debian.ansible.webmin.server/webmin.yml

- name: Webmin setup
  hosts: tor-nas.dedyn.io
  tasks:

    - name: Add webmin Apt signing key
      ansible.builtin.apt_key:
        url: https://download.webmin.com/jcameron-key.asc
        state: present

    - name: Add webmin repository
      ansible.builtin.apt_repository:
        repo: deb https://download.webmin.com/download/repository sarge contrib
        state: present
        filename: webmin

    - name: Install webmin
      apt:
        name:
          - libauthen-oath-perl
          - webmin
        update_cache: no
        install_recommends: no

    - name: /etc/webmin/miniserv.conf ssl
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^ssl\=1$'
        line: 'ssl=0'
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf redirect_host
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^redirect_host\=.*$'
        line: "redirect_host=webmin.{{inventory_hostname}}"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf redirect_port
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^redirect_port\=.*$'
        line: "redirect_port=443"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf redirect_port
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^redirect_ssl\=.*$'
        line: "redirect_ssl=1"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf trust_real_ip
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        line: "trust_real_ip=1"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/config referers
      ansible.builtin.lineinfile:
        path: /etc/webmin/config
        regexp: '^referers='
        line: "referers=webmin.{{inventory_hostname}}"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/rootpwfromadm.sh
      blockinfile:
        path: /etc/webmin/rootpwfromadm.sh
        create: yes
        mode: 0400
        owner: root
        group: root
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          grep ^tor-nasadm: /etc/shadow >/etc/webmin/miniserv.users
          sed -i "s/^{{ ansible_facts['hostname'] }}adm/root/" /etc/webmin/miniserv.users
          echo done >/etc/webmin/rootpwfromadm.sh.done
        backup: yes
      notify:
      - Restart webmin

    - name: Set initial Webin-internal-Root Passwort from admin User
      ansible.builtin.shell: bash /etc/webmin/rootpwfromadm.sh
      args:
        chdir: /home/docker/nextcloud.{{inventory_hostname}}
        creates: /etc/webmin/rootpwfromadm.sh.done

    - name: /home/docker/traefik/providers/webmin.yml Webmin<->Traefik provider
      blockinfile:
        path: /home/docker/traefik/providers/webmin.yml
        create: yes
        mode: 0444
        owner: root
        group: docker
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          http:
            routers:
              webmin:
                rule: "Host(`webmin.{{inventory_hostname}}`)"
                service: webmin
                entryPoints:
                  - "https"
                tls:
                  certresolver:
                    - "letsencrypt"
                middlewares: secHeaders@file
            services:
              webmin:
                loadBalancer:
                  servers:
                    - url: "http://192.168.41.1:10000"

  handlers:

    - name: Restart webmin
      service:
        name: webmin
        state: restarted
first commit 2022-07-10 10:51:15 +02:00			`- name: Webmin setup`
			`hosts: tor-nas.dedyn.io`
			`tasks:`

			`- name: Add webmin Apt signing key`
			`ansible.builtin.apt_key:`
			`url: https://download.webmin.com/jcameron-key.asc`
			`state: present`

			`- name: Add webmin repository`
			`ansible.builtin.apt_repository:`
			`repo: deb https://download.webmin.com/download/repository sarge contrib`
			`state: present`
			`filename: webmin`

			`- name: Install webmin`
			`apt:`
			`name:`
			`- libauthen-oath-perl`
			`- webmin`
			`update_cache: no`
			`install_recommends: no`

			`- name: /etc/webmin/miniserv.conf ssl`
			`ansible.builtin.lineinfile:`
			`path: /etc/webmin/miniserv.conf`
			`regexp: '^ssl\=1$'`
			`line: 'ssl=0'`
			`backup: yes`
			`notify:`
			`- Restart webmin`

			`- name: /etc/webmin/miniserv.conf redirect_host`
			`ansible.builtin.lineinfile:`
			`path: /etc/webmin/miniserv.conf`
			`regexp: '^redirect_host\=.*$'`
			`line: "redirect_host=webmin.{{inventory_hostname}}"`
			`backup: yes`
			`notify:`
			`- Restart webmin`

			`- name: /etc/webmin/miniserv.conf redirect_port`
			`ansible.builtin.lineinfile:`
			`path: /etc/webmin/miniserv.conf`
			`regexp: '^redirect_port\=.*$'`
			`line: "redirect_port=443"`
			`backup: yes`
			`notify:`
			`- Restart webmin`

			`- name: /etc/webmin/miniserv.conf redirect_port`
			`ansible.builtin.lineinfile:`
			`path: /etc/webmin/miniserv.conf`
			`regexp: '^redirect_ssl\=.*$'`
			`line: "redirect_ssl=1"`
			`backup: yes`
			`notify:`
			`- Restart webmin`

			`- name: /etc/webmin/miniserv.conf trust_real_ip`
			`ansible.builtin.lineinfile:`
			`path: /etc/webmin/miniserv.conf`
			`line: "trust_real_ip=1"`
			`backup: yes`
			`notify:`
			`- Restart webmin`

			`- name: /etc/webmin/config referers`
			`ansible.builtin.lineinfile:`
			`path: /etc/webmin/config`
			`regexp: '^referers='`
			`line: "referers=webmin.{{inventory_hostname}}"`
			`backup: yes`
			`notify:`
			`- Restart webmin`

			`- name: /etc/webmin/rootpwfromadm.sh`
			`blockinfile:`
			`path: /etc/webmin/rootpwfromadm.sh`
			`create: yes`
			`mode: 0400`
			`owner: root`
			`group: root`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`grep ^tor-nasadm: /etc/shadow >/etc/webmin/miniserv.users`
			`sed -i "s/^{{ ansible_facts['hostname'] }}adm/root/" /etc/webmin/miniserv.users`
			`echo done >/etc/webmin/rootpwfromadm.sh.done`
			`backup: yes`
			`notify:`
			`- Restart webmin`

			`- name: Set initial Webin-internal-Root Passwort from admin User`
			`ansible.builtin.shell: bash /etc/webmin/rootpwfromadm.sh`
			`args:`
			`chdir: /home/docker/nextcloud.{{inventory_hostname}}`
			`creates: /etc/webmin/rootpwfromadm.sh.done`

			`- name: /home/docker/traefik/providers/webmin.yml Webmin<->Traefik provider`
			`blockinfile:`
			`path: /home/docker/traefik/providers/webmin.yml`
			`create: yes`
			`mode: 0444`
			`owner: root`
			`group: docker`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`http:`
			`routers:`
			`webmin:`
			rule: "Host(`webmin.{{inventory_hostname}}`)"
			`service: webmin`
			`entryPoints:`
			`- "https"`
			`tls:`
			`certresolver:`
			`- "letsencrypt"`
			`middlewares: secHeaders@file`
			`services:`
			`webmin:`
			`loadBalancer:`
			`servers:`
			`- url: "http://192.168.41.1:10000"`

			`handlers:`

			`- name: Restart webmin`
			`service:`
			`name: webmin`
			`state: restarted`