--- - name: Configure webservers hosts: debainbasic remote_user: root tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: - name: Update package cache ansible.builtin.apt: update_cache: true upgrade: safe - name: Install git, zip, nginx, wget, curl & other utils ansible.builtin.apt: update_cache: true pkg: - git - nginx - wget - curl - gpg - ca-certificates - zip - python3-pip - virtualenv - ufw - fail2ban - nginx - dnsutils - bind9 - python3-setuptools - name: Create /etc/apt/keyrings dir ansible.builtin.file: path: /etc/apt/keyrings state: directory recurse: true - name: Add Docker GPG apt Key ansible.builtin.apt_key: url: https://download.docker.com/linux/debian/gpg state: present - name: Add Docker Repository ansible.builtin.apt_repository: repo: deb https://download.docker.com/linux/debian buster stable state: present - name: Update apt and install docker-ce ansible.builtin.apt: name: docker-ce update_cache: true - name: Install Docker Module for Python ansible.builtin.pip: name: docker - name: Set logging community.general.ufw: logging: "on" - name: Allow port 22 and enable UFW community.general.ufw: state: enabled rule: allow proto: tcp port: "22" - name: Allow port 80 community.general.ufw: state: enabled proto: tcp rule: allow port: "80" - name: Allow port 443 community.general.ufw: state: enabled proto: tcp rule: allow port: "443" - name: Allow port 53 community.general.ufw: state: enabled proto: udp rule: allow port: "43" - name: Enable and start ufw service ansible.builtin.service: name: ufw enabled: true state: started - name: Enable and start nginx service ansible.builtin.service: name: nginx enabled: true state: started - name: Enable and start bind9 ansible.builtin.service: name: bind9 enabled: true state: started # - debug: var=ansible_all_ipv4_addresses # - debug: var=ansible_default_ipv4.address handlers: - name: Restart bind9 ansible.builtin.service: name: nginx state: restarted