railiance-infra/ansible/playbooks/bootstrap.yaml

13 lines
511 B
YAML
Raw Normal View History

- hosts: all
become: true
vars_files:
- ../inventory/group_vars/all.yaml
- ../inventory/group_vars/secrets.sops.yaml
roles:
- role: base
- role: sops_agent
- role: custodian_agent # injects ~/.ssh/id_custodian_agent.pub into authorized_keys
- role: swapfile # provisions swap file (size + swappiness from host_vars)
- role: resource_limits # nproc PAM caps + systemd user slice memory limits
# - role: wireguard # enable if you configure WireGuard variables