AnyOps/dockerhost
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dockerhost/deploy.yml

111 lines
2.8 KiB
YAML
Raw Normal View History

deploy.yml hinzugefügt
2025-03-10 19:04:20 +01:00
---
install docker
2025-03-10 21:13:19 +01:00
# - hosts: all
# tasks:
# - name: Print message
# debug:
# msg: Hello Ansible World
deploy.yml hinzugefügt
2025-03-10 19:04:20 +01:00
- hosts: all
install docker
2025-03-10 21:13:19 +01:00
become: true
deploy.yml hinzugefügt
2025-03-10 19:04:20 +01:00
tasks:
install docker
2025-03-10 21:13:19 +01:00
## Docker
#
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
apt_repository:
deploy.yml aktualisiert
2025-03-19 18:08:53 +01:00
repo: "deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
install docker
2025-03-10 21:13:19 +01:00
state: present
- name: Update apt and install docker-ce
apt:
name: docker-ce
state: latest
update_cache: true
- name: install pip3
apt:
name: python3-pip
state: latest
ufw docker rules
2025-03-10 21:55:16 +01:00
deploy.yml aktualisiert
2025-03-12 10:42:15 +01:00
- name: Container present test
community.docker.docker_container:
name: ansible_deployed
deploy.yml aktualisiert
2025-03-13 10:44:27 +01:00
state: absent
deploy.yml aktualisiert
2025-03-12 10:42:15 +01:00
deploy.yml aktualisiert
2025-03-13 10:44:27 +01:00
- name: Registry cache
community.docker.docker_container:
name: registry_cache
state: started
restart_policy: unless-stopped
ghcr.io != gcr.io fix
2025-03-13 10:50:50 +01:00
image: mirror.gcr.io/registry:2
deploy.yml aktualisiert
2025-03-13 11:23:14 +01:00
ports:
deploy.yml aktualisiert
2025-03-13 11:16:52 +01:00
- "5000:5000"
deploy.yml aktualisiert
2025-03-13 11:03:08 +01:00
volumes:
- /var/lib/registry:/var/lib/registry
deploy.yml aktualisiert
2025-03-13 10:44:27 +01:00
env:
REGISTRY_PROXY_REMOTEURL: https://registry-1.docker.io
REGISTRY_PROXY_USERNAME: stelb
REGISTRY_PROXY_PASSWORD: "{{ DOCKER_IO_PASSWORD }}"
ufw docker rules
2025-03-10 21:55:16 +01:00
- name: add docker rules to ufw
blockinfile:
path: /etc/ufw/after.rules
marker_begin: BEGIN UFW AND DOCKER
marker_end: END UFW AND DOCKER
state: present
block: "{{ lookup('ansible.builtin.file', 'ufw-docker.rules') }}"
tags:
- ufw
allow OpenSSH
2025-03-12 21:57:34 +01:00
- name: allow OpenSSH
community.general.ufw:
fix OpenSSH
2025-03-12 22:01:57 +01:00
rule: allow
allow OpenSSH
2025-03-12 21:57:34 +01:00
app: OpenSSH
enable ufw
2025-03-12 19:48:29 +01:00
- name: enable ufw
community.general.ufw:
state: enabled
policy: reject
tags:
- ufw
open some ports
2025-03-10 22:39:48 +01:00
- name: open ports
community.general.ufw:
rule: allow
proto: "{{ item[1] }}"
port: "{{ item[0] }}"
route: "{{ item[2] | default(omit) }}"
loop:
- [ 80, 'tcp', true ] # traefik
- [ 443, 'tcp', true ] # traefik
- [ 25, 'tcp', true ] # smtp ntfy
- [ 51820, 'udp', true ] # wireguard
- [ 53, 'udp', true ] # technitium, dns
- [ 53, 'tcp', true ] # technitium, dns
# - [ 1935, 'udp', true ] # owncast
# - [ 1935, 'tcp', true ] # owncast
- [ 2222, 'tcp', true ] # forgejo
- [ 22, 'tcp', true ] # forgejo
tags:
- ufw
- name: open all for own hosts
community.general.ufw:
rule: allow
from: "{{ item }}"
trusted host from variable
2025-03-12 21:48:09 +01:00
loop: "{{ anyops_trusted_hosts }}"
#- 37.27.176.103 # muh.anyops.de
open some ports
2025-03-10 22:39:48 +01:00
# - 10.201.201.2 # wireguard
tags:
- ufw
add autoupgrade role
2025-03-17 18:17:11 +01:00
- name: autoupgrade
ansible.builtin.include_role:
name: anyops_autoupgrade
Reference in a new issue Copy permalink