Commit e5273928 authored by Dorota Czaplejewicz's avatar Dorota Czaplejewicz
Browse files

Finished Jenkins installation

parent 6ab329ba
......@@ -12,7 +12,7 @@ Requires
### Installation
```
$ ansible-galaxy install geerlingguy.jenkins
$ ansible-galaxy install geerlingguy.jenkins geerlingguy.certbot
```
Setup
......
......@@ -2,4 +2,4 @@
- hosts: jenkins
vars:
jenkins_admin_password:
domain_email: # email to the entity managing the domain/server. Sent to Let's Encrypt
---
- import_playbook: configs/jenkins.yml
- hosts: jenkins
user: root
pre_tasks:
- name: Load config
include_vars: configs/jenkins.yml
roles:
- role: geerlingguy.jenkins
jenkins_package_state: latest # allow upgrades
......@@ -13,3 +14,45 @@
java_packages:
- openjdk-8-jre
become: true
- role: geerlingguy.certbot
certbot_certs:
- email: "{{ domain_email }}"
domains:
- "{{ inventory_hostname }}"
certbot_create_if_missing: yes
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- nginx
tasks:
- name: Ensure nginx
apt: name=nginx state=present
notify: Restart nginx
- name: Configure Jenkins proxy
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/sites-available/default
notify: Reload nginx
- name: Close internal Jenkins from external eyes
ufw:
rule: deny
port: 8080
direction: in
dest: any
src: any
proto: tcp
- name: Open HTTP ports
ufw:
rule: allow
port: "{{ item }}"
direction: in
dest: any
src: any
proto: tcp
with_items: ['80', '443']
- name: Make sure nginx is running
systemd: name=nginx state=started enabled=yes
handlers:
- name: Restart nginx
systemd: name=nginx state=restarted
- name: Reload nginx
systemd: name=nginx state=reloaded
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment