65 lines
1.6 KiB
YAML
65 lines
1.6 KiB
YAML
---
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- ansible
|
|
- ansible-collection-ansible-posix
|
|
- ansible-collection-community-general
|
|
- python3-dns # required for lookup('dig', 'hostname')
|
|
- python38-netaddr # required by iptables role
|
|
|
|
- name: Create private directory and force permissions
|
|
ansible.builtin.file:
|
|
path: /export/private
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
state: directory
|
|
|
|
- name: Link private directory
|
|
ansible.builtin.file:
|
|
src: /export/private
|
|
dest: /srv/private
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
state: link
|
|
follow: false
|
|
|
|
- name: Allow http server to access /srv/ansible
|
|
community.general.sefcontext:
|
|
path: /srv/ansible(/.*)?
|
|
setype: httpd_sys_content_t
|
|
|
|
- name: Clone ansible repository
|
|
ansible.builtin.git:
|
|
dest: /srv/ansible
|
|
repo: https://git.foo.sh/ansible.git
|
|
update: false
|
|
|
|
- name: Link facts to nginx
|
|
ansible.builtin.file:
|
|
src: "/srv/ansible/facts"
|
|
dest: "/srv/web/{{ inventory_hostname }}/facts"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
state: link
|
|
follow: false
|
|
|
|
- name: Create nginx conf
|
|
ansible.builtin.copy:
|
|
src: nginx.conf
|
|
dest: /etc/nginx/conf.d/{{ inventory_hostname }}/ansible.conf
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart nginx
|
|
|
|
- name: Add custom .bashrc for root
|
|
ansible.builtin.copy:
|
|
dest: /root/.bashrc
|
|
src: root-bashrc.sh
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
mode: 0600
|