cspark
/
Client-Ansible-Setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Client-Ansible-Setup/prox-server-setup.yml

154 lines
4.3 KiB
YAML
Executable File
Raw Blame History

- hosts:
- "{{ proxy_server_hostname }}"
# - "{{ proxy_server_hostname }}"-defaultport
become: 'yes'
ignore_errors: true
vars:
# Packages to install
packages:
# System
- linux-headers-amd64
- build-essential
- ssh
- mount
- vim
- neofetch
- htop
# Reverse Proxy/Webserver
- nginx
- libnginx-mod-stream # Module allowing to proxy TCP, UDP (1.9.13), UNIX-domain sockets requests.
- libnginx-mod-mail # Module allowing to proxy IMAP, POP3 & SMTP.
- haproxy # Alternate dedicated Reverse Proxy, using for mail
# VPN Server
- wireguard
# TLS
- certbot
- python3-certbot-nginx
# Firewall
- iptables-persistent
tasks:
- name: Apply default doas configuration allowing wheel group users to elevate commands with prompt
become: yes
template:
src: root_resources/etc/doas.conf
dest: "/etc/doas.conf"
- name: Temporarily disable doas pass prompt as doas persist does not work within scripts
become: yes
replace:
path: /etc/doas.conf
regexp: 'persist'
replace: 'nopass'
# System Setup
- name: Ensure .bashrc is updated
template:
src: proxy_resources/.bashrc
dest: "~/.bashrc"
- name: Add contrib
replace:
dest: /etc/apt/sources.list
regexp: '^(deb(?!.* contrib).*)'
replace: '\1 contrib'
- name: Ensure list of packages is installed
apt:
name: '{{ packages }}'
state: present
# SSH Server Setup
- name: Enable SSH
ansible.builtin.systemd:
name: ssh
state: started
- name: Ensure sshd configuration is updated
template:
src: proxy_resources/etc/ssh/sshd_config
dest: "/etc/ssh/sshd_config"
# Wireguard VPN Server Setup
- name: Ensure wireguard server configuration is updated
ansible.builtin.template:
src: proxy_resources/etc/wireguard/wg0.conf
dest: /etc/wireguard/wg0.conf
- name: Enable and persist ip forwarding
sysctl:
name: net.ipv4.ip_forward
value: "1"
state: present
sysctl_set: yes
reload: yes
- name: Enable wireguard server
systemd:
name: wg-quick@wg0
enabled: yes
state: started
# NGinx Reverse Proxy/Webserver Setup
- name: Ensure NGinx main config is updated
template:
src: proxy_resources/etc/nginx/nginx.conf
dest: /etc/nginx/nginx.conf
- name: Ensure NGinx sites config directory exists
ansible.builtin.file:
path: /etc/nginx/sites-available/
state: directory
# Ensure all NGinx site configurations are updated/enabled
- name: Ensure all NGinx site configurations are updated
template:
src: proxy_resources/etc/nginx/sites-available/git.domain
dest: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}"
loop:
- git
- mail
- searxng
- nextcloud
- chat
- invidious
- name: Ensure all NGinx site configurations are enabled
ansible.builtin.file:
src: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}"
dest: "/etc/nginx/sites-enabled/{{ item }}.{{ domain_name }}"
state: link
loop:
- git
- mail
- searxng
- nextcloud
- chat
- invidious
- name: Enable NGinx
ansible.builtin.systemd:
name: nginx
enabled: yes
state: started
# Experimental NGinx Email Proxy
# - name: Ensure Email Proxy Authentication Server is updated
# ansible.builtin.template:
# src: proxy_resources/home/mail-authserver.py
# dest: ~/mail-authserver.py
# HAProxy Reverse Proxy Setup
#- name: Ensure HAProxy configuration is updated
# template:
# src: proxy_resources/etc/haproxy/haproxy.cfg
# dest: "/etc/haproxy/haproxy.cfg"
#- name: Enable HAProxy
# ansible.builtin.systemd:
# name: haproxy
# state: started
- name: Reset doas configuration back to default
become: yes
template:
src: root_resources/etc/doas.conf
dest: "/etc/doas.conf"
# End
- name: Debug Finish message
debug:
msg: Ansible playbook has finished!
Reference in New Issue View Git Blame Copy Permalink