|
--- |
|
- hosts: somehost.example.net |
|
tasks: |
|
- name: "Apt update, Full-upgrade, autoremove, autoclean" |
|
apt: |
|
upgrade: full |
|
update_cache: yes |
|
autoremove: yes |
|
autoclean: yes |
|
|
|
- name: Install packages |
|
apt: |
|
name: "{{ item }}" |
|
state: present |
|
loop: |
|
- nginx |
|
- git |
|
- tcpdump |
|
- letsencrypt |
|
- ssl-cert |
|
- "php{{ php_version | default('7.2') }}-fpm" |
|
- "php{{ php_version | default('7.2') }}-gd" |
|
- "php{{ php_version | default('7.2') }}-json" |
|
- "php{{ php_version | default('7.2') }}-intl" |
|
- "php{{ php_version | default('7.2') }}-bcmath" |
|
- "php{{ php_version | default('7.2') }}-bz2" |
|
- "php{{ php_version | default('7.2') }}-cli" |
|
- "php{{ php_version | default('7.2') }}-curl" |
|
- "php{{ php_version | default('7.2') }}-mbstring" |
|
- "php{{ php_version | default('7.2') }}-mysql" |
|
- "php{{ php_version | default('7.2') }}-sqlite3" |
|
- "php{{ php_version | default('7.2') }}-xml" |
|
- "php{{ php_version | default('7.2') }}-xsl" |
|
- "php{{ php_version | default('7.2') }}-zip" |
|
|
|
- name: Remove upstream nginx default server |
|
file: |
|
path: /etc/nginx/sites-enabled/default |
|
state: absent |
|
notify: Restart nginx |
|
|
|
- name: Create the holding location for letsencrypt .well-known files |
|
file: |
|
name: /var/www/letsencrypt |
|
state: directory |
|
|
|
- name: Generate dhparams |
|
shell: openssl dhparam -out /etc/nginx/dhparams.pem 4096 |
|
args: |
|
creates: /etc/nginx/dhparams.pem |
|
|
|
- name: Create our nginx default server |
|
template: |
|
dest: /etc/nginx/sites-available/default_server |
|
src: templates/nginx/default_server.j2 |
|
owner: root |
|
group: root |
|
mode: 0644 |
|
vars: |
|
ipv4_addresses: "{{ ansible_all_ipv4_addresses }} + ['127.0.0.1','127.0.1.1']" |
|
ipv6_addresses: ["[deca:fbad:1:2::1:2]", "[::1]"] |
|
notify: Restart nginx |
|
|
|
- name: Link our default server to be enabled |
|
file: |
|
src: /etc/nginx/sites-available/default_server |
|
dest: /etc/nginx/sites-enabled/default_server |
|
owner: root |
|
group: root |
|
state: link |
|
notify: Restart nginx |
|
|
|
handlers: |
|
- name: Restart nginx |
|
systemd: |
|
state: restarted |
|
name: nginx |
|
|
|
- hosts: somehost.example.net |
|
tasks: |
|
- name: Create the Cachet Volume |
|
docker_volume: |
|
name: cachet |
|
|
|
- name: Run the Cachet container |
|
docker_container: |
|
name: 'cachet' |
|
image: 'cachethq/docker:2.3.14' |
|
state: 'started' |
|
ports: |
|
- 127.0.0.80:80:8000 |
|
env: |
|
DB_DRIVER: sqlite |
|
APP_KEY: "Some32CharsLongWhy_IsItIDontKnow" |
|
volumes: |
|
- "cachet:/var/www/html/database" |
|
register: cachet_cont_metadata |
|
|
|
- name: Create our cachet proxy config |
|
tags: debug |
|
template: |
|
dest: /etc/nginx/sites-available/proxy_cachet |
|
src: templates/nginx/proxy.j2 |
|
owner: root |
|
group: root |
|
mode: 0644 |
|
notify: Restart nginx |
|
vars: |
|
server_name: cachet.example.com www.cachet.example.com cachet.example.org www.cachet.example.org |
|
primary_server_name: cachet.example.com |
|
proxy_address: http://127.0.0.80 |
|
enable_letsencrypt: false |
|
ipv4_addresses: "{{ ansible_all_ipv4_addresses }} + ['127.0.0.1','127.0.1.1']" |
|
ipv6_addresses: ["[deca:fbad:1:2::1:2]", "[::1]"] |
|
|
|
- name: Link our cachet proxy config to be enabled |
|
file: |
|
src: /etc/nginx/sites-available/proxy_cachet |
|
dest: /etc/nginx/sites-enabled/proxy_cachet |
|
owner: root |
|
group: root |
|
state: link |
|
notify: Restart nginx |
|
|
|
handlers: |
|
- name: Restart nginx |
|
systemd: |
|
state: restarted |
|
name: nginx |