--- - name: Deploy KVM virtual machines ansible.builtin.import_playbook: include/deploy-kvm-guest.yml vars: myhosts: frigate - name: Configure instance hosts: frigate user: root gather_facts: true vars_files: - "{{ ansible_private }}/vars.yml" pre_tasks: - name: Mount /export ansible.posix.mount: name: /export src: LABEL=/export fstype: xfs opts: noatime,noexec,nosuid,nodev passno: "0" dump: "0" state: mounted roles: - base - mod_auth_gssapi - role: keytab keytab_path: /etc/httpd/httpd.keytab keytab_principals: HTTP/cctv.foo.sh@FOO.SH keytab_group: apache tasks: - name: Run handlers to get interfaces configured ansible.builtin.meta: flush_handlers - name: Copy DNS zone files ansible.builtin.copy: dest: "/var/lib/unbound/{{ item }}" src: "/srv/dns/{{ item }}" mode: "0644" owner: root group: "{{ ansible_wheel }}" tags: dns notify: Restart unbound with_items: - 26.20.172.in-addr.arpa - cam.foo.sh - name: Include unbound role ansible.builtin.import_role: name: unbound - name: Include dhcpd role ansible.builtin.include_role: name: dhcpd - name: Include frigate role ansible.builtin.include_role: name: frigate - name: Require authentication for frigate ansible.builtin.copy: dest: /etc/httpd/conf.local.d/frigate-auth.conf content: | AuthType GSSAPI GssapiBasicAuth On AuthName "Password Required" Require valid-user mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart apache - name: Enable NTP server for cam network ansible.builtin.lineinfile: path: /etc/chrony.conf regexp: "^#?allow .*" line: "allow 172.20.26.0/24"