-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook-nginx-docker.yml
executable file
·86 lines (72 loc) · 2.13 KB
/
playbook-nginx-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---
- hosts: dev
become: true
vars_files:
- vars/default.yml
tasks:
- name: Install aptitude using apt
apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
- name: Install required system packages
apt: name={{ item }} state=latest update_cache=yes
loop: [ 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg','lsb-release','nginx','python3-pip', 'virtualenv', 'python3-setuptools']
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu bionic stable
state: present
- name: Update apt and install docker-ce
apt: update_cache=yes name=docker-ce state=latest
- name: Install Modules for Python
pip:
name:
- docker
- jsondiff
- pyyaml
- name: Add current user to 'docker' group
user:
name: "{{ ansible_user }}"
groups: docker
append: yes
- name: Init a new swarm with default parameters
docker_swarm:
state: present
- name: Copy Nginx config
copy:
src: nginx-files/nginx.conf
dest: /etc/nginx/nginx.conf
mode: '0644'
notify: Restart Nginx
- name: Copy Site config
copy:
src: nginx-files/default
dest: /etc/nginx/sites-available/default
mode: '0644'
notify: Restart Nginx
- name: Enable Site config
file:
src: /etc/nginx/sites-available/default
dest: /etc/nginx/sites-enabled/default
state: link
notify: Restart Nginx
- name: UFW - Allow SSH connection
ufw:
rule: allow
port: "{{ ansible_port|int }}"
proto: tcp
- name: UFW - Allow Nginx HTTP
ufw:
rule: allow
name: "Nginx HTTP"
- name: UFW - Deny all other incoming traffic by default
ufw:
state: enabled
policy: deny
direction: incoming
handlers:
- name: Restart Nginx
service:
name: nginx
state: restarted