semaphore-playbooks/debian12-basic.yml

145 lines
3.6 KiB
YAML
Raw Normal View History

2023-07-21 00:23:22 +00:00
---
- name: Update web servers
hosts: all
remote_user: root
2023-07-21 04:09:23 +00:00
vars:
2023-07-21 04:12:06 +00:00
swapfile_size: 1024
2023-07-21 04:09:23 +00:00
swapfile_path: /swapfile
2023-07-21 00:23:22 +00:00
tasks:
- name: Update all packages to their latest version
ansible.builtin.apt:
name: "*"
state: latest
update_cache: yes
- name: Install a list of packages
ansible.builtin.apt:
pkg:
2023-07-21 03:00:58 +00:00
- htop
2023-07-21 04:09:23 +00:00
- unp
2023-07-21 04:18:56 +00:00
- ufw
2023-07-21 17:16:27 +00:00
- net-tools
2023-08-06 20:11:57 +00:00
- unzip
- btop
2024-04-28 20:44:50 +00:00
- git
2024-04-29 09:16:04 +00:00
- make
2024-04-29 09:53:04 +00:00
- fzf
2023-07-21 04:09:23 +00:00
2024-04-29 08:33:56 +00:00
- name: Remove "neovim" package
ansible.builtin.apt:
name: neovim
state: absent
2023-07-21 04:09:23 +00:00
- name: Create swap file
2023-07-21 04:10:55 +00:00
command: dd if=/dev/zero of={{ swapfile_path }} bs=1M count={{ swapfile_size }}
2023-07-21 04:09:23 +00:00
args:
creates: "{{ swapfile_path }}"
register: swapfile_register_create
- name: Set swap file permissions
file:
path: "{{ swapfile_path }}"
state: "file"
owner: "root"
group: "root"
mode: "0600"
- name: Initialize swap file
command: mkswap {{ swapfile_path }}
when: swapfile_register_create is changed
- name: Enable swap file
command: swapon {{ swapfile_path }}
when: swapfile_register_create is changed
- name: Manage swap file in /etc/fstab
mount:
src: "{{ swapfile_path }}"
name: "none"
fstype: "swap"
opts: "sw,nofail"
dump: "0"
passno: "0"
2023-07-21 04:18:56 +00:00
state: "present"
2023-07-21 04:19:47 +00:00
- name: Allow all access to tcp port 22
community.general.ufw:
rule: allow
port: '22'
proto: tcp
2023-07-21 11:03:45 +00:00
#Monitoring Server
- name: Install monitoring service from deb
ansible.builtin.apt:
deb: https://kekscloud-releases.s3.eu-central-003.backblazeb2.com/http-server-status/stable.deb
2023-07-21 04:19:47 +00:00
2023-07-21 17:17:43 +00:00
- name: Allow all access to tcp port 3003
2023-07-21 17:16:27 +00:00
community.general.ufw:
rule: allow
port: '3003'
proto: tcp
2023-07-21 17:27:56 +00:00
- name: Enable service httpd and ensure it is not masked
ansible.builtin.systemd:
name: http-server-status
enabled: true
masked: no
2023-07-21 17:16:27 +00:00
2023-07-21 17:27:56 +00:00
- name: Make sure a service http-server-status.service is running
ansible.builtin.systemd:
2023-07-21 18:34:39 +00:00
state: restarted
2023-07-21 17:31:09 +00:00
name: http-server-status.service
2023-07-21 17:16:27 +00:00
2023-07-21 04:19:47 +00:00
- name: Allow everything and enable UFW
community.general.ufw:
state: enabled
2023-08-06 22:30:57 +00:00
policy: deny
- name: Download b2 client
ansible.builtin.get_url:
url: https://github.com/Backblaze/B2_Command_Line_Tool/releases/download/v3.9.0/b2-linux
dest: /usr/local/bin/b2
2023-08-06 22:37:22 +00:00
mode: '0770'
2023-08-06 22:38:38 +00:00
- name: Setup b2 client for backups
2024-04-28 20:44:50 +00:00
ansible.builtin.command: "b2 authorize_account {{ b2keyID }} {{ b2applicationKey }}"
2024-04-29 08:33:56 +00:00
# Install neovim from source if not exists, needed because the apt version ist 7.x but we need 8.x
- name: Check if nviom config folder exists
stat:
path: "/opt/nvim-linux64/bin"
register: nvim
2024-04-29 08:41:30 +00:00
- name: Download nvim for linux
2024-04-29 08:33:56 +00:00
ansible.builtin.get_url:
url: "https://github.com/neovim/neovim/releases/download/v0.9.5/nvim-linux64.tar.gz"
dest: "/tmp/nvim-linux64.tar.gz"
mode: '0440'
when: not nvim.stat.exists
2024-04-29 08:41:30 +00:00
- name: Extract nvim to /opt
2024-04-29 08:33:56 +00:00
ansible.builtin.unarchive:
2024-04-29 08:46:22 +00:00
src: "/tmp/nvim-linux64.tar.gz"
remote_src: true
2024-04-29 08:33:56 +00:00
dest: /opt
when: not nvim.stat.exists
2024-04-29 08:41:30 +00:00
- name: add nvim to path in bash
2024-04-29 08:33:56 +00:00
ansible.builtin.lineinfile:
2024-04-29 09:04:27 +00:00
path: ~/.bashrc
2024-04-29 08:33:56 +00:00
regexp: '^export PATH'
line: 'export PATH="$PATH:/opt/nvim-linux64/bin"'
2024-04-28 20:44:50 +00:00
# Setup neovim
- name: Check if nviom config folder exists
stat:
path: "~/.config/nvim"
register: nvimConfig
- name: Git checkout
ansible.builtin.git:
repo: 'https://github.com/LazyVim/starter'
dest: '~/.config/nvim/'
2024-04-28 20:47:08 +00:00
when: not nvimConfig.stat.exists