#- name: DNS setup # hosts: localhost # tags: dns # module_defaults: # inwx: # username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}" # password: "{{lookup('ini', 'pass section=inwx file=credentials.ini')}}" # vars: # subdomains: # - git.jaseg.net # - git.jaseg.de # - blog.jaseg.net # - blog.jaseg.de # - kochbuch.jaseg.net # - gerbolyze.jaseg.net # - tracespace.jaseg.net # - openjscad.jaseg.net # - pogojig.jaseg.net # - automation.jaseg.de # - dyndns.jaseg.de # fastmail_domains: # - jaseg.net # - jaseg.de # tasks: # - name: Gather wendelstein facts # setup: # delegate_to: wendelstein # delegate_facts: True # # - name: Setup DNS # include_tasks: dns.yml - name: Wendelstein setup hosts: wendelstein tasks: - name: Set hostname tags: setup hostname: name: wendelstein.jaseg.de - name: Install common admin tools tags: setup dnf: name: htop,tmux,fish,mosh,neovim,sqlite state: latest - name: Install host requisites tags: setup dnf: name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd,python3-virtualenv state: latest - name: Disable password-based root login tags: setup lineinfile: path: /etc/ssh/sshd_config regexp: '^PermitRootLogin' line: 'PermitRootLogin without-password' register: disable_root_pw_ssh - name: Restart sshd tags: setup systemd: name: sshd state: restarted when: disable_root_pw_ssh is changed - name: Configure iptables firewall service tags: setup copy: src: iptables.rules dest: /etc/sysconfig/iptables owner: root group: root mode: 0664 - name: Enable iptables firewall service tags: setup systemd: name: iptables enabled: yes state: started # - name: Create containers # tags: setup # include_tasks: # file: setup_containers.yml # apply: # tags: setup # vars: # containers: # - gerboweb # - clippy # - pogojig - name: Setup web server tags: www include_tasks: file: setup_webserver.yml apply: tags: www # - name: Setup gerboweb # tags: gerboweb # include_tasks: # file: setup_gerboweb.yml # apply: # tags: gerboweb # - name: Setup clippy # tags: clippy # include_tasks: # file: setup_clippy.yml # apply: # tags: clippy - name: Setup secure download tags: secure-download include_tasks: file: setup_secure_download.yml apply: tags: secure-download # - name: Setup tracespace # tags: pogojig # include_tasks: # file: setup_tracespace.yml # apply: # tags: pogojig # - name: Setup openjscad # tags: pogojig # include_tasks: # file: setup_openjscad.yml # apply: # tags: pogojig # - name: Setup pogojig # tags: pogojig # include_tasks: # file: setup_pogojig.yml # apply: # tags: pogojig - name: Setup notification proxy tags: notification-proxy include_tasks: file: setup_notification_proxy.yml apply: tags: notification-proxy - name: Setup semi-public git server tags: git include_tasks: file: setup_git.yml apply: tags: git - name: Setup private DynDNS service tags: dyndns include_tasks: file: setup_dyndns.yml apply: tags: dyndns - name: Setup vcd-to-8-segment-svg render thingy for TUD's WS2021 LE course tags: vcdrender include_tasks: file: setup_vcd_render.yml apply: tags: vcdrender