--- - name: Preparation hosts: vpn pre_tasks: - name: Verify only one embassy ansible.builtin.assert: that: > groups['embassy'] | length == 1 and groups['vpn_server'] | length == 1 and groups['vpn_server'] | intersect(groups['embassy']) | length == 1 msg: Expected only one embassy host - name: Verify ipv6_subnet is set when: inventory_hostname == groups['embassy'][0] ansible.builtin.assert: that: ipv6_subnet is defined msg: > Expected ipv6_subnet to be defined. This should have been done in Terraform or otherwise. tasks: # As mentioned in the other file, if I set this statically on group_vars, # things seem to break. - set_fact: public_ipv6_subnet: "{{ hostvars[groups['embassy'][0]].ipv6_subnet }}" - name: Prepare embassy hosts: embassy become: true tasks: - name: Disable password-based authentication lineinfile: path: "/etc/ssh/sshd_config" regexp: '^()PasswordAuthentication yes()$' line: 'PasswordAuthentication no' register: passwordauthentication - name: Enable public key authentication in SSH lineinfile: path: "/etc/ssh/sshd_config" regexp: '^()PubkeyAuthentication()$' line: 'PubkeyAuthentication yes' register: publickeyauthentication - name: Restart SSH service: name: ssh state: restarted when: passwordauthentication.changed or publickeyauthentication.changed - name: Set up VPN hosts: vpn become: true roles: - githubixx.ansible_role_wireguard # - name: Install wings # hosts: moirai_wings # remote_user: ubuntu # # Don't forget to create a new disk if creating new wings. This is # # purposefully manual to give more fine-grained control # vars: # pv_disks: # - /dev/sda # vg_name: vg1 # lv_name: pvs # lv_size: +100%FREE # fs_type: ext4 # mount_path: /var/lib/pterodactyl # extra_docker_daemon_options: | # "dns": ["10.0.123.123"], # roles: # - dns-client # - lvm # - docker # - wings