Commit 85d9cdd3 authored by arcter's avatar arcter
Browse files

Refact

parent a5ac4d2c
all:
hosts:
www:
hostname: "www"
ansible_host: 192.168.255.251
ansible_user: arcter
# manager:
# ansible_host: security.manager.arcter
# ansible_user: arcter
rimuru:
hostname: "rimuru"
ansible_host: rimuru
ansible_user: arcter
children:
security_req:
hosts:
www: {}
vms:
children:
security_req: {}
# manager: {}
---
collections:
- ansible.posix
- community.docker
roles:
- src: git@git.sch.bme.hu:netadmin/ansibleroles/podmanrole.git
scm: git
version: master
name: podman.install
\ No newline at end of file
---
#Install OSquery
- name: Add Osquery key
ansible.builtin.apt.key:
keyserver: hkp://keyserver.ubuntu.com:80
id: 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
state: present
- name: Add Osquery repository
ansible.builtin.apt_repository:
repo: deb [arch=amd64] https://pkg.osquery.io/deb deb main
state: present
- name: Appdate apt cache
apt:
update_cache: yes
- name: Install Osquery
apt:
- osquery
- name: Enable Osquery
systemd:
daemon_reload: true
name: osquery
enabled: true
state: started
---
#Install Wazuh Agent
- name: Add Wazuh GPG key
ansible.builtin.apt.key:
url: https://packages.wazuh.com/key/GPG-KEY-WAZUH
state: present
- name: Add Wazuh repository
ansible.builtin.apt_repository:
repo: deb https://packages.wazuh.com/4.x/apt/ stable main
state: present
- name: Appdate apt cache
apt:
update_cache: yes
- name: Install Wazuh Agent
apt:
- wazuh-agent
- name: Config Wazuh Agent
shell: "agent-auth -m {{ manager.ansible_host }}"
- name: Enable Wazuh agent
systemd:
daemon_reload: true
name: wazuh-agent
enabled: true
state: started
---
- name: Install GPG
become: true
package:
name: gnupg
state: present
- name: Add the Caddy GPG key
become: true
ansible.builtin.apt_key:
url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
state: present
- name: Add the offical Caddy repository
become: true
ansible.builtin.apt_repository:
repo: "{{ item }}"
state: present
loop:
- deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
- deb-src https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
- name: Install Caddy
become: true
package:
name: caddy
state: present
......@@ -5,21 +5,8 @@
upgrade: yes
update_cache: yes
- name: "Install qemu-guest-agent"
become: true
package:
name: "{{item}}"
state: present
with_items:
- qemu-guest-agent
- name: Set hostname
become: true
ansible.builtin.hostname:
name: "{{ hostname }}"
- name: "Enable agent"
become: true
ansible.builtin.service:
name: qemu-guest-agent
enabled: yes
---
- name: Install Docker and Docker-compose
become: true
package:
name: "{{ item }}"
state: present
with_items:
- docker.io
- docker-compose
\ No newline at end of file
---
- name: Install GPG
become: true
package:
name: gnupg
state: present
- include_tasks: "tasks/podman/installpodmanonoldubuntu.yml"
when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "20.04"
- name: Install podman and python3
become: true
package:
name: "{{ item }}"
state: present
with_items:
- podman
- python3
- python3-pip
- python3-venv
- name: Install podman-compose & dependencies
become: true
pip:
name:
- setuptools
- podman-compose
---
- name: Add the Podman GPG key
become: true
ansible.builtin.apt_key:
url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key
state: present
- name: Add the official Podman Ubuntu 20.04 repository
become: true
ansible.builtin.apt_repository:
repo: deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /
state: present
- name: "Podman: Update and upgrade apt packages"
become: true
apt:
upgrade: yes
update_cache: yes
---
- name: Copy registries config
become: true
copy:
src: files/etc/containers/registries.conf
dest: /etc/containers/registries.conf
owner: root
group: root
mode: 0644
- name: Enable podman socket service
become: true
systemd:
name: podman.socket
state: started
enabled: yes
- name: Add read write permission to podman socket
become: true
file:
path: /var/run/podman/podman.sock
owner: root
group: root
mode: '0664'
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment