debian.ansible.webmin.server/webmin.yml

- name: Webmin setup
  hosts: tor-nas.dedyn.io
  tasks:

    - name: Add webmin Apt signing key
      ansible.builtin.apt_key:
        url: https://download.webmin.com/developers-key.asc
        state: present

    - name: Add webmin repository
      ansible.builtin.apt_repository:
        repo: deb [signed-by=/usr/share/keyrings/debian-webmin-developers.gpg] https://download.webmin.com/download/newkey/repository stable contrib
        state: present
        filename: webmin

    - name: Install webmin
      apt:
        name:
          - libauthen-oath-perl
          - webmin
        update_cache: no
        install_recommends: no

    - name: /etc/webmin/miniserv.conf ssl
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^ssl\=1$'
        line: 'ssl=0'
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf redirect_host
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^redirect_host\=.*$'
        line: "redirect_host=webmin.{{inventory_hostname}}"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf redirect_port
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^redirect_port\=.*$'
        line: "redirect_port=443"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf redirect_port
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        regexp: '^redirect_ssl\=.*$'
        line: "redirect_ssl=1"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/miniserv.conf trust_real_ip
      ansible.builtin.lineinfile:
        path: /etc/webmin/miniserv.conf
        line: "trust_real_ip=1"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/config referers
      ansible.builtin.lineinfile:
        path: /etc/webmin/config
        regexp: '^referers='
        line: "referers=webmin.{{inventory_hostname}}"
        backup: yes
      notify:
      - Restart webmin

    - name: /etc/webmin/rootpwfromadm.sh
      blockinfile:
        path: /etc/webmin/rootpwfromadm.sh
        create: yes
        mode: 0400
        owner: root
        group: root
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          grep ^tor-nasadm: /etc/shadow >/etc/webmin/miniserv.users
          sed -i "s/^{{ ansible_facts['hostname'] }}adm/root/" /etc/webmin/miniserv.users
          echo done >/etc/webmin/rootpwfromadm.sh.done          
        backup: yes
      notify:
      - Restart webmin

    - name: Set initial Webin-internal-Root Passwort from admin User
      ansible.builtin.shell: bash /etc/webmin/rootpwfromadm.sh
      args:
        chdir: /home/docker/nextcloud.{{inventory_hostname}}
        creates: /etc/webmin/rootpwfromadm.sh.done

    - name: /home/docker/traefik/providers/webmin.yml Webmin<->Traefik provider
      blockinfile:
        path: /home/docker/traefik/providers/webmin.yml
        create: yes
        mode: 0444
        owner: root
        group: docker
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          http:
            routers:
              webmin:
                rule: "Host(`webmin.{{inventory_hostname}}`)"
                service: webmin
                entryPoints:
                  - "https"
                tls:
                  certresolver: letsencrypt
                middlewares: secHeaders@file
            services:
              webmin:
                loadBalancer:
                  servers:
                    - url: "http://192.168.41.1:10000"          

  handlers:

    - name: Restart webmin
      service:
        name: webmin
        state: restarted