62 lines
1.6 KiB
YAML
62 lines
1.6 KiB
YAML
- name: Gerbolyze container setup playbook
|
|
hosts: wendelstein
|
|
tasks:
|
|
- name: Set hostname
|
|
hostname:
|
|
name: wendelstein.jaseg.net
|
|
|
|
- name: Install common admin tools
|
|
dnf:
|
|
name: htop,tmux,fish,mosh,neovim,sqlite
|
|
state: latest
|
|
|
|
- name: Install host requisites
|
|
dnf:
|
|
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services,python3-pycryptodomex
|
|
state: latest
|
|
|
|
- name: Disable password-based root login
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin without-password'
|
|
register: disable_root_pw_ssh
|
|
|
|
- name: Restart sshd
|
|
systemd:
|
|
name: sshd
|
|
state: restarted
|
|
when: disable_root_pw_ssh is changed
|
|
|
|
- name: Configure iptables firewall service
|
|
copy:
|
|
src: iptables.rules
|
|
dest: /etc/sysconfig/iptables
|
|
owner: root
|
|
group: root
|
|
mode: 0664
|
|
|
|
- name: Enable iptables firewall service
|
|
systemd:
|
|
name: iptables
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Create containers
|
|
include_tasks: setup_containers.yml
|
|
vars:
|
|
containers:
|
|
- gerboweb
|
|
- clippy
|
|
|
|
- name: Setup web server
|
|
include_tasks: setup_webserver.yml
|
|
|
|
- name: Setup gerboweb
|
|
include_tasks: setup_gerboweb.yml
|
|
|
|
- name: Setup clippy
|
|
include_tasks: setup_clippy.yml
|
|
|
|
- name: Setup secure download
|
|
include_tasks: setup_secure_download.yml
|