server-26/infra/ansible/site.yml

---
# Full first-time setup: waits for the VM's startup.sh to finish installing
# Docker, then deploys the stack.  Safe to re-run — all tasks are idempotent.
#
# Usage:
#   ansible-playbook -i inventory.ini site.yml --ask-vault-pass

- name: Bootstrap + deploy DRB server
  hosts: drb
  become: true
  vars_files:
    - vault.yml

  pre_tasks:
    - name: Wait for Docker (startup.sh runs async on first boot)
      command: docker info
      register: _docker
      until: _docker.rc == 0
      retries: 30
      delay: 10
      changed_when: false

    - name: Create 2 GB swap file
      command: fallocate -l 2G /swapfile
      args:
        creates: /swapfile

    - name: Set swap file permissions
      file:
        path: /swapfile
        mode: "0600"

    - name: Format swap file
      command: mkswap /swapfile
      register: _mkswap
      changed_when: _mkswap.rc == 0

    - name: Enable swap
      command: swapon /swapfile
      register: _swapon
      failed_when: _swapon.rc != 0 and 'already' not in _swapon.stderr
      changed_when: _swapon.rc == 0

    - name: Persist swap in fstab
      lineinfile:
        path: /etc/fstab
        line: "/swapfile none swap sw 0 0"
        state: present

    - name: Set swappiness to 10 (use swap only under pressure)
      sysctl:
        name: vm.swappiness
        value: "10"
        sysctl_set: true
        state: present
        reload: true

    - name: Add deploy user to docker group
      user:
        name: "{{ ssh_user }}"
        groups: docker
        append: true

    - name: Create app directory
      file:
        path: "{{ app_dir }}"
        state: directory
        owner: "{{ ssh_user }}"
        group: "{{ ssh_user }}"
        mode: "0755"

  roles:
    - deploy