--- - hosts: 127.0.0.1 tasks: - name: Install packages dnf: name="{{ item }}" state=present become: true with_items: - nginx - jenkins - mock - git - openssh-server - pungi - rpm-sign - certbot - fedora-packager - fedpkg - fail2ban - fail2ban-server - iptables - dnf-automatic - mosh - vim - python-firewall # need to get anaconda install class for TigerOS possibly #- letsencrypt - name: Allow HTTPS (nginx) firewalld: service: https permanent: true state: enabled - name: Allow HTTP (nginx) firewalld: service: http permanent: true state: enabled - name: Allow SSH access firewalld: service: ssh permanent: true state: enabled - name: Allow 8080 (Jenkins) firewalld: port: 8080/tcp permanent: true state: enabled - name: Allow Cockpit firewalld: service: cockpit permanent: true state: enabled - name: Enable nginx service systemd: name: nginx enabled: yes state: started - name: Enable Jenkins service systemd: name: jenkins enabled: yes state: started - name: Enable Cockpit service systemd: name: cockpit enabled: yes state: started - name: Enable sshd (openssh-server) service systemd: name: sshd enabled: yes state: started - name: Enable fail2ban service systemd: name: fail2ban enabled: yes state: started - name: Reload Firewall command: firewall-cmd --reload become: true - name: Update packages command: dnf update become: true - name: Allow Jenkins sudo access become: true lineinfile: path: /etc/sudoers line: 'jenkins ALL=NOPASSWD: /var/lib/jenkins/jobs/TigerOS Devel/workspace/tigeros/make-iso.sh' state: present