7235e726d6
Fix #263
41 lines
1.5 KiB
YAML
41 lines
1.5 KiB
YAML
---
|
|
|
|
- name: "prepare postgres ssl hosts list"
|
|
hosts: archlinux.org
|
|
tasks:
|
|
- name: assign ipv4 addresses to fact postgres_ssl_hosts4
|
|
set_fact: postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
|
|
vars:
|
|
gemini4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
|
|
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
|
|
tags: ["postgres", "firewall"]
|
|
- name: assign ipv6 addresses to fact postgres_ssl_hosts6
|
|
set_fact: postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
|
|
vars:
|
|
gemini6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
|
|
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
|
|
tags: ["postgres", "firewall"]
|
|
|
|
- name: setup archlinux.org
|
|
hosts: archlinux.org
|
|
remote_user: root
|
|
roles:
|
|
- { role: common }
|
|
- { role: tools }
|
|
- { role: sshd }
|
|
- { role: root_ssh }
|
|
- { role: borg_client, tags: ["borg"] }
|
|
- { role: certbot }
|
|
- { role: nginx }
|
|
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
|
|
- role: postgres
|
|
postgres_listen_addresses: "*"
|
|
postgres_ssl: 'on'
|
|
- { role: sudo }
|
|
- { role: uwsgi }
|
|
- { role: memcached }
|
|
- { role: fetchmail }
|
|
- { role: archweb, archweb_planet: true }
|
|
- { role: fail2ban }
|
|
- { role: prometheus_exporters }
|
|
- { role: promtail }
|