chore(Ansible): Basic ansible role sceleton with molecule enabled

Author: hypery2k

.ansible-lint

@@ -0,0 +1,11 @@
+parseable: true
+quiet: false
+use_default_rules: true
+skip_list:
+  - ANSIBLE0006
+  - ANSIBLE0012
+  - ANSIBLE0013
+  - 306
+verbosity: 1
+exclude_paths:
+  - roles

.editorconfig

@@ -0,0 +1,35 @@
+# EditorConfig is awesome: http://EditorConfig.org
+
+# Howto with your editor:
+#   Sublime: https://github.com/sindresorhus/editorconfig-sublime
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[**]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+
+# Standard at: https://github.com/felixge/node-style-guide
+[**.js, **.json]
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+quote_type = single
+curly_bracket_next_line = false
+spaces_around_operators = true
+space_after_control_statements = true
+space_after_anonymous_functions = false
+spaces_in_brackets = false
+
+# No Standard.  Please document a standard if different from .js
+[**.yml, **.html, **.css]
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+
+# No standard.  Please document a standard if different from .js
+[**.md]
+indent_style = space

.flake8

@@ -0,0 +1,5 @@
+[flake8]
+# do not add excludes for files in repo
+exclude = .venv/,.tox/,dist/,build/,.eggs/
+format = pylint
+ignore = E302,E501

.yamllint

@@ -0,0 +1,22 @@
+---
+extends: default
+rules:
+  line-length:
+    max: 150
+    level: warning
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+ignore: |
+  *.yaml
+  deploy.yml
+  test.yml
+  update.yml
+  *.sh
+  *.py
+  */*.sh
+  roles/

README.md

@@ -1 +1,3 @@
-# ansible-secure-docker
+# Ansible Role to secure docker installation
+
+> Main purpose is to prevent docker containers to expose ports via iptables port-forward to non-local interfaces

defaults/main.yml

@@ -0,0 +1 @@
+---

handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: docker_restart
+  service:
+    name: docker
+    state: restarted

meta/main.yml

@@ -0,0 +1,20 @@
+---
+galaxy_info:
+  author: Martin Reinhardt, <contact@martinreinhardt-online.de>
+  description: Role securing docker
+
+  license: MIT
+
+  min_ansible_version: 2.7.1
+
+
+  platforms:
+    - name: Debian
+      versions:
+        - jessie
+        - stretch
+
+  galaxy_tags:
+    - docker
+
+dependencies: []

molecule/default/Dockerfile.j2

@@ -0,0 +1,26 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates cron gpg nginx systemd systemd-sysv vim && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
+
+RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
+                 /etc/systemd/system/*.wants/* \
+                 /lib/systemd/system/local-fs.target.wants/* \
+                 /lib/systemd/system/sockets.target.wants/*udev* \
+                 /lib/systemd/system/sockets.target.wants/*initctl* \
+                 /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
+                 /lib/systemd/system/systemd-update-utmp*
+
+VOLUME [ "/sys/fs/cgroup" ]
+
+CMD ["/lib/systemd/systemd"]

molecule/default/INSTALL.rst

@@ -0,0 +1,16 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html)
+* Docker Engine
+* docker-py
+* docker
+
+Install
+=======
+
+    $ sudo pip install docker-py