libreddit-loadbalance-demo/ansible/loadbalance.yml

83 lines
1.8 KiB
YAML
Raw Permalink Normal View History

# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Configure loadbalancers
hosts: bullseye_loadbalance
2023-07-20 13:44:36 +05:30
remote_user: atm
become: true
pre_tasks:
- name: Install nginx
become: true
ansible.builtin.apt:
update_cache: true
pkg:
- nginx
- ca-certificates
2023-07-20 13:44:36 +05:30
collections:
- devsec.hardening
roles:
- dev-sec.nginx-hardening
tasks:
- name: Add user atm to docker group
ansible.builtin.user:
name: atm
groups: users,admin
- name: Set logging
community.general.ufw:
logging: "on"
- name: Allow port 22 and enable UFW
community.general.ufw:
state: enabled
rule: allow
proto: tcp
port: "22"
- name: Allow port 80
community.general.ufw:
state: enabled
proto: tcp
rule: allow
port: "80"
- name: Allow port 443
community.general.ufw:
state: enabled
proto: tcp
rule: allow
port: "443"
- name: Enable and start ufw service
ansible.builtin.service:
name: ufw
enabled: true
state: started
- name: Copy the Nginx config file and restart nginx
ansible.builtin.copy:
src: ./assets/nginx.cfg
2023-07-20 13:44:36 +05:30
dest: /etc/nginx/sites-available/libreddit
- name: Create symlink
ansible.builtin.file:
2023-07-20 13:44:36 +05:30
src: /etc/nginx/sites-available/libreddit
dest: /etc/nginx/sites-enabled/libreddit
state: link
- name: Enable and start nginx service
ansible.builtin.service:
name: nginx
enabled: true
state: started
- name: Enable and start nginx service
ansible.builtin.service:
name: nginx
enabled: true
state: restarted