Move pangolin role

2026-03-04 22:11:36 -07:00
parent baabdbd55c
commit 76cc8001de
9 changed files with 4 additions and 4 deletions
--- a/ansible/roles/pangolin_server/tasks/main.yaml
+++ b/ansible/roles/pangolin_server/tasks/main.yaml
@@ -0,0 +1,134 @@
+- name: Create a pangolin group
+  group:
+    name: pangolin
+    state: present
+    gid: 1051
+
+- name: Create a pangolin user
+  user:
+    name: pangolin
+    uid: 1051
+    group: 1051
+    comment: "pangolin user"
+    shell: /bin/bash
+    state: present
+    create_home: yes
+
+- name: Permanently enable http service (firewalld)
+  ansible.posix.firewalld:
+    service: http
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permanently enable https service (firewalld)
+  ansible.posix.firewalld:
+    service: https
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permanently enable wireguard service (firewalld)
+  ansible.posix.firewalld:
+    service: wireguard
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Permit traffic in default zone on port 21820/udp
+  ansible.posix.firewalld:
+    port: 21820/udp
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true
+
+- name: Install epel
+  package:
+    name: epel-release
+    state: present
+
+- name: Install podman
+  package:
+    name: podman
+    state: present
+
+- name: Install podman-compose
+  package:
+    name: podman-compose
+    state: present
+
+- name: Start and enable podman service
+  service:
+    name: podman
+    state: started
+    enabled: true
+
+- name: Start and enabled podman-restart
+  service:
+    name: podman-restart
+    state: started
+    enabled: true
+
+- name: Create pangolin config, logging and backup directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: pangolin
+    group: pangolin
+  loop:
+    - /home/pangolin/config
+    - /home/pangolin/config/db
+    - /home/pangolin/config/traefik
+    - /home/pangolin/config/letsencrypt
+    - /home/pangolin/config/logs
+    - /home/pangolin/backups
+
+- name: Create pangolin config
+  template: 
+    src: templates/config.yaml.j2
+    dest: /home/pangolin/config/config.yml
+    owner: pangolin
+    group: pangolin
+    mode: 0600
+
+- name: Create traefik config
+  template:
+    src: templates/traefik_config.yaml.j2
+    dest: /home/pangolin/config/traefik/traefik_config.yml
+    owner: pangolin
+    group: pangolin
+    mode: 0600
+
+- name: Create traefik dynamic config
+  template: 
+    src: templates/dynamic_config.yaml.j2
+    dest: /home/pangolin/config/traefik/dynamic_config.yml
+    owner: pangolin
+    group: pangolin
+    mode: 0600
+
+- name: Create or update docker-compose
+  template:
+    src: templates/docker-compose.yaml.j2
+    dest: /home/pangolin/docker-compose.yaml
+    owner: pangolin
+    group: pangolin
+    mode: 0600
+  notify: Restart pangolin
+
+- name: Create local backup of config directory
+  copy:
+    src: /home/pangolin/config
+    dest: /home/pangolin/backups/config.backup.{{ ansible_date_time.date }}
+    remote_src: yes
+
+- name: Create local backup of docker-compose
+  copy:
+    src: /home/pangolin/docker-compose.yaml
+    dest: /home/pangolin/backups/docker-compose.yaml.backup.{{ ansible_date_time.date }}
+    remote_src: yes