Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-05 14:48:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
tpotce/installer/ansible/debian.yml

169 lines
4.2 KiB
YAML
Raw Normal View History

start work on ansible installer
2023-06-21 21:21:11 +00:00
---
########################################
# T-Pot - Install recommended packages #
########################################
- name: T-Pot - Install recommended packages
hosts: all
gather_facts: true
become: true
tasks:
sync hw clock to system
2023-06-22 15:17:42 +00:00
- name: Syncing clocks
shell: "hwclock --hctosys"
start work on ansible installer
2023-06-21 21:21:11 +00:00
- name: Install recommended packages
package:
name:
- bash-completion
- ca-certificates
- curl
- git
- gnupg
- grc
- neovim
- net-tools
state: present
update-cache: yes
#################################################
# T-Pot - Prepare for and install Docker Engine #
#################################################
- name: T-Pot - Prepare for and install Docker Engine
hosts: all
gather_facts: true
become: true
tasks:
- name: Remove distribution based Docker packages
package:
name:
- docker
- docker-engine
- docker.io
- containerd
- runc
state: absent
update-cache: yes
- name: Add folder for Docker Engine GPG key
file:
path: /etc/apt/keyrings
state: directory
mode: 0755
- name: Download Docker Engine GPG key
get_url:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
dest: /etc/apt/keyrings/docker
mode: 0755
- name: Decrypt Docker Engine GPG key
shell: gpg --dearmor /etc/apt/keyrings/docker
args:
creates: /etc/apt/keyrings/docker.gpg
- name: Add Docker Engine repository
apt_repository:
filename: docker
repo: "deb [arch={{ ansible_architecture | replace('aarch64', 'arm64') }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
state: present
update-cache: yes
- name: Install Docker Engine packages
package:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: present
update-cache: yes
notify: Restart Docker
- name: Enable Docker Engine upon boot
systemd:
name: docker
state: started
enabled: yes
handlers:
- name: Restart Docker
ansible.builtin.service:
name: docker
state: restarted
enabled: true
######################################################
# T-Pot - Adjust configs, add users and groups, etc. #
######################################################
- name: T-Pot - Adjust configs, add users and groups, etc.
hosts: all
gather_facts: true
become: true
tasks:
- name: Create T-Pot group
group:
name: tpot
gid: 2000
state: present
- name: Create T-Pot user
user:
name: tpot
uid: 2000
system: yes
shell: /bin/false
home: /nonexistent
group: tpot
- name: Change SSH Port to 64295
lineinfile:
path: /etc/ssh/sshd_config
line: "Port 64295"
insertafter: EOF
notify: Restart SSH
handlers:
- name: Restart SSH
ansible.builtin.service:
name: sshd
state: restarted
######################################
# T-Pot - Adjust group users, bashrc #
######################################
- name: T-Pot - Adjust group users, bashrc
hosts: all
gather_facts: true
tasks:
- name: Add aliases
blockinfile:
path: ~/.bashrc
block: |
alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\t{{'{{'}}.Status{{'}}'}}\t{{'{{'}}.Ports{{'}}'}}" | sort'
alias dpsw='watch -c bash -ic dps'
marker: "# {mark} ANSIBLE MANAGED BLOCK"
insertafter: EOF
state: present
- name: Add current user to Docker, T-Pot group
become: true
user:
name: "{{ ansible_user_id }}"
groups:
- docker
- tpot
append: yes
- name: Check for non-root user id
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
failed_when: ansible_user_id == "root"
Reference in a new issue Copy permalink