133 lines
3 KiB
YAML
133 lines
3 KiB
YAML
---
|
|
- name: Configure webservers
|
|
hosts: debainbasic
|
|
remote_user: atm
|
|
|
|
tasks:
|
|
- name: Ensure all VMs are reachable
|
|
ansible.builtin.ping:
|
|
- name: Update package cache
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
upgrade: safe
|
|
|
|
- name: Install git, zip, nginx, wget, curl & other utils
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
pkg:
|
|
- git
|
|
- nginx
|
|
- wget
|
|
- curl
|
|
- gpg
|
|
- ca-certificates
|
|
- zip
|
|
- python3-pip
|
|
- virtualenv
|
|
- ufw
|
|
- fail2ban
|
|
- nginx
|
|
- dnsutils
|
|
- bind9
|
|
- python3-setuptools
|
|
- postgresql
|
|
- postgresql-contrib
|
|
- python3-psycopg2
|
|
|
|
- name: Create /etc/apt/keyrings dir
|
|
ansible.builtin.file:
|
|
path: /etc/apt/keyrings
|
|
state: directory
|
|
recurse: true
|
|
|
|
- name: Add Docker GPG apt Key
|
|
ansible.builtin.apt_key:
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
state: present
|
|
|
|
- name: Add Docker Repository
|
|
ansible.builtin.apt_repository:
|
|
repo: deb https://download.docker.com/linux/debian buster stable
|
|
state: present
|
|
|
|
- name: Update apt and install docker-ce
|
|
ansible.builtin.apt:
|
|
name: docker-ce
|
|
update_cache: true
|
|
|
|
- name: Install Docker Module for Python
|
|
ansible.builtin.pip:
|
|
name: docker
|
|
|
|
- name: Set logging
|
|
community.general.ufw:
|
|
logging: "on"
|
|
|
|
- name: Allow port 22 and enable UFW
|
|
community.general.ufw:
|
|
state: enabled
|
|
rule: allow
|
|
proto: tcp
|
|
port: "22"
|
|
|
|
- name: Allow port 80
|
|
community.general.ufw:
|
|
state: enabled
|
|
proto: tcp
|
|
rule: allow
|
|
port: "80"
|
|
|
|
- name: Allow port 443
|
|
community.general.ufw:
|
|
state: enabled
|
|
proto: tcp
|
|
rule: allow
|
|
port: "443"
|
|
|
|
- name: Allow port 53
|
|
community.general.ufw:
|
|
state: enabled
|
|
proto: udp
|
|
rule: allow
|
|
port: "43"
|
|
|
|
- name: Enable and start ufw service
|
|
ansible.builtin.service:
|
|
name: ufw
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Enable and start nginx service
|
|
ansible.builtin.service:
|
|
name: nginx
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Enable and start bind9
|
|
ansible.builtin.service:
|
|
name: bind9
|
|
enabled: true
|
|
state:
|
|
started
|
|
|
|
- name: "Find out if PostgreSQL is initialized"
|
|
ansible.builtin.stat:
|
|
path: "/var/lib/pgsql/data/pg_hba.conf"
|
|
register: postgres_data
|
|
|
|
- name: "Start and enable services"
|
|
service: "name={{ item }} state=started enabled=yes"
|
|
with_items:
|
|
- postgresql
|
|
|
|
# - debug: var=ansible_all_ipv4_addresses
|
|
# - debug: var=ansible_default_ipv4.address
|
|
|
|
handlers:
|
|
- name: Restart bind9
|
|
ansible.builtin.service:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- name: restart postgres
|
|
service: name=postgresql state=restarted
|