Skip to content
Snippets Groups Projects
Normal view Permalink
ubuntu-shellinabox.yaml 2.35 KiB
Newer Older
Laurent Modolo's avatar
first test with ansible
Laurent Modolo committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 
- hosts: all
  tasks:

  - name: Update the system
    apt:
      upgrade: dist

  - name: Install requirements
    apt:
      name: 
        - autofs
        - fail2ban
        - python3-pip
        - nfs-common
        - jq
        - openssl
        - shellinabox
      state: latest

  - name: Remove old Docker version
    apt:
      name:
        - docker
        - docker-engine
        - docker.io
        - containerd
        - runc
      state: absent

  - name: Install Docker deps
    apt:
      name:
        - apt-transport-https
        - ca-certificates
        - curl
        - gnupg-agent
        - software-properties-common
      state: latest

  - name: Add Docker’s official GPG key
    apt_key:
      url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
      state: present

  - name: Add Docker's repository into sources list
    apt_repository:
      repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
      state: present

  - name: Install Docker engine community
    apt:
      name:
        - docker-ce
        - docker-ce-cli
        - containerd.io
      state: latest

  - name: Configure shell in a box 
    shell: sed -i 's|SHELLINABOX_PORT=4200|SHELLINABOX_PORT=443|' /etc/default/shellinabox

  - name: Configure network
    shell: iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT && iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT && iptables-save

  - name: Enable services
    systemd:
      name: "{{ item }}" 
      enabled: yes
      state: started
    loop:
      - docker
      - fail2ban

  - name: Restart services
    systemd:
      name: "{{ item }}" 
      enabled: yes
      state: restarted
    loop:
      - shellinabox 

  - name: Update pip
    pip:
      name: 
        - pip
      executable: pip3
      state: latest

  - name: Install docker-compose
    pip:
      name: 
        - docker-compose
      executable: pip3
      state: latest

  - name: Install Miniconda
    script: miniconda-install.sh

  - name: Copy IFB profile
    copy:
      src: profile_ifb.sh
      dest: /etc/profile.d/ifb.sh
      owner: root
      mode: '0644'

  - name: Create IFB root dir and bin
    shell: . /etc/profile.d/ifb.sh && mkdir -p $IFB_BIN

  - name: Create IFB data dir
    shell: . /etc/profile.d/ifb.sh && mkdir -p $IFB_DATADIR