--- - name: "all" hosts: "all" tasks: - name: "block domains" ansible.builtin.lineinfile: path: "/etc/hosts" line: "{{ address }} {{ item }}" vars: - address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address | default('127.0.0.1') }}" loop: "{{ [system_mail_smtp_server | default([])] | union( [vpn_wireguard_server_address | default([])] ) | union( [services_backups_restic_aws_bucket_endpoint | default([])] ) | flatten }}" when: not (the_nine_worlds_production | bool) tags: "always" - name: "baldur" hosts: "baldur" roles: # ---------------------------------------------------------------------------------------------- # system # ---------------------------------------------------------------------------------------------- - role: "system/base/nftables" tags: - "system:base" - "system:base:nftables" - role: "system/base/sshd" tags: - "system:base" - "system:base:sshd" - role: "system/base/ntp" tags: - "system:base" - "system:base:ntp" - role: "system/base/fail2ban" tags: - "system:base" - "system:base:fail2ban" - role: "system/base/utils" tags: - "system:base" - "system:base:utils" - role: "system/base/root" tags: - "system:base" - "system:base:root" - role: "system/base/user" tags: - "system:base" - "system:base:user" # ---------------------------------------------------------------------------------------------- # vpn # ---------------------------------------------------------------------------------------------- - role: "vpn/base" tags: "vpn:base" - role: "vpn/bridge" tags: "vpn:bridge" # ---------------------------------------------------------------------------------------------- # backups # ---------------------------------------------------------------------------------------------- - role: "backups/restic/setup" tags: "backups:restic:setup" # ---------------------------------------------------------------------------------------------- # services # ---------------------------------------------------------------------------------------------- - role: "services/setup/system" tags: - "services:setup" - "services:setup:system" tasks: - name: "setup : user" ansible.builtin.include_role: name: "services/setup/user" apply: tags: - "services:{{ services_service_name }}" - "services:setup" - "services:setup:user" - "services:setup:user:{{ services_service_name }}" - "services:{{ services_service_name }}:setup:user" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always" - name: "deploy" ansible.builtin.include_role: name: "services/deploy/{{ services_service_name }}" apply: tags: - "services:{{ services_service_name }}" - "services:deploy" - "services:deploy:{{ services_service_name }}" - "services:{{ services_service_name }}:deploy" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always" - name: "backups : restic" ansible.builtin.include_role: name: "services/backups/restic" apply: tags: - "services:{{ services_service_name }}" - "services:backups" - "services:backups:restic" - "services:backups:restic:{{ services_service_name }}" - "services:{{ services_service_name }}:backups:restic" loop: "{{ services_host_services | dict2items | map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always"