Ansible playbook for base and initial configuration of web server hosting my personal websites.
Go to file
Alan Orth f7e87ea7be
roles/common: Fix fail2ban ignoreip
According to jail.conf we actually need to separate multiple values
with spaces instead of commas. On some versions of fail2ban this is
a fatal error:

> CRITICAL Unhandled exception in Fail2Ban:
> Traceback (most recent call last):
>   File "/usr/lib/python3/dist-packages/fail2ban/server/jailthread.py", line 66, in run_with_except_hook
>     run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/fail2ban/server/filtersystemd.py", line 246, in run
>     *self.formatJournalEntry(logentry))
>   File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 432, in processLineAndAdd
>     if self.inIgnoreIPList(ip, log_ignore=True):
>   File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 371, in inIgnoreIPList
>     "(?<=b)1+", bin(DNSUtils.addr2bin(s[1]))).group())
>   File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 928, in addr2bin
>     return struct.unpack("!L", socket.inet_aton(ipstring))[0]
> OSError: illegal IP address string passed to inet_aton

This affects (at least) fail2ban 0.9.3 on Ubuntu 16.04, but I never
noticed.
2021-08-12 15:24:50 +03:00
group_vars Add nginx filter for fail2ban 2021-08-01 09:56:43 +03:00
host_vars Remove extra TCP ports from firewall rules 2021-07-28 14:49:50 +03:00
misc-plays misc-plays/change_password.yml: Use become 2017-10-14 14:20:34 +03:00
roles roles/common: Fix fail2ban ignoreip 2021-08-12 15:24:50 +03:00
vars Import OS-specific vars from task in common role 2018-04-25 18:04:29 +03:00
.gitignore .gitignore: Ignore Vagrant directory 2015-05-24 23:00:48 +03:00
ansible.cfg ansible.cfg: Use auto discovery of Python interpreter 2021-07-07 12:22:00 +03:00
LICENSE Add copy of GPLv3 license 2015-05-08 15:59:15 +03:00
nomads.yml Add a "nomads" group of hosts 2020-12-08 20:55:24 +02:00
Pipfile Use Python 3.9 in pipenv setup 2020-12-02 11:33:10 +02:00
Pipfile.lock Pipfile.lock: Run pipenv update 2021-08-01 16:14:42 +03:00
README.md README.md: Update copyright year 2021-03-20 00:16:16 +02:00
site.yml Add a "nomads" group of hosts 2020-12-08 20:55:24 +02:00
web.yml web.yml: Only run MariaDB role if it is needed 2021-01-01 19:28:40 +02:00

Ansible Playbook

Ansible playbook for base and initial configuration of the web server hosting my personal websites. After successful execution of this playbook, however, there is still some manual work to import databases, copy site content, etc.

Assumptions

Before you can run this, a few things are assumed:

  • You have a clean, minimal Ubuntu 18.04, Debian 10, or Ubuntu 20.04 host up and running
  • Python 3 is installed on the remote server (requirement of Ansible)
  • You have a user account with password-less SSH access to the machine
  • You have sudo privileges on the remote host
  • You have created a hosts file with something like:
[web]
web01

Use

Once you've satisfied the the above assumptions, you can execute:

$ ansible-playbook web.yml

Todo

License

Copyright (C) 20142021 Alan Orth

The contents of this repository are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.