yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/dmz_haproxy/tasks/main.yml

80 lines
2.0 KiB
YAML
Raw Blame History

---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
vars:
msg: haproxy
### ⇐ UPSTREAM BEGIN ###
- name: install software
package:
name: "{{item}}"
state: present
with_items:
- haproxy
### UPSTREAM END ⇒ ###
- name: merge upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
vars:
msg: haproxy
### ⇐ UPSTREAM END ###
- name: prepare overriding haproxy settings
file:
name: /etc/systemd/system/haproxy.service.d
state: directory
mode: 0755
- name: set nginx as a dependency (for sockets)
copy:
content: |
[Unit]
Wants=nginx.service
After=nginx.service
dest: /etc/systemd/system/haproxy.service.d/wants_nginx.conf
mode: 0644
notify:
- restart haproxy.service
- name: secure haproxy systemd settings
copy:
content: |
[Service]
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_CHROOT
PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true
dest: "/etc/systemd/system/haproxy.service.d/secure-{{nickname}}.conf"
mode: 0644
notify:
- restart haproxy.service
- name: configure HAProxy
template:
src: templates/haproxy.conf.j2
dest: /etc/haproxy/haproxy.cfg
mode: 0600
notify:
- restart haproxy.service
- name: enable haproxy
systemd:
daemon-reload: true
name: haproxy.service
enabled: true
### LOCAL COMMIT ⇒ ###
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: haproxy
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers
Reference in New Issue View Git Blame Copy Permalink