iac/ansible/mcaptcha.yml

98 lines
2.4 KiB
YAML

# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#---
- name: Base configuration
ansible.builtin.import_playbook: base.yml
- name: Install and configure postgres
hosts: mcaptcha_hosts
become: yes
vars_files:
- vars/mcaptcha/vars.yml
- vars/mcaptcha/db-common.yml
- vars/mcaptcha/postgresql.yml
tasks:
- ansible.builtin.include_role:
name: geerlingguy.postgresql
when:
database_type == "postgres"
- name: Install and configure mariadb
hosts: mcaptcha_hosts
become: yes
vars_files:
- vars/mcaptcha/vars.yml
- vars/mcaptcha/db-common.yml
- vars/mcaptcha/mariadb.yml.yml
tasks:
- ansible.builtin.include_role:
name: geerlingguy.mysql
when:
database_type == "mariadb"
- name: Install and configure cache
hosts: mcaptcha_hosts
become: yes
vars_files:
- vars/mcaptcha/vars.yml
tasks:
- name: conditionally install redis cache
ansible.builtin.include_role:
name: cache
when: cache_type == "redis"
- name: Install mCaptcha binary
hosts: mcaptcha_hosts
remote_user: atm
vars_files:
- vars/mcaptcha/vars.yml
- vars/mcaptcha/db-common.yml
- vars/mcaptcha/mcaptcha.yml
roles:
- mcaptcha
tasks:
- name: restart mcaptcha
debug:
msg: "mCaptcha successfully deployed to {{ mcaptcha_server_hostname }}"
notify: restart mcaptcha
- name: Install git, zip, nginx, wget, curl & other utils
become: true
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
pkg:
- nginx
- ufw
- name: Copy nginx vhost
become: true
ansible.builtin.template:
src: ./templates/mcaptcha/nginx.vhost.j2
dest: "/etc/nginx/sites-available/{{ mcaptcha_server_hostname }}"
owner: root
group: root
force: true
mode: "0644"
- name: Copy nginx vhost
become: true
ansible.builtin.file:
src: "/etc/nginx/sites-available/{{ mcaptcha_server_hostname }}"
dest: "/etc/nginx/sites-enabled/{{ mcaptcha_server_hostname }}"
state: link
- name: Restart nginx
become: true
ansible.builtin.service:
name: nginx
state: restarted
- name: Allow port 80 and enable UFW
become: true
community.general.ufw:
state: enabled
rule: allow
proto: tcp
port: "80"