-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.yml
131 lines (108 loc) · 2.39 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Initial provisioning with ssh password:
# ansible-playbook main.yml --tags="user" -e "ansible_user=root" --ask-pass
- name: Provision servers
hosts: all
roles:
- role: user-create
when: ansible_user != new_user
tags: user
- role: user-supersede
when: ansible_user != new_user
tags: user
- role: debloat
become: true
tags: debloat
- role: hostname
become: true
tags: hostname
- role: ssh
become: true
tags:
- ssh
- security
- role: unattended-upgrades
become: true
tags:
- unattended-upgrades
- security
- role: motd
become: true
tags: motd
- role: apt
become: true
tags: apt
- role: neovim
become: true
tags: neovim
- role: docker
become: true
tags: docker
- role: dirs
tags: dirs
- role: dotfiles
tags: dotfiles
- role: rclone-install
tags: rclone-install
- role: rclone-mounts
when:
- cluster_labels["performance"] == "high"
- rclone_mode == "mount"
tags: rclone-mounts
- role: rclone-docker-plugin
when:
- cluster_labels["performance"] == "high"
- rclone_mode == "plugin"
tags: rclone-docker-plugin
- role: firewall
become: true
when:
- cluster_labels["datacenter"] != "eso"
tags:
- firewall
- security
- role: fail2ban
become: true
when:
- protection == "fail2ban"
- cluster_labels["ingress"] == "true"
tags:
- fail2ban
- security
- role: crowdsec
become: true
when:
- protection == "crowdsec"
- cluster_labels["ingress"] == "true"
tags:
- crowdsec
- security
- role: wireguard
become: true
tags:
- wireguard
- cluster
- role: syncthing
become: true
when:
- storage == "syncthing"
- inventory_hostname != "raspi"
tags:
- syncthing
- cluster
- role: glusterfs
become: true
when: storage == "glusterfs"
tags:
- glusterfs
- cluster
- role: swarm
when: orchestrator == "swarm"
tags:
- swarm
- cluster
- role: nomad
become: true
when: orchestrator == "nomad"
tags:
- nomad
- cluster