demo/ansible/playbook/roles/hetzner_app/tasks/main.yml

---
- name: Allow all access from RFC1918 networks to this host
  community.general.ufw:
    rule: allow
    src: '{{ item }}'
  loop:
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16
    - 195.151.207.0/24
    - 37.29.46.132/32
    - 109.235.215.238/32
    - 84.47.191.162/32
    - 77.232.53.10/32
    - 188.187.118.117/32
    - 91.234.153.110/32
    - 195.151.8.25/32
    - 78.30.223.233/32
    - 109.237.104.138/32
    - 84.47.168.163/32
    - 94.28.29.140/32

- name: Enable UFW
  community.general.ufw:
    state: enabled

- name: set timezone to Asia/Yekaterinburg
  community.general.timezone:
    hwclock: local
    name: Asia/Yekaterinburg

- name: Install java_11
  ansible.builtin.unarchive:
    src: "https://github.com/adoptium/temurin11-binaries/releases/download/{{ hetzner_app_java_11 }}/{{ hetzner_app_java_11_file }}"
    dest: /opt
    remote_src: yes

- name: symlink java_11
  file:
    src: "/opt/{{ hetzner_app_java_11 }}/"
    dest: /opt/openjdk_11
    state: link

- name: Install java_8
  ansible.builtin.unarchive:
    src: "https://github.com/adoptium/temurin8-binaries/releases/download/{{ hetzner_app_java_8 }}/{{ hetzner_app_java_8_file }}"
    dest: /opt
    remote_src: yes

- name: symlink java_8
  file:
    src: "/opt/{{ hetzner_app_java_8 }}/"
    dest: /opt/openjdk_8
    state: link

- name: Run the equivalent of "apt-get update" as a separate step
  apt:
    update_cache: yes

- name: Install a list of packages
  apt:
    pkg:
    - libmime-tools-perl
    - atop
    - iotop
    - less
    - nano
    - vim
    - telnet
    - dnsutils
    - curl
    - wget
    - zip
    - unzip
    - tar
    - rsync
    - screen
    - openssl
    - ldap-utils
    - fontconfig
    - htop
    - mc
    - ttf-mscorefonts-installer
    - python-simplejson
    - software-properties-common
    - traceroute
    - file
    - chrony

- name: Create swap file
  command: fallocate -l {{ hetzner_app_swap_file_size_gb }}G {{ hetzner_app_swap_file_path }}
           creates="{{ hetzner_app_swap_file_path }}"
  tags:
    - swap.file.create

- name: Change swap file permissions
  file: path="{{ hetzner_app_swap_file_path }}"
        owner=root
        group=root
        mode=0600
  tags:
    - swap.file.permissions

- name: "Check swap file type"
  command: file {{ hetzner_app_swap_file_path }}
  register: swapfile
  tags:
    - swap.file.mkswap

- name: Make swap file
  command: "sudo mkswap {{ hetzner_app_swap_file_path }}"
  when: swapfile.stdout.find('swap file') == -1
  tags:
    - swap.file.mkswap

- name: Write swap entry in fstab
  mount: name=none
         src={{ hetzner_app_swap_file_path }}
         fstype=swap
         opts=sw
         passno=0
         dump=0
         state=present
  tags:
    - swap.fstab

- name: Mount swap
  command: "swapon {{ hetzner_app_swap_file_path }}"
  when: ansible_swaptotal_mb < 1
  tags:
    - swap.file.swapon

- name: "Add the user {{ hetzner_app_stands_user }} with a bash shell"
  ansible.builtin.user:
    name: "{{ hetzner_app_stands_user }}"
    shell: /bin/bash
    home: "/home/{{ hetzner_app_stands_user }}"
    create_home: yes
    generate_ssh_key: yes

- name: Ansible copy authorized_keys
  copy:
    src: /root/.ssh/authorized_keys
    dest: "/home/{{ hetzner_app_stands_user }}/.ssh/authorized_keys"
    remote_src: yes

- name: Change file permissions
  file: path="/home/{{ hetzner_app_stands_user }}/.ssh/authorized_keys"
        owner="{{ hetzner_app_stands_user }}"
        group="{{ hetzner_app_stands_user }}"
        mode=0600

- name: Create stands directory
  file:
    path: /opt/stands
    state: directory
    owner: "{{ hetzner_app_stands_user }}"
    group: "{{ hetzner_app_stands_user }}"
    mode: 0775