tmp-iac/centos/ansible/playbook.yml

117 lines
2.6 KiB
YAML

---
- name: Configure webservers
hosts: debainbasic
remote_user: root
tasks:
- name: Ensure all VMs are reachable
ansible.builtin.ping:
- name: Update package cache
ansible.builtin.apt:
update_cache: true
upgrade: safe
- name: Install git, zip, nginx, wget, curl & other utils
ansible.builtin.apt:
update_cache: true
pkg:
- git
- nginx
- wget
- curl
- gpg
- ca-certificates
- zip
- python3-pip
- virtualenv
- ufw
- fail2ban
- nginx
- dnsutils
- bind9
- python3-setuptools
- name: Create /etc/apt/keyrings dir
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
recurse: true
- name: Add Docker GPG apt Key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add Docker Repository
ansible.builtin.apt_repository:
repo: deb https://download.docker.com/linux/debian buster stable
state: present
- name: Update apt and install docker-ce
ansible.builtin.apt:
name: docker-ce
update_cache: true
- name: Install Docker Module for Python
ansible.builtin.pip:
name: docker
- name: Set logging
community.general.ufw:
logging: "on"
- name: Allow port 22 and enable UFW
community.general.ufw:
state: enabled
rule: allow
proto: tcp
port: "22"
- name: Allow port 80
community.general.ufw:
state: enabled
proto: tcp
rule: allow
port: "80"
- name: Allow port 443
community.general.ufw:
state: enabled
proto: tcp
rule: allow
port: "443"
- name: Allow port 53
community.general.ufw:
state: enabled
proto: udp
rule: allow
port: "43"
- name: Enable and start ufw service
ansible.builtin.service:
name: ufw
enabled: true
state: started
- name: Enable and start nginx service
ansible.builtin.service:
name: nginx
enabled: true
state: started
- name: Enable and start bind9
ansible.builtin.service:
name: bind9
enabled: true
state:
started
# - debug: var=ansible_all_ipv4_addresses
# - debug: var=ansible_default_ipv4.address
handlers:
- name: Restart bind9
ansible.builtin.service:
name: nginx
state: restarted