--- - name: mount rw hosts: - pikvm become: true pre_tasks: - name: mount rw command: /usr/local/bin/rw - name: basic roles hosts: - caladan - fugu - narwhal - snitch - suricata # - pikvm become: true roles: - repos - basic - name: cryptoraid hosts: - suricata become: true roles: - cryptoraid tags: raid - name: lbu.conf hosts: - suricata become: true roles: - lbu_conf tags: lbu_conf - name: mounts hosts: - suricata become: true roles: - mounts - name: usercfg hosts: - suricata become: true roles: - usercfg - name: docker hosts: - caladan - narwhal become: true roles: - docker - name: common roles hosts: - caladan - fugu - narwhal - snitch - suricata # - pikvm become: true roles: - users - sshd vars: users: - rilla - ansible - builder - gopass - woodpecker - name: quality of life tools hosts: - caladan - fugu - narwhal - suricata become: true roles: - quality_of_life - name: pi_fan_hwpwm hosts: - suricata become: true roles: - pi_fan_hwpwm - name: podman hosts: - suricata become: true roles: - podman tags: podman - name: wifi setup hosts: snitch become: true roles: - wifi - name: caladan-specific things hosts: caladan become: true roles: - tinyproxy - name: k3s hosts: - suricata become: true roles: - k3s tags: k3s - name: wireguard hosts: - caladan - fugu become: true roles: - wireguard - name: setup gopass become: true hosts: - caladan - fugu - narwhal # - pikvm roles: - gopass - name: setup DAGs become: true hosts: - pikvm roles: - dags tags: dags - name: set up pikvm's ssl certs hosts: - pikvm become: true vars: domain: monotremata.xyz - name: lbu commit hosts: - snitch - suricata become: true tags: lbu post_tasks: - name: lbu commit # I use the shell module instead of the lbu one because the lbu module # doesn't seem to work with encryption shell: cmd: lbu commit environment: PASSWORD: '{{ lbu_password }}' when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"] - name: mount ro hosts: - pikvm become: true post_tasks: - name: mount ro command: /usr/local/bin/ro # todo: # setup-apkcache to use /media/mmcblk0p2