Matthias Johnson
16da843131
- Always run install-ssh-key (drop unreliable sftp idempotency check that was bypassed by SSH agent forwarding) - Use sshpass -e (env var) instead of -p to avoid shell quoting issues with special characters in passwords - Add -o IdentitiesOnly=yes to prevent agent keys interfering - Add reachable_externally: true to access_settings (was being reset to false on every run) - Remove storage_box.yml from deploy.yml chain — Ansible loads group_vars at startup so storagebox.yml must exist before deploy.yml - Document storage_box.yml as a prerequisite step in README, CLAUDE.md, and setup.sh next steps Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
29 lines
1 KiB
YAML
29 lines
1 KiB
YAML
---
|
|
# Full first-time deployment — provisions and deploys everything in one shot.
|
|
# Usage: ansible-playbook playbooks/deploy.yml
|
|
#
|
|
# Prerequisites:
|
|
# 1. run setup.sh and review config.yml, vault.yml, dns.yml
|
|
# 2. if enable_restic: run storage_box.yml first so storagebox.yml exists
|
|
# before this playbook starts (Ansible loads group_vars at startup)
|
|
#
|
|
# This playbook is intended for initial deployments only. After the first run,
|
|
# bootstrap will fail (root SSH is disabled) — use site.yml for subsequent deploys.
|
|
#
|
|
# dkim_sync.yml is intentionally excluded: it requires the mail server to be
|
|
# fully running and keys generated. Run it manually after confirming mail is up:
|
|
# ansible-playbook playbooks/dkim_sync.yml
|
|
|
|
- import_playbook: provision.yml
|
|
- import_playbook: dns.yml
|
|
|
|
# Refresh inventory so the newly provisioned server IP is visible to subsequent plays
|
|
- name: Refresh inventory
|
|
hosts: localhost
|
|
connection: local
|
|
gather_facts: false
|
|
tasks:
|
|
- meta: refresh_inventory
|
|
|
|
- import_playbook: bootstrap.yml
|
|
- import_playbook: site.yml
|