From 8b2f8441ccb110427078e47c76a8098f2677a54d Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Thu, 30 Aug 2018 10:15:35 +0200 Subject: o Adding rosin and numquam. o Adding unattended-upgrades. --- ansible/roles/rosin/tasks/main.yml | 15 ++++++++++++++ ansible/roles/rosin/tasks/nginx.yml | 31 +++++++++++++++++++++++++++++ ansible/roles/rosin/tasks/rosin-db.yml | 36 ++++++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+) create mode 100644 ansible/roles/rosin/tasks/main.yml create mode 100644 ansible/roles/rosin/tasks/nginx.yml create mode 100644 ansible/roles/rosin/tasks/rosin-db.yml (limited to 'ansible/roles/rosin/tasks') diff --git a/ansible/roles/rosin/tasks/main.yml b/ansible/roles/rosin/tasks/main.yml new file mode 100644 index 0000000..7a9805b --- /dev/null +++ b/ansible/roles/rosin/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: rosin account + user: + name: rosin + shell: "/bin/bash" + createhome: no + home: /home/rosin + system: yes +- name: nginx + tags: nginx + import_tasks: nginx.yml +- name: rosin-db + tags: rosin-db + import_tasks: rosin-db.yml + diff --git a/ansible/roles/rosin/tasks/nginx.yml b/ansible/roles/rosin/tasks/nginx.yml new file mode 100644 index 0000000..8ef9145 --- /dev/null +++ b/ansible/roles/rosin/tasks/nginx.yml @@ -0,0 +1,31 @@ +--- +- name: Packages for nginx + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - nginx + - certbot + - python3-certbot-nginx + +- name: no default nginx site + notify: reload nginx + file: + path: /etc/nginx/sites-enabled/default + state: absent + +- name: nginx config + notify: reload nginx + template: + dest: "/etc/nginx/sites-enabled/rosin.trygvis.io" + src: etc/nginx/sites-enabled/rosin.j2 + +- name: docroot dir + file: + path: "/var/www/rosin" + state: directory + +#- name: docroot dir +# copy: +# dest: "/var/www/rosin/index.html" +# src: "docroot/index.html" diff --git a/ansible/roles/rosin/tasks/rosin-db.yml b/ansible/roles/rosin/tasks/rosin-db.yml new file mode 100644 index 0000000..be2eac1 --- /dev/null +++ b/ansible/roles/rosin/tasks/rosin-db.yml @@ -0,0 +1,36 @@ +--- +- name: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - python-psycopg2 + - python3-psycopg2 +- become: yes + become_user: postgres + vars: + ansible_ssh_pipelining: true + block: + - name: create-user rosin-prod + tags: update-password + postgresql_user: + name: rosin-prod + password: "{{ rosin_secret.db_password_rosin_prod }}" + encrypted: yes + - name: createdb rosin-prod + postgresql_db: + name: "rosin-prod" + encoding: "utf-8" + owner: "rosin-prod" + - name: enable uuid extension + postgresql_ext: + name: uuid-ossp + db: rosin-prod + - name: grant permissions + postgresql_privs: + database: rosin-prod + state: present + privs: USAGE + type: schema + objs: public + roles: rosin-prod -- cgit v1.2.3