This repository has been archived by the owner on May 30, 2021. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 6
/
main.yml
97 lines (77 loc) · 2.22 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
- hosts: jenkins
become: yes
gather_facts: no
vars_files:
- vars/config.yml
pre_tasks:
# See: https://github.com/geerlingguy/drupal-vm/issues/1245
- name: Install Python if it's not available.
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
register: output
changed_when: output.stdout != ""
- action: setup
tags: ['always']
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
tags: ['always']
- name: Include non-prod override vars when not in production.
include_vars: vars/non-prod.yml
when: jenkins_test_mode
- name: Include prod secrets when in production.
include_vars: "{{ item }}"
with_fileglob:
- vars/secrets.yml
when: not jenkins_test_mode
- name: Ensure OpenSSH is installed.
apt: 'name="{{ item }}" state=present'
with_items:
- openssh-server
- openssh-client
roles:
- role: geerlingguy.git
tags: ['git']
- role: geerlingguy.java
tags: ['java']
- role: geerlingguy.jenkins
tags: ['jenkins']
- role: geerlingguy.docker
tags: ['docker']
- role: geerlingguy.ansible
tags: ['ansible']
- role: geerlingguy.security
tags: ['security']
when: not jenkins_test_mode
- role: geerlingguy.firewall
tags: ['firewall', 'security']
when: not jenkins_test_mode
- role: geerlingguy.certbot
tags: ['certbot']
- role: geerlingguy.pip
tags: ['pip', 'ssl']
- role: geerlingguy.nginx
tags: ['nginx']
tasks:
- name: Copy Ansible configs into place.
template:
src: templates/{{ item.src }}
dest: /etc/ansible/{{ item.dest }}
with_items:
- src: ansible.cfg.j2
dest: ansible.cfg
- src: jenkins-ansible-inventory.j2
dest: hosts
tags: ['ansible']
- name: Copy Jenkins jobs into place.
copy:
src: templates/jobs
dest: /var/lib/jenkins
notify: restart jenkins
become: yes
become_user: jenkins
tags: ['jenkins']
- name: Add Jenkins user to Docker group.
user:
name: jenkins
groups: docker
append: yes