108 lines
3.2 KiB
YAML
108 lines
3.2 KiB
YAML
- name: "Initialise packages, user tanguy & webserver"
|
|
hosts: "roger-skyline-1"
|
|
become: yes
|
|
become_user: root
|
|
become_method: su
|
|
tasks:
|
|
- name: "Install necessary packages"
|
|
apt:
|
|
name: ['sudo', 'mailutils', 'fail2ban', 'apache2', 'python-pip', 'iptables-persistent']
|
|
update_cache: "yes"
|
|
state: "present"
|
|
- name: "Add tanguy to sudoers"
|
|
user:
|
|
name: "tanguy"
|
|
groups: "sudo"
|
|
append: yes
|
|
- name: "Upload firewall config"
|
|
copy:
|
|
src: "files/firewall.conf"
|
|
dest: "/etc/iptables/rules.v4"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Apply firewall config"
|
|
command: "iptables-restore -c /etc/iptables/rules.v4"
|
|
- name: "Upload fail2ban config"
|
|
copy:
|
|
src: "files/jail.local"
|
|
dest: "/etc/fail2ban/"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Restart fail2ban"
|
|
service:
|
|
name: "fail2ban"
|
|
state: "restarted"
|
|
- name: "Upload update_script.sh"
|
|
copy:
|
|
src: "files/update_script.sh"
|
|
dest: "/usr/sbin/update_script.sh"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Upload update_script"
|
|
copy:
|
|
src: "files/update_script"
|
|
dest: "/etc/cron.d/update_script"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Upload check_crontab.sh"
|
|
copy:
|
|
src: "files/check_crontab.sh"
|
|
dest: "/usr/sbin/check_crontab.sh"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Upload check_crontab"
|
|
copy:
|
|
src: "files/check_crontab"
|
|
dest: "/etc/cron.d/check_crontab"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Create .ssl directory"
|
|
file:
|
|
path: "/home/tanguy/.ssl"
|
|
state: "directory"
|
|
- name: "Installing pyOpenSSL python lib"
|
|
pip:
|
|
name: "pyOpenSSL"
|
|
- name: "Generate ssl private key"
|
|
openssl_privatekey:
|
|
path: "/home/tanguy/.ssl/server.key"
|
|
- name: "Generate ssl certficate signing request"
|
|
openssl_csr:
|
|
path: "/home/tanguy/.ssl/server.csr"
|
|
privatekey_path: "/home/tanguy/.ssl/server.key"
|
|
common_name: "tmaze"
|
|
email_address: "tmaze@student.42.fr"
|
|
country_name: "FR"
|
|
locality_name: "Paris"
|
|
organization_name: "42.fr"
|
|
- name: "Generate ssl selfsigned certificate"
|
|
openssl_certificate:
|
|
path: "/home/tanguy/.ssl/server.crt"
|
|
csr_path: "/home/tanguy/.ssl/server.csr"
|
|
privatekey_path: "/home/tanguy/.ssl/server.key"
|
|
provider: "selfsigned"
|
|
- name: "Upload website"
|
|
copy:
|
|
src: "files/default-ssl.conf"
|
|
dest: "/etc/apache2/sites-available/"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Create webiste dir"
|
|
file:
|
|
path: "/var/www/nice_website"
|
|
state: "directory"
|
|
- name: "Upload website"
|
|
copy:
|
|
src: "files/index.html"
|
|
dest: "/var/www/nice_website/"
|
|
owner: "root"
|
|
group: "root"
|
|
- name: "Activate nice website"
|
|
command: "a2ensite default-ssl"
|
|
- name: "Activate ssl module"
|
|
command: "a2enmod ssl"
|
|
- name: "Restart apache2"
|
|
service:
|
|
name: "apache2"
|
|
state: "restarted"
|