fix: use sudo instead of root
This commit is contained in:
parent
4d374c336b
commit
52024b674f
GPG key ID:
AD9F0F08E855ED88
2 changed files with 29 additions and 9 deletions
|
|
@ -8,45 +8,50 @@
|
||||||
remote_user: atm
|
remote_user: atm
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure all VMs are reachable
|
|
||||||
ansible.builtin.ping:
|
|
||||||
|
|
||||||
- name: Create /etc/apt/keyrings dir
|
- name: Create /etc/apt/keyrings dir
|
||||||
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/apt/keyrings
|
path: /etc/apt/keyrings
|
||||||
state: directory
|
state: directory
|
||||||
recurse: true
|
recurse: true
|
||||||
|
|
||||||
- name: Add Docker GPG apt Key
|
- name: Add Docker GPG apt Key
|
||||||
|
become: true
|
||||||
ansible.builtin.apt_key:
|
ansible.builtin.apt_key:
|
||||||
url: https://download.docker.com/linux/debian/gpg
|
url: https://download.docker.com/linux/debian/gpg
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Add Docker Repository
|
- name: Add Docker Repository
|
||||||
|
become: true
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
repo: deb https://download.docker.com/linux/debian buster stable
|
repo: deb https://download.docker.com/linux/debian buster stable
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Update apt and install docker-ce
|
- name: Update apt and install docker-ce
|
||||||
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: docker-ce
|
name: docker-ce
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
- name: Install Docker Module for Python
|
- name: Install Docker Module for Python
|
||||||
|
become: true
|
||||||
ansible.builtin.pip:
|
ansible.builtin.pip:
|
||||||
name: docker
|
name: docker
|
||||||
|
|
||||||
- name: Ensure docker group is present
|
- name: Ensure docker group is present
|
||||||
|
become: true
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: docker
|
name: docker
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Add user atm to docker group
|
- name: Add user atm to docker group
|
||||||
|
become: true
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: atm
|
name: atm
|
||||||
groups: docker,users,admin
|
groups: docker,users,admin
|
||||||
|
|
||||||
- name: Deploy libreddit
|
- name: Deploy libreddit
|
||||||
|
become: true
|
||||||
ansible.builtin.docker_container:
|
ansible.builtin.docker_container:
|
||||||
name: libreddit
|
name: libreddit
|
||||||
state: started
|
state: started
|
||||||
|
|
@ -56,6 +61,7 @@
|
||||||
- "8080:8080"
|
- "8080:8080"
|
||||||
|
|
||||||
- name: Allow port 8080
|
- name: Allow port 8080
|
||||||
|
become: true
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
state: enabled
|
state: enabled
|
||||||
proto: tcp
|
proto: tcp
|
||||||
|
|
|
||||||
|
|
@ -3,19 +3,22 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
---
|
---
|
||||||
- name: Configure webservers
|
- name: Install and enable firewall
|
||||||
hosts: [bullseye_libreddit,bullseye_loadbalance]
|
hosts: all
|
||||||
remote_user: root
|
remote_user: atm
|
||||||
|
pre_tasks:
|
||||||
tasks:
|
|
||||||
- name: Ensure all VMs are reachable
|
- name: Ensure all VMs are reachable
|
||||||
ansible.builtin.ping:
|
ansible.builtin.ping:
|
||||||
- name: Update package cache
|
|
||||||
|
tasks:
|
||||||
|
- name: Update all packages
|
||||||
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
upgrade: safe
|
upgrade: safe
|
||||||
|
|
||||||
- name: Install git, zip, nginx, wget, curl & other utils
|
- name: Install git, zip, nginx, wget, curl & other utils
|
||||||
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
pkg:
|
pkg:
|
||||||
|
|
@ -24,6 +27,7 @@
|
||||||
- curl
|
- curl
|
||||||
- gpg
|
- gpg
|
||||||
- ca-certificates
|
- ca-certificates
|
||||||
|
- ntp
|
||||||
- zip
|
- zip
|
||||||
- python3-pip
|
- python3-pip
|
||||||
- virtualenv
|
- virtualenv
|
||||||
|
|
@ -32,10 +36,12 @@
|
||||||
|
|
||||||
|
|
||||||
- name: Set logging
|
- name: Set logging
|
||||||
|
become: true
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
logging: "on"
|
logging: "on"
|
||||||
|
|
||||||
- name: Allow port 22 and enable UFW
|
- name: Allow port 22 and enable UFW
|
||||||
|
become: true
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
state: enabled
|
state: enabled
|
||||||
rule: allow
|
rule: allow
|
||||||
|
|
@ -44,7 +50,15 @@
|
||||||
|
|
||||||
|
|
||||||
- name: Enable and start ufw service
|
- name: Enable and start ufw service
|
||||||
|
become: true
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: ufw
|
name: ufw
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
|
- name: Enable and start ufw service
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: ntp
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue