From 0ea81cf7c2850f0da2ee7f9c785e50d7eed561c7 Mon Sep 17 00:00:00 2001 From: xcad2k <28359525+xcad2k@users.noreply.github.com> Date: Fri, 11 Jun 2021 15:01:45 +0200 Subject: [PATCH] initial deployment --- .../fail2ban/configfiles/sshd-default.conf | 3 ++ ansible/configure/fail2ban/protect-sshd.yaml | 18 +++++++ ansible/provisoning/add_public_keys.yaml | 25 +++++++++ .../provisoning/centos/install-podman.yaml | 0 ansible/provisoning/deploy-portainer.yaml | 26 ++++++++++ .../provisoning/ubuntu/install-docker.yaml | 51 +++++++++++++++++++ .../provisoning/ubuntu/install-microk8s.yaml | 19 +++++++ .../provisoning/ubuntu/install-wireguard.yaml | 17 +++++++ test.yaml | 7 +++ 9 files changed, 166 insertions(+) create mode 100644 ansible/configure/fail2ban/configfiles/sshd-default.conf create mode 100644 ansible/configure/fail2ban/protect-sshd.yaml create mode 100644 ansible/provisoning/add_public_keys.yaml create mode 100644 ansible/provisoning/centos/install-podman.yaml create mode 100644 ansible/provisoning/deploy-portainer.yaml create mode 100644 ansible/provisoning/ubuntu/install-docker.yaml create mode 100644 ansible/provisoning/ubuntu/install-microk8s.yaml create mode 100644 ansible/provisoning/ubuntu/install-wireguard.yaml create mode 100644 test.yaml diff --git a/ansible/configure/fail2ban/configfiles/sshd-default.conf b/ansible/configure/fail2ban/configfiles/sshd-default.conf new file mode 100644 index 0000000..597085a --- /dev/null +++ b/ansible/configure/fail2ban/configfiles/sshd-default.conf @@ -0,0 +1,3 @@ +[sshd] +enabled = true +bantime = 3600 \ No newline at end of file diff --git a/ansible/configure/fail2ban/protect-sshd.yaml b/ansible/configure/fail2ban/protect-sshd.yaml new file mode 100644 index 0000000..2ef2f48 --- /dev/null +++ b/ansible/configure/fail2ban/protect-sshd.yaml @@ -0,0 +1,18 @@ +--- +- hosts: all + become: yes + tasks: + - name: install fail2ban + apt: + name: + - fail2ban + update_cache: yes + - name: copy fail2ban configfiles + copy: + src: configfiles/debian-sshd-default.conf + dest: /etc/fail2ban/jail.d/debian-sshd-default.conf + - name: restart fail2ban + systemd: + state: restarted + daemon_reload: yes + name: fail2ban \ No newline at end of file diff --git a/ansible/provisoning/add_public_keys.yaml b/ansible/provisoning/add_public_keys.yaml new file mode 100644 index 0000000..d15aafe --- /dev/null +++ b/ansible/provisoning/add_public_keys.yaml @@ -0,0 +1,25 @@ +--- +- hosts: all + + become: yes + tasks: + + # Installs public key + # -- + # + - name: install public keys + ansible.posix.authorized_key: + user: "{{ lookup('env','USER') }}" + state: present + key: "{{ lookup('file', '~/.ssh/ansible_id_rsa.pub') }}" + + # (Optional) + # Set all sudoers to no password + # -- + - name: change sudoers file + lineinfile: + path: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL) NOPASSWD: ALL' + validate: /usr/sbin/visudo -cf %s diff --git a/ansible/provisoning/centos/install-podman.yaml b/ansible/provisoning/centos/install-podman.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/provisoning/deploy-portainer.yaml b/ansible/provisoning/deploy-portainer.yaml new file mode 100644 index 0000000..20e5b0c --- /dev/null +++ b/ansible/provisoning/deploy-portainer.yaml @@ -0,0 +1,26 @@ +--- +- hosts: all + + tasks: + + # Create Portainer Volume + # -- + # + - name: Create new Volume + community.docker.docker_volume: + name: portainer_data + + # Deploy Portainer + # -- + # + - name: Deploy Portainer + community.docker.docker_container: + container_name: portainer + image: "docker.io/portainer/portainer-ce" + ports: + - "8000:8000" + - "9000:9000" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + restart_policy: always \ No newline at end of file diff --git a/ansible/provisoning/ubuntu/install-docker.yaml b/ansible/provisoning/ubuntu/install-docker.yaml new file mode 100644 index 0000000..808bdf4 --- /dev/null +++ b/ansible/provisoning/ubuntu/install-docker.yaml @@ -0,0 +1,51 @@ +--- +- hosts: all + + become: yes + tasks: + + # Install Docker + # -- + # + - name: install prerequisites + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + update_cache: yes + + - name: add apt-key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + + - name: add docker repo + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu focal stable + + - name: install docker + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + update_cache: yes + + - name: add userpermissions + shell: "usermod -aG docker {{ lookup('env','USER') }}" + + # Installs Docker SDK + # -- + # + - name: install python package manager + apt: + name: python3-pip + + - name: install python sdk + become_user: "{{ lookup('env','USER') }}" + pip: + name: + - docker + - docker-compose diff --git a/ansible/provisoning/ubuntu/install-microk8s.yaml b/ansible/provisoning/ubuntu/install-microk8s.yaml new file mode 100644 index 0000000..2fe9527 --- /dev/null +++ b/ansible/provisoning/ubuntu/install-microk8s.yaml @@ -0,0 +1,19 @@ +--- +- hosts: all + + become: yes + tasks: + + # Installs Microk8s + # -- + # + - name: install microk8s + snap: + classic: yes + name: microk8s + + # Sets User Permissions + # -- + # + - name: add userpermissions + shell: "usermod -aG microk8s {{ lookup('env','USER') }}" diff --git a/ansible/provisoning/ubuntu/install-wireguard.yaml b/ansible/provisoning/ubuntu/install-wireguard.yaml new file mode 100644 index 0000000..4884a7c --- /dev/null +++ b/ansible/provisoning/ubuntu/install-wireguard.yaml @@ -0,0 +1,17 @@ +--- +- hosts: all + + become: yes + + tasks: + - name: Install WireGuard + apt: + name: wireguard + update_cache: yes + + - name: Generate Private and Public Key Pair + shell: | + wg genkey | tee privatekey | wg pubkey > publickey + + chmod 0400 privatekey + chmod 0400 publickey diff --git a/test.yaml b/test.yaml new file mode 100644 index 0000000..8915151 --- /dev/null +++ b/test.yaml @@ -0,0 +1,7 @@ +--- +- hosts: all + + tasks: + + - name: checks + shell: echo {{ lookup('env','USER') }} \ No newline at end of file