mash-playbook/templates/setup.yml
Slavi Pantaleev d2c9ed3e45 Initial work on optimization commands
The playbook can now optimize itself based on the enabled components in
for all hosts in the inventory (`just optimize`) or for a specific host
(`just optimize-for-host HOSTNAME`).

The optimized playbook will have:

- fewer requirements (fewer roles need to be installed by `just roles`)
- a shorter and quicker to evaluate `group_vars/mash_servers` file
- a `setup.yml` file which includes less roles

Running the playbook optimized is still work in progress.
There still probably exist various role dependencies in the group-vars file, etc.

The `optimize-reset` command aims to restore your playbook to a
non-optimized state, which should work as before (and not experience bugs).

The playbook takes care to notice of changes to the various files in
`templates/` (`setup.yml`, `requirements.yml`, `group_vars_mash_servers`)
and update your optimized or non-optimized copies that are derived from
these templates. To do this, it keeps `.srchash` files in the `run/` directory.
When it notices a change in the source file's hash (by comparing to the `.srchash` file),
it will update you to the new template.

Optimization state is stored in a file in `run/` as well (`optimization-vars-files.state`).
Should the playbook notice changes in the source `template/` files, it
should update you and re-optimize using the same parameters as before (read from the state file).
2023-11-20 16:29:06 +02:00

352 lines
8.9 KiB
YAML

- name: "Set up a self-hosted server"
hosts: "{{ target if target is defined else 'mash_servers' }}"
become: true
roles:
# role-specific:playbook_help
# This role has no tasks at all
- role: galaxy/playbook_help
# /role-specific:playbook_help
# role-specific:systemd_docker_base
# This role has no tasks at all
- role: galaxy/systemd_docker_base
# /role-specific:systemd_docker_base
# role-specific:docker
- when: mash_playbook_docker_installation_enabled | bool
role: galaxy/docker
vars:
docker_install_compose: false
docker_install_compose_plugin: false
tags:
- setup-docker
- setup-all
- install-docker
- install-all
# /role-specific:docker
# role-specific:docker_sdk_for_python
- when: devture_docker_sdk_for_python_installation_enabled | bool
role: galaxy/docker_sdk_for_python
tags:
- setup-docker
- setup-all
- install-docker
- install-all
# /role-specific:docker_sdk_for_python
# role-specific:timesync
- when: devture_timesync_installation_enabled | bool
role: galaxy/timesync
tags:
- setup-timesync
- setup-all
- install-timesync
- install-all
# /role-specific:timesync
# No role-specific checks here, as it's a local role that is always installed.
- role: mash/playbook_base
# role-specific:swap
- role: galaxy/swap
# /role-specific:swap
# role-specific:ssh
- when: system_security_ssh_enabled | bool
role: galaxy/ssh
# /role-specific:ssh
# role-specific:fail2ban
- when: system_security_fail2ban_enabled | bool
role: galaxy/fail2ban
# /role-specific:fail2ban
# role-specific:postgres
# This role exposes various tags (setup-postgres, setup-all, upgrade-postgres, import-postgres, etc.), so we don't tag it here.
- role: galaxy/postgres
# /role-specific:postgres
# role-specific:postgres_backup
- role: galaxy/postgres_backup
# /role-specific:postgres_backup
# role-specific:mongodb
- role: galaxy/mongodb
# /role-specific:mongodb
# role-specific:container_socket_proxy
- role: galaxy/container_socket_proxy
# /role-specific:container_socket_proxy
# role-specific:traefik
- role: galaxy/traefik
# /role-specific:traefik
# role-specific:adguard_home
- role: galaxy/adguard_home
# /role-specific:adguard_home
# role-specific:appsmith
- role: galaxy/appsmith
# /role-specific:appsmith
# role-specific:authelia
- role: galaxy/authelia
# /role-specific:authelia
# role-specific:authentik
- role: galaxy/authentik
# /role-specific:authentik
# role-specific:backup_borg
- role: galaxy/backup_borg
# /role-specific:backup_borg
# role-specific:changedetection
- role: galaxy/changedetection
# /role-specific:changedetection
# role-specific:clickhouse
- role: galaxy/clickhouse
# /role-specific:clickhouse
# role-specific:collabora_online
- role: galaxy/collabora_online
# /role-specific:collabora_online
# role-specific:docker_registry
- role: galaxy/docker_registry
# /role-specific:docker_registry
# role-specific:docker_registry_browser
- role: galaxy/docker_registry_browser
# /role-specific:docker_registry_browser
# role-specific:docker_registry_purger
- role: galaxy/docker_registry_purger
# /role-specific:docker_registry_purger
# role-specific:echoip
- role: galaxy/echoip
# /role-specific:echoip
# role-specific:firezone
- role: galaxy/firezone
# /role-specific:firezone
# role-specific:focalboard
- role: galaxy/focalboard
# /role-specific:focalboard
# role-specific:freshrss
- role: galaxy/freshrss
# /role-specific:freshrss
# role-specific:funkwhale
- role: galaxy/funkwhale
# /role-specific:funkwhale
# role-specific:gitea
- role: galaxy/gitea
# /role-specific:gitea
# role-specific:gotosocial
- role: galaxy/gotosocial
# /role-specific:gotosocial
# role-specific:grafana
- role: galaxy/grafana
# /role-specific:grafana
# role-specific:mariadb
- role: galaxy/mariadb
# /role-specific:mariadb
# role-specific:miniflux
- role: galaxy/miniflux
# /role-specific:miniflux
# role-specific:mrs
- role: galaxy/mrs
# /role-specific:mrs
# role-specific:n8n
- role: galaxy/n8n
# /role-specific:n8n
# role-specific:healthchecks
- role: galaxy/healthchecks
# /role-specific:healthchecks
# role-specific:infisical
- role: galaxy/infisical
# /role-specific:infisical
# role-specific:hubsite
- role: galaxy/hubsite
# /role-specific:hubsite
# role-specific:ilmo
- role: galaxy/ilmo
# /role-specific:ilmo
# role-specific:influxdb
- role: galaxy/influxdb
# /role-specific:influxdb
# role-specific:jitsi
- role: galaxy/jitsi
# /role-specific:jitsi
# role-specific:keycloak
- role: galaxy/keycloak
# /role-specific:keycloak
# role-specific:lago
- role: galaxy/lago
# /role-specific:lago
# role-specific:linkding
- role: galaxy/linkding
# /role-specific:linkding
# role-specific:mobilizon
- role: galaxy/mobilizon
# /role-specific:mobilizon
# role-specific:mosquitto
- role: galaxy/mosquitto
# /role-specific:mosquitto
# role-specific:navidrome
- role: galaxy/navidrome
# /role-specific:navidrome
# role-specific:netbox
- role: galaxy/netbox
# /role-specific:netbox
# role-specific:nextcloud
- role: galaxy/nextcloud
# /role-specific:nextcloud
# role-specific:owncast
- role: galaxy/owncast
# /role-specific:owncast
# role-specific:outline
- role: galaxy/outline
# /role-specific:outline
# role-specific:oxitraffic
- role: galaxy/oxitraffic
# /role-specific:oxitraffic
# role-specific:peertube
- role: galaxy/peertube
# /role-specific:peertube
# role-specific:postgis
- role: galaxy/postgis
# /role-specific:postgis
# role-specific:prometheus
- role: galaxy/prometheus
# /role-specific:prometheus
# role-specific:prometheus_node_exporter
- role: galaxy/prometheus_node_exporter
# /role-specific:prometheus_node_exporter
# role-specific:prometheus_blackbox_exporter
- role: galaxy/prometheus_blackbox_exporter
# /role-specific:prometheus_blackbox_exporter
# role-specific:prometheus_postgres_exporter
- role: galaxy/prometheus_postgres_exporter
# /role-specific:prometheus_postgres_exporter
# role-specific:prometheus_ssh_exporter
- role: galaxy/prometheus_ssh_exporter
# /role-specific:prometheus_ssh_exporter
# role-specific:radicale
- role: galaxy/radicale
# /role-specific:radicale
# role-specific:redmine
- role: galaxy/redmine
# /role-specific:redmine
# role-specific:redis
- role: galaxy/redis
# /role-specific:redis
# role-specific:rumqttd
- role: galaxy/rumqttd
# /role-specific:rumqttd
# role-specific:soft_serve
- role: galaxy/soft_serve
# /role-specific:soft_serve
# role-specific:syncthing
- role: galaxy/syncthing
# /role-specific:syncthing
# role-specific:telegraf
- role: galaxy/telegraf
# /role-specific:telegraf
# role-specific:vaultwarden
- role: galaxy/vaultwarden
# /role-specific:vaultwarden
# role-specific:uptime_kuma
- role: galaxy/uptime_kuma
# /role-specific:uptime_kuma
# role-specific:wg_easy
- role: galaxy/wg_easy
# /role-specific:wg_easy
# role-specific:forgejo
- role: galaxy/forgejo
# /role-specific:forgejo
# role-specific:woodpecker_ci_server
- role: galaxy/woodpecker_ci_server
# /role-specific:woodpecker_ci_server
# role-specific:woodpecker_ci_agent
- role: galaxy/woodpecker_ci_agent
# /role-specific:woodpecker_ci_agent
# role-specific:roundcube
- role: galaxy/roundcube
# /role-specific:roundcube
# role-specific:auxiliary
- role: galaxy/auxiliary
# /role-specific:auxiliary
# role-specific:systemd_service_manager
- when: devture_systemd_service_manager_enabled | bool
role: galaxy/systemd_service_manager
# /role-specific:systemd_service_manager
# role-specific:playbook_state_preserver
# This is pretty much last, because we want it to better serve as a "last known good configuration".
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
- when: devture_playbook_state_preserver_enabled | bool
role: galaxy/playbook_state_preserver
tags:
- setup-all
- install-all
# /role-specific:playbook_state_preserver
# role-specific:playbook_runtime_messages
- role: galaxy/playbook_runtime_messages
# /role-specific:playbook_runtime_messages