- hosts: all roles: - base - role: realorangeone.reflector when: ansible_os_family == 'Archlinux' - role: paccache when: ansible_os_family == 'Archlinux' - hosts: casey roles: - nginx - role: geerlingguy.certbot become: true - gateway - nebula - headscale - fail2ban_ssh - restic - artis3n.tailscale - glinet_vpn - hosts: - pve - casey - ingress - walker - tang roles: - role: geerlingguy.ntp become: true vars: ntp_timezone: "{{ timezone }}" ntp_manage_config: true - hosts: - pve-docker - forrest - walker - renovate - gitea-runner - pve-dokku roles: - role: geerlingguy.docker become: true vars: docker_install_compose_plugin: "{{ ansible_os_family == 'Debian' }}" docker_install_compose: "{{ ansible_os_family == 'Debian' }}" docker_users: - "{{ me.user }}" - docker_cleanup - hosts: - pve-docker - forrest - walker - pve-dokku roles: - db_auto_backup - hosts: - pve-docker roles: - traefik - hosts: pve-docker roles: - pve_docker - yourls - pve_nebula_route - privatebin - vaultwarden - tandoor - mastodon - gitea - vikunja - authentik - minio - ntfy - hosts: ingress roles: - nginx - ingress - nebula - artis3n.tailscale - hosts: pve roles: - role: ironicbadger.proxmox_nag_removal become: true - zfs - pve_nebula_route - role: ironicbadger.snapraid become: true - role: prometheus.prometheus.node_exporter become: true - hosts: forrest roles: - prometheus - uptime_kuma - pve_nebula_route - pve_tailscale_route - hosts: qbittorrent roles: - nginx - qbittorrent - http_proxy - hosts: walker roles: - nginx - role: geerlingguy.certbot become: true - nebula - coredns_docker_proxy - plausible - restic - commento - website - remark42 - artis3n.tailscale - slides - hosts: jellyfin roles: - jellyfin - hosts: restic roles: - restic - s3_sync - hosts: gitea-runner roles: - gitea_runner - hosts: renovate roles: - renovate - hosts: tang roles: - adguardhome - role: prometheus.prometheus.node_exporter become: true - restic - hosts: pve-dokku roles: - nginx - dokku