From 0c78a4f72dc90cabf84475c44879811980d1efb4 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Tue, 24 Nov 2020 18:30:59 +0100
Subject: [PATCH 1/5] Add requirements
---
requirements.yml | 4 ++++
1 file changed, 4 insertions(+)
create mode 100644 requirements.yml
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..36978db
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,4 @@
+- src: git+https://github.com/jnv/ansible-role-unattended-upgrades.git
+ version: v1.9.0
+- src: git+https://github.com/adriagalin/ansible.timezone.git
+ version: 3.0.0
From 8d19bc3fa35e8b766e68ebb47b5df225e8ff59df Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Tue, 24 Nov 2020 18:30:46 +0100
Subject: [PATCH 2/5] Move httpd stuff to tasks
---
httpd.yml | 33 ---------------------------------
tasks/httpd.yml | 19 +++++++++++++++++++
2 files changed, 19 insertions(+), 33 deletions(-)
delete mode 100644 httpd.yml
create mode 100644 tasks/httpd.yml
diff --git a/httpd.yml b/httpd.yml
deleted file mode 100644
index 73dcebf..0000000
--- a/httpd.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- hosts: tau
- become: true
-
- vars:
- - server_admin: "admin@netz39.de"
-
-
- tasks:
- - name: Update and clean package cache
- apt:
- update_cache: true
- cache_valid_time: 3600
- autoclean: true
-
- - name: Ensure Apache2 and modules are installed and up to date
- apt:
- name:
- - apache2
- state: latest
-
- - name: Ensure mod_rewrite is enabled
- apache2_module:
- name: rewrite
- state: present
-
-
- - name: Setup proxy site testredmine.netz39.de
- include_role:
- name: setup-http-site-proxy
- vars:
- site_name: testredmine.netz39.de
- proxy_port: 9004
diff --git a/tasks/httpd.yml b/tasks/httpd.yml
new file mode 100644
index 0000000..8b3f71d
--- /dev/null
+++ b/tasks/httpd.yml
@@ -0,0 +1,19 @@
+---
+- name: Ensure Apache2 and modules are installed and up to date
+ apt:
+ name:
+ - apache2
+ state: latest
+
+- name: Ensure mod_rewrite is enabled
+ apache2_module:
+ name: rewrite
+ state: present
+
+
+- name: Setup proxy site testredmine.netz39.de
+ include_role:
+ name: setup-http-site-proxy
+ vars:
+ site_name: testredmine.netz39.de
+ proxy_port: 9004
From 7ae7d10c04418f27f8c3500c34730eeb272d3fc9 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Tue, 24 Nov 2020 18:31:09 +0100
Subject: [PATCH 3/5] Add main playbook as entry point
---
main.yml | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 main.yml
diff --git a/main.yml b/main.yml
new file mode 100644
index 0000000..80b1516
--- /dev/null
+++ b/main.yml
@@ -0,0 +1,17 @@
+---
+- hosts: tau
+ become: true
+
+ vars:
+ - server_admin: "admin@netz39.de"
+
+
+ tasks:
+ - name: Update and clean package cache
+ apt:
+ update_cache: true
+ cache_valid_time: 3600
+ autoclean: true
+
+ - name: Setup httpd
+ include_tasks: tasks/httpd.yml
From 08166097ab6a20ae50cd8d1e32441e4e14a5e09a Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Tue, 24 Nov 2020 18:47:03 +0100
Subject: [PATCH 4/5] Set timezone
---
main.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/main.yml b/main.yml
index 80b1516..db233a9 100644
--- a/main.yml
+++ b/main.yml
@@ -4,7 +4,10 @@
vars:
- server_admin: "admin@netz39.de"
+ - ag_timezone: Europe/Berlin
+ roles:
+ - role: ansible.timezone
tasks:
- name: Update and clean package cache
From f10e60941be721d4f1871b636be5996c6a5043c9 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Tue, 24 Nov 2020 18:47:16 +0100
Subject: [PATCH 5/5] Setup unattended-upgrades
---
main.yml | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/main.yml b/main.yml
index db233a9..fa26049 100644
--- a/main.yml
+++ b/main.yml
@@ -16,5 +16,20 @@
cache_valid_time: 3600
autoclean: true
+ - name: Ensure unattended-upgrades is installed and up to date
+ apt:
+ name: unattended-upgrades
+ state: latest
+
+ - name: Setup unattended-upgrades
+ include_role:
+ name: ansible-role-unattended-upgrades
+ vars:
+ unattended_origins_patterns:
+ - 'origin=Debian,archive=buster-security'
+ - 'o=Debian,a=buster-updates'
+ unattended_package_blacklist: [cowsay]
+ unattended_mail: 'root'
+
- name: Setup httpd
include_tasks: tasks/httpd.yml