ansible-edda/playbooks/system.yml

169 lines
4.7 KiB
YAML

---
- name: "system : all"
hosts: "all"
tasks:
- name: "block domains"
ansible.builtin.lineinfile:
path: "/etc/hosts"
line: "{{ address }} {{ item }}"
vars:
address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address |
default('127.0.0.1') }}"
loop: "{{ [system_mail_smtp_server | default([])] |
union( [vpn_wireguard_server_address | default([])] ) |
union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |
flatten }}"
when: not (the_nine_worlds_production | bool)
tags: "always"
- name: "system : ups"
hosts: "ups"
roles:
- role: "system/ups"
tags: "system:ups"
- name: "system : smart"
hosts: "smart"
roles:
- role: "system/smart"
vars:
system_base_smartd_conf_file: "files/system/smart/smartd.conf"
tags: "system:smart"
- name: "system : zfs"
hosts: "zfs"
roles:
- role: "system/zfs"
tags: "system:zfs"
- name: "system : valkyrie"
hosts: "valkyrie"
roles:
- role: "system/gateway_hosts"
tags: "system:gateway_hosts"
vars:
system_gateway_hosts_files:
- "/etc/hosts"
- "/etc/cloud/templates/hosts.debian.tmpl"
system_gateway_hosts_hosts:
"git.thenineworlds.net":
"inet": "{{ hostvars.valkyrie.services_host_services.rproxy.inet_address }}"
"inet6": "{{ hostvars.valkyrie.services_host_services.rproxy.inet6_address }}"
when: (the_nine_worlds_production | bool)
- name: "system : all"
hosts: "all"
roles:
- role: "system/base/nftables"
tags:
- "system:base"
- "system:base:nftables"
- role: "system/base/mail"
vars:
system_base_mail_disable_dns: "{{ not (the_nine_worlds_production | bool) }}"
tags:
- "system:base"
- "system:base:mail"
- role: "system/base/sshd"
tags:
- "system:base"
- "system:base:sshd"
- role: "system/base/ntp"
tags:
- "system:base"
- "system:base:ntp"
- role: "system/base/fail2ban"
tags:
- "system:base"
- "system:base:fail2ban"
- role: "system/base/fstrim"
tags:
- "system:base"
- "system:base:fstrim"
- role: "system/base/unattended_upgrades"
tags:
- "system:base"
- "system:base:unattended_upgrades"
- role: "system/base/logs"
vars:
system_base_logs_ignore_dir: "files/system/base/logs"
tags:
- "system:base"
- "system:base:logs"
- role: "system/base/systemd_mail"
tags:
- "system:base"
- "system:base:systemd_mail"
- role: "system/base/utils"
tags:
- "system:base"
- "system:base:utils"
- role: "system/base/motd"
vars:
system_base_motd_dir: "files/system/base/motd"
tags:
- "system:base"
- "system:base:motd"
- role: "system/base/root"
tags:
- "system:base"
- "system:base:root"
- role: "system/base/user"
tags:
- "system:base"
- "system:base:user"
vars:
system_base_user_become_user: "{{ system_base_ssh_user }}"
- role: "system/extra/netdata"
tags:
- "system:extra"
- "system:extra:netdata"
vars:
system_extra_netdata_install_sensors: "{{ 'home' in group_names }}"
- name: "system : yggdrasil"
hosts: "yggdrasil"
roles:
- role: "system/extra/libvirt"
tags:
- "system:extra"
- "system:extra:libvirt"
vars:
system_extra_libvirt_user_name: "{{ system_base_ssh_user }}"
system_extra_libvirt_install_zfs_driver: "{{ 'zfs' in group_names }}"
- name: "system : asgard:&zfs"
hosts: "asgard:&zfs"
roles:
- role: "system/datasets"
tags: "system:datasets"
vars:
_zvol_volsize: "21474836480" # 20G
system_datasets_var_containers_zvol_properties: "\
{% set _zvol_properties = {} %}\
{{ _zvol_properties.update({ 'volsize': _zvol_volsize }) }}\
{{ _zvol_properties.update({ 'com.sun:auto-snapshot': 'false' }) }}\
{% if not (the_nine_worlds_production | bool) %}\
{{ _zvol_properties.update({ 'refreservation': '0' }) }}\
{% endif %}\
{{ _zvol_properties }}"
- name: "system : bifrost"
hosts: "bifrost"
roles:
- role: "system/directories"
tags: "system:directories"
vars:
system_directories_create_etc: true
system_directories_create_var: false
- name: "system : asgard"
hosts: "asgard"
roles:
- role: "system/directories"
tags: "system:directories"
vars:
system_directories_create_etc: true
system_directories_create_var: true