--- - name: "system : all" hosts: "all" tasks: - name: "block domains" ansible.builtin.lineinfile: path: "/etc/hosts" line: "{{ address }} {{ item }}" vars: address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address | default('127.0.0.1') }}" loop: "{{ [system_mail_smtp_server | default([])] | union( [vpn_wireguard_server_address | default([])] ) | union( [backups_restic_user_aws_bucket_endpoint | default([])] ) | flatten }}" when: not (the_nine_worlds_production | bool) tags: "always" - name: "system : ups" hosts: "ups" roles: - role: "system/ups" tags: "system:ups" - name: "system : smart" hosts: "smart" roles: - role: "system/smart" vars: system_base_smartd_conf_file: "files/system/smart/smartd.conf" tags: "system:smart" - name: "system : zfs" hosts: "zfs" roles: - role: "system/zfs" tags: "system:zfs" - name: "system : valkyrie" hosts: "valkyrie" roles: - role: "system/gateway_hosts" tags: "system:gateway_hosts" vars: system_gateway_hosts_files: - "/etc/hosts" - "/etc/cloud/templates/hosts.debian.tmpl" system_gateway_hosts_hosts: "git.thenineworlds.net": "inet": "{{ hostvars.valkyrie.services_host_services.rproxy.inet_address }}" "inet6": "{{ hostvars.valkyrie.services_host_services.rproxy.inet6_address }}" when: (the_nine_worlds_production | bool) - name: "system : all" hosts: "all" roles: - role: "system/base/nftables" tags: - "system:base" - "system:base:nftables" - role: "system/base/mail" vars: system_base_mail_disable_dns: "{{ not (the_nine_worlds_production | bool) }}" tags: - "system:base" - "system:base:mail" - role: "system/base/sshd" tags: - "system:base" - "system:base:sshd" - role: "system/base/ntp" tags: - "system:base" - "system:base:ntp" - role: "system/base/fail2ban" tags: - "system:base" - "system:base:fail2ban" - role: "system/base/fstrim" tags: - "system:base" - "system:base:fstrim" - role: "system/base/unattended_upgrades" tags: - "system:base" - "system:base:unattended_upgrades" - role: "system/base/logs" vars: system_base_logs_ignore_dir: "files/system/base/logs" tags: - "system:base" - "system:base:logs" - role: "system/base/systemd_mail" tags: - "system:base" - "system:base:systemd_mail" - role: "system/base/utils" tags: - "system:base" - "system:base:utils" - role: "system/base/motd" vars: system_base_motd_dir: "files/system/base/motd" tags: - "system:base" - "system:base:motd" - role: "system/base/root" tags: - "system:base" - "system:base:root" - role: "system/base/user" tags: - "system:base" - "system:base:user" vars: system_base_user_become_user: "{{ system_base_ssh_user }}" - role: "system/extra/netdata" tags: - "system:extra" - "system:extra:netdata" vars: system_extra_netdata_install_sensors: "{{ 'home' in group_names }}" - name: "system : yggdrasil" hosts: "yggdrasil" roles: - role: "system/extra/libvirt" tags: - "system:extra" - "system:extra:libvirt" vars: system_extra_libvirt_user_name: "{{ system_base_ssh_user }}" system_extra_libvirt_install_zfs_driver: "{{ 'zfs' in group_names }}" - name: "system : asgard:&zfs" hosts: "asgard:&zfs" roles: - role: "system/datasets" tags: "system:datasets" vars: _zvol_volsize: "21474836480" # 20G system_datasets_var_containers_zvol_properties: "\ {% set _zvol_properties = {} %}\ {{ _zvol_properties.update({ 'volsize': _zvol_volsize }) }}\ {{ _zvol_properties.update({ 'com.sun:auto-snapshot': 'false' }) }}\ {% if not (the_nine_worlds_production | bool) %}\ {{ _zvol_properties.update({ 'refreservation': '0' }) }}\ {% endif %}\ {{ _zvol_properties }}" - name: "system : bifrost" hosts: "bifrost" roles: - role: "system/directories" tags: "system:directories" vars: system_directories_create_etc: true system_directories_create_var: false - name: "system : asgard" hosts: "asgard" roles: - role: "system/directories" tags: "system:directories" vars: system_directories_create_etc: true system_directories_create_var: true