diff --git a/.gitignore b/.gitignore index 4544eba..65a8775 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ */.vagrant + +webserver/base/.vagrant/ diff --git a/webserver/base/.vagrant/machines/client/virtualbox/action_provision b/webserver/base/.vagrant/machines/client/virtualbox/action_provision deleted file mode 100644 index ac8e739..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/action_provision +++ /dev/null @@ -1 +0,0 @@ -1.5:1c3904c4-3841-41d0-a368-6511bfc3d787 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/client/virtualbox/action_set_name b/webserver/base/.vagrant/machines/client/virtualbox/action_set_name deleted file mode 100644 index 738adc5..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/action_set_name +++ /dev/null @@ -1 +0,0 @@ -1744307380 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/client/virtualbox/box_meta b/webserver/base/.vagrant/machines/client/virtualbox/box_meta deleted file mode 100644 index 7a358a0..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/box_meta +++ /dev/null @@ -1 +0,0 @@ -{"name":"gusztavvargadr/ubuntu-desktop","version":"2404.0.2503","provider":"virtualbox","directory":"boxes/gusztavvargadr-VAGRANTSLASH-ubuntu-desktop/2404.0.2503/amd64/virtualbox"} \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/client/virtualbox/creator_uid b/webserver/base/.vagrant/machines/client/virtualbox/creator_uid deleted file mode 100644 index e37d32a..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/creator_uid +++ /dev/null @@ -1 +0,0 @@ -1000 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/client/virtualbox/id b/webserver/base/.vagrant/machines/client/virtualbox/id deleted file mode 100644 index 9e7628f..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/id +++ /dev/null @@ -1 +0,0 @@ -1c3904c4-3841-41d0-a368-6511bfc3d787 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/client/virtualbox/index_uuid b/webserver/base/.vagrant/machines/client/virtualbox/index_uuid deleted file mode 100644 index beb8c9e..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/index_uuid +++ /dev/null @@ -1 +0,0 @@ -2f33b9ea09874a799770502541baf566 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/client/virtualbox/private_key b/webserver/base/.vagrant/machines/client/virtualbox/private_key deleted file mode 100644 index 8312b49..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/private_key +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA -AAtzc2gtZWQyNTUxOQAAACC5m1pF3zUj30DeyGCMe30VxFrMjHUi/A/TPgu7 -enp12AAAAJApt4lPKbeJTwAAAAtzc2gtZWQyNTUxOQAAACC5m1pF3zUj30De -yGCMe30VxFrMjHUi/A/TPgu7enp12AAAAEBpp9qYWH0Mbzewsi0SoM0zAvsn -ejxxGl3Vu/DgGjTC67mbWkXfNSPfQN7IYIx7fRXEWsyMdSL8D9M+C7t6enXY -AAAAB3ZhZ3JhbnQBAgMEBQY= ------END OPENSSH PRIVATE KEY----- diff --git a/webserver/base/.vagrant/machines/client/virtualbox/synced_folders b/webserver/base/.vagrant/machines/client/virtualbox/synced_folders deleted file mode 100644 index 1777c5d..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/synced_folders +++ /dev/null @@ -1 +0,0 @@ -{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/base","disabled":false,"__vagrantfile":true}}} \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/client/virtualbox/vagrant_cwd b/webserver/base/.vagrant/machines/client/virtualbox/vagrant_cwd deleted file mode 100644 index 96895c6..0000000 --- a/webserver/base/.vagrant/machines/client/virtualbox/vagrant_cwd +++ /dev/null @@ -1 +0,0 @@ -/home/nano/Documents/bachthesis/setup/webserver/base \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/action_provision b/webserver/base/.vagrant/machines/sandbox/virtualbox/action_provision deleted file mode 100644 index 2c0992f..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/action_provision +++ /dev/null @@ -1 +0,0 @@ -1.5:bd5dac24-b9cd-44a1-b099-dc32b509bd35 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/action_set_name b/webserver/base/.vagrant/machines/sandbox/virtualbox/action_set_name deleted file mode 100644 index 956aa3f..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/action_set_name +++ /dev/null @@ -1 +0,0 @@ -1744308366 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/box_meta b/webserver/base/.vagrant/machines/sandbox/virtualbox/box_meta deleted file mode 100644 index bb21e19..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/box_meta +++ /dev/null @@ -1 +0,0 @@ -{"name":"ubuntu/jammy64","version":"20241002.0.0","provider":"virtualbox","directory":"boxes/ubuntu-VAGRANTSLASH-jammy64/20241002.0.0/virtualbox"} \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/creator_uid b/webserver/base/.vagrant/machines/sandbox/virtualbox/creator_uid deleted file mode 100644 index e37d32a..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/creator_uid +++ /dev/null @@ -1 +0,0 @@ -1000 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/id b/webserver/base/.vagrant/machines/sandbox/virtualbox/id deleted file mode 100644 index 17c55af..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/id +++ /dev/null @@ -1 +0,0 @@ -bd5dac24-b9cd-44a1-b099-dc32b509bd35 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/index_uuid b/webserver/base/.vagrant/machines/sandbox/virtualbox/index_uuid deleted file mode 100644 index 6244bdf..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/index_uuid +++ /dev/null @@ -1 +0,0 @@ -cbb6ab55ad5d4e97aac9a94ccafd2a53 \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/private_key b/webserver/base/.vagrant/machines/sandbox/virtualbox/private_key deleted file mode 100644 index 3acfbd3..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/private_key +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA -AAtzc2gtZWQyNTUxOQAAACBPPx1BkOAq97k/WUW03olnWwuhCnTpiT1Tpziw -zrlOIwAAAJAy/B12MvwddgAAAAtzc2gtZWQyNTUxOQAAACBPPx1BkOAq97k/ -WUW03olnWwuhCnTpiT1TpziwzrlOIwAAAEApFi9yE4Up0kYmNSw2G8Ayc2iW -6o3bqc3a6sMZkJAR/U8/HUGQ4Cr3uT9ZRbTeiWdbC6EKdOmJPVOnOLDOuU4j -AAAAB3ZhZ3JhbnQBAgMEBQY= ------END OPENSSH PRIVATE KEY----- diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/synced_folders b/webserver/base/.vagrant/machines/sandbox/virtualbox/synced_folders deleted file mode 100644 index 395c662..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/synced_folders +++ /dev/null @@ -1 +0,0 @@ -{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/base/sandbox","disabled":false,"__vagrantfile":true}}} \ No newline at end of file diff --git a/webserver/base/.vagrant/machines/sandbox/virtualbox/vagrant_cwd b/webserver/base/.vagrant/machines/sandbox/virtualbox/vagrant_cwd deleted file mode 100644 index 96895c6..0000000 --- a/webserver/base/.vagrant/machines/sandbox/virtualbox/vagrant_cwd +++ /dev/null @@ -1 +0,0 @@ -/home/nano/Documents/bachthesis/setup/webserver/base \ No newline at end of file diff --git a/webserver/base/.vagrant/rgloader/loader.rb b/webserver/base/.vagrant/rgloader/loader.rb deleted file mode 100644 index b6c81bf..0000000 --- a/webserver/base/.vagrant/rgloader/loader.rb +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: BUSL-1.1 - -# This file loads the proper rgloader/loader.rb file that comes packaged -# with Vagrant so that encoded files can properly run with Vagrant. - -if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"] - require File.expand_path( - "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]) -else - raise "Encoded files can't be read outside of the Vagrant installer." -end diff --git a/webserver/base/Vagrantfile b/webserver/base/Vagrantfile index b91fdeb..e205eef 100644 --- a/webserver/base/Vagrantfile +++ b/webserver/base/Vagrantfile @@ -17,14 +17,10 @@ Vagrant.configure("2") do |config| v.cpus = 2 end - sandbox.vm.synced_folder "./sandbox", "/vagrant" - sandbox.vm.provision "shell", - inline: "cp /vagrant/docker-compose.yml /home/vagrant/docker-compose.yml" - sandbox.vm.provision "shell", - inline: "cp /vagrant/nginx.conf /home/vagrant/nginx.conf" + sandbox.vm.synced_folder ".", "/vagrant" sandbox.vm.provision "ansible_local" do |ansible| - ansible.playbook = "/vagrant/playbook.yml" + ansible.playbook = "/vagrant/sandbox/playbook.yml" end end @@ -39,8 +35,10 @@ Vagrant.configure("2") do |config| v.cpus = 2 end - client.vm.provision "shell" do |script| - script.path = "./scripts/client.sh" + client.vm.synced_folder ".", "/vagrant" + + client.vm.provision "ansible_local" do |ansible| + ansible.playbook = "/vagrant/client/playbook.yml" end end diff --git a/webserver/base/client/playbook.yml b/webserver/base/client/playbook.yml new file mode 100644 index 0000000..2269a9c --- /dev/null +++ b/webserver/base/client/playbook.yml @@ -0,0 +1,55 @@ +--- +- hosts: all + become: true + vars: + container_count: 1 + default_container_name: docker + default_container_image: hello-world + default_container_command: sleep 1 + tasks: +# - name: Add Metasploit PPA +# apt_repository: +# repo: ppa:metasploit-official +# state: present +# update_cache: yes + + - name: Install tools + apt: + pkg: +# - metasploit-framework + - curl + - nmap + - libnss3-tools + state: present + update_cache: yes + + - name: Add sandbox hostnames to /etc/hosts + lineinfile: + path: /etc/hosts + line: "192.168.56.10 gitea.vm.local bitwarden.vm.local" + state: present + +# - name: Wait for Firefox profile directory to be created +# shell: | +# until find /home/vagrant/.mozilla/firefox -maxdepth 1 -name "*.default-release" -print -quit | grep -q .; do +# sleep 1 +# done +# changed_when: false +# +# - name: Get Firefox default profile path +# shell: | +# find /home/vagrant/.mozilla/firefox -maxdepth 1 -name "*.default-release" | head -n 1 +# register: firefox_profile +# changed_when: false +# +# - name: Check if cert DB exists +# stat: +# path: "{{ firefox_profile.stdout }}/cert9.db" +# register: cert_db +# +# - name: Add mkcert root CA to Firefox +# command: > +# certutil -A -n "mkcert development CA" -t "C,," +# -i /usr/local/share/ca-certificates/mkcert-rootCA.crt +# -d sql:{{ firefox_profile.stdout }} +# when: cert_db.stat.exists \ No newline at end of file diff --git a/webserver/base/sandbox/nginx.conf b/webserver/base/sandbox/nginx.conf index dbdbd30..91b5b1f 100644 --- a/webserver/base/sandbox/nginx.conf +++ b/webserver/base/sandbox/nginx.conf @@ -2,8 +2,8 @@ server { listen 443 ssl; server_name gitea.vm.local; - ssl_certificate /etc/nginx/certs/gitea.vm.local.crt; - ssl_certificate_key /etc/nginx/certs/gitea.vm.local.key; + ssl_certificate /etc/nginx/certs/gitea.vm.local.pem; + ssl_certificate_key /etc/nginx/certs/gitea.vm.local-key.pem; location / { proxy_pass http://gitea:3000; @@ -16,8 +16,8 @@ server { listen 443 ssl; server_name bitwarden.vm.local; - ssl_certificate /etc/nginx/certs/bitwarden.vm.local.crt; - ssl_certificate_key /etc/nginx/certs/bitwarden.vm.local.key; + ssl_certificate /etc/nginx/certs/bitwarden.vm.local.pem; + ssl_certificate_key /etc/nginx/certs/bitwarden.vm.local-key.pem; location / { proxy_pass http://vaultwarden:80; diff --git a/webserver/base/sandbox/playbook.yml b/webserver/base/sandbox/playbook.yml index d1a731a..89db392 100644 --- a/webserver/base/sandbox/playbook.yml +++ b/webserver/base/sandbox/playbook.yml @@ -17,6 +17,16 @@ - virtualenv state: latest update_cache: true + + - name: Copy nginx conf + copy: + src: /vagrant/sandbox/nginx.conf + dest: /home/vagrant/nginx.conf + + - name: Copy docker compose + copy: + src: /vagrant/sandbox/docker-compose.yml + dest: /home/vagrant/docker-compose.yml - name: Ensure certs directory exists file: @@ -24,25 +34,64 @@ state: directory mode: '0755' - - name: Generate self-signed cert for gitea.vm.local - command: > - openssl req -x509 -nodes -days 365 - -newkey rsa:2048 - -keyout /home/vagrant/nginx/certs/gitea.vm.local.key - -out /home/vagrant/nginx/certs/gitea.vm.local.crt - -subj "/CN=gitea.vm.local" - args: - creates: /home/vagrant/nginx/certs/gitea.vm.local.crt + - name: Install mkcert dependencies + apt: + pkg: + - libnss3-tools + - ca-certificates + state: present + update_cache: yes - - name: Generate self-signed cert for bitwarden.vm.local - command: > - openssl req -x509 -nodes -days 365 - -newkey rsa:2048 - -keyout /home/vagrant/nginx/certs/bitwarden.vm.local.key - -out /home/vagrant/nginx/certs/bitwarden.vm.local.crt - -subj "/CN=bitwarden.vm.local" + - name: Download mkcert binary + get_url: + url: https://github.com/FiloSottile/mkcert/releases/latest/download/mkcert-v1.4.4-linux-amd64 + dest: /usr/local/bin/mkcert + mode: '0755' + register: mkcert_download + + - name: Ensure mkcert CAROOT directory exists + file: + path: /home/vagrant/.local/share/mkcert + state: directory + mode: '0755' + + - name: Initialize mkcert CA + command: mkcert -install + environment: + XDG_DATA_HOME: /home/vagrant/.local/share + CAROOT: /home/vagrant/.local/share/mkcert args: - creates: /home/vagrant/nginx/certs/bitwarden.vm.local.crt + creates: /home/vagrant/.local/share/mkcert/rootCA.pem + + - name: Generate cert for gitea.vm.local + command: > + mkcert + -cert-file /home/vagrant/nginx/certs/gitea.vm.local.pem + -key-file /home/vagrant/nginx/certs/gitea.vm.local-key.pem + gitea.vm.local + args: + creates: /home/vagrant/nginx/certs/gitea.vm.local.pem + + - name: Generate cert for bitwarden.vm.local + command: > + mkcert + -cert-file /home/vagrant/nginx/certs/bitwarden.vm.local.pem + -key-file /home/vagrant/nginx/certs/bitwarden.vm.local-key.pem + bitwarden.vm.local + args: + creates: /home/vagrant/nginx/certs/bitwarden.vm.local.pem + + - name: Ensure export directory exists + file: + path: /vagrant/shared/ca + state: directory + mode: '0755' + + - name: Copy mkcert rootCA.pem to shared directory + copy: + src: /home/vagrant/.local/share/mkcert/rootCA.pem + dest: /vagrant/shared/ca/rootCA.pem + remote_src: yes - name: Add Docker GPG apt Key apt_key: @@ -61,7 +110,7 @@ - docker-compose-plugin state: latest update_cache: true - + - name: Add 'vagrant' and 'git' users to docker group user: name: "{{ item }}" diff --git a/webserver/base/scripts/client.sh b/webserver/base/scripts/client.sh deleted file mode 100644 index d0c528b..0000000 --- a/webserver/base/scripts/client.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -echo "Adding metasploit-framework repository" -add-apt-repository ppa:metasploit-official -y > /dev/null -echo "Updating repositories" -apt-get update > /dev/null -echo "Installing metasploit-framework" -apt-get install metasploit-framework -y > /dev/null -echo "Installing curl" -apt-get install curl -y > /dev/null -echo "Installing nmap" -apt-get install nmap -y > /dev/null - -echo "192.168.56.10 gitea.vm.local bitwarden.vm.local" | sudo tee -a /etc/hosts > /dev/null \ No newline at end of file