add docker to common setup
This commit is contained in:
parent
807637e9a4
commit
365641c4b5
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
**/*.swp
|
||||||
|
*.swp
|
||||||
14
roles/common/files/docker-compose@.service
Normal file
14
roles/common/files/docker-compose@.service
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=%i service with docker compose
|
||||||
|
Requires=docker.service
|
||||||
|
After=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=true
|
||||||
|
WorkingDirectory=/etc/docker/compose/%i
|
||||||
|
ExecStart=/usr/bin/docker-compose up -d --remove-orphans
|
||||||
|
ExecStop=/usr/bin/docker-compose down
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@ -1,15 +1,59 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
# apt cache
|
# docker
|
||||||
- name: update apt cache
|
- name: install dependencies
|
||||||
ansible.builtin.apt:
|
apt:
|
||||||
|
name:
|
||||||
|
- apt-transport-https
|
||||||
|
- ca-certificates
|
||||||
|
- curl
|
||||||
|
- gnupg-agent
|
||||||
|
- software-properties-common
|
||||||
|
state: latest
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
cache_valid_time: 3600
|
|
||||||
|
- name: docker GPG key
|
||||||
|
apt_key:
|
||||||
|
url: https://download.docker.com/linux/debian/gpg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: repository docker
|
||||||
|
apt_repository:
|
||||||
|
repo: deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: install docker
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: enable docker
|
||||||
|
service: name=docker state=restarted enabled=yes
|
||||||
|
|
||||||
|
- name: copy docker-compose@.service
|
||||||
|
copy:
|
||||||
|
src: ../files/docker-compose@.service
|
||||||
|
dest: /etc/systemd/system/docker-compose@.service
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
|
||||||
|
- name: ensure /etc/docker/compose exist
|
||||||
|
file:
|
||||||
|
path: /etc/docker/compose
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
# SSH
|
# SSH
|
||||||
- name: Copy sshd_config
|
- name: Copy sshd_config
|
||||||
copy:
|
copy:
|
||||||
src: ../templates/sshd_config
|
src: ../files/sshd_config
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
@ -37,7 +81,7 @@
|
|||||||
|
|
||||||
- name: Copy jail.conf
|
- name: Copy jail.conf
|
||||||
copy:
|
copy:
|
||||||
src: ../templates/jail.conf
|
src: ../files/jail.conf
|
||||||
dest: /etc/fail2ban/jail.conf
|
dest: /etc/fail2ban/jail.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user