ansible/privfrontends/playbook.yaml

97 lines
2.7 KiB
YAML
Raw Normal View History

2023-05-13 06:44:40 +05:30
---
2024-01-10 19:13:09 +05:30
- name: Docker
hosts: privfrontends
vars_files:
- ./vars.yaml
tasks:
- name: Deploy stack role
ansible.builtin.include_role:
name: gi-yt.docker_compose_declarative
vars:
app: "{{ service.value }}"
app_name: "{{ service.key | lower }}"
loop: "{{ apps.groups | default({}) | dict2items }}"
loop_control:
loop_var: service
when: service.value.docker_settings
2023-05-13 06:44:40 +05:30
- name: Setup Caddy
2023-09-14 14:42:16 +05:30
hosts: privfrontends
2024-05-27 19:52:16 +05:30
vars_files:
- ./blocked-ranges.yaml
2023-05-13 06:44:40 +05:30
tasks:
- name: Copy Caddyfile
2023-07-07 22:40:54 +05:30
ansible.builtin.template:
src: ./templates/Caddyfile.j2
dest: /etc/caddy/Caddyfile
2023-07-07 22:40:54 +05:30
mode: preserve
tags: caddy-non-update
2023-05-13 06:44:40 +05:30
- name: Copy per-server caddy extras
2023-07-07 22:40:54 +05:30
ansible.builtin.copy:
2023-05-29 14:08:34 +05:30
src: "./templates/{{ inventory_hostname }}/"
dest: /etc/caddy/
directory_mode: true
2023-07-07 22:40:54 +05:30
mode: preserve
tags: caddy-non-update
- name: Reload Caddy
2023-07-07 22:40:54 +05:30
ansible.builtin.service:
2023-05-29 21:19:16 +05:30
name: caddy
2023-07-07 22:40:54 +05:30
enabled: true
state: reloaded
tags: caddy-non-update
2024-06-19 21:41:35 +05:30
- name: Create www directory if doesn't exist already
ansible.builtin.file:
path: /var/lib/caddy/www
state: directory
mode: '0755'
owner: caddy
group: caddy
tags: caddy-non-update
- name: "Instal VNStat Metrics CGI Script to WWW"
ansible.builtin.copy:
src: ./templates/vnstat-metrics.cgi
dest: /var/lib/caddy/www/vnstat-metrics.cgi
mode: preserve
owner: caddy
group: caddy
2024-06-19 22:17:57 +05:30
mode: 777
2024-06-19 21:41:35 +05:30
tags: caddy-non-update
2024-01-10 19:13:09 +05:30
- name: Fail2Ban
2023-05-14 15:56:43 +05:30
hosts: privfrontends
2023-07-07 22:40:54 +05:30
tasks:
2024-01-10 19:13:09 +05:30
- name: Copy jail.local config to fail2ban
ansible.builtin.copy:
src: "./configs/fail2ban/jail.local"
dest: "/etc/fail2ban/jail.local"
mode: "0644"
tags: fail2ban
- name: Copy caddy-status filter to fail2ban
ansible.builtin.copy:
src: "./configs/fail2ban/caddy-status.conf"
dest: "/etc/fail2ban/filter.d/caddy-status.conf"
mode: "0644"
tags: fail2ban
2024-01-10 19:16:06 +05:30
- name: Restart fail2ban
ansible.builtin.service:
name: fail2ban
state: restarted
2024-06-19 22:17:57 +05:30
- name: Logs stuff
hosts: privfrontends
tasks:
- name: Create www directory if doesn't exist already
ansible.builtin.file:
path: /var/lib/caddy/www
state: directory
mode: '0755'
owner: caddy
group: caddy
- name: Copy VNStat CGI script
ansible.builtin.copy:
src: ./configs/vnstat-metrics.cgi
dest: /var/lib/caddy/www/vnstat-metrics.cgi
mode: preserve
owner: caddy
group: caddy
- name: Copy Systemd service for goaccess on Caddy logfiles
- name: Copy Systemd service file for HTTP Server