93 lines
2.1 KiB
YAML
93 lines
2.1 KiB
YAML
---
|
|
- name: Configure webservers
|
|
hosts: debainbasic
|
|
remote_user: root
|
|
|
|
tasks:
|
|
- name: Ensure all VMs are reachable
|
|
ansible.builtin.ping:
|
|
- name: Update package cache
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
upgrade: safe
|
|
|
|
- name: Install git, zip, nginx, wget, curl & other utils
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
pkg:
|
|
- git
|
|
- nginx
|
|
- wget
|
|
- curl
|
|
- gpg
|
|
- ca-certificates
|
|
- zip
|
|
- python3-pip
|
|
- virtualenv
|
|
- ufw
|
|
- fail2ban
|
|
- nginx
|
|
- python3-setuptools
|
|
|
|
- name: Create /etc/apt/keyrings dir
|
|
ansible.builtin.file:
|
|
path: /etc/apt/keyrings
|
|
state: directory
|
|
recurse: true
|
|
|
|
- name: Add Docker GPG apt Key
|
|
ansible.builtin.apt_key:
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
state: present
|
|
|
|
- name: Add Docker Repository
|
|
ansible.builtin.apt_repository:
|
|
repo: deb https://download.docker.com/linux/debian buster stable
|
|
state: present
|
|
|
|
- name: Update apt and install docker-ce
|
|
ansible.builtin.apt:
|
|
name: docker-ce
|
|
update_cache: true
|
|
|
|
- name: Install Docker Module for Python
|
|
ansible.builtin.pip:
|
|
name: docker
|
|
|
|
- name: Set logging
|
|
community.general.ufw:
|
|
logging: "on"
|
|
|
|
- name: Allow port 22 and enable UFW
|
|
community.general.ufw:
|
|
state: enabled
|
|
rule: allow
|
|
proto: tcp
|
|
port: "22"
|
|
|
|
- name: Allow port 80
|
|
community.general.ufw:
|
|
state: enabled
|
|
proto: tcp
|
|
rule: allow
|
|
port: "80"
|
|
|
|
- name: Allow port 443
|
|
community.general.ufw:
|
|
state: enabled
|
|
proto: tcp
|
|
rule: allow
|
|
port: "443"
|
|
|
|
- name: Enable and start ufw service
|
|
ansible.builtin.service:
|
|
name: ufw
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Enable and start nginx service
|
|
ansible.builtin.service:
|
|
name: nginx
|
|
enabled: true
|
|
state: started
|