- name: define role list set_fact: # common roles for all primary roles common_roles: - {stage: 2, role: 'common'} - {stage: 3, role: 'ns', function: 'add_records'} - {stage: 5, role: 'mail-user'} - {stage: 8, role: 'iptables'} - {stage: 9, role: 'backup', function: 'setup'} # these primary roles do not inherit common roles no_common_roles: - mikrotik - workstation # these primary roles will always inherit postgres integration database_roles: - acme-dns - asterisk - gitea - roundcube - shop - wikijs - vault # additional roles for specific primary roles extra_roles: ca: - {stage: 2, role: 'ca', function: 'install'} coredns: - {stage: 2, role: 'coredns', function: 'install'} - {stage: 4, role: 'coredns', function: 'install_tls'} mariadb: - {stage: 4, role: 'mariadb', function: 'install'} mikrotik: - {stage: 3, role: 'ns', function: 'add_records'} - {stage: 5, role: 'mikrotik'} nsd: - {stage: 4, role: 'nsd', function: 'install'} - {stage: 4, role: 'nsd', function: 'populate'} - {stage: 5, role: 'nsd', function: 'install_dnssec'} - {stage: 5, role: 'nsd', function: 'install_tls'} postfix: - {stage: 3, role: 'mail-db'} - {stage: 4, role: 'postfix'} postgres: - {stage: 2, role: 'postgres', function: 'install'} - {stage: 3, role: 'postgres', function: 'install_tls'} powerdns: - {stage: 2, role: 'postgres', function: 'integrate'} - {stage: 2, role: 'powerdns', function: 'install'} - {stage: 3, role: 'ca', function: 'certs'} proxmox: - {stage: 1, role: 'common'} - {stage: 1, role: 'proxmox', function: 'install'} - {stage: 5, role: 'mail-user'} - {stage: 5, role: 'proxmox', function: 'tls'} - {stage: 6, role: 'proxmox', function: 'mail'} rest-server: - {stage: 6, role: 'rest-server', function: 'install'} workstation: - {stage: 3, role: 'ns', function: 'add_records'} - {stage: 5, role: 'workstation'} # recommended hardware parameters for each primary role role_hardware: acme-dns: {cores: 2, memory: 96, swap: 64, disk: 0.15} ansible: {cores: 4, memory: 256, swap: 384, disk: 1.5} asterisk: {cores: 4, memory: 192, swap: 96, disk: 0.6, cpuunits: 2048} blocky: {cores: 4, memory: 384, swap: 128, disk: 0.15} ca: {cores: 2, memory: 128, swap: 64, disk: 0.15, cpuunits: 512} clamav: {cores: 4, memory: 2048, swap: 256, disk: 0.75} coredns: {cores: 4, memory: 128, swap: 64, disk: 0.15} crl: {cores: 2, memory: 128, swap: 48, disk: 0.15} dovecot: {cores: 4, memory: 256, swap: 64, disk: 0.15} gitea: {cores: 4, memory: 512, swap: 256, disk: 1} grafana: {cores: 4, memory: 512, swap: 256, disk: 0.4} mariadb: {cores: 4, memory: 256, swap: 128, disk: 0.4} mc: {cores: 4, memory: 2048, swap: 512, disk: 0.5} nsd: {cores: 2, memory: 256, swap: 256, disk: 0.15} ntp: {cores: 2, memory: 64, swap: 128, disk: 0.15} postfix: {cores: 4, memory: 256, swap: 48, disk: 0.15} postgres: {cores: 4, memory: 256, swap: 256, disk: 0.5} powerdns: {cores: 2, memory: 96, swap: 64, disk: 0.15} prometheus: {cores: 4, memory: 512, swap: 256, disk: 0.3} rclone: {cores: 4, memory: 192, swap: 96, disk: 0.2, cpuunits: 768} rest-server: {cores: 4, memory: 256, swap: 192, disk: 0.2, cpuunits: 512} roundcube: {cores: 4, memory: 384, swap: 256, disk: 0.5} rspamd: {cores: 4, memory: 768, swap: 128, disk: 0.3} seafile: {cores: 4, memory: 1024, swap: 1024, disk: 5} shop: {cores: 4, memory: 192, swap: 128, disk: 0.4} smb: {cores: 2, memory: 128, swap: 64, disk: 0.15} strongswan: {cores: 4, memory: 128, swap: 48, disk: 0.15} unbound: {cores: 2, memory: 128, swap: 64, disk: 0.15} uptime-kuma: {cores: 4, memory: 384, swap: 128, disk: 0.5} vault: {cores: 4, memory: 128, swap: 64, disk: 0.3} web: {cores: 4, memory: 128, swap: 64, disk: 0.2} wikijs: {cores: 4, memory: 256, swap: 256, disk: 0.75} # role dependency table # 0 - DNS ok # 1 - DB ok role_dependency: acme-dns: 0 ansible: 0 asterisk: 2 blocky: 0 ca: 0 clamav: 1 coredns: 0 crl: 1 dovecot: 2 gitea: 2 grafana: 2 mariadb: 0 mc: 3 nsd: 0 ntp: 0 postfix: 2 postgres: 0 powerdns: 1 prometheus: 1 rclone: 1 rest-server: 0 roundcube: 2 rspamd: 2 seafile: 3 shop: 2 smb: 1 strongswan: 1 unbound: 0 uptime-kuma: 3 vault: 2 web: 1 wikijs: 3 run_once: yes no_log: yes