--- - name: install ansible semaphore hosts: all become: true tasks: - name: remove other files include_tasks: yaml_sub/myrepo_clean.yaml - name: update file myrepo.repo import_tasks: yaml_sub/myrepo_data.yaml - name: install client ansible.builtin.dnf: name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm" state: present update_cache: true skip_broken: true nobest: false allowerasing: true disable_gpg_check: true - name: ldap include_tasks: yaml_sub/ldap.yaml - name: sssd include_tasks: yaml_sub/sssd.yaml - name: remove other files include_tasks: yaml_sub/myrepo_clean.yaml - name: update file myrepo.repo import_tasks: yaml_sub/myrepo_data.yaml - name: install nfs tools dnf: name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind state: present update_cache: true skip_broken: true nobest: false allowerasing: true - name: Make sure rpcbind service unit is started systemd_service: enabled: true state: started name: rpcbind - name: mount_info include_tasks: yaml_sub/mount_info.yaml - name: remove other files include_tasks: yaml_sub/install_docker.yaml - name: install python3-request dnf: name: python3-requests+security state: present update_cache: true skip_broken: true nobest: false allowerasing: true - name: Create network semaphoreNet community.docker.docker_network: name: semaphoreNet - name: Create volume semaphore_maria_db community.docker.docker_volume: name: semaphore_maria_db state: present - name: Create mariab container community.docker.docker_container: name: semaphoremariadb image: mariadb state: started recreate: no restart_policy: always env: MARIADB_DATABASE: "semaphore" MARIADB_USER: "semaphore" MARIADB_PASSWORD: "{{ sqlpwd }}" MARIADB_ROOT_PASSWORD: "{{ sqlrootpwd }}" MYSQL_ROOT_HOST: "%" networks: - name: semaphoreNet comparisons: networks: strict volumes: - "semaphore_maria_db:/var/lib/mysql" - name: set smtpd_pre.conf blockinfile: path: /root/opensmtpd/smtpd_pre.conf state: present create: true owner: "root" group: "root" mode: "0644" block: | listen on 0.0.0.0 listen on :: table aliases file:/etc/smtpd/aliases queue ttl 4d bounce warn-interval 1h, 6h, 2d smtp max-message-size 35M table authinfo db:/etc/smtpd/authinfo.db action default relay host "smtps://user@mailhost.neurotec.uni-bremen.de:465" auth tls no-verify match from any for any action default - name: Create a volume smtpd_spool community.docker.docker_volume: name: smtpd_spool state: present - name: Create OpenSMTPd community.docker.docker_container: name: smtpd image: wodby/opensmtpd state: started recreate: no restart_policy: always published_ports: - "25:25/tcp" env: RELAY_HOST: "XXX" RELAY_PROTO: "smtps" RELAY_PORT: "XXX" RELAY_USER: "{{ EMAIL__USERNAME }}" RELAY_PASSWORD: "{{ EMAIL__PASSWORD }}" volumes: - "/root/opensmtpd/smtpd_pre.conf:/etc/gotpl/smtpd.conf.tmpl" - "smtpd_spool:/var/spool/smtpd" networks: - name: semaphoreNet - name: bridge comparisons: networks: strict - name: install mailx dnf: name: "mailx,telnet,sendmail" state: latest update_cache: true skip_broken: true nobest: false allowerasing: true - name: esmtprc blockinfile: path: /etc/esmtprc state: present create: true block: | hostname = 127.0.0.1:25 mda "/usr/bin/procmail -d %T" - name: Create volume semaphore_etc community.docker.docker_volume: name: semaphore_etc state: present - name: Create volume semaphore_lib community.docker.docker_volume: name: semaphore_lib state: present - name: Create volume semaphore_tmp community.docker.docker_volume: name: semaphore_tmp state: present - name: copy key ansible.builtin.copy: src: "/config/neuro_ansible/semaphore-wrapper" dest: "/root/semaphore-wrapper" owner: root group: root mode: "0777" - name: Create semaphore container community.docker.docker_container: name: semaphore image: semaphoreui/semaphore state: started recreate: yes restart_policy: always volumes: - "semaphore_etc:/etc/semaphore" - "semaphore_lib:/var/lib/semaphore" - "semaphore_tmp:/tmp/semaphore/" - "/root/semaphore-wrapper:/usr/local/bin/semaphore-wrapper" env: SEMAPHORE_DB_USER: "semaphore" SEMAPHORE_DB_PASS: "{{ sqlpwd }}" SEMAPHORE_DB_HOST: "semaphoremariadb" SEMAPHORE_DB_PORT: "3306" SEMAPHORE_DB_DIALECT: "mysql" SEMAPHORE_DB: "semaphore" SEMAPHORE_PLAYBOOK_PATH: "/tmp/semaphore/" SEMAPHORE_ADMIN_PASSWORD: "{{ semapwd }}" SEMAPHORE_ADMIN_NAME: "admin" SEMAPHORE_ADMIN_EMAIL: "davrot@uni-bremen.de" SEMAPHORE_ADMIN: "admin" SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{ semakey }}" SEMAPHORE_LDAP_ACTIVATED: "no" ANSIBLE_HOST_KEY_CHECKING: "False" SEMAPHORE_EMAIL_ALERT: "yes" SEMAPHORE_EMAIL_HOST: "smtpd" SEMAPHORE_EMAIL_SENDER: "computers@neuro.uni-bremen.de" TZ: "Europe/Berlin" networks: - name: semaphoreNet comparisons: networks: strict - name: set nginx.conf blockinfile: path: /root/nginx/nginx.conf state: present create: true owner: "root" group: "root" mode: "0644" block: | events {} http { server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; } server { listen 443 ssl; ssl_certificate /certs/nginx_certificate.pem; ssl_certificate_key /certs/nginx_key.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; server_tokens off; client_max_body_size 50M; location / { proxy_pass http://semaphore:3000; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 3m; proxy_send_timeout 3m; } } } - name: copy key ansible.builtin.copy: src: "/config/certs/key.pem" dest: "/root/nginx/key.pem" owner: root group: root mode: "0600" - name: copy ca ansible.builtin.copy: src: "/config/certs/crt_ca.pem" dest: "/root/nginx/ca.pem" owner: root group: root mode: "0600" - name: Create nginx container community.docker.docker_container: name: nginx image: "nginx:stable-alpine" state: started recreate: no restart_policy: always volumes: - "/root/nginx/key.pem:/certs/nginx_key.pem:ro" - "/root/nginx/ca.pem:/certs/nginx_certificate.pem:ro" - "/root/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" ports: - "0.0.0.0:443:443" - "0.0.0.0:80:80" env: NGINX_WORKER_PROCESSES: "4" NGINX_WORKER_CONNECTIONS: "768" networks: - name: semaphoreNet comparisons: networks: strict