infrastructure/playbooks/apollo.yml

---

- name: setup apollo
  hosts: apollo.archlinux.org
  remote_user: root
  roles:
    - { role: common, tags: ['common'] }
    - { role: tools, tags: ['tools'] }
    - { role: sshd, tags: ['sshd'] }
    - { role: root_ssh, tags: ['root_ssh'] }
    - { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup", mysql_backup_dir: "/root/backup-mysql", mysql_backup_defaults: "/root/.backup-my.cnf", tags: ["borg"] }
    - { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
    - { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
    - { role: spampd, tags: ["mail", "spampd"] }
    - { role: unbound, tags: ["mail", "unbound"] }
    - { role: postfix, postfix_server: false, postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail", "postfix"] }
    - { role: opendkim, dkim_selector: apollo, tags: ['mail', "opendkim"] }
    - { role: postfwd, tags: ['mail', "postfwd"] }
    - { role: postgres, postgres_listen_addresses: "'*'", postgres_max_connections: 1000, postgres_ssl: 'on', postgres_shared_buffers: 4096MB,
              postgres_ssl_hosts: ["{{ hostvars['orion.archlinux.org']['ipv4_address'] }}{{ hostvars['orion.archlinux.org']['ipv4_netmask'] }}",
              "{{ hostvars['orion.archlinux.org']['ipv6_address'] }}{{ hostvars['orion.archlinux.org']['ipv6_netmask'] }}"], tags: ['postgres'] }
    - { role: mariadb, mariadb_innodb_buffer_pool_size: '64M', mariadb_table_open_cache: '256', mariadb_query_cache_type: '0',
              mariadb_innodb_file_per_table: True, tags: ["mariadb"] }
    - { role: sudo, tags: ['sudo'] }
    - { role: uwsgi, tags: ['uwsgi'] }
    - { role: php-fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'mysqli', 'pdo_pgsql', 'pgsql', 'sockets', 'zip'], tags: ["php-fpm"] }
    - { role: memcached, tags: ['memcached'] }
    - { role: archweb, tags: ["archweb"] }
    - { role: security_tracker, security_tracker_domain: "security.archlinux.org", security_tracker_dir: "/srv/http/security-tracker", tags: ["security_tracker"] }
    - { role: flyspray, tags: ["flyspray"] }
    - { role: mailman, mailman_domain: "lists.archlinux.org", tags: ["mailman"] }
    - { role: patchwork, tags: ["patchwork"] }
    - { role: kanboard, tags: ["kanboard"] }
    - { role: zabbix-server, tags: ["zabbix", "zabbix-server"] }
    - { role: grafana, tags: ["grafana"] }