--- - hosts: all handlers: - import_tasks: global_handlers/global_handlers.yml connection: local vars_files: - "os_vars/{{ ansible_distribution | lower }}.yml" become: true vars: ansible_reboot_cooldown_minutes: 15 # Cooldown in Minuten ansible_pull_marker_file: /var/tmp/ansible_pull.last_run pre_tasks: - name: pre-run | set global playbook directory fact set_fact: ansible_pull_playbook_dir: "{{ playbook_dir }}" cacheable: true tags: always - name: pre-run | get status of marker file stat: path: "{{ ansible_pull_marker_file }}" register: marker_file_stat tags: always - name: pre-run | check if last run was within cooldown period meta: end_play when: - marker_file_stat.stat.exists - (ansible_date_time.epoch | int) - (marker_file_stat.stat.mtime | int) < (ansible_reboot_cooldown_minutes | int * 60) tags: always - name: pre-run | update marker file timestamp file: path: "{{ ansible_pull_marker_file }}" state: touch tags: always - name: pre-run | update apt repository (debian, ubuntu, etc.) # noqa no-changed-when apt: update_cache=yes #changed_when: false when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] - name: pre-run | update pacman repository (arch) pacman: update_cache=yes #changed_when: false when: ansible_distribution == 'Archlinux' - name: pre-run |update portage repository (gentoo) portage: sync: yes when: ansible_distribution == 'Gentoo' - hosts: all:!database pre_tasks: - name: pre-run | upgrade system (debian, ubuntu, etc.) apt: upgrade=dist #changed_when: false notify: update aide database when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] - name: pre-run | upgrade system (arch) pacman: upgrade=true notify: update aide database when: ansible_distribution == 'Archlinux' # run roles - hosts: all tags: base become: true roles: - base # - hosts: workstation # tags: workstation # become: true # roles: # - workstation - hosts: server tags: server become: true roles: - server - hosts: bastionhost tags: server,bastionhost become: true roles: - bastionhost - hosts: nameserver tags: server,nameserver become: true roles: - nameserver - hosts: webserver tags: server,webserver become: true roles: - webserver - hosts: mailserver tags: server,mailserver become: true roles: - mailserver - hosts: database tags: server,database become: true roles: - database # - hosts: dhcpserver # tags: server,dhcpserver # become: true # roles: # - dhcpserver - hosts: docker tags: server,docker become: true roles: - docker - hosts: drone tags: server,docker,drone become: true roles: - drone # - hosts: fileserver # tags: server,fileserver # become: true # roles: # - fileserver - hosts: mastodon tags: server,mastodon become: true roles: - mastodon # - hosts: printspooler # tags: server,printspooler # become: true # roles: # - printspooler - hosts: jitsimeet tags: server,jitsimeet,webserver become: true roles: - jitsimeet - hosts: backup tags: server,backup become: true roles: - backup # - hosts: proxyserver # tags: server,proxyserver # become: true # roles: # - proxyserver # end of roles; cleanup and reporting - hosts: all become: true tasks: - name: cleanup package cache (debian and ubuntu) tags: always apt: autoclean: yes changed_when: false when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - name: autoremove orphan packages (debian and ubuntu) tags: always apt: autoremove: yes purge: yes when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] # - name: send completion alert # include_tasks: playbooks/send_completion_alert.yml # tags: always # when: # - task_failed is not defined # - name: send failure alert # include_tasks: playbooks/send_failure_alert.yml # tags: always # when: # - task_failed is defined # - task_failed == true # vim: ts=2 sw=2 fdm=indent