whack-a-service/Ansible_DEMO/main.yml

# playbook.yml:
---
- name: "common config"
  hosts: all
  remote_user: "{{ ssh_user }}"
  become: yes
  vars_files:
    - variables.yml
  vars:
    ansible_ssh_private_key_file: "{{ ssh_key }}"
  serial:
    - 1

  tasks:
    - name: Populate service facts
      service_facts: 

#Disable apparmor if present:

    - name: Stop and disable apparmor if present
      ansible.builtin.service:
        name: apparmor
        enabled: no
        state: stopped
      when: "'apparmor' in services"


#set hostname:

    - name: change hostname to myserver
      hostname:
        name: "{{ machine_hostname }}"

    - name: add myself to /etc/hosts
      lineinfile:
        dest: /etc/hosts
        regexp: '^127\.0\.0\.1[ \t]+localhost'
        line: '127.0.0.1 localhost {{ machine_hostname }}'
        state: present

    - name: Set timezone to {{ timezone }}
      timezone:
        name: "{{ timezone }}"


#update repos and install packages

    - name: Update repositories cache
      apt:
        update_cache: yes

    - name: Install a list of packages
      apt:
        pkg:
        - screen
        - htop
        - telnet
        - bind9
        - python
        - tinc
        - git
        - gpg

#on debian 10 install haproxy 2.2 from external repos

    - name: on DEB10 add repo key for haproxy
      ansible.builtin.apt_key:
        url: https://haproxy.debian.net/bernat.debian.org.gpg
        state: present
      when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'

    - name: on DEB10 add repo for haproxy
      ansible.builtin.apt_repository:
        repo: deb http://haproxy.debian.net buster-backports-2.2 main
        state: present
        filename: deb10_haproxy.list
      when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'

    - name: DEB11 install haproxy
      apt:
        pkg:
        - haproxy
      when: ansible_distribution == 'Debian' and ansible_distribution_version == '11'


#    - name: "Check if listed package is installed or not on Debian Linux family"
#      command: dpkg-query -l haproxy
#      register: package_check
#
#    - name: Delete content & directory
#      file:
#        state: absent
#        path: /etc/haproxy/
#      when: package_check is failed and ansible_distribution == 'Debian' and ansible_distribution_version == '10'

#    - name: DEB10 install haproxy
##      shell: apt install haproxy=2.2.\*
#      shell: apt install haproxy=2.*
#      when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'

    - name: DEB10 install haproxy
      apt:
        name: haproxy
        state: latest
        default_release: buster-backports
      when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'

    - name: Create a directory /scripts if not present
      ansible.builtin.file:
        path: /scripts/
        state: directory
        mode: '0755'

#Generate SSH key

    - name: check if the ssh has already been generated
      stat: 
        path: "{{ hap_git_key }}"
      register: ssh_hap_key_exists

    - name: Generate an OpenSSH keypair
      openssh_keypair:
        path: "{{ hap_git_key }}"
#        type: ed25519
        type: rsa
        size: 4096
        state: present
      when: ssh_hap_key_exists.stat.exists == False

    - name: store the pubkey
      shell: cat "{{ hap_git_key }}.pub"
      register: cat_git_hap_key

    - name: Add ssh key to your host
      pause:
        prompt: "Please add the ssh pubkey to your git repo: {{ cat_git_hap_key.stdout }} ------ and then press ENTER"
      when: ssh_hap_key_exists.stat.exists == False

#Sync git repo:

    - name: Git checkout
      ansible.builtin.git:
        repo: "{{ hap_git_repo }}"
        dest: "{{ hap_git_dest }}"
        key_file:  "{{ hap_git_key }}"
        accept_hostkey: yes

    - name: Template a file to /etc/file.conf
      ansible.builtin.template:
        src: repo/git_hap-config_autoupdate.j2
        dest: "{{ hap_git_script }}"

    - name: execute first sync
      shell: "bash {{ hap_git_script }}"

    - name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
      ansible.builtin.cron:
        name: "sync haproxy config"
        minute: "*/2"
        job: "bash {{ hap_git_script }}"


#BIND: register pubip:
    - name: retrieve your public ip
      shell: curl ifconfig.co/ip
      register: machine_pub_ip

#BIND: add zonefile from template:
    - name: bind add file db."{{ zone }}.{{ domain }}"
      ansible.builtin.template:
        src: repo/bind_zone.j2
        dest: "/etc/bind/db.{{ zone }}.{{ domain }}"

#BIND: configure bind to read the new zonefile:
    - name: Insert/Update "Match User" configuration block in /etc/ssh/sshd_config
      blockinfile:
        path: /etc/bind/named.conf
        block: |
          zone "{{ zone }}.{{ domain }}" {
             type master;
             file "/etc/bind/db.{{ zone }}.{{ domain }}";
          };

#BIND restart: 
    - name: Restart bind
      ansible.builtin.service:
        name: bind9
        state: restarted


##################################
### Demo

    - name: create directory for http server
      ansible.builtin.file:
        path: /tmp/httpserver/
        state: directory
        mode: '0755'

    - name: Template a file to /etc/file.conf
      ansible.builtin.template:
        src: repo/index.j2
        dest: "/tmp/httpserver/index.html"

    - name: launch test http server
      shell: "(cd /tmp/httpserver/; python3 -m http.server 8000 >/dev/null 2>&1 &)"
      async: 10
      poll: 0

#      shell: "cd /tmp/httpserver && python3 -m http.server 8000 &> /dev/null &"


####################################
#END:
#
#    - name: End message
#      ansible.builtin.debug:
#        msg:
#        - "-------------------------------------"
#        - "The configuration should be complete, you can run final_output.sh on your"
#        - "local machine to have the configuration to add to your DNS configuration."
#        - "Have fun!"