{"id":20901617,"url":"https://github.com/willfarrell/ansible-playbook-docker","last_synced_at":"2025-06-17T22:08:36.526Z","repository":{"id":142528632,"uuid":"85893619","full_name":"willfarrell/ansible-playbook-docker","owner":"willfarrell","description":"CIS CentOS w/ Docker","archived":false,"fork":false,"pushed_at":"2017-03-24T19:00:31.000Z","size":128,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-19T13:27:35.256Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/willfarrell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-23T01:32:38.000Z","updated_at":"2017-03-23T01:33:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"e87174f9-4e7a-4f15-9492-a5b3e0ff57c8","html_url":"https://github.com/willfarrell/ansible-playbook-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fansible-playbook-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/willfarrell","download_url":"https://codeload.github.com/willfarrell/ansible-playbook-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243292885,"owners_count":20268127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T11:36:14.602Z","updated_at":"2025-03-12T20:34:31.516Z","avatar_url":"https://github.com/willfarrell.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ansible-playbook-aws\n\n## Requirements\n- ansible \u003e= 2.3 (`pip install git+git://github.com/ansible/ansible.git@stable-2.3`)\n\n## Setup\n\n### Set org_id\nKeep it lowercase.\n- `./run`\n\n```yml\n---\n\n# SSH\n# Min Length: 14, 1 Uppercase, 1 Lowercase, 1 Number, 1 Special Char\nssh_default_password: 'P4ssw0rd!01234'\n```\n\n3. Encrypt secrets. `ansible-vault encrypt group_vars/all/secrets.yml --vault-password-file ~/.vault_password_{{ org_id }}`\n\n## Run\n`./run`\n\n## 1. AWS VPC\n- [x] Setup localhost AWS profile\n- [x] Scaffold VPC networking\n- [x] Setup AWS private ssh key\n\n### TODO\n- [ ] Enable IPv6\n\n## 2. Bastion Host\n- [x] Deploy EC2 instance\n- [x] Setup bastion host\n- [x] Setup Security Groups (SSH)\n- [x] role to add public keys to servers\n- [-] Docs for google-authenticator\n- [-] Docs for multi-plexing through bastion and setting up OTP\n\n## 3. Servers\n- [x] Security groups\n- [x] deploy Web Server + LB\n- [x] deploy DB\n- [x] harden Web Server\n- [x] docker Web Server\n- [ ] create users \u0026 tables DB\n\n## Security\n### AWS\n- [ ] update access policy (ansible user) https://awspolicygen.s3.amazonaws.com/policygen.html\n\n### docker\n- [ ] 2.6 \u0026 3.{7-14} - TLS\n- [ ] 2.8  - Enable user namespace support\n- [ ] 2.11 - Use authorization plugin - https://github.com/twistlock/authz\n- [ ] 2.12 - Configure centralized and remote logging\n\n### Testing\n```bash\n#git clone -b configuration_file_args https://github.com/konstruktoid/docker-bench-security.git\ngit clone https://github.com/docker/docker-bench-security.git\ncd docker-bench-security\nsh docker-bench-security.sh\n```\n\n## TODO\n- [ ] docker swarm\n- [ ] elastic-cloud ansible\n- [ ] jenkins ansible","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fansible-playbook-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillfarrell%2Fansible-playbook-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fansible-playbook-docker/lists"}