--- - name: Allow all access from RFC1918 networks to this host community.general.ufw: rule: allow src: '{{ item }}' loop: - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - 195.151.207.0/24 - 37.29.46.132/32 - 109.235.215.238/32 - 84.47.191.162/32 - 77.232.53.10/32 - 188.187.118.117/32 - 91.234.153.110/32 - 195.151.8.25/32 - 78.30.223.233/32 - 109.237.104.138/32 - 84.47.168.163/32 - 94.28.29.140/32 - name: Enable UFW community.general.ufw: state: enabled - name: set timezone to Asia/Yekaterinburg community.general.timezone: hwclock: local name: Asia/Yekaterinburg - name: Install java_11 ansible.builtin.unarchive: src: "https://github.com/adoptium/temurin11-binaries/releases/download/{{ hetzner_app_java_11 }}/{{ hetzner_app_java_11_file }}" dest: /opt remote_src: yes - name: symlink java_11 file: src: "/opt/{{ hetzner_app_java_11 }}/" dest: /opt/openjdk_11 state: link - name: Install java_8 ansible.builtin.unarchive: src: "https://github.com/adoptium/temurin8-binaries/releases/download/{{ hetzner_app_java_8 }}/{{ hetzner_app_java_8_file }}" dest: /opt remote_src: yes - name: symlink java_8 file: src: "/opt/{{ hetzner_app_java_8 }}/" dest: /opt/openjdk_8 state: link - name: Run the equivalent of "apt-get update" as a separate step apt: update_cache: yes - name: Install a list of packages apt: pkg: - libmime-tools-perl - atop - iotop - less - nano - vim - telnet - dnsutils - curl - wget - zip - unzip - tar - rsync - screen - openssl - ldap-utils - fontconfig - htop - mc - ttf-mscorefonts-installer - python-simplejson - software-properties-common - traceroute - file - chrony - name: Create swap file command: fallocate -l {{ hetzner_app_swap_file_size_gb }}G {{ hetzner_app_swap_file_path }} creates="{{ hetzner_app_swap_file_path }}" tags: - swap.file.create - name: Change swap file permissions file: path="{{ hetzner_app_swap_file_path }}" owner=root group=root mode=0600 tags: - swap.file.permissions - name: "Check swap file type" command: file {{ hetzner_app_swap_file_path }} register: swapfile tags: - swap.file.mkswap - name: Make swap file command: "sudo mkswap {{ hetzner_app_swap_file_path }}" when: swapfile.stdout.find('swap file') == -1 tags: - swap.file.mkswap - name: Write swap entry in fstab mount: name=none src={{ hetzner_app_swap_file_path }} fstype=swap opts=sw passno=0 dump=0 state=present tags: - swap.fstab - name: Mount swap command: "swapon {{ hetzner_app_swap_file_path }}" when: ansible_swaptotal_mb < 1 tags: - swap.file.swapon - name: "Add the user {{ hetzner_app_stands_user }} with a bash shell" ansible.builtin.user: name: "{{ hetzner_app_stands_user }}" shell: /bin/bash home: "/home/{{ hetzner_app_stands_user }}" create_home: yes generate_ssh_key: yes - name: Ansible copy authorized_keys copy: src: /root/.ssh/authorized_keys dest: "/home/{{ hetzner_app_stands_user }}/.ssh/authorized_keys" remote_src: yes - name: Change file permissions file: path="/home/{{ hetzner_app_stands_user }}/.ssh/authorized_keys" owner="{{ hetzner_app_stands_user }}" group="{{ hetzner_app_stands_user }}" mode=0600 - name: Create stands directory file: path: /opt/stands state: directory owner: "{{ hetzner_app_stands_user }}" group: "{{ hetzner_app_stands_user }}" mode: 0775