| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 |
- ---
- - hosts: all
- user: mike
- become: true
- tasks:
- # - name: Update Server
- # apt:
- # upgrade: true
- # update-cache: true
- # cache_valid_time: 3600
- - name: Make users passwordless for sudo in group mike
- lineinfile:
- path: /etc/sudoers
- state: present
- regexp: '^%sudo'
- line: '%sudo ALL=(ALL) NOPASSWD: ALL'
- validate: 'visudo -cf %s'
- - name: Install Core Server Utils
- apt:
- pkg:
- - curl
- - python3
- - ufw
- - samba
- - smbclient
- - cifs-utils
- - apt-transport-https
- - ca-certificates
- - curl
- - software-properties-common
- - python3-pip
- - virtualenv
- - python3-setuptools
- - rsync
- state: present
- # update_cache: true
- cache_valid_time: 3600
- - name: Add Docker GPG apt Key
- apt_key:
- url: https://download.docker.com/linux/ubuntu/gpg
- state: present
- - name: Add Docker Repository
- apt_repository:
- repo: deb https://download.docker.com/linux/ubuntu focal stable
- state: present
- - name: Update apt and install docker-ce
- apt:
- name:
- - docker-ce
- - containerd.io
- - docker-compose
- state: latest
- update_cache: true
- - name: Add user to docker group
- user:
- name: "{{ansible_user}}"
- group: docker
-
- - name: Install Docker Containers
- community.docker.docker_container:
- name: portainer
- image: portainer/portainer-ce
- # - name: Create Portainer Directory
- # file:
- # path: /home/mike/docker/portainer
- # state: directory
- # become_user: mike
- - name: Create UFW directory
- file:
- path: /home/mike/ufw/applications.d
- state: directory
- become_user: mike
- # - name: Sync Portainer docker-compose file
- # synchronize:
- # src: /home/mike/Software/ansible-debian/portainer/docker-compose.yml
- # dest: /home/mike/docker/portainer
- # become_user: mike
- - name: Install UFW config files
- synchronize:
- src: /home/mike/Software/ansible-debian/ufw/applications.d/TG-portainer
- dest: /home/mike/ufw/applications.d
- become_user: mike
- # - name: Move UFW files to proper directory
- # command: mv /home/mike/ufw/applications.d/TG-portainer /etc/ufw/applications.d/TG-portainer
- - name: Set ownership of UFW files to root
- file: dest=/etc/ufw/applications.d owner=root group=root recurse=yes
- ### Need to change ownership to root ###
- ### THIS DOES NOT WORK!
- ### IF RUN IN THIS SCRIPT, THIS CONTAINER IS started as 'mike' and cannot view /var/run/docker.sock
- ### if run alone (with --tags portainer) it works.
- # - name: Start Portainer
- # docker_compose:
- # project_src: /home/mike/docker/portainer
- # state: present
- # become: yes
- # become_method: sudo
- # tags: portainer
- - name: Configure UFW - allow OpenSSH, samba, and TG-portainer
- ufw:
- rule: allow
- name: "{{ item }}"
- with_items:
- - OpenSSH
- - samba
- # - TG-portainer
- # - name: Configure UFW - delete default allow 22
- # ufw:
- # rule: allow
- # port: 22
- # proto: tcp
- # delete: yes
- - name: Configure UFW - deny all else
- ufw:
- state: enabled
- policy: deny
|
