infrastructure/playbooks/apollo.yml

---

- name: setup apollo
  hosts: apollo
  remote_user: root
  roles:
    - { role: common, tags: ['common'] }
    - { role: tools, tags: ['tools'] }
    - { role: sshd, tags: ['sshd'] }
    - { role: root_ssh, tags: ['root_ssh'] }
    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup", tags: ["borg"] }
    - { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
    - { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
    - { role: spampd, tags: ["mail", "spampd"] }
    - { role: postfix, postfix_server: false, tags: ["mail", "postfix"] }
    - { role: opendkim, dkim_selector: apollo, tags: ['mail', "opendkim"] }
    - { role: dovecot, tags: ['mail', "dovecot"] }
    - { role: postfwd, tags: ['mail', "postfwd"] }
    - { role: postgres, postgres_listen_addresses: "'*'", postgres_max_connections: 1000, postgres_ssl: 'on', postgres_shared_buffers: 4096MB,
              postgres_ssl_hosts: ["{{ hostvars['orion.archlinux.org']['ipv4_address'] }}",
              "{{ hostvars['orion.archlinux.org']['ipv6_address'] }}"], tags: ['postgres'] }
    - { role: sudo, tags: ['sudo'] }
    - { role: uwsgi, tags: ['uwsgi'] }
    - { role: memcached, tags: ['memcached'] }
    - { role: archweb, tags: ["archweb"] }
    - { role: security_tracker, security_tracker_domain: "security.archlinux.org", security_tracker_dir: "/srv/http/security-tracker", tags: ["security_tracker"] }