diff options
Diffstat (limited to 'roles/proxy/tasks')
-rw-r--r-- | roles/proxy/tasks/config.yml | 38 | ||||
-rw-r--r-- | roles/proxy/tasks/fw.yml | 19 | ||||
-rw-r--r-- | roles/proxy/tasks/main.yml | 7 | ||||
-rw-r--r-- | roles/proxy/tasks/pkgs.yml | 9 | ||||
-rw-r--r-- | roles/proxy/tasks/services.yml | 14 |
5 files changed, 87 insertions, 0 deletions
diff --git a/roles/proxy/tasks/config.yml b/roles/proxy/tasks/config.yml new file mode 100644 index 0000000..09d3767 --- /dev/null +++ b/roles/proxy/tasks/config.yml @@ -0,0 +1,38 @@ +- name: Configuration de squid + template: src=squid.conf.j2 dest=/etc/squid/squid.conf + owner=root + group=squid + mode=640 + notify: restart squid + +- name: Installation de l'unité systemd + copy: + src: squid.service + dest: /etc/systemd/system/ + owner: root + group: root + mode: 0644 + notify: reload systemd + +# à voir pour restarter tous les services impactés si un changement +# est détecté +# ou bien mettre des tâches d'update de cert LE dans les rôles correspondants +# aux services impactés (get file non-fatal) +- name: Installation des fichiers certificat + copy: + src: "certs/{{ item }}" + dest: /etc/pki/tls/certs/ + owner: root + group: root + mode: 0644 + with_items: + - "casperlefantom.{{ crtversion }}.crt" + - dhparam-4096.pem + +- name: Installation des fichiers clé + copy: + src: "certs/casperlefantom.{{ crtversion }}.key" + dest: /etc/pki/tls/private/ + owner: 0990 + group: root + mode: 0440 diff --git a/roles/proxy/tasks/fw.yml b/roles/proxy/tasks/fw.yml new file mode 100644 index 0000000..eef417a --- /dev/null +++ b/roles/proxy/tasks/fw.yml @@ -0,0 +1,19 @@ +- name: Ouverture des ports principaux dans Firewalld + firewalld: + port: "{{ item }}/tcp" + permanent: true + state: enabled + immediate: true + with_items: + - "{{ revport }}" + - "{{ revports }}" + +- name: Ouverture des ports auxiliaires Firewalld + firewalld: + port: "{{ item }}/tcp" + permanent: true + state: enabled + immediate: true + with_items: + - "{{ auxport }}" + when: auxport is defined diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml new file mode 100644 index 0000000..41f3f61 --- /dev/null +++ b/roles/proxy/tasks/main.yml @@ -0,0 +1,7 @@ +- name: Loading hidden variables + include_vars: email.yml + +- import_tasks: pkgs.yml +- import_tasks: config.yml +- import_tasks: fw.yml +- import_tasks: services.yml diff --git a/roles/proxy/tasks/pkgs.yml b/roles/proxy/tasks/pkgs.yml new file mode 100644 index 0000000..036721c --- /dev/null +++ b/roles/proxy/tasks/pkgs.yml @@ -0,0 +1,9 @@ +- name: Installation de squid + package: + name: squid + state: present + +- name: Installation de cockpit + package: + name: cockpit + state: present diff --git a/roles/proxy/tasks/services.yml b/roles/proxy/tasks/services.yml new file mode 100644 index 0000000..240ceee --- /dev/null +++ b/roles/proxy/tasks/services.yml @@ -0,0 +1,14 @@ +- name: Activation et démarrage du service squid + service: + name: squid + state: started + enabled: yes + +- name: Activation et démarrage du service cockpit + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: + - cockpit.service + - cockpit.socket |