usertwist executable

revert Added usertwist group

.gitattributes

@@ -0,0 +1,2 @@
+usertwist filter=lfs diff=lfs merge=lfs -text
+files/usertwist filter=lfs diff=lfs merge=lfs -text

bootstrap.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+read -p "Enter root password : " password
+
+# Update APT repos
+sudo apt update
+
+# Make sure python is installed
+sudo apt install python3 python3-pip -y
+
+# Install pipx
+sudo apt install pipx -y
+pipx ensurepath
+
+# Install Ansible
+pipx install --include-deps ansible
+
+# Install sshpass (for ssh password connection) & passlib (for password encryption)
+sudo apt install python3-passlib sshpass
+pipx inject ansible passlib
+
+# Make sure git & git-lfs are installed and configured
+sudo apt install git git-lfs -y
+git lfs install
+
+# Clone ansible_playbooks repo
+git clone https://git.athelas-conseils.fr/Stage/ansible_playbooks.git
+
+
+~/.local/bin/ansible-playbook ansible_playbooks/tasks/full_setup.yml -i ansible_playbooks/inventory.ini --extra-vars "ansible_ssh_pass=$password ansible_ssh_common_args='-o StrictHostKeyChecking=no'"

files/usertwist.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Simple Web Service
+
+[Service]
+User=usertwist
+Group=usertwist
+ExecStart=/usr/local/bin/usertwist
+
+[Install]
+WantedBy=multi-user.target

inventory.ini

@@ -1,2 +1,2 @@
 [athelas]
-vps ansible_host=95.217.153.90 ansible_connection=ssh ansible_user=motysten
+vps ansible_host=135.181.250.127 ansible_connection=ssh ansible_user=root

tasks/install_caddy.yml

@@ -4,44 +4,59 @@
   tasks:
 
   - name: Add Caddy GPG Key
-    ansible.builtin.apt_key:
+    ansible.builtin.get_url:
       url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
-      state: present
+      dest: /etc/apt/keyrings/caddy.asc
+      mode: '0644'
+      force: true
 
   - name: Add Caddy Repo
     ansible.builtin.apt_repository:
-      repo: deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
+      repo: deb [signed-by=/etc/apt/keyrings/caddy.asc] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
       state: present
 
   - name: Add Caddy Src Repo
     ansible.builtin.apt_repository:
-      repo: deb-src [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
+      repo: deb-src [signed-by=/etc/apt/keyrings/caddy.asc] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
       state: present
 
   - name: Install Caddy
     ansible.builtin.package:
       name: caddy
 
-  - name: Creating webserver root folder
-    ansible.builtin.file:
-      path: /var/www/html/
-      state: directory
-      group: caddy
-      owner: caddy
-
-  - name: Creating webserver root folder
-    ansible.builtin.file:
-      path: /var/www/html/index.html
-      state: present
-      group: caddy
-      owner: caddy
-
-  - name: Editing Caddyfile
+  - name: Editing Caddyfile to setup the reverse_proxy
     ansible.builtin.template:
-      src: ~/ansible/templates/Caddyfile.j2
+      src: ../templates/Caddyfile.j2
       dest: /etc/caddy/Caddyfile
 
-  - name: Reload Caddy service
+  - name: Create the usertwist user
+    ansible.builtin.user:
+      name: usertwist
+      group: usertwist
+      system: true
+
+  - name: Put the service binary on the remote server
+    ansible.builtin.copy:
+      src: ../files/usertwist
+      dest: /usr/local/bin
+      owner: root
+      group: root
+      mode: '0755'
+
+  - name: Put the service systemd file on the remote server
+    ansible.builtin.copy:
+      src: ../files/usertwist.service
+      dest: /etc/systemd/system
+      owner: root
+      group: root
+
+  - name: Enable the service systemd unit
+    ansible.builtin.systemd_service:
+      name: usertwist
+      enabled: true
+      state: started
+
+  - name: Restart Caddy service
     ansible.builtin.service:
       name: caddy
-      state: reloaded
+      state: restarted

tasks/install_docker.yml

@@ -10,13 +10,15 @@
         - curl
 
   - name: Add Docker GPG Key
-    ansible.builtin.apt_key:
+    ansible.builtin.get_url:
       url: https://download.docker.com/linux/debian/gpg
-      state: present
+      dest: /etc/apt/keyrings/docker.asc
+      mode: '0644'
+      force: true
 
   - name: Add Docker repo
     ansible.builtin.apt_repository:
-      repo: deb https://download.docker.com/linux/debian bookworm stable
+      repo: deb [signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable
       state: present
 
   - name: Install Docker

tasks/setup_iptables.yml

@@ -11,8 +11,8 @@
       jump: ACCEPT
       destination_ports:
         - "22"
-        - "80"
         - "443"
+        - "80"
 
   - name: Set INPUT policy to DROP
     ansible.builtin.iptables:

tasks/setup_ssh.yml

@@ -9,25 +9,26 @@
 
   - name: Get SSH Private Key
     ansible.builtin.fetch:
-      dest: "~/ansible/keys/"
+      dest: "../keys/"
       src: "~/ssh_key"
       flat: true
 
   - name: Get SSH Public Key
     ansible.builtin.fetch:
-      dest: "~/ansible/keys/"
+      dest: "../keys/"
       src: "~/ssh_key.pub"
       flat: true
 
   - name: Copy new SSH configuration
     ansible.builtin.template:
-      src: "~/ansible/templates/sshd_config.j2"
+      src: "../templates/sshd_config.j2"
       dest: "/etc/ssh/sshd_config"
 
   - name: Create new user
     ansible.builtin.user:
-      name: "test"
+      name: "motysten"
       groups: "sudo"
+      shell: /bin/bash
       append: true
       password: "{{ lookup('password', '/tmp/userpass length=12 encrypt=sha512_crypt') }}"
     become: true
@@ -38,8 +39,8 @@
 
   - name: Add SSH public key to remote host
     ansible.builtin.authorized_key:
-      user: "test"
-      key: "{{ lookup('file', '~/ansible/keys/ssh_key.pub') }}"
+      user: "motysten"
+      key: "{{ lookup('file', '../keys/ssh_key.pub') }}"
     become: true
 
   - name: Restart SSH Services

templates/Caddyfile.j2

@@ -8,18 +8,24 @@
 # this machine's public IP, then replace ":80" below with your
 # domain name.
 
-athelas.motysten.fr {
-	# Set this path to your site's directory.
-	root * /var/www/html
-
-	# Enable the static file server.
-	file_server
+poc.athelas.fr {
 
 	# Another common task is to set up a reverse proxy:
-	# reverse_proxy localhost:8080
+	reverse_proxy localhost:8080
+
+	# Also edit ACME server
+	tls {
+		ca https://acme-staging-v02.api.letsencrypt.org/directory
+	}
+
+	handle_errors {
+		rewrite * /{err.status_code}
+		reverse_proxy https://http.cat {
+			header_up Host {upstream_hostport}
+			replace_status {err.status_code}
+		}
+	}
 
-	# Or serve a PHP site through php-fpm:
-	# php_fastcgi localhost:9000
 }
 
 # Refer to the Caddy docs for more information: