1- hosts: surveytool 2 become: yes 3 vars_files: 4 - vars/main.yml 5 - local-vars/local.yml 6 tasks: 7 - name: Install server packages 8 apt: 9 pkg: 10 - unzip # needed for deploy 11 # for monitoring 12 - prometheus-mysqld-exporter 13 # - prometheus-nginx-exporter # (not there yet) 14 # for security 15 - fail2ban 16 - name: Setup fail2ban/jail.local 17 copy: 18 src: templates/fail2ban-jail.local 19 dest: /etc/fail2ban/jail.local 20 owner: root 21 group: root 22 mode: '0644' 23 notify: 'Restart Fail2ban' 24 - name: Setup surveytool user for deploy 25 user: 26 name: "{{ cldr_surveytool_user }}" 27 shell: /bin/bash 28 group: "{{ cldr_surveytool_group }}" 29 - name: Give access to surveytool user 30 file: 31 path: "{{ cldr_trunk_path }}" 32 owner: surveytool 33 recurse: yes 34 - name: Setup surveytool auth 35 authorized_key: 36 user: surveytool 37 key: '{{ surveytooldeploy.key }}' 38 - name: ensure cldradmin group is there 39 group: 40 name: cldradmin 41 state: present 42 - name: ensure cldradmin user is there 43 user: 44 name: cldradmin 45 comment: CLDR Admin 46 groups: 47 - cldradmin 48 append: yes # add to the groups, do not remove 49 state: present 50 create_home: true 51 - name: make sure /home/cldradmin/.ssh/ exists 52 file: 53 path: /home/cldradmin/.ssh/ 54 owner: cldradmin 55 group: cldradmin 56 mode: '0700' 57 state: directory 58 - name: make sure /home/cldradmin/.ssh/authorized_keys exists 59 file: 60 dest: /home/cldradmin/.ssh/authorized_keys 61 owner: cldradmin 62 group: cldradmin 63 mode: '0600' 64 state: touch #https://github.com/ansible/ansible/issues/7490#issuecomment-497373505 65 modification_time: preserve 66 access_time: preserve 67 - name: add cldradmin to sudoers 68 template: 69 dest: /etc/sudoers.d/55-cldradmin-users 70 owner: root 71 group: root 72 mode: '440' 73 src: templates/55-cldradmin.conf 74 handlers: 75 - name: Restart Fail2ban 76 service: 77 name: fail2ban 78 state: restarted 79