archlinux.org.yml 1.49 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
---

- name: "prepare postgres ssl hosts list"
  hosts: archlinux.org
  tasks:
      - name: assign ipv4 addresses to fact postgres_ssl_hosts4
        set_fact: postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
        vars:
            gemini4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
            detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
        tags: ["postgres", "firewall"]
      - name: assign ipv6 addresses to fact postgres_ssl_hosts6
        set_fact: postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
        vars:
            gemini6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
            detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
        tags: ["postgres", "firewall"]

- name: setup archlinux.org
  hosts: archlinux.org
  remote_user: root
  roles:
    - { role: common }
    - { role: tools }
    - { role: sshd }
    - { role: root_ssh }
    - { role: borg_client, tags: ["borg"] }
    - { role: certbot }
    - { role: nginx }
    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
    - role: postgres
      postgres_listen_addresses: "*"
      postgres_ssl: 'on'
    - { role: sudo }
    - { role: uwsgi }
    - { role: memcached }
    - { role: archweb, archweb_planet: true }
    - { role: fail2ban }
    - { role: prometheus_exporters }