From 602d84cf735b444d3af6c628dfc9b63b7afb0d46 Mon Sep 17 00:00:00 2001 From: staffadmin Date: Mon, 25 Sep 2023 12:45:21 +0200 Subject: [PATCH] chisel --- chisel.yml | 13 ++++++++++- group_vars/perso.yml | 6 +++++ host_vars/ovh_fr.yml | 2 -- host_vars/scaleway_fr.yml | 47 ++++++++++++++++++++++++++++----------- 4 files changed, 52 insertions(+), 16 deletions(-) diff --git a/chisel.yml b/chisel.yml index 209414d..25ed8ee 100644 --- a/chisel.yml +++ b/chisel.yml @@ -22,6 +22,13 @@ when: "{{ chisel_server|default(false) }} is true" tags: chisel-server + - name: Reload service httpd, in all cases + ansible.builtin.service: + name: chisel-server + state: reloaded + when: "{{ chisel_server|default(false) }} is true" + tags: chisel-server + # - name: Ensure gzip is installed | Client # ansible.builtin.apt: # name: gzip @@ -54,4 +61,8 @@ # - name: "Unpack chisel to {{ chisel_install_destination }}" # noqa: no-changed-when # ansible.builtin.shell: "gunzip -c {{ chisel_download_destination }} > {{ chisel_install_destination }}" # register: gunzip_output - # when: not chisel.stat.exists or chisel_version != chisel_installed_version \ No newline at end of file + # when: not chisel.stat.exists or chisel_version != chisel_installed_version + + +# Done chisel Server +# TODO client (no role) remove-client remove-server \ No newline at end of file diff --git a/group_vars/perso.yml b/group_vars/perso.yml index 5fd8988..83ebe0c 100644 --- a/group_vars/perso.yml +++ b/group_vars/perso.yml @@ -111,3 +111,9 @@ alert_list_server: - '"163.172.84.28"' - '"37.187.127.90"' alert_server_ssl: gitea.jingoh.fr + + ########## + # CHISEL # + ########## + +chisel_basic_auth: "user:pass" \ No newline at end of file diff --git a/host_vars/ovh_fr.yml b/host_vars/ovh_fr.yml index 4783db9..d68f2fc 100644 --- a/host_vars/ovh_fr.yml +++ b/host_vars/ovh_fr.yml @@ -1,6 +1,4 @@ --- -# apt_repositories: -# - http://nova.clouds.archive.ubuntu.com apt_repositories_sources: - deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal main restricted - deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal-updates main restricted diff --git a/host_vars/scaleway_fr.yml b/host_vars/scaleway_fr.yml index 5dddf80..f5fdcdf 100644 --- a/host_vars/scaleway_fr.yml +++ b/host_vars/scaleway_fr.yml @@ -1,7 +1,12 @@ --- -# apt_repositories: -# - http://mirrors.online.net + ####### + # APT # + ####### +apt_packages: + - name: openssh-server + - name: proxychains + apt_repositories_sources: - deb http://mirrors.online.net/ubuntu focal main restricted - deb http://mirrors.online.net/ubuntu focal-updates main restricted @@ -14,6 +19,10 @@ apt_repositories_sources: - deb http://security.ubuntu.com/ubuntu focal-security universe - deb http://security.ubuntu.com/ubuntu focal-security multiverse + ############ + # ALERTING # + ############ + alerts_cron: - name: storage weekday: 0 @@ -72,6 +81,18 @@ alerts_cron: job: "/usr/local/scripts/alerts.sh backup_vault >/dev/null 2>&1" cron_file: alerts +alerts_storage: scaleway +alerts_load: scaleway +alerts_ping: ovh +alerts_health: scaleway +alerts_backup_gitea: scaleway +alerts_backup_vault: scaleway +alerts_cpu: scaleway +alerts_ssl: scaleway + + ############## + # LOG ROTATE # + ############## logrotate_scripts: - name: backup @@ -103,16 +124,6 @@ logrotate_scripts: - name: restart traefrik script: docker-compose restart traefrik -alerts_storage: scaleway -alerts_load: scaleway -alerts_ping: ovh -alerts_health: scaleway -alerts_backup_gitea: scaleway -alerts_backup_vault: scaleway -alerts_cpu: scaleway -alerts_ssl: scaleway - - ########## # CHISEL # @@ -124,9 +135,19 @@ chisel_config_name: chisel-server chisel_server_host: 163.172.84.28 chisel_server_port: 8080 chisel_proxychains_conf: +# chisel enable socks5 - path: "/etc/chisel/{{ chisel_config_name }}" - regexp: "^SOCK5=--sock5" + regexp: "^SOCK5=--socks5" state: present +# chisel enable reverse + - path: "/etc/chisel/{{ chisel_config_name }}" + regexp: "^PID=--reverse" + state: present +# chisel set up basic auth + - path: "/etc/chisel/{{ chisel_config_name }}" + regexp: "^AUTH=--auth {{ chisel_basic_auth }}" + state: present +# proxychains replace socks4 to socks5 - path: "/etc/proxychains.conf" regexp: "^socks4 127.0.0.1 9050" state: "absent"