You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 lines
2.5 KiB
100 lines
2.5 KiB
---
|
|
- hosts: 127.0.0.1
|
|
tasks:
|
|
- name: Install packages
|
|
dnf: name="{{ item }}" state=present
|
|
become: true
|
|
with_items:
|
|
- nginx
|
|
- jenkins
|
|
- mock
|
|
- git
|
|
- openssh-server
|
|
- pungi
|
|
- rpm-sign
|
|
- certbot
|
|
- fedora-packager
|
|
- fedpkg
|
|
- fail2ban
|
|
- fail2ban-server
|
|
- iptables
|
|
- dnf-automatic
|
|
- mosh
|
|
- vim
|
|
- python-firewall
|
|
# need to get anaconda install class for TigerOS possibly
|
|
#- letsencrypt
|
|
- name: Allow HTTPS (nginx)
|
|
firewalld:
|
|
service: https
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow HTTP (nginx)
|
|
firewalld:
|
|
service: http
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow SSH access
|
|
firewalld:
|
|
service: ssh
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow 8080 (Jenkins)
|
|
firewalld:
|
|
port: 8080/tcp
|
|
permanent: true
|
|
state: enabled
|
|
- name: Allow Cockpit
|
|
firewalld:
|
|
service: cockpit
|
|
permanent: true
|
|
state: enabled
|
|
- name: Enable nginx service
|
|
systemd:
|
|
name: nginx
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable Jenkins service
|
|
systemd:
|
|
name: jenkins
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable Cockpit service
|
|
systemd:
|
|
name: cockpit
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable sshd (openssh-server) service
|
|
systemd:
|
|
name: sshd
|
|
enabled: yes
|
|
state: started
|
|
- name: Enable fail2ban service
|
|
systemd:
|
|
name: fail2ban
|
|
enabled: yes
|
|
state: started
|
|
- name: Reload Firewall
|
|
command: firewall-cmd --reload
|
|
become: true
|
|
- name: Update packages
|
|
command: dnf update
|
|
become: true
|
|
- name: Allow Jenkins sudo access for devel
|
|
become: true
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
line: 'jenkins ALL=NOPASSWD: /var/lib/jenkins/jobs/TigerOS-Devel/workspace/tigeros/make-iso.sh'
|
|
state: present
|
|
- name: Allow Jenkins sudo access for master
|
|
become: true
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
line: 'jenkins ALL=NOPASSWD: /var/lib/jenkins/jobs/TigerOS-Master/workspace/tigeros/make-iso.sh'
|
|
state: present
|
|
- jenkins_job:
|
|
name: TigerOS-Master
|
|
state: present
|
|
- jenkins_job:
|
|
name: TigerOS-Devel
|
|
state: present
|