--- - name: Update web servers hosts: all remote_user: root vars: swapfile_size: 1024 swapfile_path: /swapfile tasks: - name: Update all packages to their latest version ansible.builtin.apt: name: "*" state: latest update_cache: yes - name: Install a list of packages ansible.builtin.apt: pkg: - htop - unp - ufw - net-tools - unzip - btop - name: Create swap file command: dd if=/dev/zero of={{ swapfile_path }} bs=1M count={{ swapfile_size }} args: creates: "{{ swapfile_path }}" register: swapfile_register_create - name: Set swap file permissions file: path: "{{ swapfile_path }}" state: "file" owner: "root" group: "root" mode: "0600" - name: Initialize swap file command: mkswap {{ swapfile_path }} when: swapfile_register_create is changed - name: Enable swap file command: swapon {{ swapfile_path }} when: swapfile_register_create is changed - name: Manage swap file in /etc/fstab mount: src: "{{ swapfile_path }}" name: "none" fstype: "swap" opts: "sw,nofail" dump: "0" passno: "0" state: "present" - name: Allow all access to tcp port 22 community.general.ufw: rule: allow port: '22' proto: tcp #Monitoring Server - name: Install monitoring service from deb ansible.builtin.apt: deb: https://kekscloud-releases.s3.eu-central-003.backblazeb2.com/http-server-status/stable.deb - name: Allow all access to tcp port 3003 community.general.ufw: rule: allow port: '3003' proto: tcp - name: Enable service httpd and ensure it is not masked ansible.builtin.systemd: name: http-server-status enabled: true masked: no - name: Make sure a service http-server-status.service is running ansible.builtin.systemd: state: restarted name: http-server-status.service - name: Allow everything and enable UFW community.general.ufw: state: enabled policy: deny