Merge pull request 'Usertwist update' (#6) from main into dev

Reviewed-on: #6

bootstrap.sh

@@ -24,7 +24,7 @@ sudo apt install git git-lfs -y
 git lfs install
 
 # Clone ansible_playbooks repo
-git clone https://git.athelas-conseils.fr/Stage/ansible_playbooks.git
+git clone -b dev https://git.athelas-conseils.fr/Stage/ansible_playbooks.git
 
 
 ~/.local/bin/ansible-playbook ansible_playbooks/tasks/full_setup.yml -i ansible_playbooks/inventory.ini --extra-vars "ansible_ssh_pass=$password ansible_ssh_common_args='-o StrictHostKeyChecking=no'"

files/usertwist.service

@@ -5,6 +5,16 @@ Description=Simple Web Service
 User=usertwist
 Group=usertwist
 ExecStart=/usr/local/bin/usertwist
+PrivateTmp=yes
+NoNewPrivileges=true
+RestrictNamespaces=uts ipc pid user cgroup
+ProtectSystem=strict
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+PrivateDevices=yes
+RestrictSUIDSGID=true
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

tasks/install_caddy.yml

@@ -60,11 +60,6 @@
       enabled: true
       state: started
 
-  - name: Edit usertwist default port
-    ansible.builtin.lineinfile:
-      path: /etc/environment
-      line: "PORT={{ usertwist_port | default('8080')}}"
-
   - name: Restart Caddy service
     ansible.builtin.service:
       name: caddy

tasks/roles/setup_iptables/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: Motysten
+  description: Dev
+  company: Athelas
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value

tasks/setup_iptables.yml

@@ -1,5 +1,6 @@
 - name: Edit iptables settings
   hosts: athelas
   become: true
+  
   roles:
-    - setup_iptables
+    - setup_iptables