- name: "Initialise packages, user tanguy & webserver"
  hosts: "roger-skyline-1"
  become: yes
  become_user: root
  become_method: su
  tasks:
    - name: "Install necessary packages"
      apt:
        name: ['sudo', 'mailutils', 'fail2ban', 'apache2', 'python-pip', 'iptables-persistent']
        update_cache: "yes"
        state: "present"
      tags: [ "apt", "sudo" ]
    - name: "Add tanguy to sudoers"
      user:
        name: "tanguy"
        groups: "sudo"
        append: yes
      tags: [ "sudo" ]
    - name: "Upload firewall config"
      copy:
        src: "files/firewall.conf"
        dest: "/etc/iptables/rules.v4"
        owner: "root"
        group: "root"
      tags: [ "firewall" ]
    - name: "Apply firewall config"
      command: "iptables-restore -c /etc/iptables/rules.v4"
      tags: [ "firewall" ]
    - name: "Upload fail2ban config"
      copy:
        src: "files/jail.local"
        dest: "/etc/fail2ban/"
        owner: "root"
        group: "root"
      tags: [ "firewall" ]
    - name: "Restart fail2ban"
      service:
        name: "fail2ban"
        state: "restarted"
      tags: [ "firewall" ]
    - name: "Upload update_script.sh"
      copy:
        src: "files/update_script.sh"
        dest: "/usr/sbin/update_script.sh"
        owner: "root"
        group: "root"
      tags: [ "scripts" ]
    - name: "Upload update_script"
      copy:
        src: "files/update_script"
        dest: "/etc/cron.d/update_script"
        owner: "root"
        group: "root"
      tags: [ "scripts" ]
    - name: "Upload check_crontab.sh"
      copy:
        src: "files/check_crontab.sh"
        dest: "/usr/sbin/check_crontab.sh"
        owner: "root"
        group: "root"
      tags: [ "scripts" ]
    - name: "Upload check_crontab"
      copy:
        src: "files/check_crontab"
        dest: "/etc/cron.d/check_crontab"
        owner: "root"
        group: "root"
      tags: [ "scripts" ]
    - name: "Create .ssl directory"
      file:
        path: "/home/tanguy/.ssl"
        state: "directory"
      tags: [ "ssl" ]
    - name: "Installing pyOpenSSL python lib"
      pip:
        name: "pyOpenSSL"
      tags: [ "ssl" ]
    - name: "Generate ssl private key"
      openssl_privatekey:
        path: "/home/tanguy/.ssl/server.key"
      tags: [ "ssl" ]
    - name: "Generate ssl certficate signing request"
      openssl_csr:
        path: "/home/tanguy/.ssl/server.csr"
        privatekey_path: "/home/tanguy/.ssl/server.key"
        common_name: "tmaze"
        email_address: "tmaze@student.42.fr"
        country_name: "FR"
        locality_name: "Paris"
        organization_name: "42.fr"
      tags: [ "ssl" ]
    - name: "Generate ssl selfsigned certificate"
      openssl_certificate:
        path: "/home/tanguy/.ssl/server.crt"
        csr_path: "/home/tanguy/.ssl/server.csr"
        privatekey_path: "/home/tanguy/.ssl/server.key"
        provider: "selfsigned"
      tags: [ "ssl" ]
    - name: "Upload website"
      copy:
        src: "files/default-ssl.conf"
        dest: "/etc/apache2/sites-available/"
        owner: "root"
        group: "root"
      tags: [ "ssl" ]
    - name: "Create webiste dir"
      file:
        path: "/var/www/nice_website"
        state: "directory"
      tags: [ "website" ]
    - name: "Upload website"
      copy:
        src: "files/index.html"
        dest: "/var/www/nice_website/"
        owner: "root"
        group: "root"
      tags: [ "website" ]
    - name: "Activate nice website"
      command: "a2ensite default-ssl"
      tags: [ "website" ]
    - name: "Activate ssl module"
      command: "a2enmod ssl"
      tags: [ "website" ]
    - name: "Restart apache2"
      service:
        name: "apache2"
        state: "restarted"
      tags: [ "website" ]