fedora-infra_ansible/playbooks/groups/people.yml

---
# Create a people server
#
#
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
  vars:
    myhosts: "people"

- name: Make the box be real
  hosts: people
  user: root
  gather_facts: yes

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:

  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  - name: Mount project volume
    mount: >
        name=/project
        src=/dev/mapper/vg_vm-project
        fstype=xfs
        opts="noatime,noexec,nosuid,nodev"
        passno=0
        dump=0
        state=mounted
    tags:
    - mount

  - name: Mount srv volume
    mount: >
        name=/srv
        src=/dev/mapper/vg_vm-srv
        fstype=xfs
        opts="usrquota,gqnoenforce,noatime,noexec,nosuid,nodev"
        passno=0
        dump=0
        state=mounted
    tags:
    - mount

  - name: Create /srv/home directory
    ansible.builtin.file: path=/srv/home state=directory owner=root group=root

  - name: Bind mount home volume
    mount: >
        name=/home
        src=/srv/home
        fstype=none
        opts=bind
        passno=0
        dump=0
        state=mounted
    tags:
    - mount

  roles:
  - base
  - collectd/base
  - role: openvpn/client
    when: env != "staging"
  - ipa/client
  - hosts
  - nagios_client
  - rkhunter
  - rsyncd
  - sudo
  - cgit/base
  - cgit/clean_lock_cron
  - cgit/make_pkgs_list
  - clamav
  - git/server

  - role: apache

  - role: httpd/certificate
    certname: wildcard-2024.fedorapeople.org
    SSLCertificateChainFile: wildcard-2024.fedorapeople.org.intermediate.cert

  - people

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"