Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - name: server-setup
- hosts: "{{server}}"
- tasks:
- - name: Set timezone
- timezone:
- name: America/New_York
- - name: upgrade all packages
- yum:
- name: '*'
- state: latest
- - name: Install epel-release
- yum:
- name:
- - epel-release
- - name: Install wget
- yum:
- name:
- - wget
- - name: Add Openlitespeed repo
- yum:
- name: http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el7.noarch.rpm
- state: present
- - name: Add MariaDB 10 Repo
- yum_repository:
- name: mariadb
- description: MariaDB
- baseurl: http://yum.mariadb.org/10.4/centos7-amd64
- gpgkey: https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
- gpgcheck: true
- state: present
- - name: Install common software requirements
- yum:
- name:
- - openlitespeed
- - fail2ban
- - htop
- - 'lsphp56*'
- - 'lsphp73*'
- - 'lsphp74*'
- - MariaDB-server
- - MariaDB-client
- - ImageMagick
- - ghostscript
- - certbot
- - ncftp
- - holland
- - holland-mysqldump
- - zip
- - unzip
- - yum-cron
- - monit
- - name: start lsws and set to start at boot
- systemd:
- name: lsws
- state: started
- enabled: yes
- - name: start mariadb and set to start at boot
- systemd:
- name: mariadb
- state: started
- enabled: yes
- - name: start postfix and set to start at boot
- systemd:
- name: postfix
- state: started
- enabled: yes
- - name: open port 80 in firewall
- firewalld:
- service: http
- permanent: yes
- state: enabled
- - name: open port 443 in firewall
- firewalld:
- service: https
- permanent: yes
- state: enabled
- - name: open port 7080 in firewall
- firewalld:
- port: 7080/tcp
- permanent: yes
- state: enabled
- - name: open port 2812 in firewall
- firewalld:
- port: 2812/tcp
- permanent: yes
- state: enabled
- - name: firewalld reload
- command: firewall-cmd --reload
- - name: copy fail2ban files to the linode servers
- shell: |
- rsync -avzh root@projects.appnet.com:/etc/ansible/playbooks/server-setup/fail2ban/jail.local.new /etc/fail2ban/jail.local
- rsync -avzh root@projects.appnet.com:/etc/ansible/playbooks/server-setup/fail2ban/filter.d/wordpress.conf /etc/fail2ban/filter.d/wordpress.conf
- - name: start fail2ban and set to start at boot
- systemd:
- name: fail2ban
- state: started
- enabled: yes
- - name: copy holland files to the linode servers
- shell: |
- rsync -avzh root@projects.appnet.com:/etc/ansible/playbooks/server-setup/holland/holland.conf /etc/holland/holland.conf
- rsync -avzh root@projects.appnet.com:/etc/ansible/playbooks/server-setup/holland/backupsets/default.conf /etc/holland/backupsets/default.conf
- - name: create /var/www directory
- file:
- path: /var/www
- state: directory
- - name: create /var/www/vhosts directory
- file:
- path: /var/www/vhosts
- state: directory
- - name: Ensure group "appnet" exists
- group:
- name: appnet
- state: present
- - name: Ensure group "sftponly" exists
- group:
- name: sftponly
- state: present
- - name: Add the user 'appnet' with a specific uid and a primary group of 'appnet'
- user:
- name: appnet
- shell: /sbin/nologin
- groups:
- - appnet
- - sftponly
- state: present
- createhome: no
- home: /var/www/vhosts
- - name: set PHP 5.6 variables
- ini_file:
- path: /usr/local/lsws/lsphp56/etc/php.ini
- section: "{{ item.section }}"
- option: "{{ item.option }}"
- value: "{{ item.value }}"
- with_items:
- - { section: "PHP", option: "short_open_tag", value: "On" }
- - { section: "PHP", option: "max_execution_time", value: "300" }
- - { section: "PHP", option: "max_input_time", value: "300" }
- - { section: "PHP", option: "memory_limit", value: "128M" }
- - { section: "PHP", option: "post_max_size", value: "32M" }
- - { section: "PHP", option: "upload_max_filesize", value: "32M" }
- - { section: "PHP", option: "date.timezone", value: "'America/New_York'" }
- - { section: "PHP", option: "session.save_path", value: "'/tmp'" }
- - name: set PHP 7.3 variables
- ini_file:
- path: /usr/local/lsws/lsphp73/etc/php.ini
- section: "{{ item.section }}"
- option: "{{ item.option }}"
- value: "{{ item.value }}"
- with_items:
- - { section: "PHP", option: "short_open_tag", value: "On" }
- - { section: "PHP", option: "max_execution_time", value: "300" }
- - { section: "PHP", option: "max_input_time", value: "300" }
- - { section: "PHP", option: "memory_limit", value: "128M" }
- - { section: "PHP", option: "post_max_size", value: "32M" }
- - { section: "PHP", option: "upload_max_filesize", value: "32M" }
- - { section: "PHP", option: "date.timezone", value: "'America/New_York'" }
- - { section: "PHP", option: "session.save_path", value: "'/tmp'" }
- - name: set PHP 7.4 variables
- ini_file:
- path: /usr/local/lsws/lsphp74/etc/php.ini
- section: "{{ item.section }}"
- option: "{{ item.option }}"
- value: "{{ item.value }}"
- with_items:
- - { section: "PHP", option: "short_open_tag", value: "On" }
- - { section: "PHP", option: "max_execution_time", value: "300" }
- - { section: "PHP", option: "max_input_time", value: "300" }
- - { section: "PHP", option: "memory_limit", value: "128M" }
- - { section: "PHP", option: "post_max_size", value: "32M" }
- - { section: "PHP", option: "upload_max_filesize", value: "32M" }
- - { section: "PHP", option: "date.timezone", value: "'America/New_York'" }
- - { section: "PHP", option: "session.save_path", value: "'/tmp'" }
- - name: Edit SSHD Config
- lineinfile:
- path: /etc/ssh/sshd_config
- regexp: '^Subsystem'
- line: 'Subsystem sftp internal-sftp'
- - name: Edit SSHD Config Part 2
- blockinfile:
- path: /etc/ssh/sshd_config
- block: |
- Match Group sftponly
- ChrootDirectory %h
- X11Forwarding no
- AllowTCPForwarding no
- ForceCommand internal-sftp -u 0002
- roles:
- - {role: sbaerlocher.wp-cli}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
