--- - name: Provision Twirre server hosts: twirre_servers become: true pre_tasks: - name: Validate Bun application definitions ansible.builtin.assert: that: - bun_apps is iterable - bun_apps | length > 0 - bun_apps | map(attribute='name') | select('string') | list | length == bun_apps | length - bun_apps | map(attribute='repo') | select('string') | list | length == bun_apps | length - bun_apps | map(attribute='path') | select('string') | list | length == bun_apps | length - bun_apps | map(attribute='service_name') | select('string') | list | length == bun_apps | length - bun_apps | map(attribute='entrypoint') | select('string') | list | length == bun_apps | length fail_msg: Define at least one Bun application in bun_apps. when: bun_enabled | bool - name: Validate WireGuard configuration when enabled ansible.builtin.assert: that: - wireguard_interface.address | length > 0 - wireguard_interface.private_key | length > 0 fail_msg: WireGuard is enabled but the interface address or private key is missing. when: wireguard_enabled | bool - name: Validate Gitea secrets when enabled ansible.builtin.assert: that: - (vault_gitea_secret_key | default('')) | length > 0 - (vault_gitea_internal_token | default('')) | length > 0 - (vault_gitea_lfs_jwt_secret | default('')) | length > 0 fail_msg: Gitea is enabled but one or more required Vault secrets are missing. when: gitea_enabled | bool roles: - role: base - role: ssh - role: backupagent when: backupagent_enabled | bool - role: docker when: docker_enabled | bool - role: bun when: bun_enabled | bool - role: fail2ban when: fail2ban_enabled | bool - role: wireguard when: wireguard_enabled | bool - role: gitea when: gitea_enabled | bool - role: mailserver when: mailserver_enabled | bool - role: bun_app when: bun_enabled | bool - role: nginx when: nginx_enabled | bool - role: certbot when: certbot_enabled | bool