TESTING

host_vars/folald.yml

@@ -1,12 +1,12 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
+vm_host: cavall
+vm_type: control
+
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
 
 ansible_host: "{{ fqdn }}"
 ansible_port: 19022
 internal_ipv4: 10.2.1.5
-
-vm_host: cavall
-vm_type: control

host_vars/hestur.yml

@@ -1,11 +1,11 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
+vm_host: cloud
+vm_type: uptime
+
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
 
 ansible_host: "{{ fqdn }}"
 ansible_port: 22
-
-vm_host: cloud
-vm_type: uptime

host_vars/poltre.yml

@@ -1,12 +1,12 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
+vm_host: cavall
+vm_type: app
+
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
 
 ansible_host: "{{ fqdn }}"
 ansible_port: 19022
 internal_ipv4: 10.2.1.2
-
-vm_host: cavall
-vm_type: app

host_vars/varsa.yml

@@ -1,12 +1,12 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
+vm_host: cavall
+vm_type: app
+
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
 
-ansible_host: "{{ fqdn }}"
+ansible_host: 85.209.118.143 # "{{ fqdn }}"
 ansible_port: 19022
 internal_ipv4: 10.2.1.3
-
-vm_host: cavall
-vm_type: app

roles/services/defaults/main.yml

@@ -226,5 +226,7 @@ services:
     pre_deploy_tasks: true
     version: "latest"
 
-services_exclude: []
-services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
+services_exclude:
+  - uptime_kuma
+
+services_include: "{{ services | dict2items | map(attribute='key') | list | community.general.lists_difference(services_exclude) }}"

roles/services/tasks/pre_deploy/mailu.yml

@@ -35,6 +35,7 @@
     dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
     state: hard
     force: true
+  ignore_errors: true
 
 - name: Hard link to Let's Encrypt TLS key
   file:
@@ -42,3 +43,4 @@
     dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
     state: hard
     force: true
+  ignore_errors: true

roles/vm-common/tasks/base.yml

@@ -5,8 +5,8 @@
   ansible.builtin.apt:
     name:
       - apparmor
-      - bind-utils
-      - firewalld
+      - bind9-utils
+      - gnupg
       - haveged
       - htop
       - jq
@@ -22,5 +22,5 @@
     enabled: true
     state: started
   loop:
-    - firewalld
+    - fstrim.timer
     - haveged

roles/vm-common/tasks/firewall.yml

@@ -1,23 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-- name: Move internal network to zone 'internal'
-  ansible.posix.firewalld:
-    zone: internal
-    source: 10.2.1.0/24
-    permanent: true
-    state: enabled
-
-- name: Allow incoming connections to SSH port in zone 'internal'
-  ansible.posix.firewalld:
-    zone: internal
-    port: "{{ ansible_port }}"
-    permanent: true
-    state: enabled
-
-# Until control VM is deployed
-- name: Allow incoming connections to SSH port in default zone
-  ansible.posix.firewalld:
-    port: "{{ ansible_port }}"
-    permanent: true
-    state: enabled

roles/vm-common/tasks/main.yml

@@ -10,9 +10,3 @@
   ansible.builtin.import_tasks: users.yml
   tags:
     - setup-users
-
-- name: Firewall configuration
-  ansible.builtin.import_tasks: firewall.yml
-  notify: Reload firewalld
-  tags:
-    - setup-firewall

roles/vm-common/tasks/users.yml

@@ -18,7 +18,7 @@
     user: "{{ item.name }}"
     key: "{{ item.ssh_keys | join('\n') }}"
     exclusive: true
-  loop: "{{ users }}"
+  loop: "{{ users | selectattr('name', 'ne', 'ansible') }}"
 
 - name: Add SSH keys to Ansible user
   ansible.posix.authorized_key:

site.yml

@@ -7,8 +7,8 @@
   roles:
     - name: vm-common
       tags: [base_only]
-    - name: zfs
-      tags: [zfs]
+    # - name: zfs
+    #   tags: [zfs]
     - name: docker
       tags: [docker]
     - name: services