2021-10-25 22:33:27 +02:00
|
|
|
- name: "Python is Python3"
|
|
|
|
|
apt:
|
|
|
|
|
name: "python-is-python3"
|
|
|
|
|
state: "present"
|
2021-10-25 22:39:31 +02:00
|
|
|
when:
|
2021-10-25 22:40:14 +02:00
|
|
|
- ansible_facts['distribution_major_version'] | int >= 20
|
2021-10-25 22:41:55 +02:00
|
|
|
- ansible_facts['distribution'] == "Ubuntu"
|
2021-10-25 22:33:27 +02:00
|
|
|
|
2021-08-17 22:29:04 +02:00
|
|
|
- name: "Upgrade to the latest packages"
|
|
|
|
|
apt:
|
|
|
|
|
upgrade: "dist"
|
|
|
|
|
autoremove: "yes"
|
2021-08-24 21:30:26 +02:00
|
|
|
update_cache: yes
|
2021-08-17 22:29:04 +02:00
|
|
|
|
|
|
|
|
- name: "Install packages"
|
|
|
|
|
apt:
|
|
|
|
|
name: "{{ apt_packages }}"
|
|
|
|
|
state: "present"
|
|
|
|
|
|
|
|
|
|
- name: "Allow tcp traffic on defined ports"
|
|
|
|
|
ufw:
|
|
|
|
|
rule: "allow"
|
2021-10-25 19:28:37 +02:00
|
|
|
port: "22"
|
2021-08-17 22:29:04 +02:00
|
|
|
proto: "tcp"
|
|
|
|
|
|
2021-10-25 12:50:13 +02:00
|
|
|
- name: "Allow udp traffic on defined ports"
|
|
|
|
|
ufw:
|
|
|
|
|
rule: "allow"
|
|
|
|
|
port: 60001:60099
|
|
|
|
|
proto: "udp"
|
|
|
|
|
|
2021-10-25 13:32:04 +02:00
|
|
|
- name: "Enable UFW"
|
|
|
|
|
ufw:
|
|
|
|
|
state: "enabled"
|
2021-11-12 08:56:34 +01:00
|
|
|
when: ufw_disabled is undefined
|
2021-10-25 13:32:04 +02:00
|
|
|
|
2021-08-17 22:29:04 +02:00
|
|
|
- name: "Lock root user"
|
|
|
|
|
command: "passwd -l root"
|
2021-10-25 13:22:16 +02:00
|
|
|
|
2021-11-11 20:46:24 +01:00
|
|
|
- name: Add deploy user
|
|
|
|
|
user:
|
|
|
|
|
name: "{{ common_deploy_user_name }}"
|
|
|
|
|
shell: /bin/bash
|
|
|
|
|
|
|
|
|
|
- name: Add authorized keys for deploy user
|
|
|
|
|
authorized_key:
|
|
|
|
|
user: "{{ common_deploy_user_name }}"
|
|
|
|
|
key: "{{ lookup('file', item) }}"
|
|
|
|
|
with_items: "{{ common_deploy_public_key }}"
|
|
|
|
|
|
|
|
|
|
- name: Add deploy user to sudoers
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/sudoers"
|
|
|
|
|
regexp: "{{ common_deploy_user_name }} ALL"
|
|
|
|
|
line: "{{ common_deploy_user_name }} ALL=(ALL) NOPASSWD: ALL"
|
|
|
|
|
state: "present"
|
|
|
|
|
|
2021-11-20 11:20:24 +01:00
|
|
|
- name: "Check if pip is installed"
|
|
|
|
|
ansible.builtin.stat:
|
|
|
|
|
path: "/usr/local/bin/pip3"
|
|
|
|
|
register: pip_state
|
|
|
|
|
|
2021-11-11 22:15:39 +01:00
|
|
|
- name: "Download the newest Pip"
|
2021-10-25 13:26:46 +02:00
|
|
|
get_url:
|
2021-10-25 13:22:16 +02:00
|
|
|
url: "https://bootstrap.pypa.io/get-pip.py"
|
|
|
|
|
dest: "/tmp/get-pip.py"
|
|
|
|
|
mode: "0644"
|
2021-11-11 22:11:08 +01:00
|
|
|
when:
|
|
|
|
|
- ansible_facts['distribution_major_version'] | int >= 20
|
|
|
|
|
- ansible_facts['distribution'] == "Ubuntu"
|
2021-11-20 11:20:24 +01:00
|
|
|
- not pip_state.stat.exists
|
2021-11-11 21:37:56 +01:00
|
|
|
|
2021-11-11 22:15:39 +01:00
|
|
|
- name: "Download Pip for Python 3.5"
|
2021-11-11 21:37:56 +01:00
|
|
|
get_url:
|
|
|
|
|
url: "https://bootstrap.pypa.io/pip/3.5/get-pip.py"
|
|
|
|
|
dest: "/tmp/get-pip.py"
|
|
|
|
|
mode: "0644"
|
2021-11-20 11:20:24 +01:00
|
|
|
when:
|
|
|
|
|
- (not ansible_facts['distribution_major_version'] | int >= 20
|
|
|
|
|
or not ansible_facts['distribution'] == "Ubuntu")
|
|
|
|
|
- not pip_state.stat.exists
|
2021-10-25 13:22:16 +02:00
|
|
|
|
|
|
|
|
- name: "Install pip"
|
|
|
|
|
command:
|
|
|
|
|
cmd: "python3 /tmp/get-pip.py"
|
2021-11-20 11:20:24 +01:00
|
|
|
when: not pip_state.stat.exists
|
|
|
|
|
|
|
|
|
|
- name: "Upgrade pip"
|
|
|
|
|
ansible.builtin.pip:
|
|
|
|
|
name: pip
|
|
|
|
|
state: latest
|
|
|
|
|
when: pip_state.stat.exists
|
