wip-mcaptcha-mcaptcha #3
3 changed files with 150 additions and 0 deletions
7
ansible/roles/mcaptcha/handlers/main.yml
Normal file
7
ansible/roles/mcaptcha/handlers/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
- name: restart mcaptcha
|
||||
listen: restart mcaptcha
|
||||
become: true
|
||||
ansible.builtin.service:
|
||||
name: mcaptcha
|
||||
enabled: true
|
||||
state: restarted
|
82
ansible/roles/mcaptcha/tasks/main.yml
Normal file
82
ansible/roles/mcaptcha/tasks/main.yml
Normal file
|
@ -0,0 +1,82 @@
|
|||
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
---
|
||||
- name: Create mCaptcha systemd user
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: mcaptcha
|
||||
state: present
|
||||
system: true
|
||||
comment: mCaptcha systemd user
|
||||
|
||||
- name: Create download dir
|
||||
ansible.builtin.file:
|
||||
path: /tmp/mcaptcha-dl
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Download binary
|
||||
ansible.builtin.get_url:
|
||||
url: https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz
|
||||
dest: /tmp/mcaptcha-dl
|
||||
checksum: sha256:https://dl.mcaptcha.org/mcaptcha/mCaptcha/master/mcaptcha-master-linux-amd64.tar.gz.sha256
|
||||
|
||||
- name: Extract mcaptcha-master-linux-amd64.tar.gz into /var/lib/foo
|
||||
ansible.builtin.unarchive:
|
||||
src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64.tar.gz
|
||||
remote_src: true
|
||||
dest: /tmp/mcaptcha-dl/
|
||||
|
||||
- name: Install binary
|
||||
become: true
|
||||
notify: restart mcaptcha
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/mcaptcha-dl/mcaptcha-master-linux-amd64/mcaptcha
|
||||
remote_src: true
|
||||
dest: /usr/local/bin/mcaptcha
|
||||
owner: root
|
||||
group: root
|
||||
force: true
|
||||
mode: "0755"
|
||||
|
||||
- name: Copy mCaptcha systemd servicefile
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: ./artifacts/mcaptcha/mcaptcha.service
|
||||
dest: /etc/systemd/system/
|
||||
owner: root
|
||||
group: root
|
||||
force: true
|
||||
mode: "0777"
|
||||
|
||||
- name: Create mCaptcha config dir
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: /etc/mcaptcha
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Copy mCaptcha systemd servicefile
|
||||
become: true
|
||||
notify: restart mcaptcha
|
||||
ansible.builtin.template:
|
||||
src: ./templates/mcaptcha/config.toml.j2
|
||||
dest: /etc/mcaptcha/config.toml
|
||||
owner: root
|
||||
group: root
|
||||
force: true
|
||||
mode: "0644"
|
||||
|
||||
- name: Run mCaptcha as a systemd service
|
||||
become: true
|
||||
ansible.builtin.systemd_service:
|
||||
name: mcaptcha
|
||||
daemon_reload: true
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Delete download dir
|
||||
ansible.builtin.file:
|
||||
path: /tmp/mcaptcha-dl
|
||||
state: absent
|
61
ansible/vars/mcaptcha/mcaptcha.yml
Normal file
61
ansible/vars/mcaptcha/mcaptcha.yml
Normal file
|
@ -0,0 +1,61 @@
|
|||
mcaptcha_debug: false
|
||||
# mcaptcha_source_code: 'https://github.com/mCaptcha/mCaptcha'
|
||||
mcaptcha_commercial: false
|
||||
mcaptcha_allow_demo: false
|
||||
mcaptcha_allow_registration: false
|
||||
|
||||
# Please set a unique value, your mCaptcha instance's security depends on this being
|
||||
# unique
|
||||
mcaptcha_server_cookie_secret: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_server_cookie_secret', chars=['ascii_leters', 'digits'], length=32) }}"
|
||||
mcaptcha_server_port: 7000
|
||||
mcaptcha_server_bind: "127.0.0.1"
|
||||
mcaptcha_server_hostname: "mcaptcha.local"
|
||||
# Set true if you have setup TLS with a reverse proxy like Nginx.
|
||||
# Does HTTPS redirect and sends additional headers that can only be used if
|
||||
# HTTPS available to improve security
|
||||
#mcaptcha_proxy_has_tls: false
|
||||
|
||||
# Please set a unique value, your mCaptcha instance's security depends on this being
|
||||
# unique
|
||||
mcaptcha_captcha_salt: "{{ lookup('ansible.builtin.password', 'credentials/mcaptcha_captha_salt', chars=['ascii_leters', 'digits'], length=32) }}"
|
||||
# garbage collection period to manage mCaptcha system
|
||||
# leave untouched if you don't know what you are doing
|
||||
# mcaptcha_captcha_gc: 30
|
||||
# mcaptcha_captcha_runners: 4
|
||||
# mcaptcha_captcha_queue_length: 2000
|
||||
mcaptcha_captcha_enable_stats: true
|
||||
|
||||
#mcaptcha_captcha_default_difficulty_strategy_avg_traffic_difficulty: 50000 # almost instant solution
|
||||
#mcaptcha_captcha_default_difficulty_strategy_peak_sustainable_traffic_difficulty: 3000000 # roughly 1.5s
|
||||
#mcaptcha_captcha_default_difficulty_strategy_broke_my_site_traffic_difficulty: 5000000 # greater than 3.5s
|
||||
# cooldown period in seconds
|
||||
mcaptcha_captcha_default_difficulty_strategy_avg_duration: 30
|
||||
|
||||
#{% if database_type == 'postgres' %}
|
||||
# {% set mcaptcha_database_url = "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}" %}
|
||||
#{% else %}
|
||||
# {% set mcaptcha_database_url = "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}" %}
|
||||
#{% endif %}
|
||||
#mcaptcha_database_url: "mysql://{{ database_owner }}:{{ database_password }}@localhost/{{ database_name }}"
|
||||
#mcaptcha_database_url: "postgres://{{ database_owner }}:{{ database_password }}@localhost:5432/{{ database_name }}"
|
||||
# mysql://mcaptcha:password@localhost/mcaptcha"
|
||||
mcaptcha_database_pool: 4
|
||||
#mcaptcha_database_url: "{{ mcaptcha_database_url }}"
|
||||
|
||||
mcaptcha_redis_url: "redis://127.0.0.1"
|
||||
mcaptcha_redis_pool: 4
|
||||
|
||||
mcaptcha_redis_url: "redis://127.0.0.1"
|
||||
mcaptcha_redis_pool: 4
|
||||
|
||||
|
||||
mcaptcha_smtp_from: "admin@localhost"
|
||||
mcaptcha_smtp_reply: "admin@localhost"
|
||||
mcaptcha_smtp_url: "127.0.0.1"
|
||||
mcaptcha_smtp_port: 10025
|
||||
mcaptcha_smtp_username: "admin"
|
||||
mcaptcha_smtp_password: "password"
|
||||
#[survey]
|
||||
#nodes = ["http://localhost:7001"]
|
||||
#rate_limit = 10 # upload every hour
|
||||
#instance_root_url = "http://localhost:7000"
|
Loading…
Reference in a new issue