123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222 |
- # playbook.yml:
- ---
- - name: "common config"
- hosts: all
- remote_user: "{{ ssh_user }}"
- become: yes
- vars_files:
- - variables.yml
- vars:
- ansible_ssh_private_key_file: "{{ ssh_key }}"
- serial:
- - 1
- tasks:
- - name: Populate service facts
- service_facts:
- #Disable apparmor if present:
- - name: Stop and disable apparmor if present
- ansible.builtin.service:
- name: apparmor
- enabled: no
- state: stopped
- when: "'apparmor' in services"
- #set hostname:
- - name: change hostname to myserver
- hostname:
- name: "{{ machine_hostname }}"
- - name: add myself to /etc/hosts
- lineinfile:
- dest: /etc/hosts
- regexp: '^127\.0\.0\.1[ \t]+localhost'
- line: '127.0.0.1 localhost {{ machine_hostname }}'
- state: present
- - name: Set timezone to {{ timezone }}
- timezone:
- name: "{{ timezone }}"
- #update repos and install packages
- - name: Update repositories cache
- apt:
- update_cache: yes
- - name: Install a list of packages
- apt:
- pkg:
- - screen
- - htop
- - telnet
- - bind9
- - python
- - tinc
- - git
- - gpg
- #on debian 10 install haproxy 2.2 from external repos
- - name: on DEB10 add repo key for haproxy
- ansible.builtin.apt_key:
- url: https://haproxy.debian.net/bernat.debian.org.gpg
- state: present
- when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
- - name: on DEB10 add repo for haproxy
- ansible.builtin.apt_repository:
- repo: deb http://haproxy.debian.net buster-backports-2.2 main
- state: present
- filename: deb10_haproxy.list
- when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
- - name: DEB11 install haproxy
- apt:
- pkg:
- - haproxy
- when: ansible_distribution == 'Debian' and ansible_distribution_version == '11'
- # - name: "Check if listed package is installed or not on Debian Linux family"
- # command: dpkg-query -l haproxy
- # register: package_check
- #
- # - name: Delete content & directory
- # file:
- # state: absent
- # path: /etc/haproxy/
- # when: package_check is failed and ansible_distribution == 'Debian' and ansible_distribution_version == '10'
- # - name: DEB10 install haproxy
- ## shell: apt install haproxy=2.2.\*
- # shell: apt install haproxy=2.*
- # when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
- - name: DEB10 install haproxy
- apt:
- name: haproxy
- state: latest
- default_release: buster-backports
- when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
- - name: Create a directory /scripts if not present
- ansible.builtin.file:
- path: /scripts/
- state: directory
- mode: '0755'
- #Generate SSH key
- - name: check if the ssh has already been generated
- stat:
- path: "{{ hap_git_key }}"
- register: ssh_hap_key_exists
- - name: Generate an OpenSSH keypair
- openssh_keypair:
- path: "{{ hap_git_key }}"
- # type: ed25519
- type: rsa
- size: 4096
- state: present
- when: ssh_hap_key_exists.stat.exists == False
- - name: store the pubkey
- shell: cat "{{ hap_git_key }}.pub"
- register: cat_git_hap_key
- - name: Add ssh key to your host
- pause:
- prompt: "Please add the ssh pubkey to your git repo: {{ cat_git_hap_key.stdout }} ------ and then press ENTER"
- when: ssh_hap_key_exists.stat.exists == False
- #Sync git repo:
- - name: Git checkout
- ansible.builtin.git:
- repo: "{{ hap_git_repo }}"
- dest: "{{ hap_git_dest }}"
- key_file: "{{ hap_git_key }}"
- accept_hostkey: yes
- - name: Template a file to /etc/file.conf
- ansible.builtin.template:
- src: repo/git_hap-config_autoupdate.j2
- dest: "{{ hap_git_script }}"
- - name: execute first sync
- shell: "bash {{ hap_git_script }}"
- - name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
- ansible.builtin.cron:
- name: "sync haproxy config"
- minute: "*/2"
- job: "bash {{ hap_git_script }}"
- #BIND: register pubip:
- - name: retrieve your public ip
- shell: curl ifconfig.co/ip
- register: machine_pub_ip
- #BIND: add zonefile from template:
- - name: bind add file db."{{ zone }}.{{ domain }}"
- ansible.builtin.template:
- src: repo/bind_zone.j2
- dest: "/etc/bind/db.{{ zone }}.{{ domain }}"
- #BIND: configure bind to read the new zonefile:
- - name: Insert/Update "Match User" configuration block in /etc/ssh/sshd_config
- blockinfile:
- path: /etc/bind/named.conf
- block: |
- zone "{{ zone }}.{{ domain }}" {
- type master;
- file "/etc/bind/db.{{ zone }}.{{ domain }}";
- };
- #BIND restart:
- - name: Restart bind
- ansible.builtin.service:
- name: bind9
- state: restarted
- ##################################
- ### Demo
- - name: create directory for http server
- ansible.builtin.file:
- path: /tmp/httpserver/
- state: directory
- mode: '0755'
- - name: Template a file to /etc/file.conf
- ansible.builtin.template:
- src: repo/index.j2
- dest: "/tmp/httpserver/index.html"
- - name: launch test http server
- shell: "(cd /tmp/httpserver/; python3 -m http.server 8000 >/dev/null 2>&1 &)"
- async: 10
- poll: 0
- # shell: "cd /tmp/httpserver && python3 -m http.server 8000 &> /dev/null &"
- ####################################
- #END:
- #
- # - name: End message
- # ansible.builtin.debug:
- # msg:
- # - "-------------------------------------"
- # - "The configuration should be complete, you can run final_output.sh on your"
- # - "local machine to have the configuration to add to your DNS configuration."
- # - "Have fun!"
|