--- - name: "system : all" hosts: "all" tasks: - name: "block domains" ansible.builtin.lineinfile: path: "/etc/hosts" line: "127.0.0.1 {{ item }}" loop: - "{{ system_mail_smtp_server }}" - "{{ vpn_wireguard_server_address | default('localhost') }}" - "{{ services_backups_restic_aws_bucket_endpoint | default('localhost') }}" when: not (the_nine_worlds_production | bool) tags: "always" - name: "system : ups" hosts: "ups" roles: - role: "system/ups" tags: "system:ups" - name: "system : smart" hosts: "smart" roles: - role: "system/smart" vars: system_base_smartd_conf_file: "files/system/smart/smartd.conf" tags: "system:smart" - name: "system : zfs" hosts: "zfs" roles: - role: "system/zfs" tags: "system:zfs" - name: "system : all" hosts: "all" roles: - role: "system/base/nftables" tags: - "system:base" - "system:base:nftables" - role: "system/base/mail" vars: system_base_mail_disable_dns: "{{ not (the_nine_worlds_production | bool) }}" tags: - "system:base" - "system:base:mail" - role: "system/base/sshd" tags: - "system:base" - "system:base:sshd" - role: "system/base/ntp" tags: - "system:base" - "system:base:ntp" - role: "system/base/fail2ban" tags: - "system:base" - "system:base:fail2ban" - role: "system/base/fstrim" tags: - "system:base" - "system:base:fstrim" - role: "system/base/unattended_upgrades" tags: - "system:base" - "system:base:unattended_upgrades" - role: "system/base/logs" tags: - "system:base" - "system:base:logs" - role: "system/base/systemd_mail" tags: - "system:base" - "system:base:systemd_mail" - role: "system/base/utils" tags: - "system:base" - "system:base:utils" - role: "system/base/motd" vars: system_base_motd_dir: "files/system/base/motd" tags: - "system:base" - "system:base:motd" - role: "system/base/root" tags: - "system:base" - "system:base:root" - role: "system/base/user" tags: - "system:base" - "system:base:user"