generated from DO1JLR/ansible_playbook_template
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsite.yml
86 lines (76 loc) · 3.27 KB
/
site.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---
- name: Check if ansible is not to old
hosts: localhost
roles:
- {role: do1jlr.ansible_version, tags: [default, version, default, always]}
- name: General roles for all hosts
hosts: all
roles:
- {role: l3d.users.user, tags: [users, user]}
- {role: l3d.users.admin, tags: [users, admin]}
- {role: l3d.users.sshd, tags: [users, sshd]}
- {role: l3d.users.dotfiles, tags: [users, dotfiles]}
- {role: l3d.linux.packages, tags: [packages, general]}
- {role: l3d.linux.swappiness, tags: swappiness}
- {role: do1jlr.ranger, tags: [packages, ranger]}
- {role: gantsign.bat, tags: [packages, bat], when: [ansible_os_family == 'Debian' and "ansible_architecture" == "x86_64"]}
- {role: hifis.toolkit.unattended_upgrades, tags: [default, unattended, unattended_upgrades, security], become: true, when: ansible_distribution == 'Debian'}
- {role: do1jlr.rtl_nic_firmware, tags: [apu, rtl_nic, firmware]}
- {role: do1jlr.avahi_client, tags: [avahi, avahi_client]}
- {role: l3d.time.ntp, tags: [ntp]}
- {role: prometheus.prometheus.node_exporter, tags: [monitoring, node_exporter]}
- name: User specific roles for all hosts
hosts: all
roles:
- {role: geerlingguy.firewall, tags: [default, firewall], become: true}
- {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}
- name: Setup Webserver
hosts: all
roles:
- {role: do1jlr.webhost, tags: [web, webhost], become: true}
- {role: do1jlr.acmetool, tags: [web, acmetool], become: true}
- {role: do1jlr.nginx, tags: [web, nginx]}
- {role: l3d.nginx_exporter, tags: [monitoring, nginx, prometheus, exporter]}
- name: Deploy web config
hosts: web01.l3d.space
roles:
# - {role: geerlingguy.mysql, tags: [web, git, mysql], become: true}
- {role: l3d.git.gitea, tags: [web, gitea, git]}
- name: Deploy dns resolver
hosts: resolver
roles:
- {role: do1jlr.unbound, tags: [mail, unbound]}
- name: Deploy services
hosts: services
roles:
- {role: l3d.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
# - {role: grafana.grafana.grafana, tags: grafana}
- {role: prometheus.prometheus.prometheus, tags: [monitoring, prometheus], become: true}
- {role: l3d.homebox, tags: [homebox]}
- {role: l3d.rustdesk, tags: [rustdesk]}
- name: Deploy legacy mail config
hosts: mail01.l3d.space
roles:
# - {role: do1jlr.mysql, tags: [mail, mysql, mariadb], become: true}
- {role: do1jlr.mailserver_preperation, tags: [mail, mailserver_preperation, prep, mailserver]}
- {role: do1jlr.dovecot, tags: [mail, dovecot, mailserver_dovecot]}
- {role: postfix, tags: [mail, postfix]}
- {role: do1jlr.rspamd, tags: [mail, rspamd]}
- {role: do1jlr.weechat, tags: [irc, weechat]}
- name: Setup Pretix
hosts: pretix.l3d.ch
become: true
roles:
- {role: l3d.pretix.postgres, tags: pretix}
- {role: l3d.pretix.redis, tags: pretix}
- {role: l3d.pretix.nodejs, tags: pretix}
- {role: l3d.pretix.pretix, tags: pretix}
- name: Setup wireguard-ui
hosts: services.l3d.ch
roles:
- {role: l3d.wireguard.wireguardui, tags: wireguard}
- {role: l3d.obs.lufs_exporter, tags: [lufs, obs, prometheus]}
- {role: l3d.cwtv_telegram_bot, tags: cwtv}
- name: Setup luna.l3d.ch host
hosts: luna.l3d.ch
roles: []