blob: c92182202f9b727370b1fa720a6a9ff5b89fe78b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
- hosts: wumpus
remote_user: root
roles:
- sshd
- sane_debian_system
- unix_users
tasks:
- name: "Install packages"
apt:
name:
- ewww
- psmisc
- curl
- rsync
- wumpus-hunter
state: present
- name: "Create /srv/wumpus"
file:
state: directory
path: /srv/wumpus
owner: wumpus
group: wumpus
mode: 0755
- name: "Create ewww config directory"
file:
state: directory
path: /etc/ewww
- name: "Install ewww config"
copy:
content: |
webroot: /srv/wumpus
listen: "0.0.0.0:443"
tls_cert: /etc/ewww/tls.pem
tls_key: /etc/ewww/tls.key
dest: /etc/ewww/ewww.yaml
- name: "Install TLS cert"
copy:
content: |
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx
EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz
NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7
uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z
Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO
FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH
pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk
zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX
h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob
7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk
xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa
WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP
NdZiSNvGZAbEnmMnNCEYMO3wVA==
-----END CERTIFICATE-----
dest: /etc/ewww/tls.pem
- name: "Install TLS key"
copy:
content: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP
+3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D
LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ
GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H
i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi
qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj
ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG
qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1
iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T
AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K
EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7
vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU
PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I
E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm
uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco
eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g
T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci
gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW
GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf
psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj
DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R
Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra
udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e
4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI
cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g==
-----END RSA PRIVATE KEY-----
dest: /etc/ewww/tls.key
- name: "Enable and start ewww service"
systemd:
name: ewww
state: restarted
enabled: yes
daemon_reload: yes
- name: "create directory for temporary wumpus files"
file:
state: directory
path: /srv/tmp
owner: wumpus
group: wumpus
- name: "install wumpus hunter config"
copy:
content: |
description: |
Test Radicle heartwood.
repository_url: https://seed.radicle.xyz/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git
git_ref: master
command: |
cargo test --locked --workspace
dest: /home/wumpus/wumpus.yaml
owner: wumpus
group: wumpus
- name: "install service unit for wumpus hunter"
copy:
content: |
[Unit]
Description=Wumpus hunter
After=network.target network-online.target
Requires=network-online.target
[Service]
User=wumpus
Group=wumpus
ExecStart=/usr/bin/wumpus-hunter run --logs /srv/wumpus /home/wumpus/wumpus.yaml
Environment=RUST_BACKTRACE=1 WUMPUS_LOG=info PATH=/home/wumpus/.cargo/bin:/bin:/sbin TMPDIR=/srv/tmp
KillMode=process
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/wumpus-hunter.service
- name: "(re)start systemd unit for the wumpus hunter"
systemd:
name: wumpus-hunter
state: restarted
masked: no
enabled: yes
daemon_reload: yes
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: "{{ inventory_hostname }}"
sane_debian_system_codename: bookworm
sane_debian_system_timezone: Europe/Helsinki
sane_debian_system_sources_lists:
- repo: deb http://apt.liw.fi/debian unstable main
signing_key: "{{ apt_liw_fi_signing_key }}"
unix_users_version: 2
unix_users:
- username: wumpus
comment: Wumpus hunter
sshd_version: 1
|