ansible/privfrontends/playbook.yaml

77 lines
2.2 KiB
YAML

---
- name: Docker
hosts: privfrontends
vars_files:
- ./vars.yaml
tasks:
- name: Deploy stack role
ansible.builtin.include_role:
name: gi-yt.docker_compose_declarative
vars:
app: "{{ service.value }}"
app_name: "{{ service.key | lower }}"
loop: "{{ apps.groups | default({}) | dict2items }}"
loop_control:
loop_var: service
when: service.value.docker_settings
- name: Setup Caddy
hosts: privfrontends
vars_files:
- ./blocked-ranges.yaml
tasks:
- name: Copy Caddyfile
ansible.builtin.template:
src: ./templates/Caddyfile.j2
dest: /etc/caddy/Caddyfile
mode: preserve
tags: caddy-non-update
- name: Copy per-server caddy extras
ansible.builtin.copy:
src: "./templates/{{ inventory_hostname }}/"
dest: /etc/caddy/
directory_mode: true
mode: preserve
tags: caddy-non-update
- name: Reload Caddy
ansible.builtin.service:
name: caddy
enabled: true
state: reloaded
tags: caddy-non-update
- name: Create www directory if doesn't exist already
ansible.builtin.file:
path: /var/lib/caddy/www
state: directory
mode: '0755'
owner: caddy
group: caddy
tags: caddy-non-update
- name: "Instal VNStat Metrics CGI Script to WWW"
ansible.builtin.copy:
src: ./templates/vnstat-metrics.cgi
dest: /var/lib/caddy/www/vnstat-metrics.cgi
mode: preserve
owner: caddy
group: caddy
mode: 777
tags: caddy-non-update
- name: Fail2Ban
hosts: privfrontends
tasks:
- name: Copy jail.local config to fail2ban
ansible.builtin.copy:
src: "./configs/fail2ban/jail.local"
dest: "/etc/fail2ban/jail.local"
mode: "0644"
tags: fail2ban
- name: Copy caddy-status filter to fail2ban
ansible.builtin.copy:
src: "./configs/fail2ban/caddy-status.conf"
dest: "/etc/fail2ban/filter.d/caddy-status.conf"
mode: "0644"
tags: fail2ban
- name: Restart fail2ban
ansible.builtin.service:
name: fail2ban
state: restarted