Copy over some initial stuff

2022-11-12 12:21:39 +01:00 · 2022-11-12 12:21:39 +01:00 · 18ae3aaf4e
commit 18ae3aaf4e
11 changed files with 210 additions and 0 deletions
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -0,0 +1,53 @@
+---
+- name: Ensure older Docker versions aren't installed.
+  apt:
+    name:
+      - docker
+      - docker-engine
+      - docker.io
+      - containerd
+      - runc
+    state: absent
+
+- name: Install Docker PPA dependencies.
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+      - lsb-release
+    state: present
+
+- name: Add Docker GPG key.
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+
+- name: Add Docker PPA.
+  apt_repository:
+    # https://gist.github.com/rbq/886587980894e98b23d0eee2a1d84933
+    repo: deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+    state: present
+
+- name: Install Docker, docker-compose & cron.
+  apt:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-compose
+      - cron
+    state: present
+
+- name: Ensure Docker is running & enabled.
+  service:
+    name: docker
+    state: started
+    enabled: true
+
+- name: Add Docker prune cronjob.
+  cron:
+    name: Prune the Docker system.
+    hour: 4
+    minute: 0
+    job: docker system prune -f
--- a/roles/init-nfs/handlers/main.yml
+++ b/roles/init-nfs/handlers/main.yml
@ -0,0 +1,7 @@
+---
+- name: export file systems
+  command: exportfs -a
+- name: restart nfs server
+  service:
+    name: nfs-kernel-server
+    state: restarted
--- a/roles/init-nfs/tasks/main.yml
+++ b/roles/init-nfs/tasks/main.yml
@ -0,0 +1,39 @@
+---
+- name: Install NFS server.
+  apt:
+    name: nfs-kernel-server
+    state: present
+
+- name: Create directory to share.
+  file:
+    path: /mnt/data
+    state: directory
+    mode: '755'
+    owner: 1000
+    group: 1000
+
+- name: Create directory structure.
+  file:
+    path: /mnt/data/{{ item }}
+    state: directory
+    mode: '755'
+    owner: 1000
+    group: 1000
+  loop:
+    - portainer/data
+    - podgrab/assets
+    - podgrab/config
+
+- name: Copy over exports file.
+  template:
+    src: exports.j2
+    dest: /etc/exports
+  notify: 
+  - export file systems
+  - restart nfs server
+
+- name: Ensure NFS server is running & enabled.
+  service:
+    name: nfs-kernel-server
+    state: started
+    enabled: yes
--- a/roles/init-nfs/templates/exports.j2
+++ b/roles/init-nfs/templates/exports.j2
@ -0,0 +1 @@
+/mnt/data {{ ansible_host }}/24(rw,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000)
--- a/roles/mount-nfs/tasks/main.yml
+++ b/roles/mount-nfs/tasks/main.yml
@ -0,0 +1,13 @@
+---
+- name: Install NFS client.
+  apt:
+    name: nfs-common
+    state: present
+
+- name: Mount NFS share.
+  ansible.posix.mount:
+    src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data
+    path: /mnt/data
+    fstype: nfs4
+    opts: defaults,user,exec
+    state: mounted
--- a/roles/net-security/tasks/main.yml
+++ b/roles/net-security/tasks/main.yml
@ -0,0 +1,14 @@
+- name: Install fail2ban.
+  apt:
+    name: fail2ban
+    state: present
+
+# TODO add proper fail2ban config
+
+- name: Ensure fail2ban is started & enabled.
+  service:
+    name: fail2ban
+    state: started
+    enabled: true
+
+# TODO install UFW
--- a/roles/replace-python2/tasks/main.yml
+++ b/roles/replace-python2/tasks/main.yml
@ -0,0 +1,19 @@
+---
+- name: 'Install Python 3'
+  apt:
+    name:
+      - python3
+      - python3-pip
+    state: present
+
+- name: 'Remove Python 2.'
+  apt:
+    name:
+      - python
+      - python2
+      - python2.7
+      - python-minimal
+      - python2-minimal
+      - python2.7-minimal
+    state: absent
+    purge: true
				`@ -0,0 +1 @@`
				`/mnt/data {{ ansible_host }}/24(rw,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000)`