ansible/site.yml

#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
---
  # Preambulatory system configuration
- hosts: all
  tasks:
    - name: collect service facts
      service_facts:
      tags: [ always ]
  roles:
    - role: common
      tags: [ common ]
    - role: adminuser
      tags: [ adminuser, common ]
    - role: docker
      tags: [ docker, common, skip-pull ]
    - role: motd
      vars:
        motd_watch_services_extra:
          - apache2
          - docker
          - kubelet
          - php7.4-fpm
          - postgresql
      tags: [ motd, common ]
    - role: sshd
      vars:
        sshd:
          AcceptEnv: "LANG LC_*"
          ChallengeResponseAuthentication: no
          Compression: yes
          PasswordAuthentication: no
          PermitRootLogin: no
          PrintMotd: no
          PubkeyAuthentication: yes
          Subsystem: "sftp  /usr/lib/openssh/sftp-server"
          UsePAM: yes
          X11Forwarding: no
      tags: [ sshd, common ]
  # Manufacturer configuration
- import_playbook: playbooks/manufacturers_raspi.yml
  # Tags for fundamental services
- import_playbook: playbooks/tags_zerotier.yml
- import_playbook: playbooks/tags_snmp.yml
- import_playbook: playbooks/tags_nagios-nrpe.yml
  # Device roles
- import_playbook: playbooks/device_roles_pik8s-storage.yml
- import_playbook: playbooks/device_roles_pik8s.yml
- import_playbook: playbooks/device_roles_workstation.yml
  # Production configuration
- import_playbook: playbooks/prod_db.yml
- import_playbook: playbooks/prod_web.yml
- import_playbook: playbooks/prod_game.yml
  # Supplementary tags
- import_playbook: playbooks/tags_ansible-pull.yml
  # Housekeeping tags for one-off tasks
- import_playbook: playbooks/tags_docker-prune.yml
Working on basics 2020-10-17 00:21:57 -05:00			`#!/usr/bin/env ansible-playbook`
			`# vim:ft=ansible:`
Taking a dump 2020-10-17 01:00:06 -05:00			`---`
Add some basic roles NYI 2020-10-17 18:06:35 -05:00			`# Preambulatory system configuration`
Working on basics 2020-10-17 00:21:57 -05:00			`- hosts: all`
Allow for dynamic tagging of ansible-pull hosts 2021-08-07 17:09:20 -05:00			`tasks:`
			`- name: collect service facts`
			`service_facts:`
			`tags: [ always ]`
Working on basics 2020-10-17 00:21:57 -05:00			`roles:`
			`- role: common`
Taking a dump 2020-10-17 01:00:06 -05:00			`tags: [ common ]`
Add administrative user role 2021-02-26 10:07:57 -06:00			`- role: adminuser`
			`tags: [ adminuser, common ]`
Docker goes on everything 2021-08-07 16:55:28 -05:00			`- role: docker`
			`tags: [ docker, common, skip-pull ]`
Unify motd definition 2021-08-07 16:52:19 -05:00			`- role: motd`
			`vars:`
			`motd_watch_services_extra:`
			`- apache2`
			`- docker`
			`- kubelet`
			`- php7.4-fpm`
			`- postgresql`
			`tags: [ motd, common ]`
Add SSHD role, tighten things down 2021-03-11 08:04:57 -06:00			`- role: sshd`
			`vars:`
			`sshd:`
			`AcceptEnv: "LANG LC_*"`
			`ChallengeResponseAuthentication: no`
			`Compression: yes`
			`PasswordAuthentication: no`
			`PermitRootLogin: no`
			`PrintMotd: no`
			`PubkeyAuthentication: yes`
			`Subsystem: "sftp /usr/lib/openssh/sftp-server"`
			`UsePAM: yes`
			`X11Forwarding: no`
			`tags: [ sshd, common ]`
Reorganize ALL of the playbooks 2021-08-23 20:28:18 -05:00			`# Manufacturer configuration`
			`- import_playbook: playbooks/manufacturers_raspi.yml`
			`# Tags for fundamental services`
			`- import_playbook: playbooks/tags_zerotier.yml`
			`- import_playbook: playbooks/tags_snmp.yml`
			`- import_playbook: playbooks/tags_nagios-nrpe.yml`
			`# Device roles`
			`- import_playbook: playbooks/device_roles_pik8s-storage.yml`
			`- import_playbook: playbooks/device_roles_pik8s.yml`
			`- import_playbook: playbooks/device_roles_workstation.yml`
			`# Production configuration`
			`- import_playbook: playbooks/prod_db.yml`
			`- import_playbook: playbooks/prod_web.yml`
			`- import_playbook: playbooks/prod_game.yml`
			`# Supplementary tags`
Begin a refactor of playbook naming and organization 2021-08-23 20:20:59 -05:00			`- import_playbook: playbooks/tags_ansible-pull.yml`
Reorganize ALL of the playbooks 2021-08-23 20:28:18 -05:00			`# Housekeeping tags for one-off tasks`
			`- import_playbook: playbooks/tags_docker-prune.yml`