Compare commits
46 commits
Author | SHA1 | Date | |
---|---|---|---|
15775ddd8c | |||
|
d491f26e49 | ||
74cd88322d | |||
152fb05cb6 | |||
06d3da8019 | |||
165b2d24f7 | |||
1c17a3f3d9 | |||
7e9f0a3633 | |||
713ec1dd18 | |||
bf87080e33 | |||
0306798bad | |||
9833f7fd98 | |||
58cb71dab3 | |||
418c792e83 | |||
3da25ea1c3 | |||
64302fed4c | |||
b6b58b6156 | |||
66f3979930 | |||
2c02ae4b95 | |||
b74731476d | |||
69fb946f3f | |||
dcc821782e | |||
9922989d5d | |||
c469878daf | |||
bbff7f41a5 | |||
4a81e7d591 | |||
50569c8a32 | |||
a0a2e915af | |||
800a6b6ebc | |||
4e7f4b6be6 | |||
60f730153e | |||
6457176823 | |||
da087a74c7 | |||
f7206d721c | |||
3002808f92 | |||
c8a34a6e7b | |||
eb586633ec | |||
908f96b51a | |||
beeef3c7bd | |||
aced3188b2 | |||
e3054d1297 | |||
fe0c02dd09 | |||
2b23534250 | |||
4186f1eb47 | |||
1158590b7f | |||
458d774f99 |
43 changed files with 1309 additions and 307 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -159,3 +159,6 @@ cython_debug/
|
||||||
# and can be added to the global gitignore or merged into this file. For a more nuclear
|
# and can be added to the global gitignore or merged into this file. For a more nuclear
|
||||||
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
|
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
|
||||||
#.idea/
|
#.idea/
|
||||||
|
ansible/credentials/
|
||||||
|
terraform/mcaptcha/mcaptcha
|
||||||
|
sec/
|
||||||
|
|
27
.woodpecker.yml
Normal file
27
.woodpecker.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
steps:
|
||||||
|
backend:
|
||||||
|
image: python:3-bookworm
|
||||||
|
environment:
|
||||||
|
- ANSIBLE_HOST_KEY_CHECKING=False
|
||||||
|
commands:
|
||||||
|
- export PATH=$PATH:/root/.local/bin
|
||||||
|
- eval "$(ssh-agent -s)"
|
||||||
|
- make ci.init
|
||||||
|
- cat terraform/mcaptcha/hosts.ini
|
||||||
|
# db: mariadb cache: redis
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=redis" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
# db: postgres cache: redis
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=redis" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
# embedded cache
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=embedded" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
# embedded cache
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=embedded" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
|
||||||
|
- make ci.clean
|
||||||
|
secrets: [TEST_NODE_SSH_KEY]
|
91
Makefile
91
Makefile
|
@ -16,9 +16,21 @@ endef
|
||||||
|
|
||||||
define configure_locust
|
define configure_locust
|
||||||
. ./venv/bin/activate && \
|
. ./venv/bin/activate && \
|
||||||
ansible-playbook -i $(INVENTORY) -f 10 ./ansible/locust/main.yml
|
ansible-playbook -i $(INVENTORY) -f 10 ./ansible/locust.yml
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
define configure_cache
|
||||||
|
. ./venv/bin/activate && \
|
||||||
|
ansible-playbook -i $(INVENTORY) -f 10 ./ansible/cache.yml
|
||||||
|
endef
|
||||||
|
|
||||||
|
define configure_mcaptcha
|
||||||
|
. ./venv/bin/activate && \
|
||||||
|
ansible-playbook -i $(INVENTORY) -f 10 ./ansible/mcaptcha.yml
|
||||||
|
endef
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
define test_base
|
define test_base
|
||||||
. ./venv/bin/activate && \
|
. ./venv/bin/activate && \
|
||||||
cd tests/ && \
|
cd tests/ && \
|
||||||
|
@ -31,6 +43,32 @@ define test_base
|
||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
define test_cache
|
||||||
|
. ./venv/bin/activate && \
|
||||||
|
cd tests/cache/ && \
|
||||||
|
ANSIBLE_REMOTE_USER=root \
|
||||||
|
py.test --hosts='ansible://mcaptcha_hosts' \
|
||||||
|
-n 10 \
|
||||||
|
--verbose \
|
||||||
|
--ansible-inventory="../../${INVENTORY}" \
|
||||||
|
base.py
|
||||||
|
|
||||||
|
endef
|
||||||
|
|
||||||
|
define test_mcaptcha
|
||||||
|
. ./venv/bin/activate && \
|
||||||
|
cd tests/mcaptcha/ && \
|
||||||
|
ANSIBLE_REMOTE_USER=root \
|
||||||
|
py.test --hosts='ansible://mcaptcha_hosts' \
|
||||||
|
-n 10 \
|
||||||
|
--verbose \
|
||||||
|
--ansible-inventory="../../${INVENTORY}" \
|
||||||
|
base.py
|
||||||
|
|
||||||
|
endef
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
define test_locust
|
define test_locust
|
||||||
. ./venv/bin/activate && \
|
. ./venv/bin/activate && \
|
||||||
cd tests/locust/ && \
|
cd tests/locust/ && \
|
||||||
|
@ -46,9 +84,9 @@ endef
|
||||||
# ```bash
|
# ```bash
|
||||||
# INVENTORY=./terraform/dos/hosts.ini make conf.base
|
# INVENTORY=./terraform/dos/hosts.ini make conf.base
|
||||||
# ```
|
# ```
|
||||||
conf.base: ## Get all VMs to base level configuration
|
#conf.base: ## Get all VMs to base level configuration
|
||||||
$(call configure_base)
|
# $(call configure_base)
|
||||||
|
#
|
||||||
|
|
||||||
lint: ## Lint source code
|
lint: ## Lint source code
|
||||||
terraform fmt
|
terraform fmt
|
||||||
|
@ -60,9 +98,22 @@ lint: ## Lint source code
|
||||||
# INVENTORY=./terraform/dos/hosts.ini make conf.base
|
# INVENTORY=./terraform/dos/hosts.ini make conf.base
|
||||||
# ```
|
# ```
|
||||||
conf.dos: ## Configure all DoS VMs
|
conf.dos: ## Configure all DoS VMs
|
||||||
$(call configure_base)
|
|
||||||
$(call configure_locust)
|
$(call configure_locust)
|
||||||
|
|
||||||
|
|
||||||
|
# ```bash
|
||||||
|
# INVENTORY=./terraform/dos/hosts.ini make conf.cache
|
||||||
|
# ```
|
||||||
|
conf.cache: ## Configure all cache VMs
|
||||||
|
$(call configure_cache)
|
||||||
|
|
||||||
|
# ```bash
|
||||||
|
# INVENTORY=./terraform/dos/hosts.ini make conf.mcaptcha
|
||||||
|
# ```
|
||||||
|
conf.mcaptcha: ## Configure all mcaptcha VMs
|
||||||
|
$(call configure_mcaptcha)
|
||||||
|
|
||||||
|
|
||||||
# ```bash
|
# ```bash
|
||||||
# INVENTORY=./terraform/dos/hosts.ini make conf.ping
|
# INVENTORY=./terraform/dos/hosts.ini make conf.ping
|
||||||
# ```
|
# ```
|
||||||
|
@ -77,5 +128,35 @@ test: ## Run all tests
|
||||||
test.base: ## Test base configuration on all VMs
|
test.base: ## Test base configuration on all VMs
|
||||||
$(call test_base)
|
$(call test_base)
|
||||||
|
|
||||||
|
test.cache: ## Test cache configuration
|
||||||
|
$(call test_cache)
|
||||||
|
|
||||||
|
test.mcaptcha: ## Test mcaptcha configuration
|
||||||
|
$(call test_mcaptcha)
|
||||||
|
|
||||||
|
ci.init:
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients genisoimage
|
||||||
|
./scripts/ci.sh --init "$$TEST_NODE_SSH_KEY"
|
||||||
|
ssh-add /tmp/ci-ssh-id
|
||||||
|
ssh -o StrictHostKeyChecking=accept-new mcaptcha-ci@192.168.0.102 "echo f"
|
||||||
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
|
curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg
|
||||||
|
chmod a+r /etc/apt/keyrings/opentofu.gpg
|
||||||
|
echo "deb [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" > /etc/apt/sources.list.d/opentofu.list
|
||||||
|
echo "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" >> /etc/apt/sources.list.d/opentofu.list
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y tofu
|
||||||
|
tofu -chdir=terraform/mcaptcha/ init
|
||||||
|
tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha"
|
||||||
|
tofu -chdir=terraform/mcaptcha/ apply "mcaptcha"
|
||||||
|
pip install virtualenv && virtualenv venv
|
||||||
|
. venv/bin/activate && pip install -r requirements.txt
|
||||||
|
. venv/bin/activate && ansible-galaxy install -r ./ansible/requirements.yml
|
||||||
|
|
||||||
|
ci.clean:
|
||||||
|
echo yes | tofu -chdir=terraform/mcaptcha/ destroy -var-file="ci.tfvars"
|
||||||
|
./scripts/ci.sh --clean
|
||||||
|
|
||||||
help: ## Prints help for targets with comments
|
help: ## Prints help for targets with comments
|
||||||
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
||||||
|
|
|
@ -4,19 +4,17 @@
|
||||||
|
|
||||||
---
|
---
|
||||||
- name: Install and enable firewall
|
- name: Install and enable firewall
|
||||||
hosts: [mcaptcha_dos, mcaptcha_demo_server, mcaptcha_mcaptcha]
|
hosts: all
|
||||||
remote_user: atm
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: Ensure all VMs are reachable
|
- name: Ensure all VMs are reachable
|
||||||
ansible.builtin.ping:
|
ansible.builtin.ping:
|
||||||
roles:
|
|
||||||
- ufw
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Install git, zip, nginx, wget, curl & other utils
|
- name: Install git, zip, nginx, wget, curl & other utils
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
pkg:
|
pkg:
|
||||||
- git
|
- git
|
||||||
- wget
|
- wget
|
||||||
|
@ -27,10 +25,3 @@
|
||||||
- python3-pip
|
- python3-pip
|
||||||
- virtualenv
|
- virtualenv
|
||||||
- python3-setuptools
|
- python3-setuptools
|
||||||
- ufw
|
|
||||||
|
|
||||||
- name: Install Docker
|
|
||||||
hosts: mcaptcha_dos
|
|
||||||
remote_user: atm
|
|
||||||
roles:
|
|
||||||
- docker
|
|
14
ansible/cache.yml
Normal file
14
ansible/cache.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
---
|
||||||
|
- name: Base configuration
|
||||||
|
ansible.builtin.import_playbook: base.yml
|
||||||
|
|
||||||
|
- name: Install redis cache
|
||||||
|
hosts: all
|
||||||
|
pre_tasks:
|
||||||
|
- name: Ensure all VMs are reachable
|
||||||
|
ansible.builtin.ping:
|
||||||
|
roles:
|
||||||
|
- cache
|
|
@ -1,16 +1,20 @@
|
||||||
|
---
|
||||||
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
- name: Base configuration
|
||||||
|
ansible.builtin.import_playbook: base.yml
|
||||||
|
roles:
|
||||||
|
- ufw
|
||||||
|
|
||||||
---
|
|
||||||
- name: Configure Locust instances
|
- name: Configure Locust instances
|
||||||
hosts: [mcaptcha_dos]
|
hosts: [mcaptcha_dos]
|
||||||
remote_user: atm
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: Ensure all VMs are reachable
|
- name: Ensure all VMs are reachable
|
||||||
ansible.builtin.ping:
|
ansible.builtin.ping:
|
||||||
roles:
|
roles:
|
||||||
- docker-compose
|
- docker
|
||||||
|
- docker_compose
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Allow port 8089 for locust
|
- name: Allow port 8089 for locust
|
||||||
|
@ -31,7 +35,7 @@
|
||||||
- name: Copy docker-compose.yml file
|
- name: Copy docker-compose.yml file
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: ./artifacts/docker-compose.yml
|
src: ./artifacts/locust/docker-compose.yml
|
||||||
dest: /etc/locust/
|
dest: /etc/locust/
|
||||||
|
|
||||||
- name: Start locust services
|
- name: Start locust services
|
84
ansible/mcaptcha.yml
Normal file
84
ansible/mcaptcha.yml
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
#---
|
||||||
|
- name: Base configuration
|
||||||
|
ansible.builtin.import_playbook: base.yml
|
||||||
|
|
||||||
|
- name: Install and configure postgres
|
||||||
|
hosts: all
|
||||||
|
become: yes
|
||||||
|
vars_files:
|
||||||
|
- vars/mcaptcha/vars.yml
|
||||||
|
- vars/mcaptcha/postgresql.yml
|
||||||
|
tasks:
|
||||||
|
- ansible.builtin.include_role:
|
||||||
|
name: geerlingguy.postgresql
|
||||||
|
when:
|
||||||
|
database_type == "postgres"
|
||||||
|
|
||||||
|
- name: Install and configure mariadb
|
||||||
|
hosts: all
|
||||||
|
become: yes
|
||||||
|
vars_files:
|
||||||
|
- vars/mcaptcha/vars.yml
|
||||||
|
- vars/mcaptcha/mariadb.yml
|
||||||
|
tasks:
|
||||||
|
- ansible.builtin.include_role:
|
||||||
|
name: geerlingguy.mysql
|
||||||
|
when:
|
||||||
|
database_type == "mariadb"
|
||||||
|
|
||||||
|
- name: Install and configure cache
|
||||||
|
hosts: all
|
||||||
|
become: yes
|
||||||
|
vars_files:
|
||||||
|
- vars/mcaptcha/vars.yml
|
||||||
|
tasks:
|
||||||
|
- name: conditionally install redis cache
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: cache
|
||||||
|
when: cache_type == "redis"
|
||||||
|
|
||||||
|
- name: Install mCaptcha binary
|
||||||
|
hosts: all
|
||||||
|
vars_files:
|
||||||
|
- vars/mcaptcha/vars.yml
|
||||||
|
roles:
|
||||||
|
- mcaptcha
|
||||||
|
tasks:
|
||||||
|
- name: restart mcaptcha
|
||||||
|
debug:
|
||||||
|
msg: "mCaptcha successfully deployed to {{ mcaptcha_server_hostname }}"
|
||||||
|
notify: restart mcaptcha
|
||||||
|
|
||||||
|
- name: Install git, zip, nginx, wget, curl & other utils
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
|
pkg:
|
||||||
|
- nginx
|
||||||
|
|
||||||
|
- name: Copy nginx vhost
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ./templates/mcaptcha/nginx.vhost.j2
|
||||||
|
dest: "/etc/nginx/sites-available/{{ mcaptcha_server_hostname }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: true
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Copy nginx vhost
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: "/etc/nginx/sites-available/{{ mcaptcha_server_hostname }}"
|
||||||
|
dest: "/etc/nginx/sites-enabled/{{ mcaptcha_server_hostname }}"
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: Restart nginx
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
|
@ -5,7 +5,6 @@
|
||||||
---
|
---
|
||||||
- name: Ping all servers
|
- name: Ping all servers
|
||||||
hosts: all
|
hosts: all
|
||||||
remote_user: atm
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure all VMs are reachable
|
- name: Ensure all VMs are reachable
|
||||||
|
|
3
ansible/requirements.yml
Normal file
3
ansible/requirements.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
- src: geerlingguy.mysql
|
||||||
|
|
||||||
|
- src: geerlingguy.postgresql
|
7
ansible/roles/cache/handlers/main.yml
vendored
Normal file
7
ansible/roles/cache/handlers/main.yml
vendored
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
- name: Restart redis
|
||||||
|
listen: restart redis
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: redis
|
||||||
|
enabled: true
|
||||||
|
state: restarted
|
78
ansible/roles/cache/tasks/main.yml
vendored
Normal file
78
ansible/roles/cache/tasks/main.yml
vendored
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
---
|
||||||
|
- name: Install redis-server
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
|
pkg:
|
||||||
|
- redis-server
|
||||||
|
|
||||||
|
- name: Create Redis plugins dir
|
||||||
|
become: true
|
||||||
|
notify: restart redis
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /usr/lib/redis/modules
|
||||||
|
owner: redis
|
||||||
|
group: redis
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Load mCaptcha module
|
||||||
|
become: true
|
||||||
|
notify: restart redis
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/redis/redis.conf
|
||||||
|
line: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- "loadmodule /usr/lib/redis/modules/libcache.so"
|
||||||
|
- "bind 0.0.0.0"
|
||||||
|
|
||||||
|
- name: Copy custom Redis configuration
|
||||||
|
become: true
|
||||||
|
notify: restart redis
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
owner: redis
|
||||||
|
group: redis
|
||||||
|
force: true
|
||||||
|
loop:
|
||||||
|
- /etc/redis/redis.conf
|
||||||
|
- /etc/redis/
|
||||||
|
|
||||||
|
- name: Create download dir
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /tmp/cache-lib
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Download plugin
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://dl.mcaptcha.org/mcaptcha/cache/master/cache-master-linux-amd64.tar.gz
|
||||||
|
dest: /tmp/cache-lib/
|
||||||
|
checksum: sha256:https://dl.mcaptcha.org/mcaptcha/cache/master/cache-master-linux-amd64.tar.gz.sha256
|
||||||
|
|
||||||
|
- name: Extract cache-master-linux-amd64.tar.gz into /var/lib/foo
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: /tmp/cache-lib/cache-master-linux-amd64.tar.gz
|
||||||
|
remote_src: true
|
||||||
|
dest: /tmp/cache-lib/
|
||||||
|
|
||||||
|
- name: Copy custom Redis configuration
|
||||||
|
become: true
|
||||||
|
notify: restart redis
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: /tmp/cache-lib/cache-master-linux-amd64/libcache.so
|
||||||
|
remote_src: true
|
||||||
|
dest: /usr/lib/redis/modules/
|
||||||
|
owner: redis
|
||||||
|
group: redis
|
||||||
|
force: true
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Delete download dir
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /tmp/cache-lib
|
||||||
|
state: absent
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
@ -29,10 +28,10 @@
|
||||||
name: docker-ce
|
name: docker-ce
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
- name: Install Docker Module for Python
|
#- name: Install Docker Module for Python
|
||||||
become: true
|
# become: true
|
||||||
ansible.builtin.pip:
|
# community.general.pipx:
|
||||||
name: docker
|
# name: docker
|
||||||
|
|
||||||
- name: Ensure docker group is present
|
- name: Ensure docker group is present
|
||||||
become: true
|
become: true
|
||||||
|
@ -40,8 +39,8 @@
|
||||||
name: docker
|
name: docker
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Add user atm to docker group
|
- name: Add user to docker group
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: atm # TODO: add admin user to docker group
|
name: "{{ ansible_user_id }}"
|
||||||
groups: docker,users,admin
|
groups: docker,users,admin
|
||||||
|
|
|
@ -7,5 +7,6 @@
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
pkg:
|
pkg:
|
||||||
- docker-compose
|
- docker-compose
|
7
ansible/roles/mcaptcha/handlers/main.yml
Normal file
7
ansible/roles/mcaptcha/handlers/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
- name: restart mcaptcha
|
||||||
|
listen: restart mcaptcha
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: mcaptcha
|
||||||
|
enabled: true
|
||||||
|
state: restarted
|
82
ansible/roles/mcaptcha/tasks/main.yml
Normal file
82
ansible/roles/mcaptcha/tasks/main.yml
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
---
|
||||||
|
- name: Create mCaptcha systemd user
|
||||||
|
become: true
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: mcaptcha
|
||||||
|
state: present
|
||||||
|
system: true
|
||||||
|
comment: mCaptcha systemd user
|
||||||
|
|
||||||
|
- name: Create download dir
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /tmp/mcaptcha-dl
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Download binary
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
|
||||||
|
dest: /tmp/mcaptcha-dl
|
||||||
|
checksum: sha256:https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
|
||||||
|
|
||||||
|
- name: Extract mcaptcha-master-linux-amd64.tar.gz into /var/lib/foo
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64.tar.gz
|
||||||
|
remote_src: true
|
||||||
|
dest: /tmp/mcaptcha-dl/
|
||||||
|
|
||||||
|
- name: Install binary
|
||||||
|
become: true
|
||||||
|
notify: restart mcaptcha
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64/mcaptcha
|
||||||
|
remote_src: true
|
||||||
|
dest: /usr/local/bin/mcaptcha
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: true
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Copy mCaptcha systemd servicefile
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ./templates/mcaptcha/mcaptcha.service.j2
|
||||||
|
dest: /etc/systemd/system/mcaptcha.service
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: true
|
||||||
|
mode: "0777"
|
||||||
|
|
||||||
|
- name: Create mCaptcha config dir
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/mcaptcha
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Copy mCaptcha config file
|
||||||
|
become: true
|
||||||
|
notify: restart mcaptcha
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ./templates/mcaptcha/config.toml.j2
|
||||||
|
dest: /etc/mcaptcha/config.toml
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: true
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Run mCaptcha as a systemd service
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: mcaptcha
|
||||||
|
daemon_reload: true
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Delete download dir
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /tmp/mcaptcha-dl
|
||||||
|
state: absent
|
|
@ -7,6 +7,7 @@
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
pkg:
|
pkg:
|
||||||
- ntp
|
- ntp
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
pkg:
|
pkg:
|
||||||
- ufw
|
- ufw
|
||||||
|
|
||||||
|
|
81
ansible/templates/mcaptcha/config.toml.j2
Normal file
81
ansible/templates/mcaptcha/config.toml.j2
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
{% if database_type == 'postgres' %}
|
||||||
|
{% set mcaptcha_database_url = "postgres://" ~ database_owner ~ ":" ~ database_password ~ "@" ~ "localhost:5432/" ~ database_name %}
|
||||||
|
{% else %}
|
||||||
|
{% set mcaptcha_database_url = "mysql://" ~ database_owner ~ ":" ~ database_password ~ "@" ~ "localhost/" ~ database_name %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
debug = "{{ mcaptcha_debug | default('false') }}"
|
||||||
|
source_code = "{{ mcaptcha_source_code | default('https://github.com/mCaptcha/mCaptcha') }}"
|
||||||
|
commercial = "{{ mcaptcha_commercial | default('false') }}"
|
||||||
|
allow_demo = "{{ mcaptcha_allow_demo | default('false') }}"
|
||||||
|
allow_registration = "{{ mcaptcha_allow_registration | default('true') }}"
|
||||||
|
|
||||||
|
[server]
|
||||||
|
# Please set a unique value, your mCaptcha instance's security depends on this being
|
||||||
|
# unique
|
||||||
|
cookie_secret = "{{ mcaptcha_server_cookie_secret }}"
|
||||||
|
# The port at which you want authentication to listen to
|
||||||
|
# takes a number, choose from 1000-10000 if you dont know what you are doing
|
||||||
|
port = "{{ mcaptcha_server_port | default(7000) }}"
|
||||||
|
#IP address. Enter 0.0.0.0 to listen on all available addresses
|
||||||
|
ip= "{{ mcaptcha_server_bind | default('127.0.0.1') }}"
|
||||||
|
# enter your hostname, eg: example.com
|
||||||
|
domain = "{{ mcaptcha_server_hostname }}"
|
||||||
|
# Set true if you have setup TLS with a reverse proxy like Nginx.
|
||||||
|
# Does HTTPS redirect and sends additional headers that can only be used if
|
||||||
|
# HTTPS available to improve security
|
||||||
|
proxy_has_tls = "{{ mcaptcha_proxy_has_tls | default('false') }}"
|
||||||
|
|
||||||
|
[captcha]
|
||||||
|
# Please set a unique value, your mCaptcha instance's security depends on this being
|
||||||
|
# unique
|
||||||
|
salt = "{{ mcaptcha_captcha_salt }}"
|
||||||
|
# garbage collection period to manage mCaptcha system
|
||||||
|
# leave untouched if you don't know what you are doing
|
||||||
|
gc = "{{ mcaptcha_captcha_gc | default(30) }}" #30
|
||||||
|
runners = "{{ mcaptcha_captcha_runners | default(4) }}" #4
|
||||||
|
queue_length = "{{ mcaptcha_captcha_queue_length | default(2000) }}" #2000
|
||||||
|
enable_stats = "{{ mcaptcha_captcha_enable_stats | default('true') }}" #true
|
||||||
|
|
||||||
|
[captcha.default_difficulty_strategy]
|
||||||
|
avg_traffic_difficulty = "{{ mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty | default(50000) }}" # 50000 # almost instant solution
|
||||||
|
peak_sustainable_traffic_difficulty = "{{ mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty | default(3000000) }}" # 3000000 # roughly 1.5s
|
||||||
|
broke_my_site_traffic_difficulty = "{{ mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty | default(5000000) }}" # 5000000 # greater than 3.5s
|
||||||
|
# cooldown period in seconds
|
||||||
|
duration = "{{ mcaptcha_captcha_default_difficulty_strategy_avg_duration | default(30) }}" # 30
|
||||||
|
|
||||||
|
[database]
|
||||||
|
# This section deals with the database location and how to access it
|
||||||
|
# Please note that at the moment, we have support for only postgresqa.
|
||||||
|
# Example, if you are Batman, your config would be:
|
||||||
|
# url = "postgres://batman:password@batcave.org:5432/batcave"
|
||||||
|
# database_type = "postgres"
|
||||||
|
# pool = 4
|
||||||
|
url = "{{ mcaptcha_database_url }}" # "postgres://example.org" # hack for tests to run successfully
|
||||||
|
|
||||||
|
pool = "{{ mcaptcha_database_pool | default(4) }}" #4
|
||||||
|
|
||||||
|
|
||||||
|
{% if cache_type == 'redis' %}
|
||||||
|
[redis]
|
||||||
|
# This section deals with the database location and how to access it
|
||||||
|
# Please note that at the moment, we have support for only postgresqa.
|
||||||
|
# Example, if you are Batman, your config would be:
|
||||||
|
url = "{{ mcaptcha_redis_url }}" #"redis://127.0.0.1"
|
||||||
|
pool = "{{ mcaptcha_redis_pool | default(4) }}" #4
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[smtp]
|
||||||
|
from = "{{ mcaptcha_smtp_from }}" # "admin@localhost"
|
||||||
|
reply = "{{ mcaptcha_smtp_reply }}" #"admin@localhost"
|
||||||
|
url = "{{ mcaptcha_smtp_url }}" #"127.0.0.1"
|
||||||
|
port = "{{ mcaptcha_smtp_port }}" #10025
|
||||||
|
username = "{{ mcaptcha_smtp_username }}" #"admin"
|
||||||
|
password = "{{ mcaptcha_smtp_password }}" #"password"
|
||||||
|
|
||||||
|
#[survey]
|
||||||
|
#nodes = ["http://localhost:7001"]
|
||||||
|
#rate_limit = 10 # upload every hour
|
||||||
|
#instance_root_url = "http://localhost:7000"
|
34
ansible/templates/mcaptcha/mcaptcha.service.j2
Normal file
34
ansible/templates/mcaptcha/mcaptcha.service.j2
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
[Unit]
|
||||||
|
Description=mCaptcha: PoW CAPTCHA system
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
{% if cache_type == 'redis' %}
|
||||||
|
Wants=redis.service
|
||||||
|
After=redis.service
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if database_type == 'postgres' %}
|
||||||
|
Wants=postgresql.service
|
||||||
|
After=postgresql.service
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if database_type == 'mariadb' %}
|
||||||
|
Wants=mariadb.service
|
||||||
|
After=mariadb.service
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
RestartSec=2s
|
||||||
|
Type=simple
|
||||||
|
User=mcaptcha
|
||||||
|
Group=mcaptcha
|
||||||
|
WorkingDirectory=/home/mcaptcha/
|
||||||
|
ExecStart=/usr/local/bin/mcaptcha
|
||||||
|
Restart=always
|
||||||
|
Environment=USER=mcaptcha HOME=/home/mcaptcha
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
12
ansible/templates/mcaptcha/nginx.vhost.j2
Normal file
12
ansible/templates/mcaptcha/nginx.vhost.j2
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name {{ mcaptcha_server_hostname }};
|
||||||
|
error_log /var/log/nginx/"{{ mcaptcha_server_hostname }}".error.log;
|
||||||
|
access_log /var/log/nginx/"{{ mcaptcha_server_hostname }}".access.log;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://{{ mcaptcha_server_bind }}:{{ mcaptcha_server_port }};
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
}
|
136
ansible/vars/mcaptcha/mariadb.yml
Normal file
136
ansible/vars/mcaptcha/mariadb.yml
Normal file
|
@ -0,0 +1,136 @@
|
||||||
|
---
|
||||||
|
# Set this to the user ansible is logging in as - should have root
|
||||||
|
# or sudo access
|
||||||
|
mysql_user_home: "/home/{{ ansible_user_id }}"
|
||||||
|
mysql_user_name: "{{ ansible_user_id }}"
|
||||||
|
|
||||||
|
# The default root user installed by mysql - almost always root
|
||||||
|
mysql_root_home: /root
|
||||||
|
mysql_root_username: root
|
||||||
|
mysql_root_password: root
|
||||||
|
|
||||||
|
# Set this to `true` to forcibly update the root password.
|
||||||
|
mysql_root_password_update: true
|
||||||
|
mysql_user_password_update: true
|
||||||
|
|
||||||
|
mysql_enabled_on_startup: true
|
||||||
|
|
||||||
|
# Whether my.cnf should be updated on every run.
|
||||||
|
overwrite_global_mycnf: true
|
||||||
|
|
||||||
|
# The following variables have a default value depending on operating system.
|
||||||
|
# mysql_config_file: /etc/my.cnf
|
||||||
|
# mysql_config_include_dir: /etc/my.cnf.d
|
||||||
|
|
||||||
|
# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only
|
||||||
|
# for RedHat systems (and derivatives).
|
||||||
|
mysql_enablerepo: ""
|
||||||
|
|
||||||
|
# Define a custom list of packages to install; if none provided, the default
|
||||||
|
# package list from vars/[OS-family].yml will be used.
|
||||||
|
# mysql_packages:
|
||||||
|
# - mysql
|
||||||
|
# - mysql-server
|
||||||
|
# - MySQL-python
|
||||||
|
|
||||||
|
mysql_python_package_debian: python3-mysqldb
|
||||||
|
|
||||||
|
# MySQL connection settings.
|
||||||
|
mysql_port: "3306"
|
||||||
|
mysql_bind_address: '0.0.0.0'
|
||||||
|
mysql_skip_name_resolve: false
|
||||||
|
mysql_datadir: /var/lib/mysql
|
||||||
|
mysql_sql_mode: ~
|
||||||
|
# The following variables have a default value depending on operating system.
|
||||||
|
# mysql_pid_file: /var/run/mysqld/mysqld.pid
|
||||||
|
# mysql_socket: /var/lib/mysql/mysql.sock
|
||||||
|
|
||||||
|
# Log file settings.
|
||||||
|
mysql_log_file_group: mysql
|
||||||
|
|
||||||
|
# Slow query log settings.
|
||||||
|
mysql_slow_query_log_enabled: false
|
||||||
|
mysql_slow_query_time: "2"
|
||||||
|
# The following variable has a default value depending on operating system.
|
||||||
|
# mysql_slow_query_log_file: /var/log/mysql-slow.log
|
||||||
|
|
||||||
|
# Memory settings (default values optimized ~512MB RAM).
|
||||||
|
mysql_key_buffer_size: "256M"
|
||||||
|
mysql_max_allowed_packet: "64M"
|
||||||
|
mysql_table_open_cache: "256"
|
||||||
|
mysql_sort_buffer_size: "1M"
|
||||||
|
mysql_read_buffer_size: "1M"
|
||||||
|
mysql_read_rnd_buffer_size: "4M"
|
||||||
|
mysql_myisam_sort_buffer_size: "64M"
|
||||||
|
mysql_thread_cache_size: "8"
|
||||||
|
mysql_query_cache_type: "0"
|
||||||
|
mysql_query_cache_size: "16M"
|
||||||
|
mysql_query_cache_limit: "1M"
|
||||||
|
mysql_max_connections: "151"
|
||||||
|
mysql_tmp_table_size: "16M"
|
||||||
|
mysql_max_heap_table_size: "16M"
|
||||||
|
mysql_group_concat_max_len: "1024"
|
||||||
|
mysql_join_buffer_size: "262144"
|
||||||
|
|
||||||
|
# Other settings.
|
||||||
|
mysql_lower_case_table_names: "0"
|
||||||
|
mysql_wait_timeout: "28800"
|
||||||
|
mysql_event_scheduler_state: "OFF"
|
||||||
|
|
||||||
|
# InnoDB settings.
|
||||||
|
mysql_innodb_file_per_table: "1"
|
||||||
|
# Set .._buffer_pool_size up to 80% of RAM but beware of setting too high.
|
||||||
|
mysql_innodb_buffer_pool_size: "256M"
|
||||||
|
# Set .._log_file_size to 25% of buffer pool size.
|
||||||
|
mysql_innodb_log_file_size: "64M"
|
||||||
|
mysql_innodb_log_buffer_size: "8M"
|
||||||
|
mysql_innodb_flush_log_at_trx_commit: "1"
|
||||||
|
mysql_innodb_lock_wait_timeout: "50"
|
||||||
|
|
||||||
|
# These settings require MySQL > 5.5.
|
||||||
|
mysql_innodb_large_prefix: "1"
|
||||||
|
mysql_innodb_file_format: "barracuda"
|
||||||
|
|
||||||
|
# mysqldump settings.
|
||||||
|
mysql_mysqldump_max_allowed_packet: "64M"
|
||||||
|
|
||||||
|
# Logging settings.
|
||||||
|
mysql_log: ""
|
||||||
|
# The following variables have a default value depending on operating system.
|
||||||
|
# mysql_log_error: /var/log/mysql/mysql.err
|
||||||
|
# mysql_syslog_tag: mysql
|
||||||
|
|
||||||
|
mysql_config_include_files: []
|
||||||
|
# - src: path/relative/to/playbook/file.cnf
|
||||||
|
# - { src: path/relative/to/playbook/anotherfile.cnf, force: yes }
|
||||||
|
|
||||||
|
# Databases.
|
||||||
|
mysql_databases:
|
||||||
|
- name: mcaptcha
|
||||||
|
collation: utf8_general_ci
|
||||||
|
encoding: utf8
|
||||||
|
replicate: 1
|
||||||
|
|
||||||
|
# Users.
|
||||||
|
mysql_users:
|
||||||
|
- name: mcaptcha
|
||||||
|
priv: "mcaptcha.*:ALL"
|
||||||
|
password: "{{ database_password }}"
|
||||||
|
|
||||||
|
mysql_disable_log_bin: false
|
||||||
|
|
||||||
|
# Replication settings (replication is only enabled if master/user have values).
|
||||||
|
mysql_server_id: "1"
|
||||||
|
mysql_max_binlog_size: "100M"
|
||||||
|
mysql_binlog_format: "ROW"
|
||||||
|
mysql_expire_logs_days: "10"
|
||||||
|
mysql_replication_role: ''
|
||||||
|
mysql_replication_master: ''
|
||||||
|
mysql_replication_master_inventory_host: "{{ mysql_replication_master }}"
|
||||||
|
|
||||||
|
# Same keys as `mysql_users` above.
|
||||||
|
mysql_replication_user:
|
||||||
|
- name: mcaptcha
|
||||||
|
host: 127.0.0.1
|
||||||
|
|
||||||
|
mysql_hide_passwords: false
|
48
ansible/vars/mcaptcha/postgresql.yml
Normal file
48
ansible/vars/mcaptcha/postgresql.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
# Set postgresql state when configuration changes are made. Recommended values:
|
||||||
|
# `restarted` or `reloaded`
|
||||||
|
postgresql_restarted_state: "restarted"
|
||||||
|
|
||||||
|
postgresql_python_library: python-psycopg2
|
||||||
|
postgresql_user: postgres
|
||||||
|
postgresql_group: postgres
|
||||||
|
|
||||||
|
# `md5` or `scram-sha-256` (https://www.postgresql.org/docs/10/auth-methods.html)
|
||||||
|
postgresql_auth_method: "md5"
|
||||||
|
|
||||||
|
postgresql_unix_socket_directories:
|
||||||
|
- /var/run/postgresql
|
||||||
|
|
||||||
|
postgresql_service_state: started
|
||||||
|
postgresql_service_enabled: true
|
||||||
|
|
||||||
|
# Global configuration options that will be set in postgresql.conf.
|
||||||
|
postgresql_global_config_options:
|
||||||
|
- option: unix_socket_directories
|
||||||
|
value: '{{ postgresql_unix_socket_directories | join(",") }}'
|
||||||
|
- option: log_directory
|
||||||
|
value: 'log'
|
||||||
|
|
||||||
|
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
|
||||||
|
# variable's defaults reflect the defaults that come with a fresh installation.
|
||||||
|
postgresql_hba_entries:
|
||||||
|
- {type: local, database: all, user: postgres, auth_method: peer}
|
||||||
|
- {type: local, database: all, user: all, auth_method: peer}
|
||||||
|
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"}
|
||||||
|
- {type: host, database: all, user: all, address: '::1/128', auth_method: "{{ postgresql_auth_method }}"}
|
||||||
|
|
||||||
|
# Debian only. Used to generate the locales used by PostgreSQL databases.
|
||||||
|
postgresql_locales:
|
||||||
|
- 'en_US.UTF-8'
|
||||||
|
|
||||||
|
# Users to ensure exist.
|
||||||
|
postgresql_users:
|
||||||
|
- name: "{{ database_owner }}" #required; the rest are optional
|
||||||
|
password: "{{ database_password }}"
|
||||||
|
|
||||||
|
# Databases to ensure exist.
|
||||||
|
postgresql_databases:
|
||||||
|
- name: "{{ database_name }}" # required; the rest are optional
|
||||||
|
owner: "{{ database_owner }}"
|
||||||
|
|
||||||
|
# Whether to output user data when managing users.
|
||||||
|
postgres_users_no_log: true
|
70
ansible/vars/mcaptcha/vars.yml
Normal file
70
ansible/vars/mcaptcha/vars.yml
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
database_type: "postgres" # REQUIRED. options: "mariadb", "postgres"
|
||||||
|
cache_type: "redis" # REQUIRED. options: "embedded", "redis"
|
||||||
|
|
||||||
|
# database user
|
||||||
|
database_owner: "mcaptcha"
|
||||||
|
database_name: "mcaptcha"
|
||||||
|
# AUTO-GENERATED. database password
|
||||||
|
database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}"
|
||||||
|
|
||||||
|
# Database connection pool
|
||||||
|
mcaptcha_database_pool: 4
|
||||||
|
|
||||||
|
# debug logging
|
||||||
|
mcaptcha_debug: false
|
||||||
|
# doens't do anything at the moment
|
||||||
|
mcaptcha_commercial: false
|
||||||
|
# create demo user and allow demo login
|
||||||
|
mcaptcha_allow_demo: false
|
||||||
|
# allow registration of new accounts. Required for the first user account.
|
||||||
|
# Please edit to set to "false" and re-rerun playbook if registration is
|
||||||
|
# undesirable.
|
||||||
|
mcaptcha_allow_registration: true
|
||||||
|
|
||||||
|
# AUTO-GENERATED. Randomly generated unique value for signing cookies.
|
||||||
|
mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
|
||||||
|
# REQUIRED. mcaptcha server port. Won't be exposed to internet, change if something else
|
||||||
|
# is listening on binding IP and port combination.
|
||||||
|
mcaptcha_server_port: 7000
|
||||||
|
# REQUIRED. bind to IP. If using reverse proxy (playbook installs and configures nginx), set to 127.0.0.1.
|
||||||
|
mcaptcha_server_bind: "127.0.0.1"
|
||||||
|
# REQUIRED. hostname of the mcaptcha installation. Incorrect hostname will cause login failures.
|
||||||
|
mcaptcha_server_hostname: "mcaptcha.local"
|
||||||
|
|
||||||
|
# AUTO-GENERATED. IGNORE if unfamiliar.
|
||||||
|
mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
|
||||||
|
# IGNORE if unfamiliar. # garbage collection period to manage mCaptcha system
|
||||||
|
# mcaptcha_captcha_gc: 30
|
||||||
|
# IGNORE if unfamiliar. Number of threads used to validate Proof-of-Work (PoW)
|
||||||
|
# mcaptcha_captcha_runners: 4
|
||||||
|
# IGNORE if unfamiliar. Maximum pending jobs in queue for PoW validation
|
||||||
|
# mcaptcha_captcha_queue_length: 2000
|
||||||
|
# Store PoW compute time statistics
|
||||||
|
mcaptcha_captcha_enable_stats: true
|
||||||
|
|
||||||
|
# IGNORE if unfamiliar. Difficulty factor for average traffic. Used in "easy mode" CAPTCHA configuration generation.
|
||||||
|
#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
|
||||||
|
# IGNORE if unfamiliar. Difficulty factor for peak traffic levels. Used in "easy mode" CAPTCHA configuration generation.
|
||||||
|
#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
|
||||||
|
# IGNORE if unfamiliar. Difficulty factor for maximum traffic levels. Used in "easy mode" CAPTCHA configuration generation.
|
||||||
|
#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s
|
||||||
|
# IGNORE if unfamiliar. Default cooldown period in seconds for "easy mode".
|
||||||
|
mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
|
||||||
|
|
||||||
|
|
||||||
|
# Redis instance URL
|
||||||
|
mcaptcha_redis_url: "redis://127.0.0.1"
|
||||||
|
# Redis connection pool
|
||||||
|
mcaptcha_redis_pool: 4
|
||||||
|
|
||||||
|
# smtp configuration
|
||||||
|
mcaptcha_smtp_from: "admin@localhost"
|
||||||
|
mcaptcha_smtp_reply: "admin@localhost"
|
||||||
|
mcaptcha_smtp_url: "127.0.0.1"
|
||||||
|
mcaptcha_smtp_port: 10025
|
||||||
|
mcaptcha_smtp_username: "admin"
|
||||||
|
mcaptcha_smtp_password: "password"
|
||||||
|
#[survey]
|
||||||
|
#nodes = ["http://localhost:7001"]
|
||||||
|
#rate_limit = 10 # upload every hour
|
||||||
|
#instance_root_url = "http://localhost:7000"
|
21
renovate.json
Normal file
21
renovate.json
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{
|
||||||
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
|
"extends": [
|
||||||
|
"config:recommended",
|
||||||
|
":dependencyDashboard"
|
||||||
|
],
|
||||||
|
"labels": [
|
||||||
|
"renovate-bot"
|
||||||
|
],
|
||||||
|
"prHourlyLimit": 0,
|
||||||
|
"timezone": "Asia/kolkata",
|
||||||
|
"prCreation": "immediate",
|
||||||
|
"vulnerabilityAlerts": {
|
||||||
|
"enabled": true,
|
||||||
|
"labels": [
|
||||||
|
"renovate-bot",
|
||||||
|
"renovate-security",
|
||||||
|
"security"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
296
requirements.txt
296
requirements.txt
|
@ -1,289 +1,31 @@
|
||||||
ansible==8.1.0
|
ansible==9.1.0
|
||||||
ansible-core==2.15.1
|
ansible-core==2.16.2
|
||||||
certifi==2023.5.7
|
certifi==2023.11.17
|
||||||
cffi==1.15.1
|
cffi==1.16.0
|
||||||
charset-normalizer==3.2.0
|
charset-normalizer==3.3.2
|
||||||
contextvars==2.4
|
contextvars==2.4
|
||||||
cryptography==41.0.2
|
cryptography==41.0.7
|
||||||
distro==1.8.0
|
distro==1.8.0
|
||||||
execnet==2.0.2
|
execnet==2.0.2
|
||||||
idna==3.4
|
idna==3.6
|
||||||
immutables==0.19
|
immutables==0.20
|
||||||
iniconfig==2.0.0
|
iniconfig==2.0.0
|
||||||
Jinja2==3.1.2
|
Jinja2==3.1.2
|
||||||
jmespath==1.0.1
|
jmespath==1.0.1
|
||||||
looseversion==1.3.0
|
looseversion==1.3.0
|
||||||
MarkupSafe==2.1.3
|
MarkupSafe==2.1.3
|
||||||
msgpack==1.0.5
|
msgpack==1.0.7
|
||||||
packaging==23.1
|
packaging==23.2
|
||||||
pluggy==1.2.0
|
pluggy==1.3.0
|
||||||
psutil==5.9.5
|
psutil==5.9.6
|
||||||
pycparser==2.21
|
pycparser==2.21
|
||||||
pycryptodomex==3.18.0
|
pycryptodomex==3.19.0
|
||||||
pytest==7.4.0
|
pytest==7.4.3
|
||||||
pytest-testinfra==8.1.0
|
pytest-testinfra==10.0.0
|
||||||
pytest-xdist==3.3.1
|
pytest-xdist==3.5.0
|
||||||
PyYAML==6.0
|
|
||||||
pyzmq==25.0.2
|
|
||||||
requests==2.31.0
|
|
||||||
resolvelib==1.0.1
|
|
||||||
salt==3006.1
|
|
||||||
urllib3==2.0.3
|
|
||||||
airdrop-ng==1.1
|
|
||||||
airgraph-ng==1.1
|
|
||||||
apparmor==3.1.6
|
|
||||||
appdirs==1.4.4
|
|
||||||
argcomplete==2.0.0
|
|
||||||
asttokens==2.2.1
|
|
||||||
async-timeout==4.0.2
|
|
||||||
attrs==22.2.0
|
|
||||||
autocommand==2.2.2
|
|
||||||
autopage==0.5.1
|
|
||||||
Babel==2.12.1
|
|
||||||
beautifulsoup4==4.12.2
|
|
||||||
binwalk==2.3.3
|
|
||||||
black==23.7.0
|
|
||||||
borgbackup==1.2.4
|
|
||||||
Brlapi==0.8.5
|
|
||||||
btrfsutil==6.3.3
|
|
||||||
certifi==2023.7.22
|
|
||||||
cffi==1.15.1
|
|
||||||
chardet==5.2.0
|
|
||||||
charset-normalizer==3.2.0
|
|
||||||
click==8.1.6
|
|
||||||
cliff==4.3.0
|
|
||||||
cmd2==2.4.3
|
|
||||||
codespell==2.2.5
|
|
||||||
colorama==0.4.6
|
|
||||||
ConfigArgParse==1.5.3
|
|
||||||
contourpy==1.1.0
|
|
||||||
crit==3.18
|
|
||||||
cryptography==41.0.3
|
|
||||||
cupshelpers==1.0
|
|
||||||
cycler==0.11.0
|
|
||||||
Cython==3.0.0
|
|
||||||
dbus-python==1.3.2
|
|
||||||
debtcollector==2.5.0
|
|
||||||
decorator==5.1.1
|
|
||||||
defusedxml==0.7.1
|
|
||||||
deprecation==2.1.0
|
|
||||||
devtools==0.11.0
|
|
||||||
distlib==0.3.7
|
|
||||||
distro==1.8.0
|
|
||||||
dnspython==2.3.0
|
|
||||||
dogpile.cache==1.1.8
|
|
||||||
executing==1.2.0
|
|
||||||
fastjsonschema==2.18.0
|
|
||||||
filelock==3.12.2
|
|
||||||
fonttools==4.42.0
|
|
||||||
gevent==22.10.2
|
|
||||||
git-filter-repo==2.38.0
|
|
||||||
gpg==1.21.0
|
|
||||||
greenlet==2.0.2
|
|
||||||
html5lib==1.1
|
|
||||||
httpie==3.2.1
|
|
||||||
idna==3.4
|
|
||||||
importlib-metadata==5.0.0
|
|
||||||
inflect==7.0.0
|
|
||||||
iotop==0.6
|
|
||||||
iso8601==2.0.0
|
|
||||||
jaraco.context==4.3.0
|
|
||||||
jaraco.functools==3.8.1
|
|
||||||
jaraco.text==3.11.1
|
|
||||||
jedi==0.18.2
|
|
||||||
jmespath==1.0.1
|
|
||||||
jsonpatch==1.33
|
|
||||||
jsonpointer==2.4
|
|
||||||
jsonschema==4.19.0
|
|
||||||
jsonschema-specifications==2023.7.1
|
|
||||||
keystoneauth1==5.2.1
|
|
||||||
kiwisolver==1.4.4
|
|
||||||
lensfun==0.3.4
|
|
||||||
LibAppArmor==3.1.6
|
|
||||||
libfdt==1.7.0
|
|
||||||
libtorrent==2.0.9
|
|
||||||
libvirt-python==9.6.0
|
|
||||||
lit==15.0.7.dev0
|
|
||||||
louis==3.26.0
|
|
||||||
lxml==4.9.2
|
|
||||||
Mako==1.2.4
|
|
||||||
mallard-ducktype==1.0.2
|
|
||||||
Markdown==3.4.4
|
|
||||||
markdown-it-py==2.2.0
|
|
||||||
MarkupSafe==2.1.3
|
|
||||||
matplotlib==3.7.2
|
|
||||||
mdurl==0.1.2
|
|
||||||
MemoizeDB==2021.11.20.2.41.2
|
|
||||||
meson==1.2.1
|
|
||||||
more-itertools==10.1.0
|
|
||||||
msgpack==1.0.5
|
|
||||||
multidict==6.0.4
|
|
||||||
mypy-extensions==1.0.0
|
|
||||||
netaddr==0.8.0
|
|
||||||
netifaces==0.11.0
|
|
||||||
nftables==0.1
|
|
||||||
numpy==1.25.1
|
|
||||||
openshot-qt==3.1.1
|
|
||||||
openstacksdk==1.0.1
|
|
||||||
ordered-set==4.1.0
|
|
||||||
os-service-types==1.7.0
|
|
||||||
osc-lib==2.8.0
|
|
||||||
oslo.config==9.1.1
|
|
||||||
oslo.i18n==6.0.0
|
|
||||||
oslo.serialization==5.1.1
|
|
||||||
oslo.utils==6.1.0
|
|
||||||
packaging==23.1
|
|
||||||
parso==0.8.3
|
|
||||||
pathspec==0.11.2
|
|
||||||
pbr==5.11.1
|
|
||||||
perf==0.1
|
|
||||||
Pillow==10.0.0
|
|
||||||
pipenv==2023.7.23
|
|
||||||
pipx==1.2.0
|
|
||||||
platformdirs==3.10.0
|
|
||||||
ply==3.11
|
|
||||||
pm2ml==2021.11.20.2.41.2
|
|
||||||
pooch==1.7.0
|
|
||||||
Powerpill==2021.11.20.2.41.2
|
|
||||||
prettytable==3.6.0
|
|
||||||
protobuf==4.23.4
|
|
||||||
psutil==5.9.5
|
|
||||||
pwquality==1.4.5
|
|
||||||
pyalpm==0.10.6
|
|
||||||
pyasn1==0.4.8
|
|
||||||
pybind11==2.11.1
|
|
||||||
pycairo==1.24.0
|
|
||||||
pycparser==2.21
|
|
||||||
pycups==2.0.1
|
|
||||||
pycurl==7.45.2
|
|
||||||
pydantic==1.10.9
|
|
||||||
Pygments==2.16.1
|
|
||||||
PyGObject==3.44.1
|
|
||||||
pynvim==0.4.3
|
|
||||||
pyOpenSSL==23.2.0
|
|
||||||
pyparsing==3.0.9
|
|
||||||
pyperclip==1.8.2
|
|
||||||
PyQt5==5.15.9
|
|
||||||
PyQt5-sip==12.12.2
|
|
||||||
PyQtWebEngine==5.15.6
|
|
||||||
pyrsistent==0.19.3
|
|
||||||
pysequoia==0.1.20
|
|
||||||
PySocks==1.7.1
|
|
||||||
python-cinderclient==9.3.0
|
|
||||||
python-dateutil==2.8.2
|
|
||||||
python-glanceclient==4.1.0
|
|
||||||
python-keystoneclient==5.1.0
|
|
||||||
python-novaclient==18.3.0
|
|
||||||
python-openstackclient==6.2.0
|
|
||||||
pytz==2023.3
|
|
||||||
pyxdg==0.28
|
|
||||||
PyYAML==6.0.1
|
PyYAML==6.0.1
|
||||||
pyzmq==25.1.1
|
pyzmq==25.1.2
|
||||||
redis==4.6.0
|
|
||||||
referencing==0.30.2
|
|
||||||
Reflector==2023.6.28.0.36.1
|
|
||||||
requests==2.28.2
|
|
||||||
requests-toolbelt==1.0.0
|
|
||||||
requestsexceptions==1.4.0
|
|
||||||
rfc3986==2.0.0
|
|
||||||
rich==13.5.2
|
|
||||||
rpds-py==0.9.2
|
|
||||||
rpm==4.18.1
|
|
||||||
scipy==1.11.1
|
|
||||||
simplejson==3.19.1
|
|
||||||
six==1.16.0
|
|
||||||
soupsieve==2.4.1
|
|
||||||
stevedore==5.1.0
|
|
||||||
TBB==0.2
|
|
||||||
tomli==2.0.1
|
|
||||||
torbrowser-launcher==0.3.6
|
|
||||||
tqdm==4.65.0
|
|
||||||
trash-cli==0.23.2.13.2
|
|
||||||
trimage==1.0.6
|
|
||||||
trove-classifiers==2023.8.8
|
|
||||||
typing_extensions==4.7.1
|
|
||||||
uc-micro-py==1.0.2
|
|
||||||
ufw==0.36.2
|
|
||||||
urllib3==1.26.15
|
|
||||||
userpath==1.8.0
|
|
||||||
validate-pyproject==0.13.post1.dev0+gb752273.d20230520
|
|
||||||
vboxapi==1.0
|
|
||||||
virtualenv==20.24.3
|
|
||||||
virtualenv-clone==0.5.7
|
|
||||||
warlock==2.0.1
|
|
||||||
wcwidth==0.2.6
|
|
||||||
webencodings==0.5.1
|
|
||||||
wrapt==1.14.1
|
|
||||||
XCGF==2021.11.20.2.41.3
|
|
||||||
XCPF==2021.12.24.10.22.41
|
|
||||||
youtube-dl==2021.12.17
|
|
||||||
yt-dlp==2023.7.6
|
|
||||||
zipp==3.16.2
|
|
||||||
zope.event==5.0
|
|
||||||
zope.interface==6.0
|
|
||||||
ansible==8.1.0
|
|
||||||
ansible-compat==4.1.6
|
|
||||||
ansible-core==2.15.1
|
|
||||||
ansible-lint==6.17.2
|
|
||||||
astroid==2.15.6
|
|
||||||
attrs==23.1.0
|
|
||||||
black==23.7.0
|
|
||||||
bracex==2.3.post1
|
|
||||||
certifi==2023.5.7
|
|
||||||
cffi==1.15.1
|
|
||||||
charset-normalizer==3.2.0
|
|
||||||
click==8.1.6
|
|
||||||
contextvars==2.4
|
|
||||||
cryptography==41.0.2
|
|
||||||
dill==0.3.7
|
|
||||||
distro==1.8.0
|
|
||||||
execnet==2.0.2
|
|
||||||
filelock==3.12.2
|
|
||||||
gitdb==4.0.10
|
|
||||||
GitPython==3.1.32
|
|
||||||
idna==3.4
|
|
||||||
immutables==0.19
|
|
||||||
iniconfig==2.0.0
|
|
||||||
isort==5.12.0
|
|
||||||
Jinja2==3.1.2
|
|
||||||
jmespath==1.0.1
|
|
||||||
jsonschema==4.19.0
|
|
||||||
jsonschema-specifications==2023.7.1
|
|
||||||
lazy-object-proxy==1.9.0
|
|
||||||
lint==1.2.1
|
|
||||||
looseversion==1.3.0
|
|
||||||
markdown-it-py==3.0.0
|
|
||||||
MarkupSafe==2.1.3
|
|
||||||
mccabe==0.7.0
|
|
||||||
mdurl==0.1.2
|
|
||||||
msgpack==1.0.5
|
|
||||||
mypy-extensions==1.0.0
|
|
||||||
packaging==23.1
|
|
||||||
pathspec==0.11.2
|
|
||||||
platformdirs==3.10.0
|
|
||||||
pluggy==1.2.0
|
|
||||||
psutil==5.9.5
|
|
||||||
pycparser==2.21
|
|
||||||
pycryptodomex==3.18.0
|
|
||||||
Pygments==2.16.1
|
|
||||||
pylint==2.17.5
|
|
||||||
pytest==7.4.0
|
|
||||||
pytest-testinfra==8.1.0
|
|
||||||
pytest-xdist==3.3.1
|
|
||||||
PyYAML==6.0
|
|
||||||
pyzmq==25.0.2
|
|
||||||
referencing==0.30.2
|
|
||||||
requests==2.31.0
|
requests==2.31.0
|
||||||
resolvelib==1.0.1
|
resolvelib==1.0.1
|
||||||
rich==13.5.2
|
salt==3006.4
|
||||||
rpds-py==0.9.2
|
urllib3==2.1.0
|
||||||
ruamel.yaml==0.17.32
|
|
||||||
ruamel.yaml.clib==0.2.7
|
|
||||||
salt==3006.1
|
|
||||||
smmap==5.0.0
|
|
||||||
subprocess-tee==0.4.1
|
|
||||||
tomlkit==0.12.1
|
|
||||||
urllib3==2.0.3
|
|
||||||
wcmatch==8.4.1
|
|
||||||
wrapt==1.15.0
|
|
||||||
yamllint==1.32.0
|
|
||||||
|
|
84
scripts/ci.sh
Executable file
84
scripts/ci.sh
Executable file
|
@ -0,0 +1,84 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# ci.sh: Helper script to automate deployment operations on CI/CD
|
||||||
|
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
set -xEeuo pipefail
|
||||||
|
#source $(pwd)/scripts/lib.sh
|
||||||
|
|
||||||
|
readonly SSH_ID_FILE=/tmp/ci-ssh-id
|
||||||
|
|
||||||
|
match_arg() {
|
||||||
|
if [ $1 == $2 ] || [ $1 == $3 ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
help() {
|
||||||
|
cat << EOF
|
||||||
|
USAGE: ci.sh [SUBCOMMAND]
|
||||||
|
Helper script to automate deployment operations on CI/CD
|
||||||
|
|
||||||
|
Subcommands
|
||||||
|
|
||||||
|
-c --clean cleanup secrets, SSH key and other runtime data
|
||||||
|
-i --init <SSH_PRIVATE_KEY> initialize environment, write SSH private to file
|
||||||
|
-h --help print this help menu
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
# $1: SSH private key
|
||||||
|
write_ssh(){
|
||||||
|
truncate --size 0 $SSH_ID_FILE
|
||||||
|
echo "$1" > $SSH_ID_FILE
|
||||||
|
chmod 600 $SSH_ID_FILE
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
clean() {
|
||||||
|
if [ -f $SSH_ID_FILE ]
|
||||||
|
then
|
||||||
|
shred $SSH_ID_FILE
|
||||||
|
rm $SSH_ID_FILE
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if (( "$#" < 1 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if match_arg $1 '-i' '--init'
|
||||||
|
then
|
||||||
|
if (( "$#" < 2 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
write_ssh "$2"
|
||||||
|
elif match_arg $1 '-c' '--clean'
|
||||||
|
then
|
||||||
|
clean
|
||||||
|
elif match_arg $1 '-h' '--help'
|
||||||
|
then
|
||||||
|
help
|
||||||
|
else
|
||||||
|
help
|
||||||
|
fi
|
|
@ -17,7 +17,7 @@ variable "libvirt_pool_path" {
|
||||||
variable "libvirt_debian_src" {
|
variable "libvirt_debian_src" {
|
||||||
description = "Location of Debian 11 qcow2 image"
|
description = "Location of Debian 11 qcow2 image"
|
||||||
type = string
|
type = string
|
||||||
default = "/home/atm/disk-images/debian/11/cloud/debian-11-genericcloud-amd64.qcow2"
|
default = "/home/atm/disk-images/debian/12/clould/debian-12-generic-amd64.qcow2"
|
||||||
}
|
}
|
||||||
|
|
||||||
/* demo server */
|
/* demo server */
|
||||||
|
|
45
terraform/mcaptcha/.gitignore
vendored
Normal file
45
terraform/mcaptcha/.gitignore
vendored
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# Compiled files
|
||||||
|
*.tfstate
|
||||||
|
*.tfstate.backup
|
||||||
|
*.tfstate.lock.info
|
||||||
|
|
||||||
|
# logs
|
||||||
|
*.log
|
||||||
|
|
||||||
|
# Directories
|
||||||
|
.terraform/
|
||||||
|
.vagrant/
|
||||||
|
|
||||||
|
# SSH Keys
|
||||||
|
*.pem
|
||||||
|
|
||||||
|
# Backup files
|
||||||
|
*.bak
|
||||||
|
|
||||||
|
# Ignored Terraform files
|
||||||
|
*gitignore*.tf
|
||||||
|
|
||||||
|
# Ignore Mac .DS_Store files
|
||||||
|
.DS_Store
|
||||||
|
|
||||||
|
# Ignored vscode files
|
||||||
|
.vscode/
|
||||||
|
|
||||||
|
# Ignore Any Generated JSON Files
|
||||||
|
operations/automation-script/apply.json
|
||||||
|
operations/automation-script/configversion.json
|
||||||
|
operations/automation-script/run.template.json
|
||||||
|
operations/automation-script/run.json
|
||||||
|
operations/automation-script/variable.template.json
|
||||||
|
operations/automation-script/variable.json
|
||||||
|
operations/automation-script/workspace.template.json
|
||||||
|
operations/automation-script/workspace.json
|
||||||
|
operations/sentinel-policies-scripts/create-policy.template.json
|
||||||
|
operations/sentinel-policies-scripts/create-policy.json
|
||||||
|
operations/variable-scripts/variable.template.json
|
||||||
|
operations/variable-scripts/variable.json
|
||||||
|
|
||||||
|
# Sentinel runtime directory
|
||||||
|
.sentinel
|
||||||
|
dos
|
||||||
|
hosts.ini
|
53
terraform/mcaptcha/.terraform.lock.hcl
Normal file
53
terraform/mcaptcha/.terraform.lock.hcl
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
# This file is maintained automatically by "tofu init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/dmacvicar/libvirt" {
|
||||||
|
version = "0.7.6"
|
||||||
|
constraints = "~> 0.7.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:mmbm4vTyC/DCGO4Ed/vbp5AKvy1gmVn/94fzB9VmR08=",
|
||||||
|
"zh:0bde54f6f658b20b620b875daf106b5b25b1bae4d15408d6c5f06d58360e254d",
|
||||||
|
"zh:0c97c6930015918b8a34b6d7a2b0c3d17a649c226fcd1874fcba5bbbc0f35972",
|
||||||
|
"zh:1bdd7aa0011c5f024a09a124836ee9bc8e71b05a6ece810c61824275fd3f695f",
|
||||||
|
"zh:2b0cc7c794e4caf395d84ffff0b380d17e4b3219a4696264271bfe5059450efe",
|
||||||
|
"zh:2f8633f7fe07f76c188836ed6f93321ec5fbf5c004bc7699e1741d9b21ed5f37",
|
||||||
|
"zh:5bf47eed286ce55ed10a5cf657de49a34ab21cc8677c56fef3aab69cdde41a27",
|
||||||
|
"zh:7dca790fc5fd1d42bc4bc7170be003a7093602026d0f95c8aab84ad551fdf2a4",
|
||||||
|
"zh:80476b68bc84e3d661d1390025f83879b88f9cdc836de9751af09bd5716089cb",
|
||||||
|
"zh:82f3e2f3f50176cd6041c8ba36e295cbda1b289ef52ab75b5eceb0f921f64f7b",
|
||||||
|
"zh:a179b165f3b9bb9a67ebbbf9d73157ded33f02d476b2f58906389dca03b653c9",
|
||||||
|
"zh:acae54a5d0616f22b3180ddd8e8aad39af664e604394fdacf1f7b337bca2d5b4",
|
||||||
|
"zh:da4406a2428a9a7e98272c032cb93431c3919253af2fe9934b532d26c0deab09",
|
||||||
|
"zh:f63dbd8e579ab5268d01ffab4503b8a8e736b70d1a04e4f271559ba8dd133dcd",
|
||||||
|
"zh:f85c1d9e51a94ecde137435c9d6b0fb7be590437ea8a725334d1577eebbc550c",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/hashicorp/local" {
|
||||||
|
version = "2.4.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:pWJMQ+uRtVtHg97vU2zSCuYcZTuDQ7FJz+QanfSGMXM=",
|
||||||
|
"zh:184d6ec1f0e77713b37f0d9cf943b1371f2aa2f44c2c5a618978e897ce3dccab",
|
||||||
|
"zh:2205a7955a4051c2c25e69646a60746d9416b73001491808ae5d10620f7b7ac1",
|
||||||
|
"zh:256ddc56457f725819dc6be62f2d0bb3b9fee40a61771317bb32353df5b5c1a0",
|
||||||
|
"zh:70146e603f540523f6fa2251dd52c225db5a92bda8c07fd198ed51ae2b50176b",
|
||||||
|
"zh:8c3f9fe12ab8843e25ff7edabc26e01df4a0e8db204e432600a4c77a95ec0535",
|
||||||
|
"zh:b003e421f643d14247d31dcb7f0f6470c46f772d0e15a175a555a525ce344bf2",
|
||||||
|
"zh:b4c8ad7c5696aeb2a52adf6047d1e01943fafa57dc123d5192542527406ffd72",
|
||||||
|
"zh:c3b6fbfa431f3c085621c74596ee63681a278fd433a4758f33c627e8936d5cb3",
|
||||||
|
"zh:d2e57b19295b326d84ca5f39b797849d901170d5509aa7558f2a6545c9ce72a9",
|
||||||
|
"zh:e2307421b0b380eb0e8fcee008e0af98ae30fccbfc9e9a1d24d952489e9b0df9",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/hashicorp/template" {
|
||||||
|
version = "2.2.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:tdS0otiAtvUV8uLJWJNfcqOPo3llj7FyRzExw6X1srY=",
|
||||||
|
"zh:374c28bafc43cd65e578cb209efc9eee4c1cec7618f451528e928db98059e8c8",
|
||||||
|
"zh:6a2982e70fbc2ab2668d624c648ef2eb32243c1a1185246b03991a7a21326db9",
|
||||||
|
"zh:af83169c21bb13f141510a349e1f70cf7d893247a269bd71cad74dd22f1df0f5",
|
||||||
|
"zh:b81a5bedc91a1a81b938c393247248d6c3d1bd8ea685541f9c858908c0afb6b3",
|
||||||
|
"zh:de15486244af2d29d44d510d647cd6e0b1408e89952261013c572b7c9bfd744b",
|
||||||
|
]
|
||||||
|
}
|
5
terraform/mcaptcha/ci.tfvars
Normal file
5
terraform/mcaptcha/ci.tfvars
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ci-ssh-id&sshauth=privkey&no_verify=1"
|
||||||
|
libvirt_pool_path = "/home/mcaptcha-ci/libvirt/pool/mcaptcha_basic"
|
||||||
|
libvirt_debian_src = "http://192.168.0.102/debian-12-generic-amd64.qcow2"
|
||||||
|
macvtap_ethernet_interface = "enp2s0"
|
||||||
|
ssh_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCYagT9/PXoeaUae7Z3BKOPKBiEvJsCTUIhPCcRp5fb mcaptcha-ci@hellbat.batsense.net"
|
30
terraform/mcaptcha/cloud_init.cfg
Normal file
30
terraform/mcaptcha/cloud_init.cfg
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
#cloud-config
|
||||||
|
# vim: syntax=yaml
|
||||||
|
packages:
|
||||||
|
- sudo
|
||||||
|
- qemu-guest-agent
|
||||||
|
runcmd:
|
||||||
|
- [ systemctl, daemon-reload ]
|
||||||
|
- [ systemctl, enable, qemu-guest-agent.service ]
|
||||||
|
- [ systemctl, start, --wait, qemu-guest-agent.service ]
|
||||||
|
|
||||||
|
users:
|
||||||
|
- name: root
|
||||||
|
ssh_authorized_keys:
|
||||||
|
- ${ssh_public_key}
|
||||||
|
- name: atm
|
||||||
|
gecos: Aravinth Manivannan
|
||||||
|
groups: users, admin
|
||||||
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||||
|
shell: /bin/bash
|
||||||
|
lock_passwd: true
|
||||||
|
plain_text_passwd: fooabr12
|
||||||
|
ssh_authorized_keys:
|
||||||
|
- ${ssh_public_key}
|
||||||
|
|
||||||
|
ssh_pwauth: true
|
||||||
|
chpasswd:
|
||||||
|
list: |
|
||||||
|
root:foobar12
|
||||||
|
atm:foobar12
|
||||||
|
expire: False
|
49
terraform/mcaptcha/main.tf
Normal file
49
terraform/mcaptcha/main.tf
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
|
terraform {
|
||||||
|
required_version = ">= 0.13"
|
||||||
|
required_providers {
|
||||||
|
libvirt = {
|
||||||
|
source = "dmacvicar/libvirt"
|
||||||
|
version = "~> 0.7.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "libvirt" {
|
||||||
|
uri = var.libvirt_uri
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "libvirt_pool" "mcaptcha_basic" {
|
||||||
|
name = "mcaptcha_basic"
|
||||||
|
type = "dir"
|
||||||
|
path = var.libvirt_pool_path
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "libvirt_volume" "debian-mcaptcha-qcow2" {
|
||||||
|
name = "debian-mcaptcha-qcow2"
|
||||||
|
pool = libvirt_pool.mcaptcha_basic.name
|
||||||
|
source = var.libvirt_debian_src
|
||||||
|
format = "qcow2"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "template_file" "user_data" {
|
||||||
|
template = file("${path.module}/cloud_init.cfg")
|
||||||
|
vars = {
|
||||||
|
ssh_public_key = var.ssh_public_key
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data "template_file" "network_config" {
|
||||||
|
template = file("${path.module}/network_config.cfg")
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "libvirt_cloudinit_disk" "commoninit" {
|
||||||
|
name = "commoninit.iso"
|
||||||
|
user_data = data.template_file.user_data.rendered
|
||||||
|
network_config = data.template_file.network_config.rendered
|
||||||
|
pool = libvirt_pool.mcaptcha_basic.name
|
||||||
|
}
|
BIN
terraform/mcaptcha/mcaptcha
Normal file
BIN
terraform/mcaptcha/mcaptcha
Normal file
Binary file not shown.
56
terraform/mcaptcha/mcaptcha.tf
Normal file
56
terraform/mcaptcha/mcaptcha.tf
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
|
resource "libvirt_volume" "mcaptcha_volume" {
|
||||||
|
name = "mcaptcha_volume-${count.index}"
|
||||||
|
base_volume_id = libvirt_volume.debian-mcaptcha-qcow2.id
|
||||||
|
count = var.mcaptcha_vm_count
|
||||||
|
pool = libvirt_pool.mcaptcha_basic.name
|
||||||
|
size = var.mcaptcha_vm_disk_size
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "libvirt_domain" "mcaptcha_mcaptcha" {
|
||||||
|
count = var.mcaptcha_vm_count
|
||||||
|
|
||||||
|
name = "mcaptcha_mcaptcha_${count.index}"
|
||||||
|
memory = var.mcaptcha_vm_memory
|
||||||
|
vcpu = var.mcaptcha_vm_vcpu
|
||||||
|
qemu_agent = true
|
||||||
|
|
||||||
|
cloudinit = libvirt_cloudinit_disk.commoninit.id
|
||||||
|
|
||||||
|
console {
|
||||||
|
type = "pty"
|
||||||
|
target_port = "0"
|
||||||
|
target_type = "serial"
|
||||||
|
}
|
||||||
|
|
||||||
|
console {
|
||||||
|
type = "pty"
|
||||||
|
target_type = "virtio"
|
||||||
|
target_port = "1"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
macvtap = var.macvtap_ethernet_interface
|
||||||
|
wait_for_lease = true
|
||||||
|
}
|
||||||
|
|
||||||
|
disk {
|
||||||
|
volume_id = element(libvirt_volume.mcaptcha_volume.*.id, count.index)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
locals {
|
||||||
|
mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]]
|
||||||
|
mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name]
|
||||||
|
mcaptcha_vm_map = [for i in libvirt_domain.mcaptcha_mcaptcha : {
|
||||||
|
ip = i.network_interface.0.addresses[0],
|
||||||
|
name = i.name
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
|
5
terraform/mcaptcha/network_config.cfg
Normal file
5
terraform/mcaptcha/network_config.cfg
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
version: 2
|
||||||
|
ethernets:
|
||||||
|
ens3:
|
||||||
|
dhcp4: true
|
||||||
|
# ip: 192.168.0.115
|
20
terraform/mcaptcha/output.tf
Normal file
20
terraform/mcaptcha/output.tf
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
|
|
||||||
|
output "mcaptcha_mcaptcha_ip" {
|
||||||
|
value = local.mcaptcha_vm_map
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "local_file" "hosts_yml" {
|
||||||
|
content = templatefile("./templates/hosts.yml.tftpl",
|
||||||
|
{
|
||||||
|
mcaptcha_vms_ips = local.mcaptcha_vm_ips,
|
||||||
|
mcaptcha_vms_names = local.mcaptcha_vm_names,
|
||||||
|
mcaptcha_vms = local.mcaptcha_vm_map
|
||||||
|
|
||||||
|
})
|
||||||
|
|
||||||
|
filename = "hosts.ini"
|
||||||
|
}
|
7
terraform/mcaptcha/scripts/on.sh
Executable file
7
terraform/mcaptcha/scripts/on.sh
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
|
||||||
|
for vm in $(virsh list --all --name --state-shutoff); do \
|
||||||
|
echo "[*] Starting vm: $vm"; \
|
||||||
|
virsh start $vm; \
|
||||||
|
done
|
4
terraform/mcaptcha/templates/hosts.yml.tftpl
Normal file
4
terraform/mcaptcha/templates/hosts.yml.tftpl
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
[mcaptcha_hosts]
|
||||||
|
%{ for vm in mcaptcha_vms ~}
|
||||||
|
${vm.name} ansible_host=${vm.ip} ansible_user=atm
|
||||||
|
%{ endfor ~}
|
58
terraform/mcaptcha/variables.tf
Normal file
58
terraform/mcaptcha/variables.tf
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
/* main.tf */
|
||||||
|
variable "libvirt_uri" {
|
||||||
|
description = "URI of libvert socket"
|
||||||
|
type = string
|
||||||
|
default = "qemu:///system"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "libvirt_pool_path" {
|
||||||
|
description = "Path of libvirt storage pool"
|
||||||
|
type = string
|
||||||
|
default = "/home/atm/code/libvirt/pool/mcaptcha_basic"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "libvirt_debian_src" {
|
||||||
|
description = "Location of Debian 11 qcow2 image"
|
||||||
|
type = string
|
||||||
|
default = "/home/atm/disk-images/debian/12/clould/debian-12-generic-amd64.qcow2"
|
||||||
|
}
|
||||||
|
|
||||||
|
/* mcaptcha/mcaptcha server server */
|
||||||
|
variable "mcaptcha_vm_count" {
|
||||||
|
description = "Number of VMs to be deployed to run mcaptcha/mcaptcha"
|
||||||
|
type = number
|
||||||
|
default = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "mcaptcha_vm_disk_size" {
|
||||||
|
description = "Size of disk of VMs running mcaptcha/mcaptcha in bytes"
|
||||||
|
type = number
|
||||||
|
default = 8000000000 # 8GB
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "mcaptcha_vm_memory" {
|
||||||
|
description = "Memory of VMs running mcaptcha/mcaptcha in MB"
|
||||||
|
type = number
|
||||||
|
default = 2000 # 2GB
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "mcaptcha_vm_vcpu" {
|
||||||
|
description = "Number of CPUs of VMs running mcaptcha/mcaptcha"
|
||||||
|
type = number
|
||||||
|
default = 4
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "macvtap_ethernet_interface" {
|
||||||
|
description = "Ethernet interface on the host machine that can be used as macvtap"
|
||||||
|
type = string
|
||||||
|
default = "enp2s0"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "ssh_public_key" {
|
||||||
|
description = "Set up SSH login for this public key"
|
||||||
|
type = string
|
||||||
|
default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com"
|
||||||
|
}
|
22
tests/cache/base.py
vendored
Normal file
22
tests/cache/base.py
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
|
||||||
|
def test_redis_is_listening(host):
|
||||||
|
socket = host.socket(f"tcp://0.0.0.0:6379")
|
||||||
|
assert socket.is_listening
|
||||||
|
|
||||||
|
|
||||||
|
def test_redis_config_exists(host):
|
||||||
|
config = host.file("/etc/redis/redis.conf")
|
||||||
|
assert config.exists
|
||||||
|
assert config.is_file
|
||||||
|
|
||||||
|
|
||||||
|
def test_redis_service_running_and_enabled(host):
|
||||||
|
service = host.service("redis")
|
||||||
|
assert service.is_running
|
||||||
|
assert service.is_enabled
|
39
tests/mcaptcha/base.py
Normal file
39
tests/mcaptcha/base.py
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
|
import os
|
||||||
|
import requests
|
||||||
|
|
||||||
|
|
||||||
|
def test_mcaptcha_nginx_is_listening(host):
|
||||||
|
socket = host.socket(f"tcp://127.0.0.1:80")
|
||||||
|
assert socket.is_listening
|
||||||
|
|
||||||
|
|
||||||
|
def test_mcaptcha_config_exists(host):
|
||||||
|
config = host.file("/etc/mcaptcha/config.toml")
|
||||||
|
assert config.exists
|
||||||
|
assert config.is_file
|
||||||
|
|
||||||
|
|
||||||
|
def test_mcaptcha_health(host):
|
||||||
|
url = f"http://{host.interface.default().addresses[0]}/api/v1/meta/health"
|
||||||
|
resp = requests.get(url, headers={"Host": "mcaptcha.local"})
|
||||||
|
assert resp.status_code == 200
|
||||||
|
data = resp.json()
|
||||||
|
if "redis" in data:
|
||||||
|
assert data["redis"] is True
|
||||||
|
assert data["db"] is True
|
||||||
|
|
||||||
|
|
||||||
|
def test_nginx_service_running_and_enabled(host):
|
||||||
|
service = host.service("nginx")
|
||||||
|
assert service.is_running
|
||||||
|
assert service.is_enabled
|
||||||
|
|
||||||
|
|
||||||
|
def test_mcaptcha_service_running_and_enabled(host):
|
||||||
|
service = host.service("mcaptcha")
|
||||||
|
assert service.is_running
|
||||||
|
assert service.is_enabled
|
|
@ -38,7 +38,6 @@ def test_pkgis_installed(host):
|
||||||
"python3-pip",
|
"python3-pip",
|
||||||
"virtualenv",
|
"virtualenv",
|
||||||
"python3-setuptools",
|
"python3-setuptools",
|
||||||
"ntp",
|
|
||||||
"ufw",
|
"ufw",
|
||||||
]:
|
]:
|
||||||
assert host.package(pkg).is_installed
|
assert host.package(pkg).is_installed
|
||||||
|
|
Loading…
Reference in a new issue