From 4e7f4b6be62f0e9683f611a89ca0756872742cbf Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Sat, 9 Dec 2023 03:21:26 +0530 Subject: [PATCH 1/3] chore: consolidate vars file --- ansible/mcaptcha.yml | 4 -- ansible/vars/mcaptcha/db-common.yml | 3 -- ansible/vars/mcaptcha/mcaptcha.yml | 61 -------------------------- ansible/vars/mcaptcha/vars.yml | 66 +++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+), 68 deletions(-) delete mode 100644 ansible/vars/mcaptcha/db-common.yml delete mode 100644 ansible/vars/mcaptcha/mcaptcha.yml diff --git a/ansible/mcaptcha.yml b/ansible/mcaptcha.yml index 314f3d5..c96999f 100644 --- a/ansible/mcaptcha.yml +++ b/ansible/mcaptcha.yml @@ -10,7 +10,6 @@ become: yes vars_files: - vars/mcaptcha/vars.yml - - vars/mcaptcha/db-common.yml - vars/mcaptcha/postgresql.yml tasks: - ansible.builtin.include_role: @@ -23,7 +22,6 @@ become: yes vars_files: - vars/mcaptcha/vars.yml - - vars/mcaptcha/db-common.yml - vars/mcaptcha/mariadb.yml.yml tasks: - ansible.builtin.include_role: @@ -47,8 +45,6 @@ remote_user: atm vars_files: - vars/mcaptcha/vars.yml - - vars/mcaptcha/db-common.yml - - vars/mcaptcha/mcaptcha.yml roles: - mcaptcha tasks: diff --git a/ansible/vars/mcaptcha/db-common.yml b/ansible/vars/mcaptcha/db-common.yml deleted file mode 100644 index 8146b87..0000000 --- a/ansible/vars/mcaptcha/db-common.yml +++ /dev/null @@ -1,3 +0,0 @@ -database_owner: "mcaptcha" -database_name: "mcaptcha" -database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}" diff --git a/ansible/vars/mcaptcha/mcaptcha.yml b/ansible/vars/mcaptcha/mcaptcha.yml deleted file mode 100644 index 5740ab0..0000000 --- a/ansible/vars/mcaptcha/mcaptcha.yml +++ /dev/null @@ -1,61 +0,0 @@ -mcaptcha_debug: false -# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha' -mcaptcha_commercial: false -mcaptcha_allow_demo: false -mcaptcha_allow_registration: false - -# Please set a unique value, your mCaptcha instance's security depends on this being -# unique -mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}" -mcaptcha_server_port: 7000 -mcaptcha_server_bind: "127.0.0.1" -mcaptcha_server_hostname: "mcaptcha.local" -# Set true if you have setup TLS with a reverse proxy like Nginx. -# Does HTTPS redirect and sends additional headers that can only be used if -# HTTPS available to improve security -#mcaptcha_proxy_has_tls: false - -# Please set a unique value, your mCaptcha instance's security depends on this being -# unique -mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}" -# garbage collection period to manage mCaptcha system -# leave untouched if you don't know what you are doing -# mcaptcha_captcha_gc: 30 -# mcaptcha_captcha_runners: 4 -# mcaptcha_captcha_queue_length: 2000 -mcaptcha_captcha_enable_stats: true - -#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution -#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s -#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s -# cooldown period in seconds -mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30 - - #{% if database_type == 'postgres' %} - # {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %} - #{% else %} - # {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %} - #{% endif %} -#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" - #mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" -# mysql://mcaptcha:password@localhost/mcaptcha" -mcaptcha_database_pool: 4 - #mcaptcha_database_url: "{{ mcaptcha_database_url }}" - -mcaptcha_redis_url: "redis://127.0.0.1" -mcaptcha_redis_pool: 4 - -mcaptcha_redis_url: "redis://127.0.0.1" -mcaptcha_redis_pool: 4 - - -mcaptcha_smtp_from: "admin@localhost" -mcaptcha_smtp_reply: "admin@localhost" -mcaptcha_smtp_url: "127.0.0.1" -mcaptcha_smtp_port: 10025 -mcaptcha_smtp_username: "admin" -mcaptcha_smtp_password: "password" -#[survey] -#nodes = ["http://localhost:7001"] -#rate_limit = 10 # upload every hour -#instance_root_url = "http://localhost:7000" diff --git a/ansible/vars/mcaptcha/vars.yml b/ansible/vars/mcaptcha/vars.yml index 2bc8542..2d1666a 100644 --- a/ansible/vars/mcaptcha/vars.yml +++ b/ansible/vars/mcaptcha/vars.yml @@ -1,2 +1,68 @@ database_type: "postgres" # options: "mariadb", "postgres" cache_type: "redis" # options: "embedded", "redis" + +database_owner: "mcaptcha" +database_name: "mcaptcha" +database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}" + +mcaptcha_debug: false +# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha' +mcaptcha_commercial: false +mcaptcha_allow_demo: false +mcaptcha_allow_registration: false + +# Please set a unique value, your mCaptcha instance's security depends on this being +# unique +mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}" +mcaptcha_server_port: 7000 +mcaptcha_server_bind: "127.0.0.1" +mcaptcha_server_hostname: "mcaptcha.local" +# Set true if you have setup TLS with a reverse proxy like Nginx. +# Does HTTPS redirect and sends additional headers that can only be used if +# HTTPS available to improve security +#mcaptcha_proxy_has_tls: false + +# Please set a unique value, your mCaptcha instance's security depends on this being +# unique +mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}" +# garbage collection period to manage mCaptcha system +# leave untouched if you don't know what you are doing +# mcaptcha_captcha_gc: 30 +# mcaptcha_captcha_runners: 4 +# mcaptcha_captcha_queue_length: 2000 +mcaptcha_captcha_enable_stats: true + +#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution +#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s +#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s +# cooldown period in seconds +mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30 + + #{% if database_type == 'postgres' %} + # {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %} + #{% else %} + # {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %} + #{% endif %} +#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" + #mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" +# mysql://mcaptcha:password@localhost/mcaptcha" +mcaptcha_database_pool: 4 + #mcaptcha_database_url: "{{ mcaptcha_database_url }}" + +mcaptcha_redis_url: "redis://127.0.0.1" +mcaptcha_redis_pool: 4 + +mcaptcha_redis_url: "redis://127.0.0.1" +mcaptcha_redis_pool: 4 + + +mcaptcha_smtp_from: "admin@localhost" +mcaptcha_smtp_reply: "admin@localhost" +mcaptcha_smtp_url: "127.0.0.1" +mcaptcha_smtp_port: 10025 +mcaptcha_smtp_username: "admin" +mcaptcha_smtp_password: "password" +#[survey] +#nodes = ["http://localhost:7001"] +#rate_limit = 10 # upload every hour +#instance_root_url = "http://localhost:7000" From 800a6b6ebc5776a50399884b090dcba0f95e9d43 Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Sat, 9 Dec 2023 03:30:10 +0530 Subject: [PATCH 2/3] fix: dont use atm user --- ansible/base.yml | 1 - ansible/cache.yml | 1 - ansible/locust.yml | 1 - ansible/mcaptcha.yml | 1 - ansible/ping.yml | 1 - ansible/roles/docker/tasks/main.yml | 4 ++-- ansible/vars/mcaptcha/mariadb.yml | 4 ++-- 7 files changed, 4 insertions(+), 9 deletions(-) diff --git a/ansible/base.yml b/ansible/base.yml index 6804a12..401a6a7 100644 --- a/ansible/base.yml +++ b/ansible/base.yml @@ -5,7 +5,6 @@ --- - name: Install and enable firewall hosts: all - remote_user: atm pre_tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: diff --git a/ansible/cache.yml b/ansible/cache.yml index 04231df..b5fff3d 100644 --- a/ansible/cache.yml +++ b/ansible/cache.yml @@ -7,7 +7,6 @@ - name: Install redis cache hosts: mcaptcha_hosts - remote_user: atm pre_tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: diff --git a/ansible/locust.yml b/ansible/locust.yml index 695279c..401980d 100644 --- a/ansible/locust.yml +++ b/ansible/locust.yml @@ -7,7 +7,6 @@ - name: Configure Locust instances hosts: [mcaptcha_dos] - remote_user: atm pre_tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: diff --git a/ansible/mcaptcha.yml b/ansible/mcaptcha.yml index c96999f..67ba5bb 100644 --- a/ansible/mcaptcha.yml +++ b/ansible/mcaptcha.yml @@ -42,7 +42,6 @@ - name: Install mCaptcha binary hosts: mcaptcha_hosts - remote_user: atm vars_files: - vars/mcaptcha/vars.yml roles: diff --git a/ansible/ping.yml b/ansible/ping.yml index 8fcead6..400907d 100644 --- a/ansible/ping.yml +++ b/ansible/ping.yml @@ -5,7 +5,6 @@ --- - name: Ping all servers hosts: all - remote_user: atm tasks: - name: Ensure all VMs are reachable diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index a204433..d900e03 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -39,8 +39,8 @@ name: docker state: present -- name: Add user atm to docker group +- name: Add user to docker group become: true ansible.builtin.user: - name: atm # TODO: add admin user to docker group + name: "{{ ansible_user_id }}" groups: docker,users,admin diff --git a/ansible/vars/mcaptcha/mariadb.yml b/ansible/vars/mcaptcha/mariadb.yml index e142d47..c45df2f 100644 --- a/ansible/vars/mcaptcha/mariadb.yml +++ b/ansible/vars/mcaptcha/mariadb.yml @@ -1,8 +1,8 @@ --- # Set this to the user ansible is logging in as - should have root # or sudo access -mysql_user_home: /home/atm -mysql_user_name: atm +mysql_user_home: "/home/{{ ansible_user_id }}" +mysql_user_name: "{{ ansible_user_id }}" # The default root user installed by mysql - almost always root mysql_root_home: /root From a0a2e915aff1a98a94a4006c9e49b813bdab7a35 Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Sat, 9 Dec 2023 03:39:55 +0530 Subject: [PATCH 3/3] doc: mcaptcha vars --- ansible/vars/mcaptcha/vars.yml | 60 ++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/ansible/vars/mcaptcha/vars.yml b/ansible/vars/mcaptcha/vars.yml index 2d1666a..42e8302 100644 --- a/ansible/vars/mcaptcha/vars.yml +++ b/ansible/vars/mcaptcha/vars.yml @@ -1,61 +1,63 @@ -database_type: "postgres" # options: "mariadb", "postgres" -cache_type: "redis" # options: "embedded", "redis" +database_type: "postgres" # REQUIRED. options: "mariadb", "postgres" +cache_type: "redis" # REQUIRED. options: "embedded", "redis" +# database user database_owner: "mcaptcha" database_name: "mcaptcha" +# AUTO-GENERATED. database password database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}" +# Database connection pool +mcaptcha_database_pool: 4 + +# debug logging mcaptcha_debug: false -# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha' +# doens't do anything at the moment mcaptcha_commercial: false +# create demo user and allow demo login mcaptcha_allow_demo: false -mcaptcha_allow_registration: false +# allow registration of new accounts. Required for the first user account. +# Please edit to set to "false" and re-rerun playbook if registration is +# undesirable. +mcaptcha_allow_registration: true -# Please set a unique value, your mCaptcha instance's security depends on this being -# unique +# AUTO-GENERATED. Randomly generated unique value for signing cookies. mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}" +# REQUIRED. mcaptcha server port. Won't be exposed to internet, change if something else +# is listening on binding IP and port combination. mcaptcha_server_port: 7000 +# REQUIRED. bind to IP. If using reverse proxy (playbook installs and configures nginx), set to 127.0.0.1. mcaptcha_server_bind: "127.0.0.1" +# REQUIRED. hostname of the mcaptcha installation. Incorrect hostname will cause login failures. mcaptcha_server_hostname: "mcaptcha.local" -# Set true if you have setup TLS with a reverse proxy like Nginx. -# Does HTTPS redirect and sends additional headers that can only be used if -# HTTPS available to improve security -#mcaptcha_proxy_has_tls: false -# Please set a unique value, your mCaptcha instance's security depends on this being -# unique +# AUTO-GENERATED. IGNORE if unfamiliar. mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}" -# garbage collection period to manage mCaptcha system -# leave untouched if you don't know what you are doing +# IGNORE if unfamiliar. # garbage collection period to manage mCaptcha system # mcaptcha_captcha_gc: 30 +# IGNORE if unfamiliar. Number of threads used to validate Proof-of-Work (PoW) # mcaptcha_captcha_runners: 4 +# IGNORE if unfamiliar. Maximum pending jobs in queue for PoW validation # mcaptcha_captcha_queue_length: 2000 +# Store PoW compute time statistics mcaptcha_captcha_enable_stats: true +# IGNORE if unfamiliar. Difficulty factor for average traffic. Used in "easy mode" CAPTCHA configuration generation. #mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution +# IGNORE if unfamiliar. Difficulty factor for peak traffic levels. Used in "easy mode" CAPTCHA configuration generation. #mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s +# IGNORE if unfamiliar. Difficulty factor for maximum traffic levels. Used in "easy mode" CAPTCHA configuration generation. #mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s -# cooldown period in seconds +# IGNORE if unfamiliar. Default cooldown period in seconds for "easy mode". mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30 - #{% if database_type == 'postgres' %} - # {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %} - #{% else %} - # {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %} - #{% endif %} -#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" - #mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" -# mysql://mcaptcha:password@localhost/mcaptcha" -mcaptcha_database_pool: 4 - #mcaptcha_database_url: "{{ mcaptcha_database_url }}" +# Redis instance URL mcaptcha_redis_url: "redis://127.0.0.1" +# Redis connection pool mcaptcha_redis_pool: 4 -mcaptcha_redis_url: "redis://127.0.0.1" -mcaptcha_redis_pool: 4 - - +# smtp configuration mcaptcha_smtp_from: "admin@localhost" mcaptcha_smtp_reply: "admin@localhost" mcaptcha_smtp_url: "127.0.0.1"