usertwist executable

revert Added usertwist group

.gitattributes

@@ -0,0 +1,2 @@
+usertwist filter=lfs diff=lfs merge=lfs -text
+files/usertwist filter=lfs diff=lfs merge=lfs -text

bootstrap.sh

@@ -1,28 +1,30 @@
 #!/bin/sh
 
-read -p "Enter root password" password
+read -p "Enter root password : " password
 
 # Update APT repos
 sudo apt update
 
 # Make sure python is installed
-sudo apt install python3 python3-pip
+sudo apt install python3 python3-pip -y
 
 # Install pipx
-sudo apt install pipx
+sudo apt install pipx -y
 pipx ensurepath
 
 # Install Ansible
 pipx install --include-deps ansible
 
-# Install passlib (for ssh password connection)
-sudo apt install python3-passlib
+# Install sshpass (for ssh password connection) & passlib (for password encryption)
+sudo apt install python3-passlib sshpass
 pipx inject ansible passlib
 
-# Make sure git is installed
-sudo apt install git
+# Make sure git & git-lfs are installed and configured
+sudo apt install git git-lfs -y
+git lfs install
 
 # Clone ansible_playbooks repo
 git clone https://git.athelas-conseils.fr/Stage/ansible_playbooks.git
 
-ansible-playbook ansible-playbook ansible_playbooks/tasks/full_setup.yml -i ansible_playbooks/inventory.ini
+
+~/.local/bin/ansible-playbook ansible_playbooks/tasks/full_setup.yml -i ansible_playbooks/inventory.ini --extra-vars "ansible_ssh_pass=$password ansible_ssh_common_args='-o StrictHostKeyChecking=no'"

files/usertwist.service

@@ -2,8 +2,8 @@
 Description=Simple Web Service
 
 [Service]
-User=caddy
-Group=caddy
+User=usertwist
+Group=usertwist
 ExecStart=/usr/local/bin/usertwist
 
 [Install]

tasks/install_caddy.yml

@@ -26,12 +26,18 @@
 
   - name: Editing Caddyfile to setup the reverse_proxy
     ansible.builtin.template:
-      src: ~/ansible/templates/Caddyfile.j2
+      src: ../templates/Caddyfile.j2
       dest: /etc/caddy/Caddyfile
 
+  - name: Create the usertwist user
+    ansible.builtin.user:
+      name: usertwist
+      group: usertwist
+      system: true
+
   - name: Put the service binary on the remote server
     ansible.builtin.copy:
-      src: ~/ansible/files/usertwist
+      src: ../files/usertwist
       dest: /usr/local/bin
       owner: root
       group: root
@@ -39,7 +45,7 @@
 
   - name: Put the service systemd file on the remote server
     ansible.builtin.copy:
-      src: ~/ansible/files/usertwist.service
+      src: ../files/usertwist.service
       dest: /etc/systemd/system
       owner: root
       group: root

tasks/setup_iptables.yml

@@ -11,7 +11,7 @@
       jump: ACCEPT
       destination_ports:
         - "22"
-        - "8081"
+        - "443"
         - "80"
 
   - name: Set INPUT policy to DROP

tasks/setup_ssh.yml

@@ -9,19 +9,19 @@
 
   - name: Get SSH Private Key
     ansible.builtin.fetch:
-      dest: "~/ansible/keys/"
+      dest: "../keys/"
       src: "~/ssh_key"
       flat: true
 
   - name: Get SSH Public Key
     ansible.builtin.fetch:
-      dest: "~/ansible/keys/"
+      dest: "../keys/"
       src: "~/ssh_key.pub"
       flat: true
 
   - name: Copy new SSH configuration
     ansible.builtin.template:
-      src: "~/ansible/templates/sshd_config.j2"
+      src: "../templates/sshd_config.j2"
       dest: "/etc/ssh/sshd_config"
 
   - name: Create new user
@@ -40,7 +40,7 @@
   - name: Add SSH public key to remote host
     ansible.builtin.authorized_key:
       user: "motysten"
-      key: "{{ lookup('file', '~/ansible/keys/ssh_key.pub') }}"
+      key: "{{ lookup('file', '../keys/ssh_key.pub') }}"
     become: true
 
   - name: Restart SSH Services

templates/Caddyfile.j2

@@ -18,6 +18,14 @@ poc.athelas.fr {
 		ca https://acme-staging-v02.api.letsencrypt.org/directory
 	}
 
+	handle_errors {
+		rewrite * /{err.status_code}
+		reverse_proxy https://http.cat {
+			header_up Host {upstream_hostport}
+			replace_status {err.status_code}
+		}
+	}
+
 }
 
 # Refer to the Caddy docs for more information: