--- - name: Configure local repository hosts: 127.0.0.1 connection: local gather_facts: no tasks: - name: Create local directory for credentials & keys file: path: "{{ item }}" owner: "{{ global_local_user }}" group: "{{ global_local_user }}" mode: "u=rwx,g=rx,o=rx" state: directory loop: - "{{ global_credentials_directory }}" - "{{ global_public_key_directory }}" - "{{ global_ssh_key_directory }}" - "{{ global_ssh_host_key_directory }}" - "{{ global_wireguard_private_directory }}" - "{{ global_wireguard_public_directory }}" - name: Install required tools become: yes become_user: root become_method: sudo apt: name: - sshpass - wireguard-tools state: present - name: Configure secure root access to hosts hosts: bootstrap gather_facts: no roles: - role: bootstrap - hosts: all strategy: free roles: - role: hostname fqdn: "{{ inventory_hostname }}" - role: common - role: account username: "zocker" password: "{{ zocker_password }}" authorized_keys: "{{ zocker_authorized_keys_url }}" sudo: yes - name: Configure bwcloud nodes import_playbook: playbooks/group_bwcloud.yml - name: Configure wireguard network import_playbook: playbooks/wireguard.yml - name: Include dns configuration import_playbook: playbooks/dns.yml - name: Configure nvak tags: - test hosts: nvak.banananet.work roles: # Git Server - role: server/gitea domain: git.banananet.work gitea_system_user: git # Banananet.work - role: server/static domain: banananet.work repo: git@git.banananet.work:banananetwork/main-static.git # SpotMe Server # - role: server/spotme # domain: spotme.fun # spotme_system_user: spotme # # Admin Panel # - role: server/php # domain: nvak.banananet.work # repo: PHPMYADMIN # TODO # BananaNetwork Keys # - role: server/node # domain: keys.banananet.work # repo: git@git.banananet.work:banananetwork/keys.git # app_port: 12822 # system_user: keys-banananet-work # Nextcloud Server - role: server/nextcloud domain: cloud.banananet.work system_user: nextcloud nextcloud_admin_user: zocker nextcloud_admin_pass: "{{ zocker_password }}" enabled_apps_list: - accessibility - activity - admin_audit - apporder - bruteforcesettings - calendar - checksum - cloud_federation_api - comments - contacts - cospend - dav - deck - dicomviewer - external - federatedfilesharing - federation - files - files_automatedtagging - files_ebookreader - files_external - files_markdown - files_pdfviewer - files_readmemd - files_rightclick - files_sharing - files_texteditor - files_trashbin - files_versions - files_videoplayer - firstrunwizard - gallery - logreader - lookup_server_connector - mail - metadata - nextcloud_announcements - notes - notifications - oauth2 - ocdownloader - password_policy - phonetrack - polls - privacy - provisioning_api - quota_warning - serverinfo - sharebymail - sharerenamer - social - sociallogin - socialsharing_email - spreed - support - suspicious_login - systemtags - tasks - theming - twofactor_admin - twofactor_backupcodes - twofactor_gateway - twofactor_nextcloud_notification - twofactor_totp - twofactor_u2f - updatenotification - viewer - workflowengine disabled_apps_list: - encryption - recommendations - survey_client - user_ldap # Firefox Sync Server - role: server/firefox-sync domain: firefox.banananet.work # RSS Server # TODO Manual initialization of database required - role: server/tt-rss domain: rss.banananet.work # DSA Seite # - role: server/node # domain: dsa.banananet.work # repo: git@git.banananet.work:dsaGroup/dsaPage.git # app_port: 12821 # system_user: dsaPage # Forum der Schande - role: server/php domain: forumderschan.de repo: git@git.banananet.work:strichliste/strichliste-php.git root: html installation_includes: - includes - role: nginx/forward domain: www.forumderschan.de dest: forumderschan.de # WG Nextcloud - role: server/nextcloud domain: wg.banananet.work nextcloud_admin_user: felix enabled_apps_list: - accessibility - activity - apporder - bruteforcesettings - calendar - checksum - cloud_federation_api - comments - contacts - cookbook - cospend - dav - deck - encryption - external - federatedfilesharing - federation - files - files_automatedtagging - files_ebookreader - files_external - files_markdown - files_pdfviewer - files_readmemd - files_rightclick - files_sharing - files_texteditor - files_trashbin - files_versions - files_videoplayer - firstrunwizard - gallery - logreader - lookup_server_connector - metadata - nextcloud_announcements - notes - notifications - oauth2 - ocdownloader - password_policy - polls - privacy - provisioning_api - quota_warning - serverinfo - sharebymail - sharerenamer - sociallogin - socialsharing_email - spreed - support - suspicious_login - systemtags - tasks - theming - twofactor_admin - twofactor_backupcodes - twofactor_gateway - twofactor_nextcloud_notification - twofactor_totp - twofactor_u2f - updatenotification - viewer - workflowengine disabled_apps_list: - admin_audit - recommendations - survey_client - user_ldap # Minecraft WG Server - role: server/minecraft domain: mc.wg.banananet.work minecraft_version: 1.14.4 minecraft_port: "{{ project_wg_minecraft_port }}" minecraft_max_ram: 2G minecraft_difficulty: normal # # Stadtpiraten # - role: server/typo3 # domain: piraten.dev.banananet.work # - role: server/php # domain: forum.piraten.dev.banananet.work # repo: PHPBB # TODO # version: master # # Stadtpiraten (prod) # - role: nginx/forward # domain: www.stadtpiraten-karlsruhe.de # dest: stadtpiraten-karlsruhe.de - name: Configure rurapenthe hosts: rurapenthe.banananet.work roles: # - role: dns/slave # domain: banananet.work # masters: # - nvak.banananet.work # - role: dns/slave # domain: forumderschan.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: stadtpiraten-karlsruhe.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: spotme.fun # masters: # - nvak.banananet.work - role: server/node domain: keys.banananet.work repo: git@git.banananet.work:banananetwork/keys.git app_port: 12822 system_user: keys-banananet-work environment_vars: REGISTER_PASS: "{{ global_ip_discover_register_pass }}" - hosts: hardie.khitomer.banananet.work roles: - role: misc/ip_discover