109 lines
No EOL
2.3 KiB
YAML
109 lines
No EOL
2.3 KiB
YAML
---
|
|
# roles/setup_server/tasks/main.yml
|
|
|
|
- name: Erstelle einen neuen User mit Sudo-Rechten
|
|
user:
|
|
name: "{{ username }}"
|
|
password: "{{ user_password | password_hash('sha512') }}" # Das Passwort wird mit SHA-512 gehasht
|
|
state: present
|
|
shell: /bin/bash
|
|
groups: wheel # Gibt Sudo-Rechte
|
|
append: yes
|
|
|
|
- name: Erstelle den SSH-Ordner für den neuen User
|
|
file:
|
|
path: "/home/{{ username }}/.ssh"
|
|
state: directory
|
|
mode: '0700'
|
|
owner: "{{ username }}"
|
|
group: "{{ username }}"
|
|
|
|
- name: Setze die Berechtigungen für die authorized_keys-Datei
|
|
file:
|
|
path: "/home/{{ username }}/.ssh/authorized_keys"
|
|
state: touch
|
|
mode: '0600'
|
|
owner: "{{ username }}"
|
|
group: "{{ username }}"
|
|
|
|
- name: Entferne den Root-SSH-Zugang
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
notify:
|
|
- restart sshd
|
|
|
|
- name: Installiere firewalld
|
|
package:
|
|
name: firewalld
|
|
state: present
|
|
|
|
- name: Starte und aktiviere firewalld
|
|
service:
|
|
name: firewalld
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Sperre alle Ports in firewalld
|
|
firewalld:
|
|
zone: public
|
|
service: ssh
|
|
permanent: yes
|
|
state: enabled
|
|
|
|
# roles/setup_server/tasks/main.yml
|
|
|
|
- name: Entferne alte Docker-Versionen, falls vorhanden
|
|
dnf:
|
|
name:
|
|
- docker
|
|
- docker-client
|
|
- docker-client-latest
|
|
- docker-common
|
|
- docker-latest
|
|
- docker-latest-logrotate
|
|
- docker-logrotate
|
|
- docker-engine
|
|
- podman
|
|
- runc
|
|
state: absent
|
|
|
|
- name: Installiere DNF-Plugins und Docker-Repository
|
|
dnf:
|
|
name: dnf-plugins-core
|
|
state: present
|
|
|
|
- name: Installiere Docker CE, CLI und andere Docker-Komponenten
|
|
dnf:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- docker-buildx-plugin
|
|
- docker-compose-plugin
|
|
state: present
|
|
|
|
- name: Aktiviere und starte Docker
|
|
service:
|
|
name: docker
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Füge den neuen User zur Docker-Gruppe hinzu
|
|
user:
|
|
name: "{{ username }}"
|
|
groups: docker
|
|
append: yes
|
|
|
|
- name: Starte den Docker-Dienst neu, um Änderungen zu übernehmen
|
|
systemd:
|
|
name: docker
|
|
state: restarted
|
|
|
|
- name: Deaktiviere Docker-Zone in firewalld
|
|
firewalld:
|
|
zone: docker
|
|
state: disabled
|
|
permanent: yes |