2022-09-04 17:25:14 +02:00
|
|
|
---
|
2022-09-06 11:10:05 +02:00
|
|
|
|
2022-10-18 12:13:27 +02:00
|
|
|
- name: mount rw
|
|
|
|
hosts:
|
|
|
|
- pikvm
|
|
|
|
become: true
|
|
|
|
pre_tasks:
|
|
|
|
- name: mount rw
|
|
|
|
command: /usr/local/bin/rw
|
|
|
|
|
2022-10-31 13:32:04 +01:00
|
|
|
- name: basic roles
|
|
|
|
hosts:
|
|
|
|
- caladan
|
|
|
|
- fugu
|
|
|
|
- narwhal
|
|
|
|
- snitch
|
|
|
|
- suricata
|
|
|
|
# - pikvm
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- repos
|
|
|
|
- basic
|
|
|
|
|
2022-09-27 10:27:00 +02:00
|
|
|
- name: cryptoraid
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- cryptoraid
|
2022-10-19 11:21:27 +02:00
|
|
|
tags: raid
|
2022-09-27 10:27:00 +02:00
|
|
|
|
2022-09-20 13:51:20 +02:00
|
|
|
- name: mounts
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- mounts
|
|
|
|
|
2023-01-11 11:55:10 +01:00
|
|
|
- name: nfs-server
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- nfs-server
|
|
|
|
tags: nfs
|
|
|
|
|
2022-09-20 15:02:53 +02:00
|
|
|
- name: usercfg
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- usercfg
|
|
|
|
|
2023-01-03 15:51:57 +01:00
|
|
|
- name: lbu.conf
|
2022-10-30 15:53:51 +01:00
|
|
|
hosts:
|
2023-01-03 15:51:57 +01:00
|
|
|
- suricata
|
2022-10-30 15:53:51 +01:00
|
|
|
become: true
|
|
|
|
roles:
|
2023-01-03 15:51:57 +01:00
|
|
|
- lbu_conf
|
|
|
|
tags: lbu_conf
|
2022-10-30 15:53:51 +01:00
|
|
|
|
2023-01-03 16:57:57 +01:00
|
|
|
- name: setup_apkcache
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- apk_cache
|
|
|
|
|
2022-10-30 15:53:51 +01:00
|
|
|
- name: common roles
|
|
|
|
hosts:
|
|
|
|
- caladan
|
|
|
|
- fugu
|
|
|
|
- narwhal
|
|
|
|
- snitch
|
|
|
|
- suricata
|
|
|
|
# - pikvm
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- users
|
|
|
|
- sshd
|
|
|
|
vars:
|
|
|
|
users:
|
|
|
|
- rilla
|
|
|
|
- ansible
|
2022-11-04 14:34:44 +01:00
|
|
|
- btrbk
|
2022-10-30 15:53:51 +01:00
|
|
|
- builder
|
|
|
|
- gopass
|
|
|
|
- woodpecker
|
|
|
|
|
2022-09-06 11:10:05 +02:00
|
|
|
- name: quality of life tools
|
|
|
|
hosts:
|
|
|
|
- caladan
|
|
|
|
- fugu
|
2022-09-20 13:51:20 +02:00
|
|
|
- narwhal
|
|
|
|
- suricata
|
2022-09-04 17:25:14 +02:00
|
|
|
become: true
|
2022-08-30 17:27:09 +02:00
|
|
|
roles:
|
2022-09-04 18:57:47 +02:00
|
|
|
- quality_of_life
|
2022-09-04 16:52:37 +02:00
|
|
|
|
2022-10-31 13:32:04 +01:00
|
|
|
- name: pi_fan_hwpwm
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- pi_fan_hwpwm
|
|
|
|
|
2023-01-03 15:51:57 +01:00
|
|
|
- name: docker
|
|
|
|
hosts:
|
|
|
|
- caladan
|
|
|
|
- narwhal
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- docker
|
|
|
|
|
2022-10-31 13:32:04 +01:00
|
|
|
- name: podman
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- podman
|
|
|
|
tags: podman
|
|
|
|
|
2023-01-03 16:57:57 +01:00
|
|
|
- name: k3s
|
|
|
|
hosts:
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- k3s
|
|
|
|
tags: k3s
|
|
|
|
|
2022-09-06 11:10:05 +02:00
|
|
|
- name: wifi setup
|
|
|
|
hosts: snitch
|
2022-09-04 17:25:14 +02:00
|
|
|
become: true
|
2022-09-04 16:52:37 +02:00
|
|
|
roles:
|
2022-09-06 11:10:05 +02:00
|
|
|
- wifi
|
|
|
|
|
2022-11-04 14:34:44 +01:00
|
|
|
- name: btrbk
|
|
|
|
hosts:
|
|
|
|
- narwhal
|
|
|
|
- suricata
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- btrbk
|
2022-11-04 15:24:55 +01:00
|
|
|
tags: btrbk
|
2022-11-04 14:34:44 +01:00
|
|
|
|
2022-09-06 11:10:05 +02:00
|
|
|
- name: caladan-specific things
|
|
|
|
hosts: caladan
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- tinyproxy
|
2022-09-04 17:47:06 +02:00
|
|
|
|
2022-09-06 16:11:48 +02:00
|
|
|
- name: wireguard
|
|
|
|
hosts:
|
|
|
|
- caladan
|
|
|
|
- fugu
|
|
|
|
become: true
|
|
|
|
roles:
|
|
|
|
- wireguard
|
|
|
|
|
2022-09-17 18:03:17 +02:00
|
|
|
- name: setup gopass
|
|
|
|
become: true
|
|
|
|
hosts:
|
|
|
|
- caladan
|
|
|
|
- fugu
|
|
|
|
- narwhal
|
2022-10-19 18:00:01 +02:00
|
|
|
# - pikvm
|
2022-09-17 18:03:17 +02:00
|
|
|
roles:
|
|
|
|
- gopass
|
2022-10-18 18:16:13 +02:00
|
|
|
|
|
|
|
- name: setup DAGs
|
|
|
|
become: true
|
|
|
|
hosts:
|
|
|
|
- pikvm
|
|
|
|
roles:
|
|
|
|
- dags
|
|
|
|
tags: dags
|
|
|
|
|
|
|
|
- name: set up pikvm's ssl certs
|
|
|
|
hosts:
|
|
|
|
- pikvm
|
|
|
|
become: true
|
|
|
|
vars:
|
|
|
|
domain: monotremata.xyz
|
2022-09-20 13:51:20 +02:00
|
|
|
|
|
|
|
- name: lbu commit
|
|
|
|
hosts:
|
|
|
|
- snitch
|
|
|
|
- suricata
|
|
|
|
become: true
|
2022-10-31 16:02:25 +01:00
|
|
|
tags: lbu
|
2022-10-19 18:09:08 +02:00
|
|
|
post_tasks:
|
|
|
|
- name: lbu commit
|
2022-10-30 17:57:27 +01:00
|
|
|
# I use the shell module instead of the lbu one because the lbu module
|
|
|
|
# doesn't seem to work with encryption
|
|
|
|
shell:
|
|
|
|
cmd: lbu commit
|
2022-10-31 16:02:25 +01:00
|
|
|
environment:
|
|
|
|
PASSWORD: '{{ lbu_password }}'
|
2022-10-19 18:09:08 +02:00
|
|
|
when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
|
2022-10-18 12:13:27 +02:00
|
|
|
|
2023-01-03 18:26:16 +01:00
|
|
|
- name: create lbu backups directory
|
|
|
|
file:
|
|
|
|
state: directory
|
|
|
|
path: /mnt/backups/lbu
|
|
|
|
|
|
|
|
# todo: use less hardcoding
|
|
|
|
- name: make a more permanent lbu backup
|
|
|
|
copy:
|
2023-01-10 10:57:01 +01:00
|
|
|
src: "/media/mmcblk0p2/{{ ansible_hostname }}.apkovl.tar.gz.aes-256-cbc"
|
2023-01-03 18:26:16 +01:00
|
|
|
dest: "/mnt/backups/lbu/{{ ansible_hostname }}.apkovl.tar.gz.aes-256-cbc.{{ ansible_date_time.iso8601 }}"
|
|
|
|
remote_src: true
|
|
|
|
|
2022-10-18 12:13:27 +02:00
|
|
|
- name: mount ro
|
|
|
|
hosts:
|
|
|
|
- pikvm
|
|
|
|
become: true
|
|
|
|
post_tasks:
|
|
|
|
- name: mount ro
|
|
|
|
command: /usr/local/bin/ro
|