- hosts: all roles: - base - role: realorangeone.reflector when: ansible_os_family == 'Archlinux' - role: paccache when: ansible_os_family == 'Archlinux' - hosts: casey roles: - gateway - nebula - fail2ban_ssh - wireguard_53 - hosts: - pve - casey - ingress - walker - grimes - tang roles: - role: geerlingguy.ntp become: true vars: ntp_timezone: "{{ timezone }}" ntp_manage_config: true - hosts: - pve-docker - forrest - walker - grimes - renovate - gitea-runner roles: - role: geerlingguy.docker become: true vars: docker_install_compose_plugin: "{{ ansible_os_family == 'Debian' }}" docker_users: - "{{ me.user }}" - docker_cleanup - hosts: - pve-docker - forrest - walker - grimes roles: - db_auto_backup - hosts: - pve-docker - walker roles: - traefik - hosts: pve-docker roles: - pve_docker - yourls - pve_nebula_route - privatebin - vaultwarden - tandoor - mastodon - gitea - hosts: ingress roles: - role: chmduquesne.iptables_persistent become: true - role: nginxinc.nginx # The nginx in debian's repos is very old become: true - ingress - nebula - hosts: pve roles: - role: ironicbadger.proxmox_nag_removal become: true - zfs - pve_nebula_route - role: ironicbadger.snapraid become: true - role: prometheus.prometheus.node_exporter become: true - hosts: forrest roles: - forrest - pve_nebula_route - hosts: qbittorrent roles: - qbittorrent - http_proxy - hosts: walker roles: - nebula - upload - plausible - restic - commento - website - hosts: jellyfin roles: - jellyfin - hosts: restic roles: - restic - hosts: gitea-runner roles: - gitea_runner - hosts: grimes roles: - nebula - role: dokku_bot.ansible_dokku become: true - restic - hosts: renovate roles: - renovate - hosts: tang roles: - pihole - role: prometheus.prometheus.node_exporter become: true