--- - name: Prepare all servers hosts: all become: true vars_files: - group_vars/all_secrets.yml pre_tasks: - name: Create directories file: path: "/data" state: directory - name: Setup base system import_tasks: tasks/base.yml tags: base_setup roles: - role: geerlingguy.docker docker_users: - administrator - role: grzegorzfranus.fail2ban vars: fail2ban_ignoreip: - 127.0.0.1/8 # loopback - 10.0.0.0/8 # Private - 172.16.0.0/12 # Private - 192.168.0.0/16 # Private - 169.254.0.0/16 # link-local / APIPA - 100.64.0.0/10 # CGNAT - 203.0.113.0/24 # TEST-NETs - 192.0.2.0/24 # TEST-NETs - 198.51.100.0/24 # TEST-NETs - ::1 # ULA - fc00::/7 # Private - fe80::/10 # Private fail2ban_bantime: "1h" fail2ban_findtime: "30m" fail2ban_maxretry: 3 fail2ban_custom_jail_files: - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf content: | [sshd-strict] enabled = true filter = sshd port = ssh logpath = journal backend = systemd maxretry = 3 bantime = 3600 findtime = 300 tags: base_install - hosts: cloud become: yes roles: - name: traefik vars: traefik_host: traefik01.comprofix.com tags: traefik_install tasks: - name: Deploy Vaultwarden import_tasks: tasks/vaultwarden.yml tags: vaultwarden_install - name: Deploy gitea import_tasks: tasks/gitea.yml tags: gitea_install - name: Gotify import_tasks: tasks/gotify.yml tags: gotify_install tags: cloud_install - hosts: docker become: yes vars_files: - vars/gitea-images.yml pre_tasks: - name: Connect iscsi import_tasks: tasks/iscsi.yml tags: iscsi_connect roles: - role: nfs mounts: - name: Data share path: /mnt/nfs/data src: truenas.comprofix.xyz:/mnt/datapool/data tags: nfs_install - role: traefik vars: traefik_host: traefik02.comprofix.xyz tags: traefik_install tasks: - name: Deploy comprofix.com website import_tasks: tasks/comprofix.com.yml tags: comprofix_install - name: Deploy iDrac Fan Controller import_tasks: tasks/idrac.yml tags: idrac_install - name: Deploy MariaDB import_tasks: tasks/mariadb.yml tags: mariadb_install - name: Deploy InvoiceNinja import_tasks: tasks/invoiceninja.yml tags: invoiceninja_install - name: Deploy Homepage import_tasks: tasks/homepage.yml tags: homepage_install - name: Deploy speedtest-tracker import_tasks: tasks/speedtest.yml tags: speedtest_install - name: Deploy dozzle import_tasks: tasks/dozzle.yml tags: dozzle_install - name: Deploy jellyseerr import_tasks: tasks/jellyseerr.yml tags: jellyseerr_install - name: Deploy lidarr import_tasks: tasks/lidarr.yml tags: lidarr_install - name: Deploy prowlarr import_tasks: tasks/prowlarr.yml tags: prowlarr_install - name: Deploy radarr import_tasks: tasks/radarr.yml tags: radarr_install - name: Deploy sonarr import_tasks: tasks/sonarr.yml tags: sonarr_install - name: Deploy sabnzbd import_tasks: tasks/sabnzbd.yml tags: sabnzbd_install - name: Deploy mealie import_tasks: tasks/mealie.yml tags: mealie_install - name: Deploy pyKMS import_tasks: tasks/pykms.yml tags: pykms_install - name: Deploy mediawiki import_tasks: tasks/mediawiki.yml tags: mediawiki_install - name: Deploy traggo import_tasks: tasks/traggo.yml tags: traggo_install - name: Deploy gitea-runner-homelab import_tasks: tasks/gitea-runner-homelab.yml tags: gitea-runner-homelab_install # - name: Deploy mssql # import_tasks: tasks/mssql.yml # tags: mssql_install tags: dockerserver_install - hosts: omada become: yes roles: - role: nfs mounts: - name: Data share path: /data src: truenas.comprofix.xyz:/mnt/datapool/docker tags: nfs_install tasks: - name: Deploy Dozzle Agent import_tasks: tasks/dozzle-agent.yml tags: dozzle-agent_install - name: Deploy Omada import_tasks: tasks/omada.yml tags: omada_install tags: omada_lxc_install