update
This commit is contained in:
parent
f3ea458523
commit
ce376696ab
64
nginx_pg_subdomain.yml
Normal file
64
nginx_pg_subdomain.yml
Normal file
@ -0,0 +1,64 @@
|
||||
---
|
||||
- name: Configure Nginx for Subdomain
|
||||
hosts: servers
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
- name: Create Nginx sites-available directory if it doesn't exist
|
||||
file:
|
||||
path: /etc/nginx/sites-available
|
||||
state: directory
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: Create Nginx sites-enabled directory if it doesn't exist
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled
|
||||
state: directory
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: Create empty pg.usmidsap02 file if it doesn't exist
|
||||
file:
|
||||
path: /etc/nginx/sites-available/pg.usmidsap02
|
||||
state: touch
|
||||
mode: '0644'
|
||||
become: yes
|
||||
|
||||
- name: Create Nginx configuration for the subdomain
|
||||
become: yes
|
||||
blockinfile:
|
||||
path: /etc/nginx/sites-available/pg.usmidsap02
|
||||
block: |
|
||||
server {
|
||||
listen 5432;
|
||||
server_name pg.usmidsap02;
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:5432;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK - pg.usmidsap02"
|
||||
|
||||
- name: Create a symbolic link to enable the site
|
||||
become: yes
|
||||
file:
|
||||
src: /etc/nginx/sites-available/pg.usmidsap02
|
||||
dest: /etc/nginx/sites-enabled/pg.usmidsap02
|
||||
state: link
|
||||
|
||||
- name: Check Nginx configuration
|
||||
become: yes
|
||||
command: nginx -t
|
||||
register: nginx_test
|
||||
ignore_errors: true
|
||||
|
||||
- name: Reload Nginx if configuration is valid
|
||||
become: yes
|
||||
systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
when: nginx_test.rc == 0
|
||||
|
57
use_tps_add.yml
Normal file
57
use_tps_add.yml
Normal file
@ -0,0 +1,57 @@
|
||||
---
|
||||
- name: Add user 'tps' with sudo ability and SSH key
|
||||
hosts: servers
|
||||
become: true
|
||||
|
||||
vars_prompt:
|
||||
- name: tps_password
|
||||
prompt: "Enter the password for 'tps' user:"
|
||||
private: yes
|
||||
|
||||
tasks:
|
||||
- name: Create the 'tps' user
|
||||
user:
|
||||
name: tps
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
createhome: yes
|
||||
|
||||
- name: Set password for 'tps' user
|
||||
ansible.builtin.shell: echo "tps:{{ tps_password | password_hash('sha512', 'mysecretsalt') }}" | chpasswd
|
||||
|
||||
- name: Generate RSA SSH key pair for 'tps' user (if not already generated)
|
||||
ansible.builtin.shell: ssh-keygen -t rsa -b 4096 -C "tps@{{ ansible_hostname }}" -f "/home/tps/.ssh/id_rsa" creates="/home/tps/.ssh/id_rsa"
|
||||
|
||||
- name: Set appropriate permissions for 'tps' user's SSH directory
|
||||
ansible.builtin.file:
|
||||
path: /home/tps/.ssh
|
||||
state: directory
|
||||
mode: "0700"
|
||||
owner: tps
|
||||
group: tps
|
||||
|
||||
- name: Read the public key content
|
||||
ansible.builtin.slurp:
|
||||
src: /home/tps/.ssh/id_rsa.pub
|
||||
register: public_key_file
|
||||
|
||||
- name: Add 'tps' user to sudoers
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/sudoers
|
||||
line: 'tps ALL=(ALL:ALL) ALL'
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
- name: Add the public key to Gitea using the API with the access token
|
||||
ansible.builtin.uri:
|
||||
url: "https://gitea.hptrow.me/api/v1/user/keys"
|
||||
method: POST
|
||||
headers:
|
||||
Authorization: "a3b03005781823a4fc0c4b435269408d94e0e2f8"
|
||||
Content-Type: "application/json"
|
||||
body_format: json
|
||||
body:
|
||||
title: "tps-{{ ansible_hostname }}"
|
||||
key: "{{ public_key_file.content | b64decode }}"
|
||||
status_code: 201
|
||||
delegate_to: localhost
|
||||
|
Loading…
Reference in New Issue
Block a user