semaphore-playbooks/debian12-basic.yml

---
- name: Update web servers
  hosts: all
  remote_user: root
  vars:
    swapfile_size: 1024
    swapfile_path: /swapfile
  tasks:
  - name: Update all packages to their latest version
    ansible.builtin.apt:
      name: "*"
      state: latest
      update_cache: yes
  - name: Install a list of packages
    ansible.builtin.apt:
      pkg:
      - htop
      - unp
      - ufw
      - net-tools
      - unzip
      - btop

  - name: Create swap file
    command: dd if=/dev/zero of={{ swapfile_path }} bs=1M count={{ swapfile_size }}
    args:
      creates: "{{ swapfile_path }}"
    register: swapfile_register_create

  - name: Set swap file permissions
    file:
      path: "{{ swapfile_path }}"
      state: "file"
      owner: "root"
      group: "root"
      mode: "0600"

  - name: Initialize swap file
    command: mkswap {{ swapfile_path }}
    when: swapfile_register_create is changed

  - name: Enable swap file
    command: swapon {{ swapfile_path }}
    when: swapfile_register_create is changed

  - name: Manage swap file in /etc/fstab
    mount:
      src: "{{ swapfile_path }}"
      name: "none"
      fstype: "swap"
      opts: "sw,nofail"
      dump: "0"
      passno: "0"
      state: "present"
  
  - name: Allow all access to tcp port 22
    community.general.ufw:
      rule: allow
      port: '22'
      proto: tcp
  
  #Monitoring Server
  - name: Install monitoring service from deb
    ansible.builtin.apt:
      deb: https://kekscloud-releases.s3.eu-central-003.backblazeb2.com/http-server-status/stable.deb

  - name: Allow all access to tcp port 3003
    community.general.ufw:
      rule: allow
      port: '3003'
      proto: tcp

  - name: Enable service httpd and ensure it is not masked
    ansible.builtin.systemd:
      name: http-server-status
      enabled: true
      masked: no
  
  - name: Make sure a service http-server-status.service is running
    ansible.builtin.systemd:
      state: restarted
      name: http-server-status.service

  - name: Allow everything and enable UFW
    community.general.ufw:
      state: enabled
      policy: deny
  
  - name: Download b2 client
    ansible.builtin.get_url:
      url: https://github.com/Backblaze/B2_Command_Line_Tool/releases/download/v3.9.0/b2-linux
      dest: /usr/local/bin/b2
      mode: '0770'
basic 2023-07-21 00:23:22 +00:00			`---`
			`- name: Update web servers`
			`hosts: all`
			`remote_user: root`
swap 2023-07-21 04:09:23 +00:00			`vars:`
swap 2023-07-21 04:12:06 +00:00			`swapfile_size: 1024`
swap 2023-07-21 04:09:23 +00:00			`swapfile_path: /swapfile`
basic 2023-07-21 00:23:22 +00:00			`tasks:`
			`- name: Update all packages to their latest version`
			`ansible.builtin.apt:`
			`name: "*"`
			`state: latest`
			`update_cache: yes`
			`- name: Install a list of packages`
			`ansible.builtin.apt:`
			`pkg:`
add unp to all server 2023-07-21 03:00:58 +00:00			`- htop`
swap 2023-07-21 04:09:23 +00:00			`- unp`
swap 2023-07-21 04:18:56 +00:00			`- ufw`
docker login 2023-07-21 17:16:27 +00:00			`- net-tools`
stuff 2023-08-06 20:11:57 +00:00			`- unzip`
			`- btop`
swap 2023-07-21 04:09:23 +00:00
			`- name: Create swap file`
swap 2023-07-21 04:10:55 +00:00			`command: dd if=/dev/zero of={{ swapfile_path }} bs=1M count={{ swapfile_size }}`
swap 2023-07-21 04:09:23 +00:00			`args:`
			`creates: "{{ swapfile_path }}"`
			`register: swapfile_register_create`

			`- name: Set swap file permissions`
			`file:`
			`path: "{{ swapfile_path }}"`
			`state: "file"`
			`owner: "root"`
			`group: "root"`
			`mode: "0600"`

			`- name: Initialize swap file`
			`command: mkswap {{ swapfile_path }}`
			`when: swapfile_register_create is changed`

			`- name: Enable swap file`
			`command: swapon {{ swapfile_path }}`
			`when: swapfile_register_create is changed`

			`- name: Manage swap file in /etc/fstab`
			`mount:`
			`src: "{{ swapfile_path }}"`
			`name: "none"`
			`fstype: "swap"`
			`opts: "sw,nofail"`
			`dump: "0"`
			`passno: "0"`
swap 2023-07-21 04:18:56 +00:00			`state: "present"`

swap 2023-07-21 04:19:47 +00:00			`- name: Allow all access to tcp port 22`
			`community.general.ufw:`
			`rule: allow`
			`port: '22'`
			`proto: tcp`
Add Monitoring service 2023-07-21 11:03:45 +00:00
			`#Monitoring Server`
			`- name: Install monitoring service from deb`
			`ansible.builtin.apt:`
			`deb: https://kekscloud-releases.s3.eu-central-003.backblazeb2.com/http-server-status/stable.deb`
swap 2023-07-21 04:19:47 +00:00
docker login 2023-07-21 17:17:43 +00:00			`- name: Allow all access to tcp port 3003`
docker login 2023-07-21 17:16:27 +00:00			`community.general.ufw:`
			`rule: allow`
			`port: '3003'`
			`proto: tcp`
docker login 2023-07-21 17:27:56 +00:00
			`- name: Enable service httpd and ensure it is not masked`
			`ansible.builtin.systemd:`
			`name: http-server-status`
			`enabled: true`
			`masked: no`
docker login 2023-07-21 17:16:27 +00:00
docker login 2023-07-21 17:27:56 +00:00			`- name: Make sure a service http-server-status.service is running`
			`ansible.builtin.systemd:`
stuf 2023-07-21 18:34:39 +00:00			`state: restarted`
docker login 2023-07-21 17:31:09 +00:00			`name: http-server-status.service`
docker login 2023-07-21 17:16:27 +00:00
swap 2023-07-21 04:19:47 +00:00			`- name: Allow everything and enable UFW`
			`community.general.ufw:`
			`state: enabled`
b2 2023-08-06 22:30:57 +00:00			`policy: deny`

			`- name: Download b2 client`
			`ansible.builtin.get_url:`
			`url: https://github.com/Backblaze/B2_Command_Line_Tool/releases/download/v3.9.0/b2-linux`
			`dest: /usr/local/bin/b2`
			`mode: '0770'`