Grafana is now optional

all.yml

@@ -18,7 +18,7 @@
 
 - hosts: grafana
   roles:
-    - { role: grafana, tags: grafana }
+    - { role: grafana, tags: [ never, grafana ] }
 
 - hosts: mail
   roles:

inventory.yml

@@ -75,6 +75,10 @@ lxc:
       ansible_host: 10.255.3.17
       resources: { cpu: 1, ram: 1024, swap: 1024, disk: 16 }
 
+    action.vm.chapo.li:
+      ansible_host: 10.255.3.18
+      resources: { cpu: 4, ram: 2048, swap: 1024, disk: 32 }
+
 
   vars:
     ansible_user: root
@@ -116,6 +120,7 @@ docker:
     todo.vm.chapo.li:
     sharkey.vm.chapo.li:
     status.vm.chapo.li:
+    action.vm.chapo.li:
 
 backup:
   hosts:

roles/certbot-dns/tasks/main.yml

@@ -11,7 +11,7 @@
     mode: 0600
 
 - name: Query lets encrypt certificate
-  shell: 'letsencrypt certonly -n --dns-rfc2136 --dns-rfc2136-credentials /root/dns-secret.ini -m {{ letsencrypt_email|default("me@chapoline.me") }} --expand --agree-tos -d {{ cert.name }} {% for a in cert.alias %} -d {{a}}{% endfor %} {% if cert.renewal_hook %}--deploy-hook "{{ cert.renewal_hook }}"{{ endif }}'
+  shell: 'letsencrypt certonly -n --dns-rfc2136 --dns-rfc2136-credentials /root/dns-secret.ini -m {{ letsencrypt_email|default("me@chapoline.me") }} --expand --agree-tos -d {{ cert.name }} {% for a in cert.alias %} -d {{a}}{% endfor %} {% if cert.renewal_hook %}--deploy-hook "{{ cert.renewal_hook }}"{% endif %}'
   ignore_errors: true
 
 - name: Create a few symbolic links

roles/dns/tasks/main.yml

@@ -81,6 +81,13 @@
   loop: "{{ zones|default(zone_list) }}"
   notify: Restart bind9
 
+- name: Remove journal zone files
+  file:
+    path: "/etc/bind/master/{{ item.name }}.db.jnl"
+    state: absent
+  loop: "{{ zones|default(zone_list) }}"
+  notify: Restart bind9
+
 # - name: Create reverse zone files
 
 - name: Check configuration integrity