--- - hosts: newserver become: true remote_user: admin vars_files: #- vars.yml - secrets.yaml tasks: ######################################## CONFIG BASE ######################################## - name: Apt update apt: name: aptitude state: latest update_cache: true - name: Create group Docker group: name: docker state: present - name: Create user admin user: name: admin password: "{{ admin_password }}" groups: - docker - sudo state: present shell: /bin/bash system: no createhome: yes home: /home/admin - name: Create workspace folder file: path: "{{ item }}" state: directory owner: admin group: admin mode: 0751 with_items: - /workspace/jellyfin/ - /workspace/syncthing/ ######################################## INSTALL ######################################## ################# GIT ################# - name: Git install apt: pkg: git state: present update_cache: yes ################# NGINX ################# - name: Ensure nginx is at the latest version apt: name=nginx state=latest - name: start nginx service: name: nginx state: started ################# DOCKER ################# - name: Install required system packages for Docker apt: pkg: - apt-transport-https - ca-certificates - curl - software-properties-common - python3-pip - virtualenv - python3-setuptools state: latest update_cache: true - name: Add Docker GPG apt Key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present - name: Add Docker Repository apt_repository: repo: deb https://download.docker.com/linux/ubuntu focal stable state: present - name: Install Docker-ce apt: name: docker-ce state: latest update_cache: true - name: Install Docker Module for Python pip: name: docker ################# DOCKER COMPOSE ################# - name: Install Docker-compose remote_user: admin get_url: url : https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 dest: /usr/local/bin/docker-compose mode: 'u+x,g+x' - name: Change Docker-compose file permission file: path: /usr/local/bin/docker-compose owner: admin group: admin - name: Pip install Docker-compose (au cas ou) become: True shell: cmd: "python3 -m pip install docker-compose" ################# CERTBOT ################# - name: Install Certbot apt: pkg: python3-certbot-nginx state: latest ################# FAIL2BAN ################# - name: Install apt fail2ban packages apt: name: fail2ban state: latest update_cache: yes cache_valid_time: 3600 - name: Override the basic Fail2ban configuration copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: root mode: 0644 with_items: - { src: ./fail2ban-conf/jail.local, dest: /etc/fail2ban } - { src: ./fail2ban-conf/jail.conf, dest: /etc/fail2ban } - { src: ./fail2ban-conf/filter.d, dest: /etc/fail2ban } - name: Restart Fail2ban service service: name: fail2ban state: restarted ######################################## DEPLOY STACK ######################################## # - name: Copy Nginx configs # SCP FROM BACKUPMAN - name: Restart nginx service service: name: nginx state: restarted # - name: Copy volumes of /data/ # SCP FROM BACKUPMAN - name: Git pull stack become: yes git: repo: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - { src: 'https://git.gregandev.fr/gregandev/jellyfin.git', dest: '/workspace/jellyfin' } - { src: 'https://git.gregandev.fr/gregandev/syncthing.git', dest: '/workspace/syncthing' } - name: Start stack with Docker-compose up! community.docker.docker_compose: project_src: "{{ item }}" with_items: - /workspace/jellyfin - /workspace/syncthing register: output