2023-05-13 06:44:40 +05:30
|
|
|
---
|
2024-01-10 19:13:09 +05:30
|
|
|
- name: Docker
|
|
|
|
hosts: privfrontends
|
|
|
|
vars_files:
|
|
|
|
- ./vars.yaml
|
|
|
|
tasks:
|
|
|
|
- name: Deploy stack role
|
|
|
|
ansible.builtin.include_role:
|
|
|
|
name: gi-yt.docker_compose_declarative
|
|
|
|
vars:
|
|
|
|
app: "{{ service.value }}"
|
|
|
|
app_name: "{{ service.key | lower }}"
|
|
|
|
loop: "{{ apps.groups | default({}) | dict2items }}"
|
|
|
|
loop_control:
|
|
|
|
loop_var: service
|
|
|
|
when: service.value.docker_settings
|
2023-05-13 06:44:40 +05:30
|
|
|
- name: Setup Caddy
|
2023-09-14 14:42:16 +05:30
|
|
|
hosts: privfrontends
|
2023-05-13 06:44:40 +05:30
|
|
|
tasks:
|
2023-06-05 14:32:24 +05:30
|
|
|
- name: Copy Caddyfile
|
2023-07-07 22:40:54 +05:30
|
|
|
ansible.builtin.template:
|
2023-06-05 14:32:24 +05:30
|
|
|
src: ./templates/Caddyfile.j2
|
|
|
|
dest: /etc/caddy/Caddyfile
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
2023-06-05 14:32:24 +05:30
|
|
|
tags: caddy-non-update
|
2023-05-13 06:44:40 +05:30
|
|
|
- name: Copy per-server caddy extras
|
2023-07-07 22:40:54 +05:30
|
|
|
ansible.builtin.copy:
|
2023-05-29 14:08:34 +05:30
|
|
|
src: "./templates/{{ inventory_hostname }}/"
|
|
|
|
dest: /etc/caddy/
|
|
|
|
directory_mode: true
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
2023-06-05 14:32:24 +05:30
|
|
|
tags: caddy-non-update
|
|
|
|
- name: Reload Caddy
|
2023-07-07 22:40:54 +05:30
|
|
|
ansible.builtin.service:
|
2023-05-29 21:19:16 +05:30
|
|
|
name: caddy
|
2023-07-07 22:40:54 +05:30
|
|
|
enabled: true
|
2023-06-05 14:32:24 +05:30
|
|
|
state: reloaded
|
|
|
|
tags: caddy-non-update
|
2024-01-10 19:13:09 +05:30
|
|
|
- name: Fail2Ban
|
2023-05-14 15:56:43 +05:30
|
|
|
hosts: privfrontends
|
2023-07-07 22:40:54 +05:30
|
|
|
tasks:
|
2024-01-10 19:13:09 +05:30
|
|
|
- name: Copy jail.local config to fail2ban
|
|
|
|
ansible.builtin.copy:
|
|
|
|
src: "./configs/fail2ban/jail.local"
|
|
|
|
dest: "/etc/fail2ban/jail.local"
|
|
|
|
mode: "0644"
|
|
|
|
tags: fail2ban
|
|
|
|
- name: Copy caddy-status filter to fail2ban
|
|
|
|
ansible.builtin.copy:
|
|
|
|
src: "./configs/fail2ban/caddy-status.conf"
|
|
|
|
dest: "/etc/fail2ban/filter.d/caddy-status.conf"
|
|
|
|
mode: "0644"
|
|
|
|
tags: fail2ban
|
2024-01-10 19:16:06 +05:30
|
|
|
- name: Restart fail2ban
|
|
|
|
ansible.builtin.service:
|
|
|
|
name: fail2ban
|
|
|
|
state: restarted
|