--- - name: Server setup block: - name: Ensure openssh-server is installed on Arch-based systems ansible.builtin.package: name: openssh state: present when: ansible_pkg_mgr == 'pacman' - name: Ensure openssh-server is installed on non-Arch systems ansible.builtin.package: name: openssh-server state: present when: ansible_pkg_mgr != 'pacman' - name: Ensure server packages are installed ansible.builtin.package: name: - borg state: present become: true - name: Include JuiceFS tasks ansible.builtin.include_tasks: juicefs.yml tags: - juicefs - name: Include Dynamic DNS tasks ansible.builtin.include_tasks: dynamic-dns.yml tags: - dynamic-dns - name: Include Borg Backup tasks ansible.builtin.include_tasks: borg-backup.yml tags: - borg-backup - name: Include Borg Local Sync tasks ansible.builtin.include_tasks: borg-local-sync.yml tags: - borg-local-sync - name: System performance optimizations ansible.posix.sysctl: name: "{{ item.name }}" value: "{{ item.value }}" state: present reload: true become: true loop: - { name: "fs.file-max", value: "2097152" } # Max open files for the entire system - { name: "vm.max_map_count", value: "16777216" } # Max memory map areas a process can have - { name: "vm.swappiness", value: "10" } # Controls how aggressively the kernel swaps out memory - { name: "vm.vfs_cache_pressure", value: "50" } # Controls kernel's tendency to reclaim memory for directory/inode caches - { name: "net.core.somaxconn", value: "65535" } # Max pending connections for a listening socket - { name: "net.core.netdev_max_backlog", value: "65535" } # Max packets queued on network interface input - { name: "net.ipv4.tcp_fin_timeout", value: "30" } # How long sockets stay in FIN-WAIT-2 state - { name: "net.ipv4.tcp_tw_reuse", value: "1" } # Allows reusing TIME_WAIT sockets for new outgoing connections - name: Include service tasks ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml" loop: "{{ services | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list if specific_service is not defined else services | selectattr('name', 'equalto', specific_service) | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list }}" loop_control: label: "{{ item.name }}" tags: - services - always vars: services: - name: qdrant enabled: true hosts: - mennos-cachyos-desktop - name: gitea enabled: true hosts: - mennos-cachyos-desktop - name: factorio enabled: true hosts: - mennos-cachyos-desktop - name: dozzle enabled: true hosts: - mennos-cachyos-desktop - name: beszel enabled: true hosts: - mennos-cachyos-desktop - name: caddy enabled: true hosts: - mennos-cachyos-desktop - name: golink enabled: true hosts: - mennos-cachyos-desktop - name: immich enabled: true hosts: - mennos-cachyos-desktop - name: plex enabled: true hosts: - mennos-cachyos-desktop - name: tautulli enabled: true hosts: - mennos-cachyos-desktop - name: stash enabled: true hosts: - mennos-cachyos-desktop - name: downloaders enabled: true hosts: - mennos-cachyos-desktop - name: wireguard enabled: true hosts: - mennos-cachyos-desktop - name: nextcloud enabled: true hosts: - mennos-cachyos-desktop - name: echoip enabled: true hosts: - mennos-cachyos-desktop - name: arr-stack enabled: true hosts: - mennos-cachyos-desktop - name: home-assistant enabled: true hosts: - mennos-cachyos-desktop - name: privatebin enabled: true hosts: - mennos-cachyos-desktop - name: unifi-network-application enabled: true hosts: - mennos-cachyos-desktop - name: avorion enabled: true hosts: - mennos-cachyos-desktop