Create separate role for SSH and Vagrant

- Added a separate role that first configures SSH, and after that
  gathers the ansible_virtualization_role fact, due to gathering facts
  requiring an SSH connection
- Renamed ssl_certs_enabled to letsencrypt_enabled and moved that
  and the vagrant variable to the be supplied directly to the last two
  roles in playbook.yml
- Added tags base_only and setup_services to the new role
  ssh_and_vagrant so that it will always be run before anything else
  when using deploy.sh

playbook.yml

@@ -1,15 +1,12 @@
 ---
 - hosts: all
-  gather_facts: true
+  gather_facts: false
   become: true
   vars:
     base_domain: data.coop
     letsencrypt_email: admin@data.coop
     ldap_dn: "dc=data,dc=coop"
 
-    vagrant: "{{ ansible_virtualization_role == 'guest' }}"
-    ssl_certs_enabled: "{{ vagrant == false }}"
-
     services:
       - nginx-proxy
       - postfix
@@ -36,9 +33,19 @@
     smtp_port: "587"
 
   tasks:
+    - import_role:
+        name: ssh_and_vagrant
+      tags:
+        - base_only
+        - setup_services
     - import_role:
         name: ubuntu_base
+      vars:
+        vagrant: "{{ ansible_virtualization_role == 'guest' }}"
       tags:
         - base_only
     - import_role:
         name: docker
+      vars:
+        vagrant: "{{ ansible_virtualization_role == 'guest' }}"
+        letsencrypt_enabled: "{{ not vagrant }}"

roles/docker/tasks/services/mailu.yml

@@ -28,7 +28,7 @@
     dest: "{{ mailu.volume_folder }}/certs/cert.pem"
     state: hard
     force: yes
-  when: ssl_certs_enabled
+  when: letsencrypt_enabled
 
 - name: hard link to Let's Encrypt TLS key
   file:
@@ -36,7 +36,7 @@
     dest: "{{ mailu.volume_folder }}/certs/key.pem"
     state: hard
     force: yes
-  when: ssl_certs_enabled
+  when: letsencrypt_enabled
 
 - name: run mail server containers
   docker_compose:

roles/docker/tasks/services/nginx-proxy.yml

@@ -44,5 +44,5 @@
       - /var/run/docker.sock:/var/run/docker.sock:ro
     env:
       NGINX_PROXY_CONTAINER: nginx-proxy
-  when: ssl_certs_enabled
+  when: letsencrypt_enabled
 

roles/ssh_and_vagrant/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- import_tasks: ssh-port.yml
+  tags: [change-ssh-port]
+- import_tasks: virtualization.yml
+  tags: [gather-virtualization-facts]

roles/ssh_and_vagrant/tasks/ssh-port.yml

@@ -11,7 +11,7 @@
   ignore_errors: true
   register: ssh_configured
 
-# If we're running in Vagrant, ansible_port is 2222
+# If running in Vagrant, ansible_port is always 2222
 - name: Change Ansible port to 22 if needed
   set_fact:
     ansible_port: 22
@@ -22,7 +22,7 @@
 - name: Change SSH port on host
   lineinfile:
     dest: "/etc/ssh/sshd_config"
-    regexp: "^#?Port"
+    regexp: "^#?Port "
     line: "Port 19022"
   register: ssh_changed
   notify: "Restart sshd"

roles/ssh_and_vagrant/tasks/virtualization.yml

@@ -0,0 +1,4 @@
+---
+- name: Determine if running in Vagrant
+  setup:
+    gather_subset: virtualization_role

roles/ubuntu_base/tasks/base.yml

@@ -13,7 +13,7 @@
 - name: Install Dell OpenManage
   apt:
     name: srvadmin-all
-  when: ansible_virtualization_role != "guest"
+  when: not vagrant
 
 - name: Install necessary packages via pip
   pip:

roles/ubuntu_base/tasks/main.yml

@@ -1,9 +1,7 @@
 ---
-- import_tasks: ssh-port.yml
-  tags: [change-ssh-port]
 - import_tasks: dell-apt-repo.yml
   tags: [setup-dell-apt-repo]
-  when: vagrant == false
+  when: not vagrant
 - import_tasks: upgrade.yml
   tags: [do-full-system-upgrade]
 - import_tasks: base.yml