92 lines
2 KiB
YAML
92 lines
2 KiB
YAML
---
|
|
- name: Setup Atlas
|
|
hosts: atlas
|
|
|
|
handlers:
|
|
- name: restart postgres
|
|
systemd:
|
|
name: postgresql
|
|
state: restarted
|
|
- name: enable interfaces
|
|
command:
|
|
cmd: ifup -a
|
|
|
|
tasks:
|
|
- name: Update
|
|
apt:
|
|
autoremove: true
|
|
upgrade: yes
|
|
state: latest
|
|
update_cache: yes
|
|
cache_valid_time: 86400
|
|
- name: Install packages
|
|
apt:
|
|
pkg:
|
|
- qemu-kvm
|
|
- libvirt-daemon-system
|
|
- postgresql
|
|
- python3-psycopg2
|
|
- sudo
|
|
- bridge-utils
|
|
- name: Start libvirtd
|
|
systemd:
|
|
name: libvirtd
|
|
enabled: true
|
|
state: started
|
|
- name: Add root to libvirt group
|
|
user:
|
|
name: root
|
|
groups: libvirt
|
|
append: yes
|
|
- name: Disable apparmor
|
|
systemd:
|
|
name: apparmor
|
|
enabled: false
|
|
state: stopped
|
|
- name: Create terraform database
|
|
postgresql_db:
|
|
name: terraform_state
|
|
owner: terraform
|
|
become: true
|
|
become_user: postgres
|
|
- name: Create database user
|
|
postgresql_user:
|
|
name: terraform
|
|
become: true
|
|
become_user: postgres
|
|
- name: Grant database user access to database
|
|
postgresql_privs:
|
|
type: database
|
|
database: terraform_state
|
|
roles: terraform
|
|
grant_option: no
|
|
privs: all
|
|
become: true
|
|
become_user: postgres
|
|
notify: restart postgres
|
|
- name: Allow remote access to database for user
|
|
postgresql_pg_hba:
|
|
dest: /etc/postgresql/15/main/pg_hba.conf
|
|
contype: host
|
|
databases: all
|
|
method: trust
|
|
users: terraform
|
|
address: "10.42.0.0/24"
|
|
create: true
|
|
become: true
|
|
become_user: postgres
|
|
notify: restart postgres
|
|
- name: Open postgres port
|
|
ini_file:
|
|
path: /etc/postgresql/15/main/postgresql.conf
|
|
section: null
|
|
option: listen_addresses
|
|
value: "'*'"
|
|
notify: restart postgres
|
|
- name: Copy interfaces configuration
|
|
copy:
|
|
src: dmz.conf
|
|
dest: /etc/network/interfaces.d/dmz.conf
|
|
notify: enable interfaces
|
|
roles:
|
|
- githubixx.ansible_role_wireguard
|