second commit

ansible/common.yml

@@ -1,130 +0,0 @@
-# playbook.yml:
----
-- name: "common config"
-  hosts: thismachine
-  connection: local
-
-  vars:
-    users:
-    - panda
-
-  tasks:
-    - name: Set timezone to Europe/Rome
-      timezone:
-        name: Europe/Rome
-
-    - name: Update repositories cache
-      apt:
-        update_cache: yes
-
-    - name: Install a list of packages
-      apt:
-        pkg:
-        - htop
-        - iotop
-        - glances
-        - screen
-        - sysstat
-        - git
-        - nmap
-        - ntp
-        - tinc
-        - fail2ban
-        - iptables-persistent
-
-    - debug:
-        msg: The main interface is {{ ansible_default_ipv4.interface }}
-
-    - name: Create a directory if it does not exist
-      file:
-        path: /scripts
-        state: directory
-        mode: '0755'
-
-    - name: "Create user accounts and add users to groups"
-      user:
-        name: "{{ item }}"
-        shell: "/bin/bash"
-      with_items: "{{ users }}"
-
-    - name: "Add authorized keys"
-      authorized_key:
-        user: "{{ item }}"
-        key: "{{ lookup('file', 'keys/'+ item + '.key.pub') }}"
-      with_items: "{{ users }}"
-
-    - name: create rules.v4
-      blockinfile:
-        create: yes
-        state: present
-#        path: "/scripts/rules.v4"
-        dest: "/scripts/rules.v4"
-        marker: "# {mark} ANSIBLE MANAGED BLOCK #"
-        block: |
-          # Generated by iptables-save v1.4.21 on Tue Nov 19 22:41:29 2019
-          *filter
-          :INPUT DROP [0:0]
-          :FORWARD DROP [0:0]
-          :OUTPUT ACCEPT [372:91728]
-          :fail2ban-ssh - [0:0]
-          -A INPUT -i lo -j ACCEPT
-          -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-          -A INPUT -i {{ ansible_default_ipv4.interface }} -p tcp -m tcp --dport 22 -j ACCEPT
-          -A INPUT -i {{ ansible_default_ipv4.interface }} -p icmp -m icmp --icmp-type 8 -j ACCEPT
-          -A INPUT -i vcn -p icmp -m icmp --icmp-type 8 -j ACCEPT
-          -A INPUT -s 172.20.1.125/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda blackfox" -j ACCEPT
-          -A INPUT -s 172.20.1.65/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda kiwi" -j ACCEPT
-          -A INPUT -s 172.20.1.90/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda scass1" -j ACCEPT
-          #-A INPUT -s 172.20.1.82/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment davide -j ACCEPT
-          #-A INPUT -s 172.20.1.15/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment encrypt -j ACCEPT
-          -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-          -A INPUT -j DROP
-          -A OUTPUT -o lo -j ACCEPT
-          -A fail2ban-ssh -j RETURN
-          COMMIT
-          # Completed on Tue Nov 19 22:41:29 2019
-
-    - name: create rules.v6
-      blockinfile:
-        create: yes
-        state: present
-#        path: "/scripts/rules.v4"
-        dest: "/scripts/rules.v6"
-        marker: "# {mark} ANSIBLE MANAGED BLOCK #"
-        block: |
-          # Generated by ip6tables-save v1.4.21 on Tue Nov 19 22:58:08 2019
-          *filter
-          :INPUT DROP [0:0]
-          :FORWARD DROP [0:0]
-          :OUTPUT DROP [0:0]
-          COMMIT
-          # Completed on Tue Nov 19 22:58:08 2019
-
-    - name: reload iptables v4
-      action: shell /sbin/iptables-restore -! < /scripts/rules.v4
-
-    - name: reload iptables v4
-      action: shell /sbin/ip6tables-restore -! < /scripts/rules.v6
-
-    - name: save iptables v4 rules
-      shell: iptables-save > /etc/iptables/rules.v4
-
-    - name: save iptables v6 rules
-      shell: ip6tables-save > /etc/iptables/rules.v6
-
-
-    - name: "Copy file with owner and permissions"
-      copy:
-        backup: yes
-        src: "{{ playbook_dir }}/repo/bashrc"
-        dest: /root/.bashrc
-        owner: root
-        group: root
-        mode: '0644'
-
-
-- name: "ssh_hardening"
-  hosts: thismachine
-  connection: local
-  roles:
-    - ssh_hardening

ansible/keys/panda.key.pub

@@ -1,2 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDggvHQafvmP/bTxL4N0ZllGYuHlOVH66iOmgI4FXbndfwhWXumVVWR7W24UTz1SWdfrakDvz87QY4F6mva4pVSNgXQtKCFYewSrCw5+hxF/iHncwYTAq6TJFfGEXtb1irJDEJAnatCINQqZD5vEXkogbansfMvhq0xnnbO0PeTb3QMAGr+2WtZhsUoLY60TQY3nKvTUIzNeCMZBrlNXZueyVTsldyLZY0izkP6c14UjzhrCJ9K0GrbquDyHHb2H3eBiDLknQkmiqWSemWWnZTE0NaJad+tI+yrORa7S5LeuIg1uD0xxkACz+oSIwg8TVDViOyFSUqQ5CoJnQlWKk6YWNyZiPkQSfNt4em/hrVNma6bCgFQaV/pYaRIhze+LkGRyHfC1eHGIK/NGNBYiHF0/sTOpDIFiFrTUXwo5L6J01hR1wu4hjLgRPWteMaPtp6z6ujrTxQo/U1a6b3nKiMzBor4engCsDxJ2ulpy9kRmy5YcEz4+hzmAfI2EcnJALXR2QAGrp5ZYqG7u1aNmzU5P4L78ypJ3q5NWKkUR+RhyNwwb1/BRGhzn4tadjO3Ft0G4LxxTMShWnDBA8N7+WtexP92LuJZm7jPdPC2nF9i5TQInFBNxTzvl3Pk7/ckqUjPXxM57O6ykLuF3FMO6oBPEhGdkddSwNBPUA1oIEmu/w== gino@hl
-

ansible/lldp.retry

@@ -1 +0,0 @@
-127.0.0.1

ansible/lldp.yml

@@ -1,8 +0,0 @@
-# playbook.yml:
---- 
-
-- name: "lldp"
-  hosts: thismachine
-  connection: local
-  roles:
-    - lldp

ansible/repo/bashrc

@@ -1,116 +0,0 @@
-# ~/.bashrc: executed by bash(1) for non-login shells.
-# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
-# for examples
-
-# If not running interactively, don't do anything
-case $- in
-    *i*) ;;
-      *) return;;
-esac
-
-# don't put duplicate lines or lines starting with space in the history.
-# See bash(1) for more options
-HISTCONTROL=ignoreboth
-
-# append to the history file, don't overwrite it
-shopt -s histappend
-
-# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
-HISTSIZE=999999
-HISTFILESIZE=200000
-
-# check the window size after each command and, if necessary,
-# update the values of LINES and COLUMNS.
-shopt -s checkwinsize
-
-# If set, the pattern "**" used in a pathname expansion context will
-# match all files and zero or more directories and subdirectories.
-#shopt -s globstar
-
-# make less more friendly for non-text input files, see lesspipe(1)
-#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
-
-# set variable identifying the chroot you work in (used in the prompt below)
-if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
-    debian_chroot=$(cat /etc/debian_chroot)
-fi
-
-# set a fancy prompt (non-color, unless we know we "want" color)
-case "$TERM" in
-    xterm-color) color_prompt=yes;;
-esac
-
-# uncomment for a colored prompt, if the terminal has the capability; turned
-# off by default to not distract the user: the focus in a terminal window
-# should be on the output of commands, not on the prompt
-#force_color_prompt=yes
-
-if [ -n "$force_color_prompt" ]; then
-    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
-	# We have color support; assume it's compliant with Ecma-48
-	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
-	# a case would tend to support setf rather than setaf.)
-	color_prompt=yes
-    else
-	color_prompt=
-    fi
-fi
-
-if [ "$color_prompt" = yes ]; then
-    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
-else
-    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
-fi
-unset color_prompt force_color_prompt
-
-# If this is an xterm set the title to user@host:dir
-case "$TERM" in
-xterm*|rxvt*)
-    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
-    ;;
-*)
-    ;;
-esac
-
-# enable color support of ls and also add handy aliases
-if [ -x /usr/bin/dircolors ]; then
-    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
-    alias ls='ls --color=auto'
-    #alias dir='dir --color=auto'
-    #alias vdir='vdir --color=auto'
-
-    #alias grep='grep --color=auto'
-    #alias fgrep='fgrep --color=auto'
-    #alias egrep='egrep --color=auto'
-fi
-
-# some more ls aliases
-alias ll='ls -lahs --color=auto'
-#alias la='ls -A'
-#alias l='ls -CF'
-
-# Alias definitions.
-# You may want to put all your additions into a separate file like
-# ~/.bash_aliases, instead of adding them here directly.
-# See /usr/share/doc/bash-doc/examples in the bash-doc package.
-
-if [ -f ~/.bash_aliases ]; then
-    . ~/.bash_aliases
-fi
-
-# enable programmable completion features (you don't need to enable
-# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
-# sources /etc/bash.bashrc).
-if ! shopt -oq posix; then
-  if [ -f /usr/share/bash-completion/bash_completion ]; then
-    . /usr/share/bash-completion/bash_completion
-  elif [ -f /etc/bash_completion ]; then
-    . /etc/bash_completion
-  fi
-fi
-
-HISTTIMEFORMAT="%Y-%m-%d_%T - "
-export PS1="\[\e[00;37m\]\t_\[\e[0m\]\[\e[00;33m\]\u\[\e[0m\]\[\e[00;37m\]@\[\e[0m\]\[\e[01;31m\]\h\[\e[0m\]\[\e[00;37m\]:\[\e[0m\]\[\e[00;36m\][\w]:\\$\[\e[0m\]\[\e[00;37m\]\[\e[0m\]"
-
-cd ~
-

ansible/repo/telegraf_settings

@@ -1,16 +0,0 @@
-telegraf now installed, edit /etc/telegraf/telegraf.conf adding:
-
-[[outputs.influxdb]]
-  urls = ["http://SERVER:PORT"]
-  database = "DB"
-  username = "USER"
-  password = "PASS"
-
-
-and restart it
-
-just
-
-cat repo/telegraf_settings
-
-for all the info not garbled

ansible/repo/transmission_settings

@@ -1,74 +0,0 @@
-{
-    "alt-speed-down": 1215751, 
-    "alt-speed-enabled": true, 
-    "alt-speed-time-begin": 90, 
-    "alt-speed-time-day": 127, 
-    "alt-speed-time-enabled": false, 
-    "alt-speed-time-end": 420, 
-    "alt-speed-up": 3567586, 
-    "bind-address-ipv4": "0.0.0.0", 
-    "bind-address-ipv6": "::", 
-    "blocklist-enabled": true, 
-    "blocklist-url": "http://john.bitsurge.net/public/biglist.p2p.gz", 
-    "cache-size-mb": 4, 
-    "dht-enabled": true, 
-    "download-dir": "/data/torrents/", 
-    "download-limit": 100, 
-    "download-limit-enabled": 0, 
-    "download-queue-enabled": false, 
-    "download-queue-size": 5, 
-    "encryption": 2, 
-    "idle-seeding-limit": 30, 
-    "idle-seeding-limit-enabled": false, 
-    "incomplete-dir": "/data/torrents/_incomplete/", 
-    "incomplete-dir-enabled": true, 
-    "lpd-enabled": true, 
-    "max-peers-global": 200, 
-    "message-level": 1, 
-    "peer-congestion-algorithm": "", 
-    "peer-id-ttl-hours": 6, 
-    "peer-limit-global": 16959, 
-    "peer-limit-per-torrent": 9999, 
-    "peer-port": 51413, 
-    "peer-port-random-high": 65535, 
-    "peer-port-random-low": 49152, 
-    "peer-port-random-on-start": false, 
-    "peer-socket-tos": "default", 
-    "pex-enabled": true, 
-    "port-forwarding-enabled": false, 
-    "preallocation": 1, 
-    "prefetch-enabled": 1, 
-    "queue-stalled-enabled": true, 
-    "queue-stalled-minutes": 30, 
-    "ratio-limit": 2, 
-    "ratio-limit-enabled": false, 
-    "rename-partial-files": true, 
-    "rpc-authentication-required": true, 
-    "rpc-bind-address": "0.0.0.0", 
-    "rpc-enabled": true, 
-    "rpc-password": "{8ed7b18864b8eba7ea5aa5b5df1ef3c7494f9c7fm7lsHLa0", 
-    "rpc-port": 9091, 
-    "rpc-url": "/transmission/", 
-    "rpc-username": "transmission", 
-    "rpc-whitelist": "0.0.0.0", 
-    "rpc-whitelist-enabled": false, 
-    "scrape-paused-torrents-enabled": true, 
-    "script-torrent-done-enabled": false, 
-    "script-torrent-done-filename": "", 
-    "seed-queue-enabled": false, 
-    "seed-queue-size": 10, 
-    "speed-limit-down": 20000, 
-    "speed-limit-down-enabled": true, 
-    "speed-limit-up": 1020, 
-    "speed-limit-up-enabled": true, 
-    "start-added-torrents": true, 
-    "trash-original-torrent-files": true, 
-    "umask": 18, 
-    "upload-limit": 100, 
-    "upload-limit-enabled": 0, 
-    "upload-slots-per-torrent": 14, 
-    "utp-enabled": true, 
-    "watch-dir": "/data/torrents/_watchdir/", 
-    "watch-dir-enabled": true
-}
-

ansible/roles/lldp/tasks/main.yml

@@ -1,29 +0,0 @@
-- name: Install lldpd
-  apt:
-    pkg:
-    - lldpd
-
-- name: stop transmission
-  systemd:
-    state: stopped
-    name: lldpd
-
-- name: memorize hostname variable
-  shell: hostname
-  register: hostname
-
-- set_fact: 
-    hostname={{ hostname.stdout }}
-
-- name: Add a line to a file if the file does not exist, without passing regexp
-  lineinfile:
-#    path: /etc/lldpd.d/hostname.conf
-    destfile: /etc/lldpd.d/hostname.conf
-    line: configure system description {{ hostname }}
-    create: yes
-    state: present
-
-- name: stop transmission
-  systemd:
-    state: started
-    name: lldpd

ansible/roles/ssh_hardening/tasks/main.yml

@@ -1,13 +0,0 @@
-- name: Password based logins are disabled - only public key based logins are allowed.
-  lineinfile: dest=/etc/ssh/sshd_config regexp='^#?AuthenticationMethods' line='AuthenticationMethods publickey'
-- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?PasswordAuthentication' line='PasswordAuthentication no'
-- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?ChallengeResponseAuthentication' line='ChallengeResponseAuthentication no'
-- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?PubkeyAuthentication' line='PubkeyAuthentication yes'
-- lineinfile: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin' line='PermitRootLogin No'
-
-- name: restart sshd
-  systemd:
-    state: restarted
-    daemon_reload: yes
-    name: sshd
-

ansible/roles/telegraf/tasks/main.yml

@@ -1,73 +0,0 @@
-- name: Install telegraf prerequsistes
-  apt:
-    pkg:
-    - apt-transport-https
-    - curl
-
-- name: Add influx repo key
-  shell: curl -sL https://repos.influxdata.com/influxdb.key | apt-key add -
-
-#- name: Check system version
-#  shell: source /etc/os-release
-#  args:
-#     executable: /bin/bash
-#
-#- set_fact: VERSION_ID="{{ lookup('env','VERSION_ID') }}"
-
-- name: memorize debian version variable
-  shell: cat /etc/debian_version | cut -d. -f1
-  register: debian_version
-
-- set_fact:
-    debian_version={{ debian_version.stdout }}
-
-- name: add repo for debian 7
-  when: "{{ debian_version }} == 7"
-  shell: echo "deb https://repos.influxdata.com/debian wheezy stable" | tee /etc/apt/sources.list.d/influxdb.list
-
-- name: add repo for debian 8
-  when: "{{ debian_version }} == 8"
-  shell: echo "deb https://repos.influxdata.com/debian jessie stable" | tee /etc/apt/sources.list.d/influxdb.list
-
-- name: add repo for debian 9
-  when: "{{ debian_version }} == 9"
-  shell: echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list
-
-- name: Update repositories cache
-  apt:
-    update_cache: yes
-
-- name: telegraf
-  apt:
-    pkg:
-    - telegraf
-
-- name: create telegraf basic config
-  shell: telegraf -sample-config -input-filter cpu:mem:swap:net:netstat:disk:diskio:docker:system:processes:kernel:sysstat:conntrack:nstat:iptables:sensors -output-filter influxdb > /etc/telegraf/telegraf.conf
-
-- name: restart telegraf
-  systemd:
-    state: restarted
-    name: telegraf
-
-- name: restart telegraf
-  systemd:
-    enabled: yes
-    name: telegraf
-
-#- name: display public key
-#  vars:
-#  debug: 
-#    msg:
-#      - 'telegraf now installed, edit /etc/telegraf/telegraf.conf adding:'
-#      - '[[outputs.influxdb]]'
-#      - '  urls = ["http://172.20.1.168:8086"]'
-#      - '  database = "telegraf_vcn_int"'
-#      - '  username = "telegraf_akari"'
-#      - '  password = "FCw7izWVan8cnh3upuwxtn15pnlhjWY2"'
-
-- name: display help next steps
-  vars:
-     contents: "{{ lookup('file', 'repo/telegraf_settings') }}"
-  debug: msg="{{ contents.split('\n') }}"
-

ansible/roles/transmission/tasks/main.yml

@@ -1,57 +0,0 @@
-- name: Install transmission
-  apt:
-    pkg:
-    - transmission-daemon
-
-- name: stop transmission
-  systemd:
-    state: stopped
-    name: transmission-daemon
-
-
-- name: "Copy file with owner and permissions"
-  copy:
-    backup: yes
-    src: "{{ playbook_dir }}/repo/transmission_settings"
-    dest: /etc/transmission-daemon/settings.json
-    owner: debian-transmission
-    group: debian-transmission
-    mode: '0600'
-
-- name: Create dir /data
-  file:
-    path: /data
-    state: directory
-    owner: root
-    group: root
-    mode: '0755'
-
-- name: Create dir /data/torrents
-  file:
-    path: /data/torrents
-    state: directory
-    owner: debian-transmission
-    group: debian-transmission
-    mode: '0755'
-
-- name: Create dir /data/torrents/_incomplete
-  file:
-    path: /data/torrents/_incomplete
-    state: directory
-    owner: debian-transmission
-    group: debian-transmission
-    mode: '0755'
-
-- name: Create dir /data/torrents/_watchdir
-  file:
-    path: /data/torrents/_watchdir
-    state: directory
-    owner: debian-transmission
-    group: debian-transmission
-    mode: '0755'
-
-- name: restart transmission
-  systemd:
-    state: restarted
-    daemon_reload: yes
-    name: transmission-daemon

ansible/roles/vcn/tasks/main.yml

@@ -1,13 +0,0 @@
-- name: create vcn folder
-  file:
-    path: /etc/tinc/vcn
-    state: directory
-    mode: '0700'
-
-- name: create keys
-  shell: tincd -n vcn -K4096
-
-- name: display public key
-  vars:
-     contents: "{{ lookup('file', '/etc/tinc/vcn/rsa_key.pub') }}"
-  debug: msg="vcn public key is {{ contents }}"

ansible/telegraf.retry

@@ -1 +0,0 @@
-127.0.0.1

ansible/telegraf.yml

@@ -1,9 +0,0 @@
-# playbook.yml:
---- 
-
-- name: "telegraf"
-  hosts: thismachine
-  connection: local
-  roles:
-    - telegraf
-    

ansible/to_add.txt

@@ -1,8 +0,0 @@
-vcn:
-nano /lib/systemd/system/tinc@.service
-
-ExecStart=/usr/sbin/tincd -n %i -D --logfile
-ExecReload=/usr/sbin/tincd -n %i -kHUP --logfile
-
-
-systemctl restart tinc@vcn

ansible/transmission.yml

@@ -1,8 +0,0 @@
-# playbook.yml:
---- 
-
-- name: "transmission"
-  hosts: thismachine
-  connection: local
-  roles:
-    - transmission

common.yml

@@ -4,9 +4,13 @@
   hosts: thismachine
   connection: local
 
-  vars:
-    users:
-    - panda
+- name: Include all .json and .jsn files in vars/all and all nested directories (2.3)
+  include_vars:
+    file: "variables.yml"
+
+#  vars:
+#    users:
+#    - testuser
 
   tasks:
     - name: Set timezone to Europe/Rome
@@ -57,7 +61,6 @@
       blockinfile:
         create: yes
         state: present
-#        path: "/scripts/rules.v4"
         dest: "/scripts/rules.v4"
         marker: "# {mark} ANSIBLE MANAGED BLOCK #"
         block: |
@@ -71,12 +74,7 @@
           -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
           -A INPUT -i {{ ansible_default_ipv4.interface }} -p tcp -m tcp --dport 22 -j ACCEPT
           -A INPUT -i {{ ansible_default_ipv4.interface }} -p icmp -m icmp --icmp-type 8 -j ACCEPT
-          -A INPUT -i vcn -p icmp -m icmp --icmp-type 8 -j ACCEPT
-          -A INPUT -s 172.20.1.125/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda blackfox" -j ACCEPT
-          -A INPUT -s 172.20.1.65/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda kiwi" -j ACCEPT
-          -A INPUT -s 172.20.1.90/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda scass1" -j ACCEPT
-          #-A INPUT -s 172.20.1.82/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment davide -j ACCEPT
-          #-A INPUT -s 172.20.1.15/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment encrypt -j ACCEPT
+          -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
           -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
           -A INPUT -j DROP
           -A OUTPUT -o lo -j ACCEPT
@@ -88,7 +86,6 @@
       blockinfile:
         create: yes
         state: present
-#        path: "/scripts/rules.v4"
         dest: "/scripts/rules.v6"
         marker: "# {mark} ANSIBLE MANAGED BLOCK #"
         block: |

keys/commonuser.key.pub

@@ -0,0 +1 @@
+

keys/panda.key.pub

@@ -1,2 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDggvHQafvmP/bTxL4N0ZllGYuHlOVH66iOmgI4FXbndfwhWXumVVWR7W24UTz1SWdfrakDvz87QY4F6mva4pVSNgXQtKCFYewSrCw5+hxF/iHncwYTAq6TJFfGEXtb1irJDEJAnatCINQqZD5vEXkogbansfMvhq0xnnbO0PeTb3QMAGr+2WtZhsUoLY60TQY3nKvTUIzNeCMZBrlNXZueyVTsldyLZY0izkP6c14UjzhrCJ9K0GrbquDyHHb2H3eBiDLknQkmiqWSemWWnZTE0NaJad+tI+yrORa7S5LeuIg1uD0xxkACz+oSIwg8TVDViOyFSUqQ5CoJnQlWKk6YWNyZiPkQSfNt4em/hrVNma6bCgFQaV/pYaRIhze+LkGRyHfC1eHGIK/NGNBYiHF0/sTOpDIFiFrTUXwo5L6J01hR1wu4hjLgRPWteMaPtp6z6ujrTxQo/U1a6b3nKiMzBor4engCsDxJ2ulpy9kRmy5YcEz4+hzmAfI2EcnJALXR2QAGrp5ZYqG7u1aNmzU5P4L78ypJ3q5NWKkUR+RhyNwwb1/BRGhzn4tadjO3Ft0G4LxxTMShWnDBA8N7+WtexP92LuJZm7jPdPC2nF9i5TQInFBNxTzvl3Pk7/ckqUjPXxM57O6ykLuF3FMO6oBPEhGdkddSwNBPUA1oIEmu/w== gino@hl
-

roles/docker/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+
+- include: ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'
+#  tags: package
+
+- include: debian.yml
+  when: ansible_os_family == 'Debian'
+#  tags: package
+
+- include: redhat.yml
+  when: ansible_os_family == 'RedHat'
+#  tags: package

roles/docker/tasks/ubuntu.yml

@@ -0,0 +1,30 @@
+- name: Install docker prerequsistes
+  apt:
+    pkg:
+    - apt-transport-https
+    - ca-certificates
+    - curl 
+    - software-properties-common
+
+- name: Add docker repo key
+  shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+
+- name: add repo for docker
+  shell: echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" | tee /etc/apt/sources.list.d/docker.list
+
+- name: Update repositories cache
+  apt:
+    update_cache: yes
+
+- name: telegraf
+  apt:
+    pkg:
+    - docker-ce
+
+#install compose:
+
+- name: download compose
+  shell: curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+
+- name: link compose
+  shell: chmod +x /usr/local/bin/docker-compose

roles/telegraf/tasks/main.yml

@@ -55,17 +55,6 @@
     enabled: yes
     name: telegraf
 
-#- name: display public key
-#  vars:
-#  debug: 
-#    msg:
-#      - 'telegraf now installed, edit /etc/telegraf/telegraf.conf adding:'
-#      - '[[outputs.influxdb]]'
-#      - '  urls = ["http://172.20.1.168:8086"]'
-#      - '  database = "telegraf_vcn_int"'
-#      - '  username = "telegraf_akari"'
-#      - '  password = "FCw7izWVan8cnh3upuwxtn15pnlhjWY2"'
-
 - name: display help next steps
   vars:
      contents: "{{ lookup('file', 'repo/telegraf_settings') }}"

roles/tincvpn/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: create tincvpn folder
+  file:
+    path: /etc/tinc/{{ tinc_vpn }}
+    state: directory
+    mode: '0700'
+
+- name: create keys
+  shell: tincd -n {{ tinc_vpn }} -K4096
+
+- name: display public key
+  vars:
+     contents: "{{ lookup('file', '/etc/tinc/{{ tinc_vpn }}/rsa_key.pub') }}"
+  debug: msg="{{ tinc_vpn }} public key is {{ contents }}"

roles/vcn/tasks/main.yml

@@ -1,13 +0,0 @@
-- name: create vcn folder
-  file:
-    path: /etc/tinc/vcn
-    state: directory
-    mode: '0700'
-
-- name: create keys
-  shell: tincd -n vcn -K4096
-
-- name: display public key
-  vars:
-     contents: "{{ lookup('file', '/etc/tinc/vcn/rsa_key.pub') }}"
-  debug: msg="vcn public key is {{ contents }}"

ansible/vcn.yml → tincvpn.yml

@@ -1,9 +1,9 @@
 # playbook.yml:
 --- 
 
-- name: "vcn"
+- name: "tincvpn"
   hosts: thismachine
   connection: local
   roles:
-    - vcn
+    - tincpvn
     

to_add.txt

@@ -1,8 +1,8 @@
-vcn:
+tincvpn:
 nano /lib/systemd/system/tinc@.service
 
 ExecStart=/usr/sbin/tincd -n %i -D --logfile
 ExecReload=/usr/sbin/tincd -n %i -kHUP --logfile
 
 
-systemctl restart tinc@vcn
+systemctl restart tinc@vpn

variables.yml

@@ -0,0 +1,3 @@
+users:
+  - commonuser
+tinc_vpn: vpn

vcn.yml

@@ -1,9 +0,0 @@
-# playbook.yml:
---- 
-
-- name: "vcn"
-  hosts: thismachine
-  connection: local
-  roles:
-    - vcn
-