211 lines
5.3 KiB
YAML
211 lines
5.3 KiB
YAML
---
|
|
- name: Load secret values
|
|
hosts: "console"
|
|
gather_facts: false
|
|
become: false
|
|
tasks:
|
|
- name: Load secret from secrets.yaml
|
|
ansible.builtin.include_role:
|
|
name: "console"
|
|
tasks_from: "node/load_secret_vars"
|
|
apply:
|
|
tags: ["always"]
|
|
tags: ["always"]
|
|
|
|
- name: Site infra
|
|
hosts: infra
|
|
gather_facts: false
|
|
become: false
|
|
pre_tasks:
|
|
- name: Set become password
|
|
ansible.builtin.set_fact:
|
|
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['infra'] }}"
|
|
tags: ["always"]
|
|
|
|
tasks:
|
|
- name: Set timezone to Asia/Seoul
|
|
community.general.timezone:
|
|
name: Asia/Seoul
|
|
become: true
|
|
tags: ["init", "timezone"]
|
|
|
|
- name: Deploy root_ca certificate
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/deploy_root_ca"
|
|
apply:
|
|
tags: ["init", "root_crt"]
|
|
tags: ["init", "root_crt"]
|
|
|
|
- name: Deploy hosts file
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/deploy_hosts"
|
|
apply:
|
|
tags: ["init", "hosts"]
|
|
tags: ["init", "hosts"]
|
|
|
|
- name: Create default directory
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/create_default_dir"
|
|
apply:
|
|
tags: ["init", "default_dir"]
|
|
tags: ["init", "default_dir"]
|
|
|
|
- name: Set ssh host
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/set_ssh_host"
|
|
apply:
|
|
tags: ["init", "ssh_host"]
|
|
tags: ["init", "ssh_host"]
|
|
|
|
- name: Set networkd
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/set_networkd"
|
|
apply:
|
|
tags: ["init", "networkd"]
|
|
tags: ["init", "networkd"]
|
|
|
|
- name: Set resolved
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/set_resolved"
|
|
apply:
|
|
tags: ["init", "resolved"]
|
|
tags: ["init", "resolved"]
|
|
|
|
- name: Update and upgrade apt
|
|
ansible.builtin.apt:
|
|
upgrade: "dist"
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
become: true
|
|
tags: ["init", "site", "upgrade-packages"]
|
|
|
|
- name: Install common packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
- "acl"
|
|
- "curl"
|
|
- "jq"
|
|
- "netcat-openbsd"
|
|
- "dbus-user-session"
|
|
state: "present"
|
|
become: true
|
|
tags: ["init", "site", "install-packages"]
|
|
|
|
- name: Set linger
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/set_linger"
|
|
apply:
|
|
tags: ["init", "linger"]
|
|
tags: ["init", "linger"]
|
|
|
|
- name: Set podman
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "services/set_podman"
|
|
apply:
|
|
tags: ["init", "podman"]
|
|
tags: ["init", "podman"]
|
|
|
|
- name: Set nftables
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "node/set_nftables"
|
|
apply:
|
|
tags: ["init", "nftables"]
|
|
tags: ["init", "nftables"]
|
|
|
|
- name: Set crowdsec
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "services/set_crowdsec"
|
|
apply:
|
|
tags: ["site", "crowdsec"]
|
|
tags: ["site", "crowdsec"]
|
|
|
|
- name: Set ca
|
|
ansible.builtin.include_role:
|
|
name: "infra"
|
|
tasks_from: "services/set_ca_server"
|
|
apply:
|
|
tags: ["site", "ca"]
|
|
tags: ["site", "ca"]
|
|
|
|
- name: Set postgresql
|
|
ansible.builtin.include_role:
|
|
name: "infra"
|
|
tasks_from: "services/set_postgresql"
|
|
apply:
|
|
tags: ["site", "postgresql"]
|
|
tags: ["site", "postgresql"]
|
|
|
|
- name: Set caddy
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "services/set_caddy"
|
|
apply:
|
|
tags: ["site", "caddy"]
|
|
tags: ["site", "caddy"]
|
|
|
|
- name: Set ldap
|
|
ansible.builtin.include_role:
|
|
name: "infra"
|
|
tasks_from: "services/set_ldap"
|
|
apply:
|
|
tags: ["site", "ldap"]
|
|
tags: ["site", "ldap"]
|
|
|
|
- name: Set x509 exporter
|
|
ansible.builtin.include_role:
|
|
name: "infra"
|
|
tasks_from: "services/set_x509-exporter"
|
|
apply:
|
|
tags: ["site", "x509-exporter"]
|
|
tags: ["site", "x509-exporter"]
|
|
|
|
- name: Set prometheus
|
|
ansible.builtin.include_role:
|
|
name: "infra"
|
|
tasks_from: "services/set_prometheus"
|
|
apply:
|
|
tags: ["site", "prometheus"]
|
|
tags: ["site", "prometheus"]
|
|
|
|
- name: Set loki
|
|
ansible.builtin.include_role:
|
|
name: "infra"
|
|
tasks_from: "services/set_loki"
|
|
apply:
|
|
tags: ["site", "loki"]
|
|
tags: ["site", "loki"]
|
|
|
|
- name: Set alloy
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "services/set_alloy"
|
|
apply:
|
|
tags: ["site", "alloy"]
|
|
tags: ["site", "alloy"]
|
|
|
|
- name: Set grafana
|
|
ansible.builtin.include_role:
|
|
name: "infra"
|
|
tasks_from: "services/set_grafana"
|
|
apply:
|
|
tags: ["site", "grafana"]
|
|
tags: ["site", "grafana"]
|
|
|
|
- name: Set kopia
|
|
ansible.builtin.include_role:
|
|
name: "common"
|
|
tasks_from: "services/set_kopia"
|
|
apply:
|
|
tags: ["site", "kopia"]
|
|
tags: ["site", "kopia"]
|