/
base.yml
88 lines (72 loc) · 2.7 KB
/
base.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
---
- hosts: all
remote_user: root
tasks:
- timezone: name=UTC
- apt:
name:
[
"ffmpeg",
"nginx",
"redis-server",
"imagemagick",
"git",
"wget",
"python3-simplejson",
"python3-mysqldb",
"mysql-server",
]
state: latest
update_cache: yes
- user: name=www-data state=present
- service: name={{ item }} state=started enabled=yes
with_items:
- nginx
- redis
- mysql
- file: path={{ item }} state=directory
with_items:
- /etc/pram
- /data/pram
- /data/prim/src
- /data/prim/thumb
- /data/prim/avatars
- /data/prim/emoticons
- /data/prim/assets/logo
- /data/prim/assets/banners
- /data/prim/assets/prim
- /data/prim/assets/styles
- /data/prim/assets/includes
- /data/backups
- file: path=/data/prim/ owner=www-data group=www-data recurse=yes
- copy: src=files/limits.conf dest=/etc/security/limits.conf
- copy: src=files/redis.conf dest=/etc/redis/redis.conf
- copy: src=files/nginx.conf dest=/etc/nginx/nginx.conf
- copy: src=files/mysqld.cnf dest=/etc/mysql/mysql.conf.d/mysqld.cnf
- copy: src=files/prim/ dest=/data/prim/assets/includes/
- copy: src=files/backup dest=/etc/cron.daily/backup mode="a+x"
- copy: src={{ item }} dest=/etc/systemd/system/
with_items:
- files/eirka-conf/eirka-index.service
- files/eirka-conf/eirka-get.service
- files/eirka-conf/eirka-post.service
- files/eirka-conf/eirka-admin.service
notify: reload_systemd
- ufw: rule=limit name="OpenSSH"
- ufw: rule=allow name="Nginx Full"
- ufw: state=enabled
- lineinfile: dest=/etc/environment state=present line="export GOROOT=/usr/local/go"
- lineinfile: dest=/etc/environment state=present line="export GOPATH=/data/pram"
- lineinfile: dest=/etc/environment state=present line="export GOBIN=/data/pram/bin"
- lineinfile: dest=/root/.profile state=present line="export PATH=$PATH:$GOROOT/bin"
- file: path=/usr/local/go/ state=absent
- file: path=/root/go.tar.gz state=absent
- get_url:
url: https://go.dev/dl/go1.20.6.linux-amd64.tar.gz
dest: /root/go.tar.gz
checksum: sha256:b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb
- unarchive: src=/root/go.tar.gz dest=/usr/local copy=no
- mysql_user: name=backup password='' host=localhost priv="*.*:RELOAD,PROCESS,LOCK TABLES,REPLICATION CLIENT/performance_schema.*:SELECT" state=present
handlers:
- name: reload_systemd
command: systemctl daemon-reload