Aidan Kahrs
8 years ago
committed by
GitHub
GitHub
1 changed files with 82 additions and 0 deletions
Split View
Diff Options
-
+82 -0build-scripts/playbook.yml
+ 82
- 0
build-scripts/playbook.yml
View File
| @ -0,0 +1,82 @@ | |||
| --- | |||
| - hosts: 127.0.0.1 | |||
| tasks: | |||
| - name: Install packages | |||
| dnf: name="{{ item }}" state=present | |||
| become: true | |||
| with_items: | |||
| - nginx | |||
| - jenkins | |||
| - mock | |||
| - git | |||
| - openssh-server | |||
| - pungi | |||
| - rpm-sign | |||
| - certbot | |||
| - fedora-packager | |||
| - fedpkg | |||
| - fail2ban | |||
| - fail2ban-server | |||
| - iptables | |||
| - dnf-automatic | |||
| - mosh | |||
| - vim | |||
| - python-firewall | |||
| # need to get anaconda install class for TigerOS possibly | |||
| #- letsencrypt | |||
| - name: Allow HTTPS (nginx) | |||
| firewalld: | |||
| service: https | |||
| permanent: true | |||
| state: enabled | |||
| - name: Allow HTTP (nginx) | |||
| firewalld: | |||
| service: http | |||
| permanent: true | |||
| state: enabled | |||
| - name: Allow SSH access | |||
| firewalld: | |||
| service: ssh | |||
| permanent: true | |||
| state: enabled | |||
| - name: Allow 8080 (Jenkins) | |||
| firewalld: | |||
| port: 8080/tcp | |||
| permanent: true | |||
| state: enabled | |||
| - name: Allow Cockpit | |||
| firewalld: | |||
| service: cockpit | |||
| permanent: true | |||
| state: enabled | |||
| - name: Enable nginx service | |||
| systemd: | |||
| name: nginx | |||
| enabled: yes | |||
| state: started | |||
| - name: Enable Jenkins service | |||
| systemd: | |||
| name: jenkins | |||
| enabled: yes | |||
| state: started | |||
| - name: Enable Cockpit service | |||
| systemd: | |||
| name: cockpit | |||
| enabled: yes | |||
| state: started | |||
| - name: Enable sshd (openssh-server) service | |||
| systemd: | |||
| name: sshd | |||
| enabled: yes | |||
| state: started | |||
| - name: Enable fail2ban service | |||
| systemd: | |||
| name: fail2ban | |||
| enabled: yes | |||
| state: started | |||
| - name: Reload Firewall | |||
| command: firewall-cmd --reload | |||
| become: true | |||
| - name: Update packages | |||
| command: dnf update | |||
| become: true | |||