initial deployment

ansible/configure/fail2ban/configfiles/sshd-default.conf

@@ -0,0 +1,3 @@
+[sshd]
+enabled = true
+bantime = 3600

ansible/configure/fail2ban/protect-sshd.yaml

@@ -0,0 +1,18 @@
+---
+- hosts: all
+  become: yes
+  tasks:
+  - name: install fail2ban
+    apt:
+      name:
+        - fail2ban
+      update_cache: yes
+  - name: copy fail2ban configfiles
+    copy:
+      src: configfiles/debian-sshd-default.conf
+      dest: /etc/fail2ban/jail.d/debian-sshd-default.conf
+  - name: restart fail2ban
+    systemd:
+      state: restarted
+      daemon_reload: yes
+      name: fail2ban

ansible/provisoning/add_public_keys.yaml

@@ -0,0 +1,25 @@
+---
+- hosts: all
+
+  become: yes
+  tasks:
+
+  # Installs public key
+  # --
+  #
+  - name: install public keys
+    ansible.posix.authorized_key:
+      user: "{{ lookup('env','USER') }}"
+      state: present
+      key: "{{ lookup('file', '~/.ssh/ansible_id_rsa.pub') }}"
+
+  # (Optional)
+  # Set all sudoers to no password
+  # --
+  - name: change sudoers file
+    lineinfile:
+      path: /etc/sudoers
+      state: present
+      regexp: '^%sudo'
+      line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+      validate: /usr/sbin/visudo -cf %s

ansible/provisoning/deploy-portainer.yaml

@@ -0,0 +1,26 @@
+---
+- hosts: all
+  
+  tasks:
+
+  # Create Portainer Volume
+  # --
+  # 
+  - name: Create new Volume
+    community.docker.docker_volume:
+      name: portainer_data
+
+  # Deploy Portainer
+  # --
+  #   
+  - name: Deploy Portainer
+    community.docker.docker_container:
+      container_name: portainer
+      image: "docker.io/portainer/portainer-ce"
+      ports:
+        - "8000:8000"
+        - "9000:9000"
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - portainer_data:/data
+      restart_policy: always

ansible/provisoning/ubuntu/install-docker.yaml

@@ -0,0 +1,51 @@
+---
+- hosts: all
+  
+  become: yes
+  tasks:
+
+  # Install Docker
+  # --
+  # 
+  - name: install prerequisites
+    apt:
+      name:
+        - apt-transport-https
+        - ca-certificates 
+        - curl 
+        - gnupg-agent
+        - software-properties-common
+      update_cache: yes
+
+  - name: add apt-key
+    apt_key:
+      url: https://download.docker.com/linux/ubuntu/gpg
+
+  - name: add docker repo
+    apt_repository:
+      repo: deb https://download.docker.com/linux/ubuntu focal stable
+
+  - name: install docker 
+    apt:
+      name: 
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+      update_cache: yes
+
+  - name: add userpermissions
+    shell: "usermod -aG docker {{ lookup('env','USER') }}"
+
+  # Installs Docker SDK
+  # --
+  # 
+  - name: install python package manager
+    apt:
+      name: python3-pip
+  
+  - name: install python sdk
+    become_user: "{{ lookup('env','USER') }}"
+    pip:
+      name:
+        - docker
+        - docker-compose

ansible/provisoning/ubuntu/install-microk8s.yaml

@@ -0,0 +1,19 @@
+---
+- hosts: all
+  
+  become: yes
+  tasks:
+  
+  # Installs Microk8s
+  # --
+  #
+  - name: install microk8s
+    snap:
+      classic: yes
+      name: microk8s
+
+  # Sets User Permissions  
+  # --
+  #
+  - name: add userpermissions
+    shell: "usermod -aG microk8s {{ lookup('env','USER') }}"

ansible/provisoning/ubuntu/install-wireguard.yaml

@@ -0,0 +1,17 @@
+---
+- hosts: all
+  
+  become: yes
+
+  tasks:
+    - name: Install WireGuard
+      apt:
+        name: wireguard
+        update_cache: yes
+
+    - name: Generate Private and Public Key Pair
+      shell: |
+        wg genkey | tee privatekey | wg pubkey > publickey
+
+        chmod 0400 privatekey
+        chmod 0400 publickey

test.yaml

@@ -0,0 +1,7 @@
+---
+- hosts: all
+
+  tasks:
+
+  - name: checks
+    shell: echo {{ lookup('env','USER') }}