5azHEaWm

· 5 years ago · Feb 17, 2020, 12:34 AM
1---
2- hosts: webservers
3  name: Base installation
4  tags:
5    - base
6  tasks:
7    - name: Install git and more todo
8      become: yes
9      dnf:
10        name:
11          - git
12    - name: Copy across SSH keys for git purposes
13      copy:    
14        src: "{{ item }}"
15        dest: "/home/{{ unix_user }}/.ssh/"
16        owner: "{{ unix_user }}"
17        mode: 0600
18      with_fileglob:
19          - "{{ host_ssh_source }}/id_rsa*"
20    - name: Make /var/www directory
21      become: yes
22      file:
23        path: /var/www
24        state: directory
25        owner: "{{ unix_user }}"
26        mode: '0777'
27    - name: Put SELinux into Permissive mode
28      become: yes
29      command: setenforce 0
30
31- hosts: dbservers
32  name: Install MySQL 8
33  tags:
34    - db
35  vars:
36    user: "{{ mysql_user }}"
37    password: "{{ mysql_password }}"
38  remote_user: "{{ user }}"
39  become: yes
40  tasks:
41    - name: Install MySQL 8 and Python3 PyMySQL
42      dnf:
43        name:
44          - mysql-server 
45          - mysql
46          - python3-PyMySQL
47        state: latest
48    - name: Start and enable MySQL 8
49      systemd:
50        name: mysqld
51        enabled: true
52        state: started
53    - name: Removes anonymous user account for localhost
54      mysql_user:
55        name: ''
56        host_all: yes
57        state: absent
58    - name: Create database user with name {{ user }} with all database privileges
59      mysql_user:
60        name: "{{ user }}"
61        password: "{{ password }}"
62        priv: '*.*:ALL'
63        state: present
64
65- hosts: webservers
66  name: Install Net Worth site
67  tags:
68    - codenames
69  vars:
70    unix_user: "{{ unix_user }}"
71  tasks:
72  - name: Pull codenames image
73    podman_image:
74      name: quay.io/banool/codenames
75      tag: latest
76  - name: Actually repull codenames image
77    command: podman pull quay.io/banool/codenames
78  - name: Create systemd spec file
79    become: yes
80    vars:
81      allowed_sites: "{{ codenames.allowed_sites }}"
82      deployment_mode: "{{ codenames.deployment_mode }}"
83      secret_key: "{{ codenames.secret_key }}"
84      sql_engine: "{{ codenames.sql_engine }}"
85      sql_database: "{{ codenames.sql_database }}"
86      sql_user: "{{ mysql_user }}"
87      sql_password: "{{ mysql_password}}"
88      sql_host: "{{ codenames.sql_host}}"
89      sql_port: "{{ codenames.sql_port}}"
90      robinhood_username: "{{ codenames.robinhood_username }}"
91      robinhood_password: "{{ codenames.robinhood_password }}"
92      robinhood_2fa_barcode: "{{ codenames.robinhood_2fa_barcode }}"
93      personal_capital_email: "{{ codenames.personal_capital_email }}"
94      personal_capital_password: "{{ codenames.personal_capital_password }}"
95      ui_username: "{{ codenames.ui_username }}"
96      ui_email: "{{ codenames.ui_email }}"
97      ui_password: "{{ codenames.ui_password }}"
98      internal_port: "{{ codenames.internal_port }}"
99      external_port: "{{ codenames.external_port }}"
100    template:
101      src: templates/codenames.service.j2
102      dest: /etc/systemd/system/codenames.service
103      owner: "{{ unix_user }}"
104      group: wheel
105      mode: '0644'
106  - name: Make net worth database in MySQL
107    mysql_db:
108      name: "{{ codenames.sql_database }}"
109      state: present
110      login_user: "{{ mysql_user }}"
111      login_password: "{{ mysql_password }}"
112      
113  - name: Start and enable codenames service
114    become: yes
115    systemd:
116      name: codenames
117      daemon_reload: true
118      enabled: true
119      state: restarted
120
121- hosts: webservers
122  name: Install dport site
123  tags:
124    - dport
125  vars:
126    unix_user: "{{ unix_user }}"
127  tasks:
128    - git:
129        repo: git@gitlab.com:banool/dport-site.git
130        dest: /var/www/dport
131
132- hosts: webservers
133  become: true
134  roles:
135    - role: nginxinc.nginx
136  tags: nginx
137  tasks:
138    - name: Make /etc/nginx/sites-available
139      file:
140        path: /etc/nginx/sites-available
141        state: directory
142        mode: '0755'
143    - name: Make symlink for sites-available called sites-enabled
144      file:
145        src: /etc/nginx/sites-available
146        dest: /etc/nginx/sites-enabled
147        state: link
148    - name: Delete /etc/nginx/conf.d
149      file:
150        path: /etc/nginx/conf.d
151        state: absent
152    - name: Use sites-enabled instead of conf.d
153      replace:
154        path: /etc/nginx/nginx.conf
155        regexp: 'include /etc/nginx/conf.d/\*.conf;'
156        replace: 'include /etc/nginx/sites-enabled/*;'
157    - name: Restart nginx
158      systemd:
159        name: nginx
160        state: restarted
161  vars:
162    nginx_http_template_enable: true
163    nginx_http_template:
164      dport:
165        template_file: http/default.conf.j2
166        conf_file_name: dport
167        conf_file_location: /etc/nginx/sites-available
168        servers:
169          server1:
170            listen:
171              listen_localhost:
172                port: 80
173            root: /var/www/dport
174            server_name: "{{ server_name }} www.{{ server_name }} {{ ip_address }}"
175            error_page: /usr/share/nginx/html
176            autoindex: false
177
178# TODO
179# Nginx
180# All other sites
181# Crons
182# Deluge
183# Plex
184# External HDD mounts
185# Turning off the screen
186# History for net worth
187# certbot