--- - name: Configure virtual private servers hosts: vps gather_facts: yes vars: # # below is just to remind you to use '-u' instead # ansible_user: "{{ root_auths[0].username }}" # # below is just to remind you to use '--ask-pass' instead # ansible_password: "{{ root_auths[0].password }}" FAMILY: "{{ ansible_facts['os_family'] }}" CURRENT_HOST_IP4: "{{ ansible_facts['default_ipv4']['address'] }}" CURRENT_HOST_IP6: "{{ ansible_facts['default_ipv6']['address'] }}" FQDN: "{{ domain_name | default(inventory_hostname, true) }}" acme_challenge: no pre_tasks: - name: Set timezone become: yes become_method: sudo community.general.timezone: name: "{{ tzone }}" register: timezone_set tags: ['baseconf', 'timezone_setting'] - name: Set hostname become: yes become_method: sudo hostname: name: "{{ hname }}" use: "{{ FAMILY.lower() }}" register: hostname_set tags: ['baseconf', 'hostname_initialization'] - name: Add remote host alias to hosts file become: yes become_method: sudo lineinfile: path: /etc/hosts search_string: "127.0.1.1" line: "127.0.1.1 {{ hname }}" state: present create: yes register: hosts_updated tags: ['baseconf', 'hostsfile_update'] - name: Add remote host public address aliases to hosts file become: yes become_method: sudo lineinfile: path: /etc/hosts search_string: "{{ CURRENT_HOST_IP4 }}" line: "{{ CURRENT_HOST_IP4 }} {{ FQDN }} {{ hname }}" state: present create: yes register: hosts_updated when: CURRENT_HOST_IP4 is defined tags: ['baseconf', 'hostsfile_update'] - name: Add remote host public address aliases to hosts file become: yes become_method: sudo lineinfile: path: /etc/hosts search_string: "{{ CURRENT_HOST_IP6 }}" line: "{{ CURRENT_HOST_IP6 }} {{ FQDN }} {{ hname }}" state: present create: yes register: hosts_updated when: CURRENT_HOST_IP6 is defined tags: ['baseconf', 'hostsfile_update'] - name: Create a directory for client source code file: path: "{{ ansible_facts['user_dir'] }}/src/clients" state: directory - name: Create a directory for container service compose files file: path: "{{ compose_source_path }}" state: directory # - name: Create a directory for website or web server source code # file: # path: "{{ ansible_facts['user_dir'] }}/src/services/web" # state: directory tasks: - name: Configure core packages include_role: name: bootstrap tasks_from: config@corepkgs.yml defaults_from: main vars_from: main vars: #@TODO improve filters for defining the two below variables official_name: "{{ [admin.actual_name if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}" official_email: "{{ [admin.email if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}" register: pkgs_configured tags: ['default', 'configure_pkgs'] - name: Configure DNS using Certbot include_role: name: bootstrap tasks_from: configure_core/certbot.yml defaults_from: options/certbot.yml vars_from: options/certbot.yml register: dns_challenge_made when: acme_challenge tags: ['default', 'with_porkbun_api'] - name: Import DNS certificates and keys block: - name: Create SSL certificate become: yes become_method: sudo copy: src: ssl/domain.cert.pem dest: "{{ web_root }}/domain.cert.pem" force: yes backup: yes - name: Create private key become: yes become_method: sudo copy: src: ssl/private.key.pem dest: "{{ web_root }}/private.key.pem" force: yes backup: yes - name: Create public key become: yes become_method: sudo copy: src: ssl/public.key.pem dest: "{{ web_root }}/public.key.pem" force: yes backup: yes when: not acme_challenge tags: ['default'] post_tasks: - name: Do a system upgrade include_role: name: bootstrap tasks_from: "upgrade@{{ FAMILY }}.yml" vars: upgrade_type: dist register: system_initialized tags: ['default', 'initial_system_upgrade']