1*912701f9SAndroid Build Coastguard Worker- hosts: surveytool 2*912701f9SAndroid Build Coastguard Worker become: yes 3*912701f9SAndroid Build Coastguard Worker vars_files: 4*912701f9SAndroid Build Coastguard Worker - vars/main.yml 5*912701f9SAndroid Build Coastguard Worker - local-vars/local.yml 6*912701f9SAndroid Build Coastguard Worker tasks: 7*912701f9SAndroid Build Coastguard Worker - name: Install server packages 8*912701f9SAndroid Build Coastguard Worker apt: 9*912701f9SAndroid Build Coastguard Worker pkg: 10*912701f9SAndroid Build Coastguard Worker - unzip # needed for deploy 11*912701f9SAndroid Build Coastguard Worker # for monitoring 12*912701f9SAndroid Build Coastguard Worker - prometheus-mysqld-exporter 13*912701f9SAndroid Build Coastguard Worker # - prometheus-nginx-exporter # (not there yet) 14*912701f9SAndroid Build Coastguard Worker # for security 15*912701f9SAndroid Build Coastguard Worker - fail2ban 16*912701f9SAndroid Build Coastguard Worker - name: Setup fail2ban/jail.local 17*912701f9SAndroid Build Coastguard Worker copy: 18*912701f9SAndroid Build Coastguard Worker src: templates/fail2ban-jail.local 19*912701f9SAndroid Build Coastguard Worker dest: /etc/fail2ban/jail.local 20*912701f9SAndroid Build Coastguard Worker owner: root 21*912701f9SAndroid Build Coastguard Worker group: root 22*912701f9SAndroid Build Coastguard Worker mode: '0644' 23*912701f9SAndroid Build Coastguard Worker notify: 'Restart Fail2ban' 24*912701f9SAndroid Build Coastguard Worker - name: Setup surveytool user for deploy 25*912701f9SAndroid Build Coastguard Worker user: 26*912701f9SAndroid Build Coastguard Worker name: "{{ cldr_surveytool_user }}" 27*912701f9SAndroid Build Coastguard Worker shell: /bin/bash 28*912701f9SAndroid Build Coastguard Worker group: "{{ cldr_surveytool_group }}" 29*912701f9SAndroid Build Coastguard Worker - name: Give access to surveytool user 30*912701f9SAndroid Build Coastguard Worker file: 31*912701f9SAndroid Build Coastguard Worker path: "{{ cldr_trunk_path }}" 32*912701f9SAndroid Build Coastguard Worker owner: surveytool 33*912701f9SAndroid Build Coastguard Worker recurse: yes 34*912701f9SAndroid Build Coastguard Worker - name: Setup surveytool auth 35*912701f9SAndroid Build Coastguard Worker authorized_key: 36*912701f9SAndroid Build Coastguard Worker user: surveytool 37*912701f9SAndroid Build Coastguard Worker key: '{{ surveytooldeploy.key }}' 38*912701f9SAndroid Build Coastguard Worker - name: ensure cldradmin group is there 39*912701f9SAndroid Build Coastguard Worker group: 40*912701f9SAndroid Build Coastguard Worker name: cldradmin 41*912701f9SAndroid Build Coastguard Worker state: present 42*912701f9SAndroid Build Coastguard Worker - name: ensure cldradmin user is there 43*912701f9SAndroid Build Coastguard Worker user: 44*912701f9SAndroid Build Coastguard Worker name: cldradmin 45*912701f9SAndroid Build Coastguard Worker comment: CLDR Admin 46*912701f9SAndroid Build Coastguard Worker groups: 47*912701f9SAndroid Build Coastguard Worker - cldradmin 48*912701f9SAndroid Build Coastguard Worker append: yes # add to the groups, do not remove 49*912701f9SAndroid Build Coastguard Worker state: present 50*912701f9SAndroid Build Coastguard Worker create_home: true 51*912701f9SAndroid Build Coastguard Worker - name: make sure /home/cldradmin/.ssh/ exists 52*912701f9SAndroid Build Coastguard Worker file: 53*912701f9SAndroid Build Coastguard Worker path: /home/cldradmin/.ssh/ 54*912701f9SAndroid Build Coastguard Worker owner: cldradmin 55*912701f9SAndroid Build Coastguard Worker group: cldradmin 56*912701f9SAndroid Build Coastguard Worker mode: '0700' 57*912701f9SAndroid Build Coastguard Worker state: directory 58*912701f9SAndroid Build Coastguard Worker - name: make sure /home/cldradmin/.ssh/authorized_keys exists 59*912701f9SAndroid Build Coastguard Worker file: 60*912701f9SAndroid Build Coastguard Worker dest: /home/cldradmin/.ssh/authorized_keys 61*912701f9SAndroid Build Coastguard Worker owner: cldradmin 62*912701f9SAndroid Build Coastguard Worker group: cldradmin 63*912701f9SAndroid Build Coastguard Worker mode: '0600' 64*912701f9SAndroid Build Coastguard Worker state: touch #https://github.com/ansible/ansible/issues/7490#issuecomment-497373505 65*912701f9SAndroid Build Coastguard Worker modification_time: preserve 66*912701f9SAndroid Build Coastguard Worker access_time: preserve 67*912701f9SAndroid Build Coastguard Worker - name: add cldradmin to sudoers 68*912701f9SAndroid Build Coastguard Worker template: 69*912701f9SAndroid Build Coastguard Worker dest: /etc/sudoers.d/55-cldradmin-users 70*912701f9SAndroid Build Coastguard Worker owner: root 71*912701f9SAndroid Build Coastguard Worker group: root 72*912701f9SAndroid Build Coastguard Worker mode: '440' 73*912701f9SAndroid Build Coastguard Worker src: templates/55-cldradmin.conf 74*912701f9SAndroid Build Coastguard Worker handlers: 75*912701f9SAndroid Build Coastguard Worker - name: Restart Fail2ban 76*912701f9SAndroid Build Coastguard Worker service: 77*912701f9SAndroid Build Coastguard Worker name: fail2ban 78*912701f9SAndroid Build Coastguard Worker state: restarted 79