ansible-edda/README.md

# The Ansible Edda

Ansible playbooks for provisioning The Nine Worlds.

## Secrets vault

- Encrypt with: ```ansible-vault encrypt secrets.yml```
- Decrypt with: ```ansible-vault decrypt secrets.yml```
- Print secrets to STDOUT: ```ansible-vault decrypt --output - secrets.yml```
- Run a playbook with ```ansible-playbook --vault-id @prompt playbook.yml```

## The Nine Worlds

The main entrypoint for The Nine Worlds is [`main.yml`](main.yml).

### Production and testing

The inventory files are split into [`production`](production) and [`testing`](testing).

To run the `main.yml` playbook on production hosts:
``` sh
ansible-playbook main.yml -i production
```

To run the `main.yml` playbook on production hosts:
``` sh
ansible-playbook main.yml -i testing
```

### Playbooks

The Nine Worlds playbook is composed of smaller [`playbooks`](playbooks). To run a single playbook,
invoke the `main.yml` playbook directly from the desired playbook's directory. For example, to run
the [`system`](system) playbook, run:

``` sh
ansible-playbook playbooks/system/main.yml
```

### Roles

Playbooks are composed of roles defined in the playbook's `roles` directory, e.g.
[`playbooks/system/roles`](playbooks/system/roles) for `system`.

To play only a specific role in a playbook, e.g. `base` in the playbook `system`, run:

``` sh
ansible-playbook playbooks/system/main.yml --tags "system:base"
```

### Role sub-tasks

Some roles are split into smaller groups of tasks. This can be checked by looking at the
`tasks/main.yml` file of a role, e.g.
[`playbooks/system/roles/base/tasks/main.yml`](playbooks/system/roles/base/tasks/main.yml).

To play only a particular group within a role, e.g. `sshd` in `base` of `system`, run:

``` sh
ansible-playbook playbooks/system/main.yml --tags "system:base:sshd"
```