Refactored playbooks and optimized main.py

2025-03-26 03:03:32 +01:00 · 2025-03-19 13:05:03 +01:00 · 2025-03-19 13:05:03 +01:00 · 83de47921d
commit 83de47921d
parent bd4241d74e
17 changed files with 513 additions and 444 deletions
--- a/03_INSTALLATION.md
+++ b/03_INSTALLATION.md
@ -1,9 +1,10 @@
 # Installation

-CyMaIS can be easily installed using [Kevin's Package Manager](https://github.com/kevinveenbirkenbach/package-manager). Once you have the package manager set up, simply run:
+CyMaIS can be easily installed on your local host using [Kevin's Package Manager](https://github.com/kevinveenbirkenbach/package-manager). Once you have the package manager set up, simply run:

 ```bash
-pkgmgr install cymais
+pkgmgr clone cymais     # downloads the cymais repository
+pkgmgr install cymais   # installs cymais on your local host
 ```

 This command will install CyMaIS on your system with the alias **cymais**.
--- a/04_ENTERPRISE.md
+++ b/04_ENTERPRISE.md
--- a/05_DONATE.md
+++ b/05_DONATE.md
--- a/06_SECURITY.md
+++ b/06_SECURITY.md
--- a/group_vars/README.md
+++ b/group_vars/README.md
@ -1 +1,38 @@
-# Configuration
+# Configuration
+
+## Ansible Vault Basics
+
+CyMaIS uses Ansible Vault to protect sensitive data (e.g. passwords). Use these common commands:
+
+### Edit an Encrypted File
+```bash
+ansible-vault edit <filename.yml> --vault-password-file <your-vault-pass-file>
+```
+
+### Decrypt a File
+```bash
+ansible-vault decrypt <filename.yml> --vault-password-file <your-vault-pass-file>
+```
+
+### Encrypt a File
+```bash
+ansible-vault encrypt <filename.yml> --vault-password-file <your-vault-pass-file>
+```
+
+### Encrypt a String
+```bash
+ansible-vault encrypt_string --vault-password-file <your-vault-pass-file> 'example' --name 'test'
+```
+
+## Password Generation
+
+You can generate a secure random password and encrypt it with Ansible Vault. For example:
+```bash
+ansible-vault encrypt_string "$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 32)" --vault-password-file /path/to/your/vault_pass.txt | xclip -selection clipboard
+```
+This command generates a 32-character alphanumeric password, encrypts it, and copies the result to your clipboard.
+
+## Final Notes
+
+- **Customizing Paths and Variables:**  
+  All file paths and configuration variables are defined in group variables (e.g., `group_vars/all/*.yml`) and role variable files. Adjust these to suit your deployment environment.
--- a/main.py
+++ b/main.py
@ -3,62 +3,74 @@
 import argparse
 import subprocess

-def run_ansible_vault(action, filename, vault_password_file):
-    cmd = ["ansible-vault", action, filename, "--vault-password-file", vault_password_file]
+def run_ansible_vault(action, filename, password_file):
+    """Execute an ansible-vault command with the specified action on a file."""
+    cmd = ["ansible-vault", action, filename, "--vault-password-file", password_file]
    subprocess.run(cmd, check=True)

-def run_ansible_playbook(inventory, playbook, limit=None, extra_vars=None, vault_password_file=None, verbose=False):
+def run_ansible_playbook(inventory:str, playbook:str, modes:[bool], limit:str=None, password_file:str=None, verbose:bool=False):
+    """Execute an ansible-playbook command with optional parameters."""
    cmd = ["ansible-playbook", "-i", inventory, playbook]
+    
    if limit:
        cmd.extend(["--limit", limit])
-    if extra_vars:
-        for key, value in extra_vars.items():
-            cmd.extend(["-e", f"{key}={str(value).lower()}"])
-    if vault_password_file:
-        cmd.extend(["--vault-password-file", vault_password_file])
+    
+    if modes:
+        for key, value in modes.items():
+            # Convert boolean values to lowercase strings
+            arg_value = f"{str(value).lower()}" if isinstance(value, bool) else f"{value}"
+            cmd.extend(["-e", f"{key}={arg_value}"])
+    
+    if password_file:
+        cmd.extend(["--vault-password-file", password_file])
+    
    if verbose:
        cmd.append("-v")
+    
    subprocess.run(cmd, check=True)

 def main():
    parser = argparse.ArgumentParser(description="CyMaIS Ansible Deployment and Vault Management")
    subparsers = parser.add_subparsers(dest="command", required=True)

-    # Vault Subcommands
+    # Vault subcommand parser
    vault_parser = subparsers.add_parser("vault", help="Manage Ansible Vault")
    vault_parser.add_argument("action", choices=["edit", "decrypt", "encrypt"], help="Vault action")
    vault_parser.add_argument("filename", help="File to process")
-    vault_parser.add_argument("--vault-password-file", required=True, help="Path to the Vault password file")
+    vault_parser.add_argument("--password-file", required=True, help="Path to the Vault password file")

-    # Playbook Subcommands
+    # Playbook subcommand parser
    playbook_parser = subparsers.add_parser("playbook", help="Run Ansible Playbooks")
    playbook_parser.add_argument("inventory", help="Path to the inventory file")
-    playbook_parser.add_argument("playbook", help="Path to the playbook file")
    playbook_parser.add_argument("--limit", help="Limit execution to a specific server")
+    playbook_parser.add_argument("--host-type", choices=["server", "personal-computer"], default="server",
+                                 help="Host type to run the playbook on; defaults to 'server'")
    playbook_parser.add_argument("--reset", action="store_true", help="Enable reset mode")
    playbook_parser.add_argument("--test", action="store_true", help="Enable test mode")
    playbook_parser.add_argument("--update", action="store_true", help="Enable update mode")
    playbook_parser.add_argument("--backup", action="store_true", help="Enable backup mode")
    playbook_parser.add_argument("--cleanup", action="store_true", help="Enable cleanup mode")
    playbook_parser.add_argument("--debug", action="store_true", help="Enable debugging output")
-    playbook_parser.add_argument("--vault-password-file", help="Path to the Vault password file")
+    playbook_parser.add_argument("--password-file", help="Path to the Vault password file")
    playbook_parser.add_argument("-v", "--verbose", action="store_true", help="Enable verbose output")

    args = parser.parse_args()

    if args.command == "vault":
-        run_ansible_vault(args.action, args.filename, args.vault_password_file)
+        run_ansible_vault(args.action, args.filename, args.password_file)
    elif args.command == "playbook":
-        extra_vars = {
+        modes = {
            "mode_reset": args.reset,
            "mode_test": args.test,
            "mode_update": args.update,
            "mode_backup": args.backup,
            "mode_cleanup": args.cleanup,
            "enable_debug": args.debug,
+            "host_type": args.host_type
        }
-        extra_vars = {k: v for k, v in extra_vars.items() if v}  # Remove false values
-        run_ansible_playbook(args.inventory, args.playbook, args.limit, extra_vars, args.vault_password_file, args.verbose)
+
+        # Use a fixed playbook file "playbook.yml"
+        run_ansible_playbook(args.inventory, "playbook.yml", modes, args.limit, args.password_file, args.verbose)

 if __name__ == "__main__":
    main()
--- a/playbook.constructor.yml
+++ b/playbook.constructor.yml
@ -49,7 +49,7 @@
    set_fact:
      service_provider: "{{ defaults_service_provider | combine(service_provider | default({}, true), recursive=True) }}"

-  - name: "Merged Variables"
+  - name: "Debug merged Variables"
    # Add new merged variables here
    debug:
      msg:
--- a/playbook.destructor.yml
+++ b/playbook.destructor.yml
@ -1,6 +0,0 @@
- name: optimize storage performance
-  hosts:  all
-  become: true
-  roles:
-    - role: system-storage-optimizer
-      when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) "
--- a/playbook.pcs.yml
+++ b/playbook.pcs.yml
@ -1,105 +0,0 @@
---
-
- import_playbook: playbook.constructor.yml
-
-## pc applications
- name: general host setup
-  hosts: personal_computers
-  become: true
-  roles:
-    - pc-administrator-tools
-    - driver-non-free
-
- name: pc-office
-  hosts: collection_officetools
-  become: true
-  roles:
-    - pc-office
-    - pc-jrnl
-
- name: personal computer for business
-  hosts: business_personal_computer
-  become: true
-  roles:
-    - pc-gnucash
-
- name: pc-designer-tools
-  hosts: collection_designer
-  become: true
-  roles:
-    - pc-designer-tools
-
- name: pc-qbittorrent
-  hosts: collection_torrent
-  become: true
-  roles:
-    - pc-qbittorrent
-
- name: pc-streaming-tools
-  hosts: collection_streamer
-  become: true
-  roles:
-    - pc-streaming-tools
-
- name: pc-bluray-player-tools
-  hosts: collection_bluray_player
-  become: true
-  roles:
-    - pc-bluray-player-tools
-
- name: pc-latex
-  hosts: latex
-  become: true
-  roles:
-    - pc-latex
-
- name: GNOME setup
-  hosts: gnome
-  become: true
-  roles:
-    - pc-gnome
-
- name: setup ssh client
-  hosts: ssh
-  become: false
-  roles:
-    - pc-ssh
-
- name: setup gaming hosts
-  hosts: gaming
-  become: true
-  roles:
-    - pc-games
-
- name: setup entertainment hosts
-  hosts: entertainment
-  become: true
-  roles:
-    - pc-spotify
-
- name: setup torbrowser hosts
-  hosts: torbrowser
-  become: true
-  roles:
-    - pc-torbrowser
-
- name: setup nextcloud
-  hosts: nextcloud_client
-  become: true
-  roles:
-    - pc-nextcloud
-
- name: setup docker
-  hosts: docker
-  become: true
-  roles:
-    - pc-docker
-
-# driver 
- name: setup msi rgb keyboard
-  hosts: msi_perkeyrgb
-  become: true
-  roles:
-    - driver-msi-keyboard-color
-
- import_playbook: playbook.destructor.yml
--- a/playbook.servers.yml
+++ b/playbook.servers.yml
@ -1,262 +0,0 @@
---
-
- import_playbook: playbook.constructor.yml
-
- name: servers host setup
-  hosts: servers
-  become: true
-  roles:
-    - system-security
-    - journalctl
-    - health-disc-space
-    - cleanup-disc-space
-    - health-btrfs
-    - system-btrfs-auto-balancer
-
- name: "setup corporate identity"
-  hosts: corporate_identity
-  become: true
-  roles:
-   -  role: corporate-identity
-
-#########################################################################
-### Docker Roles                                                      ###
-#########################################################################
-
- name: "setup matomo"
-  hosts: matomo
-  become: true
-  roles:
-   -  role: docker-matomo
-
- name: setup ldap
-  hosts: ldap
-  become: true
-  roles:
-   -  role: docker-ldap
-
- name: setup keycloak
-  hosts: keycloak
-  become: true
-  roles:
-   -  role: docker-keycloak
-
- name: setup nextcloud hosts
-  hosts: nextcloud
-  become: true
-  roles:
-   -  role: docker-nextcloud
-
- name: setup gitea hosts
-  hosts: gitea
-  become: true
-  roles:
-   -  role: docker-gitea
-      vars:
-        run_mode: prod
-
- name: setup wordpress hosts
-  hosts: wordpress
-  become: true
-  roles:
-  - role: docker-wordpress
-
- name: setup mediawiki hosts
-  hosts: mediawiki
-  become: true
-  roles:
-   -  role: docker-mediawiki
-
- name: setup mybb hosts
-  hosts: mybb
-  become: true
-  roles:
-   -  role: docker-mybb
-      vars:
-        mybb_domains: "{{domains.mybb}}"
-
- name: setup yourls hosts
-  hosts: yourls
-  become: true
-  roles:
-   -  role: docker-yourls
-
- name: setup mailu hosts
-  hosts: mailu
-  become: true
-  roles:
-   -  role: docker-mailu
-
- name: setup elk hosts
-  hosts: elk
-  become: true
-  roles:
-   -  role: docker-elk
-
- name: setup mastodon hosts
-  hosts: mastodon
-  become: true
-  roles:
-   -  role: docker-mastodon
-
- name: setup pixelfed hosts
-  hosts: pixelfed
-  become: true
-  roles:
-   -  role: docker-pixelfed
-
- name: setup peertube hosts
-  hosts: peertube
-  become: true
-  roles:
-   -  role: docker-peertube
-
- name: setup bigbluebutton hosts
-  hosts: bigbluebutton
-  become: true
-  roles:
-   -  role: docker-bigbluebutton
-      vars:
-        domain: "{{domains.bigbluebutton}}"
-
- name: setup funkwhale hosts
-  hosts: funkwhale
-  become: true
-  roles:
-   -  role: docker-funkwhale
-
- name: setup roulette-wheel hosts
-  hosts: roulette-wheel
-  become: true
-  roles:
-   -  role: docker-roulette-wheel
-
- name: setup joomla hosts
-  hosts: joomla
-  become: true
-  roles:
-   -  role: docker-joomla
-
- name: setup attendize
-  hosts: attendize
-  become: true
-  roles:
-   -  role: docker-attendize
-
- name: setup baserow hosts
-  hosts: baserow
-  become: true
-  roles:
-   -  role: docker-baserow
-
- name: setup listmonk
-  hosts: listmonk
-  become: true
-  roles:
-   -  role: docker-listmonk
-
- name: setup discourse
-  hosts: discourse
-  become: true
-  roles:
-   -  role: docker-discourse
-
- name: setup matrix
-  hosts: matrix
-  become: true
-  roles:
-   -  role: docker-matrix-ansible
-      when: applications.matrix.role == 'ansible'
-   -  role: docker-matrix-compose
-      when: applications.matrix.role == 'compose'
-
- name: setup open project instances
-  hosts: openproject
-  become: true
-  roles:
-   -  role: docker-openproject
-
- name: setup gitlab hosts
-  hosts: gitlab
-  become: true
-  roles:
-   -  role: docker-gitlab
-
- name: setup akaunting hosts
-  hosts: akaunting
-  become: true
-  roles:
-   -  role: docker-akaunting
-
- name: setup moodle instance
-  hosts: moodle
-  become: true
-  roles:
-   -  role: docker-moodle
-
- name: setup taiga instance
-  hosts: taiga
-  become: true
-  roles:
-   -  role: docker-taiga
-
- name: setup friendica hosts
-  hosts: friendica
-  become: true
-  roles:
-   -  role: docker-friendica
-
- name: setup portfolio
-  hosts: portfolio
-  become: true
-  roles:
-   -  role: docker-portfolio
-
- name: setup bluesky
-  hosts: bluesky
-  become: true
-  roles:
-   -  role: docker-bluesky
-
- name: setup PHPMyAdmin
-  hosts: phpmyadmin
-  become: true
-  roles:
-   -  role: docker-phpmyadmin
-
- name: setup SNIPE-IT
-  hosts: snipe_it
-  become: true
-  roles:
-   -  role: docker-snipe_it
-
- name: setup sphinx
-  hosts: sphinx
-  become: true
-  roles:
-   -  role: docker-sphinx
-
-# Native Webserver Roles
- name: setup nginx-serve-htmls
-  hosts: nginx-serve-htmls
-  become: true
-  roles:
-   -  role: nginx-serve-html
-      vars:
-        domain: "{{primary_domain}}"
-
- name: setup redirect hosts
-  hosts: redirect
-  become: true
-  roles:
-   -  role: nginx-redirect-domain
-      vars:
-        domain_mappings: "{{redirect_domain_mappings}}"
-
- name: setup www redirect 
-  hosts: www_redirect
-  become: true
-  roles:
-   -  role: nginx-redirect-www
-
- import_playbook: playbook.destructor.yml
--- a/playbook.yml
+++ b/playbook.yml
@ -0,0 +1,10 @@
+- name: Execute CyMaIS Play
+  hosts: all
+  tasks:
+  - name: "Load 'constructor' tasks"
+    include_tasks: "tasks/constructor.yml"
+  - name: "Load '{{host_type}}' tasks"
+    include_tasks: "tasks/{{host_type}}.yml"
+  - name: "Load 'destructor' tasks"
+    include_tasks: "tasks/destructor.yml"
+  become: true
--- a/requirements.yml
+++ b/requirements.yml
@ -1,2 +1,4 @@
 collections:
-  - name: kewlfft.aur
+  - name: kewlfft.aur
+pacman:
+  - ansible
--- a/tasks/README.md
+++ b/tasks/README.md
@ -1,43 +1,14 @@
-# Setup Guide
+# Installation

-This guide explains how to deploy and manage the Cyber Master Infrastructure Solution (CyMaIS) using Ansible. CyMaIS is based on a collection of playbooks and an inventory (computer-inventory) that defines your servers and personal computers. The playbooks use different “modes” to control behavior such as updates, backups, resets, and cleanup tasks. This document outlines how to use Ansible Vault, describes the various operating modes, and shows example commands to run the playbooks.
+This guide explains how to deploy and manage the Cyber Master Infrastructure Solution (CyMaIS) using Ansible. CyMaIS is based on a collection of playbooks that are designed for your servers and personal computers. The playbooks use different “modes” to control behavior such as updates, backups, resets, and cleanup tasks. This document outlines how to use Ansible Vault, describes the various operating modes, and shows example commands to run the playbooks.

---
+
+This guide should give you a comprehensive starting point for managing your infrastructure with CyMaIS. For further details, consult the individual role documentation and the accompanying repository README files.

 ## Prerequisites
-
- **Ansible Installed:** Ensure that Ansible is installed on your control node.
 - **Inventory File:** Have an inventory file that lists your servers and PCs. (Paths in examples are general; adjust them to your environment.)
 - **Vault Password File (Optional):** Prepare a file with your vault password if you prefer not to enter it interactively.

---
-
-## Ansible Vault Basics
-
-CyMaIS uses Ansible Vault to protect sensitive data (e.g. passwords). Use these common commands:
-
-### Edit an Encrypted File
-```bash
-ansible-vault edit <filename.yml> --vault-password-file <your-vault-pass-file>
-```
-
-### Decrypt a File
-```bash
-ansible-vault decrypt <filename.yml> --vault-password-file <your-vault-pass-file>
-```
-
-### Encrypt a File
-```bash
-ansible-vault encrypt <filename.yml> --vault-password-file <your-vault-pass-file>
-```
-
-### Encrypt a String
-```bash
-ansible-vault encrypt_string --vault-password-file <your-vault-pass-file> 'example' --name 'test'
-```
-
---
-
 ## Operating Modes

 CyMaIS playbooks support several modes that control which tasks are executed:
@ -103,25 +74,9 @@ Ensure the vault password file is stored securely.

 ---

-## Password Generation
-
-You can generate a secure random password and encrypt it with Ansible Vault. For example:
-```bash
-ansible-vault encrypt_string "$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 32)" --vault-password-file /path/to/your/vault_pass.txt | xclip -selection clipboard
-```
-This command generates a 32-character alphanumeric password, encrypts it, and copies the result to your clipboard.
-
---
-
 ## Final Notes
-
- **Customizing Paths and Variables:**  
-  All file paths and configuration variables are defined in group variables (e.g., `group_vars/all/*.yml`) and role variable files. Adjust these to suit your deployment environment.
-
 - **Combining Modes:**  
  The different modes (reset, test, update, backup, cleanup) can be combined by passing extra variables (using `-e`) on the command line. This flexibility allows you to tailor the playbook run to your current needs.

 - **Debugging:**  
  If you need more verbose output or troubleshooting information, add the `-v` (or `-vvv`) option when running the playbook.
-
-This guide should give you a comprehensive starting point for managing your infrastructure with CyMaIS. For further details, consult the individual role documentation and the accompanying repository README files.
--- a/tasks/constructor.yml
+++ b/tasks/constructor.yml
@ -0,0 +1,109 @@
+---
+- name: Merge variables
+  block:
+  - name: Merge users
+    set_fact:
+      users: "{{ default_users | combine(users, recursive=True) }}"
+
+  - name: Merge system_email definitions
+    set_fact:
+      system_email: "{{ default_system_email | combine(system_email | default({}, true), recursive=True) }}"
+  - name: Merge domain definitions
+    set_fact:
+      domains: "{{ defaults_domains | combine(domains | default({}, true), recursive=True) }}"
+
+  - name: Merge redirect domain definitions into dictionary
+    set_fact:
+      combined_mapping: >-
+        {{
+          (defaults_redirect_domain_mappings | items2dict(key_name='source', value_name='target'))
+          | combine(
+              (redirect_domain_mappings | default([]) | items2dict(key_name='source', value_name='target')),
+              recursive=True
+            )
+        }}
+
+  - name: Transform combined mapping to list with source and target keys
+    set_fact:
+      redirect_domain_mappings: "{{ redirect_domain_mappings | default([]) + [ {'source': item.key, 'target': item.value} ] }}"
+    loop: "{{ combined_mapping | dict2items }}"
+
+  - name: Merge application definitions
+    set_fact:
+      applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"
+
+  - name: Merge networks definitions
+    set_fact:
+      networks: "{{ defaults_networks | combine(networks | default({}, true), recursive=True) }}"
+  
+  - name: Merge oidc configuration
+    set_fact:
+      oidc: "{{ defaults_oidc | combine(oidc | default({}, true), recursive=True) }}"
+
+  - name: Merge design configuration
+    set_fact:
+      design: "{{ defaults_design | combine(design | default({}, true), recursive=True) }}"
+
+  - name: Merge service_provider configuration
+    set_fact:
+      service_provider: "{{ defaults_service_provider | combine(service_provider | default({}, true), recursive=True) }}"
+
+  - name: "Merged Variables"
+    # Add new merged variables here
+    debug:
+      msg:
+        domains:          "{{domains}}"
+        applications:     "{{applications}}"
+        oidc:             "{{oidc}}"
+        service_provider: "{{service_provider}}"
+        users:            "{{users}}"
+    when: enable_debug | bool
+
+- name: update device
+  include_role:
+    name: update
+  when: mode_update | bool
+
+- name: setup standard wireguard
+  when: ("wireguard_server" in group_names)
+  include_role:
+    name: wireguard
+
+# vpn setup
+- name: setup wireguard client behind firewall\nat
+  when: ("wireguard_behind_firewall" in group_names)
+  include_role:
+    name: client-wireguard-behind-firewall
+
+- name: setup wireguard client
+  when: ("wireguard_client" in group_names)
+  include_role:
+    name: client-wireguard
+
+## backup setup
+- name: setup replica backup hosts
+  when: ("backup_remote_to_local" in group_names)
+  include_role:
+    name: backup-remote-to-local
+
+- name: setup backup to swappable
+  when: ("backup_to_usb" in group_names)
+  include_role:
+    name: backup-data-to-usb
+
+## driver setup
+- name: driver-intel
+  when: ("intel" in group_names)
+  include_role:
+    name: driver-intel
+
+- name: setup multiprinter hosts
+  when: ("epson_multiprinter" in group_names)
+  include_role:
+    name: driver-epson-multiprinter
+
+## system setup 
+- name: setup swapfile hosts
+  when: ("swapfile" in group_names)
+  include_role:
+    name: system-swapfile
--- a/tasks/destructor.yml
+++ b/tasks/destructor.yml
@ -0,0 +1,4 @@
+- name: optimize storage performance
+  include_role:
+    name: system-storage-optimizer
+  when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) "
--- a/tasks/personal_computer.yml
+++ b/tasks/personal_computer.yml
@ -0,0 +1,90 @@
+---
+## pc applications
+- name: general host setup
+  when: ("personal_computers" in group_names)
+  include_role:
+    name: "{{ item }}"
+  loop:
+    - pc-administrator-tools
+    - driver-non-free
+
+- name: pc-office
+  when: ("collection_officetools
+  include_role:
+    name: "{{ item }}"
+  loop:
+    - pc-office
+    - pc-jrnl
+
+
+- name: personal computer for business
+  when: ("business_personal_computer" in group_names)
+  include_role:
+    name: pc-gnucash
+
+- name: pc-designer-tools
+  when: ("collection_designer" in group_names)
+  include_role:
+    name: pc-designer-tools
+
+- name: pc-qbittorrent
+  when: ("collection_torrent" in group_names)
+  include_role:
+    name: pc-qbittorrent
+
+- name: pc-streaming-tools
+  when: ("collection_streamer" in group_names)
+  include_role:
+    name: pc-streaming-tools
+
+- name: pc-bluray-player-tools
+  when: ("collection_bluray_player" in group_names)
+  include_role:
+    name: pc-bluray-player-tools
+
+- name: pc-latex
+  when: ("latex" in group_names)
+  include_role:
+    name: pc-latex
+
+- name: GNOME setup
+  when: ("gnome
+  include_role:
+    name: pc-gnome
+
+- name: setup ssh client
+  when: ("ssh" in group_names)
+  become: false
+  include_role:
+    name: pc-ssh
+
+- name: setup gaming hosts
+  when: ("gaming" in group_names)
+  include_role:
+    name: pc-games
+
+- name: setup entertainment hosts
+  when: ("entertainment" in group_names)
+  include_role:
+    name: pc-spotify
+
+- name: setup torbrowser hosts
+  when: ("torbrowser" in group_names)
+  include_role:
+    name: pc-torbrowser
+
+- name: setup nextcloud
+  when: ("nextcloud_client" in group_names)
+  include_role:
+    name: pc-nextcloud
+
+- name: setup docker
+  when: ("dockerin group_names)
+  include_role:
+    name: pc-docker
+
+# driver 
+- name: setup msi rgb keyboard
+  when: ("msi_perkeyrgb" in group_names)
+  include_role:
+    name: driver-msi-keyboard-color
--- a/tasks/server.yml
+++ b/tasks/server.yml
@ -0,0 +1,222 @@
+---
+- name: servers host setup
+  when: ("servers" in group_names)
+  include_role:
+    name: "{{ item }}"
+  loop:
+    - system-security
+    - journalctl
+    - health-disc-space
+    - cleanup-disc-space
+    - health-btrfs
+    - system-btrfs-auto-balancer
+
+- name: "setup corporate identity"
+  when: ("corporate_identity" in group_names)
+  include_role:
+    name: corporate-identity
+
+#########################################################################
+### Docker Roles                                                      ###
+#########################################################################
+
+- name: "setup matomo"
+  when: ("matomo" in group_names)
+  include_role:
+    name: docker-matomo
+
+- name: setup ldap
+  when: ("ldap" in group_names)
+  include_role:
+    name: docker-ldap
+
+- name: setup keycloak
+  when: ("keycloak" in group_names)
+  include_role:
+    name: docker-keycloak
+
+- name: setup nextcloud hosts
+  when: ("nextcloud" in group_names)
+  include_role:
+    name: docker-nextcloud
+
+- name: setup gitea hosts
+  when: ("gitea" in group_names)
+  include_role:
+    name: docker-gitea
+  vars:
+    run_mode: prod
+
+- name: setup wordpress hosts
+  when: ("wordpress" in group_names)
+  include_role:
+    name: docker-wordpress
+
+- name: setup mediawiki hosts
+  when: ("mediawiki" in group_names)
+  include_role:
+    name: docker-mediawiki
+
+- name: setup mybb hosts
+  when: ("mybb" in group_names)
+  include_role:
+    name: docker-mybb
+  vars:
+    mybb_domains: "{{domains.mybb}}"
+
+- name: setup yourls hosts
+  when: ("yourls" in group_names)
+  include_role:
+    name: docker-yourls
+
+- name: setup mailu hosts
+  when: ("mailu" in group_names)
+  include_role:
+    name: docker-mailu
+
+- name: setup elk hosts
+  when: ("elk" in group_names)
+  include_role:
+    name: docker-elk
+
+- name: setup mastodon hosts
+  when: ("mastodon" in group_names)
+  include_role:
+    name: docker-mastodon
+
+- name: setup pixelfed hosts
+  when: ("pixelfed" in group_names)
+  include_role:
+    name: docker-pixelfed
+
+- name: setup peertube hosts
+  when: ("peertube" in group_names)
+  include_role:
+    name: docker-peertube
+
+- name: setup bigbluebutton hosts
+  when: ("bigbluebutton" in group_names)
+  include_role:
+    name: docker-bigbluebutton
+  vars:
+    domain: "{{domains.bigbluebutton}}"
+
+- name: setup funkwhale hosts
+  when: ("funkwhale" in group_names)
+  include_role:
+    name: docker-funkwhale
+
+- name: setup roulette-wheel hosts
+  when: ("roulette-wheel" in group_names)
+  include_role:
+    name: docker-roulette-wheel
+
+- name: setup joomla hosts
+  when: ("joomla" in group_names)
+  include_role:
+    name: docker-joomla
+
+- name: setup attendize
+  when: ("attendize" in group_names)
+  include_role:
+    name: docker-attendize
+
+- name: setup baserow hosts
+  when: ("baserow" in group_names)
+  include_role:
+    name: docker-baserow
+
+- name: setup listmonk
+  when: ("listmonk" in group_names)
+  include_role:
+    name: docker-listmonk
+
+- name: setup discourse
+  when: ("discourse" in group_names)
+  include_role:
+    name: docker-discourse
+
+- name: setup matrix with flavor 'ansible'
+  include_role:
+    name: docker-matrix-ansible
+  when: applications.matrix.role == 'ansible' and ("matrix" in group_names)
+  
+- name: setup matrix with flavor 'compose'
+  include_role:
+    name: docker-matrix-compose
+  when: applications.matrix.role == 'compose' and ("matrix" in group_names)
+
+- name: setup open project instances
+  when: ("openproject" in group_names)
+  include_role:
+    name: docker-openproject
+
+- name: setup gitlab hosts
+  when: ("gitlab" in group_names)
+  include_role:
+    name: docker-gitlab
+
+- name: setup akaunting hosts
+  when: ("akaunting" in group_names)
+  include_role:
+    name: docker-akaunting
+
+- name: setup moodle instance
+  when: ("moodle" in group_names)
+  include_role:
+    name: docker-moodle
+
+- name: setup taiga instance
+  when: ("taiga" in group_names)
+  include_role:
+    name: docker-taiga
+
+- name: setup friendica hosts
+  when: ("friendica" in group_names)
+  include_role:
+    name: docker-friendica
+
+- name: setup portfolio
+  when: ("portfolio" in group_names)
+  include_role:
+    name: docker-portfolio
+
+- name: setup bluesky
+  when: ("bluesky" in group_names)
+  include_role:
+    name: docker-bluesky
+
+- name: setup PHPMyAdmin
+  when: ("phpmyadmin" in group_names)
+  include_role:
+    name: docker-phpmyadmin
+
+- name: setup SNIPE-IT
+  when: ("snipe_it" in group_names)
+  include_role:
+    name: docker-snipe_it
+
+- name: setup sphinx
+  when: ("sphinx" in group_names)
+  include_role:
+    name: docker-sphinx
+
+# Native Webserver Roles
+- name: setup nginx-serve-htmls
+  when: ("nginx-serve-htmls" in group_names)
+  include_role:
+    name: nginx-serve-html
+  vars:
+    domain: "{{primary_domain}}"
+
+- name: setup redirect hosts
+  when: ("redirect" in group_names)
+  include_role:
+    name: nginx-redirect-domain
+  vars:
+    domain_mappings: "{{redirect_domain_mappings}}"
+
+- name: setup www redirect 
+  when: ("www_redirect" in group_names)
+  include_role:
+    name: nginx-redirect-www