From 9a8ff1f04e2d04626f90e44c1290f9b097dc62a4 Mon Sep 17 00:00:00 2001 From: staffadmin Date: Sun, 18 Aug 2024 11:37:54 +0200 Subject: [PATCH] [refacto with right name file] --- ivre.yml | 140 ++++------------------- portainer-agent-stack.yml | 39 ------- portainer-traefik-agent.yml | 112 ------------------ scan.yml | 222 +++++++++++++++++++----------------- scan_old.yml | 160 ++++++++++++++++++++++++++ 5 files changed, 296 insertions(+), 377 deletions(-) delete mode 100644 portainer-agent-stack.yml delete mode 100644 portainer-traefik-agent.yml create mode 100644 scan_old.yml diff --git a/ivre.yml b/ivre.yml index f817b0e..6a6ffda 100644 --- a/ivre.yml +++ b/ivre.yml @@ -1,31 +1,19 @@ --- -- name: Install tools - hosts: ovh01 +- name: IVRE NETWORK SCAN + hosts: scaleway become: true gather_facts: true - vars: - fqdn: orbital23.com + vars: ansible_user: stephane - user: staffadmin - token: !vault | - $ANSIBLE_VAULT;1.2;AES256;prod - 35343365393734313034383961616333633265623037303436653739613935366666373237366562 - 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 - 30313631343534643866383336623837363433303032376264373139306464313866313034663636 - 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 - 37653135666331633532653436656461396131623736353962643632316135633562346631313036 - 6137356332636431643830666461333862613835336631333037 #TODO target in list # 163.172.0.0/24 # 163.172.80.0/28 - target_network: 163.172.16.0/20 + target_network: 163.172.16.0/24 # 163.172.0.0/20 # 163.172.16.0/20 # 163.172.31.0/20 # 163.172.48.0/20 # 163.172.63.254/20 - ansible_password: stephane - ansible_become_password: stephane username: jingohalert password: !vault | $ANSIBLE_VAULT;1.2;AES256;prod @@ -35,122 +23,38 @@ 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 tasks: - - community.docker.docker_image_pull: - name: "{{ item }}" - loop: - - projectdiscovery/subfinder - - projectdiscovery/httpx - - projectdiscovery/nuclei - - ansible.builtin.git: - repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - dest: "$HOME/scan" - single_branch: yes - force: true - become_user: root + - name: Run SCAN + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - runscans + - --network + - "{{ target_network }}" + - --output=XMLFork + - --processes 10 - - name: PREPARE SCAN {{ fqdn }} - shell: "{{ item }}" - become_user: root - ignore_errors: true - loop: - - mkdir $HOME/scan/{{ fqdn }} - - touch $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json - - - name: RUN HTTPX SCAN {{ fqdn }} - shell: "{{ item }}" - become_user: root - ignore_errors: true - loop: - - docker run --rm projectdiscovery/subfinder -d {{ fqdn }} -silent > $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt - - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt - - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -j -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json - - - name: RUN NUCLEI SCAN {{ fqdn }} - shell: "{{ item }}" - become_user: root - ignore_errors: true - loop: - - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt -v $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json:/{{ fqdn }}__nuclei.json projectdiscovery/nuclei -l {{ fqdn }}__httpx.txt -j -o {{ fqdn }}__nuclei.json - - - ansible.builtin.shell: | - git config user.email "stephane.gratiasquiquandon@gmail.com" - git config user.name "staffadmin" - git add . - git commit -m "Push scan {{ fqdn }} with access token" - git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - args: - chdir: "$HOME/scan" - run_once: true - become_user: root - register: push_git - - # - debug: - # msg: "{{ push_git.changed }}" - - # - debug: - # msg: "{{ push_git.changed }}" - # when: push_git.changed is true - - - - ansible.builtin.git: - repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - dest: "$HOME/scan" - single_branch: yes - force: true - delegate_to: scaleway - become_user: stephane - when: push_git.changed is true - - - copy: - src: "{{ item }}" - dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }} - remote_src: true - loop: - - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json - - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json - delegate_to: scaleway - when: push_git.changed is true - - - name: Run a simple command (argv) + - name: Run SCAN2DB community.docker.docker_container_exec: container: ivreclient argv: - ivre - scan2db - "-c" - - "{{ fqdn }}" + - "{{ category }}" - "-s" - - "{{ ansible_play_hosts }}" + - "{{ source }}" - "-r" - - /ivre-share/{{ fqdn }}__nuclei.json - delegate_to: scaleway - when: push_git.changed is true + - "scans/{{ category }}/up" - - name: Run a simple command (argv) - community.docker.docker_container_exec: - container: ivreclient - argv: - - ivre - - scan2db - - "-c" - - "{{ fqdn }}" - - "-s" - - "{{ ansible_play_hosts }}" - - "-r" - - "/ivre-share/{{ fqdn }}__httpx.json" - delegate_to: scaleway - when: push_git.changed is true - - - name: Run a simple command (argv) + - name: Run DB2VIEW community.docker.docker_container_exec: container: ivreclient argv: - ivre - db2view - - all - delegate_to: scaleway - when: push_git.changed is true + - nmap - name: NTFY when docker compose changed uri: @@ -159,10 +63,8 @@ user: "{{ username }}" password: "{{ password }}" headers: - Title: "SCAN {{ fqdn }}" + Title: "SCAN NETWORK {{ target_network }}" ta: "globe_with_meridians" body: "scan finished !" status_code: 200 - tags: test1 delegate_to: localhost - when: push_git.changed is true diff --git a/portainer-agent-stack.yml b/portainer-agent-stack.yml deleted file mode 100644 index c75860c..0000000 --- a/portainer-agent-stack.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: '3.2' - -services: - agent: - image: portainer/agent:2.19.5 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /var/lib/docker/volumes:/var/lib/docker/volumes - networks: - - agent_network - deploy: - mode: global - placement: - constraints: [node.platform.os == linux] - - portainer: - image: portainer/portainer-ce:2.19.5 - command: -H tcp://tasks.agent:9001 --tlsskipverify - ports: - - "9443:9443" - - "9000:9000" - - "8000:8000" - volumes: - - portainer_data:/data - networks: - - agent_network - deploy: - mode: replicated - replicas: 1 - placement: - constraints: [node.role == manager] - -networks: - agent_network: - driver: overlay - attachable: true - -volumes: - portainer_data: diff --git a/portainer-traefik-agent.yml b/portainer-traefik-agent.yml deleted file mode 100644 index 6347fc5..0000000 --- a/portainer-traefik-agent.yml +++ /dev/null @@ -1,112 +0,0 @@ -version: '3.2' - -services: - traefik: - image: "traefik:latest" - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --providers.swarm=true - - --providers.docker.exposedbydefault=false - - --providers.docker.network=public - - --api=true - - --api.dashboard=true - - --api.insecure=true - - --log.level=DEBUG - deploy: - mode: replicated - replicas: 1 - placement: - constraints: [node.role == manager] - labels: - - "traefik.http.routers.dashboard.rule=Host(`traefik.test.com`)" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.services.dashboard.loadbalancer.server.port=8080" - tls: - certificates: - - certFile: /certificates/jingoh.private.crt - keyFile: /certificates/jingoh.private.key - ports: - - target: 80 - published: 80 - mode: host - - target: 443 - published: 443 - mode: host - networks: - - public - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - traefik-public-certificates:/certificates - - agent: - image: portainer/agent:latest - environment: - # REQUIRED: Should be equal to the service name prefixed by "tasks." when - # deployed inside an overlay network - AGENT_CLUSTER_ADDR: tasks.agent - # AGENT_PORT: 9001 - # LOG_LEVEL: debug - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /var/lib/docker/volumes:/var/lib/docker/volumes - networks: - - agent_network - deploy: - mode: global - placement: - constraints: [node.platform.os == linux] - - portainer: - image: portainer/portainer-ce:latest - command: -H tcp://tasks.agent:9001 --tlsskipverify --http-enabled - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - data:/data - - /etc/localtime:/etc/localtime - networks: - - public - - agent_network - deploy: - mode: replicated - replicas: 1 - placement: - constraints: [node.role == manager] - labels: - - "traefik.enable=true" - - "traefik.http.routers.portainer.rule=Host(`portainer.jingoh.private.com`)" - - "traefik.http.routers.portainer.entrypoints=websecure" - - "traefik.http.routers.portainer.service=portainer" - - "traefik.http.services.portainer.loadbalancer.server.port=9443" - - "traefik.http.routers.portainer.tls=true" - # Edge - - "traefik.http.routers.edge.rule=Host(`edge.private.com`)" - - "traefik.http.routers.edge.entrypoints=websecure" - - "traefik.http.services.edge.loadbalancer.server.port=8000" - - "traefik.http.routers.edge.service=edge" - - "traefik.http.routers.edge.tls=true" - - whoami: - image: "traefik/whoami" - deploy: - labels: - - "traefik.enable=true" - - "traefik.http.routers.whoami.rule=Host(`whoamitest.jingoh.private`)" - - "traefik.http.routers.whoami.entrypoints=web" - - "traefik.http.services.whoami.loadbalancer.server.port=80" - - "traefik.http.routers.whoami-secured.rule=Host(`whoamitest.jingoh.private`)" - - "traefik.http.routers.whoami-secured.entrypoints=websecure" - - traefik.docker.network=public - networks: - - public - -networks: - public: - external: true - agent_network: - external: true - attachable: true -volumes: - data: - traefik-public-certificates: \ No newline at end of file diff --git a/scan.yml b/scan.yml index 93726b9..f817b0e 100644 --- a/scan.yml +++ b/scan.yml @@ -1,10 +1,11 @@ --- -- name: Scan - hosts: scale01 +- name: Install tools + hosts: ovh01 become: true - gather_facts: false + gather_facts: true vars: - + fqdn: orbital23.com + ansible_user: stephane user: staffadmin token: !vault | $ANSIBLE_VAULT;1.2;AES256;prod @@ -23,7 +24,6 @@ # 163.172.31.0/20 # 163.172.48.0/20 # 163.172.63.254/20 - ansible_user: stephane ansible_password: stephane ansible_become_password: stephane username: jingohalert @@ -34,127 +34,135 @@ 65366439343135636634393832636436353764303066653530346232323164376265313039373630 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 -# apt-get install sshpass - -# # -# # @author Stéphane Gratias (2021). -# - - - # roles: - # - { role: geerlingguy.pip, tags: pip } tasks: - - - - ansible.builtin.apt: - name: masscan - update_cache: true + - community.docker.docker_image_pull: + name: "{{ item }}" + loop: + - projectdiscovery/subfinder + - projectdiscovery/httpx + - projectdiscovery/nuclei - ansible.builtin.git: repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - dest: "{{ playbook_dir }}/scan" + dest: "$HOME/scan" single_branch: yes force: true - delegate_to: localhost + become_user: root - # apt install masscan - - ansible.builtin.command: - cmd: "masscan {{ target_network }} -p443" - become: true - register: scan_output - # pause - - -# - debug: -# msg: "{{ item }}" -# loop: "{{ scan_output.stdout_lines }}" -# # - "{{ cert.not_after }}" -# # - "{{ ansible_date_time.iso8601_basic }}" -# tags: test -# delegate_to: localhost - - - name: Get a cert from an https port - community.crypto.get_certificate: - host: "{{ item.split('on')[-1].strip() }}" - port: 443 - delegate_to: localhost - run_once: true - loop: "{{ scan_output.stdout_lines }}" + - name: PREPARE SCAN {{ fqdn }} + shell: "{{ item }}" + become_user: root ignore_errors: true - register: cert - tags: test + loop: + - mkdir $HOME/scan/{{ fqdn }} + - touch $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json + - name: RUN HTTPX SCAN {{ fqdn }} + shell: "{{ item }}" + become_user: root + ignore_errors: true + loop: + - docker run --rm projectdiscovery/subfinder -d {{ fqdn }} -silent > $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt + - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt + - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -j -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json -# item.subject.CN - - debug: - # msg: "{{ item.subject.CN }}" - msg: "{{ item.invocation.module_args.host}}" - loop: "{{ cert.results }}" - # - "{{ cert.not_after }}" - # - "{{ ansible_date_time.iso8601_basic }}" - tags: test - delegate_to: localhost - - - - name: Change file ownership, group and permissions - ansible.builtin.file: - path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" - state: directory - loop: "{{ cert.results }}" - - - name: Add a line to a file if the file does not exist, without passing regexp - ansible.builtin.lineinfile: - path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}" - line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}" - create: yes - loop: "{{ cert.results }}" - delegate_to: localhost - - - # - name: Copy file with owner and permissions - # ansible.builtin.copy: - # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}" - # content: | - # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}" - # loop: "{{ cert.results }}" - # delegate_to: localhost - -# # item.subject.CN -# - debug: -# msg: "{{ item.item.split('on')[-1].strip() }}" -# loop: "{{ cert.results }}" -# # - "{{ cert.not_after }}" -# # - "{{ ansible_date_time.iso8601_basic }}" -# tags: test -# delegate_to: localhost + - name: RUN NUCLEI SCAN {{ fqdn }} + shell: "{{ item }}" + become_user: root + ignore_errors: true + loop: + - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt -v $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json:/{{ fqdn }}__nuclei.json projectdiscovery/nuclei -l {{ fqdn }}__httpx.txt -j -o {{ fqdn }}__nuclei.json - ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" git add . - git commit -m "Push scan with access token" + git commit -m "Push scan {{ fqdn }} with access token" git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git args: - chdir: "{{ playbook_dir }}/scan/" + chdir: "$HOME/scan" run_once: true - delegate_to: localhost - + become_user: root + register: push_git # - debug: - # msg: "{{ host_interfaces }}" + # msg: "{{ push_git.changed }}" + + # - debug: + # msg: "{{ push_git.changed }}" + # when: push_git.changed is true - # - name: NTFY when docker compose changed - # uri: - # url: "https://alert.jingoh.fr/scaleway" - # method: POST - # user: "{{ username }}" - # password: "{{ password }}" - # headers: - # Title: "SCAN HTTPS " - # ta: "file_folder" - # body: "{{ target_network }}" - # status_code: 200 - # tags: test1 - # delegate_to: localhost - # when: fetch_files_backup.changed is true + - ansible.builtin.git: + repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + dest: "$HOME/scan" + single_branch: yes + force: true + delegate_to: scaleway + become_user: stephane + when: push_git.changed is true + + - copy: + src: "{{ item }}" + dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }} + remote_src: true + loop: + - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json + - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json + delegate_to: scaleway + when: push_git.changed is true + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - scan2db + - "-c" + - "{{ fqdn }}" + - "-s" + - "{{ ansible_play_hosts }}" + - "-r" + - /ivre-share/{{ fqdn }}__nuclei.json + delegate_to: scaleway + when: push_git.changed is true + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - scan2db + - "-c" + - "{{ fqdn }}" + - "-s" + - "{{ ansible_play_hosts }}" + - "-r" + - "/ivre-share/{{ fqdn }}__httpx.json" + delegate_to: scaleway + when: push_git.changed is true + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - db2view + - all + delegate_to: scaleway + when: push_git.changed is true + + - name: NTFY when docker compose changed + uri: + url: "https://alert.jingoh.fr/scaleway" + method: POST + user: "{{ username }}" + password: "{{ password }}" + headers: + Title: "SCAN {{ fqdn }}" + ta: "globe_with_meridians" + body: "scan finished !" + status_code: 200 + tags: test1 + delegate_to: localhost + when: push_git.changed is true diff --git a/scan_old.yml b/scan_old.yml new file mode 100644 index 0000000..93726b9 --- /dev/null +++ b/scan_old.yml @@ -0,0 +1,160 @@ +--- +- name: Scan + hosts: scale01 + become: true + gather_facts: false + vars: + + user: staffadmin + token: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 35343365393734313034383961616333633265623037303436653739613935366666373237366562 + 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 + 30313631343534643866383336623837363433303032376264373139306464313866313034663636 + 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 + 37653135666331633532653436656461396131623736353962643632316135633562346631313036 + 6137356332636431643830666461333862613835336631333037 + #TODO target in list + # 163.172.0.0/24 + # 163.172.80.0/28 + target_network: 163.172.16.0/20 + # 163.172.0.0/20 + # 163.172.16.0/20 + # 163.172.31.0/20 + # 163.172.48.0/20 + # 163.172.63.254/20 + ansible_user: stephane + ansible_password: stephane + ansible_become_password: stephane + username: jingohalert + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 66346630333538386564396632636161316239326530653037666465616165393135666532643264 + 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 + 65366439343135636634393832636436353764303066653530346232323164376265313039373630 + 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 + 3130 +# apt-get install sshpass + +# # +# # @author Stéphane Gratias (2021). +# + + + # roles: + # - { role: geerlingguy.pip, tags: pip } + tasks: + + + - ansible.builtin.apt: + name: masscan + update_cache: true + + - ansible.builtin.git: + repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + dest: "{{ playbook_dir }}/scan" + single_branch: yes + force: true + delegate_to: localhost + + # apt install masscan + - ansible.builtin.command: + cmd: "masscan {{ target_network }} -p443" + become: true + register: scan_output + # pause + + +# - debug: +# msg: "{{ item }}" +# loop: "{{ scan_output.stdout_lines }}" +# # - "{{ cert.not_after }}" +# # - "{{ ansible_date_time.iso8601_basic }}" +# tags: test +# delegate_to: localhost + + - name: Get a cert from an https port + community.crypto.get_certificate: + host: "{{ item.split('on')[-1].strip() }}" + port: 443 + delegate_to: localhost + run_once: true + loop: "{{ scan_output.stdout_lines }}" + ignore_errors: true + register: cert + tags: test + + +# item.subject.CN + - debug: + # msg: "{{ item.subject.CN }}" + msg: "{{ item.invocation.module_args.host}}" + loop: "{{ cert.results }}" + # - "{{ cert.not_after }}" + # - "{{ ansible_date_time.iso8601_basic }}" + tags: test + delegate_to: localhost + + + - name: Change file ownership, group and permissions + ansible.builtin.file: + path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" + state: directory + loop: "{{ cert.results }}" + + - name: Add a line to a file if the file does not exist, without passing regexp + ansible.builtin.lineinfile: + path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}" + line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}" + create: yes + loop: "{{ cert.results }}" + delegate_to: localhost + + + # - name: Copy file with owner and permissions + # ansible.builtin.copy: + # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}" + # content: | + # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}" + # loop: "{{ cert.results }}" + # delegate_to: localhost + +# # item.subject.CN +# - debug: +# msg: "{{ item.item.split('on')[-1].strip() }}" +# loop: "{{ cert.results }}" +# # - "{{ cert.not_after }}" +# # - "{{ ansible_date_time.iso8601_basic }}" +# tags: test +# delegate_to: localhost + + - ansible.builtin.shell: | + git config user.email "stephane.gratiasquiquandon@gmail.com" + git config user.name "staffadmin" + git add . + git commit -m "Push scan with access token" + git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + args: + chdir: "{{ playbook_dir }}/scan/" + run_once: true + delegate_to: localhost + + + # - debug: + # msg: "{{ host_interfaces }}" + + + # - name: NTFY when docker compose changed + # uri: + # url: "https://alert.jingoh.fr/scaleway" + # method: POST + # user: "{{ username }}" + # password: "{{ password }}" + # headers: + # Title: "SCAN HTTPS " + # ta: "file_folder" + # body: "{{ target_network }}" + # status_code: 200 + # tags: test1 + # delegate_to: localhost + # when: fetch_files_backup.changed is true