From 1ae188aec1fabcefb57feb303c1e836019dde381 Mon Sep 17 00:00:00 2001
From: Giancarlo Razzolini <grazzolini@archlinux.org>
Date: Thu, 24 Dec 2020 16:29:36 -0300
Subject: [PATCH] playbooks/security.archlinux.org: Add a playbook for
 security.archlinux.org

Based on the apollo playbook, add the roles needed for the security tracker to run.
---
 playbooks/security.archlinux.org.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 playbooks/security.archlinux.org.yml

diff --git a/playbooks/security.archlinux.org.yml b/playbooks/security.archlinux.org.yml
new file mode 100644
index 000000000..30a57e268
--- /dev/null
+++ b/playbooks/security.archlinux.org.yml
@@ -0,0 +1,22 @@
+---
+
+- name: setup security.archlinux.org
+  hosts: security.archlinux.org
+  remote_user: root
+  roles:
+    - { role: common }
+    - { role: tools }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: borg_client, tags: ["borg"] }
+    - { role: certbot }
+    - { role: nginx }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
+    - { role: sudo }
+    - { role: uwsgi }
+    - role: security_tracker
+      security_tracker_domain: "security.archlinux.org"
+      security_tracker_nginx_conf: '/etc/nginx/nginx.d/security-tracker.conf'
+      security_tracker_dir: "/srv/http/security-tracker"
+    - { role: fail2ban }
+    - { role: prometheus_exporters }
-- 
GitLab