run.yaml

- name: Core playbook
  hosts: "*"
  become: yes

  environment:
    PATH: "{{ ansible_env.PATH }}:/home/{{ username }}/.cargo/bin"

  # ----- ----- ----- ----- -----
  # Task imports
  # ----- ----- ----- ----- -----

  tasks:

    # ----- ----- ----- ----- -----
    # CORE
    # ----- ----- ----- ----- -----

    - include_role:
        name: core
      vars:
        node_exporter_hash: "{{ secret_node_exporter_hash }}"


    - include_role:
        name: fs_snapshots

    # ----- ----- ----- ----- -----
    # WORKSTATION
    # ----- ----- ----- ----- -----

    - when: inventory_hostname in groups.workstation
      block:
        - include_role:
            name: workstation

        - include_role:
            name: vscode

        - include_role:
            name: gdrive_obsidian
          vars:
            gdrive_client_id: "{{ secret_gdrive_client_id }}"
            gdrive_client_secret: "{{ secret_gdrive_client_secret }}"
            gdrive_root_folder_id: "{{ secret_gdrive_root_folder_id }}"

    # ----- ----- ----- ----- -----
    # SERVER
    # ----- ----- ----- ----- -----

    - when: inventory_hostname in groups.server
      block:
        - include_role:
            name: server

        # https://github.com/robertdebock/ansible-role-fail2ban
        - include_role:
            name: robertdebock.fail2ban

        # ----- ----- ----- ----- -----
        # MEDIA
        # ----- ----- ----- ----- -----

        - include_role:
            name: media
          when: inventory_hostname in groups.media
          vars:
            wireguard_public_key: "{{ secret_wireguard_public_key }}"
            wireguard_endpoint_ip: "{{ secret_wireguard_endpoint_ip }}"
            wireguard_private_key: "{{ secret_wireguard_private_key }}"

        # ----- ----- ----- ----- -----
        # MINECRAFT
        # ----- ----- ----- ----- -----

        - name: Minecraft role
          include_role:
            name: tquin.minecraft_fabric_server
          when: inventory_hostname in groups.minecraft
          vars:
            mcrcon_pass: "{{ secret_mcrcon_pass }}"
            minecraft_ops: "{{ secret_minecraft_ops }}"
            minecraft_allowlist: "{{ secret_minecraft_allowlist }}"

        # ----- ----- ----- ----- -----
        # BACKUP
        # ----- ----- ----- ----- -----

        - name: Backup role
          include_role:
            name: rclone_backup
          when: inventory_hostname in groups.backup
          vars:
            # HTTP server
            rclone_rc_pass: "{{ secret_rclone_rc_pass }}"
            # Google Photos
            rclone_gphotos_token: "{{ secret_rclone_gphotos_token | string }}"
            # Backblaze B2
            rclone_b2_account: "{{ secret_rclone_b2_account }}"
            rclone_b2_key: "{{ secret_rclone_b2_key }}"
            rclone_b2_crypt_pass: "{{ secret_rclone_b2_crypt_pass }}"
            # Proton Drive
            proton_username: "{{ secret_proton_username }}"
            proton_pass: "{{ secret_proton_pass }}"

        # ----- ----- ----- ----- -----
        # MONITORING
        # ----- ----- ----- ----- -----

        - include_role:
            name: monitoring
          when: inventory_hostname in groups.monitoring
          vars:
            node_exporter_pass: "{{ secret_node_exporter_pass }}"

        # ----- ----- ----- ----- -----
        # NEXTCLOUD
        # ----- ----- ----- ----- -----

        - include_role:
            name: nextcloud
          when: inventory_hostname in groups.nextcloud

        # ----- ----- ----- ----- -----
        # PUBLIC HOSTING
        # ----- ----- ----- ----- -----

        - include_role:
            name: public_hosting
          when: inventory_hostname in groups.public_hosting
          vars:
            cf_dns_token: "{{ secret_cf_dns_token }}"
            caddy_email: "{{ secret_cloudflare_email }}"
            tailscale_sidecar_token: "{{ secret_tailscale_sidecar_token }}"

        # ----- ----- ----- ----- -----
        # PHOTOS
        # ----- ----- ----- ----- -----

        - include_role:
            name: photos
          when: inventory_hostname in groups.photos
          vars:
            immich_db_pass: "{{ secret_immich_db_pass }}"

        # ----- ----- ----- ----- -----
        # RECIPES
        # ----- ----- ----- ----- -----

        - include_role:
            name: recipes
          when: inventory_hostname in groups.recipes