kuvia/resources/ansible/playbook.yml

277 lines
7.7 KiB
YAML
Raw Normal View History

2021-01-15 01:10:48 +00:00
---
# file: webservers.yml
- hosts: all
tasks:
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
update_cache: yes
- community.general.ufw:
rule: limit
port: ssh
proto: tcp
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:
rule: allow
src: '10.114.0.0/20'
- name: Allow everything and enable UFW
community.general.ufw:
state: enabled
policy: deny
- hosts: mysql
tasks:
- name: Install mysql-server
apt:
name: mysql-server
state: present
- name: Install python3-pip
apt:
name: python3-pip
state: present
- name: Install PyMySQL python package
pip:
name: PyMySQL
- name: Create database user with name 'kuvia' and password 'kuvia!2020@geheim' with all database privileges
community.mysql.mysql_user:
name: kuvia
password: kuvia!2020@geheim
host: "%"
priv: 'kuvia.*:ALL'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Create a new database with name 'kuvia'
community.mysql.mysql_db:
name: kuvia
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Set Bindung for mysql
ansible.builtin.replace:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
regexp: '^bind-address\s*=.*$'
replace: 'bind-address = 0.0.0.0'
- name: Restart mysql
ansible.builtin.systemd:
state: restarted
daemon_reload: yes
name: mysql
- hosts: web
tasks:
- name: Install nginx
apt:
name: nginx
state: present
- name: Install git
apt:
name: git
state: present
- name: Install php-fpm
apt:
name: php-fpm
state: present
- name: Install php-cli
apt:
name: php-cli
state: present
- name: Install php-simplexml
apt:
name: php-simplexml
state: present
- name: Install php-mbstring
apt:
name: php-mbstring
state: present
- name: Install php-gd
apt:
name: php-gd
state: present
- name: Install php-mysql
apt:
name: php-mysql
state: present
- name: Install unzip
apt:
name: unzip
state: present
- name: Install php-zip
apt:
name: php-zip
state: present
- name: Check that the /bin/composer exists
stat:
path: /bin/composer
register: stat_result
- name: Download foo.conf
get_url:
url: https://getcomposer.org/installer
dest: /tmp/composer-setup.php
mode: '0440'
when: not stat_result.stat.exists
- name: Execute the command in remote shell; stdout goes to the specified file on the remote
ansible.builtin.shell: php /tmp/composer-setup.php --install-dir=/bin --filename=composer
when: not stat_result.stat.exists
- name: Git checkout
git:
repo: 'https://git.keks.cloud/kekskurse/kuvia.git'
dest: /var/www/kuvia
update: yes
- name: Change file ownership, group and permissions
ansible.builtin.file:
path: /var/www/kuvia/storage
owner: www-data
group: www-data
recurse: yes
state: directory
- name: Download and installs all libs and dependencies outlined in the /var/www/kuvia
community.general.composer:
command: install
working_dir: /var/www/kuvia
environment:
- COMPOSER_ALLOW_SUPERUSER: 1
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: env.j2
dest: /var/www/kuvia/.env
owner: root
group: root
mode: '0644'
- name: Artisan migration
ansible.builtin.shell: php artisan migrate --force
args:
chdir: /var/www/kuvia
become: yes
become_user: www-data
tags:
- debug
- name: Allow all access to tcp port 80
community.general.ufw:
rule: allow
port: '80'
proto: tcp
- name: Allow all access to tcp port 443
community.general.ufw:
rule: allow
port: '443'
proto: tcp
2021-01-17 23:34:34 +00:00
- name: Check if certificat exists
stat:
path: "/etc/letsencrypt/live/{{domain}}/privkey.pem"
register: ssl_result
2021-01-15 01:10:48 +00:00
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: nginx.j2
dest: /etc/nginx/sites-available/kuvia
owner: root
group: root
mode: '0644'
2021-01-17 23:34:34 +00:00
vars:
- ssl: "{{ ssl_result.stat.exists }}"
2021-01-15 01:10:48 +00:00
- name: Create a symbolic link
ansible.builtin.file:
src: /etc/nginx/sites-available/kuvia
dest: /etc/nginx/sites-enabled/kuvia
state: link
- name: Restart nginx
ansible.builtin.systemd:
state: restarted
daemon_reload: no
name: nginx
2021-01-17 02:39:33 +00:00
- name: Creates a cron file under /etc/cron.d
ansible.builtin.cron:
name: laravelcron
user: www-data
job: "php /var/www/kuvia/artisan schedule:run"
2021-01-17 04:12:42 +00:00
- name: Set upload_max_filesize for php
ansible.builtin.replace:
path: /etc/php/7.4/fpm/php.ini
regexp: '^upload_max_filesize\s*=.*$'
replace: 'upload_max_filesize = 100M'
- name: Set upload_max_filesize for php
ansible.builtin.replace:
path: /etc/php/7.4/fpm/php.ini
regexp: '^post_max_size\s*=.*$'
replace: 'post_max_size = 100M'
- name: Restart php
ansible.builtin.systemd:
state: restarted
daemon_reload: no
name: php7.4-fpm
2021-01-17 23:34:34 +00:00
- name: Install certbot
apt:
name: certbot
state: present
- name: Install python3-certbot-nginx
apt:
name: python3-certbot-nginx
state: present
- name: Cert bot
ansible.builtin.shell: "certbot --nginx -d {{domain}} -n --agree-tos -m hello@kekskurse.de"
when: not ssl_result.stat.exists
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: nginx.j2
dest: /etc/nginx/sites-available/kuvia_main
owner: root
group: root
mode: '0644'
vars:
- ssl: "{{ ssl_result.stat.exists }}"
- name: Restart nginx
ansible.builtin.systemd:
state: restarted
daemon_reload: no
name: nginx
- hosts: pweb
tasks:
- name: Domain
ansible.builtin.debug:
msg: "Domain: {{http_domain}}"
- name: Check if certificat exists
stat:
path: "/etc/letsencrypt/live/{{http_domain}}/privkey.pem"
register: ssl_result
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: nginx.j2
dest: /etc/nginx/sites-available/kuvia_main
owner: root
group: root
mode: '0644'
vars:
- ssl: "{{ ssl_result.stat.exists }}"
- domain: "{{ http_domain }}"
- name: Create a symbolic link
ansible.builtin.file:
src: /etc/nginx/sites-available/kuvia_main
dest: /etc/nginx/sites-enabled/kuvia_main
state: link
- name: Restart nginx
ansible.builtin.systemd:
state: restarted
daemon_reload: no
name: nginx
- name: Cert bot
ansible.builtin.shell: "certbot --nginx -d {{http_domain}} -n --agree-tos -m hello@kekskurse.de"
when: not ssl_result.stat.exists
- name: Check if certificat exists
stat:
path: "/etc/letsencrypt/live/{{http_domain}}/privkey.pem"
register: ssl_result
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: nginx.j2
dest: /etc/nginx/sites-available/kuvia_main
owner: root
group: root
mode: '0644'
vars:
- ssl: "{{ ssl_result.stat.exists }}"
- domain: "{{ http_domain }}"
- name: Restart nginx
ansible.builtin.systemd:
state: restarted
daemon_reload: no
name: nginx