- hosts: all roles: - base - role: realorangeone.reflector when: ansible_os_family == 'Archlinux' - role: paccache when: ansible_os_family == 'Archlinux' - hosts: casey roles: - gateway - nebula - fail2ban_ssh - wireguard_53 - hosts: - pve - casey - ingress - walker - grimes - tang roles: - role: geerlingguy.ntp become: true vars: ntp_timezone: "{{ timezone }}" ntp_manage_config: true - hosts: - pve-docker - forrest - walker - pve-gitlab-runner - grimes - renovate roles: - role: geerlingguy.docker become: true vars: docker_install_compose: "{{ ansible_os_family == 'Debian' }}" docker_package: "{{ 'docker-ce' if ansible_os_family == 'Debian' else 'docker' }}" docker_users: - "{{ user }}" - docker_cleanup - hosts: - pve-docker - forrest - walker - grimes roles: - db_auto_backup - hosts: - pve-docker - walker roles: - traefik - hosts: pve-docker roles: - pve_docker - yourls - pve_nebula_route - privatebin - vaultwarden - tandoor - mastodon - gitea - hosts: ingress roles: - role: chmduquesne.iptables_persistent become: true - role: nginxinc.nginx # The nginx in debian's repos is very old become: true - ingress - nebula - hosts: pve roles: - role: ironicbadger.proxmox_nag_removal become: true - zfs - pve_nebula_route - role: ironicbadger.snapraid become: true - role: prometheus.prometheus.node_exporter become: true - hosts: forrest roles: - forrest - pve_nebula_route - hosts: qbittorrent roles: - qbittorrent - http_proxy - hosts: walker roles: - nebula - upload - plausible - restic - commento - website - hosts: jellyfin roles: - jellyfin - hosts: restic roles: - restic - hosts: pve-gitlab roles: - gitlab - hosts: pve-gitlab-runner roles: - gitlab_runner - hosts: grimes roles: - nebula - role: dokku_bot.ansible_dokku become: true - restic - hosts: renovate roles: - renovate - hosts: tang roles: - pihole - role: prometheus.prometheus.node_exporter become: true