126 lines
2.7 KiB
YAML
126 lines
2.7 KiB
YAML
- name: copy firewall templates
|
|
template:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
loop:
|
|
- { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' }
|
|
notify: restart nftables
|
|
|
|
- name: copy memcached conf
|
|
template:
|
|
src: 'templates/memcached.j2'
|
|
dest: '/etc/memcached.conf'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: restart memcached
|
|
|
|
- name: add gitlab to known hosts
|
|
become_user: '{{ app_user }}'
|
|
known_hosts:
|
|
name: '{{ gitlab_domain }}'
|
|
key: '{{ gitlab_host_key }}'
|
|
|
|
- name: add gitlab pubkey
|
|
authorized_key:
|
|
user: ansible
|
|
state: present
|
|
key: '{{ app_deploy_key }}'
|
|
|
|
- name: Add newsreader user
|
|
user:
|
|
name: '{{ app_user }}'
|
|
create_home: yes
|
|
shell: /bin/bash
|
|
|
|
- name: create ssh dir
|
|
file:
|
|
path: '/home/{{ app_user }}/.ssh'
|
|
state: directory
|
|
owner: '{{ app_user }}'
|
|
group: '{{ app_user }}'
|
|
mode: 0755
|
|
|
|
- name: create rabbitmq service override dir
|
|
file:
|
|
path: /etc/systemd/system/rabbitmq-server.service.d/
|
|
state: directory
|
|
mode: '0644'
|
|
|
|
- name: copy rabbitmq configurations
|
|
template:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
owner: '{{ item.owner }}'
|
|
group: '{{ item.group }}'
|
|
mode: '{{ item.mode }}'
|
|
loop:
|
|
- {
|
|
src: 'templates/limits.j2',
|
|
dest: '/etc/systemd/system/rabbitmq-server.service.d/limits.conf',
|
|
mode: '0644',
|
|
group: 'root',
|
|
owner: 'root',
|
|
}
|
|
- {
|
|
src: 'rabbitmq.conf.j2',
|
|
dest: '/etc/rabbitmq/rabbitmq-env.conf',
|
|
mode: '0644',
|
|
group: 'rabbitmq',
|
|
owner: 'rabbitmq',
|
|
}
|
|
notify: restart rabbitmq
|
|
|
|
- name: copy nginx config
|
|
template:
|
|
src: 'templates/nginx.j2'
|
|
dest: '/etc/nginx/sites-available/newsreader'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: link nginx config
|
|
file:
|
|
src: '/etc/nginx/sites-available/newsreader'
|
|
dest: '/etc/nginx/sites-enabled/newsreader'
|
|
owner: root
|
|
group: root
|
|
mode: '0777'
|
|
state: link
|
|
|
|
- name: copy nftables config
|
|
template:
|
|
src: 'templates/nftables.j2'
|
|
dest: '/etc/nftables.conf'
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
notify: restart nftables
|
|
|
|
- name: copy pgbouncer config
|
|
template:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
owner: postgres
|
|
group: postgres
|
|
mode: '{{ item.mode }}'
|
|
loop:
|
|
- {
|
|
src: 'templates/pgbouncer.j2',
|
|
dest: '/etc/pgbouncer/pgbouncer.ini',
|
|
'mode': '0640',
|
|
}
|
|
- {
|
|
src: 'templates/pgbouncer-users.j2',
|
|
dest: '/etc/pgbouncer/userlist.txt',
|
|
'mode': '0640',
|
|
}
|
|
|
|
- name: ensure pgbouncer is restarted
|
|
systemd:
|
|
name: pgbouncer
|
|
state: restarted
|
|
enabled: true
|