ansible-libretic-aap/setup-env.yml

# code: language=ansible
- name: Setup ansible
  hosts: ansible
  tasks:
    - name: Paquets prérequis
      ansible.builtin.package:
        name:
          - python3-passlib  # pour htpasswd
          - direnv
          - git
          - unzip

    - name: Installation de novops - executable
      ansible.builtin.unarchive:
        src: https://github.com/PierreBeucher/novops/releases/download/v0.15.0/novops_linux_x86_64.zip
        dest: /usr/local/bin
        creates: /usr/local/bin/novops
        remote_src: true
      tags: novops

    - name: Installation de novops - chmod
      ansible.builtin.file:
        path: /usr/local/bin/novops
        owner: root
        group: root
        mode: u=rwx,g=rx,o=rx
      tags: novops

    - name: Installation de bw cli - executable
      ansible.builtin.unarchive:
        src: https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip
        dest: /usr/local/bin
        creates: /usr/local/bin/bw
        remote_src: true
      tags: bwcli

    - name: Installation de bw cli - chmod
      ansible.builtin.file:
        path: /usr/local/bin/bw
        owner: root
        group: root
        mode: u=rwx,g=rx,o=rx
      tags: bwcli


- name: Setup ressources
  hosts: ressources
  pre_tasks:
    # Installation serveur de ressources apache
    - name: Création du répertoire des ressources
      ansible.builtin.file:
        path: /data1/httpd/ansible
        state: directory
        owner: root
        group: www-data
        mode: u=rwx,g=rx,o=
      tags: apache

    - name: Définition du compte de service de lecture des ressources
      community.general.htpasswd:
        path: /data1/httpd/ansible.htpasswd
        name: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
        password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
        owner: root
        group: www-data
        mode: u=rw,g=r,o=
      tags: apache
      notify: Restart-apache

    - name: Copie du certificat wildcard libretic
      ansible.builtin.copy:
        src: "/data1/httpd/ansible/libretic/cert/libretic.fr/fullchain.pem"
        dest: "/etc/ssl/certs/libretic.fr.crt"
        remote_src: true
        mode: u=rw,g=r,o=
      tags: apache
      notify: Restart-apache

    - name: Copie de la clé wildcard libretic
      ansible.builtin.copy:
        src: "/data1/httpd/ansible/libretic/cert/libretic.fr/privkey.pem"
        dest: "/etc/ssl/private/libretic.fr.key"
        mode: u=rw,g=r,o=
        remote_src: true
      tags: apache
      notify: Restart-apache

  roles:
    - role: ansible-role-apache
      tags: apache

  handlers:
    - name: Restart-apache
      ansible.builtin.service:
        name: apache2
        state: restarted


- name: Setup rp pour ressources
  hosts: rp_ressources
  roles:
    - role: rp_vhost
      tags: rp_vhost_ressources


- name: Setup rp pour awx
  hosts: rp_awx
  roles:
    - role: rp_vhost
      tags: rp_vhost_awx

- name: Setup k3s
  hosts: awx
  become: false
  roles:
    - role: ansible-role-k3s
      tags: k3s

- name: Setup awx
  hosts: awx
  vars_files:
    - awx.yml
  roles:
    - role: awx
      tags: awx