-
-
Notifications
You must be signed in to change notification settings - Fork 112
/
Copy pathprovision.yml
115 lines (89 loc) · 2.87 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
---
- name: provision
hosts: ofn_servers
strategy: free
remote_user: "{{ user }}"
pre_tasks:
- include_role:
name: check_secrets
handlers:
- import_tasks: ../roles/shared_handlers/handlers/main.yml
roles:
- role: ssh_keys # Add sysadmin ssh keys to server
become: yes
tags: ssh_keys
- role: geerlingguy.security
become: yes
become_user: root
tags: security
- role: oefenweb.swapfile
become: yes
tags: swapfile
- role: app_user # Create unprivileged user to run the app
tags: app_user
- role: config # System config to help things run smoothly
tags: config
- role: common # Install common apps and libraries, and setup shell.
tags: common
- role: compatibility # Handle version-specific OS dependencies and configuration
tags: compatibility
- role: language # Setup locale.
tags: language
- role: app # Build the app directory structure and support files.
become: yes
become_user: "{{ app_user }}"
tags: app
- role: node # Set up node and yarn with nodenv.
become: yes
become_user: "{{ app_user }}"
tags: node
- role: dbserver # Set up database server and user for the app.
become: yes
become_user: root
tags: dbserver
- role: postgres_tuning
tags: postgres_tuning
- role: libre_ops.multi_redis
vars:
multiredis_disable_default_instance: false
become: yes
become_user: root
tags: redis
- role: enable_redis
tags: enable_redis
- role: sidekiq
tags: sidekiq
- role: coopdevs.certbot_nginx
become: yes
vars:
domain_name: "{{ certbot_domains | default([domain]) | join(',') }}"
domains: "{{ certbot_domains | default([domain]) }}"
letsencrypt_email: "{{ developer_email }}"
certbot_nginx_cert_name: "{{ certbot_cert_name | default(domain) }}"
certbot_version: "0.31.0-2~deb10u1+ubuntu{{ ansible_distribution_version }}.1+certbot+3"
when: inventory_hostname not in groups['local']
tags: certbot
- role: brotli_nginx
when: ansible_distribution_major_version <= '20'
tags: brotli
- role: jdauphant.nginx
become: yes
tags: nginx
- role: webserver
tags: webserver
- role: arillso.logrotate
become: yes
tags: logrotate
- role: newrelic
become: yes
when: new_relic_api_key is defined
tags: newrelic
tasks:
- meta: flush_handlers # Ensure handlers run successfully before reporting success
- name: notify slack
slack:
token: "T02G54U79/BF25P9F7A/DJdtYaLLUpRJPiu72d8NqgGg"
msg: '{{ inventory_hostname }} provisioned'
channel: "#devops-notifications"
username: "ansible executed by {{ lookup('env','USER') }}"
when: inventory_hostname not in groups['local']