95 lines
2.4 KiB
YAML
95 lines
2.4 KiB
YAML
---
|
|
- name: Ensure UFW is enabled and accepting HTTPS traffic
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
rule: allow
|
|
to_port: '443'
|
|
|
|
- name: Ensure UFW is enabled and accepting HTTP traffic
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
rule: allow
|
|
to_port: '80'
|
|
|
|
|
|
- name: Ensure the document root exists for node exporter
|
|
file:
|
|
path: "/var/www/node-metrics-{{ ansible_fqdn }}/"
|
|
state: directory
|
|
owner: www-data
|
|
|
|
- name: Ensure the document root exists postfixnode exporter
|
|
file:
|
|
path: "/var/www/postfix-metrics-{{ ansible_fqdn }}/"
|
|
state: directory
|
|
owner: www-data
|
|
|
|
# Add DNS entries in OVH
|
|
|
|
- name: Check if certificates exist
|
|
stat:
|
|
path: "/etc/letsencrypt/live/node-metrics-{{ ansible_fqdn }}/fullchain.pem"
|
|
register: node_certificate
|
|
|
|
- name: Check if postfix certificates exist
|
|
stat:
|
|
path: "/etc/letsencrypt/live/postfix-metrics-{{ ansible_fqdn }}/fullchain.pem"
|
|
register: postfix_certificate
|
|
|
|
- name: Request certificates for node and postfix
|
|
include_tasks: configure_prometheus_exporters_certificates.yml
|
|
when: not node_certificate.stat.exists or not postfix_certificate.stat.exists
|
|
|
|
- name: Enable the Apache2 SSL module
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: ssl
|
|
|
|
- name: Enable the Apache2 rewrite module
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: rewrite
|
|
|
|
- name: Enable the Apache2 authnz_external module
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: authnz_external
|
|
|
|
- name: Enable the Apache2 proxy module
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: proxy
|
|
|
|
- name: Enable the Apache2 proxy_http module
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: proxy_http
|
|
|
|
- name: Enable the Apache2 proxy_wstunnel module
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: proxy_wstunnel
|
|
|
|
- name: Enable the Apache2 authnz_external module
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: authnz_external
|
|
|
|
- name: Ensure virtual hosts configuration is deployed
|
|
template:
|
|
src: templates/apache2.conf.j2
|
|
dest: /etc/apache2/sites-available/25-metrics-exporters.conf
|
|
backup: yes
|
|
|
|
- name: Ensure virtual hosts configuration is enabled
|
|
file:
|
|
dest: /etc/apache2/sites-enabled/25-metrics-exporters.conf
|
|
src: /etc/apache2/sites-available/25-metrics-exporters.conf
|
|
state: link
|
|
|
|
- name: Start Apache2 after request certificate
|
|
service:
|
|
name: apache2
|
|
state: started
|