "system:base:root" - role: "system/base/user" tags: - "system:base" - "system:base:user" vars: system_base_user_become_user: "{{ system_base_ssh_user }}" - role: "system/directories" tags: "system:directories" # ---------------------------------------------------------------------------------------------- # backups # ---------------------------------------------------------------------------------------------- - role: "backups/restic/setup" tags: "backups:restic:setup" # ---------------------------------------------------------------------------------------------- # music # ---------------------------------------------------------------------------------------------- - role: "music/user" tags: "music:user" vars: music_user_public_key_file: "~/.ssh/debian-virt.pub" - role: "music/collection" tags: "music:collection" - role: "backups/restic/user" vars: backups_restic_user_name: "{{ music_user_name }}" backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}" backups_restic_user_data_dataset: "{{ music_user_data_dataset | default('') }}" backups_restic_user_data_directory: "{{ music_user_data_directory }}" backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}" tags: - "music:backups" - "music:backups:restic" - "music:backups:restic:user" # ---------------------------------------------------------------------------------------------- # vpn # ---------------------------------------------------------------------------------------------- - role: "vpn/base" tags: "vpn:base" - role: "vpn/bridge" tags: "vpn:bridge" # ---------------------------------------------------------------------------------------------- # services # ---------------------------------------------------------------------------------------------- - role: "services/setup/system" tags: - "services:setup" - "services:setup:system" tasks: - name: "setup : user" ansible.builtin.include_role: name: "services/setup/user" apply: tags: - "services:{{ services_service_name }}" - "services:setup" - "services:setup:user" - "services:setup:user:{{ services_service_name }}" - "services:{{ services_service_name }}:setup:user" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always" - name: "deploy" ansible.builtin.include_role: name: "services/deploy/{{ services_service_name }}" apply: tags: - "services:{{ services_service_name }}" - "services:deploy" - "services:deploy:{{ services_service_name }}" - "services:{{ services_service_name }}:deploy" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always" - name: "backups : restic" ansible.builtin.include_role: name: "backups/restic/user" apply: tags: - "services:{{ services_service_name }}" - "services:backups" - "services:backups:restic:user" - "services:backups:restic:user:{{ services_service_name }}" - "services:{{ services_service_name }}:backups:restic:user" vars: backups_restic_user_name: "\ {{ services_backups_restic_services[services_service_name].user_name }}" backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}" backups_restic_user_data_dataset: "\ {{ services_backups_restic_services[services_service_name].data_dataset | default('') }}" backups_restic_user_data_directory: "\ {{ services_backups_restic_services[services_service_name].data_directory }}" backups_restic_user_aws_bucket_prefix: "\ {{ services_backups_restic_services[services_service_name].aws_bucket_prefix }}" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" when: "services_host_services[services_service_name].restic" loop_control: loop_var: "services_service_name" tags: "always"