update

nginx_pg_subdomain.yml

@@ -0,0 +1,64 @@
+---
+- name: Configure Nginx for Subdomain
+  hosts: servers
+  become: true
+
+  tasks:
+    - name: Create Nginx sites-available directory if it doesn't exist
+      file:
+        path: /etc/nginx/sites-available
+        state: directory
+        mode: '0755'
+      become: yes
+
+    - name: Create Nginx sites-enabled directory if it doesn't exist
+      file:
+        path: /etc/nginx/sites-enabled
+        state: directory
+        mode: '0755'
+      become: yes
+
+    - name: Create empty pg.usmidsap02 file if it doesn't exist
+      file:
+        path: /etc/nginx/sites-available/pg.usmidsap02
+        state: touch
+        mode: '0644'
+      become: yes
+
+    - name: Create Nginx configuration for the subdomain
+      become: yes
+      blockinfile:
+        path: /etc/nginx/sites-available/pg.usmidsap02
+        block: |
+          server {
+            listen 5432;
+            server_name pg.usmidsap02;
+            location / {
+              proxy_pass http://127.0.0.1:5432;
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            }
+          }
+        marker: "# {mark} ANSIBLE MANAGED BLOCK - pg.usmidsap02"
+
+    - name: Create a symbolic link to enable the site
+      become: yes
+      file:
+        src: /etc/nginx/sites-available/pg.usmidsap02
+        dest: /etc/nginx/sites-enabled/pg.usmidsap02
+        state: link
+
+    - name: Check Nginx configuration
+      become: yes
+      command: nginx -t
+      register: nginx_test
+      ignore_errors: true
+
+    - name: Reload Nginx if configuration is valid
+      become: yes
+      systemd:
+        name: nginx
+        state: reloaded
+      when: nginx_test.rc == 0
+

use_tps_add.yml

@@ -0,0 +1,57 @@
+---
+- name: Add user 'tps' with sudo ability and SSH key
+  hosts: servers
+  become: true
+
+  vars_prompt:
+    - name: tps_password
+      prompt: "Enter the password for 'tps' user:"
+      private: yes
+
+  tasks:
+    - name: Create the 'tps' user
+      user:
+        name: tps
+        state: present
+        shell: /bin/bash
+        createhome: yes
+
+    - name: Set password for 'tps' user
+      ansible.builtin.shell: echo "tps:{{ tps_password | password_hash('sha512', 'mysecretsalt') }}" | chpasswd
+
+    - name: Generate RSA SSH key pair for 'tps' user (if not already generated)
+      ansible.builtin.shell: ssh-keygen -t rsa -b 4096 -C "tps@{{ ansible_hostname }}" -f "/home/tps/.ssh/id_rsa" creates="/home/tps/.ssh/id_rsa"
+
+    - name: Set appropriate permissions for 'tps' user's SSH directory
+      ansible.builtin.file:
+        path: /home/tps/.ssh
+        state: directory
+        mode: "0700"
+        owner: tps
+        group: tps
+
+    - name: Read the public key content
+      ansible.builtin.slurp:
+        src: /home/tps/.ssh/id_rsa.pub
+      register: public_key_file
+
+    - name: Add 'tps' user to sudoers
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers
+        line: 'tps ALL=(ALL:ALL) ALL'
+        validate: 'visudo -cf %s'
+
+    - name: Add the public key to Gitea using the API with the access token
+      ansible.builtin.uri:
+        url: "https://gitea.hptrow.me/api/v1/user/keys"
+        method: POST
+        headers:
+          Authorization: "a3b03005781823a4fc0c4b435269408d94e0e2f8"
+          Content-Type: "application/json"
+        body_format: json
+        body:
+          title: "tps-{{ ansible_hostname }}"
+          key: "{{ public_key_file.content | b64decode }}"
+        status_code: 201
+      delegate_to: localhost
+