Add ansible files

This commit is contained in:
Glenn Y. Rolland 2022-05-30 21:35:02 +02:00
parent ad77d0317a
commit 0994da378e
16 changed files with 147 additions and 38 deletions

View file

@ -1,2 +1,7 @@
---
sshwifty_shared_key: admin
sshwifty_internal_port: 8080
sshwifty_configuration_directory: "/etc/sshwifty"
sshwifty_work_directory: "/var/lib/sshwifty"
#

View file

@ -0,0 +1,8 @@
---
sshwifty_hostname: "0.0.0.0"
sshwifty_public_port: "80"
sshwifty_shared_key: "demo"
sshwifty_authentication: "password"
sshwifty_ssh_password: "demo"
sshwifty_ssh_user: "demo"

View file

@ -0,0 +1,5 @@
---
sshwifty_hostname: "443"
sshwifty_public_port: "443"
sshwifty_authentication: "password"

View file

@ -0,0 +1,11 @@
$ANSIBLE_VAULT;1.1;AES256
63313862626430363534363861306666346637323564353264396264326265303938383339313533
3437623534323965643935333536366365366530336264310a336133363237326238653834303534
65303830666634666130353432623632346532656266333761613566613663643330353835343336
3836333166336530350a666634356437666436336437343765643931353164653039633232313637
63666338313362323866633765303831613162386662343534643064633731393362396261616130
61643364663535613965643364346565643064636134346464353166313030613032346633306364
65396637363934303338643233373065383738656531316534363864323435323835336661396137
38613637333663333665313437646362383862636536343761666435363663393164663463636463
61346461653030356236313764363737653431666463663261636262656562353531333366616564
3965313964343535303432663835346364643537316461656133

View file

@ -0,0 +1,3 @@
---
sshwifty_hostname: "gateway0.teaching.glenux.net"
mongo_group_id: 0

View file

@ -0,0 +1,3 @@
---
sshwifty_hostname: "gateway1.teaching.glenux.net"
mongo_group_id: 1

View file

@ -0,0 +1,3 @@
---
sshwifty_hostname: "gateway2.teaching.glenux.net"
mongo_group_id: 2

View file

@ -0,0 +1,4 @@
---
sshwifty_hostname: "gateway3.teaching.glenux.net"
mongo_group_id: 3

View file

@ -1,5 +1,11 @@
---
- hosts: app_sshwifty
# Collect tasks about role_mongo
- hosts: role_mongo
become: true
tasks: []
# Then deploy gateways
- hosts: role_gateway
become: true
tasks:
- include_tasks: tasks/setup_base.yml
@ -15,7 +21,8 @@
caddy_systemd_capabilities_enabled: true
caddy_config: "{{ lookup('template', 'templates/Caddyfile.j2') }}"
- hosts: app_mongo
# And deploy mongos
- hosts: role_mongo
become: true
tasks:
- include_tasks: tasks/setup_base.yml

View file

@ -1,9 +1,10 @@
---
- name: Sync time
- name: "Sync time - first try (needed by apt)"
ansible.builtin.shell:
cmd: ntpdate 0.debian.pool.ntp.org
ignore_errors: yes
cmd: hash ntpdate 2>/dev/null && ntpdate 0.debian.pool.ntp.org
ignore_errors: 'yes'
no_log: 'yes'
- name: Install required system packages
ansible.builtin.apt:
@ -13,7 +14,7 @@
state: latest
update_cache: true
- name: Sync time
- name: "Sync time - for real (needed by sshwifty)"
ansible.builtin.command:
cmd: ntpdate 0.debian.pool.ntp.org

View file

@ -56,4 +56,10 @@
pip:
name: docker
- name: adding existing user vagrant to group docker
user:
name: vagrant
groups: docker
append: 'yes'
#

View file

@ -3,10 +3,36 @@
# python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
- name: Add the user 'debian'
ansible.builtin.user:
name: debian
password: '$6$7SKND.wc64QSchcm$eGS36vIXypLHSd.PQM0gIq6ILx9QiRQxWNej3Gb32sKk2MuLrRlceXCJmidYATNZeJTbBXNf3c5qTmm7BB.EA1'
name: "{{ sshwifty_ssh_user }}"
password: "{{ sshwifty_ssh_password | password_hash('sha512') }}"
shell: /bin/bash
state: present
update_password: always
- name: Change SSH config to allow connections with password
ansible.builtin.copy:
dest: /etc/ssh/sshd_config.d/sshwifty_with_password.conf
content: |
PasswordAuthentication yes
register: ssh_service_conf
- name: Restart SSH service to take in account new changes
ansible.builtin.service:
name: ssh
state: restarted
when: ssh_service_conf.changed
- name: "adding existing user {{ sshwifty_ssh_user }} to group docker"
user:
name: "{{ sshwifty_ssh_user }}"
groups:
- docker
- sudo
append: 'yes'
- name: Change SUDO config to allow sudo without password to %sudo group
ansible.builtin.copy:
dest: /etc/sudoers.d/sudo_no_pass
content: |
%sudo ALL=(ALL) NOPASSWD: ALL
#

View file

@ -6,24 +6,35 @@
state: latest
update_cache: true
- name: Create SSHwifty configuration directory
file:
path: "{{ sshwifty_configuration_directory }}"
state: directory
- name: Scan SSH keys
command: "ssh-keyscan {{item}}"
register: "host_keys"
changed_when: false
with_items: groups["role_mongos"]
- name: Deploy SSHwifty configuration
template:
src: templates/sshwifty.conf.j2
dest: /etc/sshwifty.conf
dest: "{{ sshwifty_configuration_directory }}/sshwifty.conf"
- name: Create SSHwifty directory
file:
path: /var/lib/sshwifty
path: "{{ sshwifty_work_directory }}"
state: directory
- name: Deploy SSHwifty configuration
template:
src: templates/docker-compose.yml.j2
dest: /var/lib/sshwifty/docker-compose.yml
dest: "{{ sshwifty_work_directory }}/docker-compose.yml"
- name: Run SSHwifty
community.docker.docker_compose:
project_src: /var/lib/sshwifty
project_src: "{{ sshwifty_work_directory }}"
recreate: smart
state: present

View file

@ -1,7 +1,7 @@
http://0.0.0.0:80 {
{{ sshwifty_hostname }}:{{ sshwifty_public_port }} {
log
reverse_proxy http://localhost:8080 {
reverse_proxy localhost:{{ sshwifty_internal_port }} {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}

View file

@ -7,12 +7,12 @@ services:
image: niruix/sshwifty:latest
restart: always
ports:
- 8080:8182
- "{{sshwifty_internal_port}}:8182"
environment:
SSHWIFTY_SHAREDKEY: admin
SSHWIFTY_SHAREDKEY: "{{sshwifty_shared_key}}"
SSHWIFTY_CONFIG: /etc/sshwifty.conf
volumes:
- /etc/sshwifty.conf:/etc/sshwifty.conf
- "{{sshwifty_configuration_directory}}/sshwifty.conf:/etc/sshwifty.conf"
volumes: {}

View file

@ -1,3 +1,4 @@
{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
{
{# "HostName": "localhost", #}
"SharedKey": "{{ sshwifty_shared_key }}",
@ -17,30 +18,45 @@
}
],
"Presets": [
{% for host in groups['role_mongo'] %}
{% set server_group_id = loop.index0 // mongo_replicas_count %}
{% set server_index = loop.index0 % mongo_replicas_count %}
{% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
{% if server_group_id == mongo_group_id %}
{
"Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
"Type": "SSH",
"Host": "{{ server_ip_addr }}:22",
"Meta": {
"User": "{{ sshwifty_ssh_user }}",
{% if "password" == sshwifty_authentication | lower %}
"Authentication": "Password",
"Password": "{{ sshwifty_ssh_password }}",
{% else %}
"Authentication": "Private Key",
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
{% endif %}
{# "Fingerprint": home"SHA256:bgO...." #}
"Encoding": "utf-8"
}
},
{% endif %}
{% endfor %}
{
"Title": "Gateway",
"Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
"Type": "SSH",
"Host": "{{ansible_facts.all_ipv4_addresses | ansible.netcommon.ipaddr('192.168.50.0/24') | first }}:22",
"Host": "{{ ansible_ssh_host }}:22",
"Meta": {
"User": "debian",
"Encoding": "utf-8",
"Password": "debian",
"Authentication": "Password" {# , #}
{# "Private Key": "file:///home/user/.ssh/private_key", #}
{# "Fingerprint": "SHA256:bgO...." #}
}
},
{
"Title": "SDF.org Unix Shell",
"Type": "SSH",
"Host": "sdf.org:22",
"Meta": {
"User": "debian",
"Encoding": "utf-8",
"Password": "debian",
"Authentication": "Password" {# , #}
{# "Private Key": "file:///home/user/.ssh/private_key", #}
"User": "{{ sshwifty_ssh_user }}",
{% if "password" == sshwifty_authentication | lower %}
"Authentication": "Password",
"Password": "{{ sshwifty_ssh_password }}",
{% else %}
"Authentication": "Private Key",
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
{% endif %}
{# "Fingerprint": "SHA256:bgO...." #}
"Encoding": "utf-8"
}
}
],