replatform/site.yml at master · programmer-ke/replatform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
---
- hosts: myplatform
  remote_user: root

  vars_files:
    - vars.yml

  vars:
    - private_vars_location: "/root/private_vars"

  pre_tasks:

    - block:
      - name: Check that we have our private variables file in correct location
        stat: path="{{ private_vars_location }}/vars.yml"
        register: private_vars_file

      - name: Include private vars
        include_vars: "{{ private_vars_location }}/vars.yml"
        when: private_vars_file.stat.exists

      - name: Create private vars template
        include_tasks: private_vars_template.yml
        when: not private_vars_file.stat.exists

      delegate_to: 127.0.0.1

    - include_tasks: hostname.yml

    - name: Remove dependencies that are no longer required from a
        previous update
      apt:
        autoremove: yes

    - name: Do a dist-upgrade. Unused packages may be removed and new
        ones added
      apt:
        update_cache: yes
        cache_valid_time: 3600 # 1 hr
        upgrade: dist

  tasks:

    - include_tasks: timezone.yml
    - include_tasks: ssh.yml
    - include_tasks: unattended_upgrades.yml
    - include_tasks: ssl_cert.yml

    - name: Create admin user for local administrative tasks
      user:
        name: admin
        create_home: yes
        password: "{{ admin_mail_password | password_hash('blowfish', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=server_hostname) | join)[:21] + ('Oeu' | shuffle(seed=server_hostname) | join)[1], rounds=11) }}"
        groups: adm
        append: true

    - include_tasks: web_server_setup.yml
    - include_tasks: mail_server_setup.yml

    - name: Ensure rsync is installed
      apt: pkg=rsync state=present

    - include_tasks: reboot_required_check.yml

  handlers:
    - name: restart networking
      service:
        name: networking
        state: restarted

    - name: restart ssh
      service: name=ssh state=restarted

    - name: restart nginx
      service: name=nginx state=restarted

    - name: reload nginx
      service: name=nginx state=reloaded

    - name: reload postfix
      service: name=postfix state=reloaded

    - name: reload dovecot
      service: name=dovecot state=reloaded

    - name: update aliases db
      command: newaliases

    - name: update virtual alias maps db
      command: postmap /etc/postfix/virtual

    - name: update login maps db
      command: postmap /etc/postfix/login_maps

    - name: restart spamass-milter
      service: name=spamass-milter state=restarted

    - name: restart spamassassin daemon
      service: name=spamassassin state=restarted

    - name: restart opendkim
      service: name=opendkim state=restarted

    - name: pre-compile default sieve
      command: sievec /var/lib/dovecot/sieve/default.sieve