--- - name: Update web servers hosts: all remote_user: root vars: swapfile_size: 1024 swapfile_path: /swapfile tasks: - name: Update all packages to their latest version ansible.builtin.apt: name: "*" state: latest update_cache: yes - name: Install a list of packages ansible.builtin.apt: pkg: - htop - unp - ufw - net-tools - unzip - btop - git - name: Remove "neovim" package ansible.builtin.apt: name: neovim state: absent - name: Create swap file command: dd if=/dev/zero of={{ swapfile_path }} bs=1M count={{ swapfile_size }} args: creates: "{{ swapfile_path }}" register: swapfile_register_create - name: Set swap file permissions file: path: "{{ swapfile_path }}" state: "file" owner: "root" group: "root" mode: "0600" - name: Initialize swap file command: mkswap {{ swapfile_path }} when: swapfile_register_create is changed - name: Enable swap file command: swapon {{ swapfile_path }} when: swapfile_register_create is changed - name: Manage swap file in /etc/fstab mount: src: "{{ swapfile_path }}" name: "none" fstype: "swap" opts: "sw,nofail" dump: "0" passno: "0" state: "present" - name: Allow all access to tcp port 22 community.general.ufw: rule: allow port: '22' proto: tcp #Monitoring Server - name: Install monitoring service from deb ansible.builtin.apt: deb: https://kekscloud-releases.s3.eu-central-003.backblazeb2.com/http-server-status/stable.deb - name: Allow all access to tcp port 3003 community.general.ufw: rule: allow port: '3003' proto: tcp - name: Enable service httpd and ensure it is not masked ansible.builtin.systemd: name: http-server-status enabled: true masked: no - name: Make sure a service http-server-status.service is running ansible.builtin.systemd: state: restarted name: http-server-status.service - name: Allow everything and enable UFW community.general.ufw: state: enabled policy: deny - name: Download b2 client ansible.builtin.get_url: url: https://github.com/Backblaze/B2_Command_Line_Tool/releases/download/v3.9.0/b2-linux dest: /usr/local/bin/b2 mode: '0770' - name: Setup b2 client for backups ansible.builtin.command: "b2 authorize_account {{ b2keyID }} {{ b2applicationKey }}" # Install neovim from source if not exists, needed because the apt version ist 7.x but we need 8.x - name: Check if nviom config folder exists stat: path: "/opt/nvim-linux64/bin" register: nvim - name: Download nvim for linux ansible.builtin.get_url: url: "https://github.com/neovim/neovim/releases/download/v0.9.5/nvim-linux64.tar.gz" dest: "/tmp/nvim-linux64.tar.gz" mode: '0440' when: not nvim.stat.exists - name: Extract nvim to /opt ansible.builtin.unarchive: src: "/tmp/nvim-linux64.tar.gz" remote_src: true dest: /opt when: not nvim.stat.exists - name: add nvim to path in bash ansible.builtin.lineinfile: path: ~/.bashrc regexp: '^export PATH' line: 'export PATH="$PATH:/opt/nvim-linux64/bin"' when: not nvim.stat.exists # Setup neovim - name: Check if nviom config folder exists stat: path: "~/.config/nvim" register: nvimConfig - name: Git checkout ansible.builtin.git: repo: 'https://github.com/LazyVim/starter' dest: '~/.config/nvim/' when: not nvimConfig.stat.exists