From c8a34a6e7bb167b320a034d37e3103226d882be7 Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Sat, 9 Dec 2023 02:55:18 +0530 Subject: [PATCH] feat: ansible role to download and install mcaptcha --- ansible/roles/mcaptcha/handlers/main.yml | 7 ++ ansible/roles/mcaptcha/tasks/main.yml | 82 ++++++++++++++++++++++++ ansible/vars/mcaptcha/mcaptcha.yml | 61 ++++++++++++++++++ 3 files changed, 150 insertions(+) create mode 100644 ansible/roles/mcaptcha/handlers/main.yml create mode 100644 ansible/roles/mcaptcha/tasks/main.yml create mode 100644 ansible/vars/mcaptcha/mcaptcha.yml diff --git a/ansible/roles/mcaptcha/handlers/main.yml b/ansible/roles/mcaptcha/handlers/main.yml new file mode 100644 index 0000000..67b54a1 --- /dev/null +++ b/ansible/roles/mcaptcha/handlers/main.yml @@ -0,0 +1,7 @@ +- name: restart mcaptcha + listen: restart mcaptcha + become: true + ansible.builtin.service: + name: mcaptcha + enabled: true + state: restarted diff --git a/ansible/roles/mcaptcha/tasks/main.yml b/ansible/roles/mcaptcha/tasks/main.yml new file mode 100644 index 0000000..4852cfa --- /dev/null +++ b/ansible/roles/mcaptcha/tasks/main.yml @@ -0,0 +1,82 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later +--- +- name: Create mCaptcha systemd user + become: true + ansible.builtin.user: + name: mcaptcha + state: present + system: true + comment: mCaptcha systemd user + +- name: Create download dir + ansible.builtin.file: + path: /tmp/mcaptcha-dl + state: directory + mode: "0755" + +- name: Download binary + ansible.builtin.get_url: + url: https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz + dest: /tmp/mcaptcha-dl + checksum: sha256:https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256 + +- name: Extract mcaptcha-master-linux-amd64.tar.gz into /var/lib/foo + ansible.builtin.unarchive: + src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64.tar.gz + remote_src: true + dest: /tmp/mcaptcha-dl/ + +- name: Install binary + become: true + notify: restart mcaptcha + ansible.builtin.copy: + src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64/mcaptcha + remote_src: true + dest: /usr/local/bin/mcaptcha + owner: root + group: root + force: true + mode: "0755" + +- name: Copy mCaptcha systemd servicefile + become: true + ansible.builtin.copy: + src: ./artifacts/mcaptcha/mcaptcha.service + dest: /etc/systemd/system/ + owner: root + group: root + force: true + mode: "0777" + +- name: Create mCaptcha config dir + become: true + ansible.builtin.file: + path: /etc/mcaptcha + state: directory + mode: "0755" + +- name: Copy mCaptcha systemd servicefile + become: true + notify: restart mcaptcha + ansible.builtin.template: + src: ./templates/mcaptcha/config.toml.j2 + dest: /etc/mcaptcha/config.toml + owner: root + group: root + force: true + mode: "0644" + +- name: Run mCaptcha as a systemd service + become: true + ansible.builtin.systemd_service: + name: mcaptcha + daemon_reload: true + state: started + enabled: true + +- name: Delete download dir + ansible.builtin.file: + path: /tmp/mcaptcha-dl + state: absent diff --git a/ansible/vars/mcaptcha/mcaptcha.yml b/ansible/vars/mcaptcha/mcaptcha.yml new file mode 100644 index 0000000..5740ab0 --- /dev/null +++ b/ansible/vars/mcaptcha/mcaptcha.yml @@ -0,0 +1,61 @@ +mcaptcha_debug: false +# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha' +mcaptcha_commercial: false +mcaptcha_allow_demo: false +mcaptcha_allow_registration: false + +# Please set a unique value, your mCaptcha instance's security depends on this being +# unique +mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}" +mcaptcha_server_port: 7000 +mcaptcha_server_bind: "127.0.0.1" +mcaptcha_server_hostname: "mcaptcha.local" +# Set true if you have setup TLS with a reverse proxy like Nginx. +# Does HTTPS redirect and sends additional headers that can only be used if +# HTTPS available to improve security +#mcaptcha_proxy_has_tls: false + +# Please set a unique value, your mCaptcha instance's security depends on this being +# unique +mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}" +# garbage collection period to manage mCaptcha system +# leave untouched if you don't know what you are doing +# mcaptcha_captcha_gc: 30 +# mcaptcha_captcha_runners: 4 +# mcaptcha_captcha_queue_length: 2000 +mcaptcha_captcha_enable_stats: true + +#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution +#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s +#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s +# cooldown period in seconds +mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30 + + #{% if database_type == 'postgres' %} + # {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %} + #{% else %} + # {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %} + #{% endif %} +#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" + #mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" +# mysql://mcaptcha:password@localhost/mcaptcha" +mcaptcha_database_pool: 4 + #mcaptcha_database_url: "{{ mcaptcha_database_url }}" + +mcaptcha_redis_url: "redis://127.0.0.1" +mcaptcha_redis_pool: 4 + +mcaptcha_redis_url: "redis://127.0.0.1" +mcaptcha_redis_pool: 4 + + +mcaptcha_smtp_from: "admin@localhost" +mcaptcha_smtp_reply: "admin@localhost" +mcaptcha_smtp_url: "127.0.0.1" +mcaptcha_smtp_port: 10025 +mcaptcha_smtp_username: "admin" +mcaptcha_smtp_password: "password" +#[survey] +#nodes = ["http://localhost:7001"] +#rate_limit = 10 # upload every hour +#instance_root_url = "http://localhost:7000"