therion/demo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

all demo

Browse Source
This commit is contained in:
Pavel Guzaev
2024-03-09 17:36:50 +05:00
commit 431b4f5cfd
44 changed files with 3239 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ansible/playbook/roles/hetzner_app/defaults/main.yml Normal file
View File

@@ -0,0 +1,7 @@
hetzner_app_java_11: jdk-11.0.12+7
hetzner_app_java_11_file: OpenJDK11U-jdk_x64_linux_hotspot_11.0.12_7.tar.gz
hetzner_app_java_8: jdk8u312-b07
hetzner_app_java_8_file: OpenJDK8U-jdk_x64_linux_hotspot_8u312b07.tar.gz
hetzner_app_swap_file_path: /swapfile
hetzner_app_swap_file_size_gb: 8
hetzner_app_stands_user: nausd4

160
ansible/playbook/roles/hetzner_app/tasks/main.yml Normal file
View File

@@ -0,0 +1,160 @@
---
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:
rule: allow
src: '{{ item }}'
loop:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 195.151.207.0/24
- 37.29.46.132/32
- 109.235.215.238/32
- 84.47.191.162/32
- 77.232.53.10/32
- 188.187.118.117/32
- 91.234.153.110/32
- 195.151.8.25/32
- 78.30.223.233/32
- 109.237.104.138/32
- 84.47.168.163/32
- 94.28.29.140/32
- name: Enable UFW
community.general.ufw:
state: enabled
- name: set timezone to Asia/Yekaterinburg
community.general.timezone:
hwclock: local
name: Asia/Yekaterinburg
- name: Install java_11
ansible.builtin.unarchive:
src: "https://github.com/adoptium/temurin11-binaries/releases/download/{{ hetzner_app_java_11 }}/{{ hetzner_app_java_11_file }}"
dest: /opt
remote_src: yes
- name: symlink java_11
file:
src: "/opt/{{ hetzner_app_java_11 }}/"
dest: /opt/openjdk_11
state: link
- name: Install java_8
ansible.builtin.unarchive:
src: "https://github.com/adoptium/temurin8-binaries/releases/download/{{ hetzner_app_java_8 }}/{{ hetzner_app_java_8_file }}"
dest: /opt
remote_src: yes
- name: symlink java_8
file:
src: "/opt/{{ hetzner_app_java_8 }}/"
dest: /opt/openjdk_8
state: link
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: yes
- name: Install a list of packages
apt:
pkg:
- libmime-tools-perl
- atop
- iotop
- less
- nano
- vim
- telnet
- dnsutils
- curl
- wget
- zip
- unzip
- tar
- rsync
- screen
- openssl
- ldap-utils
- fontconfig
- htop
- mc
- ttf-mscorefonts-installer
- python-simplejson
- software-properties-common
- traceroute
- file
- chrony
- name: Create swap file
command: fallocate -l {{ hetzner_app_swap_file_size_gb }}G {{ hetzner_app_swap_file_path }}
creates="{{ hetzner_app_swap_file_path }}"
tags:
- swap.file.create
- name: Change swap file permissions
file: path="{{ hetzner_app_swap_file_path }}"
owner=root
group=root
mode=0600
tags:
- swap.file.permissions
- name: "Check swap file type"
command: file {{ hetzner_app_swap_file_path }}
register: swapfile
tags:
- swap.file.mkswap
- name: Make swap file
command: "sudo mkswap {{ hetzner_app_swap_file_path }}"
when: swapfile.stdout.find('swap file') == -1
tags:
- swap.file.mkswap
- name: Write swap entry in fstab
mount: name=none
src={{ hetzner_app_swap_file_path }}
fstype=swap
opts=sw
passno=0
dump=0
state=present
tags:
- swap.fstab
- name: Mount swap
command: "swapon {{ hetzner_app_swap_file_path }}"
when: ansible_swaptotal_mb < 1
tags:
- swap.file.swapon
- name: "Add the user {{ hetzner_app_stands_user }} with a bash shell"
ansible.builtin.user:
name: "{{ hetzner_app_stands_user }}"
shell: /bin/bash
home: "/home/{{ hetzner_app_stands_user }}"
create_home: yes
generate_ssh_key: yes
- name: Ansible copy authorized_keys
copy:
src: /root/.ssh/authorized_keys
dest: "/home/{{ hetzner_app_stands_user }}/.ssh/authorized_keys"
remote_src: yes
- name: Change file permissions
file: path="/home/{{ hetzner_app_stands_user }}/.ssh/authorized_keys"
owner="{{ hetzner_app_stands_user }}"
group="{{ hetzner_app_stands_user }}"
mode=0600
- name: Create stands directory
file:
path: /opt/stands
state: directory
owner: "{{ hetzner_app_stands_user }}"
group: "{{ hetzner_app_stands_user }}"
mode: 0775