-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgitlab-runner.yml
44 lines (37 loc) · 1.26 KB
/
gitlab-runner.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
- hosts: all
gather_facts: yes
roles:
- { role: 'ssh', root_without_password: true, tags: ['ssh'] }
- { role: 'fail2ban', tags: ['fail2ban'] }
- { role: 'docker', docker_install: true, network: true, tags: ['docker'] }
- { role: 'iptables-rules', iptables_persistent: true, state: 'present', tags: ['iptables']}
- { role: 'gitlab-ci-runner', tags: ['gitlab-runner'] }
vars:
host_hostname: "{{ server_name }}"
#debian_release: "stretch"
debian_release: "{{ ansible_distribution_release }}"
ssh_user_root:
key_list: ''
apt_cache_valid_time: 3600
# Для генерации пароля: mkpasswd --method=SHA-512
ssh_users:
- user: 'ansible'
shell: '/bin/bash'
groups:
password: ''
key_list: ''
sudo_rules:
- user: 'ansible'
rule: 'ALL=(ALL)'
program: 'NOPASSWD:ALL'
iptables_host_rule:
wan_iface: '{{ ansible_default_ipv4.interface }}'
icmp_allow: true
policy_default:
INPUT: DROP
FORWARD: DROP
OUTPUT: ACCEPT
port_access:
- { chain: 'INPUT', source: '0.0.0.0/0', protocol: 'tcp', destination_port: '22', comment: 'SSH Port', jump: 'ACCEPT' }
handlers:
- import_tasks: handlers/main.yml