diff options
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/ansible.cfg | 2 | ||||
| -rw-r--r-- | ansible/playbooks/common.yml | 7 | ||||
| -rw-r--r-- | ansible/playbooks/test.yml | 13 | ||||
| -rw-r--r-- | ansible/roles/README.md | 2 | ||||
| -rw-r--r-- | ansible/roles/common/handlers/main.yml | 6 | ||||
| -rw-r--r-- | ansible/roles/common/tasks/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/common/tasks/ufw.yml | 35 | ||||
| -rw-r--r-- | ansible/roles/nginx/tasks/update_nginx.yml (renamed from ansible/roles/nginx/update_nginx.yml) | 0 |
8 files changed, 69 insertions, 0 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..002a50d --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ./roles diff --git a/ansible/playbooks/common.yml b/ansible/playbooks/common.yml new file mode 100644 index 0000000..a9a64d4 --- /dev/null +++ b/ansible/playbooks/common.yml @@ -0,0 +1,7 @@ +--- +- name: Apply common configurations to all VMs + hosts: all + become: true + roles: + - role: common +... diff --git a/ansible/playbooks/test.yml b/ansible/playbooks/test.yml new file mode 100644 index 0000000..638572f --- /dev/null +++ b/ansible/playbooks/test.yml @@ -0,0 +1,13 @@ +--- +- name: Create a file in /root/ called toto with content tata + hosts: all + become: true + tasks: + - name: Ensure /root/toto exists with content "tata" + ansible.builtin.copy: + dest: /root/toto + content: "tata" + owner: root + group: root + mode: '0644' +... diff --git a/ansible/roles/README.md b/ansible/roles/README.md index 59841b5..744532c 100644 --- a/ansible/roles/README.md +++ b/ansible/roles/README.md @@ -3,4 +3,6 @@ This folder contains reusable Ansible roles for configuration management. ## Available Roles +- common +- docker - nginx diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml new file mode 100644 index 0000000..d090d0e --- /dev/null +++ b/ansible/roles/common/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart UFW + ansible.builtin.service: + name: ufw + state: restarted +... diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..f15e2b7 --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Include UFW tasks + include_tasks: ufw.yml +... diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml new file mode 100644 index 0000000..155579f --- /dev/null +++ b/ansible/roles/common/tasks/ufw.yml @@ -0,0 +1,35 @@ +--- +- name: Ensure UFW is installed + ansible.builtin.apt: + name: ufw + state: present + +- name: Allow SSH + community.general.ufw: + rule: allow + name: OpenSSH + comment: "Allow SSH" + +- name: Allow HTTP + community.general.ufw: + rule: allow + port: 80 + proto: tcp + comment: "Allow HTTP" + +- name: Allow HTTPS + community.general.ufw: + rule: allow + port: 443 + proto: tcp + comment: "Allow HTTPS" + +- name: Enable UFW + community.general.ufw: + state: enabled + +- name: Ensure UFW is enabled on boot + ansible.builtin.systemd: + name: ufw + enabled: true +... diff --git a/ansible/roles/nginx/update_nginx.yml b/ansible/roles/nginx/tasks/update_nginx.yml index 4813e6c..4813e6c 100644 --- a/ansible/roles/nginx/update_nginx.yml +++ b/ansible/roles/nginx/tasks/update_nginx.yml |