---
- hosts: all
vars:
base_port: 41080
notes_port: "{{ base_port + 1 }}"
dayoff_port: "{{ base_port + 2 }}"
homepage_port: "{{ base_port + 3 }}"
netdata_port: "{{ base_port + 4 }}"
wiki_port: "{{ base_port + 5 }}"
nomie_port: "{{ base_port + 6 }}"
nomie_db_port: "{{ base_port + 7 }}"
gitea_port: "{{ base_port + 8 }}"
vars_files:
- vars/vars.yml
tasks:
- name: 'Install additional packages.'
apt:
name: '{{ packages }}'
update_cache: yes
vars:
packages:
- git
- python3-pip
- acl
- import_role:
name: yatesr.timezone
vars:
timezone: UTC
- import_role:
name: geerlingguy.security
vars:
security_ssh_permit_root_login: "yes"
security_autoupdate_enabled: "no"
security_fail2ban_enabled: "yes"
- name: 'Install python docker lib.'
pip:
name: docker
tags:
- docker
- import_role:
name: geerlingguy.docker
tags:
- docker
- name: 'Ensure networkd service is started (required by Caddy).'
systemd:
name: systemd-networkd
state: started
enabled: true
tags:
- webserver
- import_role:
name: caddy_ansible.caddy_ansible
vars:
caddy_github_token: '{{ caddy_vars.github_token }}'
caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
caddy_update: False
caddy_setcap: True
caddy_systemd_capabilities_enabled: True
caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
tags:
- webserver
- import_role:
name: netdata
vars:
netdata_version: 'v1.43.1'
netdata_exposed_port: '{{ netdata_port }}'
tags:
- monitoring
# Applications
- import_role:
name: docker-app
vars:
username: homepage
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
env:
DOCKER_PREFIX: homepage
PROJECT_NAME: homepage
IMAGE_PREFIX: homepage
CONTAINER_PREFIX: homepage
WEB_SERVER_PORT: '127.0.0.1:{{ homepage_port }}'
tags:
- apps
- import_role:
name: docker-app
vars:
username: dayoff
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
- '{{ lookup("file", "files/dayoff_id_rsa.pub") }}'
env:
DOCKER_PREFIX: dayoff
PROJECT_NAME: dayoff
IMAGE_PREFIX: dayoff
CONTAINER_PREFIX: dayoff
WEB_SERVER_PORT: '127.0.0.1:{{ dayoff_port }}'
tags:
- apps
- import_role:
name: docker-app
vars:
username: wiki
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
env:
PROJECT_NAME: wiki
DOCKER_PREFIX: wiki
IMAGE_PREFIX: wiki
CONTAINER_PREFIX: wiki
WEB_SERVER_PORT: '127.0.0.1:{{ wiki_port }}'
tags:
- apps
- import_role:
name: docker-app
vars:
username: nomie
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
env:
PROJECT_NAME: nomie
DOCKER_PREFIX: nomie
IMAGE_PREFIX: nomie
CONTAINER_PREFIX: nomie
WEB_SERVER_PORT: '127.0.0.1:{{ nomie_port }}'
COUCH_DB_PORT: '127.0.0.1:{{ nomie_db_port }}'
COUCH_DB_USER: 'couch-admin'
COUCH_DB_PASSWORD: '{{ nomie.couch_db_password }}'
tags:
- apps
- import_role:
name: docker-app
vars:
username: gitea
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
env:
PROJECT_NAME: gitea
DOCKER_PREFIX: gitea
IMAGE_PREFIX: gitea
CONTAINER_PREFIX: gitea
WEB_SERVER_PORT: '127.0.0.1:{{ gitea_port }}'
USER_UID: '{{ uc_result.uid }}'
USER_GID: '{{ uc_result.group }}'
tags:
- apps