Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-05-14 04:08:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

start work on ansible installer

Browse source
This commit is contained in:
t3chn0m4g3 2023-06-21 23:21:11 +02:00
parent 4671dc8729
commit 29a445da4e
3 changed files with 221 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

165
installer/ansible/debian.yml Normal file
View file

@ -0,0 +1,165 @@
---
########################################
# T-Pot - Install recommended packages #
########################################
- name: T-Pot - Install recommended packages
hosts: all
gather_facts: true
become: true
tasks:
- name: Install recommended packages
package:
name:
- bash-completion
- ca-certificates
- curl
- git
- gnupg
- grc
- neovim
- net-tools
state: present
update-cache: yes
#################################################
# T-Pot - Prepare for and install Docker Engine #
#################################################
- name: T-Pot - Prepare for and install Docker Engine
hosts: all
gather_facts: true
become: true
tasks:
- name: Remove distribution based Docker packages
package:
name:
- docker
- docker-engine
- docker.io
- containerd
- runc
state: absent
update-cache: yes
- name: Add folder for Docker Engine GPG key
file:
path: /etc/apt/keyrings
state: directory
mode: 0755
- name: Download Docker Engine GPG key
get_url:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
dest: /etc/apt/keyrings/docker
mode: 0755
- name: Decrypt Docker Engine GPG key
shell: gpg --dearmor /etc/apt/keyrings/docker
args:
creates: /etc/apt/keyrings/docker.gpg
- name: Add Docker Engine repository
apt_repository:
filename: docker
repo: "deb [arch={{ ansible_architecture | replace('aarch64', 'arm64') }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
state: present
update-cache: yes
- name: Install Docker Engine packages
package:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: present
update-cache: yes
notify: Restart Docker
- name: Enable Docker Engine upon boot
systemd:
name: docker
state: started
enabled: yes
handlers:
- name: Restart Docker
ansible.builtin.service:
name: docker
state: restarted
enabled: true
######################################################
# T-Pot - Adjust configs, add users and groups, etc. #
######################################################
- name: T-Pot - Adjust configs, add users and groups, etc.
hosts: all
gather_facts: true
become: true
tasks:
- name: Create T-Pot group
group:
name: tpot
gid: 2000
state: present
- name: Create T-Pot user
user:
name: tpot
uid: 2000
system: yes
shell: /bin/false
home: /nonexistent
group: tpot
- name: Change SSH Port to 64295
lineinfile:
path: /etc/ssh/sshd_config
line: "Port 64295"
insertafter: EOF
notify: Restart SSH
handlers:
- name: Restart SSH
ansible.builtin.service:
name: sshd
state: restarted
######################################
# T-Pot - Adjust group users, bashrc #
######################################
- name: T-Pot - Adjust group users, bashrc
hosts: all
gather_facts: true
tasks:
- name: Add aliases
blockinfile:
path: ~/.bashrc
block: |
alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\t{{'{{'}}.Status{{'}}'}}\t{{'{{'}}.Ports{{'}}'}}" | sort'
alias dpsw='watch -c bash -ic dps'
marker: "# {mark} ANSIBLE MANAGED BLOCK"
insertafter: EOF
state: present
- name: Add current user to Docker, T-Pot group
become: true
user:
name: "{{ ansible_user_id }}"
groups:
- docker
- tpot
append: yes
- name: Check for non-root user id
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
failed_when: ansible_user_id == "root"

29
installer/ansible/sudo.yml Normal file
View file

@ -0,0 +1,29 @@
---
# Become needs to happen in the task or root will be added to the sudo group instead of the user
- name: On Debian, check if sudo is installed
hosts: all
gather_facts: true
pre_tasks:
- name: Check for non-root user id
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
failed_when: ansible_user_id == "root"
- name: Install sudo package if not present already
become: true
become_method: su
apt:
name: sudo
state: present
update-cache: yes
when: ansible_distribution == "Debian"
- name: Add current user to sudo group
become: true
become_method: su
user:
name: "{{ ansible_user_id }}"
groups: sudo
append: yes
when: ansible_distribution == "Debian"

27
installer/ansible/sudo_del.yml Normal file
View file

@ -0,0 +1,27 @@
---
# Become needs to happen in the task or root will be added to the sudo group instead of the user
- name: On Debian, remove sudo
hosts: all
gather_facts: true
pre_tasks:
- name: Check for non-root user id
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
failed_when: ansible_user_id == "root"
- name: Remove current user from sudo group
become: true
become_method: su
command: gpasswd -d "{{ ansible_user_id }}" sudo
when: ansible_distribution == "Debian"
- name: Uninstall sudo package if present
become: true
become_method: su
apt:
name: sudo
state: absent
update-cache: no
when: ansible_distribution == "Debian"