xenobyte/sukaato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c332dc51e6caca14e22ad7026d70d99b7754322c
sukaato-ansible/configure@vps.yml

140 lines
4.6 KiB
YAML
Raw Blame History

---
- name: Configure virtual private servers
hosts: vps
gather_facts: yes
vars:
# # below is just to remind you to use '-u' instead
# ansible_user: "{{ root_auths[0].username }}"
# # below is just to remind you to use '--ask-pass' instead
# ansible_password: "{{ root_auths[0].password }}"
FAMILY: "{{ ansible_facts['os_family'] }}"
CURRENT_HOST_IP4: "{{ ansible_facts['default_ipv4']['address'] }}"
CURRENT_HOST_IP6: "{{ ansible_facts['default_ipv6']['address'] }}"
FQDN: "{{ domain_name | default(inventory_hostname, true) }}"
acme_challenge: no
pre_tasks:
- name: Set timezone
become: yes
become_method: sudo
community.general.timezone:
name: "{{ tzone }}"
register: timezone_set
tags: ['baseconf', 'timezone_setting']
- name: Set hostname
become: yes
become_method: sudo
hostname:
name: "{{ hname }}"
use: "{{ FAMILY.lower() }}"
register: hostname_set
tags: ['baseconf', 'hostname_initialization']
- name: Add remote host alias to hosts file
become: yes
become_method: sudo
lineinfile:
path: /etc/hosts
search_string: "127.0.1.1"
line: "127.0.1.1 {{ hname }}"
state: present
create: yes
register: hosts_updated
tags: ['baseconf', 'hostsfile_update']
- name: Add remote host public address aliases to hosts file
become: yes
become_method: sudo
lineinfile:
path: /etc/hosts
search_string: "{{ CURRENT_HOST_IP4 }}"
line: "{{ CURRENT_HOST_IP4 }} {{ FQDN }} {{ hname }}"
state: present
create: yes
register: hosts_updated
when: CURRENT_HOST_IP4 is defined
tags: ['baseconf', 'hostsfile_update']
- name: Add remote host public address aliases to hosts file
become: yes
become_method: sudo
lineinfile:
path: /etc/hosts
search_string: "{{ CURRENT_HOST_IP6 }}"
line: "{{ CURRENT_HOST_IP6 }} {{ FQDN }} {{ hname }}"
state: present
create: yes
register: hosts_updated
when: CURRENT_HOST_IP6 is defined
tags: ['baseconf', 'hostsfile_update']
- name: Create a directory for client source code
file:
path: "{{ ansible_facts['user_dir'] }}/src/clients"
state: directory
- name: Create a directory for container service compose files
file:
path: "{{ compose_source_path }}"
state: directory
# - name: Create a directory for website or web server source code
# file:
# path: "{{ ansible_facts['user_dir'] }}/src/services/web"
# state: directory
tasks:
- name: Configure core packages
include_role:
name: bootstrap
tasks_from: config@corepkgs.yml
defaults_from: main
vars_from: main
vars:
#@TODO improve filters for defining the two below variables
official_name: "{{ [admin.actual_name if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}"
official_email: "{{ [admin.email if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}"
register: pkgs_configured
tags: ['default', 'configure_pkgs']
- name: Configure DNS using Certbot
include_role:
name: bootstrap
tasks_from: configure_core/certbot.yml
defaults_from: options/certbot.yml
vars_from: options/certbot.yml
register: dns_challenge_made
when: acme_challenge
tags: ['default', 'with_porkbun_api']
- name: Import DNS certificates and keys
block:
- name: Create SSL certificate
become: yes
become_method: sudo
copy:
src: ssl/domain.cert.pem
dest: "{{ web_root }}/domain.cert.pem"
force: yes
backup: yes
- name: Create private key
become: yes
become_method: sudo
copy:
src: ssl/private.key.pem
dest: "{{ web_root }}/private.key.pem"
force: yes
backup: yes
- name: Create public key
become: yes
become_method: sudo
copy:
src: ssl/public.key.pem
dest: "{{ web_root }}/public.key.pem"
force: yes
backup: yes
when: not acme_challenge
tags: ['default']
post_tasks:
- name: Do a system upgrade
include_role:
name: bootstrap
tasks_from: "upgrade@{{ FAMILY }}.yml"
vars:
upgrade_type: dist
register: system_initialized
tags: ['default', 'initial_system_upgrade']
Reference in New Issue View Git Blame Copy Permalink