provisioning.yml

---
- name: Bootstrap
  hosts: all
  become: yes
  gather_facts: no
  roles:
    - role: robertdebock.bootstrap
      tags:
        - bootstrap
      when: (bootstrap_enabled | default(True))

- name: Provisioning
  hosts: all
  gather_facts: yes
  roles:
    ###
    ### Run general preparation
    ###
    - role: swapoff
      tags:
        - swap
      when: (swap_enabled | default(False))

    - role: geerlingguy.swap
      tags:
        - swap
      when: (swap_enabled | default(False))

    - role: server_general_preparations
      tags:
        - general

    - role: users
      tags:
        - users

    ###
    ### Requirements
    ###
    # TODO: role requires gather_facts: yes - fix it or change to another role
    # TODO: recheck on clear installation
    # TODO: make cron task to remove unused docker images
    - role: geerlingguy.docker
      tags:
        - docker
      when: (docker_enabled | default(False))

    - role: darkwizard242.lazydocker
      tags:
        - lazydocker
      when: (lazydocker_enabled | default(False))

    ###
    ### Docker applications
    ###
    - role: traefik
      tags:
        - traefik
      when: (traefik_enabled | default(False))

    - role: mayurifag_github_io
      tags:
        - mayurifag_github_io
      when: (mayurifag_github_io_enabled | default(False))

    - role: proxy
      tags:
        - proxy
      when: (proxy_enabled | default(False))

    - role: shadowsocks
      tags:
        - shadowsocks
      when: (shadowsocks_enabled | default(False))

    - role: wireguard
      tags:
        - wireguard
      when: (wireguard_enabled | default(False))

    # TODO: for ubuntu have to disable systemd-resolved service, occupies 53 port
    # TODO: for ubuntu - change resolv.conf
    - role: blocky
      tags:
        - blocky
      when: (blocky_enabled | default(False))

    - role: portainer
      tags:
        - portainer
      when: (portainer_enabled | default(False))

    - role: netdata
      tags:
        - netdata
      when: (netdata_enabled | default(False))

    - role: whattocommit
      tags:
        - whattocommit
      when: (whattocommit_enabled | default(False))

    - role: hemmelig
      tags:
        - hemmelig
      when: (hemmelig_enabled | default(False))

    - role: navidrome
      tags:
        - navidrome
      when: (navidrome_enabled | default(False))

    - role: vaultwarden
      tags:
        - vaultwarden
      when: (vaultwarden_enabled | default(False))

    - role: nextcloud
      tags:
        - nextcloud
      when: (nextcloud_enabled | default(False))

    # requires gather_facts: yes
    - role: dockovpn
      tags:
        - dockovpn
      when: (dockovpn_enabled | default(False))

    - role: geerlingguy.security
      tags:
        - security
      when: (security_enabled | default(False))