218 lines
8.4 KiB
YAML
218 lines
8.4 KiB
YAML
---
|
|
- name: "all"
|
|
hosts: "all"
|
|
|
|
tasks:
|
|
- name: "block domains"
|
|
ansible.builtin.lineinfile:
|
|
path: "/etc/hosts"
|
|
line: "{{ address }} {{ item }}"
|
|
vars:
|
|
- address: "{{ hostvars[item.split('.')[0]].ansible_default_ipv4.address |
|
|
default('127.0.0.1') }}"
|
|
loop: "{{ [system_mail_smtp_server | default([])] |
|
|
union( [vpn_wireguard_server_address | default([])] ) |
|
|
union( [backups_restic_user_aws_bucket_endpoint | default([])] ) |
|
|
flatten }}"
|
|
when: not (the_nine_worlds_production | bool)
|
|
tags: "always"
|
|
|
|
- name: "baldur"
|
|
hosts: "baldur"
|
|
vars_files:
|
|
- "vars/services/volumes.yml"
|
|
- "vars/services/deploy/versions.yml"
|
|
|
|
roles:
|
|
# ----------------------------------------------------------------------------------------------
|
|
# system
|
|
# ----------------------------------------------------------------------------------------------
|
|
- role: "system/base/nftables"
|
|
tags:
|
|
- "system:base"
|
|
- "system:base:nftables"
|
|
- role: "system/base/sshd"
|
|
tags:
|
|
- "system:base"
|
|
- "system:base:sshd"
|
|
- role: "system/base/ntp"
|
|
tags:
|
|
- "system:base"
|
|
- "system:base:ntp"
|
|
- role: "system/base/fail2ban"
|
|
tags:
|
|
- "system:base"
|
|
- "system:base:fail2ban"
|
|
- role: "system/base/utils"
|
|
tags:
|
|
- "system:base"
|
|
- "system:base:utils"
|
|
- role: "system/base/root"
|
|
tags:
|
|
- "system:base"
|
|
- "system:base:root"
|
|
- role: "system/base/user"
|
|
tags:
|
|
- "system:base"
|
|
- "system:base:user"
|
|
vars:
|
|
system_base_user_become_user: "{{ system_base_ssh_user }}"
|
|
- role: "system/directories"
|
|
tags: "system:directories"
|
|
vars:
|
|
system_directories_create_etc: true
|
|
system_directories_create_var: true
|
|
|
|
# ----------------------------------------------------------------------------------------------
|
|
# backups
|
|
# ----------------------------------------------------------------------------------------------
|
|
- role: "backups/restic/setup"
|
|
tags: "backups:restic:setup"
|
|
|
|
# ----------------------------------------------------------------------------------------------
|
|
# music
|
|
# ----------------------------------------------------------------------------------------------
|
|
- role: "music/user"
|
|
tags: "music:user"
|
|
vars:
|
|
music_user_public_key_file: "~/.ssh/debian-virt.pub"
|
|
- role: "music/collection"
|
|
tags: "music:collection"
|
|
- role: "backups/restic/user"
|
|
vars:
|
|
backups_restic_user_name: "{{ music_user_name }}"
|
|
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
|
|
backups_restic_user_data_dataset: "{{ music_user_data_dataset | default('') }}"
|
|
backups_restic_user_data_directory: "{{ music_user_data_directory }}"
|
|
backups_restic_user_data_exclude_list: []
|
|
backups_restic_user_aws_bucket_prefix: "the-nine-worlds---{{ music_user_name }}"
|
|
tags:
|
|
- "music:backups"
|
|
- "music:backups:restic"
|
|
- "music:backups:restic:user"
|
|
|
|
# ----------------------------------------------------------------------------------------------
|
|
# vpn
|
|
# ----------------------------------------------------------------------------------------------
|
|
- role: "vpn/base"
|
|
tags: "vpn:base"
|
|
- role: "vpn/bridge"
|
|
tags: "vpn:bridge"
|
|
|
|
# ----------------------------------------------------------------------------------------------
|
|
# services
|
|
# ----------------------------------------------------------------------------------------------
|
|
- role: "services/setup/system"
|
|
tags:
|
|
- "services:setup"
|
|
- "services:setup:system"
|
|
|
|
tasks:
|
|
- name: "setup : user"
|
|
ansible.builtin.include_role:
|
|
name: "services/setup/user"
|
|
apply:
|
|
tags:
|
|
- "services:{{ services_service_name }}"
|
|
- "services:setup"
|
|
- "services:setup:user"
|
|
- "services:setup:user:{{ services_service_name }}"
|
|
- "services:{{ services_service_name }}:setup:user"
|
|
vars:
|
|
services_service_volumes: "{{ services_volumes[services_service_name] }}"
|
|
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
|
|
loop_control:
|
|
loop_var: "services_service_name"
|
|
tags: "always"
|
|
|
|
- name: "deploy rproxy"
|
|
ansible.builtin.include_role:
|
|
name: "services/deploy/rproxy"
|
|
apply:
|
|
tags:
|
|
- "services:rproxy"
|
|
- "services:deploy"
|
|
- "services:deploy:rproxy"
|
|
- "services:rproxy:deploy"
|
|
vars:
|
|
services_service_name: "rproxy"
|
|
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
|
|
services_deploy_rproxy_nginx_subdomain_config_files:
|
|
- "files/services/deploy/rproxy/nginx-conf.d/http-default.conf"
|
|
- "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf"
|
|
- "files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf"
|
|
services_service_deploy_versions: "{{ services_deploy_versions.rproxy }}"
|
|
when: "'rproxy' in services_host_services"
|
|
tags: "always"
|
|
|
|
- name: "deploy lrproxy"
|
|
ansible.builtin.include_role:
|
|
name: "services/deploy/rproxy"
|
|
apply:
|
|
tags:
|
|
- "services:lrproxy"
|
|
- "services:deploy"
|
|
- "services:deploy:lrproxy"
|
|
- "services:lrproxy:deploy"
|
|
vars:
|
|
services_service_name: "lrproxy"
|
|
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
|
|
services_deploy_rproxy_nginx_subdomain_config_files:
|
|
- "files/services/deploy/lrproxy/nginx-conf.d/archive.music.thenineworlds.net.conf"
|
|
- "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
|
- "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf"
|
|
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
|
|
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
|
|
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
|
|
services_service_deploy_versions: "{{ services_deploy_versions.lrproxy }}"
|
|
when: "'lrproxy' in services_host_services"
|
|
tags: "always"
|
|
|
|
- name: "deploy"
|
|
ansible.builtin.include_role:
|
|
name: "services/deploy/{{ services_service_name }}"
|
|
apply:
|
|
tags:
|
|
- "services:{{ services_service_name }}"
|
|
- "services:deploy"
|
|
- "services:deploy:{{ services_service_name }}"
|
|
- "services:{{ services_service_name }}:deploy"
|
|
vars:
|
|
services_service_deploy_versions: "{{ services_deploy_versions[services_service_name] }}"
|
|
loop: "{{
|
|
services_host_services | dict2items |
|
|
rejectattr('key', '==', 'rproxy') |
|
|
rejectattr('key', '==', 'lrproxy') |
|
|
map(attribute='key') }}"
|
|
loop_control:
|
|
loop_var: "services_service_name"
|
|
tags: "always"
|
|
|
|
- name: "backups : restic"
|
|
ansible.builtin.include_role:
|
|
name: "backups/restic/user"
|
|
apply:
|
|
tags:
|
|
- "services:{{ services_service_name }}"
|
|
- "services:backups"
|
|
- "services:backups:restic:user"
|
|
- "services:backups:restic:user:{{ services_service_name }}"
|
|
- "services:{{ services_service_name }}:backups:restic:user"
|
|
vars:
|
|
backups_restic_user_name: "\
|
|
{{ services_backups_restic_services[services_service_name].user_name }}"
|
|
backups_restic_user_use_dataset: "{{ 'zfs' in group_names }}"
|
|
backups_restic_user_data_dataset: "\
|
|
{{ services_backups_restic_services[services_service_name].data_dataset | default('') }}"
|
|
backups_restic_user_data_directory: "\
|
|
{{ services_backups_restic_services[services_service_name].data_directory }}"
|
|
backups_restic_user_data_exclude_list: "\
|
|
{{ services_backups_restic_services[services_service_name].exclude }}"
|
|
backups_restic_user_aws_bucket_prefix: "\
|
|
{{ services_backups_restic_services[services_service_name].aws_bucket_prefix }}"
|
|
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
|
|
when: "services_host_services[services_service_name].restic"
|
|
loop_control:
|
|
loop_var: "services_service_name"
|
|
tags: "always"
|