--- - name: check if ansible is not to old hosts: localhost roles: - {role: do1jlr.ansible_version, tags: [default, version, default, always], gather_facts: false} - name: general roles for all hosts hosts: all roles: - {role: do1jlr.base, tags: [default, packages, base]} - {role: ranger, tags: [packages, ranger]} - {role: bat, tags: [packages, bat], when: [ansible_os_family == 'Debian']} - {role: unattended_upgrades, tags: [default, unattended, unattended_upgrades, security], become: true, when: ansible_distribution == 'Debian'} - name: user specific roles for all hosts hosts: all roles: - {role: users, tags: [default, init, users, web]} - {role: dotfiles, tags: [default, dotfiles]} - {role: ssh_auth, tags: [default, init, users, web]} - {role: sshd, tags: [default, init, users, sshd]} - {role: geerlingguy.firewall, tags: [default, firewall], become: true} - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true} - name: deploy web config hosts: web roles: - {role: do1jlr.webhost, tags: [web, webhost], become: true} - {role: acmetool_fix, tags: [web, acmetool]} - {role: do1jlr.acmetool, tags: [web, acmetool], become: true} - {role: do1jlr.nginx, tags: [web, nginx]} - {role: geerlingguy.mysql, tags: [web, git, mysql], become: true} - {role: do1jlr.gitea, tags: [web, gitea, git]} - {role: goaccess, tags: [web, goaccess]} - name: deploy mail config hosts: mail roles: - {role: unbound, tags: [mail, unbound]} - {role: geerlingguy.mysql, tags: [mail, mysql, mariadb], become: true} - {role: do1jlr.webhost, tags: [mail, webhost], become: true} - {role: acmetool_fix, tags: [mail, acmetool]} - {role: do1jlr.acmetool, tags: [mail, acmetool], become: true} - {role: do1jlr.nginx, tags: [mail, nginx]} - {role: do1jlr.mailserver_preperation, tags: [mail, mailserver_preperation, prep, mailserver]} - {role: do1jlr.dovecot, tags: [mail, dovecot, mailserver_dovecot]} - {role: postfix, tags: [mail, postfix]} - {role: do1jlr.rspamd, tags: [mail, rspamd]} - {role: do1jlr.weechat, tags: [irc, weechat]}