mike
/
ansible-debian


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
							---
- hosts: all
  become: true
  tasks:
#    - name: Update Server
#      apt:
#        upgrade: true
#        update-cache: true
#        cache_valid_time: 3600

    - name: Install Core Server Utils
      apt:
        pkg:
          - curl
          - python3
          - ufw
          - samba
          - smbclient
          - cifs-utils
          - apt-transport-https
          - ca-certificates
          - curl
          - software-properties-common
          - python3-pip
          - virtualenv
          - python3-setuptools
          - rsync

        state: present
#        update_cache: true
        cache_valid_time: 3600

    - name: Add Docker GPG apt Key
      apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
        state: present

    - name: Add Docker Repository
      apt_repository:
        repo: deb https://download.docker.com/linux/ubuntu focal stable
        state: present

    - name: Update apt and install docker-ce
      apt:
        name:
          - docker-ce
          - containerd.io
          - docker-compose
        state: latest
#        update_cache: true
#
#    - name: Install Docker Containers
#      community.docker.docker_container:
#        name: portainer
#        image: portainer/portainer-ce

    - name: Create Portainer Directory
      file:
        path: /home/mike/docker/portainer
        state: directory
      become_user: mike

    - name: Create UFW directory
      file:
        path: /home/mike/ufw/applications.d
        state: directory
      become_user: mike

    - name: Sync Portainer docker-compose file
      synchronize:
        src: docker-compose.yml
        dest: /home/mike/docker/portainer
      become_user: mike

    - name: Install UFW config files
      synchronize:
        src: TG-portainer
        dest: /home/mike/ufw/applications.d
      become_user: mike

    - name: Move UFW files to proper directory
      command: mv /home/mike/ufw/applications.d/TG-portainer /etc/ufw/applications.d/TG-portainer
       ### Need to change ownership to root ###

    - name: Start Portainer
      docker_compose:
        project_src: /home/mike/docker/portainer
        state: present

    - name: Configure UFW - allow OpenSSH, samba, and TG-portainer
      ufw:
        rule: allow
        name: "{{ item }}"
      with_items:
        - OpenSSH
        - samba
        - TG-portainer

    - name: Configure UFW - delete default allow 22
      ufw:
        rule: allow
        port: 22
        proto: tcp
        delete: yes

    - name: Configure UFW - deny all else
      ufw:
        state: enabled
        policy: deny