2ba0c07cd3
Addresses the WKS PoC review (Notion 2026-05-26). All docs in English. - README: purpose, docs table of contents, annotated repo tree - docs/getting_started.md: prerequisites (WKS account, OIDC, SSH, VPN) + first deploy - docs/ansible.md: playbook table, "Running Ansible", service parameters, cheatsheet - docs/secrets.md: canonical Bao login (moved out of README) + demo defaults - docs/operations.md: full Makefile reference - docs/inventories.md: repo layout, topology, standard folder structure, walkthrough - docs/testing.md: static checks, inventory resolution, smoke test / dry run - remove ARCHITECTURE.md (architecture docs live externally) Also includes the gymburgdorf inventory build-out (bookstack, homarr, opnform, send) and scripts/bao-seed.sh. site.yml keeps a third traefik play (traefik_servers minus the vagrant _dmz/_backend split) so the demo inventories still configure their reverse proxy after the rebase onto main.
113 lines
2.4 KiB
YAML
113 lines
2.4 KiB
YAML
---
|
|
- name: Apply base configuration to all servers
|
|
hosts: all_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.base
|
|
|
|
- name: Configure reverse proxy on application servers
|
|
hosts: traefik_servers_backend
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.traefik
|
|
|
|
- name: Configure reverse proxy on DMZ servers
|
|
hosts: traefik_servers_dmz
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.traefik
|
|
|
|
# Inventories without the _dmz/_backend split (e.g. demo-gymburgdorf,
|
|
# where traefik_servers groups all_servers and dmz/backend is selected
|
|
# per host via traefik_mode). The :!… intersection keeps this a no-op
|
|
# for the vagrant topology, where every traefik_servers host is already
|
|
# covered by the two plays above.
|
|
- name: Configure reverse proxies
|
|
hosts: traefik_servers:!traefik_servers_dmz:!traefik_servers_backend
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.traefik
|
|
|
|
- name: Deploy httpbin service
|
|
hosts: httpbin_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.httpbin
|
|
|
|
- name: Deploy 389ds LDAP service
|
|
hosts: ds389_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.389ds
|
|
|
|
- name: Deploy keycloak service
|
|
hosts: keycloak_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.keycloak
|
|
|
|
- name: Deploy garage service
|
|
hosts: garage_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.garage
|
|
|
|
- name: Deploy collabora service
|
|
hosts: collabora_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.collabora
|
|
|
|
- name: Deploy authentik service
|
|
hosts: authentik_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.authentik
|
|
|
|
- name: Deploy authentik LDAP outpost
|
|
hosts: authentik_outpost_ldap_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.authentik_outpost_ldap
|
|
|
|
- name: Deploy nextcloud service
|
|
hosts: nextcloud_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.nextcloud
|
|
|
|
- name: Deploy drawio service
|
|
hosts: drawio_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.drawio
|
|
|
|
- name: Deploy send service
|
|
hosts: send_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.send
|
|
|
|
- name: Deploy opnform service
|
|
hosts: opnform_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.opnform
|
|
|
|
- name: Deploy homarr service
|
|
hosts: homarr_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.homarr
|
|
|
|
- name: Deploy bookstack service
|
|
hosts: bookstack_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.bookstack
|
|
|
|
- name: Deploy opencloud service
|
|
hosts: opencloud_servers
|
|
become: yes
|
|
roles:
|
|
- digitalboard.core.opencloud
|