diff --git a/ansible/base.yml b/ansible/base.yml index 6804a12..401a6a7 100644 --- a/ansible/base.yml +++ b/ansible/base.yml @@ -5,7 +5,6 @@ --- - name: Install and enable firewall hosts: all - remote_user: atm pre_tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: diff --git a/ansible/cache.yml b/ansible/cache.yml index 04231df..b5fff3d 100644 --- a/ansible/cache.yml +++ b/ansible/cache.yml @@ -7,7 +7,6 @@ - name: Install redis cache hosts: mcaptcha_hosts - remote_user: atm pre_tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: diff --git a/ansible/locust.yml b/ansible/locust.yml index 695279c..401980d 100644 --- a/ansible/locust.yml +++ b/ansible/locust.yml @@ -7,7 +7,6 @@ - name: Configure Locust instances hosts: [mcaptcha_dos] - remote_user: atm pre_tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: diff --git a/ansible/mcaptcha.yml b/ansible/mcaptcha.yml index 314f3d5..67ba5bb 100644 --- a/ansible/mcaptcha.yml +++ b/ansible/mcaptcha.yml @@ -10,7 +10,6 @@ become: yes vars_files: - vars/mcaptcha/vars.yml - - vars/mcaptcha/db-common.yml - vars/mcaptcha/postgresql.yml tasks: - ansible.builtin.include_role: @@ -23,7 +22,6 @@ become: yes vars_files: - vars/mcaptcha/vars.yml - - vars/mcaptcha/db-common.yml - vars/mcaptcha/mariadb.yml.yml tasks: - ansible.builtin.include_role: @@ -44,11 +42,8 @@ - name: Install mCaptcha binary hosts: mcaptcha_hosts - remote_user: atm vars_files: - vars/mcaptcha/vars.yml - - vars/mcaptcha/db-common.yml - - vars/mcaptcha/mcaptcha.yml roles: - mcaptcha tasks: diff --git a/ansible/ping.yml b/ansible/ping.yml index 8fcead6..400907d 100644 --- a/ansible/ping.yml +++ b/ansible/ping.yml @@ -5,7 +5,6 @@ --- - name: Ping all servers hosts: all - remote_user: atm tasks: - name: Ensure all VMs are reachable diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index a204433..d900e03 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -39,8 +39,8 @@ name: docker state: present -- name: Add user atm to docker group +- name: Add user to docker group become: true ansible.builtin.user: - name: atm # TODO: add admin user to docker group + name: "{{ ansible_user_id }}" groups: docker,users,admin diff --git a/ansible/vars/mcaptcha/db-common.yml b/ansible/vars/mcaptcha/db-common.yml deleted file mode 100644 index 8146b87..0000000 --- a/ansible/vars/mcaptcha/db-common.yml +++ /dev/null @@ -1,3 +0,0 @@ -database_owner: "mcaptcha" -database_name: "mcaptcha" -database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}" diff --git a/ansible/vars/mcaptcha/mariadb.yml b/ansible/vars/mcaptcha/mariadb.yml index e142d47..c45df2f 100644 --- a/ansible/vars/mcaptcha/mariadb.yml +++ b/ansible/vars/mcaptcha/mariadb.yml @@ -1,8 +1,8 @@ --- # Set this to the user ansible is logging in as - should have root # or sudo access -mysql_user_home: /home/atm -mysql_user_name: atm +mysql_user_home: "/home/{{ ansible_user_id }}" +mysql_user_name: "{{ ansible_user_id }}" # The default root user installed by mysql - almost always root mysql_root_home: /root diff --git a/ansible/vars/mcaptcha/mcaptcha.yml b/ansible/vars/mcaptcha/mcaptcha.yml deleted file mode 100644 index 5740ab0..0000000 --- a/ansible/vars/mcaptcha/mcaptcha.yml +++ /dev/null @@ -1,61 +0,0 @@ -mcaptcha_debug: false -# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha' -mcaptcha_commercial: false -mcaptcha_allow_demo: false -mcaptcha_allow_registration: false - -# Please set a unique value, your mCaptcha instance's security depends on this being -# unique -mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}" -mcaptcha_server_port: 7000 -mcaptcha_server_bind: "127.0.0.1" -mcaptcha_server_hostname: "mcaptcha.local" -# Set true if you have setup TLS with a reverse proxy like Nginx. -# Does HTTPS redirect and sends additional headers that can only be used if -# HTTPS available to improve security -#mcaptcha_proxy_has_tls: false - -# Please set a unique value, your mCaptcha instance's security depends on this being -# unique -mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}" -# garbage collection period to manage mCaptcha system -# leave untouched if you don't know what you are doing -# mcaptcha_captcha_gc: 30 -# mcaptcha_captcha_runners: 4 -# mcaptcha_captcha_queue_length: 2000 -mcaptcha_captcha_enable_stats: true - -#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution -#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s -#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s -# cooldown period in seconds -mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30 - - #{% if database_type == 'postgres' %} - # {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %} - #{% else %} - # {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %} - #{% endif %} -#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" - #mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" -# mysql://mcaptcha:password@localhost/mcaptcha" -mcaptcha_database_pool: 4 - #mcaptcha_database_url: "{{ mcaptcha_database_url }}" - -mcaptcha_redis_url: "redis://127.0.0.1" -mcaptcha_redis_pool: 4 - -mcaptcha_redis_url: "redis://127.0.0.1" -mcaptcha_redis_pool: 4 - - -mcaptcha_smtp_from: "admin@localhost" -mcaptcha_smtp_reply: "admin@localhost" -mcaptcha_smtp_url: "127.0.0.1" -mcaptcha_smtp_port: 10025 -mcaptcha_smtp_username: "admin" -mcaptcha_smtp_password: "password" -#[survey] -#nodes = ["http://localhost:7001"] -#rate_limit = 10 # upload every hour -#instance_root_url = "http://localhost:7000" diff --git a/ansible/vars/mcaptcha/vars.yml b/ansible/vars/mcaptcha/vars.yml index 2bc8542..42e8302 100644 --- a/ansible/vars/mcaptcha/vars.yml +++ b/ansible/vars/mcaptcha/vars.yml @@ -1,2 +1,70 @@ -database_type: "postgres" # options: "mariadb", "postgres" -cache_type: "redis" # options: "embedded", "redis" +database_type: "postgres" # REQUIRED. options: "mariadb", "postgres" +cache_type: "redis" # REQUIRED. options: "embedded", "redis" + +# database user +database_owner: "mcaptcha" +database_name: "mcaptcha" +# AUTO-GENERATED. database password +database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}" + +# Database connection pool +mcaptcha_database_pool: 4 + +# debug logging +mcaptcha_debug: false +# doens't do anything at the moment +mcaptcha_commercial: false +# create demo user and allow demo login +mcaptcha_allow_demo: false +# allow registration of new accounts. Required for the first user account. +# Please edit to set to "false" and re-rerun playbook if registration is +# undesirable. +mcaptcha_allow_registration: true + +# AUTO-GENERATED. Randomly generated unique value for signing cookies. +mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}" +# REQUIRED. mcaptcha server port. Won't be exposed to internet, change if something else +# is listening on binding IP and port combination. +mcaptcha_server_port: 7000 +# REQUIRED. bind to IP. If using reverse proxy (playbook installs and configures nginx), set to 127.0.0.1. +mcaptcha_server_bind: "127.0.0.1" +# REQUIRED. hostname of the mcaptcha installation. Incorrect hostname will cause login failures. +mcaptcha_server_hostname: "mcaptcha.local" + +# AUTO-GENERATED. IGNORE if unfamiliar. +mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}" +# IGNORE if unfamiliar. # garbage collection period to manage mCaptcha system +# mcaptcha_captcha_gc: 30 +# IGNORE if unfamiliar. Number of threads used to validate Proof-of-Work (PoW) +# mcaptcha_captcha_runners: 4 +# IGNORE if unfamiliar. Maximum pending jobs in queue for PoW validation +# mcaptcha_captcha_queue_length: 2000 +# Store PoW compute time statistics +mcaptcha_captcha_enable_stats: true + +# IGNORE if unfamiliar. Difficulty factor for average traffic. Used in "easy mode" CAPTCHA configuration generation. +#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution +# IGNORE if unfamiliar. Difficulty factor for peak traffic levels. Used in "easy mode" CAPTCHA configuration generation. +#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s +# IGNORE if unfamiliar. Difficulty factor for maximum traffic levels. Used in "easy mode" CAPTCHA configuration generation. +#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s +# IGNORE if unfamiliar. Default cooldown period in seconds for "easy mode". +mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30 + + +# Redis instance URL +mcaptcha_redis_url: "redis://127.0.0.1" +# Redis connection pool +mcaptcha_redis_pool: 4 + +# smtp configuration +mcaptcha_smtp_from: "admin@localhost" +mcaptcha_smtp_reply: "admin@localhost" +mcaptcha_smtp_url: "127.0.0.1" +mcaptcha_smtp_port: 10025 +mcaptcha_smtp_username: "admin" +mcaptcha_smtp_password: "password" +#[survey] +#nodes = ["http://localhost:7001"] +#rate_limit = 10 # upload every hour +#instance_root_url = "http://localhost:7000"