You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
178 lines
4.2 KiB
178 lines
4.2 KiB
---
|
|
- hosts: newserver
|
|
become: true
|
|
remote_user: admin
|
|
|
|
vars_files:
|
|
- secrets.yaml
|
|
|
|
tasks:
|
|
######################################## CONFIG BASE ########################################
|
|
|
|
- name: Ensure group Docker exists
|
|
group:
|
|
name: docker
|
|
state: present
|
|
|
|
- name: Create user admin
|
|
user:
|
|
name: admin
|
|
password: "{{ admin_password }}"
|
|
groups:
|
|
- docker
|
|
- sudo
|
|
state: present
|
|
shell: /bin/bash
|
|
system: no
|
|
createhome: yes
|
|
home: /home/admin
|
|
|
|
- name: Create workspace folder
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: admin
|
|
group: admin
|
|
mode: 0751
|
|
with_items:
|
|
- /workspace/jellyfin/
|
|
- /workspace/syncthing/
|
|
|
|
|
|
################# GIT #################
|
|
|
|
- name: Git install
|
|
apt:
|
|
pkg: git
|
|
state: present
|
|
update_cache: yes
|
|
|
|
################# NGINX #################
|
|
|
|
- name: Ensure nginx is at the latest version
|
|
apt: name=nginx state=latest
|
|
- name: start nginx
|
|
service:
|
|
name: nginx
|
|
state: started
|
|
|
|
################# DOCKER #################
|
|
|
|
- name: Apt update
|
|
apt:
|
|
name: aptitude
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: Install required system packages for Docker
|
|
apt:
|
|
pkg:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- curl
|
|
- software-properties-common
|
|
- python3-pip
|
|
- virtualenv
|
|
- python3-setuptools
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: Add Docker GPG apt Key
|
|
apt_key:
|
|
url: https://download.docker.com/linux/ubuntu/gpg
|
|
state: present
|
|
|
|
- name: Add Docker Repository
|
|
apt_repository:
|
|
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
|
state: present
|
|
|
|
- name: Install Docker-ce
|
|
apt:
|
|
name: docker-ce
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: Install Docker Module for Python
|
|
pip:
|
|
name: docker
|
|
|
|
################# DOCKER COMPOSE #################
|
|
|
|
- name: Install Docker-compose
|
|
remote_user: admin
|
|
get_url:
|
|
url : https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
|
|
dest: /usr/local/bin/docker-compose
|
|
mode: 'u+x,g+x'
|
|
|
|
- name: Change Docker-compose folder file permission
|
|
file:
|
|
path: /usr/local/bin/docker-compose
|
|
owner: admin
|
|
group: admin
|
|
|
|
- name: Pip install Docker-compose (au cas ou)
|
|
become: True
|
|
shell:
|
|
cmd: "python3 -m pip install docker-compose"
|
|
|
|
################# CERTBOT #################
|
|
|
|
- name: Install Certbot
|
|
apt:
|
|
pkg: python3-certbot-nginx
|
|
state: latest
|
|
|
|
################# FAIL2BAN #################
|
|
|
|
- name: Install apt fail2ban packages
|
|
apt:
|
|
name: fail2ban
|
|
state: latest
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
|
|
|
|
- name: Override the basic Fail2ban configuration
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- { src: ./fail2ban-conf/jail.local, dest: /etc/fail2ban }
|
|
- { src: ./fail2ban-conf/jail.conf, dest: /etc/fail2ban }
|
|
- { src: ./fail2ban-conf/filter.d, dest: /etc/fail2ban }
|
|
|
|
- name: Restart Fail2ban service
|
|
service:
|
|
name: fail2ban
|
|
state: restarted
|
|
|
|
|
|
######################################## INSTALL STACK ########################################
|
|
|
|
# - name: Copy Nginx configs
|
|
|
|
|
|
# - name: Copy volumes of /data/
|
|
|
|
|
|
- name: Git pull stack
|
|
become: yes
|
|
git:
|
|
repo: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
with_items:
|
|
- { src: 'https://git.gregandev.fr/gregandev/jellyfin.git', dest: '/workspace/jellyfin' }
|
|
- { src: 'https://git.gregandev.fr/gregandev/syncthing.git', dest: '/workspace/syncthing' }
|
|
|
|
- name: Start stack with Docker-compose up!
|
|
community.docker.docker_compose:
|
|
project_src: "{{ item }}"
|
|
with_items:
|
|
- /workspace/jellyfin
|
|
- /workspace/syncthing
|
|
register: output
|
|
|