chisel

chisel.yml

@@ -22,6 +22,13 @@
       when: "{{ chisel_server|default(false) }} is true"
       tags: chisel-server
 
+    - name: Reload service httpd, in all cases
+      ansible.builtin.service:
+        name: chisel-server
+        state: reloaded
+      when: "{{ chisel_server|default(false) }} is true"
+      tags: chisel-server
+
     # - name: Ensure gzip is installed | Client
     #   ansible.builtin.apt:
     #     name: gzip
@@ -54,4 +61,8 @@
     # - name: "Unpack chisel to {{ chisel_install_destination }}"    # noqa: no-changed-when
     #   ansible.builtin.shell: "gunzip -c {{ chisel_download_destination }} > {{ chisel_install_destination }}"
     #   register: gunzip_output
-    #   when: not chisel.stat.exists or chisel_version != chisel_installed_version
+    #   when: not chisel.stat.exists or chisel_version != chisel_installed_version
+
+
+# Done chisel Server
+# TODO client (no role) remove-client remove-server

group_vars/perso.yml

@@ -111,3 +111,9 @@ alert_list_server:
   - '"163.172.84.28"'
   - '"37.187.127.90"'
 alert_server_ssl: gitea.jingoh.fr
+
+  ##########
+  # CHISEL #
+  ##########
+
+chisel_basic_auth: "user:pass"

host_vars/ovh_fr.yml

@@ -1,6 +1,4 @@
 ---
-# apt_repositories: 
-#   - http://nova.clouds.archive.ubuntu.com      
 apt_repositories_sources:
   - deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal main restricted
   - deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal-updates main restricted

host_vars/scaleway_fr.yml

@@ -1,7 +1,12 @@
 ---
-# apt_repositories: 
-#   - http://mirrors.online.net      
+  #######
+  # APT #
+  #######
 
+apt_packages:
+  - name: openssh-server
+  - name: proxychains
+  
 apt_repositories_sources:
   - deb http://mirrors.online.net/ubuntu focal main restricted
   - deb http://mirrors.online.net/ubuntu focal-updates main restricted
@@ -14,6 +19,10 @@ apt_repositories_sources:
   - deb http://security.ubuntu.com/ubuntu focal-security universe
   - deb http://security.ubuntu.com/ubuntu focal-security multiverse
 
+  ############
+  # ALERTING #
+  ############
+
 alerts_cron:
   - name: storage
     weekday: 0
@@ -72,6 +81,18 @@ alerts_cron:
     job: "/usr/local/scripts/alerts.sh backup_vault >/dev/null 2>&1"
     cron_file: alerts
 
+alerts_storage: scaleway
+alerts_load: scaleway
+alerts_ping: ovh
+alerts_health: scaleway
+alerts_backup_gitea: scaleway
+alerts_backup_vault: scaleway
+alerts_cpu: scaleway
+alerts_ssl: scaleway
+
+  ##############
+  # LOG ROTATE #
+  ##############
 
 logrotate_scripts:
   - name: backup
@@ -103,16 +124,6 @@ logrotate_scripts:
       - name: restart traefrik
         script: docker-compose restart traefrik
 
-alerts_storage: scaleway
-alerts_load: scaleway
-alerts_ping: ovh
-alerts_health: scaleway
-alerts_backup_gitea: scaleway
-alerts_backup_vault: scaleway
-alerts_cpu: scaleway
-alerts_ssl: scaleway
-
-
 
 ##########
 # CHISEL #
@@ -124,9 +135,19 @@ chisel_config_name: chisel-server
 chisel_server_host: 163.172.84.28
 chisel_server_port: 8080
 chisel_proxychains_conf:
+# chisel enable socks5
   - path: "/etc/chisel/{{ chisel_config_name }}"
-    regexp: "^SOCK5=--sock5"
+    regexp: "^SOCK5=--socks5"
     state: present
+# chisel enable reverse
+  - path: "/etc/chisel/{{ chisel_config_name }}"
+    regexp: "^PID=--reverse"
+    state: present
+# chisel set up basic auth
+  - path: "/etc/chisel/{{ chisel_config_name }}"
+    regexp: "^AUTH=--auth {{ chisel_basic_auth }}"
+    state: present
+# proxychains replace socks4 to socks5
   - path: "/etc/proxychains.conf"
     regexp: "^socks4 	127.0.0.1 9050"
     state: "absent"