From b5bfbd8a2d3bddae5b622383d995366fd5eb5e8b Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Thu, 11 Jan 2024 05:27:51 +0530 Subject: [PATCH] feat: update repositories and configure firewall --- dolibarr/.gitignore | 2 + dolibarr/ansible/base.yml | 27 +++++ dolibarr/ansible/roles/ufw/tasks/main.yml | 32 ++++++ dolibarr/requirements.txt | 31 ++++++ dolibarr/requirements.yml | 115 ++++++++++++++++++++++ 5 files changed, 207 insertions(+) create mode 100644 dolibarr/ansible/base.yml create mode 100644 dolibarr/ansible/roles/ufw/tasks/main.yml create mode 100644 dolibarr/requirements.txt create mode 100644 dolibarr/requirements.yml diff --git a/dolibarr/.gitignore b/dolibarr/.gitignore index c308493..ed01b9f 100644 --- a/dolibarr/.gitignore +++ b/dolibarr/.gitignore @@ -4,3 +4,5 @@ dolibar terraform.tfstate.d/ dolibar dolibar +dolibarr +.terraform/ diff --git a/dolibarr/ansible/base.yml b/dolibarr/ansible/base.yml new file mode 100644 index 0000000..8901f48 --- /dev/null +++ b/dolibarr/ansible/base.yml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- +- name: Install and enable firewall + hosts: all + remote_user: debian + pre_tasks: + - name: Ensure all VMs are reachable + ansible.builtin.ping: + roles: + - ufw + + tasks: + - name: Install git, zip, nginx, wget, curl & other utils + become: true + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + pkg: + - git + - wget + - curl + - gpg + - ca-certificates + - zip diff --git a/dolibarr/ansible/roles/ufw/tasks/main.yml b/dolibarr/ansible/roles/ufw/tasks/main.yml new file mode 100644 index 0000000..fa5a70f --- /dev/null +++ b/dolibarr/ansible/roles/ufw/tasks/main.yml @@ -0,0 +1,32 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +--- +- name: Install ufw + become: true + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + pkg: + - ufw + +- name: Set logging + become: true + community.general.ufw: + logging: "on" + +- name: Allow port 22 and enable UFW + become: true + community.general.ufw: + state: enabled + rule: allow + proto: tcp + port: "22" + +- name: Enable and start ufw service + become: true + ansible.builtin.service: + name: ufw + enabled: true + state: started diff --git a/dolibarr/requirements.txt b/dolibarr/requirements.txt new file mode 100644 index 0000000..c40d44d --- /dev/null +++ b/dolibarr/requirements.txt @@ -0,0 +1,31 @@ +ansible==9.1.0 +ansible-core==2.16.2 +certifi==2023.11.17 +cffi==1.16.0 +charset-normalizer==3.3.2 +contextvars==2.4 +cryptography==41.0.7 +distro==1.9.0 +execnet==2.0.2 +idna==3.6 +immutables==0.20 +iniconfig==2.0.0 +Jinja2==3.1.3 +jmespath==1.0.1 +looseversion==1.3.0 +MarkupSafe==2.1.3 +msgpack==1.0.7 +packaging==23.2 +pluggy==1.3.0 +psutil==5.9.7 +pycparser==2.21 +pycryptodomex==3.20.0 +pytest==7.4.4 +pytest-testinfra==10.0.0 +pytest-xdist==3.5.0 +PyYAML==6.0.1 +pyzmq==25.1.2 +requests==2.31.0 +resolvelib==1.0.1 +salt==3006.5 +urllib3==2.1.0 diff --git a/dolibarr/requirements.yml b/dolibarr/requirements.yml new file mode 100644 index 0000000..043e3e7 --- /dev/null +++ b/dolibarr/requirements.yml @@ -0,0 +1,115 @@ + +# /home/atm/code/libre-solutions/iac/dolibarr/venv/lib/python3.11/site-packages/ansible_collections +Collection Version +----------------------------- ------- +amazon.aws 7.0.0 +ansible.netcommon 5.3.0 +ansible.posix 1.5.4 +ansible.utils 2.12.0 +ansible.windows 2.2.0 +arista.eos 6.2.2 +awx.awx 23.5.0 +azure.azcollection 1.19.0 +check_point.mgmt 5.1.1 +chocolatey.chocolatey 1.5.1 +cisco.aci 2.8.0 +cisco.asa 4.0.3 +cisco.dnac 6.8.1 +cisco.intersight 2.0.3 +cisco.ios 5.3.0 +cisco.iosxr 6.1.1 +cisco.ise 2.6.2 +cisco.meraki 2.16.16 +cisco.mso 2.5.0 +cisco.nxos 5.3.0 +cisco.ucs 1.10.0 +cloud.common 2.1.4 +cloudscale_ch.cloud 2.3.1 +community.aws 7.0.0 +community.azure 2.0.0 +community.ciscosmb 1.0.7 +community.crypto 2.16.1 +community.digitalocean 1.24.0 +community.dns 2.6.4 +community.docker 3.4.11 +community.general 8.1.0 +community.grafana 1.6.1 +community.hashi_vault 6.0.0 +community.hrobot 1.8.2 +community.libvirt 1.3.0 +community.mongodb 1.6.3 +community.mysql 3.8.0 +community.network 5.0.2 +community.okd 2.3.0 +community.postgresql 3.2.0 +community.proxysql 1.5.1 +community.rabbitmq 1.2.3 +community.routeros 2.11.0 +community.sap 2.0.0 +community.sap_libs 1.4.1 +community.sops 1.6.7 +community.vmware 4.0.1 +community.windows 2.1.0 +community.zabbix 2.2.0 +containers.podman 1.11.0 +cyberark.conjur 1.2.2 +cyberark.pas 1.0.23 +dellemc.enterprise_sonic 2.2.0 +dellemc.openmanage 8.5.0 +dellemc.powerflex 2.1.0 +dellemc.unity 1.7.1 +f5networks.f5_modules 1.27.1 +fortinet.fortimanager 2.3.0 +fortinet.fortios 2.3.4 +frr.frr 2.0.2 +gluster.gluster 1.0.2 +google.cloud 1.3.0 +grafana.grafana 2.2.3 +hetzner.hcloud 2.4.1 +hpe.nimble 1.1.4 +ibm.qradar 2.1.0 +ibm.spectrum_virtualize 2.0.0 +ibm.storage_virtualize 2.1.0 +infinidat.infinibox 1.3.12 +infoblox.nios_modules 1.5.0 +inspur.ispim 2.2.0 +inspur.sm 2.3.0 +junipernetworks.junos 5.3.1 +kubernetes.core 2.4.0 +lowlydba.sqlserver 2.2.2 +microsoft.ad 1.4.1 +netapp.aws 21.7.1 +netapp.azure 21.10.1 +netapp.cloudmanager 21.22.1 +netapp.elementsw 21.7.0 +netapp.ontap 22.8.3 +netapp.storagegrid 21.11.1 +netapp.um_info 21.8.1 +netapp_eseries.santricity 1.4.0 +netbox.netbox 3.15.0 +ngine_io.cloudstack 2.3.0 +ngine_io.exoscale 1.1.0 +openstack.cloud 2.2.0 +openvswitch.openvswitch 2.1.1 +ovirt.ovirt 3.2.0 +purestorage.flasharray 1.24.0 +purestorage.flashblade 1.14.0 +purestorage.fusion 1.6.0 +sensu.sensu_go 1.14.0 +splunk.es 2.1.2 +t_systems_mms.icinga_director 2.0.1 +telekom_mms.icinga_director 1.35.0 +theforeman.foreman 3.15.0 +vmware.vmware_rest 2.3.1 +vultr.cloud 1.10.1 +vyos.vyos 4.1.0 +wti.remote 1.0.5 + +# /src/atm/.ansible/collections/ansible_collections +Collection Version +----------------------------- ------- +ansible.posix 1.4.0 +community.crypto 2.9.0 +community.general 6.1.0 +community.mysql 3.5.1 +devsec.hardening 8.3.0