Aidan Kahrs
8 years ago
committed by
GitHub
GitHub
1 changed files with 82 additions and 0 deletions
Unified View
Diff Options
-
+82 -0build-scripts/playbook.yml
+ 82
- 0
build-scripts/playbook.yml
View File
| @ -0,0 +1,82 @@ | |||||
| --- | |||||
| - hosts: 127.0.0.1 | |||||
| tasks: | |||||
| - name: Install packages | |||||
| dnf: name="{{ item }}" state=present | |||||
| become: true | |||||
| with_items: | |||||
| - nginx | |||||
| - jenkins | |||||
| - mock | |||||
| - git | |||||
| - openssh-server | |||||
| - pungi | |||||
| - rpm-sign | |||||
| - certbot | |||||
| - fedora-packager | |||||
| - fedpkg | |||||
| - fail2ban | |||||
| - fail2ban-server | |||||
| - iptables | |||||
| - dnf-automatic | |||||
| - mosh | |||||
| - vim | |||||
| - python-firewall | |||||
| # need to get anaconda install class for TigerOS possibly | |||||
| #- letsencrypt | |||||
| - name: Allow HTTPS (nginx) | |||||
| firewalld: | |||||
| service: https | |||||
| permanent: true | |||||
| state: enabled | |||||
| - name: Allow HTTP (nginx) | |||||
| firewalld: | |||||
| service: http | |||||
| permanent: true | |||||
| state: enabled | |||||
| - name: Allow SSH access | |||||
| firewalld: | |||||
| service: ssh | |||||
| permanent: true | |||||
| state: enabled | |||||
| - name: Allow 8080 (Jenkins) | |||||
| firewalld: | |||||
| port: 8080/tcp | |||||
| permanent: true | |||||
| state: enabled | |||||
| - name: Allow Cockpit | |||||
| firewalld: | |||||
| service: cockpit | |||||
| permanent: true | |||||
| state: enabled | |||||
| - name: Enable nginx service | |||||
| systemd: | |||||
| name: nginx | |||||
| enabled: yes | |||||
| state: started | |||||
| - name: Enable Jenkins service | |||||
| systemd: | |||||
| name: jenkins | |||||
| enabled: yes | |||||
| state: started | |||||
| - name: Enable Cockpit service | |||||
| systemd: | |||||
| name: cockpit | |||||
| enabled: yes | |||||
| state: started | |||||
| - name: Enable sshd (openssh-server) service | |||||
| systemd: | |||||
| name: sshd | |||||
| enabled: yes | |||||
| state: started | |||||
| - name: Enable fail2ban service | |||||
| systemd: | |||||
| name: fail2ban | |||||
| enabled: yes | |||||
| state: started | |||||
| - name: Reload Firewall | |||||
| command: firewall-cmd --reload | |||||
| become: true | |||||
| - name: Update packages | |||||
| command: dnf update | |||||
| become: true | |||||