chisel
This commit is contained in:
11
chisel.yml
11
chisel.yml
@@ -22,6 +22,13 @@
|
|||||||
when: "{{ chisel_server|default(false) }} is true"
|
when: "{{ chisel_server|default(false) }} is true"
|
||||||
tags: chisel-server
|
tags: chisel-server
|
||||||
|
|
||||||
|
- name: Reload service httpd, in all cases
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: chisel-server
|
||||||
|
state: reloaded
|
||||||
|
when: "{{ chisel_server|default(false) }} is true"
|
||||||
|
tags: chisel-server
|
||||||
|
|
||||||
# - name: Ensure gzip is installed | Client
|
# - name: Ensure gzip is installed | Client
|
||||||
# ansible.builtin.apt:
|
# ansible.builtin.apt:
|
||||||
# name: gzip
|
# name: gzip
|
||||||
@@ -55,3 +62,7 @@
|
|||||||
# ansible.builtin.shell: "gunzip -c {{ chisel_download_destination }} > {{ chisel_install_destination }}"
|
# ansible.builtin.shell: "gunzip -c {{ chisel_download_destination }} > {{ chisel_install_destination }}"
|
||||||
# register: gunzip_output
|
# register: gunzip_output
|
||||||
# when: not chisel.stat.exists or chisel_version != chisel_installed_version
|
# when: not chisel.stat.exists or chisel_version != chisel_installed_version
|
||||||
|
|
||||||
|
|
||||||
|
# Done chisel Server
|
||||||
|
# TODO client (no role) remove-client remove-server
|
||||||
@@ -111,3 +111,9 @@ alert_list_server:
|
|||||||
- '"163.172.84.28"'
|
- '"163.172.84.28"'
|
||||||
- '"37.187.127.90"'
|
- '"37.187.127.90"'
|
||||||
alert_server_ssl: gitea.jingoh.fr
|
alert_server_ssl: gitea.jingoh.fr
|
||||||
|
|
||||||
|
##########
|
||||||
|
# CHISEL #
|
||||||
|
##########
|
||||||
|
|
||||||
|
chisel_basic_auth: "user:pass"
|
||||||
@@ -1,6 +1,4 @@
|
|||||||
---
|
---
|
||||||
# apt_repositories:
|
|
||||||
# - http://nova.clouds.archive.ubuntu.com
|
|
||||||
apt_repositories_sources:
|
apt_repositories_sources:
|
||||||
- deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal main restricted
|
- deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal main restricted
|
||||||
- deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal-updates main restricted
|
- deb http://nova.clouds.archive.ubuntu.com/ubuntu/ focal-updates main restricted
|
||||||
|
|||||||
@@ -1,6 +1,11 @@
|
|||||||
---
|
---
|
||||||
# apt_repositories:
|
#######
|
||||||
# - http://mirrors.online.net
|
# APT #
|
||||||
|
#######
|
||||||
|
|
||||||
|
apt_packages:
|
||||||
|
- name: openssh-server
|
||||||
|
- name: proxychains
|
||||||
|
|
||||||
apt_repositories_sources:
|
apt_repositories_sources:
|
||||||
- deb http://mirrors.online.net/ubuntu focal main restricted
|
- deb http://mirrors.online.net/ubuntu focal main restricted
|
||||||
@@ -14,6 +19,10 @@ apt_repositories_sources:
|
|||||||
- deb http://security.ubuntu.com/ubuntu focal-security universe
|
- deb http://security.ubuntu.com/ubuntu focal-security universe
|
||||||
- deb http://security.ubuntu.com/ubuntu focal-security multiverse
|
- deb http://security.ubuntu.com/ubuntu focal-security multiverse
|
||||||
|
|
||||||
|
############
|
||||||
|
# ALERTING #
|
||||||
|
############
|
||||||
|
|
||||||
alerts_cron:
|
alerts_cron:
|
||||||
- name: storage
|
- name: storage
|
||||||
weekday: 0
|
weekday: 0
|
||||||
@@ -72,6 +81,18 @@ alerts_cron:
|
|||||||
job: "/usr/local/scripts/alerts.sh backup_vault >/dev/null 2>&1"
|
job: "/usr/local/scripts/alerts.sh backup_vault >/dev/null 2>&1"
|
||||||
cron_file: alerts
|
cron_file: alerts
|
||||||
|
|
||||||
|
alerts_storage: scaleway
|
||||||
|
alerts_load: scaleway
|
||||||
|
alerts_ping: ovh
|
||||||
|
alerts_health: scaleway
|
||||||
|
alerts_backup_gitea: scaleway
|
||||||
|
alerts_backup_vault: scaleway
|
||||||
|
alerts_cpu: scaleway
|
||||||
|
alerts_ssl: scaleway
|
||||||
|
|
||||||
|
##############
|
||||||
|
# LOG ROTATE #
|
||||||
|
##############
|
||||||
|
|
||||||
logrotate_scripts:
|
logrotate_scripts:
|
||||||
- name: backup
|
- name: backup
|
||||||
@@ -103,16 +124,6 @@ logrotate_scripts:
|
|||||||
- name: restart traefrik
|
- name: restart traefrik
|
||||||
script: docker-compose restart traefrik
|
script: docker-compose restart traefrik
|
||||||
|
|
||||||
alerts_storage: scaleway
|
|
||||||
alerts_load: scaleway
|
|
||||||
alerts_ping: ovh
|
|
||||||
alerts_health: scaleway
|
|
||||||
alerts_backup_gitea: scaleway
|
|
||||||
alerts_backup_vault: scaleway
|
|
||||||
alerts_cpu: scaleway
|
|
||||||
alerts_ssl: scaleway
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##########
|
##########
|
||||||
# CHISEL #
|
# CHISEL #
|
||||||
@@ -124,9 +135,19 @@ chisel_config_name: chisel-server
|
|||||||
chisel_server_host: 163.172.84.28
|
chisel_server_host: 163.172.84.28
|
||||||
chisel_server_port: 8080
|
chisel_server_port: 8080
|
||||||
chisel_proxychains_conf:
|
chisel_proxychains_conf:
|
||||||
|
# chisel enable socks5
|
||||||
- path: "/etc/chisel/{{ chisel_config_name }}"
|
- path: "/etc/chisel/{{ chisel_config_name }}"
|
||||||
regexp: "^SOCK5=--sock5"
|
regexp: "^SOCK5=--socks5"
|
||||||
state: present
|
state: present
|
||||||
|
# chisel enable reverse
|
||||||
|
- path: "/etc/chisel/{{ chisel_config_name }}"
|
||||||
|
regexp: "^PID=--reverse"
|
||||||
|
state: present
|
||||||
|
# chisel set up basic auth
|
||||||
|
- path: "/etc/chisel/{{ chisel_config_name }}"
|
||||||
|
regexp: "^AUTH=--auth {{ chisel_basic_auth }}"
|
||||||
|
state: present
|
||||||
|
# proxychains replace socks4 to socks5
|
||||||
- path: "/etc/proxychains.conf"
|
- path: "/etc/proxychains.conf"
|
||||||
regexp: "^socks4 127.0.0.1 9050"
|
regexp: "^socks4 127.0.0.1 9050"
|
||||||
state: "absent"
|
state: "absent"
|
||||||
|
|||||||
Reference in New Issue
Block a user