102 lines
2.9 KiB
YAML
102 lines
2.9 KiB
YAML
- name: "Initialise packages, user tanguy & webserver"
|
|
hosts: "roger-skyline-1"
|
|
become: yes
|
|
become_method: sudo
|
|
tasks:
|
|
- name: "Upload sshd_config"
|
|
copy:
|
|
src: "files/sshd_config"
|
|
dest: "/etc/ssh/sshd_config"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Create .ssh directory"
|
|
file:
|
|
path: "/home/tanguy/.ssh"
|
|
state: "directory"
|
|
- name: "Upload ssh key"
|
|
copy:
|
|
src: "~/.ssh/id_rsa.pub"
|
|
dest: "/home/tanguy/.ssh/authorized_keys"
|
|
owner: "tanguy"
|
|
group: "tanguy"
|
|
- name: "Restart ssh service"
|
|
service:
|
|
name: "ssh"
|
|
state: "restarted"
|
|
- name: "Install necessary packages"
|
|
apt:
|
|
name: ['apache2', 'python-pip']
|
|
update_cache: "yes"
|
|
state: "present"
|
|
- name: "Install pyOpenSSL extension"
|
|
pip:
|
|
name: "pyOpenSSL"
|
|
- name: "Create .ssl directory"
|
|
file:
|
|
path: "/home/tanguy/.ssl"
|
|
state: "directory"
|
|
- name: "Generate ssl private key"
|
|
openssl_privatekey:
|
|
path: "/home/tanguy/.ssl/server.key"
|
|
tags: [ "ssl" ]
|
|
- name: "Generate ssl certficate signing request"
|
|
openssl_csr:
|
|
path: "/home/tanguy/.ssl/server.csr"
|
|
privatekey_path: "/home/tanguy/.ssl/server.key"
|
|
common_name: "tmaze"
|
|
email_address: "tmaze@student.42.fr"
|
|
country_name: "FR"
|
|
locality_name: "Paris"
|
|
organization_name: "42.fr"
|
|
tags: [ "ssl" ]
|
|
- name: "Generate ssl selfsigned certificate"
|
|
openssl_certificate:
|
|
path: "/home/tanguy/.ssl/server.crt"
|
|
csr_path: "/home/tanguy/.ssl/server.csr"
|
|
privatekey_path: "/home/tanguy/.ssl/server.key"
|
|
provider: "selfsigned"
|
|
tags: [ "ssl" ]
|
|
- name: "Upload website"
|
|
copy:
|
|
src: "files/default-ssl.conf"
|
|
dest: "/etc/apache2/sites-available/"
|
|
owner: "root"
|
|
group: "root"
|
|
tags: [ "ssl" ]
|
|
- name: "Create webiste dir"
|
|
file:
|
|
path: "/var/www/nice_website"
|
|
state: "directory"
|
|
tags: [ "website" ]
|
|
- name: "Upload website"
|
|
copy:
|
|
src: "files/index.html"
|
|
dest: "/var/www/nice_website/"
|
|
owner: "root"
|
|
group: "root"
|
|
tags: [ "website" ]
|
|
- name: "Activate nice website"
|
|
command: "a2ensite default-ssl"
|
|
tags: [ "website" ]
|
|
- name: "Activate ssl module"
|
|
command: "a2enmod ssl"
|
|
tags: [ "website" ]
|
|
- name: "Upload jail.local2"
|
|
copy:
|
|
src: "files/jail.local2"
|
|
dest: "/etc/fail2ban/jail.local"
|
|
owner: "root"
|
|
group: "root"
|
|
force: "yes"
|
|
tags: [ "website" ]
|
|
- name: "Restart apache2"
|
|
service:
|
|
name: "apache2"
|
|
state: "restarted"
|
|
tags: [ "website" ]
|
|
- name: "Restart fail2ban"
|
|
service:
|
|
name: "fail2ban"
|
|
state: "restarted"
|
|
tags: [ "website" ]
|