feat: full untested ansible setup

2026-04-22 12:22:58 +02:00
parent b1d9b2a857
commit 0d967909e7
37 changed files with 1362 additions and 1 deletions
--- a/site.yml
+++ b/site.yml
@@ -0,0 +1,49 @@
+---
+- name: Provision Twirre server
+  hosts: twirre_servers
+  become: true
+
+  pre_tasks:
+    - name: Validate Bun application definitions
+      ansible.builtin.assert:
+        that:
+          - bun_apps is iterable
+          - bun_apps | length > 0
+        fail_msg: Define at least one Bun application in bun_apps.
+      when: bun_enabled | bool
+
+    - name: Validate WireGuard configuration when enabled
+      ansible.builtin.assert:
+        that:
+          - wireguard_interface.address | length > 0
+          - wireguard_interface.private_key | length > 0
+        fail_msg: WireGuard is enabled but the interface address or private key is missing.
+      when: wireguard_enabled | bool
+
+  roles:
+    - role: base
+    - role: ssh
+    - role: backupagent
+      when: backupagent_enabled | bool
+    - role: docker
+      when: docker_enabled | bool
+    - role: bun
+      when: bun_enabled | bool
+    - role: fail2ban
+      when: fail2ban_enabled | bool
+    - role: wireguard
+      when: wireguard_enabled | bool
+    - role: gitea
+      when: gitea_enabled | bool
+    - role: mailserver
+      when: mailserver_enabled | bool
+    - role: bun_app
+      loop: "{{ bun_apps }}"
+      loop_control:
+        loop_var: bun_app
+        label: "{{ bun_app.name }}"
+      when: bun_enabled | bool
+    - role: nginx
+      when: nginx_enabled | bool
+    - role: certbot
+      when: certbot_enabled | bool