- ../vars/common.yaml
tasks:
- name: limit the total size of journald logs
- lineinfile:
+ ansible.builtin.lineinfile:
dest: /etc/systemd/journald.conf
regexp: ^#?\s*SystemMaxUse=
line: SystemMaxUse={{ systemd_journal_system_max_use }}
- restart systemd-journald
- name: limit the size of each journald log file
- lineinfile:
+ ansible.builtin.lineinfile:
dest: /etc/systemd/journald.conf
regexp: ^#\s*SystemMaxFileSize=
line: SystemMaxFileSize={{ systemd_journal_system_max_file_size }}
--- /dev/null
+---
+# Creates a letsencrypt certificate for a domain
+# needed facts (variables) from commandline: (e.g. -e domain=example.com
+# domain: the site domain name
+- hosts: all
+ vars_files:
+ - ../vars/common.yaml
+ - ../vars/ssl-certificate.yaml
+ tasks:
+ - name: Check pre-requisites
+ fail:
+ msg: "The variable 'domains' must be defined: use -e domain=mydomain.com,www.mydomain.com"
+ when: domains is not defined or "," not in domains
+ - name: Set facts
+ set_fact:
+ domain_list: "{{ domains.split(',') }}"
+ - name: create certificate for {{ domain_list }}
+ ansible.builtin.include_tasks: ../tasks/t_lets_multi_cert.yaml
+
--- /dev/null
+- name: Installs a opencloud server as docker container
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+ # - domain: the domain name for the certificate
+ hosts: all
+ vars_files:
+ - ../vars/common.yaml
+ - ../vars/opencloud.yaml
+ - ../vars/ssl-certificate.yaml
+ tasks:
+ - name: Enable the docker repository
+ ansible.builtin.include_tasks : ../tasks/t_docker_install.yaml
+ - name: Create directories
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ mode: 0755
+ owner: 1000
+ group: 1000
+ with_items: ["{{ opencloud_base }}/opencloud_config", "{{ opencloud_base }}/opencloud_data"]
+ - name: Prepare git for repository ownership
+ ansible.builtin.command:
+ cmd: git config --global --add safe.directory {{ opencloud_base }}/opencloud
+ - name: Clone opencloud repository
+ ansible.builtin.git:
+ repo: https://github.com/opencloud-eu/opencloud.git
+ dest: "{{ opencloud_base }}/opencloud"
+ #version: main
+ depth: 1
+ update: no
+ - name: Configuration in .env
+ ansible.builtin.lineinfile:
+ dest: "{{ opencloud_config_file }}"
+ regexp: "{{ item.key }}"
+ line: "{{ item.value }}"
+ with_dict: "{{ opencloud_configs }}"
+ - name: Configuration for docker-compose
+ ansible.builtin.lineinfile:
+ dest: "{{ opencloud_base }}/opencloud/deployments/examples/opencloud_full/docker-compose.yml"
+ regexp: "{{ item.key }}"
+ line: "{{ item.value }}"
+ with_dict:
+ '^ +- "[0-9]+:80"': ' - "{{ opencloud_port80 }}:80"'
+ '^ +- "[0-9]+:443"': ' - "{{ opencloud_port443 }}:443"'
+ - name: Create a X509 certificate for {{ opencloud_domain }}
+ ansible.builtin.include_tasks : ../tasks/t_ssl_multi_cert.yaml
+ vars:
+ domain_names:
+ - "cloud.{{ opencloud_domain }}"
+ - "collabora.{{ opencloud_domain }}"
+ - "wopiserver.{{ opencloud_domain }}"
+ - "traefik.{{ opencloud_domain }}"
+
--- /dev/null
+---
+- name: Creates a X509 certificate for a domain, needed for a letsencrypt certificate
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+ # - domains: a list of domain name for the certificate
+ hosts: all
+ vars_files:
+ - ../vars/common.yaml
+ - ../vars/ssl-certificate.yaml
+ tasks:
+ - name: test pre-requisites
+ fail: msg="missing fact! domains. Use -e domains=example.com,example.org"
+ when: domains is not defined or ',' not in domains
+ - name: build list of domains
+ set_fact:
+ domain_names: "{{ domains.split(',') }}"
+ - name: Creates a X509 certificate for {{domain}}
+ import_tasks : ../tasks/t_ssl_multi_cert.yaml
--- /dev/null
+# Installs the docker repository to enable the current version of docker
+- name: does the docker repo exists
+ ansible.builtin.stat:
+ path: /etc/apt/sources.list.d/docker.list
+ register: docker_repo_exists
+- name: do the needed things
+ ansible.builtin.include_tasks: ../tasks/t_docker_internal.yaml
+ when: not docker_repo_exists.stat.exists
+- name: reload docker
+ service:
+ name: docker
+ state: restarted
+ enabled: yes
+
--- /dev/null
+- name: Check if docker key exists
+ ansible.builtin.stat:
+ path: /etc/apt/keyrings/docker.gpg
+ register: docker_gpg
+
+- name: Create APT keyring directory
+ ansible.builtin.file:
+ path: /etc/apt/keyrings
+ state: directory
+ mode: '0755'
+ owner: root
+ group: root
+
+# TODO: cleanup docker.asc
+- name: Download docker armored signature
+ ansible.builtin.get_url:
+ url: https://download.docker.com/linux/debian/gpg
+ dest: /tmp/docker.asc
+ when: not docker_gpg.stat.exists
+
+# TODO: Make sure gnupg/gnupg2 is installed
+- name: Dearmor docker asc
+ ansible.builtin.command: /usr/bin/gpg --dearmor -o /etc/apt/keyrings/docker.gpg /tmp/docker.asc
+ when: not docker_gpg.stat.exists
+
+- name: Add docker apt repository.
+ ansible.builtin.apt_repository:
+ repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+ state: present
+ update_cache: yes
+ filename: docker
+- name: remove wrong docker packages
+ ansible.builtin.apt:
+ name: "docker"
+ state: absent
+ update_cache: true
+ cache_valid_time: 3600
+ with_items:
+ - docker.io
+ - docker-doc
+ - docker-compose
+ - podman-docker
+ - containerd
+ - runc
+ when: not docker_repo_exists.stat.exists
+- name: Install docker
+ ansible.builtin.apt:
+ name: "docker"
+ state: present
+ update_cache: true
+ cache_valid_time: 3600
+ with_items:
+ - docker-ce
+ - docker-ce-cli
+ - containerd.io
+ - docker-buildx-plugin
+ - docker-compose-plugin
\ No newline at end of file
--- /dev/null
+---
+# Creates a letsencrypt certificate for the given domain
+# needed facts (variables):
+# - domain_list: a list of domain names to create the certificate for
+# - webmaster_email: the email address to use for the certificate
+- name: Set facts
+ set_fact:
+ domain: "{{ domain_list[0] }}"
+ domain_seq: "{{ domain_list | map('regex_replace', '^(.*)$', ' -d \\1') | join(' ') }}"
+
+- name: create a letsencrypt certificate for {{ domain_seq }}
+ shell:
+ cmd: 'certbot certonly -a webroot --webroot-path=/srv/www/letsencrypt --email {{ webmaster_email }} --agree-tos --non-interactive {{ domain_seq }}'
+ args:
+ creates: "/etc/letsencrypt/live/{{ domain }}"
\ No newline at end of file
# - ssl_lifetime: the lifetime of the certificate in days
# - ssl_rsa_key_size: the size of the RSA key for the certificate
- name: create a ssh-certificate
- ansible.builtin.command: openssl req -x509 -nodes -days {{ssl_lifetime}} -newkey rsa:{{ssl_rsa_key_size}} -keyout /etc/ssl/private/{{domain}}.key -out /etc/ssl/certs/{{domain}}.pem -subj "/C={{ssl_country}}/ST={{ssl_state}}/L={{ssl_locality}}/O={{ssl_organization}}/CN={{domain}}"
+ ansible.builtin.command: 'openssl req -x509 -nodes -days {{ssl_lifetime}} \
+ -newkey rsa:{{ssl_rsa_key_size}} \
+ -keyout /etc/ssl/private/{{domain}}.key \
+ -out /etc/ssl/certs/{{domain}}.pem \
+ -subj "/C={{ssl_country}}/ST={{ssl_state}}/L={{ssl_locality}}/O={{ssl_organization}}/CN={{domain}}"''
args:
creates: /etc/ssl/private/{{domain}}.key
--- /dev/null
+# Creates a X509 certificate for a domain, needed for a letsencrypt certificate.
+# needed facts (variables):
+# - domain_names: a list of domain names for the certificate
+# - ssl_country: the country code for the certificate
+# - ssl_state: the state for the certificate
+# - ssl_locality: the locality for the certificate
+# - ssl_organization: the organization for the certificate
+# - ssl_lifetime: the lifetime of the certificate in days
+# - ssl_rsa_key_size: the size of the RSA key for the certificate
+- name: Set facts
+ set_fact:
+ domain: "{{ domain_names[0] }}"
+ san_list: "{{ domain_names | map('regex_replace', '^(.*)$', 'DNS:\\1') | join(',') }}"
+- name: debug
+ ansible.builtin.debug:
+ msg: "== san: {{ san_list }} domain: {{ domain }}\nDomains: {{ domain_names }}\n"
+- name: create a ssh-certificate
+ ansible.builtin.command: 'openssl req -x509 -nodes -days {{ssl_lifetime}} \
+ -newkey rsa:{{ssl_rsa_key_size}} -keyout /etc/ssl/private/{{domain}}.key \
+ -out /etc/ssl/certs/{{domain}}.pem \
+ -subj "/C={{ssl_country}}/ST={{ssl_state}}/L={{ssl_locality}}/O={{ssl_organization}}/CN={{domain}}" \
+ -addext "subjectAltName={{ san_list }}"'
+ args:
+ creates: /etc/ssl/private/{{domain}}.key
projects / ansknife.git / commitdiff