-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yml
116 lines (95 loc) · 3.34 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
- name: Setup server
hosts: all
vars_files:
- vars/public/basics.yml
- vars/secret/basics.yml
vars:
supported_distros:
- AlmaLinux
- Debian
arch_map:
{
"i386": "i386",
"x86_64": "amd64",
"aarch64": "arm64",
"armv6l": "armv6",
"armv7l": "armv7",
}
hostnames:
- fiona
- hercules
- kubo
- rango
pre_tasks:
- name: Use of limit arg is mandatory # noqa: run-once[task]
ansible.builtin.fail:
msg: "You must use -l or --limit - when you really want to use all hosts, use -l 'all'"
when: ansible_limit is not defined
run_once: true
tags: ["always"]
- name: Check if supported distro
ansible.builtin.fail:
msg: "{{ ansible_distribution }} is not a supported distro for this playbook. Supported distro's: {{ supported_distros }}"
when: ansible_distribution not in supported_distros
tags: ["always"]
- name: Set lowercase versions of facts
ansible.builtin.set_fact:
ansible_os_family_lowercase: "{{ ansible_os_family | lower }}"
tags: ["always"]
- name: Set arch in Golang format
ansible.builtin.set_fact:
arch: "{{ arch_map[ansible_architecture] }}"
tags: ["always"]
- name: Load public host specific vars
ansible.builtin.include_vars: "public/{{ ansible_hostname }}.yml"
tags: ["always"]
- name: Load secret host specific vars
ansible.builtin.include_vars: "secret/{{ ansible_hostname }}.yml"
tags: ["always"]
- name: Lookup IP's
when: '"home" in group_names'
register: lookup_ips
ansible.builtin.command: dig +short {{ item }}.{{ general_domain_local }}
failed_when: lookup_ips.stdout == ""
changed_when: false
loop: "{{ hostnames }}"
tags: ["always"]
- name: Build IP map
when: '"home" in group_names'
ansible.builtin.set_fact:
ip: "{{ lookup_ips.results | map(attribute='item') | zip(lookup_ips.results | map(attribute='stdout')) | community.general.dict }}"
tags: ["always"]
- name: Print IP lookup result
when: '"home" in group_names'
ansible.builtin.debug:
var: ip
tags: ["always"]
roles:
- role: geerlingguy.security
become: true
tags: ["setup", "roles"]
- role: geerlingguy.docker
become: true
tags: ["setup", "roles"]
tasks:
- name: Include basic setup tasks
ansible.builtin.include_tasks: tasks/basic_setup.yml
tags: ["setup", "basics"]
- name: Include firewall tasks
ansible.builtin.include_tasks: "tasks/firewall_{{ ansible_os_family_lowercase }}.yml"
tags: ["setup", "firewall"]
- name: Include CrowdSec tasks
ansible.builtin.include_tasks: tasks/crowdsec.yml
tags: ["setup", "crowdsec"]
- name: Include Mail on Failed Unit tasks
ansible.builtin.include_tasks: tasks/mail_on_failed_unit.yml
tags: ["setup", "mail_on_failed_unit"]
- name: Include Zabbix agent tasks
ansible.builtin.include_tasks: tasks/zabbix-agent.yml
tags: ["setup", "zabbix"]
- name: Include logging tasks
ansible.builtin.include_tasks: tasks/logging.yml
tags: ["setup", "logging"]
- name: Include host specific tasks
ansible.builtin.include_tasks: "tasks/hosts/{{ ansible_hostname }}.yml"
tags: ["always"]