From f246600cbb66834c1289bf52cf7bd95cc6428b02 Mon Sep 17 00:00:00 2001
From: clyhtsuriva <aimeric@adjutor.xyz>
Date: Sat, 1 Feb 2025 02:12:10 +0100
Subject: Working debian packer template w/ ansible to set up fw rules after
 reboot

---
 ansible/ansible.cfg                        |  2 ++
 ansible/playbooks/common.yml               |  7 ++++++
 ansible/playbooks/test.yml                 | 13 +++++++++++
 ansible/roles/README.md                    |  2 ++
 ansible/roles/common/handlers/main.yml     |  6 +++++
 ansible/roles/common/tasks/main.yml        |  4 ++++
 ansible/roles/common/tasks/ufw.yml         | 35 ++++++++++++++++++++++++++++++
 ansible/roles/nginx/tasks/update_nginx.yml | 25 +++++++++++++++++++++
 ansible/roles/nginx/update_nginx.yml       | 25 ---------------------
 9 files changed, 94 insertions(+), 25 deletions(-)
 create mode 100644 ansible/ansible.cfg
 create mode 100644 ansible/playbooks/common.yml
 create mode 100644 ansible/playbooks/test.yml
 create mode 100644 ansible/roles/common/handlers/main.yml
 create mode 100644 ansible/roles/common/tasks/main.yml
 create mode 100644 ansible/roles/common/tasks/ufw.yml
 create mode 100644 ansible/roles/nginx/tasks/update_nginx.yml
 delete mode 100644 ansible/roles/nginx/update_nginx.yml

(limited to 'ansible')

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
new file mode 100644
index 0000000..002a50d
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+roles_path = ./roles
diff --git a/ansible/playbooks/common.yml b/ansible/playbooks/common.yml
new file mode 100644
index 0000000..a9a64d4
--- /dev/null
+++ b/ansible/playbooks/common.yml
@@ -0,0 +1,7 @@
+---
+- name: Apply common configurations to all VMs
+  hosts: all
+  become: true
+  roles:
+    - role: common
+...
diff --git a/ansible/playbooks/test.yml b/ansible/playbooks/test.yml
new file mode 100644
index 0000000..638572f
--- /dev/null
+++ b/ansible/playbooks/test.yml
@@ -0,0 +1,13 @@
+---
+- name: Create a file in /root/ called toto with content tata
+  hosts: all
+  become: true
+  tasks:
+    - name: Ensure /root/toto exists with content "tata"
+      ansible.builtin.copy:
+        dest: /root/toto
+        content: "tata"
+        owner: root
+        group: root
+        mode: '0644'
+...
diff --git a/ansible/roles/README.md b/ansible/roles/README.md
index 59841b5..744532c 100644
--- a/ansible/roles/README.md
+++ b/ansible/roles/README.md
@@ -3,4 +3,6 @@
 This folder contains reusable Ansible roles for configuration management.
 
 ## Available Roles
+- common
+- docker
 - nginx
diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml
new file mode 100644
index 0000000..d090d0e
--- /dev/null
+++ b/ansible/roles/common/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart UFW
+  ansible.builtin.service:
+    name: ufw
+    state: restarted
+...
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
new file mode 100644
index 0000000..f15e2b7
--- /dev/null
+++ b/ansible/roles/common/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- name: Include UFW tasks
+  include_tasks: ufw.yml
+...
diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml
new file mode 100644
index 0000000..155579f
--- /dev/null
+++ b/ansible/roles/common/tasks/ufw.yml
@@ -0,0 +1,35 @@
+---
+- name: Ensure UFW is installed
+  ansible.builtin.apt:
+    name: ufw
+    state: present
+
+- name: Allow SSH
+  community.general.ufw:
+    rule: allow
+    name: OpenSSH
+    comment: "Allow SSH"
+
+- name: Allow HTTP
+  community.general.ufw:
+    rule: allow
+    port: 80
+    proto: tcp
+    comment: "Allow HTTP"
+
+- name: Allow HTTPS
+  community.general.ufw:
+    rule: allow
+    port: 443
+    proto: tcp
+    comment: "Allow HTTPS"
+
+- name: Enable UFW
+  community.general.ufw:
+    state: enabled
+
+- name: Ensure UFW is enabled on boot
+  ansible.builtin.systemd:
+    name: ufw
+    enabled: true
+...
diff --git a/ansible/roles/nginx/tasks/update_nginx.yml b/ansible/roles/nginx/tasks/update_nginx.yml
new file mode 100644
index 0000000..4813e6c
--- /dev/null
+++ b/ansible/roles/nginx/tasks/update_nginx.yml
@@ -0,0 +1,25 @@
+---
+- name: Update nginx if needed
+  hosts: vps
+  become: true
+  become_user: root
+  tasks:
+
+    - name: Ensure nginx is at the latest version
+      ansible.builtin.package:
+        name: nginx
+        state: latest
+      notify: restart nginx
+
+    - name: Ensure nginx is running
+      ansible.builtin.service:
+        name: nginx
+        state: started
+        enabled: true
+
+  handlers:
+    - name: Restart nginx
+      ansible.builtin.service:
+        name: nginx
+        state: restarted
+...
diff --git a/ansible/roles/nginx/update_nginx.yml b/ansible/roles/nginx/update_nginx.yml
deleted file mode 100644
index 4813e6c..0000000
--- a/ansible/roles/nginx/update_nginx.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-- name: Update nginx if needed
-  hosts: vps
-  become: true
-  become_user: root
-  tasks:
-
-    - name: Ensure nginx is at the latest version
-      ansible.builtin.package:
-        name: nginx
-        state: latest
-      notify: restart nginx
-
-    - name: Ensure nginx is running
-      ansible.builtin.service:
-        name: nginx
-        state: started
-        enabled: true
-
-  handlers:
-    - name: Restart nginx
-      ansible.builtin.service:
-        name: nginx
-        state: restarted
-...
-- 
cgit v1.2.3