sonny/newsreader-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-04-27. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
newsreader-ansible/roles/newsreader/tasks/main.yml

171 lines
3.5 KiB
YAML
Raw Blame History

- include_role:
name: common
tasks_from: "network.yml"
- include_role:
name: common
tasks_from: "host.yml"
- include_role:
name: common
tasks_from: "sudoers.yml"
loop:
- {
src: "../newsreader/templates/sudoers.j2",
dest: "/etc/sudoers.d/30-ansible-extra",
}
- name: install packages
apt:
name:
- memcached
- pgbouncer
- postfix
- python-psycopg2
- python3-psycopg2
- python3
- python3-pip
- python3-venv
- python3-setuptools
- python3-virtualenv
- python-pip
- python-setuptools
- python-virtualenv
- rabbitmq-server
state: present
notify:
- restart postfix
- name: copy firewall templates
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "0600"
with_items:
- { src: "nftables.j2", dest: "/etc/nftables.conf" }
notify: restart nftables
- name: copy memcached conf
template:
src: "memcached.j2"
dest: "/etc/memcached.conf"
owner: root
group: root
mode: "0644"
notify: restart memcached
- name: add gitlab to known hosts
become_user: "{{ app_user }}"
known_hosts:
name: "{{ gitlab_domain }}"
key: "{{ gitlab_host_key }}"
- name: add gitlab pubkey
authorized_key:
user: ansible
state: present
key: "{{ app_deploy_key }}"
- name: Add newsreader user
user:
name: "{{ app_user }}"
create_home: yes
shell: /bin/bash
- name: create ssh dir
file:
path: "/home/{{ app_user }}/.ssh"
state: directory
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: 0755
- name: create rabbitmq service override dir
file:
path: /etc/systemd/system/rabbitmq-server.service.d/
state: directory
mode: "0644"
- name: copy rabbitmq configurations
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
loop:
- {
src: "limits.j2",
dest: "/etc/systemd/system/rabbitmq-server.service.d/limits.conf",
mode: "0644",
group: "root",
owner: "root",
}
- {
src: "rabbitmq.conf.j2",
dest: "/etc/rabbitmq/rabbitmq-env.conf",
mode: "0644",
group: "rabbitmq",
owner: "rabbitmq",
}
notify: restart rabbitmq
- include_role:
name: common
tasks_from: "ssl.yml"
- include_role:
name: common
tasks_from: "nginx.yml"
- name: copy nginx config
template:
src: "nginx.j2"
dest: "/etc/nginx/sites-available/newsreader"
owner: root
group: root
mode: "0644"
- name: link nginx config
file:
src: "/etc/nginx/sites-available/newsreader"
dest: "/etc/nginx/sites-enabled/newsreader"
owner: root
group: root
mode: "0777"
state: link
- name: copy nftables config
template:
src: "nftables.j2"
dest: "/etc/nftables.conf"
owner: root
group: root
mode: "0600"
notify: restart nftables
- name: copy pgbouncer config
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: postgres
group: postgres
mode: "{{ item.mode }}"
loop:
- {
src: "pgbouncer.j2",
dest: "/etc/pgbouncer/pgbouncer.ini",
"mode": "0640",
}
- {
src: "pgbouncer-users.j2",
dest: "/etc/pgbouncer/userlist.txt",
"mode": "0640",
}
- name: ensure pgbouncer is restarted
systemd:
name: pgbouncer
state: restarted
enabled: true
- include_tasks: "project.yml"
Reference in a new issue View git blame Copy permalink