commit cb61014c1c6560d131282758283080220380a1c6 Author: Benedikt Galbavy Date: Wed Apr 9 23:30:14 2025 +0200 Basic config, docker compose copied from READMEs diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4544eba --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*/.vagrant diff --git a/README.md b/README.md new file mode 100644 index 0000000..26238f5 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# README.md + +This repository contains all files relevant for setup, testing, results, etc. of my bachelor thesis + +The `webserver/` folder represent the first (and possibly only) test scenario of two webservices (gitea and bitwarden) running on the same host, with a shared database container, and a reverse proxy to route base on subdomain. The `base/` subfolder has a minimal configuration, and the `hardened/` subfolder includes configurations implementing security measures. \ No newline at end of file diff --git a/webserver/base/Vagrantfile b/webserver/base/Vagrantfile new file mode 100644 index 0000000..88324b5 --- /dev/null +++ b/webserver/base/Vagrantfile @@ -0,0 +1,17 @@ +Vagrant.configure("2") do |config| + config.vm.box = "ubuntu/focal64" + config.vm.box_version = "20240821.0.1" + config.vm.hostname = "docker-vm" + config.vm.network "private_network", type: "dhcp" + + config.vm.provider "virtualbox" do |v| + v.memory = 2048 + v.cpus = 2 + end + + config.vm.synced_folder "./docker", "/home/vagrant/docker" + + config.vm.provision "ansible_local" do |ansible| + ansible.playbook = "/vagrant/ansible/playbook.yml" + end +end diff --git a/webserver/base/ansible/playbook.yml b/webserver/base/ansible/playbook.yml new file mode 100644 index 0000000..d3c92c7 --- /dev/null +++ b/webserver/base/ansible/playbook.yml @@ -0,0 +1,54 @@ +--- +- hosts: all + become: true + vars: + container_count: 1 + default_container_name: docker + default_container_image: hello-world + default_container_command: sleep 1 + tasks: + - name: Install required system packages + apt: + pkg: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - virtualenv + state: latest + update_cache: true + + - name: Add Docker GPG apt Key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + + - name: Add Docker Repository + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu focal stable + state: present + + - name: Update apt and install docker-ce + apt: + pkg: + - docker-ce + - docker-compose-plugin + state: latest + update_cache: true + + - name: Copy docker-compose.yml to home directory + copy: + src: /home/vagrant/docker/docker-compose.yml + dest: /home/vagrant/docker-compose.yml + remote_src: yes + + - name: Ensure Docker service is running + service: + name: docker + state: started + enabled: true + + - name: Run docker compose up -d + command: docker compose up -d + args: + chdir: /home/vagrant \ No newline at end of file diff --git a/webserver/base/docker/docker-compose.yml b/webserver/base/docker/docker-compose.yml new file mode 100644 index 0000000..05ad0cd --- /dev/null +++ b/webserver/base/docker/docker-compose.yml @@ -0,0 +1,31 @@ +services: + bitwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: unless-stopped + environment: + DOMAIN: "https://vw.domain.tld" + volumes: + - ./vw-data/:/data/ + ports: + - 80:80 + gitea: + image: docker.gitea.com/gitea:latest + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: unless-stopped + networks: + - gitea + volumes: + - ./gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" + +networks: + gitea: + external: false \ No newline at end of file