semaphore-playbooks/debian12-basic.yml
2023-07-21 19:16:27 +02:00

75 lines
No EOL
1.7 KiB
YAML

---
- name: Update web servers
hosts: all
remote_user: root
vars:
swapfile_size: 1024
swapfile_path: /swapfile
tasks:
- name: Update all packages to their latest version
ansible.builtin.apt:
name: "*"
state: latest
update_cache: yes
- name: Install a list of packages
ansible.builtin.apt:
pkg:
- htop
- unp
- ufw
- net-tools
- name: Create swap file
command: dd if=/dev/zero of={{ swapfile_path }} bs=1M count={{ swapfile_size }}
args:
creates: "{{ swapfile_path }}"
register: swapfile_register_create
- name: Set swap file permissions
file:
path: "{{ swapfile_path }}"
state: "file"
owner: "root"
group: "root"
mode: "0600"
- name: Initialize swap file
command: mkswap {{ swapfile_path }}
when: swapfile_register_create is changed
- name: Enable swap file
command: swapon {{ swapfile_path }}
when: swapfile_register_create is changed
- name: Manage swap file in /etc/fstab
mount:
src: "{{ swapfile_path }}"
name: "none"
fstype: "swap"
opts: "sw,nofail"
dump: "0"
passno: "0"
state: "present"
- name: Allow all access to tcp port 22
community.general.ufw:
rule: allow
port: '22'
proto: tcp
#Monitoring Server
- name: Install monitoring service from deb
ansible.builtin.apt:
deb: https://kekscloud-releases.s3.eu-central-003.backblazeb2.com/http-server-status/stable.deb
- name: Allow all access to tcp port 22
community.general.ufw:
rule: allow
port: '3003'
proto: tcp
- name: Allow everything and enable UFW
community.general.ufw:
state: enabled
policy: deny