inventory/production.yml

@@ -1,190 +0,0 @@
----
-router:
-  hosts:
-    machinbox.mateu.be:
-
-physicalservers:
-  hosts:
-    frederica.dmz.mateu.be:
-    serenor.dmz.mateu.be:
-
-hypervisors:
-  hosts:
-    serenor.dmz.mateu.be:
-
-nasservers:
-  hosts:
-    frederica.dmz.mateu.be:
-
-zfsservers:
-  hosts:
-    serenor.dmz.mateu.be:
-    frederica.dmz.mateu.be:
-
-resticservers:
-  hosts:
-    baybay-ponay.mateu.be:
-    bt.dmz.mateu.be:
-    es1.dmz.mateu.be:
-    frederica.dmz.mateu.be:
-    garage1.dmz.mateu.be:
-    git1.dmz.mateu.be:
-    jabber.dmz.mateu.be:
-    mail.dmz.mateu.be:
-    masto1.dmz.mateu.be:
-    muse-HP-EliteBook-820-G2.home.arpa:
-    pinkypie.home.arpa:
-    pt1.dmz.mateu.be:
-    voice1.dmz.mateu.be:
-    vlt1.dmz.mateu.be:
-    web[1:3].dmz.mateu.be:
-
-garageservers:
-  children:
-    garage_prd_cluster:
-      hosts:
-        garage1.dmz.mateu.be:
-    garage_bck_cluster:
-      hosts:
-        frederica.dmz.mateu.be:
-
-elasticsearchservers:
-  hosts:
-    es1.dmz.mateu.be:
-
-nut:
-  children:
-    nut_client:
-      hosts:
-        serenor.dmz.mateu.be:
-        frederica.dmz.mateu.be:
-    nut_server:
-      hosts:
-        serenor.dmz.mateu.be:
-
-webservers:
-  hosts:
-    bt.dmz.mateu.be:
-    garage1.dmz.mateu.be:
-    git1.dmz.mateu.be:
-    jabber.dmz.mateu.be:
-    mail.dmz.mateu.be:
-    masto1.dmz.mateu.be:
-    pt1.dmz.mateu.be:
-    voice3.dmz.mateu.be:
-    munin.dmz.mateu.be:
-    vlt1.dmz.mateu.be:
-    web[1:3].dmz.mateu.be:
-
-peertubeservers:
-  hosts:
-    pt1.dmz.mateu.be:
-
-phpservers:
-  hosts:
-    web[1:3].dmz.mateu.be:
-
-mariadbservers:
-  hosts:
-    web[2:3].dmz.mateu.be:
-
-pgsqlservers:
-  hosts:
-    masto1.dmz.mateu.be:
-    pt1.dmz.mateu.be:
-    web1.dmz.mateu.be:
-    git1.dmz.mateu.be:
-
-giteaservers:
-  hosts:
-    git1.dmz.mateu.be:
-
-actrunnerservers:
-  hosts:
-    git1.dmz.mateu.be:
-
-mastodonservers:
-  hosts:
-    masto1.dmz.mateu.be:
-
-rorservers:
-  hosts:
-    masto1.dmz.mateu.be:
-
-mailservers:
-  hosts:
-    mail.dmz.mateu.be:
-
-xmppservers:
-  hosts:
-    jabber.dmz.mateu.be:
-
-loadbalancers:
-  hosts:
-    haproxy.dmz.mateu.be:
-
-transmission:
-  hosts:
-    bt.dmz.mateu.be:
-
-mumbleservers:
-  hosts:
-    voice1.dmz.mateu.be:
-
-icecastservers:
-  hosts:
-    voice3.dmz.mateu.be:
-
-rsyslogservers:
-  hosts:
-    syslog.dmz.mateu.be:
-
-vaultservers:
-  hosts:
-    vlt1.dmz.mateu.be:
-
-muninservers:
-  hosts:
-    munin.dmz.mateu.be:
-
-disabled_loadbalanced_webservers:
-  hosts:
-
-disabled_system:
-  hosts:
-    baybay-ponay.mateu.be:
-    machinbox.mateu.be:
-    muse-HP-EliteBook-820-G2.home.arpa:
-    pinkypie.home.arpa:
-
-disabled_munin:
-  hosts:
-    baybay-ponay.mateu.be:
-    muse-HP-EliteBook-820-G2.home.arpa:
-    pinkypie.home.arpa:
-
-disabled_syslog:
-  hosts:
-    baybay-ponay.mateu.be:
-    machinbox.mateu.be:
-    muse-HP-EliteBook-820-G2.home.arpa:
-    pinkypie.home.arpa:
-
-# Those are not servers and should not be configured as such
-disabled_server_conf:
-  hosts:
-    baybay-ponay.mateu.be:
-    muse-HP-EliteBook-820-G2.home.arpa:
-    pinkypie.home.arpa:
-
-ftpservers:
-  hosts:
-    ftp.dmz.mateu.be:
-
-domservers:
-  hosts:
-    dom.dmz.mateu.be:
-
-unifiservers:
-  hosts:
-    unifi.dmz.mateu.be:

inventory/proxmox.yml

@@ -0,0 +1,28 @@
+---
+
+plugin: community.general.proxmox
+url: https://serenor.dmz.mateu.be:8006
+user: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32383264316162623632343363653539363432386663393431643463313038373736353332306636
+          3032376462316331333337313136653137323436396536380a633038323762303461626332346632
+          38643362643638333339626232386465626161303336613139646364356661383430316436636639
+          6130383863636331610a666662643565393664613533366237646539663230313631623431643261
+          3238
+password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30343833663162373334373732653433373866376635396633356637656235373233613531376433
+          3033353465313336356562336137623836356163666334650a306131393434656130383239353765
+          38656165633861623863363966383435633331666565616464396336653161626136356130623539
+          3061636531363338380a313265653134333264303730323464306565393838363630626266376237
+          30363735303434323062636437663761346534666266353334396531303561346165
+validate_certs: false
+want_facts: true
+want_proxmox_nodes_ansible_host: false
+
+keyed_groups:
+  - key: proxmox_tags_parsed
+    separator: ""
+
+compose:
+  ansible_host: proxmox_hostname ~ '.dmz.mateu.be'

inventory/static.yml

@@ -0,0 +1,92 @@
+---
+
+all:
+  hosts:
+    machinbox:
+      ansible_host: machinbox.mateu.be
+    serenor:
+      ansible_host: serenor.dmz.mateu.be
+    frederica:
+      ansible_host: frederica.dmz.mateu.be
+    baybay-ponay:
+      ansible_host: baybay-ponay.mateu.be
+    muse-HP-EliteBook-820-G2:
+      ansible_host: muse-HP-EliteBook-820-G2.home.arpa
+    pinkypie:
+      ansible_host: pinkypie.home.arpa
+
+router:
+  hosts:
+    machinbox:
+
+physicalservers:
+  hosts:
+    frederica:
+    serenor:
+
+hypervisors:
+  children:
+    proxmox_nodes:
+
+nasservers:
+  hosts:
+    frederica:
+
+zfsservers:
+  hosts:
+    serenor:
+    frederica:
+
+garageservers:
+  children:
+    garage_prd_cluster:
+    garage_bck_cluster:
+      hosts:
+        frederica:
+
+nut:
+  children:
+    nut_client:
+      hosts:
+        serenor:
+        frederica:
+    nut_server:
+      hosts:
+        serenor:
+
+resticservers:
+  hosts:
+    frederica:
+    baybay-ponay:
+    muse-HP-EliteBook-820-G2:
+    pinkypie:
+
+disabled_loadbalanced_webservers:
+  hosts:
+
+disabled_system:
+  hosts:
+    baybay-ponay:
+    machinbox:
+    muse-HP-EliteBook-820-G2:
+    pinkypie:
+
+disabled_munin:
+  hosts:
+    baybay-ponay:
+    muse-HP-EliteBook-820-G2:
+    pinkypie:
+
+disabled_syslog:
+  hosts:
+    baybay-ponay:
+    machinbox:
+    muse-HP-EliteBook-820-G2:
+    pinkypie:
+
+# Those are not servers and should not be configured as such
+disabled_server_conf:
+  hosts:
+    baybay-ponay:
+    muse-HP-EliteBook-820-G2:
+    pinkypie:

playbooks/bittorrent.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Deploy transmission
-  hosts: transmission
+  hosts: btservers
   diff: true
   roles:
     - transmission

playbooks/firewall.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Retrieve network info
-  hosts: all:!disabled_server_conf:!machinbox.mateu.be
+  hosts: all:!disabled_server_conf:!machinbox
   gather_facts: true
   gather_subset:
     - network

playbooks/loadbalancinghttp.yml

@@ -8,7 +8,7 @@
   tasks: []
 
 - name: Deploy haproxy
-  hosts: loadbalancers
+  hosts: lbservers
   diff: true
   roles:
     - haproxy

playbooks/smtprelay.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Deploy smtp relay
-  hosts: all:!disabled_server_conf:!machinbox.mateu.be:!mail.dmz.mateu.be
+  hosts: all:!disabled_server_conf:!machinbox:!mail
   diff: true
   roles:
     - smtprelay

playbooks/webapps.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Install libertus webapplications
-  hosts: web1.dmz.mateu.be
+  hosts: web1
   diff: true
   roles:
     - role: bac
@@ -20,7 +20,7 @@
       tags: [never, nextcloud]
 
 - name: Install dojo webapplications
-  hosts: web2.dmz.mateu.be
+  hosts: web2
   diff: true
   roles:
     - wordpress

playbooks/webservers.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Retrieve network info
-  hosts: loadbalancers
+  hosts: lbservers
   gather_facts: true
   gather_subset:
     - network

roles/firewall/templates/firewall.j2

@@ -120,7 +120,7 @@ config rule
 config rule
 	option name 'Allow-DMZ-Syslog'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['syslog.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['syslog']['ansible_default_ipv4']['address'] }}'
 	option dest_port '514'
 	list proto 'udp'
 	option target 'ACCEPT'
@@ -173,7 +173,7 @@ config redirect
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['haproxy.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}'
 	option dest_port '80'
 	option target 'DNAT'
 
@@ -184,14 +184,14 @@ config redirect
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['haproxy.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}'
 	option dest_port '443'
 	option target 'DNAT'
 
 # Allow Web traffic IN
-{% for host in groups['webservers'] %}
+{% for host in groups['webservers'] | sort %}
 config rule
-	option name 'Allow-INPUT-{{ host }}-Web'
+	option name 'Allow-INPUT-{{ hostvars[host]['ansible_host'] }}-Web'
 	option src 'wan'
 	list proto 'tcp'
 	list proto 'udp'
@@ -207,7 +207,7 @@ config rule
 config rule
 	option name 'Allow-OUTPUT-BT'
 	option src 'dmz'
-	option src_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option src_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}'
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'wan'
@@ -217,7 +217,7 @@ config rule
 config rule
 	option name 'Allow-OUTPUT-BT'
 	option src 'dmz'
-	option src_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option src_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}'
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'wan'
@@ -230,7 +230,7 @@ config rule
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option dest_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}'
 	option dest_port '10010'
 	option target 'ACCEPT'
 	option family 'ipv6'
@@ -242,7 +242,7 @@ config redirect
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}'
 	option dest_port '10010'
 	option target 'DNAT'
 
@@ -275,7 +275,7 @@ config redirect
 config rule
 	option name 'Allow-OUTPUT-XMPP-s2s'
 	option src 'dmz'
-	option src_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address']}}'
+	option src_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address']}}'
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'wan'
@@ -286,7 +286,7 @@ config rule
 config rule
 	option name 'Allow-OUTPUT-XMPP-s2s'
 	option src 'dmz'
-	option src_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option src_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}'
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'wan'
@@ -301,7 +301,7 @@ config redirect
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}'
 	option dest_port '5222'
 	option target 'DNAT'
 
@@ -312,7 +312,7 @@ config redirect
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}'
 	option dest_port '5269'
 	option target 'DNAT'
 
@@ -322,7 +322,7 @@ config rule
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option dest_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}'
 	option dest_port '5222 5269'
 	option target 'ACCEPT'
 	option family 'ipv6'
@@ -334,7 +334,7 @@ config rule
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['voice1.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option dest_ip '{{ hostvars['voice1']['ansible_default_ipv6']['address'] }}'
 	option dest_port '64738'
 	option target 'ACCEPT'
 	option family 'ipv6'
@@ -346,7 +346,7 @@ config redirect
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['voice1.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['voice1']['ansible_default_ipv4']['address'] }}'
 	option dest_port '64738'
 	option target 'DNAT'
 
@@ -354,7 +354,7 @@ config redirect
 config rule
 	option name 'Allow-OUTPUT-SMTP'
 	option src 'dmz'
-	option src_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option src_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
 	list proto 'tcp'
 	option dest 'wan'
 	option dest_port '25'
@@ -366,7 +366,7 @@ config rule
 	option src 'wan'
 	list proto 'tcp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}'
 	option dest_port '25 465 587'
 	option target 'ACCEPT'
 	option family 'ipv6'
@@ -376,7 +376,7 @@ config rule
 	option src 'wan'
 	list proto 'tcp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}'
 	option dest_port '143 993'
 	option target 'ACCEPT'
 	option family 'ipv6'
@@ -387,7 +387,7 @@ config redirect
 	option src_dport '25'
 	list proto 'tcp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
 	option dest_port '25'
 	option target 'DNAT'
 
@@ -397,7 +397,7 @@ config redirect
 	option src_dport '465'
 	list proto 'tcp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
 	option dest_port '465'
 	option target 'DNAT'
 
@@ -407,7 +407,7 @@ config redirect
 	option src_dport '587'
 	list proto 'tcp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
 	option dest_port '587'
 	option target 'DNAT'
 
@@ -417,7 +417,7 @@ config redirect
 	option src_dport '143'
 	list proto 'tcp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
 	option dest_port '143'
 	option target 'DNAT'
 
@@ -427,7 +427,7 @@ config redirect
 	option src_dport '993'
 	list proto 'tcp'
 	option dest 'lan'
-	option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
 	option dest_port '993'
 	option target 'DNAT'
 
@@ -435,7 +435,7 @@ config redirect
 config rule
 	option name 'Allow-INPUT-Munin'
 	option src 'dmz'
-	option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}'
 	list proto 'tcp'
 	option dest_port '4949'
 	option target 'ACCEPT'
@@ -444,7 +444,7 @@ config rule
 config rule
 	option name 'Allow-FORWARD-Munin-Mikrotik-Garregmach'
 	option src 'dmz'
-	option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}'
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'lan'
@@ -456,7 +456,7 @@ config rule
 config rule
 	option name 'Allow-FORWARD-Munin-Mikrotik-Derdriu'
 	option src 'dmz'
-	option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}'
 	list proto 'tcp'
 	list proto 'udp'
 	option dest 'lan'
@@ -530,7 +530,7 @@ config rule
 	option src 'iot'
 	list proto 'tcp'
 	option dest 'dmz'
-	option dest_ip '{{ hostvars['ftp.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ hostvars['ftp']['ansible_default_ipv4']['address'] }}'
 	option dest_port '21 10100-10110'
 	option target 'ACCEPT'
 

roles/haproxy/templates/haproxy.cfg.j2

@@ -45,7 +45,7 @@ frontend http
 {% for hostname in hostvars[server]['web_hostname'] | sort(attribute='host') %}
 	## {{ hostname.host }} configuration
 	acl host_{{ hostname.host }} hdr(host) -i {{ hostname.host }}
-	use_backend http_{{ server }} if letsencrypt host_{{ hostname.host }}
+	use_backend http_{{ hostvars[server].ansible_host }} if letsencrypt host_{{ hostname.host }}
 
 {% endfor %}
 {% endfor %}
@@ -64,21 +64,21 @@ frontend https
 	acl network_allowed_{{ hostname.host }} src {% for addrv4 in hostname.allowlistv4 %}{{ addrv4 }}{% endfor %}
 
 {% endif %}
-	use_backend https_{{ server }} if host_{{ hostname.host }}{% if hostname.allowlistv4 is defined %} network_allowed_{{ hostname.host }}{% endif %}
+	use_backend https_{{ hostvars[server].ansible_host }} if host_{{ hostname.host }}{% if hostname.allowlistv4 is defined %} network_allowed_{{ hostname.host }}{% endif %}
 
 
 {% endfor %}
 {% endfor %}
 
 {% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) | sort %}
-## {{ server }} configuration
-backend http_{{ server }}
+## {{ hostvars[server].ansible_host }} configuration
+backend http_{{ hostvars[server].ansible_host }}
 	mode http
-	server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:80
+	server host_{{ hostvars[server].ansible_host.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:80
 
-backend https_{{ server }}
+backend https_{{ hostvars[server].ansible_host }}
 	mode tcp
-	server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:443
+	server host_{{ hostvars[server].ansible_host.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:443
 
 {% endfor %}
 

roles/munin_client/tasks/main.yml

@@ -41,7 +41,7 @@
     update_cache: true
   notify:
     - Restart munin-node
-  when: "'webservers' in group_names or 'loadbalancers' in group_names"
+  when: "'webservers' in group_names or 'lbservers' in group_names"
 
 # for HAProxy servers
 - name: Add haproxy backend module
@@ -51,7 +51,7 @@
     state: link
   notify:
     - Restart munin-node
-  when: "'loadbalancers' in group_names"
+  when: "'lbservers' in group_names"
 
 # For MariaDB servers
 - name: Install MariaDB servers

roles/munin_client/templates/munin-node.conf.j2

@@ -34,14 +34,14 @@ ignore_file \.pod$
 # Set this if the client doesn't report the correct hostname when
 # telnetting to localhost, port 4949
 #
-host_name {{ inventory_hostname }}
+host_name {{ ansible_host }}
 
 # A list of addresses that are allowed to connect.  This must be a
 # regular expression, since Net::Server does not understand CIDR-style
 # network notation unless the perl module Net::CIDR is installed.  You
 # may repeat the allow line as many times as you'd like
 
-allow ^{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'].split('.')|join('\.') }}
+allow ^{{ hostvars['munin']['ansible_default_ipv4']['address'].split('.')|join('\.') }}
 allow ^127\.0\.0\.1$
 allow ^::1$
 

roles/munin_server/templates/munin.conf.j2

@@ -97,7 +97,7 @@ includedir /etc/munin/munin-conf.d
 # a simple host tree
 
 {% for host in groups['all'] | difference(groups['disabled_munin']) | sort %}
-[{{ host }}]
+[{{ hostvars[host].ansible_host }}]
 	address {{ hostvars[host]['ansible_default_ipv4']['address'] }}
 {% endfor %}
 

roles/nginx/templates/header.conf.j2

@@ -9,7 +9,7 @@
 	error_log /var/log/nginx/{{ item.host }}.error.log;
 	error_log syslog:server=unix:/dev/log;
 {% if item.allowlistv4 is defined %}
-	allow {{ hostvars['haproxy.dmz.mateu.be'].ansible_default_ipv4.address }};
+	allow {{ hostvars['haproxy']['ansible_default_ipv4']['address'] }};
 {% endif %}
 {% if item.allowlistv6 is defined %}
 {% for addrv6 in item.allowlistv6 %}

roles/nodejs/tasks/main.yml

@@ -26,5 +26,5 @@
 - name: Install nodejs
   ansible.builtin.package:
     name: nodejs
-    state: latest
+    state: present
     update_cache: true

roles/restic/vars/main.yml

@@ -6,4 +6,4 @@ restic_architecture: "amd64"
 restic_system: "{{ ansible_facts['system'] | lower }}"
 restic_download_url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2"
 
-restic_repository: "{{ restic_s3_url }}/{{ inventory_hostname }}"
+restic_repository: "{{ restic_s3_url }}/{{ ansible_host }}"