aylas-one.ansible.yml

# Ansible playbook layout based on
# https://docs.ansible.com/ansible/2.8/user_guide/playbooks_best_practices.html#directory-layout

- name: Set up Aylas server instance
  hosts: "*"
  any_errors_fatal: true
  gather_facts: false

  roles:
    - role: common
      vars:
        sdkman_user: sdkman
        sdkman_group: sdkman

    - role: purpur_mc_server
      vars:
        user: khron
        directory: /srv/khron
        server_port: 25545
        extra_services:
          # Internal web map HTTP server
          - port: 8123
        default_minecraft_version: 1.19.4
        rcon_port: 25575
        rcon_password: "{{ lookup('ansible.builtin.password', '/dev/null', seed='khron' ~ inventory_hostname) }}"
        java_sdkman_user: sdkman
        java_sdkman_group: sdkman
        java_version: 21.0.1-graal # Installed by SDKMAN
        java_vm_heap_memory: "3584M"
        cgroup_high_memory: "4864M"
        cgroup_max_memory: "5G"
        backup_exclude_file_list: |
          /srv/khron/bluemap
        discord_notifications:
          # Generated with:
          # $ ansible-vault encrypt_string --vault-password-file secrets/vault_password --stdin-name 'webhook_url'
          webhook_url: !vault |
            $ANSIBLE_VAULT;1.1;AES256
            35343635643065666533303164383636613033383332323562353335653236316363313334376365
            3830616435656365666139613462383135323563343036660a363966366434623733313164663435
            37306432306534643739623564303966393662383063653166613362623338306336656430346330
            3438303238373030620a396633616362323039613839363137613466633934326561623862633665
            62646234393461643562636661336230323131393262363666613566643932643534373238666431
            38353061313966363036383861383535396134653937656334386462646161383961333633393464
            39623638626364313161326535636231616638643261653261666264633438356438653163353632
            35613638316530383461363163396230323634363539346430663231313837363861323066636138
            38326337313963386266376634663034356633313831636535623630313766336365663234643961
            6433306435666433363630623162616534343063333839313662

    - role: ssh_server
      vars:
        restricted_shell_users:
          - name: khron
            restricted_shell: /usr/bin/tmux_kiosk

        sftp_only_users:
          - name: khron-data
            group: khron
            chroot_directory: /srv
            start_directory: /khron # / = chroot_directory

    - role: storage_quotas
      vars:
        group_quotas:
          - name: khron
            limits: 10G 12G 0 0
          - name: backup
            limits: 18G 20G 0 0

    - common_post