Finished new role identification system implementation

2025-08-29 15:06:26 +02:00 · 2025-07-11 00:42:36 +02:00
parent 292918da81
commit 6e32b20240
44 changed files with 212 additions and 218 deletions
--- a/tasks/stages/01_constructor.yml
+++ b/tasks/stages/01_constructor.yml
@@ -0,0 +1,118 @@
+---
+- name: "Debug: allowed_applications"
+  debug:
+    msg: "{{ allowed_applications }}"
+  when: enable_debug | bool
+
+- name: Merge variables
+  block:
+  - name: Merge users
+    set_fact:
+      users: "{{ default_users | combine(users| default({}), recursive=True) }}"
+
+  - name: Merge system_email definitions
+    set_fact:
+      system_email: "{{ default_system_email | combine(system_email | default({}, true), recursive=True) }}"
+
+  - name: Merge application definitions
+    set_fact:
+      applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"
+
+  - name: Merge current play applications
+    set_fact:
+      current_play_applications: >-
+        {{ 
+          applications |
+          applications_if_group_and_deps(group_names)
+        }}
+
+  - name: Merge current play domain definitions
+    set_fact:
+      current_play_domains: >- 
+        {{  current_play_applications |
+            canonical_domains_map(primary_domain) | 
+            combine(domains | default({}, true), recursive=True) 
+        }}
+  
+  - name: Merge domain definitions for all domains
+    set_fact:
+      domains: >-
+        {{ 
+          defaults_applications | 
+          canonical_domains_map(primary_domain) | 
+          combine(current_play_domains, recursive=True) 
+        }}
+
+  - name: Merge redirect_domain_mappings
+    set_fact:
+      # The following mapping is necessary to define the exceptions for domains which are created, but which aren't used
+      redirect_domain_mappings: "{{
+        []  | 
+        add_redirect_if_group('assets-server',    domains | get_domain('assets-server'), domains | get_domain('file-server'),  group_names) | 
+        merge_mapping(redirect_domain_mappings| default([]), 'source')
+        }}"
+
+  - name: Set current play redirect domain mappings 
+    set_fact:
+      current_play_domain_mappings_redirect: >-
+        {{ 
+          current_play_applications |
+          domain_mappings(primary_domain) | 
+          merge_mapping(redirect_domain_mappings, 'source') 
+        }}
+
+  - name: Set current play all domains incl. www redirect if enabled
+    set_fact:
+      current_play_domains_all: >-
+        {{
+          (current_play_domains |
+          combine(
+            current_play_domain_mappings_redirect | 
+            items2dict(key_name='source', value_name='source'),
+            recursive=True
+          )) |
+          generate_all_domains(
+            ('www_redirect' in group_names)
+          )
+        }}
+
+  - name: Merge networks definitions
+    set_fact:
+      networks: "{{ defaults_networks | combine(networks | default({}, true), recursive=True) }}"
+  
+  - name: Merge oidc configuration
+    set_fact:
+      oidc: "{{ defaults_oidc | combine(oidc | default({}, true), recursive=True) }}"
+
+  - name: Merge design configuration
+    set_fact:
+      design: "{{ defaults_design | combine(design | default({}, true), recursive=True) }}"
+
+  - name: Merge service_provider configuration
+    set_fact:
+      service_provider: "{{ defaults_service_provider | combine(service_provider | default({}, true), recursive=True) }}"
+
+- name: init root user
+  include_role:
+    name: user-root
+
+- name: update device
+  include_role:
+    name: update
+  when: mode_update | bool
+
+- name: "Load base roles"
+  include_tasks: "./tasks/groups/{{ item }}-roles.yml"
+  loop:
+    - core
+    - drv
+    - gen
+    - net
+    - alert
+    - mon
+    - maint
+    - update
+    - bkp
+    - cln
+  loop_control:
+    label: "{{ item }}-roles.yml"
--- a/tasks/stages/02_personal-computer.yml
+++ b/tasks/stages/02_personal-computer.yml
@@ -0,0 +1,16 @@
+---
+- name: "setup docker role includes for desktop pc"
+  include_tasks: "./tasks/groups/{{ item }}-roles.yml"
+  loop:
+    - util-srv  # Services need to run before applications
+    - util-desk
+  loop_control:
+    label: "{{ item }}-roles.yml"
+
+- name: general host setup
+  when: ("personal_computers" in group_names)
+  include_role:
+    name: "{{ item }}"
+  loop:
+    - util-gen-admin
+    - drv-non-free
--- a/tasks/stages/02_server.yml
+++ b/tasks/stages/02_server.yml
@@ -0,0 +1,20 @@
+---
+- name: Setup server base
+  when: ("servers" in group_names)
+  include_role:
+    name: "{{ item }}"
+  loop:
+    - core-security
+    - core-journalctl
+    - mon-bot-disc-space
+    - cln-disc-space
+    - mon-bot-btrfs
+    - maint-btrfs-auto-balancer
+
+- name: "Include server roles"
+  include_tasks: "./tasks/groups/{{ item }}-roles.yml"
+  loop:
+    - web-svc # Services need to run before applications
+    - web-app
+  loop_control:
+    label: "{{ item }}-roles.yml"
--- a/tasks/stages/03_destructor.yml
+++ b/tasks/stages/03_destructor.yml
@@ -0,0 +1,6 @@
+- name: "Load destruction roles"
+  include_tasks: "./tasks/groups/{{ item }}-roles.yml"
+  loop:
+    - cln
+  loop_control:
+    label: "{{ item }}-roles.yml"