adrian/jean-cloud-services
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
01c3e5374d
jean-cloud-services/provisioning/roles/jean-cloud-common/tasks/main.yml
Adrian Amaglio 01c3e5374d certs and stuff
2023-09-15 10:57:47 +02:00

120 lines
2.9 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# tasks file for jean-cloud-common
- name: Set hostname
ansible.builtin.hostname:
name: "{{inventory_hostname}}"
when: inventory_hostname is defined
- name: Set hostname IP
ansible.builtin.lineinfile:
path: /etc/hosts
line: "{{item}}"
with_items:
- "172.0.0.1 {{inventory_hostname}}"
- "::1 {{inventory_hostname}}"
- name: Set shlago IP
ansible.builtin.lineinfile:
path: /etc/hosts
line: "{{item}}"
with_items:
- "172.0.0.1 shlago.jean-cloud.org"
- "::1 shlago.jean-cloud.org"
when: inventory_hostname in groups["shlago"]
# Account for deploying SSL certs
- name: Add certs user
ansible.builtin.user:
name: certs
shell: /bin/bash
home: /data/letsencrypt.jean-cloud.org
- name: Set authorized key, removing all the authorized keys already set
ansible.posix.authorized_key:
user: certs
key: "{{ lookup('file', 'certs.pub') }}"
state: present
exclusive: true
#
- name: Show last changed password for security
copy:
dest: /etc/profile.d/user_last_passwd.sh
owner: root
group: root
mode: '0644'
content: |
#!/bin/bash
RED='\033[0;31m'
NC='\033[0m' # No Color
echo -e "Password last changed on $RED$(passwd -S $USER | cut -d ' ' -f 3)$NC"
- name: Install some softwares
apt:
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'hugo', 'netcat-openbsd', 'nginx', 'podman', 'rclone', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
state: latest
# TODO disable certbot and certbot.timer services. We are using our own
- name: create needed dirs
ansible.builtin.file:
path: "{{item}}"
state: directory
with_items:
- /docker
- /srv/http
- /data
- /etc/letsencrypt
- name: Install docker-compose bash autocompletion
get_url:
url: https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose
dest: /etc/bash_completion.d/docker-compose
mode: '0705'
owner: 'root'
- name: Add letsencrypt crontab
ansible.builtin.lineinfile:
path: /etc/crontab
line: '26 03 * * * root letsencrypt.sh'
- name: Docker config
ansible.builtin.copy:
dest: /etc/docker/daemon.json
content: |
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
#TODO add this to /etc/docker/daemon.json
#{
# "iptables": false
#}
- name: Bash history
ansible.builtin.copy:
dest: /etc/profile.d/history.sh
mode : 755
content: |
HISTSIZE=
HISTFILESIZE=10000
HISTTIMEFORMAT="%Y%m%d-%T "
export HISTSIZE HISTFILESIZE HISTTIMEFORMAT
- name : Disable docker service
service:
name: "{{ item }}"
state: stopped
enabled: false
with_items:
- docker
- docker.socket
Reference in New Issue View Git Blame Copy Permalink