Closed wkoszek closed 3 years ago
---
- hosts: all
remote_user: root
vars_files:
- ../secrets.yml
tasks:
- name: Set timezone
timezone:
name: America/Los_Angeles
- name: Update the APT cache
tags: init
apt: update_cache=yes
- name: Apt cleanup
tags: init
apt:
autoremove: yes
- name: Install required packages
tags: init
apt:
pkg:
- curl
- git
- htop
- letsencrypt
- monit
- ncdu
- nginx
- docker.io
- php7.0
- php7.0-fpm
- php7.0-pgsql
- sqlite
state: present
- name: Get Docker Compose
tags: init
command: curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
args:
warn: false
- name: Make sure Docker Compose is executable
tags: init
file:
path: /usr/local/bin/docker-compose
state: file
owner: root
mode: 0755
- name: Copy some random scripts
tags: init
copy:
dest: "/root/{{ item }}"
src: "./bin/{{ item }}"
mode: 0700
owner: root
with_items:
- containter_ctl.sh
- name: Add the user 'certs'
tags: certs
user:
name: certs
create_home: true
home: /home/certs
comment: certificates
- name: Clone a repo
tags: certs
git:
repo: 'https://github.com/Neilpang/acme.sh.git'
dest: /home/certs/acme.sh
- name: Copy the creds.sh
tags: certs
copy:
dest: /home/certs/.creds.sh
owner: certs
mode: 0600
content: "{{ creds_sh }}"
- name: Copy script to init notifications
tags: certs
copy:
dest: "/home/certs/{{ item }}"
src: "./bin/{{ item }}"
mode: 0700
owner: certs
group: certs
with_items:
- acme_init_notification.sh
- acme_sh_wrapper.sh
- name: Run init of notifications from acme.sh
tags: certs
command: /home/certs/acme_init_notification.sh
become: yes
become_user: certs
- name: Install cron stuff
tags: certs
command: "/home/certs/acme_sh_wrapper.sh --install-cronjob"
become: yes
become_user: certs
register: dbg
- name: Show debug stuff
tags: certs
debug: var=dbg.stdout_lines
- name: Unarchive a file that needs to be downloaded (added in 2.0)
tags: monit
unarchive:
src: https://mmonit.com/monit/dist/binary/5.25.3/monit-5.25.3-linux-x64.tar.gz
dest: /home/certs/
remote_src: yes
- name: Move monit
tags: monit
copy: remote_src=true src=/home/certs/monit-5.25.3/bin/monit dest=/usr/bin/monit
- name: Synchronizing files which were generated locally
tags: sync
synchronize:
src: files/{{ item }}/
dest: /{{ item }}/
owner: no
group: no
with_items:
- etc/nginx
- etc/monit
- name: Making sure that directories exist
tags: sync
file:
path: "{{item}}"
state: directory
with_items:
- /etc/nginx
- /etc/monit
- name: List all the files
tags: sync
find:
paths: /etc/nginx/sites-available
patterns: "*"
register: list
- name: Make necessary links
tags: sync
file:
src: "{{ item.path }}"
dest: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
state: link
with_items: "{{ list.files }}"
- name: Link some more stuff
tags: sync
file:
src: "/etc/nginx/snippets/{{ item }}"
dest: "/etc/nginx/sites-enabled/{{ item }}"
state: link
with_items:
- nohttp.conf
- name: Make dirs
tags: dirs
file:
path: /var/www/{{ item }}
state: directory
owner: ubuntu
group: ubuntu
mode: 0755
loop: "{{ domains_clean }}"
- name: Make some app dirs
tags: dirs
file:
path: /home/ubuntu/apps/{{ item }}
state: directory
owner: ubuntu
group: ubuntu
mode: 0755
with_items:
- learnpolish
- name: Make some data dirs
tags: dirs
file:
path: /home/ubuntu/data/{{ item }}
state: directory
owner: ubuntu
group: ubuntu
mode: 0755
with_items:
- learnpolish
- name: Make index.html everywhere
tags: dirs
file:
path=/var/www/{{ item }}/index.html
state=touch
owner=ubuntu
group=ubuntu
mode=0755
loop: "{{ domains_clean }}"
# In case new nginx entries were added, we restart nginx.
- name: Disable default nginx entry
tags:
- dirs
- sync
file: path=/etc/nginx/sites-enabled/default state=absent
- name: restart nginx
tags:
- dirs
- sync
service: name=nginx state=restarted enabled=yes
# In case we added new monit files, we restart it.
- name: stop monit
tags:
- monit
- sync
service: name=monit state=stopped enabled=yes
- name: start monit
tags:
- monit
- sync
service: name=monit state=started enabled=yes
@Hazeman99 ^^^ you have an example Ansible playbook for a basic machine setup. We may not need most of this stuff, but you can see the steps and see how it looks like
@Hazeman99 it'd be great if you could try:
and then try to see if you could run Ansible against it. I think you may need to read some Ansible tutorials for this.