-
Notifications
You must be signed in to change notification settings - Fork 21
/
system.yml
141 lines (120 loc) · 3.28 KB
/
system.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# This file is part of deployment-tool.
# Copyright (C) 2014-2016 Sequent Tech Inc <[email protected]>
# deployment-tool is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License.
# deployment-tool is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License
# along with deployment-tool. If not, see <http://www.gnu.org/licenses/>.
---
- name: System, setting hostname
become: true
hostname:
name: "{{ config.hostname }}"
- name: System, private ip in /etc/hosts
become: true
lineinfile:
dest: /etc/hosts
line: "{{ config.private_ipaddress }} {{ config.hostname }}"
state: present
- name: System, domain in /etc/hosts
become: true
lineinfile:
dest: /etc/hosts
line: "{{ config.private_ipaddress }} {{ config.ballot_box.domain }}"
state: present
- name: System, Creating nginx group
become: true
group:
name: nginx
state: present
- name: Creating tlscert group
become: true
group:
name: tlscert
state: present
- name: System, Creating nginx user
become: true
user:
name: nginx
shell: /bin/false
home: /nonexistent
groups: nginx,tlscert
append: true
- name: System, nginx log directory permissions
become: true
file:
path: /var/log/nginx
owner: nginx
state: directory
- name: System, cert directories creation
become: true
file:
path: /srv/certs/selfsigned
recurse: yes
state: directory
owner: root
group: users
- name: System, self-signed certificate creation
become: true
template:
src: templates/cert.sh
dest: /root/cert.sh
owner: root
mode: '0700'
- name: System, self-signed certificate creation
become: true
template:
src: templates/cert.py
dest: /root/cert.py
owner: root
mode: '0700'
- name: System, self-signed certificate creation
become: true
shell: /root/cert.sh
- name: System, self-signed certificate permissions (1)
become: true
file:
path: /srv/certs/selfsigned/cert.pem
state: file
mode: '0640'
group: tlscert
- name: System, self-signed certificate permissions (2)
become: true
file:
path: /srv/certs/selfsigned/key-nopass.pem
state: file
mode: '0640'
group: tlscert
- name: System, self-signed certificate permissions (3)
become: true
file:
path: /srv/certs/selfsigned/calist
state: file
mode: '0640'
group: tlscert
- name: System, populating /etc/hosts
become: true
lineinfile:
dest: /etc/hosts
line: "{{ item.ip }} {{ item.hostname }}"
state: present
with_items: "{{ config.hosts }}"
- name: System, updating /etc/screenrc
become: true
template:
src: templates/screenrc
dest: /etc/screenrc
owner: root
mode: '0600'
- name: System, configuring timezone to UTC
become: true
ansible.builtin.shell:
warn: false
cmd: |
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
executable: /bin/bash