-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook.yml
125 lines (104 loc) · 3.42 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
---
- name: Configurar mi VPS en caso de reinstalarla
hosts: localhost
connection: local
become: yes
tasks:
- name: Actualizar la lista de paquetes
apt:
update_cache: yes
- name: Actualizar todos los paquetes del sistema
apt:
upgrade: dist
- name: Instalar libpam-google-authenticator
apt:
name: libpam-google-authenticator
state: present
- name: Modificar el archivo /etc/pam.d/sshd
copy:
src: ./config/sshd
dest: /etc/pam.d/sshd
owner: root
group: root
mode: '0644'
- name: Configurar servidor ssh con el archivo sshd_config
copy:
src: ./config/sshd_config
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0600'
notify: restart ssh
- name: Instalar fail2ban
apt:
name: fail2ban
state: present
- name: Crear logdata para el fail2ban
file:
path: /root/sshd
state: touch
- name: Configurar fail2ban con el archivo jail.local
copy:
src: ./config/jail.local
dest: /etc/fail2ban/jail.local
owner: root
group: root
mode: '0644'
notify: restart fail2ban
- name: Instalar dependencias para Docker
apt:
name: ['ca-certificates', 'curl', 'gnupg', 'lsb-release']
state: present
- name: Crear directorio para la llave de Docker
file:
path: /etc/apt/keyrings
state: directory
- name: Descargar y guardar la llave de Docker
shell: |
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
- name: Añadir el repositorio de Docker
shell: |
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
- name: Instalar Docker y el plugin de Docker Compose
apt:
name: ['docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-compose-plugin']
state: present
- name: Levantar contenedores Docker Compose con Nginx (proxy manager incluido)
command: docker compose up -d
args:
chdir: ./config/stack_nginxproxymanager/
- name: Levantar contenedor Docker Compose con Portainer
command: docker compose up -d
args:
chdir: ./config/stack_portainer/
- name: Levantar contenedor Docker Compose con Netdata
command: docker compose up -d
args:
chdir: ./config/stack_netdata/
- name: Crear certificado para Wazuh
command: docker compose -f generate-indexer-certs.yml run --rm generator
args:
chdir: ./config/stack_wazuh/
- name: Levantar contenedores Docker Compose con Wazuh
command: docker compose up -d
args:
chdir: ./config/stack_wazuh/
- name: Levantar contenedor Docker Compose con Jellyfin
command: docker compose up -d
args:
chdir: ./config/stack_jellyfin/
- name: Levantar contenedor Docker Compose con Wireward VPN
command: docker compose up -d
args:
chdir: ./config/stack_wireward/
handlers:
- name: restart ssh
service:
name: ssh
state: restarted
- name: restart fail2ban
service:
name: fail2ban
state: restarted