- name: httpd installation & preparation
hosts: httpd
become: true
tasks:
- name: httpd installation
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
with_items:
- httpd
- mod_ssl
- name: firewalld - http service enable
ansible.builtin.firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
- name: firewalld - https service enable
ansible.builtin.firewalld:
service: https
permanent: yes
immediate: yes
state: enabled
- name: sites-available directory create
ansible.builtin.file:
path: /etc/httpd/sites-available
state: directory
mode: '0755'
- name: sites-enabled directory create
ansible.builtin.file:
path: /etc/httpd/sites-enabled
state: directory
mode: '0755'
- name: sites-enabled add to the httpd configuration
ansible.builtin.lineinfile:
dest: /etc/httpd/conf/httpd.conf
insertafter: EOF
line: 'Include /etc/httpd/sites-enabled'
state: present
- name: httpd service enable
ansible.builtin.systemd:
name: httpd
enabled: true
- name: httpd service start
ansible.builtin.systemd:
name: httpd
state: started
- name: fail2ban installation & configuration
hosts: httpd
become: true
tasks:
- name: fail2ban installation
ansible.builtin.dnf:
name: fail2ban
state: latest
- name: fail2ban configuration
ansible.builtin.copy:
src: /etc/ansible/templates/fail2ban/sshd.local
dest: /etc/fail2ban/jail.d/sshd.local
owner: root
group: root
mode: "0644"
backup: true
- name: fail2ban httpd configuration
ansible.builtin.copy:
src: /etc/ansible/templates/fail2ban/httpd.local
dest: /etc/fail2ban/jail.d/httpd.local
owner: root
group: root
mode: "0644"
backup: true
- name: fail2ban service enable
ansible.builtin.systemd:
name: fail2ban
enabled: true
- name: fail2ban service restart
ansible.builtin.systemd:
name: fail2ban
state: restarted
- name: php 8.2 installation & configuration
hosts: httpd
become: true
tasks:
- name: php 8.2 installation
ansible.builtin.dnf:
name: '@php:8.2'
state: present
- name: php required modules installation
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
with_items:
- php-cli
- php-curl
- php-gd
- php-imagick
- php-intl
- php-json
- php-ldap
- php-mbstring
- php-mysqlnd
- php-opcache
- php-pecl-apcu
- php-process
- php-redis
- php-soap
- php-sodium
- php-xml
- php-zip
- name: php post_max_size 512M set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^post_max_size ="
line: "post_max_size = 512M"
state: present
- name: php upload_max_filesize 512M set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^upload_max_filesize ="
line: "upload_max_filesize = 512M"
state: present
- name: php max_input_vars 5000 set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^;max_input_vars = 1000"
line: "max_input_vars = 5000"
state: present
- name: php memory_limit 1024 set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^memory_limit"
line: "memory_limit = 1024"
state: present
- name: httpd service restart
ansible.builtin.systemd:
name: httpd
state: restarted
- name: mariadb installation & configuration
hosts: httpd
become: true
tasks:
- name: mariadb 10.11 repository add
ansible.builtin.copy:
src: /etc/ansible/templates/yum.repos.d/mariadb.repo
dest: /etc/yum.repos.d/mariadb.repo
owner: root
group: root
mode: "0644"
- name: autoremove unneeded packages installed as dependencies
ansible.builtin.dnf:
autoremove: yes
- name: update packages
ansible.builtin.dnf:
name: "*"
state: latest
- name: mariadb installation
ansible.builtin.dnf:
name: mariadb-server
state: latest
- name: mariadb service enable
ansible.builtin.systemd:
name: mariadb
enabled: true
- name: mariadb service start
ansible.builtin.systemd:
name: mariadb
state: started
...
