Add Tasks to repo

tasks.yml

@@ -0,0 +1,31 @@
+---
+- name: "Tasks"
+  hosts: all
+  module_defaults:
+    ansible.builtin.gather_facts:
+        gather_timeout: 10
+
+  tasks:
+    - name: "Installer"
+      import_tasks: tasks/installer.yml
+      vars:
+        ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      tags:
+        - installer
+        - never
+
+    - name: "Maintenance"
+      import_tasks: tasks/maintenance.yml
+      vars:
+        ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      tags:
+        - maintenance
+        - never
+
+    - name: "Deployer"
+      import_tasks: tasks/deployer.yml
+      vars:
+        ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      tags:
+        - deployer
+        - never

tasks/deployer.yml

@@ -0,0 +1,56 @@
+---
+- name: "Deployer - Nginx - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "~/data/nginx/"
+    state: directory
+  tags:
+    - nginx
+
+- name: "Deployer - Nginx - Configure - Create Subfolders"
+  ansible.builtin.file:
+    dest: '~/data/nginx/{{ item.path }}'
+    state: directory
+  with_filetree: './files/nginx/'
+  loop_control:
+    label: "{{ item.path }}"
+    when:
+     - item.state == 'directory'
+  tags:
+    - nginx
+
+ - name: "Deployer - Nginx - Configure - Generating & Transferring Files"
+   ansible.builtin.template:
+     src: '{{ item.src }}'
+     dest: '~/data/nginx/{{ item.path }}'
+   with_filetree: './files/nginx/'
+   loop_control:
+     label: "{{ item.path }}"
+   when:
+     - item.state == 'file'
+   tags:
+     - nginx
+
+ - name: "Deployer - Nginx - Pull Image"
+   containers.podman.podman_image:
+     name: docker.io/library/nginx
+     tag: latest
+     force: true
+   register: deployerTask3
+
+- name: "Deployer - Nginx - Run Container"
+  containers.podman.podman_container:
+    name: nginx
+    image: docker.io/library/nginx:latest
+    state: started
+    recreate: on
+    network: host
+    volumes:
+      - "{{ ansible_facts.user_dir }}/data/nginx/index.html:/usr/share/nginx/html/index.html:ro"
+      - "{{ ansible_facts.user_dir }}/data/nginx/config.conf:/etc/nginx/nginx.conf:ro"
+      - "{{ ansible_facts.user_dir }}/data/nginx/conf/:/etc/nginx/conf.d/:ro"
+      - "{{ ansible_facts.user_dir }}/data/certs/:/etc/nginx/certs/:ro"
+    restart_policy: always
+  when:
+    - (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined
+  tags:
+    - nginx

tasks/installer.yml

@@ -0,0 +1,129 @@
+---
+- name: "Installer : Tools : Install"
+  ansible.builtin.apt:
+    name: "{{ package }}"
+    state: latest
+  vars:
+    packages:
+      - git
+      - rsync
+      - unzip
+      - nano
+      - tar
+      - gnupg
+      - screen
+      - jq
+      - sudo
+      - pkg-config
+      - etckeeper
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
+
+- name: "Installer : FirewallD : Dependencies - Packages"
+  ansible.builtin.apt:
+    name:
+      - python3-firewall
+      - iptables
+    state: latest
+
+- name: "Installer : FirewallD : Install"
+  ansible.builtin.apt:
+    name: "firewalld"
+    state: latest
+
+- name: "Installer : FirewallD : Start"
+  ansible.builtin.systemd_service:
+    name: firewalld
+    state: started
+    enabled: true
+
+- name: "Installer - Ansible - Python Library"
+  ansible.builtin.pip:
+    name: ansible
+    state: latest
+    extra_args: --upgrade
+    virtualenv: ~/.venv/ansible
+    virtualenv_command: "python3 -m venv"
+  tags:
+    - ansible
+
+- name: "Installer : Ansible : Create Folder"
+  ansible.builtin.file:
+    path: ~/bin
+    state: directory
+  tags:
+    - ansible
+
+- name: "Installer : Ansible : Create Symbolic Links"
+  ansible.builtin.file:
+    src: ~/.venv/ansible/bin/{{ binary }}
+    dest: ~/bin/{{ binary }}
+    state: link
+  vars:
+    binaries:
+      - ansible
+      - ansible-community
+      - ansible-config
+      - ansible-console
+      - ansible-doc
+      - ansible-galaxy
+      - ansible-inventory
+      - ansible-playbook
+      - ansible-pull
+      - ansible-test
+      - ansible-vault
+  loop: "{{ binaries }}"
+  loop_control:
+    label: "{{ binary }}"
+    loop_var: "binary"
+  tags:
+    - ansible
+
+- name: "Installer - Ansible - Dependencies / Python Libraries"
+  ansible.builtin.pip:
+    name: "{{ library }}"
+    state: latest
+    extra_args: --upgrade
+    virtualenv: ~/.venv/ansible
+    virtualenv_command: "python3 -m venv"
+  vars:
+    libraries:
+      - cryptography
+      - dnspython
+      - hvac
+      - jmespath
+      - netaddr
+      - pexpect
+  loop: "{{ libraries }}"
+  loop_control:
+    label: "{{ library }}"
+    loop_var: "library"
+
+- name: "Installer : MariaDB : Dependencies / Python Library : pymysql"
+  ansible.builtin.pip:
+    name: pymysql
+    state: latest
+    extra_args: --upgrade
+    virtualenv: ~/.venv/ansible
+    virtualenv_command: "python3 -m venv"
+  tags:
+    - mariadb
+
+- name: "Installer : Schedule : Maintenance"
+  ansible.builtin.cron:
+    name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
+    hour: "*/3"
+    minute: "0"
+    job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas.yml tasks.yml -t maintenance"
+  tags:
+    - cron
+
+- name: "Installer : Schedule : Deployer"
+  ansible.builtin.cron:
+    name: "PVJJK 1.VOS TJAS - Infra - Deployer"
+    minute: "*/5"
+    job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas.yml tasks.yml -t deployer"
+  tags:
+    - cron

tasks/maintenance.yml

@@ -0,0 +1,44 @@
+---
+- name: "Installer - Ansible - Dependencies / Python Libraries"
+  ansible.builtin.pip:
+    name: "{{ library }}"
+    state: latest
+    extra_args: --upgrade
+    virtualenv: ~/.venv/ansible
+    virtualenv_command: "python3 -m venv"
+  vars:
+    libraries:
+      - cryptography
+      - dnspython
+      - hvac
+      - jmespath
+      - netaddr
+      - pexpect
+  loop: "{{ libraries }}"
+  loop_control:
+    label: "{{ library }}"
+    loop_var: "library"
+
+- name: "Maintenance : Ansible : Update"
+  ansible.builtin.pip:
+    name: ansible
+    state: latest
+    extra_args: --upgrade
+    virtualenv: ~/.venv/ansible
+    virtualenv_command: "python3 -m venv"
+
+- name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
+  ansible.builtin.pip:
+    name: pymysql
+    state: latest
+    extra_args: --upgrade
+    virtualenv: ~/.venv/ansible
+    virtualenv_command: "python3 -m venv"
+
+- name: "Maintenance : Podman : Prune"
+  containers.podman.podman_prune:
+    container: yes
+    image: yes
+    image_filters:
+        dangling_only: no
+    volume: yes