Verified Commit 79758693 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

archlinux.org: Add a host_vars file and playbook for archlinux.org

Added a host_var file for archlinux.org as well as the playbook for archlinux.org
machine. It it's a stripped down version of apollo's playbook, only containing the roles
pertaining archweb.
parent 939fc767
---
filesystem: btrfs
fail2ban_jails:
sshd: true
postfix: false
dovecot: false
---
- name: "prepare postgres ssl hosts list"
hosts: archlinux.org
tasks:
- name: assign ipv4 addresses to fact postgres_ssl_hosts4
set_fact: postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
vars:
gemini4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
tags: ["postgres", "firewall"]
- name: assign ipv6 addresses to fact postgres_ssl_hosts6
set_fact: postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
vars:
gemini6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
tags: ["postgres", "firewall"]
- name: setup archlinux.org
hosts: archlinux.org
remote_user: root
roles:
- { role: common }
- { role: tools }
- { role: sshd }
- { role: root_ssh }
- { role: borg_client, tags: ["borg"] }
- { role: certbot }
- { role: nginx }
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
- role: postgres
postgres_listen_addresses: "*"
postgres_ssl: 'on'
- { role: sudo }
- { role: uwsgi }
- { role: memcached }
- { role: archweb, archweb_planet: true }
- { role: fail2ban }
- { role: prometheus_exporters }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment