* setup from scratch:
** install dependencies
ansible-galaxy collection install -r requirements.yml

** run a play
~ansible-playbook -i hosts.yml all.yml --ask-vault-pass --ask-become-pass~

** preparing open_the_vault

* wg
  
** clients
you probably want to deploy clients individually most of the time. to do that, provide a tag, like:
~ansible-playbook -i hosts.yml client_matrix.yml --ask-vault-pass --ask-become-pass --tags matrix_client~

** adding a client
   - generate a new public/private keypair
   - ~umask 077~
   - ~wg genkey | tee privatekey | wg pubkey > publickey~
   - add the pubkey to the groupvars/main.yml
   - add the privkey to the groupvars/vault.yml
   - add a task referencing the new client
   - add a template with the groupvars embedded.

* instructions on specific roles
** awfulAll
awfulAll is a single server that's a catch all for services that don't need a dedicated vm.
~ansible-playbook -i hosts.yml awfulAll.yml --tags awfulAll~
** mediaserver
~ansible-playbook awfulAll.yml --tags mediaserver~
** certs/letsencrypt/acme stuff
   ~ansible-playbook acme-all.yml -v~
   - right now for bouncer, syno