135 lines
2.9 KiB
YAML
135 lines
2.9 KiB
YAML
- name: Create a pangolin group
|
|
group:
|
|
name: pangolin
|
|
state: present
|
|
gid: 1051
|
|
|
|
- name: Create a pangolin user
|
|
user:
|
|
name: pangolin
|
|
uid: 1051
|
|
group: 1051
|
|
comment: "pangolin user"
|
|
shell: /bin/bash
|
|
state: present
|
|
create_home: yes
|
|
|
|
- name: Permanently enable http service (firewalld)
|
|
ansible.posix.firewalld:
|
|
service: http
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
offline: true
|
|
|
|
- name: Permanently enable https service (firewalld)
|
|
ansible.posix.firewalld:
|
|
service: https
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
offline: true
|
|
|
|
- name: Permanently enable wireguard service (firewalld)
|
|
ansible.posix.firewalld:
|
|
service: wireguard
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
offline: true
|
|
|
|
- name: Permit traffic in default zone on port 21820/udp
|
|
ansible.posix.firewalld:
|
|
port: 21820/udp
|
|
permanent: true
|
|
state: enabled
|
|
immediate: true
|
|
offline: true
|
|
|
|
- name: Install epel
|
|
package:
|
|
name: epel-release
|
|
state: present
|
|
|
|
- name: Install podman
|
|
package:
|
|
name: podman
|
|
state: present
|
|
|
|
- name: Install podman-compose
|
|
package:
|
|
name: podman-compose
|
|
state: present
|
|
|
|
- name: Start and enable podman service
|
|
service:
|
|
name: podman
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Start and enabled podman-restart
|
|
service:
|
|
name: podman-restart
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Create pangolin config, logging and backup directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: pangolin
|
|
group: pangolin
|
|
loop:
|
|
- /home/pangolin/config
|
|
- /home/pangolin/config/db
|
|
- /home/pangolin/config/traefik
|
|
- /home/pangolin/config/letsencrypt
|
|
- /home/pangolin/config/logs
|
|
- /home/pangolin/backups
|
|
|
|
- name: Create pangolin config
|
|
template:
|
|
src: templates/config.yaml.j2
|
|
dest: /home/pangolin/config/config.yml
|
|
owner: pangolin
|
|
group: pangolin
|
|
mode: 0600
|
|
|
|
- name: Create traefik config
|
|
template:
|
|
src: templates/traefik_config.yaml.j2
|
|
dest: /home/pangolin/config/traefik/traefik_config.yml
|
|
owner: pangolin
|
|
group: pangolin
|
|
mode: 0600
|
|
|
|
- name: Create traefik dynamic config
|
|
template:
|
|
src: templates/dynamic_config.yaml.j2
|
|
dest: /home/pangolin/config/traefik/dynamic_config.yml
|
|
owner: pangolin
|
|
group: pangolin
|
|
mode: 0600
|
|
|
|
- name: Create or update docker-compose
|
|
template:
|
|
src: templates/docker-compose.yaml.j2
|
|
dest: /home/pangolin/docker-compose.yaml
|
|
owner: pangolin
|
|
group: pangolin
|
|
mode: 0600
|
|
notify: Restart pangolin
|
|
|
|
- name: Create local backup of config directory
|
|
copy:
|
|
src: /home/pangolin/config
|
|
dest: /home/pangolin/backups/config.backup.{{ ansible_date_time.date }}
|
|
remote_src: yes
|
|
|
|
- name: Create local backup of docker-compose
|
|
copy:
|
|
src: /home/pangolin/docker-compose.yaml
|
|
dest: /home/pangolin/backups/docker-compose.yaml.backup.{{ ansible_date_time.date }}
|
|
remote_src: yes
|