site.yaml

---
# Main site file for all ansible playbooks and things scheduled
# For some reason hvac won't be bundled with ansible via brew, so this commmand fixes it
# "$(brew --cellar ansible)/$(brew info ansible --json=v1 | jq -r '.[].linked_keg')/libexec/bin/pip" install hvac

- name: Add common settings for all servers
  hosts: all
  become: true
  environment:
    VAULT_ADDR: https://vault.thesniderpad.com
  vars:
    vaulted: "{{ lookup('hashi_vault', 'url=https://vault.thesniderpad.com secret=ansible/data/variables')}}" # pragma: allowlist secret
  roles:
    - common
  tags: common
  gather_facts: true

- name: Add common settings for all kubernetes servers
  hosts: k8s1,k8s2,k8stest
  become: true
  roles:
    - k8s_common
  tags: k8s_common

- name: Setup master kubernetes nodes
  hosts: k8s1masters,k8s2masters,k8stestmasters
  become: true
  environment:
    VAULT_ADDR: https://vault.thesniderpad.com
  vars:
    vaulted: "{{ lookup('hashi_vault', 'url=https://vault.thesniderpad.com secret=ansible/data/variables')}}" # pragma: allowlist secret
  roles:
    - { role: k8s_master_init, when: "masters[0] == inventory_hostname" }
    - { role: k8s_master_join, when: "masters[0] != inventory_hostname" }
  tags: k8s_masters

- name: Add k8s workers to clusters
  hosts: k8s1workers,k8s2workers,k8stestworkers
  become: true
  roles:
    - k8s_worker_join
  tags: k8s_workers

# Setup static DNS entries from the inventory.yaml file
- name: Setup static DNS entries for k8s services
  hosts: gw
  become: true
  roles:
    - static_dns
  tags: static_dns

- name: Install Production Services on K8s Clusters
  hosts: k8s1,k8stest
  become: true
  environment:
    VAULT_ADDR: https://vault.thesniderpad.com
  vars:
    vaulted: "{{ lookup('hashi_vault', 'url=https://vault.thesniderpad.com secret=ansible/data/variables')}}" # pragma: allowlist secret
  roles:
    - prod_services

- name: Blanc specific playbooks
  hosts: blanc
  become: true
  roles:
    - arq
    - plex
    - blanc

- hosts: grigio
  become: true
  vars_files:
    - site-variables.yaml
  environment:
    VAULT_ADDR: https://vault.thesniderpad.com
  vars:
    vaulted: "{{ lookup('hashi_vault', 'url=https://vault.thesniderpad.com secret=ansible/data/variables')}}" # pragma: allowlist secret
  roles:
    - role: grigio
      tags: grigio
    - role: vault
      tags: vault

- hosts: giro
  become: true
  environment:
    VAULT_ADDR: https://vault.thesniderpad.com
  vars:
    vaulted: "{{ lookup('hashi_vault', 'url=https://vault.thesniderpad.com secret=ansible/data/variables')}}" # pragma: allowlist secret
  roles:
    - role: magicmirror2
      tags: magicmirror2