ansible-playbooks/mappings.yml

- name: define role list
  set_fact:
    # common roles for all primary roles


    # these primary roles do not inherit common roles
    no_common_roles:
      - mikrotik
      - workstation

    # these primary roles will always inherit postgres integration
    database_roles:
      - acme-dns
      - asterisk
      - gitea
      - roundcube
      - shop
      - wikijs
      - vault

    # additional roles for specific primary roles
    extra_roles:
      ca:
        - {stage: 2, role: 'ca', function: 'install'}
      coredns:
        - {stage: 2, role: 'coredns', function: 'install'}
        - {stage: 4, role: 'coredns', function: 'install_tls'}
      mariadb:
        - {stage: 4, role: 'mariadb', function: 'install'}
      mikrotik:
        - {stage: 3, role: 'ns', function: 'add_records'}
        - {stage: 5, role: 'mikrotik'}
      nsd:
        - {stage: 4, role: 'nsd', function: 'install'}
        - {stage: 4, role: 'nsd', function: 'populate'}
        - {stage: 5, role: 'nsd', function: 'install_dnssec'}
        - {stage: 5, role: 'nsd', function: 'install_tls'}
      postfix:
        - {stage: 3, role: 'mail-db'}
        - {stage: 4, role: 'postfix'}
      postgres:
        - {stage: 2, role: 'postgres', function: 'install'}
        - {stage: 3, role: 'postgres', function: 'install_tls'}
      powerdns:
        - {stage: 2, role: 'postgres', function: 'integrate'}
        - {stage: 2, role: 'powerdns', function: 'install'}
        - {stage: 3, role: 'ca', function: 'certs'}
      proxmox:
        - {stage: 1, role: 'common'}
        - {stage: 1, role: 'proxmox', function: 'install'}
        - {stage: 5, role: 'mail-user'}
        - {stage: 5, role: 'proxmox', function: 'rproxy'}
        - {stage: 6, role: 'proxmox', function: 'mail'}
      rest-server:
        - {stage: 6, role: 'rest-server', function: 'install'}
      workstation:
        - {stage: 3, role: 'ns', function: 'add_records'}
        - {stage: 5, role: 'workstation'}

    # recommended hardware parameters for each primary role
    role_hardware:
      acme-dns: {cores: 2, memory: 96, swap: 64, disk: 0.15}
      ansible: {cores: 4, memory: 256, swap: 384, disk: 1.5}
      asterisk: {cores: 4, memory: 192, swap: 96, disk: 0.6, cpuunits: 2048}
      blocky: {cores: 4, memory: 384, swap: 128, disk: 0.15}
      ca: {cores: 2, memory: 128, swap: 64, disk: 0.15, cpuunits: 512}
      clamav: {cores: 4, memory: 2048, swap: 256, disk: 0.75}
      coredns: {cores: 4, memory: 128, swap: 64, disk: 0.15}
      crl: {cores: 2, memory: 128, swap: 48, disk: 0.15}
      dovecot: {cores: 4, memory: 256, swap: 64, disk: 0.15}
      gitea: {cores: 4, memory: 512, swap: 256, disk: 1}
      grafana: {cores: 4, memory: 512, swap: 256, disk: 0.4}
      mariadb: {cores: 4, memory: 256, swap: 128, disk: 0.4}
      mc: {cores: 4, memory: 2048, swap: 512, disk: 0.5}
      nsd: {cores: 2, memory: 256, swap: 256, disk: 0.15}
      ntp: {cores: 2, memory: 64, swap: 128, disk: 0.15}
      postfix: {cores: 4, memory: 256, swap: 48, disk: 0.15}
      postgres: {cores: 4, memory: 256, swap: 256, disk: 0.5}
      powerdns: {cores: 2, memory: 96, swap: 64, disk: 0.15}
      prometheus: {cores: 4, memory: 512, swap: 256, disk: 0.3}
      rclone: {cores: 4, memory: 192, swap: 96, disk: 0.2, cpuunits: 768}
      rest-server: {cores: 4, memory: 256, swap: 192, disk: 0.2, cpuunits: 512}
      roundcube: {cores: 4, memory: 384, swap: 256, disk: 0.5}
      rspamd: {cores: 4, memory: 768, swap: 128, disk: 0.3}
      seafile: {cores: 4, memory: 1024, swap: 1024, disk: 5}
      shop: {cores: 4, memory: 192, swap: 128, disk: 0.4}
      smb: {cores: 2, memory: 128, swap: 64, disk: 0.15}
      strongswan: {cores: 4, memory: 128, swap: 48, disk: 0.15}
      unbound: {cores: 2, memory: 128, swap: 64, disk: 0.15}
      uptime-kuma: {cores: 4, memory: 384, swap: 128, disk: 0.5}
      vault: {cores: 4, memory: 128, swap: 64, disk: 0.3}
      web: {cores: 4, memory: 128, swap: 64, disk: 0.2}
      wikijs: {cores: 4, memory: 256, swap: 256, disk: 0.75}

    # role dependency table
    # 0 - DNS ok
    # 1 - DB ok
    role_dependency:
      acme-dns: 0
      ansible: 0
      asterisk: 2
      blocky: 0
      ca: 0
      clamav: 1
      coredns: 0
      crl: 1
      dovecot: 2
      gitea: 2
      grafana: 2
      mariadb: 0
      mc: 3
      nsd: 0
      ntp: 0
      postfix: 2
      postgres: 0
      powerdns: 1
      prometheus: 1
      rclone: 1
      rest-server: 0
      roundcube: 2
      rspamd: 2
      seafile: 3
      shop: 2
      smb: 1
      strongswan: 1
      unbound: 0
      uptime-kuma: 3
      vault: 2
      web: 1
      wikijs: 3

  run_once: yes
  no_log: yes