Compare commits

...

37 commits

Author SHA1 Message Date
15775ddd8c Merge pull request 'chore: Configure Renovate' (#7) from renovate/configure into master
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending approval
Reviewed-on: #7
2024-06-04 13:05:23 +05:30
Renovate Bot
d491f26e49 Add renovate.json
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending approval
ci/woodpecker/pr/woodpecker Pipeline is pending approval
ci/woodpecker/pull_request_closed/woodpecker Pipeline is pending approval
2024-06-04 07:35:06 +00:00
74cd88322d Merge pull request 'feat-test-playbooks' (#5) from feat-test-playbooks into master
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #5
2023-12-13 00:49:03 +05:30
152fb05cb6
feat: test mariadb+embedded combination
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2023-12-13 00:17:49 +05:30
06d3da8019
feat: install python deps from requirements.txt
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2023-12-12 23:53:25 +05:30
165b2d24f7
fix: typo 2023-12-12 23:52:58 +05:30
1c17a3f3d9
feat: make mcaptcha systemd service wait on deps 2023-12-12 23:52:43 +05:30
7e9f0a3633
feat: test for support DB and cache combinations
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-12 23:08:01 +05:30
713ec1dd18
feat: cleanup ci config and use tofu-generated hostfile in ansible
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-12 22:07:20 +05:30
bf87080e33
feat: use macvtap to make VM accessible to CI machine 2023-12-12 19:34:05 +05:30
0306798bad
feat: generalize ssh key and install qemu agent for macvtap IP retrival 2023-12-12 19:33:04 +05:30
9833f7fd98
debug: use pool dir in home
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-11 20:43:33 +05:30
58cb71dab3
feat: CI: use local image mirror
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-11 20:15:37 +05:30
418c792e83
feat: load SSH key
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-11 19:47:09 +05:30
3da25ea1c3
feat: provision test domain in hellbat hypervisor
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-11 19:26:00 +05:30
64302fed4c
feat: install opentofu and check network access
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-11 15:11:09 +05:30
b6b58b6156
fix: rm ufw from ci
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-11 14:38:03 +05:30
66f3979930
debug: become root
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2023-12-11 14:37:23 +05:30
2c02ae4b95
fix: document roles 2023-12-11 14:37:23 +05:30
b74731476d
fix: testinfra install command 2023-12-11 14:37:23 +05:30
69fb946f3f
hotfix: run mcaptcha playbook on all hosts 2023-12-11 14:37:23 +05:30
dcc821782e
feat: init CI 2023-12-11 14:37:23 +05:30
9922989d5d
Merge branch 'disable-ufw' 2023-12-11 14:37:05 +05:30
c469878daf
feat: rm ufw
configuring a firewall is external to installing mCaptcha, since we use
standard HTTP ports only. Should also make testing with woodpecker CI
easy.
2023-12-11 14:36:14 +05:30
bbff7f41a5 Merge pull request 'feat: rm ufw' (#6) from disable-ufw into master
Reviewed-on: #6
2023-12-11 14:33:07 +05:30
4a81e7d591
feat: rm ufw
configuring a firewall is external to installing mCaptcha, since we use
standard HTTP ports only. Should also make testing with woodpecker CI
easy.
2023-12-11 14:30:54 +05:30
50569c8a32 Merge pull request 'wip-mcaptcha-mcaptcha' (#4) from wip-mcaptcha-mcaptcha into master
Reviewed-on: #4
2023-12-09 03:40:48 +05:30
a0a2e915af
doc: mcaptcha vars 2023-12-09 03:39:55 +05:30
800a6b6ebc
fix: dont use atm user 2023-12-09 03:30:10 +05:30
4e7f4b6be6
chore: consolidate vars file 2023-12-09 03:21:26 +05:30
60f730153e Merge pull request 'wip-mcaptcha-mcaptcha' (#3) from wip-mcaptcha-mcaptcha into master
Reviewed-on: #3
2023-12-09 03:03:07 +05:30
6457176823 Merge pull request 'wip-cache' (#2) from wip-cache into master
Reviewed-on: #2
2023-12-09 02:58:16 +05:30
da087a74c7
feat: helper make commands to install and test mcaptcha 2023-12-09 02:58:01 +05:30
f7206d721c
feat: test mCaptcha installation for firewall, services and health endpoint 2023-12-09 02:57:32 +05:30
3002808f92
feat: optionally redis, mariadb and postgres and proxy mcaptcha w nginx 2023-12-09 02:56:13 +05:30
c8a34a6e7b
feat: ansible role to download and install mcaptcha 2023-12-09 02:55:18 +05:30
eb586633ec
fix: dont expose redis and cleanup downloads 2023-12-09 02:52:24 +05:30
30 changed files with 849 additions and 306 deletions

3
.gitignore vendored
View file

@ -159,3 +159,6 @@ cython_debug/
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/
ansible/credentials/
terraform/mcaptcha/mcaptcha
sec/

27
.woodpecker.yml Normal file
View file

@ -0,0 +1,27 @@
steps:
backend:
image: python:3-bookworm
environment:
- ANSIBLE_HOST_KEY_CHECKING=False
commands:
- export PATH=$PATH:/root/.local/bin
- eval "$(ssh-agent -s)"
- make ci.init
- cat terraform/mcaptcha/hosts.ini
# db: mariadb cache: redis
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=redis" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
# db: postgres cache: redis
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=redis" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
# embedded cache
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=embedded" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
# embedded cache
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=embedded" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
- make ci.clean
secrets: [TEST_NODE_SSH_KEY]

View file

@ -24,6 +24,12 @@ define configure_cache
ansible-playbook -i $(INVENTORY) -f 10 ./ansible/cache.yml
endef
define configure_mcaptcha
. ./venv/bin/activate && \
ansible-playbook -i $(INVENTORY) -f 10 ./ansible/mcaptcha.yml
endef
define test_base
. ./venv/bin/activate && \
@ -49,6 +55,19 @@ define test_cache
endef
define test_mcaptcha
. ./venv/bin/activate && \
cd tests/mcaptcha/ && \
ANSIBLE_REMOTE_USER=root \
py.test --hosts='ansible://mcaptcha_hosts' \
-n 10 \
--verbose \
--ansible-inventory="../../${INVENTORY}" \
base.py
endef
define test_locust
. ./venv/bin/activate && \
@ -88,6 +107,13 @@ conf.dos: ## Configure all DoS VMs
conf.cache: ## Configure all cache VMs
$(call configure_cache)
# ```bash
# INVENTORY=./terraform/dos/hosts.ini make conf.mcaptcha
# ```
conf.mcaptcha: ## Configure all mcaptcha VMs
$(call configure_mcaptcha)
# ```bash
# INVENTORY=./terraform/dos/hosts.ini make conf.ping
# ```
@ -105,7 +131,32 @@ test.base: ## Test base configuration on all VMs
test.cache: ## Test cache configuration
$(call test_cache)
test.mcaptcha: ## Test mcaptcha configuration
$(call test_mcaptcha)
ci.init:
apt-get update
apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients genisoimage
./scripts/ci.sh --init "$$TEST_NODE_SSH_KEY"
ssh-add /tmp/ci-ssh-id
ssh -o StrictHostKeyChecking=accept-new mcaptcha-ci@192.168.0.102 "echo f"
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg
chmod a+r /etc/apt/keyrings/opentofu.gpg
echo "deb [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" > /etc/apt/sources.list.d/opentofu.list
echo "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" >> /etc/apt/sources.list.d/opentofu.list
apt-get update
apt-get install -y tofu
tofu -chdir=terraform/mcaptcha/ init
tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha"
tofu -chdir=terraform/mcaptcha/ apply "mcaptcha"
pip install virtualenv && virtualenv venv
. venv/bin/activate && pip install -r requirements.txt
. venv/bin/activate && ansible-galaxy install -r ./ansible/requirements.yml
ci.clean:
echo yes | tofu -chdir=terraform/mcaptcha/ destroy -var-file="ci.tfvars"
./scripts/ci.sh --clean
help: ## Prints help for targets with comments
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

View file

@ -5,12 +5,9 @@
---
- name: Install and enable firewall
hosts: all
remote_user: atm
pre_tasks:
- name: Ensure all VMs are reachable
ansible.builtin.ping:
roles:
- ufw
tasks:
- name: Install git, zip, nginx, wget, curl & other utils
@ -28,4 +25,3 @@
- python3-pip
- virtualenv
- python3-setuptools
- ufw

View file

@ -6,8 +6,7 @@
ansible.builtin.import_playbook: base.yml
- name: Install redis cache
hosts: mcaptcha_hosts
remote_user: atm
hosts: all
pre_tasks:
- name: Ensure all VMs are reachable
ansible.builtin.ping:

View file

@ -4,10 +4,11 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
- name: Base configuration
ansible.builtin.import_playbook: base.yml
roles:
- ufw
- name: Configure Locust instances
hosts: [mcaptcha_dos]
remote_user: atm
pre_tasks:
- name: Ensure all VMs are reachable
ansible.builtin.ping:

84
ansible/mcaptcha.yml Normal file
View file

@ -0,0 +1,84 @@
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#---
- name: Base configuration
ansible.builtin.import_playbook: base.yml
- name: Install and configure postgres
hosts: all
become: yes
vars_files:
- vars/mcaptcha/vars.yml
- vars/mcaptcha/postgresql.yml
tasks:
- ansible.builtin.include_role:
name: geerlingguy.postgresql
when:
database_type == "postgres"
- name: Install and configure mariadb
hosts: all
become: yes
vars_files:
- vars/mcaptcha/vars.yml
- vars/mcaptcha/mariadb.yml
tasks:
- ansible.builtin.include_role:
name: geerlingguy.mysql
when:
database_type == "mariadb"
- name: Install and configure cache
hosts: all
become: yes
vars_files:
- vars/mcaptcha/vars.yml
tasks:
- name: conditionally install redis cache
ansible.builtin.include_role:
name: cache
when: cache_type == "redis"
- name: Install mCaptcha binary
hosts: all
vars_files:
- vars/mcaptcha/vars.yml
roles:
- mcaptcha
tasks:
- name: restart mcaptcha
debug:
msg: "mCaptcha successfully deployed to {{ mcaptcha_server_hostname }}"
notify: restart mcaptcha
- name: Install git, zip, nginx, wget, curl & other utils
become: true
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
pkg:
- nginx
- name: Copy nginx vhost
become: true
ansible.builtin.template:
src: ./templates/mcaptcha/nginx.vhost.j2
dest: "/etc/nginx/sites-available/{{ mcaptcha_server_hostname }}"
owner: root
group: root
force: true
mode: "0644"
- name: Copy nginx vhost
become: true
ansible.builtin.file:
src: "/etc/nginx/sites-available/{{ mcaptcha_server_hostname }}"
dest: "/etc/nginx/sites-enabled/{{ mcaptcha_server_hostname }}"
state: link
- name: Restart nginx
become: true
ansible.builtin.service:
name: nginx
state: restarted

View file

@ -5,7 +5,6 @@
---
- name: Ping all servers
hosts: all
remote_user: atm
tasks:
- name: Ensure all VMs are reachable

3
ansible/requirements.yml Normal file
View file

@ -0,0 +1,3 @@
- src: geerlingguy.mysql
- src: geerlingguy.postgresql

View file

@ -72,15 +72,7 @@
force: true
mode: "0755"
# - name: Delete download dir
# ansible.builtin.file:
# path: /tmp/cache-lib
# state: absent
- name: Allow port 6379 for redis
become: true
community.general.ufw:
state: enabled
rule: allow
proto: tcp
port: "6379"
- name: Delete download dir
ansible.builtin.file:
path: /tmp/cache-lib
state: absent

View file

@ -39,8 +39,8 @@
name: docker
state: present
- name: Add user atm to docker group
- name: Add user to docker group
become: true
ansible.builtin.user:
name: atm # TODO: add admin user to docker group
name: "{{ ansible_user_id }}"
groups: docker,users,admin

View file

@ -0,0 +1,7 @@
- name: restart mcaptcha
listen: restart mcaptcha
become: true
ansible.builtin.service:
name: mcaptcha
enabled: true
state: restarted

View file

@ -0,0 +1,82 @@
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Create mCaptcha systemd user
become: true
ansible.builtin.user:
name: mcaptcha
state: present
system: true
comment: mCaptcha systemd user
- name: Create download dir
ansible.builtin.file:
path: /tmp/mcaptcha-dl
state: directory
mode: "0755"
- name: Download binary
ansible.builtin.get_url:
url: https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
dest: /tmp/mcaptcha-dl
checksum: sha256:https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
- name: Extract mcaptcha-master-linux-amd64.tar.gz into /var/lib/foo
ansible.builtin.unarchive:
src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64.tar.gz
remote_src: true
dest: /tmp/mcaptcha-dl/
- name: Install binary
become: true
notify: restart mcaptcha
ansible.builtin.copy:
src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64/mcaptcha
remote_src: true
dest: /usr/local/bin/mcaptcha
owner: root
group: root
force: true
mode: "0755"
- name: Copy mCaptcha systemd servicefile
become: true
ansible.builtin.template:
src: ./templates/mcaptcha/mcaptcha.service.j2
dest: /etc/systemd/system/mcaptcha.service
owner: root
group: root
force: true
mode: "0777"
- name: Create mCaptcha config dir
become: true
ansible.builtin.file:
path: /etc/mcaptcha
state: directory
mode: "0755"
- name: Copy mCaptcha config file
become: true
notify: restart mcaptcha
ansible.builtin.template:
src: ./templates/mcaptcha/config.toml.j2
dest: /etc/mcaptcha/config.toml
owner: root
group: root
force: true
mode: "0644"
- name: Run mCaptcha as a systemd service
become: true
ansible.builtin.systemd_service:
name: mcaptcha
daemon_reload: true
state: started
enabled: true
- name: Delete download dir
ansible.builtin.file:
path: /tmp/mcaptcha-dl
state: absent

View file

@ -0,0 +1,81 @@
{% if database_type == 'postgres' %}
{% set mcaptcha_database_url = "postgres://" ~ database_owner ~ ":" ~ database_password ~ "@" ~ "localhost:5432/" ~ database_name %}
{% else %}
{% set mcaptcha_database_url = "mysql://" ~ database_owner ~ ":" ~ database_password ~ "@" ~ "localhost/" ~ database_name %}
{% endif %}
debug = "{{ mcaptcha_debug | default('false') }}"
source_code = "{{ mcaptcha_source_code | default('https://github.com/mCaptcha/mCaptcha') }}"
commercial = "{{ mcaptcha_commercial | default('false') }}"
allow_demo = "{{ mcaptcha_allow_demo | default('false') }}"
allow_registration = "{{ mcaptcha_allow_registration | default('true') }}"
[server]
# Please set a unique value, your mCaptcha instance's security depends on this being
# unique
cookie_secret = "{{ mcaptcha_server_cookie_secret }}"
# The port at which you want authentication to listen to
# takes a number, choose from 1000-10000 if you dont know what you are doing
port = "{{ mcaptcha_server_port | default(7000) }}"
#IP address. Enter 0.0.0.0 to listen on all available addresses
ip= "{{ mcaptcha_server_bind | default('127.0.0.1') }}"
# enter your hostname, eg: example.com
domain = "{{ mcaptcha_server_hostname }}"
# Set true if you have setup TLS with a reverse proxy like Nginx.
# Does HTTPS redirect and sends additional headers that can only be used if
# HTTPS available to improve security
proxy_has_tls = "{{ mcaptcha_proxy_has_tls | default('false') }}"
[captcha]
# Please set a unique value, your mCaptcha instance's security depends on this being
# unique
salt = "{{ mcaptcha_captcha_salt }}"
# garbage collection period to manage mCaptcha system
# leave untouched if you don't know what you are doing
gc = "{{ mcaptcha_captcha_gc | default(30) }}" #30
runners = "{{ mcaptcha_captcha_runners | default(4) }}" #4
queue_length = "{{ mcaptcha_captcha_queue_length | default(2000) }}" #2000
enable_stats = "{{ mcaptcha_captcha_enable_stats | default('true') }}" #true
[captcha.default_difficulty_strategy]
avg_traffic_difficulty = "{{ mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty | default(50000) }}" # 50000 # almost instant solution
peak_sustainable_traffic_difficulty = "{{ mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty | default(3000000) }}" # 3000000 # roughly 1.5s
broke_my_site_traffic_difficulty = "{{ mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty | default(5000000) }}" # 5000000 # greater than 3.5s
# cooldown period in seconds
duration = "{{ mcaptcha_captcha_default_difficulty_strategy_avg_duration | default(30) }}" # 30
[database]
# This section deals with the database location and how to access it
# Please note that at the moment, we have support for only postgresqa.
# Example, if you are Batman, your config would be:
# url = "postgres://batman:password@batcave.org:5432/batcave"
# database_type = "postgres"
# pool = 4
url = "{{ mcaptcha_database_url }}" # "postgres://example.org" # hack for tests to run successfully
pool = "{{ mcaptcha_database_pool | default(4) }}" #4
{% if cache_type == 'redis' %}
[redis]
# This section deals with the database location and how to access it
# Please note that at the moment, we have support for only postgresqa.
# Example, if you are Batman, your config would be:
url = "{{ mcaptcha_redis_url }}" #"redis://127.0.0.1"
pool = "{{ mcaptcha_redis_pool | default(4) }}" #4
{% endif %}
[smtp]
from = "{{ mcaptcha_smtp_from }}" # "admin@localhost"
reply = "{{ mcaptcha_smtp_reply }}" #"admin@localhost"
url = "{{ mcaptcha_smtp_url }}" #"127.0.0.1"
port = "{{ mcaptcha_smtp_port }}" #10025
username = "{{ mcaptcha_smtp_username }}" #"admin"
password = "{{ mcaptcha_smtp_password }}" #"password"
#[survey]
#nodes = ["http://localhost:7001"]
#rate_limit = 10 # upload every hour
#instance_root_url = "http://localhost:7000"

View file

@ -0,0 +1,34 @@
[Unit]
Description=mCaptcha: PoW CAPTCHA system
After=syslog.target
After=network.target
{% if cache_type == 'redis' %}
Wants=redis.service
After=redis.service
{% endif %}
{% if database_type == 'postgres' %}
Wants=postgresql.service
After=postgresql.service
{% endif %}
{% if database_type == 'mariadb' %}
Wants=mariadb.service
After=mariadb.service
{% endif %}
[Service]
RestartSec=2s
Type=simple
User=mcaptcha
Group=mcaptcha
WorkingDirectory=/home/mcaptcha/
ExecStart=/usr/local/bin/mcaptcha
Restart=always
Environment=USER=mcaptcha HOME=/home/mcaptcha
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,12 @@
server {
listen 80;
listen [::]:80;
server_name {{ mcaptcha_server_hostname }};
error_log /var/log/nginx/"{{ mcaptcha_server_hostname }}".error.log;
access_log /var/log/nginx/"{{ mcaptcha_server_hostname }}".access.log;
location / {
proxy_pass http://{{ mcaptcha_server_bind }}:{{ mcaptcha_server_port }};
proxy_set_header Host $host;
}
}

View file

@ -0,0 +1,136 @@
---
# Set this to the user ansible is logging in as - should have root
# or sudo access
mysql_user_home: "/home/{{ ansible_user_id }}"
mysql_user_name: "{{ ansible_user_id }}"
# The default root user installed by mysql - almost always root
mysql_root_home: /root
mysql_root_username: root
mysql_root_password: root
# Set this to `true` to forcibly update the root password.
mysql_root_password_update: true
mysql_user_password_update: true
mysql_enabled_on_startup: true
# Whether my.cnf should be updated on every run.
overwrite_global_mycnf: true
# The following variables have a default value depending on operating system.
# mysql_config_file: /etc/my.cnf
# mysql_config_include_dir: /etc/my.cnf.d
# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only
# for RedHat systems (and derivatives).
mysql_enablerepo: ""
# Define a custom list of packages to install; if none provided, the default
# package list from vars/[OS-family].yml will be used.
# mysql_packages:
# - mysql
# - mysql-server
# - MySQL-python
mysql_python_package_debian: python3-mysqldb
# MySQL connection settings.
mysql_port: "3306"
mysql_bind_address: '0.0.0.0'
mysql_skip_name_resolve: false
mysql_datadir: /var/lib/mysql
mysql_sql_mode: ~
# The following variables have a default value depending on operating system.
# mysql_pid_file: /var/run/mysqld/mysqld.pid
# mysql_socket: /var/lib/mysql/mysql.sock
# Log file settings.
mysql_log_file_group: mysql
# Slow query log settings.
mysql_slow_query_log_enabled: false
mysql_slow_query_time: "2"
# The following variable has a default value depending on operating system.
# mysql_slow_query_log_file: /var/log/mysql-slow.log
# Memory settings (default values optimized ~512MB RAM).
mysql_key_buffer_size: "256M"
mysql_max_allowed_packet: "64M"
mysql_table_open_cache: "256"
mysql_sort_buffer_size: "1M"
mysql_read_buffer_size: "1M"
mysql_read_rnd_buffer_size: "4M"
mysql_myisam_sort_buffer_size: "64M"
mysql_thread_cache_size: "8"
mysql_query_cache_type: "0"
mysql_query_cache_size: "16M"
mysql_query_cache_limit: "1M"
mysql_max_connections: "151"
mysql_tmp_table_size: "16M"
mysql_max_heap_table_size: "16M"
mysql_group_concat_max_len: "1024"
mysql_join_buffer_size: "262144"
# Other settings.
mysql_lower_case_table_names: "0"
mysql_wait_timeout: "28800"
mysql_event_scheduler_state: "OFF"
# InnoDB settings.
mysql_innodb_file_per_table: "1"
# Set .._buffer_pool_size up to 80% of RAM but beware of setting too high.
mysql_innodb_buffer_pool_size: "256M"
# Set .._log_file_size to 25% of buffer pool size.
mysql_innodb_log_file_size: "64M"
mysql_innodb_log_buffer_size: "8M"
mysql_innodb_flush_log_at_trx_commit: "1"
mysql_innodb_lock_wait_timeout: "50"
# These settings require MySQL > 5.5.
mysql_innodb_large_prefix: "1"
mysql_innodb_file_format: "barracuda"
# mysqldump settings.
mysql_mysqldump_max_allowed_packet: "64M"
# Logging settings.
mysql_log: ""
# The following variables have a default value depending on operating system.
# mysql_log_error: /var/log/mysql/mysql.err
# mysql_syslog_tag: mysql
mysql_config_include_files: []
# - src: path/relative/to/playbook/file.cnf
# - { src: path/relative/to/playbook/anotherfile.cnf, force: yes }
# Databases.
mysql_databases:
- name: mcaptcha
collation: utf8_general_ci
encoding: utf8
replicate: 1
# Users.
mysql_users:
- name: mcaptcha
priv: "mcaptcha.*:ALL"
password: "{{ database_password }}"
mysql_disable_log_bin: false
# Replication settings (replication is only enabled if master/user have values).
mysql_server_id: "1"
mysql_max_binlog_size: "100M"
mysql_binlog_format: "ROW"
mysql_expire_logs_days: "10"
mysql_replication_role: ''
mysql_replication_master: ''
mysql_replication_master_inventory_host: "{{ mysql_replication_master }}"
# Same keys as `mysql_users` above.
mysql_replication_user:
- name: mcaptcha
host: 127.0.0.1
mysql_hide_passwords: false

View file

@ -0,0 +1,48 @@
# Set postgresql state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
postgresql_restarted_state: "restarted"
postgresql_python_library: python-psycopg2
postgresql_user: postgres
postgresql_group: postgres
# `md5` or `scram-sha-256` (https://www.postgresql.org/docs/10/auth-methods.html)
postgresql_auth_method: "md5"
postgresql_unix_socket_directories:
- /var/run/postgresql
postgresql_service_state: started
postgresql_service_enabled: true
# Global configuration options that will be set in postgresql.conf.
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
- option: log_directory
value: 'log'
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
# variable's defaults reflect the defaults that come with a fresh installation.
postgresql_hba_entries:
- {type: local, database: all, user: postgres, auth_method: peer}
- {type: local, database: all, user: all, auth_method: peer}
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"}
- {type: host, database: all, user: all, address: '::1/128', auth_method: "{{ postgresql_auth_method }}"}
# Debian only. Used to generate the locales used by PostgreSQL databases.
postgresql_locales:
- 'en_US.UTF-8'
# Users to ensure exist.
postgresql_users:
- name: "{{ database_owner }}" #required; the rest are optional
password: "{{ database_password }}"
# Databases to ensure exist.
postgresql_databases:
- name: "{{ database_name }}" # required; the rest are optional
owner: "{{ database_owner }}"
# Whether to output user data when managing users.
postgres_users_no_log: true

View file

@ -0,0 +1,70 @@
database_type: "postgres" # REQUIRED. options: "mariadb", "postgres"
cache_type: "redis" # REQUIRED. options: "embedded", "redis"
# database user
database_owner: "mcaptcha"
database_name: "mcaptcha"
# AUTO-GENERATED. database password
database_password: "{{ lookup('ansible.builtin.password', 'credentials/database_password', chars=['ascii_leters', 'digits'], length=32) }}"
# Database connection pool
mcaptcha_database_pool: 4
# debug logging
mcaptcha_debug: false
# doens't do anything at the moment
mcaptcha_commercial: false
# create demo user and allow demo login
mcaptcha_allow_demo: false
# allow registration of new accounts. Required for the first user account.
# Please edit to set to "false" and re-rerun playbook if registration is
# undesirable.
mcaptcha_allow_registration: true
# AUTO-GENERATED. Randomly generated unique value for signing cookies.
mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
# REQUIRED. mcaptcha server port. Won't be exposed to internet, change if something else
# is listening on binding IP and port combination.
mcaptcha_server_port: 7000
# REQUIRED. bind to IP. If using reverse proxy (playbook installs and configures nginx), set to 127.0.0.1.
mcaptcha_server_bind: "127.0.0.1"
# REQUIRED. hostname of the mcaptcha installation. Incorrect hostname will cause login failures.
mcaptcha_server_hostname: "mcaptcha.local"
# AUTO-GENERATED. IGNORE if unfamiliar.
mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
# IGNORE if unfamiliar. # garbage collection period to manage mCaptcha system
# mcaptcha_captcha_gc: 30
# IGNORE if unfamiliar. Number of threads used to validate Proof-of-Work (PoW)
# mcaptcha_captcha_runners: 4
# IGNORE if unfamiliar. Maximum pending jobs in queue for PoW validation
# mcaptcha_captcha_queue_length: 2000
# Store PoW compute time statistics
mcaptcha_captcha_enable_stats: true
# IGNORE if unfamiliar. Difficulty factor for average traffic. Used in "easy mode" CAPTCHA configuration generation.
#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
# IGNORE if unfamiliar. Difficulty factor for peak traffic levels. Used in "easy mode" CAPTCHA configuration generation.
#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
# IGNORE if unfamiliar. Difficulty factor for maximum traffic levels. Used in "easy mode" CAPTCHA configuration generation.
#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s
# IGNORE if unfamiliar. Default cooldown period in seconds for "easy mode".
mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
# Redis instance URL
mcaptcha_redis_url: "redis://127.0.0.1"
# Redis connection pool
mcaptcha_redis_pool: 4
# smtp configuration
mcaptcha_smtp_from: "admin@localhost"
mcaptcha_smtp_reply: "admin@localhost"
mcaptcha_smtp_url: "127.0.0.1"
mcaptcha_smtp_port: 10025
mcaptcha_smtp_username: "admin"
mcaptcha_smtp_password: "password"
#[survey]
#nodes = ["http://localhost:7001"]
#rate_limit = 10 # upload every hour
#instance_root_url = "http://localhost:7000"

21
renovate.json Normal file
View file

@ -0,0 +1,21 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":dependencyDashboard"
],
"labels": [
"renovate-bot"
],
"prHourlyLimit": 0,
"timezone": "Asia/kolkata",
"prCreation": "immediate",
"vulnerabilityAlerts": {
"enabled": true,
"labels": [
"renovate-bot",
"renovate-security",
"security"
]
}
}

View file

@ -1,289 +1,31 @@
ansible==8.1.0
ansible-core==2.15.1
certifi==2023.5.7
cffi==1.15.1
charset-normalizer==3.2.0
ansible==9.1.0
ansible-core==2.16.2
certifi==2023.11.17
cffi==1.16.0
charset-normalizer==3.3.2
contextvars==2.4
cryptography==41.0.2
cryptography==41.0.7
distro==1.8.0
execnet==2.0.2
idna==3.4
immutables==0.19
idna==3.6
immutables==0.20
iniconfig==2.0.0
Jinja2==3.1.2
jmespath==1.0.1
looseversion==1.3.0
MarkupSafe==2.1.3
msgpack==1.0.5
packaging==23.1
pluggy==1.2.0
psutil==5.9.5
msgpack==1.0.7
packaging==23.2
pluggy==1.3.0
psutil==5.9.6
pycparser==2.21
pycryptodomex==3.18.0
pytest==7.4.0
pytest-testinfra==8.1.0
pytest-xdist==3.3.1
PyYAML==6.0
pyzmq==25.0.2
requests==2.31.0
resolvelib==1.0.1
salt==3006.1
urllib3==2.0.3
airdrop-ng==1.1
airgraph-ng==1.1
apparmor==3.1.6
appdirs==1.4.4
argcomplete==2.0.0
asttokens==2.2.1
async-timeout==4.0.2
attrs==22.2.0
autocommand==2.2.2
autopage==0.5.1
Babel==2.12.1
beautifulsoup4==4.12.2
binwalk==2.3.3
black==23.7.0
borgbackup==1.2.4
Brlapi==0.8.5
btrfsutil==6.3.3
certifi==2023.7.22
cffi==1.15.1
chardet==5.2.0
charset-normalizer==3.2.0
click==8.1.6
cliff==4.3.0
cmd2==2.4.3
codespell==2.2.5
colorama==0.4.6
ConfigArgParse==1.5.3
contourpy==1.1.0
crit==3.18
cryptography==41.0.3
cupshelpers==1.0
cycler==0.11.0
Cython==3.0.0
dbus-python==1.3.2
debtcollector==2.5.0
decorator==5.1.1
defusedxml==0.7.1
deprecation==2.1.0
devtools==0.11.0
distlib==0.3.7
distro==1.8.0
dnspython==2.3.0
dogpile.cache==1.1.8
executing==1.2.0
fastjsonschema==2.18.0
filelock==3.12.2
fonttools==4.42.0
gevent==22.10.2
git-filter-repo==2.38.0
gpg==1.21.0
greenlet==2.0.2
html5lib==1.1
httpie==3.2.1
idna==3.4
importlib-metadata==5.0.0
inflect==7.0.0
iotop==0.6
iso8601==2.0.0
jaraco.context==4.3.0
jaraco.functools==3.8.1
jaraco.text==3.11.1
jedi==0.18.2
jmespath==1.0.1
jsonpatch==1.33
jsonpointer==2.4
jsonschema==4.19.0
jsonschema-specifications==2023.7.1
keystoneauth1==5.2.1
kiwisolver==1.4.4
lensfun==0.3.4
LibAppArmor==3.1.6
libfdt==1.7.0
libtorrent==2.0.9
libvirt-python==9.6.0
lit==15.0.7.dev0
louis==3.26.0
lxml==4.9.2
Mako==1.2.4
mallard-ducktype==1.0.2
Markdown==3.4.4
markdown-it-py==2.2.0
MarkupSafe==2.1.3
matplotlib==3.7.2
mdurl==0.1.2
MemoizeDB==2021.11.20.2.41.2
meson==1.2.1
more-itertools==10.1.0
msgpack==1.0.5
multidict==6.0.4
mypy-extensions==1.0.0
netaddr==0.8.0
netifaces==0.11.0
nftables==0.1
numpy==1.25.1
openshot-qt==3.1.1
openstacksdk==1.0.1
ordered-set==4.1.0
os-service-types==1.7.0
osc-lib==2.8.0
oslo.config==9.1.1
oslo.i18n==6.0.0
oslo.serialization==5.1.1
oslo.utils==6.1.0
packaging==23.1
parso==0.8.3
pathspec==0.11.2
pbr==5.11.1
perf==0.1
Pillow==10.0.0
pipenv==2023.7.23
pipx==1.2.0
platformdirs==3.10.0
ply==3.11
pm2ml==2021.11.20.2.41.2
pooch==1.7.0
Powerpill==2021.11.20.2.41.2
prettytable==3.6.0
protobuf==4.23.4
psutil==5.9.5
pwquality==1.4.5
pyalpm==0.10.6
pyasn1==0.4.8
pybind11==2.11.1
pycairo==1.24.0
pycparser==2.21
pycups==2.0.1
pycurl==7.45.2
pydantic==1.10.9
Pygments==2.16.1
PyGObject==3.44.1
pynvim==0.4.3
pyOpenSSL==23.2.0
pyparsing==3.0.9
pyperclip==1.8.2
PyQt5==5.15.9
PyQt5-sip==12.12.2
PyQtWebEngine==5.15.6
pyrsistent==0.19.3
pysequoia==0.1.20
PySocks==1.7.1
python-cinderclient==9.3.0
python-dateutil==2.8.2
python-glanceclient==4.1.0
python-keystoneclient==5.1.0
python-novaclient==18.3.0
python-openstackclient==6.2.0
pytz==2023.3
pyxdg==0.28
pycryptodomex==3.19.0
pytest==7.4.3
pytest-testinfra==10.0.0
pytest-xdist==3.5.0
PyYAML==6.0.1
pyzmq==25.1.1
redis==4.6.0
referencing==0.30.2
Reflector==2023.6.28.0.36.1
requests==2.28.2
requests-toolbelt==1.0.0
requestsexceptions==1.4.0
rfc3986==2.0.0
rich==13.5.2
rpds-py==0.9.2
rpm==4.18.1
scipy==1.11.1
simplejson==3.19.1
six==1.16.0
soupsieve==2.4.1
stevedore==5.1.0
TBB==0.2
tomli==2.0.1
torbrowser-launcher==0.3.6
tqdm==4.65.0
trash-cli==0.23.2.13.2
trimage==1.0.6
trove-classifiers==2023.8.8
typing_extensions==4.7.1
uc-micro-py==1.0.2
ufw==0.36.2
urllib3==1.26.15
userpath==1.8.0
validate-pyproject==0.13.post1.dev0+gb752273.d20230520
vboxapi==1.0
virtualenv==20.24.3
virtualenv-clone==0.5.7
warlock==2.0.1
wcwidth==0.2.6
webencodings==0.5.1
wrapt==1.14.1
XCGF==2021.11.20.2.41.3
XCPF==2021.12.24.10.22.41
youtube-dl==2021.12.17
yt-dlp==2023.7.6
zipp==3.16.2
zope.event==5.0
zope.interface==6.0
ansible==8.1.0
ansible-compat==4.1.6
ansible-core==2.15.1
ansible-lint==6.17.2
astroid==2.15.6
attrs==23.1.0
black==23.7.0
bracex==2.3.post1
certifi==2023.5.7
cffi==1.15.1
charset-normalizer==3.2.0
click==8.1.6
contextvars==2.4
cryptography==41.0.2
dill==0.3.7
distro==1.8.0
execnet==2.0.2
filelock==3.12.2
gitdb==4.0.10
GitPython==3.1.32
idna==3.4
immutables==0.19
iniconfig==2.0.0
isort==5.12.0
Jinja2==3.1.2
jmespath==1.0.1
jsonschema==4.19.0
jsonschema-specifications==2023.7.1
lazy-object-proxy==1.9.0
lint==1.2.1
looseversion==1.3.0
markdown-it-py==3.0.0
MarkupSafe==2.1.3
mccabe==0.7.0
mdurl==0.1.2
msgpack==1.0.5
mypy-extensions==1.0.0
packaging==23.1
pathspec==0.11.2
platformdirs==3.10.0
pluggy==1.2.0
psutil==5.9.5
pycparser==2.21
pycryptodomex==3.18.0
Pygments==2.16.1
pylint==2.17.5
pytest==7.4.0
pytest-testinfra==8.1.0
pytest-xdist==3.3.1
PyYAML==6.0
pyzmq==25.0.2
referencing==0.30.2
pyzmq==25.1.2
requests==2.31.0
resolvelib==1.0.1
rich==13.5.2
rpds-py==0.9.2
ruamel.yaml==0.17.32
ruamel.yaml.clib==0.2.7
salt==3006.1
smmap==5.0.0
subprocess-tee==0.4.1
tomlkit==0.12.1
urllib3==2.0.3
wcmatch==8.4.1
wrapt==1.15.0
yamllint==1.32.0
salt==3006.4
urllib3==2.1.0

84
scripts/ci.sh Executable file
View file

@ -0,0 +1,84 @@
#!/bin/bash
# ci.sh: Helper script to automate deployment operations on CI/CD
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -xEeuo pipefail
#source $(pwd)/scripts/lib.sh
readonly SSH_ID_FILE=/tmp/ci-ssh-id
match_arg() {
if [ $1 == $2 ] || [ $1 == $3 ]
then
return 0
else
return 1
fi
}
help() {
cat << EOF
USAGE: ci.sh [SUBCOMMAND]
Helper script to automate deployment operations on CI/CD
Subcommands
-c --clean cleanup secrets, SSH key and other runtime data
-i --init <SSH_PRIVATE_KEY> initialize environment, write SSH private to file
-h --help print this help menu
EOF
}
# $1: SSH private key
write_ssh(){
truncate --size 0 $SSH_ID_FILE
echo "$1" > $SSH_ID_FILE
chmod 600 $SSH_ID_FILE
}
clean() {
if [ -f $SSH_ID_FILE ]
then
shred $SSH_ID_FILE
rm $SSH_ID_FILE
fi
}
if (( "$#" < 1 ))
then
help
exit -1
fi
if match_arg $1 '-i' '--init'
then
if (( "$#" < 2 ))
then
help
exit -1
fi
write_ssh "$2"
elif match_arg $1 '-c' '--clean'
then
clean
elif match_arg $1 '-h' '--help'
then
help
else
help
fi

View file

@ -0,0 +1,5 @@
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ci-ssh-id&sshauth=privkey&no_verify=1"
libvirt_pool_path = "/home/mcaptcha-ci/libvirt/pool/mcaptcha_basic"
libvirt_debian_src = "http://192.168.0.102/debian-12-generic-amd64.qcow2"
macvtap_ethernet_interface = "enp2s0"
ssh_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCYagT9/PXoeaUae7Z3BKOPKBiEvJsCTUIhPCcRp5fb mcaptcha-ci@hellbat.batsense.net"

View file

@ -1,10 +1,17 @@
#cloud-config
# vim: syntax=yaml
packages:
- sudo
- qemu-guest-agent
runcmd:
- [ systemctl, daemon-reload ]
- [ systemctl, enable, qemu-guest-agent.service ]
- [ systemctl, start, --wait, qemu-guest-agent.service ]
users:
- name: root
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com
- ${ssh_public_key}
- name: atm
gecos: Aravinth Manivannan
groups: users, admin
@ -13,7 +20,7 @@ users:
lock_passwd: true
plain_text_passwd: fooabr12
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com
- ${ssh_public_key}
ssh_pwauth: true
chpasswd:

View file

@ -32,6 +32,9 @@ resource "libvirt_volume" "debian-mcaptcha-qcow2" {
data "template_file" "user_data" {
template = file("${path.module}/cloud_init.cfg")
vars = {
ssh_public_key = var.ssh_public_key
}
}
data "template_file" "network_config" {

View file

@ -13,9 +13,10 @@ resource "libvirt_volume" "mcaptcha_volume" {
resource "libvirt_domain" "mcaptcha_mcaptcha" {
count = var.mcaptcha_vm_count
name = "mcaptcha_mcaptcha_${count.index}"
memory = var.mcaptcha_vm_memory
vcpu = var.mcaptcha_vm_vcpu
name = "mcaptcha_mcaptcha_${count.index}"
memory = var.mcaptcha_vm_memory
vcpu = var.mcaptcha_vm_vcpu
qemu_agent = true
cloudinit = libvirt_cloudinit_disk.commoninit.id
@ -31,8 +32,9 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" {
target_port = "1"
}
network_interface {
network_name = "default"
macvtap = var.macvtap_ethernet_interface
wait_for_lease = true
}
@ -41,6 +43,8 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" {
}
}
locals {
mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]]
mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name]

View file

@ -2,3 +2,4 @@ version: 2
ethernets:
ens3:
dhcp4: true
# ip: 192.168.0.115

View file

@ -12,7 +12,7 @@ resource "local_file" "hosts_yml" {
{
mcaptcha_vms_ips = local.mcaptcha_vm_ips,
mcaptcha_vms_names = local.mcaptcha_vm_names,
mcaptcha_vms = local.mcaptcha_vm_map
mcaptcha_vms = local.mcaptcha_vm_map
})

View file

@ -44,3 +44,15 @@ variable "mcaptcha_vm_vcpu" {
type = number
default = 4
}
variable "macvtap_ethernet_interface" {
description = "Ethernet interface on the host machine that can be used as macvtap"
type = string
default = "enp2s0"
}
variable "ssh_public_key" {
description = "Set up SSH login for this public key"
type = string
default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com"
}

39
tests/mcaptcha/base.py Normal file
View file

@ -0,0 +1,39 @@
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import os
import requests
def test_mcaptcha_nginx_is_listening(host):
socket = host.socket(f"tcp://127.0.0.1:80")
assert socket.is_listening
def test_mcaptcha_config_exists(host):
config = host.file("/etc/mcaptcha/config.toml")
assert config.exists
assert config.is_file
def test_mcaptcha_health(host):
url = f"http://{host.interface.default().addresses[0]}/api/v1/meta/health"
resp = requests.get(url, headers={"Host": "mcaptcha.local"})
assert resp.status_code == 200
data = resp.json()
if "redis" in data:
assert data["redis"] is True
assert data["db"] is True
def test_nginx_service_running_and_enabled(host):
service = host.service("nginx")
assert service.is_running
assert service.is_enabled
def test_mcaptcha_service_running_and_enabled(host):
service = host.service("mcaptcha")
assert service.is_running
assert service.is_enabled