--- # roles/setup_server/tasks/main.yml - name: Erstelle einen neuen User mit Sudo-Rechten user: name: "{{ username }}" password: "{{ user_password | password_hash('sha512') }}" # Das Passwort wird mit SHA-512 gehasht state: present shell: /bin/bash groups: wheel # Gibt Sudo-Rechte append: yes - name: Erstelle den SSH-Ordner für den neuen User file: path: "/home/{{ username }}/.ssh" state: directory mode: '0700' owner: "{{ username }}" group: "{{ username }}" - name: Setze die Berechtigungen für die authorized_keys-Datei file: path: "/home/{{ username }}/.ssh/authorized_keys" state: touch mode: '0600' owner: "{{ username }}" group: "{{ username }}" - name: Entferne den Root-SSH-Zugang lineinfile: path: /etc/ssh/sshd_config regexp: '^PermitRootLogin' line: 'PermitRootLogin no' state: present notify: - restart sshd - name: Installiere firewalld package: name: firewalld state: present - name: Starte und aktiviere firewalld service: name: firewalld state: started enabled: yes - name: Sperre alle Ports in firewalld firewalld: zone: public service: ssh permanent: yes state: enabled # roles/setup_server/tasks/main.yml - name: Entferne alte Docker-Versionen, falls vorhanden dnf: name: - docker - docker-client - docker-client-latest - docker-common - docker-latest - docker-latest-logrotate - docker-logrotate - docker-engine - podman - runc state: absent - name: Installiere DNF-Plugins und Docker-Repository dnf: name: dnf-plugins-core state: present - name: Installiere Docker CE, CLI und andere Docker-Komponenten dnf: name: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin state: present - name: Aktiviere und starte Docker service: name: docker state: started enabled: yes - name: Füge den neuen User zur Docker-Gruppe hinzu user: name: "{{ username }}" groups: docker append: yes - name: Starte den Docker-Dienst neu, um Änderungen zu übernehmen systemd: name: docker state: restarted - name: Deaktiviere Docker-Zone in firewalld firewalld: zone: docker state: disabled permanent: yes