Moving ansible playbook stuff to its new resting place

ansible/tasks/certbot-installation.yml

@@ -0,0 +1,19 @@
+- name: Install required packages
+  pip:
+    name:
+      - certbot
+      - certbot-nginx
+    executable: pip3
+- name: Register
+  shell: |
+    certbot -n register --agree-tos -m dev@shockrah.xyz,temper@temper.tv
+    touch /etc/letsencrypt/.registered
+  args:
+    creates: /etc/letsencrypt/.registered
+- name: Setup cron job for renewal every monday at 1 am
+  cron:
+    name: certbot-renewal
+    job: "bash -lc 'certbot -q renew'"
+    minute: 0
+    hour: 1
+    weekday: 1

ansible/tasks/nginx-setup.yml

@@ -0,0 +1,35 @@
+- name: Install nginx
+  apt:
+    name: nginx
+    update_cache: yes
+- name: Create user for nginx purposes
+  user:
+    name: nginx
+    shell: /bin/bash
+    create_home: false
+- name: Create nginx website directory
+  file:
+    state: directory
+    owner: nginx
+    path:  /opt/nginx
+- name: Copy over the nginx.conf files for each server
+  copy:
+    src: "../files/{{ item }}"
+    dest: /etc/nginx/sites-available/
+  loop:
+    - shockrah.xyz.conf
+    - resume.shockrah.xyz.conf
+    - temper.tv.conf
+- name: Enable the site configs with sym links
+  file:
+    src: "/etc/nginx/sites-available/{{ item }}"
+    dest: "/etc/nginx/sites-enabled/{{ item }}"
+    state: link
+  loop:
+    - shockrah.xyz.conf
+    - resume.shockrah.xyz.conf
+    - temper.tv.conf
+- name: Restart nginx conf to pick up new config changes
+  service:
+    name: nginx
+    state: restarted

ansible/tasks/setup-aws-cli.yml

@@ -0,0 +1,12 @@
+- name: Ensure we have the unzip package
+  apt:
+    name: unzip
+- name: Download the AWS CLI V2
+  get_url:
+    url: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
+    dest: /tmp/awscli.zip
+- name: Unzip the cli to the tmp dir
+  shell: unzip /tmp/awscli.zip -d /tmp
+- name: Run awscli installer
+  shell: /tmp/aws/install
+

ansible/tasks/ssh.yml

@@ -0,0 +1,6 @@
+- name: Harden the SSH configuration
+  copy:
+    src: ../files/ssh.conf
+    dest: /etc/sshd_config
+    mode: 644
+

ansible/tasks/tests/local-site-presence.yml

@@ -0,0 +1,26 @@
+  - name: Add local routing for the server confs
+    lineinfile:
+      path: /etc/hosts
+      state: present
+      line: "127.0.0.1 {{ item }}"
+    loop: "{{ websites }}"
+  - name: Curl the local endpoints to check connection nginx reverse proxy
+    uri:
+      url: "http://{{ item }}"
+      status_code:
+        - 200
+        - 404
+    loop: "{{ websites }}"
+  - name: Sanity Check the nginx reverse proxy
+    uri:
+      url: "http://not-real.{{ item }}"
+    loop: "{{ websites }}"
+    register: result
+    failed_when: result.status != -1
+  - name: Cleanup /etc/hosts
+    lineinfile:
+      path: /etc/hosts
+      state: absent
+      line: "127.0.0.1 {{ item }}"
+    loop: "{{ websites }}"
+

ansible/tasks/ufw-setup.yml

@@ -0,0 +1,15 @@
+- name: SSH Limit in fireweall
+  community.general.ufw:
+    rule: limit
+    port: ssh
+    proto: tcp
+- name: Allow web traffic as needed
+  community.general.ufw:
+    rule: allow
+    port: "{{ item }}"
+    proto: tcp
+  loop:
+    - 80
+    - 443
+
+