ansible-infra/playbooks/deploy.yaml

---
- name: engelsystem_specific_pre_tasks
  ansible.builtin.import_playbook: engelsystem_specific_pre_tasks.yaml

- name: Ensure SSH server config deployment on ssh_server_config_hosts
  hosts: ssh_server_config_hosts
  roles:
    - deploy_ssh_server_config

- name: Ensure deployment of infrastructure authorized keys
  hosts: infrastructure_authorized_keys_hosts
  roles:
    - infrastructure_authorized_keys

- name: Ensure Nextcloud config
  hosts: nextcloud_hosts
  roles:
    - nextcloud

- name: Ensure HiFiBerry deployment on hifiberry_hosts
  hosts: hifiberry_hosts
  roles:
    - hifiberry

- name: Ensure bluetooth audio sink deployment on bluetooth_audio_sink_hosts
  hosts: bluetooth_audio_sink_hosts
  roles:
    - bluetooth_audio_sink

- name: Ensure shairport sync deployment on shairport_sync_hosts 
  hosts: shairport_sync_hosts
  roles:
    - shairport_sync

- name: Ensure ola deployment on ola_hosts
  hosts: ola_hosts
  roles:
    - ola

- name: Ensure foobazdmx deployment on foobazdmx_hosts
  hosts: foobazdmx_hosts
  roles:
    - foobazdmx

- name: Ensure Mosquitto MQTT broker deployment on mosquitto_hosts
  hosts: mosquitto_hosts
  roles:
    - mosquitto

- name: Ensure Zigbee2MQTT deployment on zigbee2mqtt_hosts
  hosts: zigbee2mqtt_hosts
  roles:
    - zigbee2mqtt

- name: Ensure Dokuwiki config
  hosts: wiki
  roles:
    - dokuwiki

- name: Ensure certificate deployment on cert_hosts
  hosts: cert_hosts
  roles:
    - cert

- name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs
  hosts: nginx_hosts:&public_reverse_proxy_hosts
  roles:
    - nginx

- name: Ensure certbot and certificate deployment on certbot_hosts
  hosts: certbot_hosts
  roles:
    - certbot

- name: Ensure Docker Compose deployment on docker_compose_hosts
  hosts: docker_compose_hosts
  roles:
    - docker_compose

- name: Ensure NGINX deployment on nginx_hosts
  hosts: nginx_hosts:!public_reverse_proxy_hosts
  roles:
    - nginx

- name: Configure unattended upgrades
  hosts: all
  become: true
  roles:
    - role: debops.debops.unattended_upgrades
      vars:
        unattended_upgrades__origins:
          - "o=${distro_id},n=${distro_codename}"
          - "o=Docker,n=${distro_codename}"
          - "o=nginx,n=${distro_codename}"
Combine playbooks for indiviual hosts into one playbook This makes a full deployment of all hosts easier and parallelises execution of roles, which are used for multiple hosts. You can still easily deploy only a subset of hosts using the -l flag for ansible-playbook. 2023-07-30 06:57:30 +02:00			`---`
			`- name: engelsystem_specific_pre_tasks`
			`ansible.builtin.import_playbook: engelsystem_specific_pre_tasks.yaml`

			`- name: Ensure SSH server config deployment on ssh_server_config_hosts`
			`hosts: ssh_server_config_hosts`
			`roles:`
			`- deploy_ssh_server_config`

Add a role for deploying infrastructure authorized keys and use it 2023-11-11 00:23:20 +01:00			`- name: Ensure deployment of infrastructure authorized keys`
			`hosts: infrastructure_authorized_keys_hosts`
			`roles:`
			`- infrastructure_authorized_keys`

Nextcloud-Config weiter entwickeln 2023-08-05 18:59:58 +02:00			`- name: Ensure Nextcloud config`
			`hosts: nextcloud_hosts`
			`roles:`
			`- nextcloud`

Combine playbooks for indiviual hosts into one playbook This makes a full deployment of all hosts easier and parallelises execution of roles, which are used for multiple hosts. You can still easily deploy only a subset of hosts using the -l flag for ansible-playbook. 2023-07-30 06:57:30 +02:00			`- name: Ensure HiFiBerry deployment on hifiberry_hosts`
			`hosts: hifiberry_hosts`
			`roles:`
			`- hifiberry`

			`- name: Ensure bluetooth audio sink deployment on bluetooth_audio_sink_hosts`
			`hosts: bluetooth_audio_sink_hosts`
			`roles:`
			`- bluetooth_audio_sink`

			`- name: Ensure shairport sync deployment on shairport_sync_hosts`
			`hosts: shairport_sync_hosts`
			`roles:`
			`- shairport_sync`

			`- name: Ensure ola deployment on ola_hosts`
			`hosts: ola_hosts`
			`roles:`
			`- ola`

			`- name: Ensure foobazdmx deployment on foobazdmx_hosts`
			`hosts: foobazdmx_hosts`
			`roles:`
			`- foobazdmx`

			`- name: Ensure Mosquitto MQTT broker deployment on mosquitto_hosts`
			`hosts: mosquitto_hosts`
			`roles:`
			`- mosquitto`

			`- name: Ensure Zigbee2MQTT deployment on zigbee2mqtt_hosts`
			`hosts: zigbee2mqtt_hosts`
			`roles:`
			`- zigbee2mqtt`

Wiki: Fix oauth, create role from playbook 2023-05-11 20:19:14 +02:00			`- name: Ensure Dokuwiki config`
			`hosts: wiki`
			`roles:`
			`- dokuwiki`

Combine playbooks for indiviual hosts into one playbook This makes a full deployment of all hosts easier and parallelises execution of roles, which are used for multiple hosts. You can still easily deploy only a subset of hosts using the -l flag for ansible-playbook. 2023-07-30 06:57:30 +02:00			`- name: Ensure certificate deployment on cert_hosts`
			`hosts: cert_hosts`
			`roles:`
			`- cert`

Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs 2023-08-03 04:15:03 +02:00			`- name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs`
			`hosts: nginx_hosts:&public_reverse_proxy_hosts`
			`roles:`
			`- nginx`

Deploy certs for zigbee2mqtt.ccchh.net using new certbot role Also add certbot role to deploy.yaml playbook and add accompanying group. 2023-08-02 22:53:37 +02:00			`- name: Ensure certbot and certificate deployment on certbot_hosts`
			`hosts: certbot_hosts`
			`roles:`
			`- certbot`

Combine playbooks for indiviual hosts into one playbook This makes a full deployment of all hosts easier and parallelises execution of roles, which are used for multiple hosts. You can still easily deploy only a subset of hosts using the -l flag for ansible-playbook. 2023-07-30 06:57:30 +02:00			`- name: Ensure Docker Compose deployment on docker_compose_hosts`
			`hosts: docker_compose_hosts`
			`roles:`
			`- docker_compose`

			`- name: Ensure NGINX deployment on nginx_hosts`
Ensure NGINX deploy. on public-rev.-prox. hosts before certbot role runs 2023-08-03 04:15:03 +02:00			`hosts: nginx_hosts:!public_reverse_proxy_hosts`
Combine playbooks for indiviual hosts into one playbook This makes a full deployment of all hosts easier and parallelises execution of roles, which are used for multiple hosts. You can still easily deploy only a subset of hosts using the -l flag for ansible-playbook. 2023-07-30 06:57:30 +02:00			`roles:`
			`- nginx`
Add auto-update * for all hosts, use debops.unattended_upgrades * for docker compose, install a cron job pulling new images and restarting affected containers 2024-08-11 20:49:21 +02:00
			`- name: Configure unattended upgrades`
			`hosts: all`
			`become: true`
			`roles:`
unattended upgrade all packages 2024-09-02 20:44:55 +02:00			`- role: debops.debops.unattended_upgrades`
			`vars:`
			`unattended_upgrades__origins:`
			`- "o=${distro_id},n=${distro_codename}"`
			`- "o=Docker,n=${distro_codename}"`
			`- "o=nginx,n=${distro_codename}"`