-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathnew_server-playbook.yml
90 lines (76 loc) · 2.3 KB
/
new_server-playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Ansible playbook for create a new server, based on Ubuntu/Debian.
# For more information, please visit https://github.com/truewebartisans/useful-playbooks
# Author: Vic Shóstak <[email protected]> & True web artisans (https://1wa.co)
# License: MIT
---
- hosts: "{{ host|default('localhost') }}"
become: true
tasks:
- name: Add PPA repositories
apt_repository:
repo: "{{ item.repo }}"
with_items:
- { repo: "ppa:nginx/stable" }
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release != 'focal'
- name: Upgrade dist
apt:
upgrade: dist
- name: Install Nginx, UFW
apt:
pkg: "{{ item }}"
state: latest
with_items:
- nginx
- ufw
- name: Create /etc/nginx/conf.d folder, set chown USER:USER
file:
state: directory
path: "{{ item.path }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0644
with_items:
- { path: "/etc/nginx/conf.d" }
- name: Copy configs UFW, Nginx
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0644
with_items:
- { src: "./configs/ufw-nginx.ini", dest: "/etc/ufw/applications.d/nginx.ini" }
- { src: "./configs/nginx.conf", dest: "/etc/nginx/nginx.conf" }
- name: Allow OpenSSH, Nginx (http + https)
ufw:
name: "{{ item.name }}"
rule: "{{ item.rule }}"
with_items:
- { name: "OpenSSH", rule: "allow" }
- { name: "Nginx Full", rule: "allow" }
- name: Generate OpenSSL DH Parameters cert (2048 bits)
openssl_dhparam:
path: /etc/ssl/certs/dhparam.pem
size: 2048
- name: Enable Nginx during boot
service:
name: nginx
state: started
enabled: yes
notify:
- restart_nginx
- name: Create /var/www folder, set chown USER:USER
file:
state: directory
path: /var/www
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0700
- name: Remove unused dependency packages
apt:
autoremove: yes
handlers:
- name: restart_nginx
service:
name: nginx
state: restarted