Move to simpler file structure

2021-01-28 21:32:10 +01:00 · 2021-01-28 21:32:10 +01:00 · d71a28e1c8
commit d71a28e1c8
parent fe72523a5a
33 changed files with 374 additions and 406 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,152 @@
+- include_role:
+    name: common
+    tasks_from: 'network.yml'
+- include_role:
+    name: common
+    tasks_from: 'host.yml'
+- include_role:
+    name: common
+    tasks_from: 'sudoers.yml'
+  loop:
+    - { src: '../../templates/sudoers.j2', dest: '/etc/sudoers.d/30-ansible-extra' }
+
+- name: install packages
+  apt:
+    name: '{{ packages }}'
+    state: present
+  notify:
+    - restart postfix
+
+- name: copy firewall templates
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: root
+    mode: '0600'
+  loop:
+    - { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' }
+  notify: restart nftables
+
+- name: copy memcached conf
+  template:
+    src: 'templates/memcached.j2'
+    dest: '/etc/memcached.conf'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart memcached
+
+- name: add gitlab to known hosts
+  become_user: '{{ app_user }}'
+  known_hosts:
+    name: '{{ gitlab_domain }}'
+    key: '{{ gitlab_host_key }}'
+
+- name: add gitlab pubkey
+  authorized_key:
+    user: ansible
+    state: present
+    key: '{{ app_deploy_key }}'
+
+- name: Add newsreader user
+  user:
+    name: '{{ app_user }}'
+    create_home: yes
+    shell: /bin/bash
+
+- name: create ssh dir
+  file:
+    path: '/home/{{ app_user }}/.ssh'
+    state: directory
+    owner: '{{ app_user }}'
+    group: '{{ app_user }}'
+    mode: 0755
+
+- name: create rabbitmq service override dir
+  file:
+    path: /etc/systemd/system/rabbitmq-server.service.d/
+    state: directory
+    mode: '0644'
+
+- name: copy rabbitmq configurations
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: '{{ item.owner }}'
+    group: '{{ item.group }}'
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/limits.j2',
+        dest: '/etc/systemd/system/rabbitmq-server.service.d/limits.conf',
+        mode: '0644',
+        group: 'root',
+        owner: 'root',
+      }
+    - {
+        src: 'rabbitmq.conf.j2',
+        dest: '/etc/rabbitmq/rabbitmq-env.conf',
+        mode: '0644',
+        group: 'rabbitmq',
+        owner: 'rabbitmq',
+      }
+  notify: restart rabbitmq
+
+- include_role:
+    name: common
+    tasks_from: 'ssl.yml'
+- include_role:
+    name: common
+    tasks_from: 'nginx.yml'
+
+- name: copy nginx config
+  template:
+    src: 'templates/nginx.j2'
+    dest: '/etc/nginx/sites-available/newsreader'
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: link nginx config
+  file:
+    src: '/etc/nginx/sites-available/newsreader'
+    dest: '/etc/nginx/sites-enabled/newsreader'
+    owner: root
+    group: root
+    mode: '0777'
+    state: link
+
+- name: copy nftables config
+  template:
+    src: 'templates/nftables.j2'
+    dest: '/etc/nftables.conf'
+    owner: root
+    group: root
+    mode: '0600'
+  notify: restart nftables
+
+- name: copy pgbouncer config
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: postgres
+    group: postgres
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/pgbouncer.j2',
+        dest: '/etc/pgbouncer/pgbouncer.ini',
+        'mode': '0640',
+      }
+    - {
+        src: 'templates/pgbouncer-users.j2',
+        dest: '/etc/pgbouncer/userlist.txt',
+        'mode': '0640',
+      }
+
+- name: ensure pgbouncer is restarted
+  systemd:
+    name: pgbouncer
+    state: restarted
+    enabled: true