diff --git a/build-scripts/playbook.yml b/build-scripts/playbook.yml new file mode 100644 index 0000000..e130baa --- /dev/null +++ b/build-scripts/playbook.yml @@ -0,0 +1,82 @@ +--- +- hosts: 127.0.0.1 + tasks: + - name: Install packages + dnf: name="{{ item }}" state=present + become: true + with_items: + - nginx + - jenkins + - mock + - git + - openssh-server + - pungi + - rpm-sign + - certbot + - fedora-packager + - fedpkg + - fail2ban + - fail2ban-server + - iptables + - dnf-automatic + - mosh + - vim + - python-firewall + # need to get anaconda install class for TigerOS possibly + #- letsencrypt + - name: Allow HTTPS (nginx) + firewalld: + service: https + permanent: true + state: enabled + - name: Allow HTTP (nginx) + firewalld: + service: http + permanent: true + state: enabled + - name: Allow SSH access + firewalld: + service: ssh + permanent: true + state: enabled + - name: Allow 8080 (Jenkins) + firewalld: + port: 8080/tcp + permanent: true + state: enabled + - name: Allow Cockpit + firewalld: + service: cockpit + permanent: true + state: enabled + - name: Enable nginx service + systemd: + name: nginx + enabled: yes + state: started + - name: Enable Jenkins service + systemd: + name: jenkins + enabled: yes + state: started + - name: Enable Cockpit service + systemd: + name: cockpit + enabled: yes + state: started + - name: Enable sshd (openssh-server) service + systemd: + name: sshd + enabled: yes + state: started + - name: Enable fail2ban service + systemd: + name: fail2ban + enabled: yes + state: started + - name: Reload Firewall + command: firewall-cmd --reload + become: true + - name: Update packages + command: dnf update + become: true