vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f59767597bd76c602cb343edfe79130a22b091f6
dotfiles/config/ansible/tasks/servers/server.yml
Menno van Leeuwen f59767597b
Some checks failed
Ansible Lint Check / check-ansible (push) Failing after 42s
Details
Nix Format Check / check-format (push) Failing after 1m42s
Details
Python Lint Check / check-python (push) Failing after 26s
Details
feat: update Unifi Network Application configuration and add new reverse proxy settings
2025-07-20 19:14:51 +02:00

135 lines
4.2 KiB
YAML
Raw Blame History

---
- name: Server setup
block:
- name: Ensure openssh-server is installed on Arch-based systems
ansible.builtin.package:
name: openssh
state: present
when: ansible_pkg_mgr == 'pacman'
- name: Ensure openssh-server is installed on non-Arch systems
ansible.builtin.package:
name: openssh-server
state: present
when: ansible_pkg_mgr != 'pacman'
- name: Include JuiceFS tasks
ansible.builtin.include_tasks: juicefs.yml
tags:
- juicefs
- name: System performance optimizations
ansible.posix.sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: true
become: true
loop:
- { name: "fs.file-max", value: "2097152" } # Max open files for the entire system
- { name: "vm.max_map_count", value: "16777216" } # Max memory map areas a process can have
- { name: "vm.swappiness", value: "10" } # Controls how aggressively the kernel swaps out memory
- { name: "vm.vfs_cache_pressure", value: "50" } # Controls kernel's tendency to reclaim memory for directory/inode caches
- { name: "net.core.somaxconn", value: "65535" } # Max pending connections for a listening socket
- { name: "net.core.netdev_max_backlog", value: "65535" } # Max packets queued on network interface input
- { name: "net.ipv4.tcp_fin_timeout", value: "30" } # How long sockets stay in FIN-WAIT-2 state
- { name: "net.ipv4.tcp_tw_reuse", value: "1" } # Allows reusing TIME_WAIT sockets for new outgoing connections
- name: Include service tasks
ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml"
loop: "{{ services | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list if specific_service is not defined else services | selectattr('name', 'equalto', specific_service) | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list }}"
loop_control:
label: "{{ item.name }}"
tags:
- services
- always
vars:
services:
- name: caddy
enabled: true
hosts:
- mennos-cloud-server
- mennos-cachyos-desktop
- name: karakeep
enabled: true
hosts:
- mennos-cloud-server
- name: golink
enabled: true
hosts:
- mennos-cachyos-desktop
- name: immich
enabled: true
hosts:
- mennos-cloud-server
- name: gitea
enabled: true
hosts:
- mennos-cloud-server
- name: plex
enabled: true
hosts:
- mennos-cachyos-desktop
- name: tautulli
enabled: true
hosts:
- mennos-cachyos-desktop
- name: stash
enabled: true
hosts:
- mennos-cachyos-desktop
- name: seafile
enabled: true
hosts:
- mennos-cloud-server
- name: uptime-kuma
enabled: true
hosts:
- mennos-cloud-server
- name: factorio
enabled: true
hosts:
- mennos-cloud-server
- name: dozzle
enabled: true
hosts:
- mennos-cloud-server
- name: beszel
enabled: true
hosts:
- mennos-cloud-server
- name: downloaders
enabled: true
hosts:
- mennos-cachyos-desktop
- name: wireguard
enabled: true
hosts:
- mennos-cloud-server
- name: nextcloud
enabled: true
hosts:
- mennos-cachyos-desktop
- name: echoip
enabled: true
hosts:
- mennos-cloud-server
- mennos-cachyos-desktop
- name: arr-stack
enabled: false
hosts:
- mennos-cloud-server
- name: home-assistant
enabled: true
hosts:
- mennos-cachyos-desktop
- name: privatebin
enabled: true
hosts:
- mennos-cachyos-desktop
- name: unifi-network-application
enabled: true
hosts:
- mennos-cachyos-desktop
Reference in New Issue View Git Blame Copy Permalink