2025-09-13 20:26:11 +02:00
|
|
|
- hosts: all
|
|
|
|
|
become: true
|
|
|
|
|
vars_files:
|
|
|
|
|
- ../inventory/group_vars/all.yaml
|
|
|
|
|
- ../inventory/group_vars/secrets.sops.yaml
|
|
|
|
|
roles:
|
|
|
|
|
- role: base
|
|
|
|
|
- role: sops_agent
|
2026-03-27 01:21:57 +01:00
|
|
|
- role: custodian_agent # injects ~/.ssh/id_custodian_agent.pub into authorized_keys
|
2026-03-27 01:49:35 +01:00
|
|
|
- role: swapfile # provisions swap file (size + swappiness from host_vars)
|
|
|
|
|
- role: resource_limits # nproc PAM caps + systemd user slice memory limits
|
2025-09-13 20:26:11 +02:00
|
|
|
# - role: wireguard # enable if you configure WireGuard variables
|