--- # - hosts: all # tasks: # - name: Print message # debug: # msg: Hello Ansible World - hosts: all become: true tasks: ## Docker - name: Add Docker GPG apt Key (new) ansible.builtin.get_url: # Docker Release (CE deb) url: "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8d81803c0ebfcd88" dest: /etc/apt/keyrings/docker_rel_ce_deb.asc - name: Add Docker Repository apt_repository: repo: "deb [signed-by=/etc/apt/keyrings/docker_rel_ce_deb.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present - name: Update apt and install docker-ce apt: name: docker-ce state: latest update_cache: true - name: install pip3 apt: name: python3-pip state: latest # - name: Container present test # community.docker.docker_container: # name: ansible_deployed # state: absent - name: Registry cache community.docker.docker_container: name: registry_cache state: started restart_policy: unless-stopped image: mirror.gcr.io/registry:2 ports: - "5000:5000" volumes: - /var/lib/registry:/var/lib/registry env: REGISTRY_PROXY_REMOTEURL: https://registry-1.docker.io REGISTRY_PROXY_USERNAME: stelb REGISTRY_PROXY_PASSWORD: "{{ DOCKER_IO_PASSWORD }}" - name: add docker rules to ufw blockinfile: path: /etc/ufw/after.rules marker_begin: BEGIN UFW AND DOCKER marker_end: END UFW AND DOCKER state: present block: "{{ lookup('ansible.builtin.file', 'ufw-docker.rules') }}" tags: - ufw - name: allow OpenSSH community.general.ufw: rule: allow app: OpenSSH - name: enable ufw community.general.ufw: state: enabled policy: reject tags: - ufw - name: open ports community.general.ufw: rule: allow proto: "{{ item[1] }}" port: "{{ item[0] }}" route: "{{ item[2] | default(omit) }}" loop: - [ 80, 'tcp', true ] # traefik - [ 443, 'tcp', true ] # traefik - [ 25, 'tcp', true ] # smtp ntfy - [ 51820, 'udp', true ] # wireguard - [ 53, 'udp', true ] # technitium, dns - [ 53, 'tcp', true ] # technitium, dns # - [ 1935, 'udp', true ] # owncast # - [ 1935, 'tcp', true ] # owncast - [ 2222, 'tcp', true ] # forgejo - [ 22, 'tcp', true ] # forgejo tags: - ufw - name: open network for own hosts community.general.ufw: rule: allow from: "{{ item }}" loop: "{{ anyops_trusted_hosts }}" - 37.27.176.103 # muh.anyops.de - 37.120.191.100 # service01.anyops.de - 152.53.229.139 # service02.anyops.de - 5.75.165.105 # gate1.stelb.cloud tags: - ufw - name: autoupgrade ansible.builtin.include_role: name: anyops_autoupgrade # kanidm - name: Add kanidm GPG apt key ansible.builtin.get_url: url: https://kanidm.github.io/kanidm_ppa/kanidm_ppa.asc dest: /etc/apt/keyrings/kanidm_ppa.asc - name: Add kanidm repo apt_repository: repo: "deb [signed-by=/etc/apt/keyrings/kanidm_ppa.asc] https://kanidm.github.io/kanidm_ppa {{ ansible_distribution_release }} stable" state: present - name: install kanidm apt: name: - kanidm - kanidm-unixd