add neko custom stuff

host_vars/rabbit.yaml

@@ -1,2 +0,0 @@
----
-dockercompose_yml_name: "docker-compose-neko.yml"

host_vars/testhost.yaml

@@ -1,3 +1,2 @@
 ---
-dockercompose_yml_name: "docker-compose-test.yml"
 backupscript_name: "test-backupscript.sh"

inventory.yaml

@@ -6,7 +6,5 @@ all:
   children:
     woolsey:
       hosts:
-        testhost:
+        neko:
-          ansible_host: 192.168.69.102
+          ansible_host: 192.168.69.13
-        rabbit:
-          ansible_host: 192.168.69.19

neko.yaml

@@ -0,0 +1,7 @@
+---
+- name: "Setup neko"
+  hosts: neko
+  roles:
+    - common
+    - docker
+    - neko

roles/common/handlers/main.yaml

@@ -1,8 +1,3 @@
 ---
 - name: run Timedatectl
   command: timedatectl set-ntp true
-
-- name: "netplanapply"
-  command: netplan apply
-  async: 45
-  poll: 0

roles/common/tasks/main.yaml

@@ -1,5 +1,4 @@
 ---
-- include_tasks: static-networking.yaml
 - include_tasks: apt.yaml
 - include_tasks: clean-motd.yaml
 - include_tasks: remove-snap.yaml

roles/docker/files/docker-compose-neko.yml

@@ -1,15 +0,0 @@
-version: "3.4"
-services:
-  neko:
-    image: "m1k1o/neko:firefox"
-    restart: "unless-stopped"
-    shm_size: "2gb"
-    ports:
-      - "8080:8080"
-      - "52000-52100:52000-52100/udp"
-    environment:
-      NEKO_SCREEN: 1920x1080@30
-      NEKO_PASSWORD: neko
-      NEKO_PASSWORD_ADMIN: admin
-      NEKO_EPR: 52000-52100
-      NEKO_ICELITE: 1

roles/docker/files/docker-compose-test.yml

@@ -1 +0,0 @@
----

roles/docker/tasks/main.yaml

@@ -26,10 +26,3 @@
     comment: Service user
     groups: docker
     append: yes
-
-- name: Copy docker-compose.yml to target
-  copy:
-    src: "{{ dockercompose_yml_name }}"
-    dest: /home/service-user/docker-compose.yml
-    mode: 600
-    owner: service-user

roles/neko/tasks/main.yaml

@@ -0,0 +1,48 @@
+---
+- name: "Install haproxy via apt"
+  apt:
+    update_cache: yes
+    state: present
+    name:
+     - haproxy
+
+- name: Reset ufw rules to default
+  community.general.ufw:
+    state: reset
+
+- name: Allow ssh via ufw from localnet
+  community.general.ufw:
+    rule: allow
+    direction: in
+    port: ssh
+    from_ip: "192.168.69.0/24"
+    interface: eth0
+
+- name: Allow http via ufw from internet
+  community.general.ufw:
+    rule: allow
+    direction: in
+    port: http
+    interface: eth1
+
+- name: Allow https via ufw from internet
+  community.general.ufw:
+    rule: allow
+    direction: in
+    port: https
+    interface: eth1
+
+- name: Allow http via ufw from internet
+  community.general.ufw:
+    rule: allow
+    direction: in
+    port: http
+    interface: eth1
+
+- name: Allow neko ports via ufw from internet
+  community.general.ufw:
+    rule: allow
+    direction: in
+    port: 52000:52100
+    proto: udp
+    interface: eth1

roles/netplan/handlers/main.yaml

@@ -0,0 +1,5 @@
+---
+- name: "netplanapply"
+  command: netplan apply
+  async: 45
+  poll: 0

test.yaml

@@ -1,13 +0,0 @@
----
-- name: "Test ansbile roles"
-  hosts: woolsey
-  roles:
-    - common
-    - docker
-    - mariadb
-    - postgresql
-    - backupscript
-    - internalsmtp
-    - smtpgateway
-    - webgateway
-    - webserver

watch2gether.yaml

@@ -1,7 +0,0 @@
----
-- name: "Setup watch2gether"
-  hosts: rabbit
-  roles:
-    - common
-    - docker
-    - webserver