f8ac7c3a47
* add readeck to group_vars_mash_servers * add readeck to requirements.yml * add readeck to setup.yml * Create readeck.md
451 lines
11 KiB
YAML
451 lines
11 KiB
YAML
- name: "Set up a self-hosted server"
|
|
hosts: "{{ target if target is defined else 'mash_servers' }}"
|
|
become: true
|
|
|
|
roles:
|
|
# role-specific:playbook_help
|
|
- role: galaxy/playbook_help
|
|
tags:
|
|
- setup-all
|
|
- install-all
|
|
# /role-specific:playbook_help
|
|
|
|
# No role-specific checks here. Local roles are always installed.
|
|
- role: mash/playbook_base
|
|
- role: mash/playbook_migration
|
|
|
|
# role-specific:systemd_docker_base
|
|
# This role has no tasks at all
|
|
- role: galaxy/systemd_docker_base
|
|
# /role-specific:systemd_docker_base
|
|
|
|
# role-specific:docker
|
|
- when: mash_playbook_docker_installation_enabled | bool
|
|
role: galaxy/docker
|
|
vars:
|
|
docker_install_compose: false
|
|
docker_install_compose_plugin: false
|
|
tags:
|
|
- setup-docker
|
|
- setup-all
|
|
- install-docker
|
|
- install-all
|
|
# /role-specific:docker
|
|
|
|
# role-specific:docker_sdk_for_python
|
|
- when: devture_docker_sdk_for_python_installation_enabled | bool
|
|
role: galaxy/docker_sdk_for_python
|
|
tags:
|
|
- setup-docker
|
|
- setup-all
|
|
- install-docker
|
|
- install-all
|
|
# /role-specific:docker_sdk_for_python
|
|
|
|
# role-specific:timesync
|
|
- when: devture_timesync_installation_enabled | bool
|
|
role: galaxy/timesync
|
|
tags:
|
|
- setup-timesync
|
|
- setup-all
|
|
- install-timesync
|
|
- install-all
|
|
# /role-specific:timesync
|
|
|
|
# role-specific:swap
|
|
- role: galaxy/swap
|
|
# /role-specific:swap
|
|
|
|
# role-specific:cleanup
|
|
- role: galaxy/cleanup
|
|
# /role-specific:cleanup
|
|
|
|
# role-specific:ssh
|
|
- when: system_security_ssh_enabled | bool
|
|
role: galaxy/ssh
|
|
# /role-specific:ssh
|
|
|
|
# role-specific:fail2ban
|
|
- when: system_security_fail2ban_enabled | bool
|
|
role: galaxy/fail2ban
|
|
# /role-specific:fail2ban
|
|
|
|
# role-specific:postgres
|
|
# This role exposes various tags (setup-postgres, setup-all, upgrade-postgres, import-postgres, etc.), so we don't tag it here.
|
|
- role: galaxy/postgres
|
|
# /role-specific:postgres
|
|
|
|
# role-specific:postgres_backup
|
|
- role: galaxy/postgres_backup
|
|
# /role-specific:postgres_backup
|
|
|
|
# role-specific:mongodb
|
|
- role: galaxy/mongodb
|
|
# /role-specific:mongodb
|
|
|
|
# role-specific:container_socket_proxy
|
|
- role: galaxy/container_socket_proxy
|
|
# /role-specific:container_socket_proxy
|
|
|
|
# role-specific:traefik
|
|
- role: galaxy/traefik
|
|
# /role-specific:traefik
|
|
|
|
# role-specific:adguard_home
|
|
- role: galaxy/adguard_home
|
|
# /role-specific:adguard_home
|
|
|
|
# role-specific:appsmith
|
|
- role: galaxy/appsmith
|
|
# /role-specific:appsmith
|
|
|
|
# role-specific:apisix_dashboard
|
|
- role: galaxy/apisix_dashboard
|
|
# /role-specific:apisix_dashboard
|
|
|
|
# role-specific:apisix_gateway
|
|
- role: galaxy/apisix_gateway
|
|
# /role-specific:apisix_gateway
|
|
|
|
# role-specific:authelia
|
|
- role: galaxy/authelia
|
|
# /role-specific:authelia
|
|
|
|
# role-specific:authentik
|
|
- role: galaxy/authentik
|
|
# /role-specific:authentik
|
|
|
|
# role-specific:backup_borg
|
|
- role: galaxy/backup_borg
|
|
# /role-specific:backup_borg
|
|
|
|
# role-specific:changedetection
|
|
- role: galaxy/changedetection
|
|
# /role-specific:changedetection
|
|
|
|
# role-specific:wetty
|
|
- role: galaxy/wetty
|
|
# /role-specific:wetty
|
|
|
|
# role-specific:calibre-web
|
|
- role: galaxy/calibre-web
|
|
# /role-specific:calibre-web
|
|
|
|
# role-specific:clickhouse
|
|
- role: galaxy/clickhouse
|
|
# /role-specific:clickhouse
|
|
|
|
# role-specific:collabora_online
|
|
- role: galaxy/collabora_online
|
|
# /role-specific:collabora_online
|
|
|
|
# role-specific:couchdb
|
|
- role: galaxy/couchdb
|
|
# /role-specific:couchdb
|
|
|
|
# role-specific:docker_registry
|
|
- role: galaxy/docker_registry
|
|
# /role-specific:docker_registry
|
|
|
|
# role-specific:docker_registry_proxy
|
|
- role: galaxy/docker_registry_proxy
|
|
# /role-specific:docker_registry_proxy
|
|
|
|
# role-specific:docker_registry_browser
|
|
- role: galaxy/docker_registry_browser
|
|
# /role-specific:docker_registry_browser
|
|
|
|
# role-specific:docker_registry_purger
|
|
- role: galaxy/docker_registry_purger
|
|
# /role-specific:docker_registry_purger
|
|
|
|
# role-specific:echoip
|
|
- role: galaxy/echoip
|
|
# /role-specific:echoip
|
|
|
|
# role-specific:endlessh
|
|
- role: galaxy/endlessh
|
|
# /role-specific:endlessh
|
|
|
|
# role-specific:etcd
|
|
- role: galaxy/etcd
|
|
# /role-specific:etcd
|
|
|
|
# role-specific:exim_relay
|
|
- role: galaxy/exim_relay
|
|
# /role-specific:exim_relay
|
|
|
|
# role-specific:firezone
|
|
- role: galaxy/firezone
|
|
# /role-specific:firezone
|
|
|
|
# role-specific:focalboard
|
|
- role: galaxy/focalboard
|
|
# /role-specific:focalboard
|
|
|
|
# role-specific:freshrss
|
|
- role: galaxy/freshrss
|
|
# /role-specific:freshrss
|
|
|
|
# role-specific:funkwhale
|
|
- role: galaxy/funkwhale
|
|
# /role-specific:funkwhale
|
|
|
|
# role-specific:gitea
|
|
- role: galaxy/gitea
|
|
# /role-specific:gitea
|
|
|
|
# role-specific:gotosocial
|
|
- role: galaxy/gotosocial
|
|
# /role-specific:gotosocial
|
|
|
|
# role-specific:grafana
|
|
- role: galaxy/grafana
|
|
# /role-specific:grafana
|
|
|
|
# role-specific:mariadb
|
|
- role: galaxy/mariadb
|
|
# /role-specific:mariadb
|
|
|
|
# role-specific:miniflux
|
|
- role: galaxy/miniflux
|
|
# /role-specific:miniflux
|
|
|
|
# role-specific:mrs
|
|
- role: galaxy/mrs
|
|
# /role-specific:mrs
|
|
|
|
# role-specific:n8n
|
|
- role: galaxy/n8n
|
|
# /role-specific:n8n
|
|
|
|
# role-specific:healthchecks
|
|
- role: galaxy/healthchecks
|
|
# /role-specific:healthchecks
|
|
|
|
# role-specific:infisical
|
|
- role: galaxy/infisical
|
|
# /role-specific:infisical
|
|
|
|
# role-specific:hubsite
|
|
- role: galaxy/hubsite
|
|
# /role-specific:hubsite
|
|
|
|
# role-specific:ilmo
|
|
- role: galaxy/ilmo
|
|
# /role-specific:ilmo
|
|
|
|
# role-specific:influxdb
|
|
- role: galaxy/influxdb
|
|
# /role-specific:influxdb
|
|
|
|
# role-specific:jitsi
|
|
- role: galaxy/jitsi
|
|
# /role-specific:jitsi
|
|
|
|
# role-specific:keycloak
|
|
- role: galaxy/keycloak
|
|
# /role-specific:keycloak
|
|
|
|
# role-specific:keydb
|
|
- role: galaxy/keydb
|
|
# /role-specific:keydb
|
|
|
|
# role-specific:lago
|
|
- role: galaxy/lago
|
|
# /role-specific:lago
|
|
|
|
# role-specific:languagetool
|
|
- role: galaxy/languagetool
|
|
# /role-specific:languagetool
|
|
|
|
# role-specific:linkding
|
|
- role: galaxy/linkding
|
|
# /role-specific:linkding
|
|
|
|
# role-specific:loki
|
|
- role: galaxy/loki
|
|
# /role-specific:loki
|
|
|
|
# role-specific:mobilizon
|
|
- role: galaxy/mobilizon
|
|
# /role-specific:mobilizon
|
|
|
|
# role-specific:mosquitto
|
|
- role: galaxy/mosquitto
|
|
# /role-specific:mosquitto
|
|
|
|
# role-specific:navidrome
|
|
- role: galaxy/navidrome
|
|
# /role-specific:navidrome
|
|
|
|
# role-specific:neko
|
|
- role: galaxy/neko
|
|
# /role-specific:neko
|
|
|
|
# role-specific:netbox
|
|
- role: galaxy/netbox
|
|
# /role-specific:netbox
|
|
|
|
# role-specific:nextcloud
|
|
- role: galaxy/nextcloud
|
|
# /role-specific:nextcloud
|
|
|
|
# role-specific:notfellchen
|
|
- role: galaxy/notfellchen
|
|
# /role-specific:notfellchen
|
|
|
|
# role-specific:oauth2_proxy
|
|
- role: galaxy/oauth2_proxy
|
|
# /role-specific:oauth2_proxy
|
|
|
|
# role-specific:owncast
|
|
- role: galaxy/owncast
|
|
# /role-specific:owncast
|
|
|
|
# role-specific:outline
|
|
- role: galaxy/outline
|
|
# /role-specific:outline
|
|
|
|
# role-specific:oxitraffic
|
|
- role: galaxy/oxitraffic
|
|
# /role-specific:oxitraffic
|
|
|
|
# role-specific:paperless
|
|
- role: galaxy/paperless
|
|
# /role-specific:paperless
|
|
|
|
# role-specific:peertube
|
|
- role: galaxy/peertube
|
|
# /role-specific:peertube
|
|
|
|
# role-specific:plausible
|
|
- role: galaxy/plausible
|
|
# /role-specific:plausible
|
|
|
|
# role-specific:postgis
|
|
- role: galaxy/postgis
|
|
# /role-specific:postgis
|
|
|
|
# role-specific:prometheus
|
|
- role: galaxy/prometheus
|
|
# /role-specific:prometheus
|
|
|
|
# role-specific:prometheus_node_exporter
|
|
- role: galaxy/prometheus_node_exporter
|
|
# /role-specific:prometheus_node_exporter
|
|
|
|
# role-specific:prometheus_blackbox_exporter
|
|
- role: galaxy/prometheus_blackbox_exporter
|
|
# /role-specific:prometheus_blackbox_exporter
|
|
|
|
# role-specific:prometheus_postgres_exporter
|
|
- role: galaxy/prometheus_postgres_exporter
|
|
# /role-specific:prometheus_postgres_exporter
|
|
|
|
# role-specific:prometheus_ssh_exporter
|
|
- role: galaxy/prometheus_ssh_exporter
|
|
# /role-specific:prometheus_ssh_exporter
|
|
|
|
# role-specific:promtail
|
|
- role: galaxy/promtail
|
|
# /role-specific:promtail
|
|
|
|
# role-specific:radicale
|
|
- role: galaxy/radicale
|
|
# /role-specific:radicale
|
|
|
|
# role-specific:readeck
|
|
- role: galaxy/readeck
|
|
# /role-specific:readeck
|
|
|
|
# role-specific:redmine
|
|
- role: galaxy/redmine
|
|
# /role-specific:redmine
|
|
|
|
# role-specific:redis
|
|
- role: galaxy/redis
|
|
# /role-specific:redis
|
|
|
|
# role-specific:rumqttd
|
|
- role: galaxy/rumqttd
|
|
# /role-specific:rumqttd
|
|
|
|
# role-specific:semaphore
|
|
- role: galaxy/semaphore
|
|
# /role-specific:semaphore
|
|
|
|
# role-specific:soft_serve
|
|
- role: galaxy/soft_serve
|
|
# /role-specific:soft_serve
|
|
|
|
# role-specific:syncthing
|
|
- role: galaxy/syncthing
|
|
# /role-specific:syncthing
|
|
|
|
# role-specific:tandoor
|
|
- role: galaxy/tandoor
|
|
# /role-specific:tandoor
|
|
|
|
# role-specific:telegraf
|
|
- role: galaxy/telegraf
|
|
# /role-specific:telegraf
|
|
|
|
# role-specific:vaultwarden
|
|
- role: galaxy/vaultwarden
|
|
# /role-specific:vaultwarden
|
|
|
|
# role-specific:uptime_kuma
|
|
- role: galaxy/uptime_kuma
|
|
# /role-specific:uptime_kuma
|
|
|
|
# role-specific:wg_easy
|
|
- role: galaxy/wg_easy
|
|
# /role-specific:wg_easy
|
|
|
|
# role-specific:forgejo
|
|
- role: galaxy/forgejo
|
|
# /role-specific:forgejo
|
|
|
|
# role-specific:woodpecker_ci_server
|
|
- role: galaxy/woodpecker_ci_server
|
|
# /role-specific:woodpecker_ci_server
|
|
|
|
# role-specific:woodpecker_ci_agent
|
|
- role: galaxy/woodpecker_ci_agent
|
|
# /role-specific:woodpecker_ci_agent
|
|
|
|
# role-specific:wordpress
|
|
- role: galaxy/wordpress
|
|
# /role-specific:wordpress
|
|
|
|
# role-specific:writefreely
|
|
- role: galaxy/writefreely
|
|
# /role-specific:writefreely
|
|
|
|
# role-specific:roundcube
|
|
- role: galaxy/roundcube
|
|
# /role-specific:roundcube
|
|
|
|
# role-specific:auxiliary
|
|
- role: galaxy/auxiliary
|
|
# /role-specific:auxiliary
|
|
|
|
# role-specific:systemd_service_manager
|
|
- when: devture_systemd_service_manager_enabled | bool
|
|
role: galaxy/systemd_service_manager
|
|
# /role-specific:systemd_service_manager
|
|
|
|
# role-specific:playbook_state_preserver
|
|
# This is pretty much last, because we want it to better serve as a "last known good configuration".
|
|
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
|
|
- when: devture_playbook_state_preserver_enabled | bool
|
|
role: galaxy/playbook_state_preserver
|
|
tags:
|
|
- setup-all
|
|
- install-all
|
|
# /role-specific:playbook_state_preserver
|
|
|
|
# role-specific:playbook_runtime_messages
|
|
- role: galaxy/playbook_runtime_messages
|
|
# /role-specific:playbook_runtime_messages
|