init

2023-06-27 17:36:56 +02:00
commit 8d5852a4fa
46 changed files with 2330 additions and 0 deletions
--- a/roles/common/tasks/docker.yml
+++ b/roles/common/tasks/docker.yml
@@ -0,0 +1,46 @@
+---
+- name: Install docker prerequisites
+  package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - ca-certificates
+    - curl
+    - gnupg
+    - lsb-release
+
+- name: One way to avoid apt_key once it is removed from your distro
+  block:
+    - name: create keyring folder
+      file:
+        path: /etc/apt/keyrings
+        mode: '0755'
+        recurse: true
+
+    - name: Check if docker key already exists
+      stat:
+        path: /etc/apt/keyrings/docker.gpg
+      register: docker_gpg      
+    
+    - name: docker repo key
+      shell:
+        cmd: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+      when: docker_gpg.stat.exists == false
+
+    - name: add docker repo | apt source
+      ansible.builtin.apt_repository:
+        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+        state: present
+
+- name: Install docker
+  package:
+    name: "{{ item }}"
+    state: present
+    update_cache: true
+  loop:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+...
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,79 @@
+---
+- name: Include docker tasks
+  include_tasks:
+    file: docker.yml
+
+- name: Create default groups
+  group:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - docker
+    - ansible
+
+- name: Create default user
+  user:
+    name: "martin"
+    uid: "1000"
+    groups: docker,ansible
+    append: yes
+    shell: /bin/bash
+    state: present
+
+- name: Create appusers
+  user:
+    name: "{{ item }}"
+    shell: /bin/bash
+    state: present
+  loop:
+    - "{{ appusers }}"
+
+- name: create root authorized_keys
+  template:
+    src: root_authorized_keys.j2
+    dest: /root/.ssh/authorized_keys
+    owner: root
+    mode: '0600'
+
+      #- name: Create user authorized_keys
+      #  authorized_key:
+      #    user: "{{ item }}"
+      #    key: "{{ item }}_rsa.pub"
+      #  loop:
+      #    - '{{ keys }}'
+
+- name: apt update && apt upgrade
+  apt:
+    name: "*"
+    state: latest
+    update_cache: true
+
+- name: Install default packages
+  apt:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - "{{ default_pkgs }}"
+
+- name: create docker/watchtower folder
+  file:
+    path: /opt/docker/watchtower
+    owner: 1000
+    group: 1000
+    mode: '0755'
+    state: directory
+
+- name: Place watchtower docker-compose.yaml
+  template:
+    src: docker-compose.yaml.j2
+    dest: /opt/docker/watchtower/docker-compose.yaml
+  notify: restart docker-compose
+  tags: setup,update
+
+- name: Start watchtower
+  community.docker.docker_compose:
+    project_src: /opt/docker/watchtower
+    state: present
+    pull: true
+  tags: test
+...