forked from lukeharvey/ansible-initial-server-setup
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinitial_server_setup.yml
119 lines (117 loc) · 4.19 KB
/
initial_server_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
# # https://stackoverflow.com/questions/18195142/safely-limiting-ansible-playbooks-to-a-single-machine
# # (problem is, the slow gather package facts happens in every call of common_handlers)
# - hosts: "iot"
# gather_facts: no
# remote_user: "{{ ssh_user | default('ansible_adm') }}"
# roles:
# - role: common_handlers
# tags: [common_handlers,always]
# become: true # the whole role, including handlers, will become root
# - role: munin_server
# tags: [munin_server]
# when: host_is_munin_server | default(false)
# # to do a quick sync of commonly changed files, let's just push them
# # first without running a slow gather_facts first:
# # (problem is, the slow gather package facts happens in every call of common_handlers)
# - hosts: "{{ target | default('all,!openwrt,!tasmota') }}"
# remote_user: "{{ ssh_user | default('ansible_adm') }}"
# gather_facts: no
# vars_files:
# - vars/main.yml
# roles:
# - role: common_handlers
# tags: [common_handlers,always]
# become: true # the whole role, including handlers, will become root
# - role: install_files
# tags: [install_files]
# - role: install_user_files
# tags: [install_user_files]
- hosts: "{{ target | default('all,!openwrt,!tasmota') }}"
remote_user: "{{ ssh_user | default('ansible_adm') }}"
# gather_facts: no # when doing a very quick debug run
vars_files:
- vars/main.yml
roles:
- role: common_handlers
tags: [common_handlers,always]
become: true # the whole role, including handlers, will become root
- role: install_files
tags: [install_files]
- role: install_user_files
tags: [install_user_files]
- role: munin_server
tags: [munin_server]
when: host_is_munin_server | default(false)
# WARNING: any flush handlers in any of the conditionally
# included roles will cause handlers invoked prior to then be
# ignored for any host where that host is not running this role!
# That warning message for smtp was a little bit not urgent
# enough! (likely mitigated if there's a flushhandler at the end
# of each role like we do these days)
- role: bootstrap
tags: [bootstrap]
- role: ssh_bootstrap
tags: [ssh_bootstrap]
become: true
- role: webserver
tags: [webserver]
when: (host_is_ext_web_server | default(false)) or (host_is_user_web_server | default(false))
- role: nutserver
tags: [nutserver]
when: (host_is_nut_server | default(false)) or (host_is_nut_master | default(false))
- role: nutmaster
tags: [nutmaster]
when: host_is_nut_master | default(false)
- role: management
tags: [management]
when: host_is_mgmt | default(false)
- role: user
tags: [user]
- role: apt_repos
tags: [apt_repos]
- role: essentials
tags: [essentials]
- role: monitoring
tags: [monitoring]
- role: spectre_mitigations_disabled
tags: [spectre_mitigations]
when: not (host_is_container | default(false)) and not (host_is_pi | default(false))
- role: hostname
tags: [hostname]
when: not (host_is_container | default(false))
- role: fileserver
tags: [fileserver]
when: host_is_fileserver | default(false)
- role: mailserver
tags: [mailserver]
when: host_is_incoming_mailserver | default(false)
- role: smtp
tags: [smtp]
# pve_server is loaded in bootstrap.yml as well, but that's just
# to make sure all the repos are there. No harm updating that
# here as time goes on
- role: pve_server
tags: [pve_server]
when: host_is_pve_server | default(false)
- role: virtual
tags: [virtual]
when: host_is_virtual | default(false)
- role: physical
tags: [physical]
when: host_is_physical | default(false)
- role: laptop
tags: [laptop]
when: host_is_laptop | default(false)
- role: dell_server
tags: [dell_server]
when: host_is_dell_server | default(false)
- role: desktop
tags: [desktop]
when: host_is_desktop | default(false)
- role: ssh
tags: [ssh]
- role: fail2ban
tags: [fail2ban]
- role: power_saving
tags: [power_saving]