-
Notifications
You must be signed in to change notification settings - Fork 1
/
vagrant_main.yml
101 lines (82 loc) · 1.9 KB
/
vagrant_main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Initial provisioning with ssh password:
# ansible-playbook main.yml --tags="user" -e "ansible_user=root" --ask-pass
- name: Provision servers
hosts: all
roles:
- role: user-supersede
when: ansible_user != new_user
tags: user
- role: debloat
become: true
tags: debloat
- role: hostname
become: true
tags: hostname
- role: ssh
become: true
tags:
- ssh
- security
- role: unattended-upgrades
become: true
tags:
- unattended-upgrades
- security
- role: motd
become: true
tags: motd
- role: apt
become: true
tags: apt
- role: docker
become: true
tags: docker
- role: home-dirs
tags: home-dirs
- role: dotfiles
tags: dotfiles
- role: rclone-docker-plugin
when: cluster_labels["performance"] == "high"
tags: rclone-docker-plugin
- role: firewall
become: true
when:
- cluster_labels["datacenter"] != "eso"
tags:
- firewall
- security
# - role: fail2ban
# become: true
# when:
# - protection == "fail2ban"
# - cluster_labels["ingress"] == "true"
# tags:
# - fail2ban
# - security
# - role: crowdsec
# become: true
# when:
# - protection == "crowdsec"
# - cluster_labels["ingress"] == "true"
# tags:
# - crowdsec
# - security
- role: wireguard
become: true
tags: wireguard
- role: syncthing
become: true
when:
- storage == "syncthing"
- inventory_hostname != "raspi"
tags: syncthing
# - role: glusterfs
# become: true
# when: storage == "glusterfs"
# tags: glusterfs
# - role: swarm
# when: orchestrator == "swarm"
# tags: swarm
- role: nomad
become: true
tags: nomad