---
|
|
- hosts: 127.0.0.1
|
|
tasks:
|
|
- name: Install packages
|
|
dnf: name="{{ item }}" state=present
|
|
become: true
|
|
with_items:
|
|
- nginx
|
|
- jenkins
|
|
- mock
|
|
- git
|
|
- openssh-server
|
|
- pungi
|
|
- rpm-sign
|
|
- certbot
|
|
- fedora-packager
|
|
- fedpkg
|
|
- fail2ban
|
|
- fail2ban-server
|
|
- iptables
|
|
- dnf-automatic
|
|
- mosh
|
|
- vim
|
|
- python-firewall
|
|
# need to get anaconda install class for TigerOS possibly
|
|
#- letsencrypt
|
|
- name: Allow HTTPS (nginx)
|
|
firewalld:
|
|
service: https
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow HTTP (nginx)
|
|
firewalld:
|
|
service: http
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow SSH access
|
|
firewalld:
|
|
service: ssh
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow 8080 (Jenkins)
|
|
firewalld:
|
|
port: 8080/tcp
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow Cockpit
|
|
firewalld:
|
|
service: cockpit
|
|
permanent: true
|
|
state: enabled
|
|
- name: Enable nginx service
|
|
systemd:
|
|
name: nginx
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable Jenkins service
|
|
systemd:
|
|
name: jenkins
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable Cockpit service
|
|
systemd:
|
|
name: cockpit
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable sshd (openssh-server) service
|
|
systemd:
|
|
name: sshd
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable fail2ban service
|
|
systemd:
|
|
name: fail2ban
|
|
enabled: yes
|
|
state: started
|
|
- name: Reload Firewall
|
|
command: firewall-cmd --reload
|
|
become: true
|
|
- name: Update packages
|
|
command: dnf update
|
|
become: true
|