204 lines
4.6 KiB
YAML
204 lines
4.6 KiB
YAML
---
|
|
- hosts: all
|
|
handlers:
|
|
- import_tasks: global_handlers/global_handlers.yml
|
|
connection: local
|
|
vars_files:
|
|
- "os_vars/{{ ansible_distribution | lower }}.yml"
|
|
become: true
|
|
vars:
|
|
ansible_reboot_cooldown_minutes: 15 # Cooldown in Minuten
|
|
ansible_pull_marker_file: /var/tmp/ansible_pull.last_run
|
|
|
|
pre_tasks:
|
|
- name: pre-run | get status of marker file
|
|
stat:
|
|
path: "{{ ansible_pull_marker_file }}"
|
|
register: marker_file_stat
|
|
tags: always
|
|
|
|
- name: pre-run | check if last run was within cooldown period
|
|
meta: end_play
|
|
when:
|
|
- marker_file_stat.stat.exists
|
|
- (ansible_date_time.epoch | int) - (marker_file_stat.stat.mtime | int) < (ansible_reboot_cooldown_minutes | int * 60)
|
|
tags: always
|
|
|
|
- name: pre-run | set marker file path as a cached fact
|
|
set_fact:
|
|
ansible_pull_marker_file: "{{ ansible_pull_marker_file }}"
|
|
cacheable: true
|
|
tags: always
|
|
|
|
- name: pre-run | update apt repository (debian, ubuntu, etc.) # noqa no-changed-when
|
|
apt: update_cache=yes
|
|
#changed_when: false
|
|
when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"]
|
|
- name: pre-run | update pacman repository (arch)
|
|
pacman: update_cache=yes
|
|
#changed_when: false
|
|
when: ansible_distribution == 'Archlinux'
|
|
- name: pre-run |update portage repository (gentoo)
|
|
portage:
|
|
sync: yes
|
|
when: ansible_distribution == 'Gentoo'
|
|
|
|
- hosts: all:!database
|
|
pre_tasks:
|
|
- name: pre-run | upgrade system (debian, ubuntu, etc.)
|
|
apt: upgrade=dist
|
|
#changed_when: false
|
|
when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"]
|
|
- name: pre-run | upgrade system (arch)
|
|
pacman: upgrade=true
|
|
when: ansible_distribution == 'Archlinux'
|
|
|
|
# run roles
|
|
- hosts: all
|
|
tags: base
|
|
become: true
|
|
roles:
|
|
- base
|
|
|
|
# - hosts: workstation
|
|
# tags: workstation
|
|
# become: true
|
|
# roles:
|
|
# - workstation
|
|
|
|
- hosts: server
|
|
tags: server
|
|
become: true
|
|
roles:
|
|
- server
|
|
|
|
- hosts: bastionhost
|
|
tags: server,bastionhost
|
|
handlers:
|
|
- import_tasks: global_handlers/global_handlers.yml
|
|
become: true
|
|
roles:
|
|
- bastionhost
|
|
post_tasks:
|
|
- name: Update AIDE database if changes were made
|
|
include_role:
|
|
name: bastionhost
|
|
tasks_from: system_setup/aide_update.yml
|
|
when: (aide_db_needs_update is defined and aide_db_needs_update) and (aide_db is defined and aide_db.stat.exists)
|
|
|
|
- hosts: nameserver
|
|
tags: server,nameserver
|
|
become: true
|
|
roles:
|
|
- nameserver
|
|
|
|
- hosts: webserver
|
|
tags: server,webserver
|
|
become: true
|
|
roles:
|
|
- webserver
|
|
|
|
- hosts: mailserver
|
|
tags: server,mailserver
|
|
become: true
|
|
roles:
|
|
- mailserver
|
|
|
|
- hosts: database
|
|
tags: server,database
|
|
become: true
|
|
roles:
|
|
- database
|
|
|
|
# - hosts: dhcpserver
|
|
# tags: server,dhcpserver
|
|
# become: true
|
|
# roles:
|
|
# - dhcpserver
|
|
|
|
- hosts: docker
|
|
tags: server,docker
|
|
become: true
|
|
roles:
|
|
- docker
|
|
|
|
- hosts: drone
|
|
tags: server,docker,drone
|
|
become: true
|
|
roles:
|
|
- drone
|
|
|
|
# - hosts: fileserver
|
|
# tags: server,fileserver
|
|
# become: true
|
|
# roles:
|
|
# - fileserver
|
|
|
|
- hosts: mastodon
|
|
tags: server,mastodon
|
|
become: true
|
|
roles:
|
|
- mastodon
|
|
|
|
# - hosts: printspooler
|
|
# tags: server,printspooler
|
|
# become: true
|
|
# roles:
|
|
# - printspooler
|
|
|
|
- hosts: jitsimeet
|
|
tags: server,jitsimeet,webserver
|
|
become: true
|
|
roles:
|
|
- jitsimeet
|
|
|
|
- hosts: backup
|
|
tags: server,backup
|
|
become: true
|
|
roles:
|
|
- backup
|
|
|
|
# - hosts: proxyserver
|
|
# tags: server,proxyserver
|
|
# become: true
|
|
# roles:
|
|
# - proxyserver
|
|
|
|
# end of roles; cleanup and reporting
|
|
- hosts: all
|
|
become: true
|
|
post_tasks:
|
|
- name: cleanup package cache (debian and ubuntu)
|
|
tags: always
|
|
apt:
|
|
autoclean: yes
|
|
changed_when: false
|
|
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
|
|
|
|
- name: autoremove orphan packages (debian and ubuntu)
|
|
tags: always
|
|
apt:
|
|
autoremove: yes
|
|
purge: yes
|
|
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
|
|
|
|
- name: post-run | update marker file timestamp on successful run
|
|
file:
|
|
path: "{{ ansible_pull_marker_file }}"
|
|
state: touch
|
|
tags: always
|
|
# - name: send completion alert
|
|
# include_tasks: playbooks/send_completion_alert.yml
|
|
# tags: always
|
|
# when:
|
|
# - task_failed is not defined
|
|
|
|
# - name: send failure alert
|
|
# include_tasks: playbooks/send_failure_alert.yml
|
|
# tags: always
|
|
# when:
|
|
# - task_failed is defined
|
|
# - task_failed == true
|
|
|
|
# vim: ts=2 sw=2 fdm=indent
|