173 lines
4.2 KiB
YAML
173 lines
4.2 KiB
YAML
#- name: DNS setup
|
|
# hosts: localhost
|
|
# tags: dns
|
|
# module_defaults:
|
|
# inwx:
|
|
# username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}"
|
|
# password: "{{lookup('ini', 'pass section=inwx file=credentials.ini')}}"
|
|
# vars:
|
|
# subdomains:
|
|
# - git.jaseg.net
|
|
# - git.jaseg.de
|
|
# - blog.jaseg.net
|
|
# - blog.jaseg.de
|
|
# - kochbuch.jaseg.net
|
|
# - gerbolyze.jaseg.net
|
|
# - tracespace.jaseg.net
|
|
# - openjscad.jaseg.net
|
|
# - pogojig.jaseg.net
|
|
# - automation.jaseg.de
|
|
# - dyndns.jaseg.de
|
|
# fastmail_domains:
|
|
# - jaseg.net
|
|
# - jaseg.de
|
|
# tasks:
|
|
# - name: Gather wendelstein facts
|
|
# setup:
|
|
# delegate_to: wendelstein
|
|
# delegate_facts: True
|
|
#
|
|
# - name: Setup DNS
|
|
# include_tasks: dns.yml
|
|
|
|
|
|
- name: Wendelstein setup
|
|
hosts: wendelstein
|
|
tasks:
|
|
- name: Set hostname
|
|
tags: setup
|
|
hostname:
|
|
name: wendelstein.jaseg.de
|
|
|
|
- name: Install common admin tools
|
|
tags: setup
|
|
dnf:
|
|
name: htop,tmux,fish,mosh,neovim,sqlite
|
|
state: latest
|
|
|
|
- name: Install host requisites
|
|
tags: setup
|
|
dnf:
|
|
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd,python3-virtualenv
|
|
state: latest
|
|
|
|
- name: Disable password-based root login
|
|
tags: setup
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin without-password'
|
|
register: disable_root_pw_ssh
|
|
|
|
- name: Restart sshd
|
|
tags: setup
|
|
systemd:
|
|
name: sshd
|
|
state: restarted
|
|
when: disable_root_pw_ssh is changed
|
|
|
|
- name: Configure iptables firewall service
|
|
tags: setup
|
|
copy:
|
|
src: iptables.rules
|
|
dest: /etc/sysconfig/iptables
|
|
owner: root
|
|
group: root
|
|
mode: 0664
|
|
|
|
- name: Enable iptables firewall service
|
|
tags: setup
|
|
systemd:
|
|
name: iptables
|
|
enabled: yes
|
|
state: started
|
|
|
|
# - name: Create containers
|
|
# tags: setup
|
|
# include_tasks:
|
|
# file: setup_containers.yml
|
|
# apply:
|
|
# tags: setup
|
|
# vars:
|
|
# containers:
|
|
# - gerboweb
|
|
# - clippy
|
|
# - pogojig
|
|
|
|
- name: Setup web server
|
|
tags: www
|
|
include_tasks:
|
|
file: setup_webserver.yml
|
|
apply:
|
|
tags: www
|
|
|
|
# - name: Setup gerboweb
|
|
# tags: gerboweb
|
|
# include_tasks:
|
|
# file: setup_gerboweb.yml
|
|
# apply:
|
|
# tags: gerboweb
|
|
|
|
# - name: Setup clippy
|
|
# tags: clippy
|
|
# include_tasks:
|
|
# file: setup_clippy.yml
|
|
# apply:
|
|
# tags: clippy
|
|
|
|
- name: Setup secure download
|
|
tags: secure-download
|
|
include_tasks:
|
|
file: setup_secure_download.yml
|
|
apply:
|
|
tags: secure-download
|
|
|
|
# - name: Setup tracespace
|
|
# tags: pogojig
|
|
# include_tasks:
|
|
# file: setup_tracespace.yml
|
|
# apply:
|
|
# tags: pogojig
|
|
|
|
# - name: Setup openjscad
|
|
# tags: pogojig
|
|
# include_tasks:
|
|
# file: setup_openjscad.yml
|
|
# apply:
|
|
# tags: pogojig
|
|
|
|
# - name: Setup pogojig
|
|
# tags: pogojig
|
|
# include_tasks:
|
|
# file: setup_pogojig.yml
|
|
# apply:
|
|
# tags: pogojig
|
|
|
|
- name: Setup notification proxy
|
|
tags: notification-proxy
|
|
include_tasks:
|
|
file: setup_notification_proxy.yml
|
|
apply:
|
|
tags:
|
|
notification-proxy
|
|
|
|
- name: Setup semi-public git server
|
|
tags: git
|
|
include_tasks:
|
|
file: setup_git.yml
|
|
apply:
|
|
tags: git
|
|
|
|
- name: Setup private DynDNS service
|
|
tags: dyndns
|
|
include_tasks:
|
|
file: setup_dyndns.yml
|
|
apply:
|
|
tags: dyndns
|
|
|
|
- name: Setup vcd-to-8-segment-svg render thingy for TUD's WS2021 LE course
|
|
tags: vcdrender
|
|
include_tasks:
|
|
file: setup_vcd_render.yml
|
|
apply:
|
|
tags: vcdrender
|