Refact

85d9cdd3 · arcter · a5ac4d2c · 85d9cdd3 · 85d9cdd3 · a5ac4d2c
Commit 85d9cdd3 authored Jan 15, 2022 by arcter
--- a/Ansible/inventory.yml
+++ b/Ansible/inventory.yml
 all:
  hosts:
-    www:
-      hostname: "www"
-      ansible_host: 192.168.255.251
-      ansible_user: arcter
-    # manager:
-    #   ansible_host: security.manager.arcter
-    #   ansible_user: arcter
    rimuru:
      hostname: "rimuru"
      ansible_host: rimuru
      ansible_user: arcter
-  children:
-    security_req:
-      hosts:
-        www: {}
-    vms:
-      children:
-        security_req: {}
-        # manager: {}
--- a/Ansible/requirements.galaxy.yaml
+++ b/Ansible/requirements.galaxy.yaml
+---
+collections:
+  - ansible.posix
+  - community.docker
+
+roles:
+  - src: git@git.sch.bme.hu:netadmin/ansibleroles/podmanrole.git
+    scm: git
+    version: master
+    name: podman.install
\ No newline at end of file
--- a/Ansible/tasks/Security/hosts/osquery.yml
+++ b/Ansible/tasks/Security/hosts/osquery.yml
---
-#Install OSquery
- name: Add Osquery key
-  ansible.builtin.apt.key:
-    keyserver: hkp://keyserver.ubuntu.com:80
-    id: 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
-    state: present
-
- name: Add Osquery repository
-  ansible.builtin.apt_repository:
-    repo: deb [arch=amd64] https://pkg.osquery.io/deb deb main
-    state: present
-
- name: Appdate apt cache
-  apt:
-    update_cache: yes
-
- name: Install Osquery
-  apt:
-    - osquery
-
- name: Enable Osquery
-  systemd:
-    daemon_reload: true
-    name: osquery
-    enabled: true
-    state: started
--- a/Ansible/tasks/Security/hosts/wazuh.yml
+++ b/Ansible/tasks/Security/hosts/wazuh.yml
---
-#Install Wazuh Agent
- name: Add Wazuh GPG key
-  ansible.builtin.apt.key:
-    url: https://packages.wazuh.com/key/GPG-KEY-WAZUH
-    state: present
-
- name: Add Wazuh repository
-  ansible.builtin.apt_repository:
-    repo: deb https://packages.wazuh.com/4.x/apt/ stable main
-    state: present
-
- name: Appdate apt cache
-  apt:
-    update_cache: yes
-
- name: Install Wazuh Agent
-  apt:
-    - wazuh-agent
-
- name: Config Wazuh Agent
-  shell: "agent-auth -m {{ manager.ansible_host }}"
-
- name: Enable Wazuh agent
-  systemd:
-    daemon_reload: true
-    name: wazuh-agent
-    enabled: true
-    state: started
--- a/Ansible/tasks/Security/manager/osquery.yml
+++ b/Ansible/tasks/Security/manager/osquery.yml
--- a/Ansible/tasks/Security/manager/wazuh.yml
+++ b/Ansible/tasks/Security/manager/wazuh.yml
--- a/Ansible/tasks/caddy_install.yml
+++ b/Ansible/tasks/caddy_install.yml
---
- name: Install GPG
-  become: true
-  package:
-    name: gnupg
-    state: present
-
- name: Add the Caddy GPG key
-  become: true
-  ansible.builtin.apt_key:
-    url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
-    state: present
-
-
- name: Add the offical Caddy repository
-  become: true
-  ansible.builtin.apt_repository:
-    repo: "{{ item }}"
-    state: present
-  loop:
-  -  deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
-  -  deb-src https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
-
- name: Install Caddy
-  become: true
-  package:
-    name: caddy
-    state: present
--- a/Ansible/tasks/init.yml
+++ b/Ansible/tasks/init.yml
@@ -5,21 +5,8 @@
    upgrade: yes
    update_cache: yes

- name: "Install qemu-guest-agent"
-  become: true
-  package:
-    name: "{{item}}"
-    state: present
-  with_items:
-    - qemu-guest-agent
-
 - name: Set hostname
  become: true
  ansible.builtin.hostname:
    name: "{{ hostname }}"

- name: "Enable agent"
-  become: true
-  ansible.builtin.service:
-    name: qemu-guest-agent
-    enabled: yes
--- a/Ansible/tasks/installdocker.yml
+++ b/Ansible/tasks/installdocker.yml
---
- name: Install Docker and Docker-compose
-  become: true
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - docker.io
-    - docker-compose
\ No newline at end of file
--- a/Ansible/tasks/podman/installpodman.yml
+++ b/Ansible/tasks/podman/installpodman.yml
---
- name: Install GPG
-  become: true
-  package:
-    name: gnupg
-    state: present
-
- include_tasks: "tasks/podman/installpodmanonoldubuntu.yml"
-  when:  ansible_distribution == "Ubuntu" and ansible_distribution_version == "20.04"
-
- name: Install podman and python3
-  become: true
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - podman
-    - python3
-    - python3-pip
-    - python3-venv
-
- name: Install podman-compose & dependencies
-  become: true
-  pip: 
-    name:
-      - setuptools
-      - podman-compose
--- a/Ansible/tasks/podman/installpodmanonoldubuntu.yml
+++ b/Ansible/tasks/podman/installpodmanonoldubuntu.yml
---
- name: Add the Podman GPG key
-  become: true
-  ansible.builtin.apt_key:
-    url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key
-    state: present
-
- name: Add the official Podman Ubuntu 20.04 repository
-  become: true
-  ansible.builtin.apt_repository:
-    repo: deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /
-    state: present
-
- name: "Podman: Update and upgrade apt packages"
-  become: true
-  apt:
-    upgrade: yes
-    update_cache: yes
-
-
--- a/Ansible/tasks/podman/podman_config.yml
+++ b/Ansible/tasks/podman/podman_config.yml
---
- name: Copy registries config
-  become: true
-  copy:
-    src: files/etc/containers/registries.conf
-    dest: /etc/containers/registries.conf
-    owner: root
-    group: root
-    mode: 0644
-
- name: Enable podman socket service
-  become: true
-  systemd:
-    name: podman.socket
-    state: started
-    enabled: yes
-
- name: Add read write permission to podman socket
-  become: true
-  file:
-    path: /var/run/podman/podman.sock
-    owner: root
-    group: root
-    mode: '0664'