kekskurse
/
kuvia
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
kuvia/resources/ansible/playbook.yml

173 lines
4.6 KiB
YAML
Raw Blame History

---
# file: webservers.yml
- hosts: all
tasks:
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
update_cache: yes
- community.general.ufw:
rule: limit
port: ssh
proto: tcp
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:
rule: allow
src: '10.114.0.0/20'
- name: Allow everything and enable UFW
community.general.ufw:
state: enabled
policy: deny
- hosts: mysql
tasks:
- name: Install mysql-server
apt:
name: mysql-server
state: present
- name: Install python3-pip
apt:
name: python3-pip
state: present
- name: Install PyMySQL python package
pip:
name: PyMySQL
- name: Create database user with name 'kuvia' and password 'kuvia!2020@geheim' with all database privileges
community.mysql.mysql_user:
name: kuvia
password: kuvia!2020@geheim
host: "%"
priv: 'kuvia.*:ALL'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Create a new database with name 'kuvia'
community.mysql.mysql_db:
name: kuvia
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Set Bindung for mysql
ansible.builtin.replace:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
regexp: '^bind-address\s*=.*$'
replace: 'bind-address = 0.0.0.0'
- name: Restart mysql
ansible.builtin.systemd:
state: restarted
daemon_reload: yes
name: mysql
- hosts: web
tasks:
- name: Install nginx
apt:
name: nginx
state: present
- name: Install git
apt:
name: git
state: present
- name: Install php-fpm
apt:
name: php-fpm
state: present
- name: Install php-cli
apt:
name: php-cli
state: present
- name: Install php-simplexml
apt:
name: php-simplexml
state: present
- name: Install php-mbstring
apt:
name: php-mbstring
state: present
- name: Install php-gd
apt:
name: php-gd
state: present
- name: Install php-mysql
apt:
name: php-mysql
state: present
- name: Install unzip
apt:
name: unzip
state: present
- name: Install php-zip
apt:
name: php-zip
state: present
- name: Check that the /bin/composer exists
stat:
path: /bin/composer
register: stat_result
- name: Download foo.conf
get_url:
url: https://getcomposer.org/installer
dest: /tmp/composer-setup.php
mode: '0440'
when: not stat_result.stat.exists
- name: Execute the command in remote shell; stdout goes to the specified file on the remote
ansible.builtin.shell: php /tmp/composer-setup.php --install-dir=/bin --filename=composer
when: not stat_result.stat.exists
- name: Git checkout
git:
repo: 'https://git.keks.cloud/kekskurse/kuvia.git'
dest: /var/www/kuvia
update: yes
- name: Change file ownership, group and permissions
ansible.builtin.file:
path: /var/www/kuvia/storage
owner: www-data
group: www-data
recurse: yes
state: directory
- name: Download and installs all libs and dependencies outlined in the /var/www/kuvia
community.general.composer:
command: install
working_dir: /var/www/kuvia
environment:
- COMPOSER_ALLOW_SUPERUSER: 1
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: env.j2
dest: /var/www/kuvia/.env
owner: root
group: root
mode: '0644'
- name: Artisan migration
ansible.builtin.shell: php artisan migrate --force
args:
chdir: /var/www/kuvia
become: yes
become_user: www-data
tags:
- debug
- name: Allow all access to tcp port 80
community.general.ufw:
rule: allow
port: '80'
proto: tcp
- name: Allow all access to tcp port 443
community.general.ufw:
rule: allow
port: '443'
proto: tcp
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: nginx.j2
dest: /etc/nginx/sites-available/kuvia
owner: root
group: root
mode: '0644'
- name: Create a symbolic link
ansible.builtin.file:
src: /etc/nginx/sites-available/kuvia
dest: /etc/nginx/sites-enabled/kuvia
state: link
- name: Restart nginx
ansible.builtin.systemd:
state: restarted
daemon_reload: no
name: nginx
Reference in New Issue View Git Blame Copy Permalink