1 місяць тому · febe1d9d4e
--- a/playbook-initial_install.yml
+++ b/playbook-initial_install.yml
@@ -0,0 +1,134 @@
 
				+---
			
 
				+- hosts: all
			
 
				+  user: mike
			
 
				+  become: true
			
 
				+  tasks:
			
 
				+#    - name: Update Server
			
 
				+#      apt:
			
 
				+#        upgrade: true
			
 
				+#        update-cache: true
			
 
				+#        cache_valid_time: 3600
			
 
				+
			
 
				+    - name: Make users passwordless for sudo in group mike
			
 
				+      lineinfile:
			
 
				+        path: /etc/sudoers
			
 
				+        state: present
			
 
				+        regexp: '^%sudo'
			
 
				+        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
			
 
				+        validate: 'visudo -cf %s'
			
 
				+
			
 
				+
			
 
				+    - name: Install Core Server Utils
			
 
				+      apt:
			
 
				+        pkg:
			
 
				+          - curl
			
 
				+          - python3
			
 
				+          - ufw
			
 
				+          - samba
			
 
				+          - smbclient
			
 
				+          - cifs-utils
			
 
				+          - apt-transport-https
			
 
				+          - ca-certificates
			
 
				+          - curl
			
 
				+          - software-properties-common
			
 
				+          - python3-pip
			
 
				+          - virtualenv
			
 
				+          - python3-setuptools
			
 
				+          - rsync
			
 
				+
			
 
				+        state: present
			
 
				+#        update_cache: true
			
 
				+        cache_valid_time: 3600
			
 
				+
			
 
				+    - name: Add Docker GPG apt Key
			
 
				+      apt_key:
			
 
				+        url: https://download.docker.com/linux/ubuntu/gpg
			
 
				+        state: present
			
 
				+
			
 
				+    - name: Add Docker Repository
			
 
				+      apt_repository:
			
 
				+        repo: deb https://download.docker.com/linux/ubuntu focal stable
			
 
				+        state: present
			
 
				+
			
 
				+    - name: Update apt and install docker-ce
			
 
				+      apt:
			
 
				+        name:
			
 
				+          - docker-ce
			
 
				+          - containerd.io
			
 
				+          - docker-compose
			
 
				+        state: latest
			
 
				+        update_cache: true
			
 
				+
			
 
				+    - name: Add user to docker group
			
 
				+      user:
			
 
				+        name: "{{ansible_user}}"
			
 
				+        group: docker
			
 
				+    
			
 
				+    - name: Install Docker Containers
			
 
				+      community.docker.docker_container:
			
 
				+        name: portainer
			
 
				+        image: portainer/portainer-ce
			
 
				+
			
 
				+#    - name: Create Portainer Directory
			
 
				+#      file:
			
 
				+#        path: /home/mike/docker/portainer
			
 
				+#        state: directory
			
 
				+#      become_user: mike
			
 
				+
			
 
				+    - name: Create UFW directory
			
 
				+      file:
			
 
				+        path: /home/mike/ufw/applications.d
			
 
				+        state: directory
			
 
				+      become_user: mike
			
 
				+
			
 
				+#    - name: Sync Portainer docker-compose file
			
 
				+#      synchronize:
			
 
				+#        src: /home/mike/Software/ansible-debian/portainer/docker-compose.yml
			
 
				+#        dest: /home/mike/docker/portainer
			
 
				+#      become_user: mike
			
 
				+
			
 
				+    - name: Install UFW config files
			
 
				+      synchronize:
			
 
				+        src: /home/mike/Software/ansible-debian/ufw/applications.d/TG-portainer
			
 
				+        dest: /home/mike/ufw/applications.d
			
 
				+      become_user: mike
			
 
				+
			
 
				+#    - name: Move UFW files to proper directory
			
 
				+#      command: mv /home/mike/ufw/applications.d/TG-portainer /etc/ufw/applications.d/TG-portainer
			
 
				+
			
 
				+    - name: Set ownership of UFW files to root
			
 
				+      file: dest=/etc/ufw/applications.d owner=root group=root recurse=yes
			
 
				+       ### Need to change ownership to root ###
			
 
				+
			
 
				+### THIS DOES NOT WORK!
			
 
				+### IF RUN IN THIS SCRIPT, THIS CONTAINER IS started as 'mike' and cannot view /var/run/docker.sock
			
 
				+### if run alone (with --tags portainer) it works.
			
 
				+#    - name: Start Portainer
			
 
				+#      docker_compose:
			
 
				+#        project_src: /home/mike/docker/portainer
			
 
				+#        state: present
			
 
				+#      become: yes
			
 
				+#      become_method: sudo
			
 
				+#      tags: portainer
			
 
				+
			
 
				+    - name: Configure UFW - allow OpenSSH, samba, and TG-portainer
			
 
				+      ufw:
			
 
				+        rule: allow
			
 
				+        name: "{{ item }}"
			
 
				+      with_items:
			
 
				+        - OpenSSH
			
 
				+        - samba
			
 
				+#        - TG-portainer
			
 
				+
			
 
				+#    - name: Configure UFW - delete default allow 22
			
 
				+#      ufw:
			
 
				+#        rule: allow
			
 
				+#        port: 22
			
 
				+#        proto: tcp
			
 
				+#        delete: yes
			
 
				+
			
 
				+    - name: Configure UFW - deny all else
			
 
				+      ufw:
			
 
				+        state: enabled
			
 
				+        policy: deny
			
 
				+
			
--- a/playbook-portainer.yml
+++ b/playbook-portainer.yml
@@ -0,0 +1,64 @@
 
				+---
			
 
				+- hosts: all
			
 
				+  user: mike
			
 
				+  become: true
			
 
				+  tasks:
			
 
				+#    - name: Update Server
			
 
				+#      apt:
			
 
				+#        upgrade: true
			
 
				+#        update-cache: true
			
 
				+#        cache_valid_time: 3600
			
 
				+
			
 
				+    - name: Install Docker Containers
			
 
				+      community.docker.docker_container:
			
 
				+        name: portainer
			
 
				+        image: portainer/portainer-ce
			
 
				+
			
 
				+    - name: Create Portainer Directory
			
 
				+      file:
			
 
				+        path: /home/mike/docker/portainer
			
 
				+        state: directory
			
 
				+      become_user: mike
			
 
				+
			
 
				+    - name: Sync Portainer docker-compose file
			
 
				+      synchronize:
			
 
				+        src: /home/mike/Software/ansible-debian/portainer/docker-compose.yml
			
 
				+        dest: /home/mike/docker/portainer
			
 
				+      become_user: mike
			
 
				+
			
 
				+#    - name: Set ownership of UFW files to root
			
 
				+#      file: dest=/etc/ufw/applications.d owner=root group=root recurse=yes
			
 
				+       ### Need to change ownership to root ###
			
 
				+
			
 
				+### THIS DOES NOT WORK!
			
 
				+### IF RUN IN THIS SCRIPT, THIS CONTAINER IS started as 'mike' and cannot view /var/run/docker.sock
			
 
				+### if run alone (with --tags portainer) it works.
			
 
				+    - name: Start Portainer
			
 
				+      docker_compose:
			
 
				+        project_src: /home/mike/docker/portainer
			
 
				+        state: present
			
 
				+      become: yes
			
 
				+      become_method: sudo
			
 
				+      tags: portainer
			
 
				+
			
 
				+    - name: Configure UFW - allow OpenSSH, samba, and TG-portainer
			
 
				+      ufw:
			
 
				+        rule: allow
			
 
				+        name: "{{ item }}"
			
 
				+      with_items:
			
 
				+#        - OpenSSH
			
 
				+#        - samba
			
 
				+        - TG-portainer
			
 
				+
			
 
				+#    - name: Configure UFW - delete default allow 22
			
 
				+#      ufw:
			
 
				+#        rule: allow
			
 
				+#        port: 22
			
 
				+#        proto: tcp
			
 
				+#        delete: yes
			
 
				+
			
 
				+#    - name: Configure UFW - deny all else
			
 
				+#      ufw:
			
 
				+#        state: enabled
			
 
				+#        policy: deny
			
 
				+
			
--- a/ufw/applications.d/TG-Synapse
+++ b/ufw/applications.d/TG-Synapse
@@ -0,0 +1,7 @@
 
				+[TG-Synapse]
			
 
				+title=Custom port for Synapse - TG Software
			
 
				+description=.
			
 
				+ports=8008,8448,29319/tcp
			
 
				+
			
 
				+
			
 
				+## 29319 - Facebook Bridge
			
--- a/ufw/applications.d/TG-airsonic
+++ b/ufw/applications.d/TG-airsonic
@@ -0,0 +1,4 @@
 
				+[TG-airsonic]
			
 
				+title=Custom port for airsonic - TG Software
			
 
				+description=OpenSSH is a free implementation of the Secure Shell protocol.
			
 
				+ports=4040/tcp
			
--- a/ufw/applications.d/TG-arrs
+++ b/ufw/applications.d/TG-arrs
@@ -0,0 +1,4 @@
 
				+[TG-arrs]
			
 
				+title=Lidarr, Sonarr. Radarr, Prowlarr, QbitTorrent - TG Software
			
 
				+description=The Arrs.
			
 
				+ports=7878,6881,8686,8787,8989,9696,9010/tcp
			
--- a/ufw/applications.d/TG-bookstack
+++ b/ufw/applications.d/TG-bookstack
@@ -0,0 +1,4 @@
 
				+[TG-bookstack]
			
 
				+title=Custom port for Bookstack- TG Software
			
 
				+description=Bookstack
			
 
				+ports=10002/tcp
			
--- a/ufw/applications.d/TG-dillinger
+++ b/ufw/applications.d/TG-dillinger
@@ -0,0 +1,4 @@
 
				+[TG-dillinger]
			
 
				+title=Dillinger markdown editor - TG Software
			
 
				+description=Dillinger Markdown Editor
			
 
				+ports=10030/tcp
			
--- a/ufw/applications.d/TG-duplicati
+++ b/ufw/applications.d/TG-duplicati
@@ -0,0 +1,4 @@
 
				+[TG-duplicati]
			
 
				+title=Custom port for duplicati - TG Software
			
 
				+description=.
			
 
				+ports=8200/tcp
			
--- a/ufw/applications.d/TG-ejabberd
+++ b/ufw/applications.d/TG-ejabberd
@@ -0,0 +1,4 @@
 
				+[TG-ejabberd]
			
 
				+title=Ejabberd - TG Software
			
 
				+description=XMPP chat server ADDL PORTS MAY BE NEEDED FOR STUN AND VOICE SERVER
			
 
				+ports=5269,5443,5280,5222/tcp
			
--- a/ufw/applications.d/TG-emby
+++ b/ufw/applications.d/TG-emby
@@ -0,0 +1,4 @@
 
				+[TG-emby]
			
 
				+title=Custom port for Emby - TG Software
			
 
				+description=OpenSSH is a free implementation of the Secure Shell protocol.
			
 
				+ports=8096/tcp
			
--- a/ufw/applications.d/TG-ersatztv
+++ b/ufw/applications.d/TG-ersatztv
@@ -0,0 +1,4 @@
 
				+[TG-ersatztv]
			
 
				+title=Custom port for ersatzTV - TG Software
			
 
				+description=ersatzTV
			
 
				+ports=10030/tcp
			
--- a/ufw/applications.d/TG-fireflyiii
+++ b/ufw/applications.d/TG-fireflyiii
@@ -0,0 +1,4 @@
 
				+[TG-fireflyiii]
			
 
				+title=Custom ports for fireflyiii - TG Software
			
 
				+description=.
			
 
				+ports=9003,9004/tcp
			
--- a/ufw/applications.d/TG-freshrss
+++ b/ufw/applications.d/TG-freshrss
@@ -0,0 +1,4 @@
 
				+[TG-freshrss]
			
 
				+Title=Custom port for Freshrss - TG Software
			
 
				+description=FreshRSS
			
 
				+ports=83/tcp
			
--- a/ufw/applications.d/TG-git
+++ b/ufw/applications.d/TG-git
@@ -0,0 +1,4 @@
 
				+[TG-git]
			
 
				+title=Custom port for Gogs GitServer - TG Software
			
 
				+description=Custom local Git Repo
			
 
				+ports=3000,10022/tcp
			
--- a/ufw/applications.d/TG-immich
+++ b/ufw/applications.d/TG-immich
@@ -0,0 +1,4 @@
 
				+[TG-immich]
			
 
				+title=Custom port for immich photo viewer - TG Software
			
 
				+description=Custom local immich server
			
 
				+ports=2283/tcp
			
--- a/ufw/applications.d/TG-iperf
+++ b/ufw/applications.d/TG-iperf
@@ -0,0 +1,4 @@
 
				+[TG-iperf]
			
 
				+title=Iperf3 - TG Software
			
 
				+description=Custom Iperf3 network speed testing
			
 
				+ports=5201/tcp|5201/udp
			
--- a/ufw/applications.d/TG-lubelogger
+++ b/ufw/applications.d/TG-lubelogger
@@ -0,0 +1,4 @@
 
				+[TG-lubelogger]
			
 
				+title=Custom port for lubelogger - TG Software
			
 
				+description=Lubelogger
			
 
				+ports=10070/tcp
			
--- a/ufw/applications.d/TG-mariadb
+++ b/ufw/applications.d/TG-mariadb
@@ -0,0 +1,4 @@
 
				+[TG-mariadb]
			
 
				+title=Custom port for mariadb - TG Software
			
 
				+description=MAriadb.
			
 
				+ports=3306/tcp
			
--- a/ufw/applications.d/TG-mqtt
+++ b/ufw/applications.d/TG-mqtt
@@ -0,0 +1,4 @@
 
				+[TG-mqtt]
			
 
				+title=Custom port for MQTT - TG Software
			
 
				+description=mqtt
			
 
				+ports=1883,8883/tcp
			
--- a/ufw/applications.d/TG-navidrome
+++ b/ufw/applications.d/TG-navidrome
@@ -0,0 +1,4 @@
 
				+[TG-navidrome]
			
 
				+title=Custom port for airsonic - TG Software
			
 
				+description=Navidrome
			
 
				+ports=10040/tcp
			
--- a/ufw/applications.d/TG-netbootxyz
+++ b/ufw/applications.d/TG-netbootxyz
@@ -0,0 +1,4 @@
 
				+[TG-netbootxyz]
			
 
				+title=Custom port for netbootxyz - TG Software
			
 
				+description=Nothing
			
 
				+ports=69/udp|3000/tcp
			
--- a/ufw/applications.d/TG-nextcloud
+++ b/ufw/applications.d/TG-nextcloud
@@ -0,0 +1,4 @@
 
				+[TG-nextcloud]
			
 
				+title=Custom port for nextcloud - TG Software
			
 
				+description=.
			
 
				+ports=8080/tcp
			
--- a/ufw/applications.d/TG-npm
+++ b/ufw/applications.d/TG-npm
@@ -0,0 +1,4 @@
 
				+[TG-npm]
			
 
				+title=Custom port for Nginx Proxy Manager - TG Software
			
 
				+description=Nginx Proxy Manager
			
 
				+ports=80,81,443/tcp
			
--- a/ufw/applications.d/TG-owntracks
+++ b/ufw/applications.d/TG-owntracks
@@ -0,0 +1,4 @@
 
				+[TG-owntracks]
			
 
				+title=Custom port for Owntracks Location Monitoring / MQTT - TG Software
			
 
				+description=Custom local owntracks / MQTT server(s)
			
 
				+ports=8083,9002,8883/tcp
			
--- a/ufw/applications.d/TG-paperless
+++ b/ufw/applications.d/TG-paperless
@@ -0,0 +1,4 @@
 
				+[TG-paperless]
			
 
				+title=Custom port for Paperless-NGX- TG Software
			
 
				+description=Paperless-NGX
			
 
				+ports=10020/tcp
			
--- a/ufw/applications.d/TG-pdf
+++ b/ufw/applications.d/TG-pdf
@@ -0,0 +1,4 @@
 
				+[TG-pdf]
			
 
				+title=Custom port for Stirling-PDF - TG Software
			
 
				+description=Custom local PDF Manipulator
			
 
				+ports=10010/tcp
			
--- a/ufw/applications.d/TG-piwigo
+++ b/ufw/applications.d/TG-piwigo
@@ -0,0 +1,4 @@
 
				+[TG-piwigo]
			
 
				+title=Custom port for Piwigo - TG Software
			
 
				+description=Piwigo
			
 
				+ports=8040/tcp
			
--- a/ufw/applications.d/TG-podgrab
+++ b/ufw/applications.d/TG-podgrab
@@ -0,0 +1,4 @@
 
				+[TG-podgrab]
			
 
				+title=Custom port for Podgrab podcatcher - TG Software
			
 
				+description=Custom port for POdgrab
			
 
				+ports=10060/tcp
			
--- a/ufw/applications.d/TG-podsync
+++ b/ufw/applications.d/TG-podsync
@@ -0,0 +1,4 @@
 
				+[TG-podsync]
			
 
				+title=Custom port for podsync - TG Software
			
 
				+description=.
			
 
				+ports=8060/tcp
			
--- a/ufw/applications.d/TG-portainer
+++ b/ufw/applications.d/TG-portainer
@@ -0,0 +1,4 @@
 
				+[TG-portainer]
			
 
				+Title=Custom port for Portainer - TG Software
			
 
				+description=Portainer
			
 
				+ports=8000,9000/tcp
			
--- a/ufw/applications.d/TG-ssh
+++ b/ufw/applications.d/TG-ssh
@@ -0,0 +1,4 @@
 
				+[TG-ssh]
			
 
				+title=Custom port for SSH - TG Software
			
 
				+description=OpenSSH is a free implementation of the Secure Shell protocol.
			
 
				+ports=9772/tcp
			
--- a/ufw/applications.d/TG-template
+++ b/ufw/applications.d/TG-template
@@ -0,0 +1,4 @@
 
				+[TG-template]
			
 
				+title=Custom port for [software name]- TG Software
			
 
				+description=[description]
			
 
				+ports=80/tcp
			
--- a/ufw/applications.d/TG-torrents
+++ b/ufw/applications.d/TG-torrents
@@ -0,0 +1,4 @@
 
				+[TG-torrents]
			
 
				+title=Custom port for Qbittorrent - TG Software
			
 
				+description=Qbittorrent
			
 
				+ports=8030/tcp
			
--- a/ufw/applications.d/TG-wbo
+++ b/ufw/applications.d/TG-wbo
@@ -0,0 +1,4 @@
 
				+[TG-wbo]
			
 
				+title=Custom port for wbo - TG Software
			
 
				+description=.
			
 
				+ports=8070/tcp
			
--- a/ufw/applications.d/TG-wger
+++ b/ufw/applications.d/TG-wger
@@ -0,0 +1,4 @@
 
				+[TG-wger]
			
 
				+title=Custom port for wger - TG Software
			
 
				+description=.
			
 
				+ports=8050/tcp
			
--- a/ufw/applications.d/TG-wiki
+++ b/ufw/applications.d/TG-wiki
@@ -0,0 +1,4 @@
 
				+[TG-wiki]
			
 
				+title=Custom port for docuwiki - TG Software
			
 
				+description=.
			
 
				+ports=10050/tcp
			
--- a/ufw/applications.d/openssh-server
+++ b/ufw/applications.d/openssh-server
@@ -0,0 +1,4 @@
 
				+[OpenSSH]
			
 
				+title=Secure shell server, an rshd replacement
			
 
				+description=OpenSSH is a free implementation of the Secure Shell protocol.
			
 
				+ports=22/tcp
			
--- a/ufw/applications.d/postfix
+++ b/ufw/applications.d/postfix
@@ -0,0 +1,14 @@
 
				+[Postfix]
			
 
				+title=Mail server (SMTP)
			
 
				+description=Postfix is a high-performance mail transport agent
			
 
				+ports=25/tcp
			
 
				+
			
 
				+[Postfix SMTPS]
			
 
				+title=Mail server (SMTPS)
			
 
				+description=Postfix is a high-performance mail transport agent
			
 
				+ports=465/tcp
			
 
				+
			
 
				+[Postfix Submission]
			
 
				+title=Mail server (Submission)
			
 
				+description=Postfix is a high-performance mail transport agent
			
 
				+ports=587/tcp
			
--- a/ufw/applications.d/samba
+++ b/ufw/applications.d/samba
@@ -0,0 +1,4 @@
 
				+[Samba]
			
 
				+title=LanManager-like file and printer server for Unix
			
 
				+description=The Samba software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol.
			
 
				+ports=137,138/udp|139,445/tcp
			
--- a/ufw/applications.d/ufw-bittorent
+++ b/ufw/applications.d/ufw-bittorent
@@ -0,0 +1,19 @@
 
				+[Transmission]
			
 
				+title=Transmission
			
 
				+description=Transmission BitTorrent client
			
 
				+ports=51413
			
 
				+
			
 
				+[Deluge]
			
 
				+title=Deluge
			
 
				+description=Deluge BitTorrent client
			
 
				+ports=6881:6891/tcp
			
 
				+
			
 
				+[KTorrent]
			
 
				+title=KTorrent
			
 
				+description=KTorrent BitTorrent client
			
 
				+ports=6881/tcp|4444/udp
			
 
				+
			
 
				+[qBittorrent]
			
 
				+title=qBittorrent
			
 
				+description=qBittorrent BitTorrent client
			
 
				+ports=6881/tcp
			
--- a/ufw/applications.d/ufw-chat
+++ b/ufw/applications.d/ufw-chat
@@ -0,0 +1,35 @@
 
				+[PeopleNearby]
			
 
				+title=People Nearby
			
 
				+description=People Nearby (Bonjour/Salut) functionality in Empathy
			
 
				+ports=5353/udp|5298
			
 
				+
			
 
				+[Bonjour]
			
 
				+title=Bonjour
			
 
				+description=Bonjour protocol
			
 
				+ports=5353/udp|5298
			
 
				+
			
 
				+[MSN]
			
 
				+title=MSN Chat
			
 
				+description=MSN chat protocol (with file transfer and voice)
			
 
				+ports=1863|6891:6900/tcp|6901
			
 
				+
			
 
				+[MSN SSL]
			
 
				+title=MSN Chat (SSL)
			
 
				+description=MSN chat protocol (SSL)
			
 
				+ports=443/tcp
			
 
				+
			
 
				+[AIM]
			
 
				+title=AIM Talk
			
 
				+description=AIM talk protocol
			
 
				+ports=5190/tcp
			
 
				+
			
 
				+[Yahoo]
			
 
				+title=Yahoo Chat
			
 
				+description=Yahoo chat protocol
			
 
				+ports=5050
			
 
				+
			
 
				+[XMPP]
			
 
				+title=XMPP Chat
			
 
				+description=XMPP protocol (Jabber and Google Talk)
			
 
				+ports=5222/tcp|5269/tcp
			
 
				+
			
--- a/ufw/applications.d/ufw-directoryserver
+++ b/ufw/applications.d/ufw-directoryserver
@@ -0,0 +1,29 @@
 
				+[Kerberos KDC]
			
 
				+title=Kerberos v5 KDC server
			
 
				+description=Kerberos v5 KDC server
			
 
				+ports=88
			
 
				+
			
 
				+[Kerberos Admin]
			
 
				+title=Kerberos v5 admin
			
 
				+description=Kerberos v5 server
			
 
				+ports=749/tcp
			
 
				+
			
 
				+[Kerberos Password]
			
 
				+title=Kerberos v5 password
			
 
				+description=Kerberos v5 password
			
 
				+ports=464/udp
			
 
				+
			
 
				+[Kerberos Full]
			
 
				+title=Kerberos v5 server
			
 
				+description=Kerberos v5 server
			
 
				+ports=88,749/tcp|464/udp
			
 
				+
			
 
				+[LDAP]
			
 
				+title=LDAP server
			
 
				+description=LDAP server
			
 
				+ports=389/tcp
			
 
				+
			
 
				+[LDAPS]
			
 
				+title=LDAP server (LDAPS)
			
 
				+description=LDAP server (LDAPS)
			
 
				+ports=636/tcp
			
--- a/ufw/applications.d/ufw-dnsserver
+++ b/ufw/applications.d/ufw-dnsserver
@@ -0,0 +1,4 @@
 
				+[DNS]
			
 
				+title=Internet Domain Name Server
			
 
				+description=Internet Domain Name Server
			
 
				+ports=53
			
--- a/ufw/applications.d/ufw-fileserver
+++ b/ufw/applications.d/ufw-fileserver
@@ -0,0 +1,14 @@
 
				+[CIFS]
			
 
				+title=SMB/CIFS server
			
 
				+description=SMB/CIFS server
			
 
				+ports=137,138/udp|139,445/tcp
			
 
				+
			
 
				+[NFS]
			
 
				+title=NFS server
			
 
				+description=NFS and portmap server. Will also need access to mountd, statd and possibly others
			
 
				+ports=2049,111/tcp|2049,111/udp
			
 
				+
			
 
				+[svnserve]
			
 
				+title=Subversion server
			
 
				+description=Subversion server for access to Subversion repositories.
			
 
				+ports=3690/tcp
			
--- a/ufw/applications.d/ufw-loginserver
+++ b/ufw/applications.d/ufw-loginserver
@@ -0,0 +1,14 @@
 
				+[Telnet]
			
 
				+title=Telnet server (insecure)
			
 
				+description=Telnet server (insecure)
			
 
				+ports=23/tcp
			
 
				+
			
 
				+[SSH]
			
 
				+title=SSH server
			
 
				+description=SSH server
			
 
				+ports=22/tcp
			
 
				+
			
 
				+[VNC]
			
 
				+title=VNC server
			
 
				+description=VNC server
			
 
				+ports=5900/tcp
			
--- a/ufw/applications.d/ufw-mailserver
+++ b/ufw/applications.d/ufw-mailserver
@@ -0,0 +1,30 @@
 
				+[POP3]
			
 
				+title=Mail server (POP3)
			
 
				+description=Mail server (POP3)
			
 
				+ports=110/tcp
			
 
				+
			
 
				+[POP3S]
			
 
				+title=Secure mail server (POP3S)
			
 
				+description=Secure mail server (POP3S)
			
 
				+ports=995/tcp
			
 
				+
			
 
				+[IMAP]
			
 
				+title=Mail server (IMAP)
			
 
				+description=Mail server (IMAP)
			
 
				+ports=143/tcp
			
 
				+
			
 
				+[IMAPS]
			
 
				+title=Secure mail server (IMAPS)
			
 
				+description=Secure mail server (IMAPS)
			
 
				+ports=993/tcp
			
 
				+
			
 
				+[SMTP]
			
 
				+title=Mail server (SMTP)
			
 
				+description=Mail server (SMTP)
			
 
				+ports=25/tcp
			
 
				+
			
 
				+[Mail submission]
			
 
				+title=Mail server (Submission)
			
 
				+description=Mail server (Submission)
			
 
				+ports=587/tcp
			
 
				+
			
--- a/ufw/applications.d/ufw-printserver
+++ b/ufw/applications.d/ufw-printserver
@@ -0,0 +1,9 @@
 
				+[IPP]
			
 
				+title=Cups server (IPP)
			
 
				+description=Cups server (IPP)
			
 
				+ports=631
			
 
				+
			
 
				+[LPD]
			
 
				+title=LPD server
			
 
				+description=LPD server
			
 
				+ports=515/tcp
			
--- a/ufw/applications.d/ufw-proxyserver
+++ b/ufw/applications.d/ufw-proxyserver
@@ -0,0 +1,9 @@
 
				+[Socks]
			
 
				+title=Socks proxy
			
 
				+description=Socks proxy
			
 
				+ports=1080/tcp
			
 
				+
			
 
				+[Transparent Proxy]
			
 
				+title=Transparent proxy
			
 
				+description=Transparent proxy
			
 
				+ports=8081/tcp
			
--- a/ufw/applications.d/ufw-webserver
+++ b/ufw/applications.d/ufw-webserver
@@ -0,0 +1,19 @@
 
				+[WWW]
			
 
				+title=Web Server
			
 
				+description=Web server
			
 
				+ports=80/tcp
			
 
				+
			
 
				+[WWW Secure]
			
 
				+title=Web Server (HTTPS)
			
 
				+description=Web Server (HTTPS)
			
 
				+ports=443/tcp
			
 
				+
			
 
				+[WWW Full]
			
 
				+title=Web Server (HTTP,HTTPS)
			
 
				+description=Web Server (HTTP,HTTPS)
			
 
				+ports=80,443/tcp
			
 
				+
			
 
				+[WWW Cache]
			
 
				+title=Web Server (8080)
			
 
				+description=Web Server (8080)
			
 
				+ports=8080/tcp
			
--- a/~.
+++ b/~.
@@ -0,0 +1,14 @@
 
				+version: "2.0"
			
 
				+
			
 
				+services:
			
 
				+  portainer:
			
 
				+    image: portainer/portainer-ce
			
 
				+    container_name: portainer
			
 
				+    restart: always
			
 
				+    volumes:
			
 
				+      - "/etc/localtime:/etc/localtime:ro"
			
 
				+      - "/raid/docker/portainer/data:/data"
			
 
				+      - "/var/run/docker.sock:/var/run/docker.sock"
			
 
				+    ports:
			
 
				+      - 9000:9000
			
 
				+      - 8000:8000