- hosts: all roles: - base - role: realorangeone.reflector when: ansible_os_family == 'Archlinux' - hosts: casey roles: - gateway - nebula - fail2ban_ssh - wireguard_53 - hosts: - pve - casey - ingress - walker - grimes - decker roles: - role: geerlingguy.ntp become: true vars: ntp_timezone: "{{ timezone }}" ntp_manage_config: true - hosts: - pve-docker - forrest - walker - pve-gitlab-runner - grimes - decker - renovate roles: - role: geerlingguy.docker become: true vars: docker_install_compose: "{{ ansible_os_family == 'Debian' }}" docker_package: "{{ 'docker-ce' if ansible_os_family == 'Debian' else 'docker' }}" docker_users: - "{{ user }}" - docker_cleanup - hosts: - pve-docker - forrest - walker - grimes - decker roles: - db_auto_backup - hosts: - pve-docker - walker - decker roles: - traefik - hosts: pve-docker roles: - pve_docker - yourls - pve_nebula_route - privatebin - vaultwarden - tandoor - authentik - hosts: ingress roles: - role: chmduquesne.iptables_persistent become: true - role: nginxinc.nginx # The nginx in debian's repos is very old become: true - ingress - nebula - hosts: pve roles: - role: ironicbadger.proxmox_nag_removal become: true - zfs - pve_nebula_route - telegraf - role: ironicbadger.snapraid become: true - hosts: forrest roles: - forrest - pve_nebula_route - hosts: qbittorrent roles: - qbittorrent - hosts: walker roles: - nebula - upload - plausible - pages - restic - commento - website - hosts: jellyfin roles: - jellyfin - hosts: restic roles: - restic - hosts: pve-gitlab roles: - gitlab - hosts: pve-gitlab-runner roles: - gitlab_runner - hosts: grimes roles: - nebula - role: dokku_bot.ansible_dokku become: true - restic - hosts: decker roles: - nebula - restic - uptime_kuma - hosts: renovate roles: - renovate