Compare commits

..

No commits in common. "50569c8a32f3603cfbe9e135fa48e4c6b0562031" and "60f730153ee6f0f16310726462dc2036f48d006c" have entirely different histories.

10 changed files with 79 additions and 74 deletions

View file

@ -5,6 +5,7 @@
--- ---
- name: Install and enable firewall - name: Install and enable firewall
hosts: all hosts: all
remote_user: atm
pre_tasks: pre_tasks:
- name: Ensure all VMs are reachable - name: Ensure all VMs are reachable
ansible.builtin.ping: ansible.builtin.ping:

View file

@ -7,6 +7,7 @@
- name: Install redis cache - name: Install redis cache
hosts: mcaptcha_hosts hosts: mcaptcha_hosts
remote_user: atm
pre_tasks: pre_tasks:
- name: Ensure all VMs are reachable - name: Ensure all VMs are reachable
ansible.builtin.ping: ansible.builtin.ping:

View file

@ -7,6 +7,7 @@
- name: Configure Locust instances - name: Configure Locust instances
hosts: [mcaptcha_dos] hosts: [mcaptcha_dos]
remote_user: atm
pre_tasks: pre_tasks:
- name: Ensure all VMs are reachable - name: Ensure all VMs are reachable
ansible.builtin.ping: ansible.builtin.ping:

View file

@ -10,6 +10,7 @@
become: yes become: yes
vars_files: vars_files:
- vars/mcaptcha/vars.yml - vars/mcaptcha/vars.yml
- vars/mcaptcha/db-common.yml
- vars/mcaptcha/postgresql.yml - vars/mcaptcha/postgresql.yml
tasks: tasks:
- ansible.builtin.include_role: - ansible.builtin.include_role:
@ -22,6 +23,7 @@
become: yes become: yes
vars_files: vars_files:
- vars/mcaptcha/vars.yml - vars/mcaptcha/vars.yml
- vars/mcaptcha/db-common.yml
- vars/mcaptcha/mariadb.yml.yml - vars/mcaptcha/mariadb.yml.yml
tasks: tasks:
- ansible.builtin.include_role: - ansible.builtin.include_role:
@ -42,8 +44,11 @@
- name: Install mCaptcha binary - name: Install mCaptcha binary
hosts: mcaptcha_hosts hosts: mcaptcha_hosts
remote_user: atm
vars_files: vars_files:
- vars/mcaptcha/vars.yml - vars/mcaptcha/vars.yml
- vars/mcaptcha/db-common.yml
- vars/mcaptcha/mcaptcha.yml
roles: roles:
- mcaptcha - mcaptcha
tasks: tasks:

View file

@ -5,6 +5,7 @@
--- ---
- name: Ping all servers - name: Ping all servers
hosts: all hosts: all
remote_user: atm
tasks: tasks:
- name: Ensure all VMs are reachable - name: Ensure all VMs are reachable

View file

@ -39,8 +39,8 @@
name: docker name: docker
state: present state: present
- name: Add user to docker group - name: Add user atm to docker group
become: true become: true
ansible.builtin.user: ansible.builtin.user:
name: "{{ ansible_user_id }}" name: atm # TODO: add admin user to docker group
groups: docker,users,admin groups: docker,users,admin

View file

@ -0,0 +1,3 @@
database_owner: "mcaptcha"
database_name: "mcaptcha"
database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}"

View file

@ -1,8 +1,8 @@
--- ---
# Set this to the user ansible is logging in as - should have root # Set this to the user ansible is logging in as - should have root
# or sudo access # or sudo access
mysql_user_home: "/home/{{ ansible_user_id }}" mysql_user_home: /home/atm
mysql_user_name: "{{ ansible_user_id }}" mysql_user_name: atm
# The default root user installed by mysql - almost always root # The default root user installed by mysql - almost always root
mysql_root_home: /root mysql_root_home: /root

View file

@ -0,0 +1,61 @@
mcaptcha_debug: false
# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha'
mcaptcha_commercial: false
mcaptcha_allow_demo: false
mcaptcha_allow_registration: false
# Please set a unique value, your mCaptcha instance's security depends on this being
# unique
mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
mcaptcha_server_port: 7000
mcaptcha_server_bind: "127.0.0.1"
mcaptcha_server_hostname: "mcaptcha.local"
# Set true if you have setup TLS with a reverse proxy like Nginx.
# Does HTTPS redirect and sends additional headers that can only be used if
# HTTPS available to improve security
#mcaptcha_proxy_has_tls: false
# Please set a unique value, your mCaptcha instance's security depends on this being
# unique
mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
# garbage collection period to manage mCaptcha system
# leave untouched if you don't know what you are doing
# mcaptcha_captcha_gc: 30
# mcaptcha_captcha_runners: 4
# mcaptcha_captcha_queue_length: 2000
mcaptcha_captcha_enable_stats: true
#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s
# cooldown period in seconds
mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
#{% if database_type == 'postgres' %}
# {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %}
#{% else %}
# {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %}
#{% endif %}
#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}"
#mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}"
# mysql://mcaptcha:password@localhost/mcaptcha"
mcaptcha_database_pool: 4
#mcaptcha_database_url: "{{ mcaptcha_database_url }}"
mcaptcha_redis_url: "redis://127.0.0.1"
mcaptcha_redis_pool: 4
mcaptcha_redis_url: "redis://127.0.0.1"
mcaptcha_redis_pool: 4
mcaptcha_smtp_from: "admin@localhost"
mcaptcha_smtp_reply: "admin@localhost"
mcaptcha_smtp_url: "127.0.0.1"
mcaptcha_smtp_port: 10025
mcaptcha_smtp_username: "admin"
mcaptcha_smtp_password: "password"
#[survey]
#nodes = ["http://localhost:7001"]
#rate_limit = 10 # upload every hour
#instance_root_url = "http://localhost:7000"

View file

@ -1,70 +1,2 @@
database_type: "postgres" # REQUIRED. options: "mariadb", "postgres" database_type: "postgres" # options: "mariadb", "postgres"
cache_type: "redis" # REQUIRED. options: "embedded", "redis" cache_type: "redis" # options: "embedded", "redis"
# database user
database_owner: "mcaptcha"
database_name: "mcaptcha"
# AUTO-GENERATED. database password
database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}"
# Database connection pool
mcaptcha_database_pool: 4
# debug logging
mcaptcha_debug: false
# doens't do anything at the moment
mcaptcha_commercial: false
# create demo user and allow demo login
mcaptcha_allow_demo: false
# allow registration of new accounts. Required for the first user account.
# Please edit to set to "false" and re-rerun playbook if registration is
# undesirable.
mcaptcha_allow_registration: true
# AUTO-GENERATED. Randomly generated unique value for signing cookies.
mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
# REQUIRED. mcaptcha server port. Won't be exposed to internet, change if something else
# is listening on binding IP and port combination.
mcaptcha_server_port: 7000
# REQUIRED. bind to IP. If using reverse proxy (playbook installs and configures nginx), set to 127.0.0.1.
mcaptcha_server_bind: "127.0.0.1"
# REQUIRED. hostname of the mcaptcha installation. Incorrect hostname will cause login failures.
mcaptcha_server_hostname: "mcaptcha.local"
# AUTO-GENERATED. IGNORE if unfamiliar.
mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
# IGNORE if unfamiliar. # garbage collection period to manage mCaptcha system
# mcaptcha_captcha_gc: 30
# IGNORE if unfamiliar. Number of threads used to validate Proof-of-Work (PoW)
# mcaptcha_captcha_runners: 4
# IGNORE if unfamiliar. Maximum pending jobs in queue for PoW validation
# mcaptcha_captcha_queue_length: 2000
# Store PoW compute time statistics
mcaptcha_captcha_enable_stats: true
# IGNORE if unfamiliar. Difficulty factor for average traffic. Used in "easy mode" CAPTCHA configuration generation.
#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
# IGNORE if unfamiliar. Difficulty factor for peak traffic levels. Used in "easy mode" CAPTCHA configuration generation.
#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
# IGNORE if unfamiliar. Difficulty factor for maximum traffic levels. Used in "easy mode" CAPTCHA configuration generation.
#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s
# IGNORE if unfamiliar. Default cooldown period in seconds for "easy mode".
mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
# Redis instance URL
mcaptcha_redis_url: "redis://127.0.0.1"
# Redis connection pool
mcaptcha_redis_pool: 4
# smtp configuration
mcaptcha_smtp_from: "admin@localhost"
mcaptcha_smtp_reply: "admin@localhost"
mcaptcha_smtp_url: "127.0.0.1"
mcaptcha_smtp_port: 10025
mcaptcha_smtp_username: "admin"
mcaptcha_smtp_password: "password"
#[survey]
#nodes = ["http://localhost:7001"]
#rate_limit = 10 # upload every hour
#instance_root_url = "http://localhost:7000"