ansible/deploy.yml

220 lines
3.1 KiB
YAML
Raw Normal View History

2022-09-04 17:25:14 +02:00
---
2022-09-06 11:10:05 +02:00
2022-10-18 12:13:27 +02:00
- name: mount rw
hosts:
- pikvm
become: true
pre_tasks:
- name: mount rw
command: /usr/local/bin/rw
2022-10-31 13:32:04 +01:00
- name: basic roles
hosts:
- caladan
- fugu
- narwhal
- snitch
- suricata
# - pikvm
become: true
roles:
- repos
- basic
2022-09-27 10:27:00 +02:00
- name: cryptoraid
hosts:
- suricata
become: true
roles:
- cryptoraid
2022-10-19 11:21:27 +02:00
tags: raid
2022-09-27 10:27:00 +02:00
2022-09-20 13:51:20 +02:00
- name: mounts
hosts:
- suricata
become: true
roles:
- mounts
2023-01-11 11:55:10 +01:00
- name: nfs-server
hosts:
- suricata
become: true
roles:
- nfs-server
tags: nfs
2022-09-20 15:02:53 +02:00
- name: usercfg
hosts:
- suricata
become: true
roles:
- usercfg
2023-01-03 15:51:57 +01:00
- name: lbu.conf
2022-10-30 15:53:51 +01:00
hosts:
2023-01-03 15:51:57 +01:00
- suricata
2022-10-30 15:53:51 +01:00
become: true
roles:
2023-01-03 15:51:57 +01:00
- lbu_conf
tags: lbu_conf
2022-10-30 15:53:51 +01:00
2023-01-03 16:57:57 +01:00
- name: setup_apkcache
hosts:
- suricata
become: true
roles:
- apk_cache
2022-10-30 15:53:51 +01:00
- name: common roles
hosts:
- caladan
- fugu
- narwhal
- snitch
- suricata
# - pikvm
become: true
roles:
- users
- sshd
vars:
users:
- rilla
- ansible
2022-11-04 14:34:44 +01:00
- btrbk
2022-10-30 15:53:51 +01:00
- builder
- gopass
- woodpecker
2022-09-06 11:10:05 +02:00
- name: quality of life tools
hosts:
- caladan
- fugu
2022-09-20 13:51:20 +02:00
- narwhal
- suricata
2022-09-04 17:25:14 +02:00
become: true
2022-08-30 17:27:09 +02:00
roles:
2022-09-04 18:57:47 +02:00
- quality_of_life
2022-09-04 16:52:37 +02:00
2022-10-31 13:32:04 +01:00
- name: pi_fan_hwpwm
hosts:
- suricata
become: true
roles:
- pi_fan_hwpwm
2023-01-03 15:51:57 +01:00
- name: docker
hosts:
- caladan
- narwhal
become: true
roles:
- docker
2022-10-31 13:32:04 +01:00
- name: podman
hosts:
- suricata
become: true
roles:
- podman
tags: podman
2023-01-03 16:57:57 +01:00
- name: k3s
hosts:
- suricata
become: true
roles:
- k3s
tags: k3s
2022-09-06 11:10:05 +02:00
- name: wifi setup
hosts: snitch
2022-09-04 17:25:14 +02:00
become: true
2022-09-04 16:52:37 +02:00
roles:
2022-09-06 11:10:05 +02:00
- wifi
2022-11-04 14:34:44 +01:00
- name: btrbk
hosts:
- narwhal
- suricata
become: true
roles:
- btrbk
2022-11-04 15:24:55 +01:00
tags: btrbk
2022-11-04 14:34:44 +01:00
2022-09-06 11:10:05 +02:00
- name: caladan-specific things
hosts: caladan
become: true
roles:
- tinyproxy
2022-09-04 17:47:06 +02:00
2022-09-06 16:11:48 +02:00
- name: wireguard
hosts:
- caladan
- fugu
become: true
roles:
- wireguard
2022-09-17 18:03:17 +02:00
- name: setup gopass
become: true
hosts:
- caladan
- fugu
- narwhal
# - pikvm
2022-09-17 18:03:17 +02:00
roles:
- gopass
2022-10-18 18:16:13 +02:00
- name: setup DAGs
become: true
hosts:
- pikvm
roles:
- dags
tags: dags
- name: set up pikvm's ssl certs
hosts:
- pikvm
become: true
vars:
domain: monotremata.xyz
2022-09-20 13:51:20 +02:00
- name: lbu commit
hosts:
- snitch
- suricata
become: true
2022-10-31 16:02:25 +01:00
tags: lbu
2022-10-19 18:09:08 +02:00
post_tasks:
- name: lbu commit
2022-10-30 17:57:27 +01:00
# I use the shell module instead of the lbu one because the lbu module
# doesn't seem to work with encryption
shell:
cmd: lbu commit
2022-10-31 16:02:25 +01:00
environment:
PASSWORD: '{{ lbu_password }}'
2022-10-19 18:09:08 +02:00
when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
2022-10-18 12:13:27 +02:00
- name: create lbu backups directory
file:
state: directory
path: /mnt/backups/lbu
# todo: use less hardcoding
- name: make a more permanent lbu backup
copy:
2023-01-10 10:57:01 +01:00
src: "/media/mmcblk0p2/{{ ansible_hostname }}.apkovl.tar.gz.aes-256-cbc"
dest: "/mnt/backups/lbu/{{ ansible_hostname }}.apkovl.tar.gz.aes-256-cbc.{{ ansible_date_time.iso8601 }}"
remote_src: true
2022-10-18 12:13:27 +02:00
- name: mount ro
hosts:
- pikvm
become: true
post_tasks:
- name: mount ro
command: /usr/local/bin/ro