10 changed files with 79 additions and 74 deletions
--- a/ansible/base.yml
+++ b/ansible/base.yml
@ -5,6 +5,7 @@
 ---
 - name: Install and enable firewall
  hosts: all
  remote_user: atm
  pre_tasks:
    - name: Ensure all VMs are reachable
      ansible.builtin.ping:
--- a/ansible/cache.yml
+++ b/ansible/cache.yml
@ -7,6 +7,7 @@
 - name: Install redis cache
  hosts: mcaptcha_hosts
  remote_user: atm
  pre_tasks:
    - name: Ensure all VMs are reachable
      ansible.builtin.ping:
--- a/ansible/locust.yml
+++ b/ansible/locust.yml
@ -7,6 +7,7 @@
 - name: Configure Locust instances
  hosts: [mcaptcha_dos]
  remote_user: atm
  pre_tasks:
    - name: Ensure all VMs are reachable
      ansible.builtin.ping:
--- a/ansible/mcaptcha.yml
+++ b/ansible/mcaptcha.yml
@ -10,6 +10,7 @@
  become: yes
  vars_files:
    - vars/mcaptcha/vars.yml
    - vars/mcaptcha/db-common.yml
    - vars/mcaptcha/postgresql.yml
  tasks:
    - ansible.builtin.include_role:
@ -22,6 +23,7 @@
  become: yes
  vars_files:
    - vars/mcaptcha/vars.yml
    - vars/mcaptcha/db-common.yml
    - vars/mcaptcha/mariadb.yml.yml
  tasks:
    - ansible.builtin.include_role:
@ -42,8 +44,11 @@
 - name: Install mCaptcha binary
  hosts: mcaptcha_hosts
  remote_user: atm
  vars_files:
    - vars/mcaptcha/vars.yml
    - vars/mcaptcha/db-common.yml
    - vars/mcaptcha/mcaptcha.yml
  roles:
    - mcaptcha
  tasks:
--- a/ansible/ping.yml
+++ b/ansible/ping.yml
@ -5,6 +5,7 @@
 ---
 - name: Ping all servers
  hosts: all
  remote_user: atm
  tasks:
    - name: Ensure all VMs are reachable
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@ -39,8 +39,8 @@
    name: docker
    state: present
- name: Add user to docker group
+- name: Add user atm to docker group
  become: true
  ansible.builtin.user:
-    name: "{{ ansible_user_id }}"
+    name: atm # TODO: add admin user to docker group
    groups: docker,users,admin
--- a/ansible/vars/mcaptcha/db-common.yml
+++ b/ansible/vars/mcaptcha/db-common.yml
@ -0,0 +1,3 @@
 database_owner: "mcaptcha"
 database_name: "mcaptcha"
 database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}"
--- a/ansible/vars/mcaptcha/mariadb.yml
+++ b/ansible/vars/mcaptcha/mariadb.yml
@ -1,8 +1,8 @@
 ---
 # Set this to the user ansible is logging in as - should have root
 # or sudo access
-mysql_user_home: "/home/{{ ansible_user_id }}"
+mysql_user_home: /home/atm
-mysql_user_name: "{{ ansible_user_id }}"
+mysql_user_name: atm
 # The default root user installed by mysql - almost always root
 mysql_root_home: /root
--- a/ansible/vars/mcaptcha/mcaptcha.yml
+++ b/ansible/vars/mcaptcha/mcaptcha.yml
@ -0,0 +1,61 @@
 mcaptcha_debug: false
 # mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha'
 mcaptcha_commercial: false
 mcaptcha_allow_demo: false
 mcaptcha_allow_registration: false
 # Please set a unique value, your mCaptcha instance's security depends on this being
 # unique
 mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
 mcaptcha_server_port: 7000
 mcaptcha_server_bind: "127.0.0.1"
 mcaptcha_server_hostname: "mcaptcha.local"
 # Set true if you have setup TLS with a reverse proxy like Nginx.
 # Does HTTPS redirect and sends additional headers that can only be used if
 # HTTPS available to improve security
 #mcaptcha_proxy_has_tls: false
 # Please set a unique value, your mCaptcha instance's security depends on this being
 # unique
 mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
 # garbage collection period to manage mCaptcha system
 # leave untouched if you don't know what you are doing
 # mcaptcha_captcha_gc: 30
 # mcaptcha_captcha_runners: 4
 # mcaptcha_captcha_queue_length: 2000
 mcaptcha_captcha_enable_stats: true
 #mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
 #mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
 #mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000  # greater than 3.5s
 # cooldown period in seconds
 mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
  #{% if database_type == 'postgres' %}
  #  {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %}
  #{% else %}
  #  {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %}
  #{% endif %}
 #mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}"
  #mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}"
 #  mysql://mcaptcha:password@localhost/mcaptcha"
 mcaptcha_database_pool: 4
  #mcaptcha_database_url: "{{ mcaptcha_database_url }}"
 mcaptcha_redis_url: "redis://127.0.0.1"
 mcaptcha_redis_pool: 4
 mcaptcha_redis_url: "redis://127.0.0.1"
 mcaptcha_redis_pool: 4
 mcaptcha_smtp_from: "admin@localhost"
 mcaptcha_smtp_reply: "admin@localhost"
 mcaptcha_smtp_url: "127.0.0.1"
 mcaptcha_smtp_port: 10025
 mcaptcha_smtp_username: "admin"
 mcaptcha_smtp_password: "password"
 #[survey]
 #nodes = ["http://localhost:7001"]
 #rate_limit = 10 # upload every hour
 #instance_root_url = "http://localhost:7000"
--- a/ansible/vars/mcaptcha/vars.yml
+++ b/ansible/vars/mcaptcha/vars.yml
@ -1,70 +1,2 @@
-database_type: "postgres" # REQUIRED. options: "mariadb", "postgres"
+database_type: "postgres" # options: "mariadb", "postgres"
-cache_type: "redis" # REQUIRED. options: "embedded", "redis"
+cache_type: "redis" # options: "embedded", "redis"
 # database user
 database_owner: "mcaptcha"
 database_name: "mcaptcha"
 # AUTO-GENERATED. database password
 database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}"
 # Database connection pool
 mcaptcha_database_pool: 4
 # debug logging
 mcaptcha_debug: false
 # doens't do anything at the moment
 mcaptcha_commercial: false
 # create demo user and allow demo login
 mcaptcha_allow_demo: false
 # allow registration of new accounts. Required for the first user account.
 # Please edit to set to "false" and re-rerun playbook if registration is
 # undesirable.
 mcaptcha_allow_registration: true
 # AUTO-GENERATED. Randomly generated unique value for signing cookies.
 mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
 # REQUIRED. mcaptcha server port. Won't be exposed to internet, change if something else
 # is listening on binding IP and port combination. 
 mcaptcha_server_port: 7000
 # REQUIRED. bind to IP. If using reverse proxy (playbook installs and configures nginx), set to 127.0.0.1.
 mcaptcha_server_bind: "127.0.0.1"
 # REQUIRED. hostname of the mcaptcha installation. Incorrect hostname will cause login failures.
 mcaptcha_server_hostname: "mcaptcha.local"
 # AUTO-GENERATED. IGNORE if unfamiliar.
 mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
 # IGNORE if unfamiliar. # garbage collection period to manage mCaptcha system
 # mcaptcha_captcha_gc: 30
 # IGNORE if unfamiliar. Number of threads used to validate Proof-of-Work (PoW)
 # mcaptcha_captcha_runners: 4
 # IGNORE if unfamiliar. Maximum pending jobs in queue for PoW validation
 # mcaptcha_captcha_queue_length: 2000
 # Store PoW compute time statistics
 mcaptcha_captcha_enable_stats: true
 # IGNORE if unfamiliar. Difficulty factor for average traffic. Used in "easy mode" CAPTCHA configuration generation.
 #mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
 # IGNORE if unfamiliar. Difficulty factor for peak traffic levels. Used in "easy mode" CAPTCHA configuration generation.
 #mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
 # IGNORE if unfamiliar. Difficulty factor for maximum traffic levels. Used in "easy mode" CAPTCHA configuration generation.
 #mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000  # greater than 3.5s
 # IGNORE if unfamiliar. Default cooldown period in seconds for "easy mode".
 mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
 # Redis instance URL
 mcaptcha_redis_url: "redis://127.0.0.1"
 # Redis connection pool
 mcaptcha_redis_pool: 4
 # smtp configuration
 mcaptcha_smtp_from: "admin@localhost"
 mcaptcha_smtp_reply: "admin@localhost"
 mcaptcha_smtp_url: "127.0.0.1"
 mcaptcha_smtp_port: 10025
 mcaptcha_smtp_username: "admin"
 mcaptcha_smtp_password: "password"
 #[survey]
 #nodes = ["http://localhost:7001"]
 #rate_limit = 10 # upload every hour
 #instance_root_url = "http://localhost:7000"