cspark
/
Client-Ansible-Setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Client-Ansible-Setup/prox-server-setup.yml

184 lines
6.8 KiB
YAML
Executable File
Raw Blame History

- hosts:
- "{{ proxy_server_hostname }}"
# - "{{ proxy_server_hostname }}"-defaultport
become: 'yes'
ignore_errors: true
vars:
# Packages to install
packages:
# System
- linux-headers-amd64
- build-essential
- ssh
- mount
- vim
- neofetch
- htop
# Reverse Proxy/Webserver
- nginx
- libnginx-mod-stream # Module allowing to proxy TCP, UDP (1.9.13), UNIX-domain sockets requests.
- libnginx-mod-mail # Module allowing to proxy IMAP, POP3 & SMTP.
- haproxy # Alternate dedicated Reverse Proxy, using for mail
# VPN Server
- wireguard
# TLS
- certbot
- python3-certbot-nginx
# Firewall
- iptables-persistent
tasks:
- name: Apply default doas configuration allowing wheel group users to elevate commands with prompt
become: yes
template:
src: root_resources/etc/doas.conf
dest: "/etc/doas.conf"
- name: Temporarily disable doas pass prompt as doas persist does not work within scripts
become: yes
replace:
path: /etc/doas.conf
regexp: 'persist'
replace: 'nopass'
# System Setup
- name: Ensure .bashrc is updated
template:
src: proxy_resources/.bashrc
dest: "~/.bashrc"
- name: Add contrib
replace:
dest: /etc/apt/sources.list
regexp: '^(deb(?!.* contrib).*)'
replace: '\1 contrib'
- name: Ensure list of packages is installed
apt:
name: '{{ packages }}'
state: present
# SSH Server Setup
- name: Enable SSH
ansible.builtin.systemd:
name: ssh
state: started
- name: Ensure sshd configuration is updated
template:
src: proxy_resources/etc/ssh/sshd_config
dest: "/etc/ssh/sshd_config"
# Wireguard VPN Server Setup
- name: Ensure wireguard server configuration is updated
ansible.builtin.template:
src: proxy_resources/etc/wireguard/wg0.conf
dest: /etc/wireguard/wg0.conf
- name: Enable and persist ip forwarding
sysctl:
name: net.ipv4.ip_forward
value: "1"
state: present
sysctl_set: yes
reload: yes
- name: Enable wireguard server
systemd:
name: wg-quick@wg0
enabled: yes
state: started
# NGinx Reverse Proxy/Webserver Setup
- name: Ensure NGinx main config is updated
template:
src: proxy_resources/etc/nginx/nginx.conf
dest: /etc/nginx/nginx.conf
- name: Ensure NGinx sites config directory exists
ansible.builtin.file:
path: /etc/nginx/sites-available/
state: directory
- name: Ensure reverse proxy git domain config is updated
template:
src: proxy_resources/etc/nginx/sites-available/git.domain
dest: "/etc/nginx/sites-available/git.{{ domain_name }}"
- name: Enable the reverse proxy git domain config
ansible.builtin.file:
src: "/etc/nginx/sites-available/git.{{ domain_name }}"
dest: "/etc/nginx/sites-enabled/git.{{ domain_name }}"
state: link
# TODO : Overhaul all of this to use loops instead
# - name: Ensure reverse proxy invidious domain config is updated
# template:
# src: proxy_resources/etc/nginx/sites-available/invidious.domain
# dest: "/etc/nginx/sites-available/invidious.{{ domain_name }}"
# - name: Ensure reverse proxy mail domain config is updated
# template:
# src: proxy_resources/etc/nginx/sites-available/mail.domain
# dest: "/etc/nginx/sites-available/mail.{{ domain_name }}"
# - name: Ensure reverse proxy searxng domain config is updated
# template:
# src: proxy_resources/etc/nginx/sites-available/searxng.domain
# dest: "/etc/nginx/sites-available/searxng.{{ domain_name }}"
# - name: Ensure reverse proxy nextcloud domain config is updated
# template:
# src: proxy_resources/etc/nginx/sites-available/nextcloud.domain
# dest: "/etc/nginx/sites-available/nextcloud.{{ domain_name }}"
# - name: Ensure reverse proxy chat domain config is updated
# template:
# src: proxy_resources/etc/nginx/sites-available/chat.domain
# dest: "/etc/nginx/sites-available/chat.{{ domain_name }}"
# - name: Enable the reverse proxy invidious domain config
# ansible.builtin.file:
# src: /etc/nginx/sites-available/invidious.{{ domain_name }}
# dest: /etc/nginx/sites-enabled/invidious.{{ domain_name }}
# state: link
# - name: Enable the reverse proxy mail domain config
# ansible.builtin.file:
# src: /etc/nginx/sites-available/mail.{{ domain_name }}
# dest: /etc/nginx/sites-enabled/mail.{{ domain_name }}
# state: link
# - name: Enable the reverse proxy searxng domain config
# ansible.builtin.file:
# src: /etc/nginx/sites-available/searxng.{{ domain_name }}
# dest: /etc/nginx/sites-enabled/searxng.{{ domain_name }}
# state: link
# - name: Enable the reverse proxy nextcloud domain config
# ansible.builtin.file:
# src: /etc/nginx/sites-available/nextcloud.{{ domain_name }}
# dest: /etc/nginx/sites-enabled/nextcloud.{{ domain_name }}
# state: link
# - name: Enable the reverse proxy chat domain config
# ansible.builtin.file:
# src: /etc/nginx/sites-available/chat.{{ domain_name }}
# dest: /etc/nginx/sites-enabled/chat.{{ domain_name }}
# state: link
- name: Enable NGinx
ansible.builtin.systemd:
name: nginx
enabled: yes
state: started
# Experimental NGinx Email Proxy
# - name: Ensure Email Proxy Authentication Server is updated
# ansible.builtin.template:
# src: proxy_resources/home/mail-authserver.py
# dest: ~/mail-authserver.py
# HAProxy Reverse Proxy Setup
#- name: Ensure HAProxy configuration is updated
# template:
# src: proxy_resources/etc/haproxy/haproxy.cfg
# dest: "/etc/haproxy/haproxy.cfg"
#- name: Enable HAProxy
# ansible.builtin.systemd:
# name: haproxy
# state: started
- name: Reset doas configuration back to default
become: yes
template:
src: root_resources/etc/doas.conf
dest: "/etc/doas.conf"
# End
- name: Debug Finish message
debug:
msg: Ansible playbook has finished!
Reference in New Issue View Git Blame Copy Permalink