+ Scripts to setup packaging on alpha+beta and UFW

playbooks/athens-common/ufw.yml

@@ -0,0 +1,43 @@
+# This play book sets up a mirrored setup for both web service hosts
+# such that they accept web traffic in and out from anywhere
+# but only accept ssh connections from the internal network
+---
+- hosts: alpha,beta
+  remote_user: ubuntu
+  # UFW is only accessible to root so sudo is required for each task
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Install UFW in case it's not here
+      apt:
+        name: ufw
+        update_cache: yes
+    - name: Allow SSH connections from internal network
+      ufw:
+        rule: allow
+        port: ssh
+        direction: incoming
+        src: 10.0.0.128/26
+
+    - name: Rate limit SSH connections
+      ufw:
+        rule: limit
+        direction: incoming
+        port: ssh
+        proto: tcp
+
+    - name: Allow Plain-HTTP traffic from anywhere
+      ufw:
+        rule: allow
+        port: 80
+        proto: tcp
+
+    - name: Allow HTTPS traffic from anywhere
+      ufw:
+        rule: allow
+        port: 443
+        proto: tcp
+
+
+
+

playbooks/beta/init.yml

@@ -0,0 +1,12 @@
+---
+- hosts: beta
+  remote_user: ubuntu
+  tasks:
+    - name: Install Nginx
+      become: yes
+      become_method: sudo
+      apt:
+        name: nginx
+        update_cache: yes
+        state: present
+