snackpot.yml - set up networking on server

roles/root_sudoers/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# Enables a sudoer group
+# (Debianoid specific)
+
+root_sudoers_group: sudo

roles/root_sudoers/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Install sudo on debian
+  apt:
+    name: sudo
+    update_cache: yes
+    
+- name: configure sudo to allow root access for {{root_sudoers_group}} members
+  template:
+    dest: '/etc/sudoers.d/allow-sudoing'
+    src: 'sudoers.d/allow-sudoing.j2'
+    owner: root
+    group: root
+    mode: 0440
+    backup: no
+

roles/root_sudoers/templates/sudoers.d/allow-sudoing.j2

@@ -0,0 +1,2 @@
+## Allows people in this group to run all commands
+%{{ root_sudoers_group }}  ALL=(ALL)       ALL

roles/ufw/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+
+# A list of ports to allow incomming connections on
+ufw_allow_in: [22]

roles/ufw/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- name: install base packages
+  apt:
+    name: ufw
+    state: present
+    update_cache: true
+
+- name: deny all incoming traffic
+  ufw:
+    policy: deny
+    direction: incoming
+
+- name: allow all outgoing traffic
+  ufw:
+    policy: allow
+    direction: outgoing
+
+- name: allow incoming traffic for ssh and web server
+  ufw:
+    rule: allow
+    direction: in
+    to_port: "{{ item }}"
+    proto: tcp
+  with_items: "{{ ufw_allow_in }}"
+
+- name: enable ufw
+  ufw:
+    state: enabled

snackpot.yml

@@ -14,6 +14,47 @@
     docker_compose_base_dir: /opt/docker-compose
 
   tasks:
+    - hostname:
+        name: "{{ nextcloud_hostname }}"
+      tags: network
+
+    - name: install packages
+      apt:
+        update_cache: true
+        name:
+          - emacs
+          - strace
+          - nmap
+          - git
+      
+    - include_role:
+        name: root_sudoers
+        apply: { tags: root_sudoers }
+      tags: root_sudoers
+      
+    - include_role:
+        name: ufw
+        apply: { tags: ufw }
+      tags: ufw
+      vars:
+        ufw_allow_in: ["22", "80", "443"]
+        
+    - include_role:
+        name: mrlesmithjr.netplan
+        apply: { become: true, tags: [netplan, network] }
+      tags: netplan, network
+      vars:
+        netplan_enabled: true
+        netplan_configuration:
+          network:
+            version: 2
+            ethernets:
+              enp3s0:
+                addresses: [192.168.0.55/24]
+                gateway4: 192.168.0.1
+                nameservers:
+                  addresses: [192.168.0.1]
+    
     - include_role:
         name: docker_compose
         apply: { tags: docker_compose }