258 lines
3.6 KiB
YAML
258 lines
3.6 KiB
YAML
---
|
|
|
|
- name: mount rw
|
|
hosts:
|
|
- pikvm
|
|
become: true
|
|
pre_tasks:
|
|
- name: mount rw
|
|
command: /usr/local/bin/rw
|
|
|
|
- name: set-up eudev
|
|
hosts: suricata
|
|
become: true
|
|
roles:
|
|
- eudev
|
|
tags: eudev
|
|
|
|
- name: basic roles
|
|
hosts:
|
|
- caladan
|
|
- fugu
|
|
- narwhal
|
|
- snitch
|
|
- suricata
|
|
- pikvm
|
|
- kitchen
|
|
- lb
|
|
become: true
|
|
roles:
|
|
- repos
|
|
- basic
|
|
|
|
- name: cryptoraid
|
|
hosts:
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- cryptoraid
|
|
tags: raid
|
|
|
|
- name: mounts
|
|
hosts:
|
|
- suricata
|
|
- kitchen
|
|
become: true
|
|
roles:
|
|
- mounts
|
|
|
|
- name: nfs-server
|
|
hosts:
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- nfs-server
|
|
tags: nfs
|
|
|
|
- name: usercfg
|
|
hosts:
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- usercfg
|
|
|
|
- name: lbu.conf
|
|
hosts:
|
|
- suricata
|
|
- kitchen
|
|
become: true
|
|
roles:
|
|
- lbu_conf
|
|
tags: lbu_conf
|
|
|
|
- name: setup_apkcache
|
|
hosts:
|
|
- suricata
|
|
- kitchen
|
|
become: true
|
|
roles:
|
|
- apk_cache
|
|
|
|
- name: common roles
|
|
hosts:
|
|
- caladan
|
|
- fugu
|
|
- narwhal
|
|
- snitch
|
|
- suricata
|
|
- pikvm
|
|
- kitchen
|
|
- lb
|
|
become: true
|
|
roles:
|
|
- users
|
|
- sshd
|
|
vars:
|
|
users:
|
|
- ansible
|
|
- btrbk
|
|
- builder
|
|
- dags
|
|
- gopass
|
|
- rilla
|
|
- woodpecker
|
|
tags: common
|
|
|
|
- name: quality of life tools
|
|
hosts:
|
|
- caladan
|
|
- fugu
|
|
- narwhal
|
|
- suricata
|
|
- kitchen
|
|
- lb
|
|
become: true
|
|
roles:
|
|
- quality_of_life
|
|
|
|
- name: pi_fan_hwpwm
|
|
hosts:
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- pi_fan_hwpwm
|
|
|
|
- name: docker
|
|
hosts:
|
|
- caladan
|
|
- narwhal
|
|
become: true
|
|
roles:
|
|
- docker
|
|
|
|
- name: podman
|
|
hosts:
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- podman
|
|
tags: podman
|
|
|
|
- name: k3s
|
|
hosts:
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- k3s
|
|
tags: k3s
|
|
|
|
- name: wifi setup
|
|
hosts: snitch
|
|
become: true
|
|
roles:
|
|
- wifi
|
|
|
|
- name: btrbk
|
|
hosts:
|
|
- narwhal
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- btrbk
|
|
tags: btrbk
|
|
|
|
- name: caladan-specific things
|
|
hosts: caladan
|
|
become: true
|
|
roles:
|
|
- tinyproxy
|
|
|
|
- name: wireguard
|
|
hosts:
|
|
- caladan
|
|
- fugu
|
|
become: true
|
|
roles:
|
|
- wireguard
|
|
vars_files:
|
|
- 'vars/vault.yaml'
|
|
|
|
- name: notifiers
|
|
hosts:
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- notifiers
|
|
tags: notifiers
|
|
|
|
- name: set up NUT
|
|
hosts:
|
|
- narwhal
|
|
- pikvm
|
|
- suricata
|
|
become: true
|
|
roles:
|
|
- nut
|
|
tags: nut
|
|
|
|
- name: setup gopass
|
|
become: true
|
|
hosts:
|
|
- caladan
|
|
- fugu
|
|
- narwhal
|
|
# - pikvm
|
|
roles:
|
|
- gopass
|
|
|
|
- name: setup DAGs
|
|
become: true
|
|
hosts:
|
|
- pikvm
|
|
roles:
|
|
- dags
|
|
tags: dags
|
|
|
|
- name: set up pikvm's ssl certs
|
|
hosts:
|
|
- pikvm
|
|
become: true
|
|
vars:
|
|
domain: monotremata.xyz
|
|
|
|
- name: lbu commit
|
|
hosts:
|
|
- snitch
|
|
- suricata
|
|
become: true
|
|
tags: lbu
|
|
post_tasks:
|
|
- name: lbu commit
|
|
# I use the shell module instead of the lbu one because the lbu module
|
|
# doesn't seem to work with encryption
|
|
shell:
|
|
cmd: lbu commit
|
|
environment:
|
|
PASSWORD: '{{ lbu_password }}'
|
|
when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
|
|
|
|
- name: create lbu backups directory
|
|
file:
|
|
state: directory
|
|
path: /mnt/backups/lbu
|
|
|
|
# todo: use less hardcoding
|
|
- name: make a more permanent lbu backup
|
|
copy:
|
|
src: "/media/mmcblk0p2/{{ ansible_hostname }}.apkovl.tar.gz.aes-256-cbc"
|
|
dest: "/mnt/backups/lbu/{{ ansible_hostname }}.apkovl.tar.gz.aes-256-cbc.{{ ansible_date_time.iso8601 }}"
|
|
remote_src: true
|
|
|
|
- name: mount ro
|
|
hosts:
|
|
- pikvm
|
|
become: true
|
|
post_tasks:
|
|
- name: mount ro
|
|
command: /usr/local/bin/ro
|