-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
134 lines (129 loc) · 3.87 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
- name: Installing OS to the Magisystem
hosts: hetzner
gather_facts: false
pre_tasks:
# Check for connection, skip the play if the OS is already installed
# (and thus the server is accessible through custom port and username)
- name: Checking connection
ansible.builtin.wait_for_connection:
timeout: 10
register: hetzner_connected
ignore_errors: true
- name: Skip play if OS is already installed
ansible.builtin.meta: end_host
when: hetzner_connected is not failed
- name: Setting default ssh port and username
ansible.builtin.set_fact:
ansible_port: 22
ansible_user: root
roles:
- role: hetzner/install
tasks:
- name: Remove host from Controller's known hosts
delegate_to: localhost
connection: local
ansible.builtin.known_hosts:
name: '{{ ansible_host }}'
state: absent
- name: Restoring port and username
ansible.builtin.set_fact:
ansible_port: '{{ hetzner_install_ansible_port }}'
ansible_user: '{{ hetzner_install_ansible_user }}'
- name: Waiting for server to come back up online after reboot
ansible.builtin.wait_for_connection: {}
- name: Run post-install
ansible.builtin.import_role:
name: hetzner/install
defaults_from: post-install
tasks_from: post-install
- name: Managing containers on the Magisystem
hosts: magisystem
vars:
mail_server:
# SMTP Host Emails are sent to
host: '{{ mail_server_settings["host"] | default("") | trim }}'
port: '{{ mail_server_settings["port"] | default("587") | int | string }}'
# Optionally authenticate (don't add quotation marks to you password)
username: '{{ mail_server_settings["username"] | trim | default("") }}'
password: '{{ mail_server_settings["password"] | default("") }}'
# Use StartTLS
use_tls: '{{ mail_server_settings["use_tls"] | default("false") | bool | string }}'
# Use SSL
use_ssl: '{{ mail_server_settings["use_ssl"] | default("false") | bool | string }}'
timeout: '{{ mail_server_settings["timeout"] | default("30") | int | string }}'
roles:
- role: edge/setup
- role: edge/watchtower
tags:
- watchtower
- updates
- role: edge/wireguard-services
tags:
- wireguard-services
- vpn
- vpn-services
- role: edge/traefik
tags:
- reverse-proxy
- traefik
- role: edge/authentik
tags:
- auth
- authentik
- role: edge/rss-bridge
tags:
- rss
- role: edge/bitwarden
tags:
- password
- bitwarden
- vaultwarden
when: authentik_ldap_token is defined
- role: edge/nextcloud
tags:
- cloud
- nextcloud
- role: edge/grocy
tags:
- grocy
handlers:
- &firewalld-handler
name: Add internal networks in firewalld
ansible.builtin.include_tasks: roles/edge/fix-docker-internal-firewalld/tasks/main.yml
- name: Managing containers on Ayanami
hosts: ayanami
roles:
- role: ayanami/setup
- role: edge/setup
- role: edge/watchtower
tags:
- watchtower
- updates
- role: edge/traefik
tags:
- reverse-proxy
- traefik
- role: edge/authentik
tags:
- auth
- authentik
- role: edge/navidrome
tags:
- navidrome
- music
vars:
navidrome_music_folder: '{{ (storage_pool_folder, "music") | path_join }}'
navidrome_music_ingest_folder: '{{ (storage_pool_folder, "music-ingest") | path_join }}'
handlers:
- *firewalld-handler
- name: Configuring DNS for Migadu
hosts: localhost
tasks:
- name: Creating DNS Records
ansible.builtin.include_role:
name: hetzner/dns
tasks_from: migadu-mail
defaults_from: migadu-mail
tags:
- mail