feat: ansible role to download and install mcaptcha

2023-12-09 02:55:18 +05:30 · 2023-12-09 02:55:18 +05:30 · c8a34a6e7b
commit c8a34a6e7b
parent eb586633ec
3 changed files with 150 additions and 0 deletions
--- a/ansible/roles/mcaptcha/handlers/main.yml
+++ b/ansible/roles/mcaptcha/handlers/main.yml
@ -0,0 +1,7 @@
+- name: restart mcaptcha
+  listen: restart mcaptcha
+  become: true
+  ansible.builtin.service:
+    name: mcaptcha
+    enabled: true
+    state: restarted
--- a/ansible/roles/mcaptcha/tasks/main.yml
+++ b/ansible/roles/mcaptcha/tasks/main.yml
@ -0,0 +1,82 @@
+# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+---
+- name: Create mCaptcha systemd user
+  become: true
+  ansible.builtin.user:
+    name: mcaptcha
+    state: present
+    system: true
+    comment: mCaptcha systemd user
+
+- name: Create download dir
+  ansible.builtin.file:
+    path: /tmp/mcaptcha-dl
+    state: directory
+    mode: "0755"
+
+- name: Download binary
+  ansible.builtin.get_url:
+    url: https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
+    dest: /tmp/mcaptcha-dl
+    checksum: sha256:https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
+
+- name: Extract mcaptcha-master-linux-amd64.tar.gz into /var/lib/foo
+  ansible.builtin.unarchive:
+    src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64.tar.gz
+    remote_src: true
+    dest: /tmp/mcaptcha-dl/
+
+- name: Install binary
+  become: true
+  notify: restart mcaptcha
+  ansible.builtin.copy:
+    src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64/mcaptcha
+    remote_src: true
+    dest: /usr/local/bin/mcaptcha
+    owner: root
+    group: root
+    force: true
+    mode: "0755"
+
+- name: Copy mCaptcha systemd servicefile
+  become: true
+  ansible.builtin.copy:
+    src: ./artifacts/mcaptcha/mcaptcha.service
+    dest: /etc/systemd/system/
+    owner: root
+    group: root
+    force: true
+    mode: "0777"
+
+- name: Create mCaptcha config dir
+  become: true
+  ansible.builtin.file:
+    path: /etc/mcaptcha
+    state: directory
+    mode: "0755"
+
+- name: Copy mCaptcha systemd servicefile
+  become: true
+  notify: restart mcaptcha
+  ansible.builtin.template:
+    src: ./templates/mcaptcha/config.toml.j2
+    dest: /etc/mcaptcha/config.toml
+    owner: root
+    group: root
+    force: true
+    mode: "0644"
+
+- name: Run mCaptcha as a systemd service
+  become: true
+  ansible.builtin.systemd_service:
+    name: mcaptcha
+    daemon_reload: true
+    state: started
+    enabled: true
+
+- name: Delete download dir
+  ansible.builtin.file:
+    path: /tmp/mcaptcha-dl
+    state: absent
--- a/ansible/vars/mcaptcha/mcaptcha.yml
+++ b/ansible/vars/mcaptcha/mcaptcha.yml
@ -0,0 +1,61 @@
+mcaptcha_debug: false
+# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha'
+mcaptcha_commercial: false
+mcaptcha_allow_demo: false
+mcaptcha_allow_registration: false
+
+# Please set a unique value, your mCaptcha instance's security depends on this being
+# unique
+mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
+mcaptcha_server_port: 7000
+mcaptcha_server_bind: "127.0.0.1"
+mcaptcha_server_hostname: "mcaptcha.local"
+# Set true if you have setup TLS with a reverse proxy like Nginx.
+# Does HTTPS redirect and sends additional headers that can only be used if
+# HTTPS available to improve security
+#mcaptcha_proxy_has_tls: false
+
+# Please set a unique value, your mCaptcha instance's security depends on this being
+# unique
+mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
+# garbage collection period to manage mCaptcha system
+# leave untouched if you don't know what you are doing
+# mcaptcha_captcha_gc: 30
+# mcaptcha_captcha_runners: 4
+# mcaptcha_captcha_queue_length: 2000
+mcaptcha_captcha_enable_stats: true
+
+#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
+#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
+#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000  # greater than 3.5s
+# cooldown period in seconds
+mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
+
+  #{% if database_type == 'postgres' %}
+  #  {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %}
+  #{% else %}
+  #  {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %}
+  #{% endif %}
+#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}"
+  #mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}"
+#  mysql://mcaptcha:password@localhost/mcaptcha"
+mcaptcha_database_pool: 4
+  #mcaptcha_database_url: "{{ mcaptcha_database_url }}"
+
+mcaptcha_redis_url: "redis://127.0.0.1"
+mcaptcha_redis_pool: 4
+
+mcaptcha_redis_url: "redis://127.0.0.1"
+mcaptcha_redis_pool: 4
+
+
+mcaptcha_smtp_from: "admin@localhost"
+mcaptcha_smtp_reply: "admin@localhost"
+mcaptcha_smtp_url: "127.0.0.1"
+mcaptcha_smtp_port: 10025
+mcaptcha_smtp_username: "admin"
+mcaptcha_smtp_password: "password"
+#[survey]
+#nodes = ["http://localhost:7001"]
+#rate_limit = 10 # upload every hour
+#instance_root_url = "http://localhost:7000"