## installation steps

- Copy `hosts.example` to `hosts`, modifying fields as adequate.
- Look at `group_vars/all/vars.yml`, and set needed settings in `host_vars/<hostname>/vars.yml`.
- Look at the following roles, and for each of them override their `defaults/vars.yml` in host or group vars:
    - `networking/connection`
    - `networking/ddclient`
    - `networking/nameserver`
    - `filesystems`
    - `firewall`
- Create vault for secrets:
    ```
    ansible-vault create host_vars/[hostname]/vault.yml
    ansible-vault edit host_vars/[hostname]/vault.yml
    ```
    Copy-paste `group_vars/all/secret_template.yml` into this vault,
    and modify as needed.

- Add secret files:

    ```
    # Keyfile for LUKS disk encryption
    dd if=/dev/random of=roles/filesystems/files/host1.secret bs=1024 count=2
    ansible-vault encrypt roles/filesystems/files/host1.secret
    # repeat the above for every host with encrypted external storage

    # This is a signing key for Matrix Synapse. It should be from a previous install.
    # If you don't have one, it should be generated by Synapse.
    ansible-vault encrypt roles/services/synapse/files/signing.key.secret
    ```