271 lines
7.0 KiB
YAML
271 lines
7.0 KiB
YAML
- name: deploy OVH instance
|
|
hosts: localhost
|
|
vars_files:
|
|
- vars/main.yml
|
|
gather_facts: false
|
|
tasks:
|
|
- name: Gather facts
|
|
ansible.builtin.setup:
|
|
tags:
|
|
- always
|
|
|
|
- name: Set ansible_user
|
|
set_fact:
|
|
ansible_user: "{{ ansible_user_id }}"
|
|
tags:
|
|
- always
|
|
|
|
- name: Retrieve secrets
|
|
ansible.builtin.include_tasks:
|
|
file: "tasks/retrieve_secret_vars.yml"
|
|
apply:
|
|
tags:
|
|
- always
|
|
tags:
|
|
- always
|
|
|
|
- name: Include secrets from yml db
|
|
ansible.builtin.include_vars: "{{ remote_workdir }}/secrets.yml"
|
|
tags:
|
|
- always
|
|
|
|
- name: include role_deploy_openstack_instance
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_openstack_instance
|
|
apply:
|
|
tags:
|
|
- always
|
|
tags:
|
|
- always
|
|
|
|
- name: add new instance to host group at runtime
|
|
ansible.builtin.add_host:
|
|
name: "{{ target_name }}"
|
|
ansible_host: "{{ openstack_output.openstack.accessIPv4 }}"
|
|
groups: target
|
|
changed_when: false
|
|
tags:
|
|
- always
|
|
|
|
- name: Remove old SSH host key
|
|
command: ssh-keygen -f "/home/{{ LINUX_USERNAME }}/.ssh/known_hosts" -R "{{ item }}"
|
|
changed_when: false
|
|
with_items:
|
|
- "{{ target_name }}"
|
|
- "{{ openstack_output.openstack.accessIPv4 }}"
|
|
|
|
- name: configure OVH instance
|
|
hosts: target
|
|
vars_files:
|
|
- vars/main.yml
|
|
gather_facts: false
|
|
tasks:
|
|
- name: Wait for system to become reachable
|
|
ansible.builtin.wait_for_connection:
|
|
timeout: 30
|
|
tags: configure
|
|
|
|
- name: Gather facts
|
|
ansible.builtin.setup:
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: Set ansible_user
|
|
set_fact:
|
|
ansible_user: "{{ ansible_user_id }}"
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: Include retrieve_secret_vars tasks
|
|
ansible.builtin.include_tasks:
|
|
file: "tasks/retrieve_secret_vars.yml"
|
|
apply:
|
|
tags:
|
|
- common
|
|
- always
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: Include secrets from yml db
|
|
ansible.builtin.include_vars: "{{ local_workdir }}/secrets.yml"
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: Include role_configure_ovh_instance
|
|
ansible.builtin.include_role:
|
|
name: role_configure_ovh_instance
|
|
apply:
|
|
tags: common
|
|
tags: common
|
|
|
|
- name: switch to new user
|
|
set_fact:
|
|
ansible_user: "{{ LINUX_USERNAME }}"
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: set remote workdir path
|
|
ansible.builtin.set_fact:
|
|
remote_workdir: "/home/{{ ansible_user }}/{{ ANSIBLE_WORKDIR }}"
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: create remote workdir
|
|
ansible.builtin.file:
|
|
path: "{{ remote_workdir }}"
|
|
state: directory
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: Include retrieve_secret_vars tasks
|
|
ansible.builtin.include_tasks:
|
|
file: "tasks/retrieve_secret_vars.yml"
|
|
apply:
|
|
tags:
|
|
- common
|
|
- always
|
|
tags:
|
|
- common
|
|
- always
|
|
|
|
- name: Include role_deploy_temp_openvpn-server
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_temp_openvpn-server
|
|
apply:
|
|
tags: deploy_temp_openvpn-server
|
|
tags: deploy_temp_openvpn-server
|
|
|
|
- name: Include deploy_reverse-proxy tasks
|
|
ansible.builtin.include_tasks: "tasks/deploy_reverse-proxy.yml"
|
|
tags: deploy_reverse-proxy
|
|
|
|
- name: Include deploy_mysql-server tasks
|
|
ansible.builtin.include_tasks:
|
|
file: "tasks/deploy_mysql-server.yml"
|
|
apply:
|
|
tags: deploy_mysql-server
|
|
tags: deploy_mysql-server
|
|
|
|
- name: Include deploy_gogs tasks
|
|
ansible.builtin.include_tasks:
|
|
file: "tasks/deploy_gogs.yml"
|
|
apply:
|
|
tags: deploy_gogs
|
|
tags: deploy_gogs
|
|
|
|
- name: Include role_deploy_registry
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_registry
|
|
apply:
|
|
tags: deploy_registry
|
|
tags: deploy_registry
|
|
|
|
- name: Include role_deploy_internal_named
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_internal_named
|
|
apply:
|
|
tags: deploy_internal_named
|
|
tags: deploy_internal_named
|
|
|
|
- name: Include role_deploy_nextcloud
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_nextcloud
|
|
apply:
|
|
tags: deploy_nextcloud
|
|
tags: deploy_nextcloud
|
|
|
|
- name: Include role_deploy_grafana
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_grafana
|
|
apply:
|
|
tags: deploy_grafana
|
|
tags: deploy_grafana
|
|
|
|
- name: Include role_deploy_coturn
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_coturn
|
|
apply:
|
|
tags: deploy_coturn
|
|
tags: deploy_coturn
|
|
|
|
- name: Include role_deploy_SemanticScuttle
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_SemanticScuttle
|
|
apply:
|
|
tags: deploy_SemanticScuttle
|
|
tags: deploy_SemanticScuttle
|
|
|
|
- name: Include role_deploy_onlyoffice
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_onlyoffice
|
|
apply:
|
|
tags: deploy_onlyoffice
|
|
tags: deploy_onlyoffice
|
|
|
|
- name: Include role_deploy_dovecot
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_dovecot
|
|
apply:
|
|
tags: deploy_dovecot
|
|
tags: deploy_dovecot
|
|
|
|
- name: Include role_deploy_store-metrics-in-db
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_store-metrics-in-db
|
|
apply:
|
|
tags: deploy_store-metrics-in-db
|
|
tags: deploy_store-metrics-in-db
|
|
|
|
- name: Include role_deploy_feed2imap
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_feed2imap
|
|
apply:
|
|
tags: deploy_feed2imap
|
|
tags: deploy_feed2imap
|
|
|
|
- name: Include role_deploy_cron
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_cron
|
|
apply:
|
|
tags: deploy_cron
|
|
tags: deploy_cron
|
|
|
|
- name: Retrieve config repo
|
|
ansible.builtin.git:
|
|
repo: "ssh://git@git.scimetis.net:2222/yohan/config.git"
|
|
dest: "{{ local_workdir }}/config"
|
|
version: master
|
|
accept_hostkey: true
|
|
force: true
|
|
changed_when: false
|
|
tags: deploy_fetchmail
|
|
delegate_to: localhost
|
|
|
|
- name: Include fetchmail instances list from yml db
|
|
ansible.builtin.include_vars: "{{ local_workdir }}/config/docker-mail-stack/fetchmail_instances.yml"
|
|
tags: deploy_fetchmail
|
|
|
|
- name: Include role_deploy_fetchmail
|
|
ansible.builtin.include_role:
|
|
name: role_deploy_fetchmail
|
|
apply:
|
|
tags: deploy_fetchmail
|
|
tags: deploy_fetchmail
|
|
loop: "{{ fetchmail_instances }}"
|
|
loop_control:
|
|
loop_var: fetchmail_instance
|
|
|
|
#- name: Include role_deploy_openvpn-server
|
|
# ansible.builtin.include_role:
|
|
# name: role_deploy_openvpn-server
|
|
# apply:
|
|
# tags: deploy_openvpn-server
|
|
# tags: deploy_openvpn-server
|