From 365641c4b502d2c071aa555240692d2020a407a0 Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Wed, 3 Jan 2024 01:03:22 -0500 Subject: [PATCH] add docker to common setup --- .gitignore | 2 + roles/common/files/docker-compose@.service | 14 +++++ roles/common/{templates => files}/jail.conf | 0 roles/common/{templates => files}/sshd_config | 0 roles/common/tasks/main.yml | 56 +++++++++++++++++-- 5 files changed, 66 insertions(+), 6 deletions(-) create mode 100644 .gitignore create mode 100644 roles/common/files/docker-compose@.service rename roles/common/{templates => files}/jail.conf (100%) rename roles/common/{templates => files}/sshd_config (100%) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cfd12ae --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +**/*.swp +*.swp diff --git a/roles/common/files/docker-compose@.service b/roles/common/files/docker-compose@.service new file mode 100644 index 0000000..05ed468 --- /dev/null +++ b/roles/common/files/docker-compose@.service @@ -0,0 +1,14 @@ +[Unit] +Description=%i service with docker compose +Requires=docker.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=true +WorkingDirectory=/etc/docker/compose/%i +ExecStart=/usr/bin/docker-compose up -d --remove-orphans +ExecStop=/usr/bin/docker-compose down + +[Install] +WantedBy=multi-user.target diff --git a/roles/common/templates/jail.conf b/roles/common/files/jail.conf similarity index 100% rename from roles/common/templates/jail.conf rename to roles/common/files/jail.conf diff --git a/roles/common/templates/sshd_config b/roles/common/files/sshd_config similarity index 100% rename from roles/common/templates/sshd_config rename to roles/common/files/sshd_config diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 7c97505..69e9c90 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,15 +1,59 @@ --- -# apt cache -- name: update apt cache - ansible.builtin.apt: +# docker +- name: install dependencies + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + state: latest update_cache: yes - cache_valid_time: 3600 + +- name: docker GPG key + apt_key: + url: https://download.docker.com/linux/debian/gpg + state: present + +- name: repository docker + apt_repository: + repo: deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable + state: present + +- name: install docker + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + state: latest + update_cache: yes + +- name: enable docker + service: name=docker state=restarted enabled=yes + +- name: copy docker-compose@.service + copy: + src: ../files/docker-compose@.service + dest: /etc/systemd/system/docker-compose@.service + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: ensure /etc/docker/compose exist + file: + path: /etc/docker/compose + state: directory + owner: root + group: root + mode: 0700 # SSH - name: Copy sshd_config copy: - src: ../templates/sshd_config + src: ../files/sshd_config dest: /etc/ssh/sshd_config owner: root group: root @@ -37,7 +81,7 @@ - name: Copy jail.conf copy: - src: ../templates/jail.conf + src: ../files/jail.conf dest: /etc/fail2ban/jail.conf owner: root group: root