nanopenguin/bachelor-thesis
Archived
1
0
Fork 0
Code Actions

Further cleanup

Browse Source
This commit is contained in:
Benedikt Galbavy 2025-04-10 22:16:16 +02:00
parent fe40a7b56b
commit d2b80d93e1
25 changed files with 134 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1,3 @@
*/.vagrant */.vagrant
webserver/base/.vagrant/

1
webserver/base/.vagrant/machines/client/virtualbox/action_provision
View File

@ -1 +0,0 @@
1.5:1c3904c4-3841-41d0-a368-6511bfc3d787

1
webserver/base/.vagrant/machines/client/virtualbox/action_set_name
View File

@ -1 +0,0 @@
1744307380

1
webserver/base/.vagrant/machines/client/virtualbox/box_meta
View File

@ -1 +0,0 @@
{"name":"gusztavvargadr/ubuntu-desktop","version":"2404.0.2503","provider":"virtualbox","directory":"boxes/gusztavvargadr-VAGRANTSLASH-ubuntu-desktop/2404.0.2503/amd64/virtualbox"}

1
webserver/base/.vagrant/machines/client/virtualbox/creator_uid
View File

@ -1 +0,0 @@
1000

1
webserver/base/.vagrant/machines/client/virtualbox/id
View File

@ -1 +0,0 @@
1c3904c4-3841-41d0-a368-6511bfc3d787

1
webserver/base/.vagrant/machines/client/virtualbox/index_uuid
View File

@ -1 +0,0 @@
2f33b9ea09874a799770502541baf566

8
webserver/base/.vagrant/machines/client/virtualbox/private_key
View File

@ -1,8 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
AAtzc2gtZWQyNTUxOQAAACC5m1pF3zUj30DeyGCMe30VxFrMjHUi/A/TPgu7
enp12AAAAJApt4lPKbeJTwAAAAtzc2gtZWQyNTUxOQAAACC5m1pF3zUj30De
yGCMe30VxFrMjHUi/A/TPgu7enp12AAAAEBpp9qYWH0Mbzewsi0SoM0zAvsn
ejxxGl3Vu/DgGjTC67mbWkXfNSPfQN7IYIx7fRXEWsyMdSL8D9M+C7t6enXY
AAAAB3ZhZ3JhbnQBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----

1
webserver/base/.vagrant/machines/client/virtualbox/synced_folders
View File

@ -1 +0,0 @@
{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/base","disabled":false,"__vagrantfile":true}}}

1
webserver/base/.vagrant/machines/client/virtualbox/vagrant_cwd
View File

@ -1 +0,0 @@
/home/nano/Documents/bachthesis/setup/webserver/base

1
webserver/base/.vagrant/machines/sandbox/virtualbox/action_provision
View File

@ -1 +0,0 @@
1.5:bd5dac24-b9cd-44a1-b099-dc32b509bd35

1
webserver/base/.vagrant/machines/sandbox/virtualbox/action_set_name
View File

@ -1 +0,0 @@
1744308366

1
webserver/base/.vagrant/machines/sandbox/virtualbox/box_meta
View File

@ -1 +0,0 @@
{"name":"ubuntu/jammy64","version":"20241002.0.0","provider":"virtualbox","directory":"boxes/ubuntu-VAGRANTSLASH-jammy64/20241002.0.0/virtualbox"}

1
webserver/base/.vagrant/machines/sandbox/virtualbox/creator_uid
View File

@ -1 +0,0 @@
1000

1
webserver/base/.vagrant/machines/sandbox/virtualbox/id
View File

@ -1 +0,0 @@
bd5dac24-b9cd-44a1-b099-dc32b509bd35

1
webserver/base/.vagrant/machines/sandbox/virtualbox/index_uuid
View File

@ -1 +0,0 @@
cbb6ab55ad5d4e97aac9a94ccafd2a53

8
webserver/base/.vagrant/machines/sandbox/virtualbox/private_key
View File

@ -1,8 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
AAtzc2gtZWQyNTUxOQAAACBPPx1BkOAq97k/WUW03olnWwuhCnTpiT1Tpziw
zrlOIwAAAJAy/B12MvwddgAAAAtzc2gtZWQyNTUxOQAAACBPPx1BkOAq97k/
WUW03olnWwuhCnTpiT1TpziwzrlOIwAAAEApFi9yE4Up0kYmNSw2G8Ayc2iW
6o3bqc3a6sMZkJAR/U8/HUGQ4Cr3uT9ZRbTeiWdbC6EKdOmJPVOnOLDOuU4j
AAAAB3ZhZ3JhbnQBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----

1
webserver/base/.vagrant/machines/sandbox/virtualbox/synced_folders
View File

@ -1 +0,0 @@
{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/base/sandbox","disabled":false,"__vagrantfile":true}}}

1
webserver/base/.vagrant/machines/sandbox/virtualbox/vagrant_cwd
View File

@ -1 +0,0 @@
/home/nano/Documents/bachthesis/setup/webserver/base

12
webserver/base/.vagrant/rgloader/loader.rb
View File

@ -1,12 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# This file loads the proper rgloader/loader.rb file that comes packaged
# with Vagrant so that encoded files can properly run with Vagrant.
if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
require File.expand_path(
"rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
else
raise "Encoded files can't be read outside of the Vagrant installer."
end

14
webserver/base/Vagrantfile vendored
View File

@ -17,14 +17,10 @@ Vagrant.configure("2") do |config|
v.cpus = 2 v.cpus = 2
end end
sandbox.vm.synced_folder "./sandbox", "/vagrant" sandbox.vm.synced_folder ".", "/vagrant"
sandbox.vm.provision "shell",
inline: "cp /vagrant/docker-compose.yml /home/vagrant/docker-compose.yml"
sandbox.vm.provision "shell",
inline: "cp /vagrant/nginx.conf /home/vagrant/nginx.conf"
sandbox.vm.provision "ansible_local" do |ansible| sandbox.vm.provision "ansible_local" do |ansible|
ansible.playbook = "/vagrant/playbook.yml" ansible.playbook = "/vagrant/sandbox/playbook.yml"
end end
end end
@ -39,8 +35,10 @@ Vagrant.configure("2") do |config|
v.cpus = 2 v.cpus = 2
end end
client.vm.provision "shell" do |script| client.vm.synced_folder ".", "/vagrant"
script.path = "./scripts/client.sh"
client.vm.provision "ansible_local" do |ansible|
ansible.playbook = "/vagrant/client/playbook.yml"
end end
end end

55
webserver/base/client/playbook.yml Normal file
View File

@ -0,0 +1,55 @@
---
- hosts: all
become: true
vars:
container_count: 1
default_container_name: docker
default_container_image: hello-world
default_container_command: sleep 1
tasks:
# - name: Add Metasploit PPA
# apt_repository:
# repo: ppa:metasploit-official
# state: present
# update_cache: yes
- name: Install tools
apt:
pkg:
# - metasploit-framework
- curl
- nmap
- libnss3-tools
state: present
update_cache: yes
- name: Add sandbox hostnames to /etc/hosts
lineinfile:
path: /etc/hosts
line: "192.168.56.10 gitea.vm.local bitwarden.vm.local"
state: present
# - name: Wait for Firefox profile directory to be created
# shell: |
# until find /home/vagrant/.mozilla/firefox -maxdepth 1 -name "*.default-release" -print -quit | grep -q .; do
# sleep 1
# done
# changed_when: false
#
# - name: Get Firefox default profile path
# shell: |
# find /home/vagrant/.mozilla/firefox -maxdepth 1 -name "*.default-release" | head -n 1
# register: firefox_profile
# changed_when: false
#
# - name: Check if cert DB exists
# stat:
# path: "{{ firefox_profile.stdout }}/cert9.db"
# register: cert_db
#
# - name: Add mkcert root CA to Firefox
# command: >
# certutil -A -n "mkcert development CA" -t "C,,"
# -i /usr/local/share/ca-certificates/mkcert-rootCA.crt
# -d sql:{{ firefox_profile.stdout }}
# when: cert_db.stat.exists

8
webserver/base/sandbox/nginx.conf
View File

@ -2,8 +2,8 @@ server {
listen 443 ssl; listen 443 ssl;
server_name gitea.vm.local; server_name gitea.vm.local;
ssl_certificate /etc/nginx/certs/gitea.vm.local.crt; ssl_certificate /etc/nginx/certs/gitea.vm.local.pem;
ssl_certificate_key /etc/nginx/certs/gitea.vm.local.key; ssl_certificate_key /etc/nginx/certs/gitea.vm.local-key.pem;
location / { location / {
proxy_pass http://gitea:3000; proxy_pass http://gitea:3000;
@ -16,8 +16,8 @@ server {
listen 443 ssl; listen 443 ssl;
server_name bitwarden.vm.local; server_name bitwarden.vm.local;
ssl_certificate /etc/nginx/certs/bitwarden.vm.local.crt; ssl_certificate /etc/nginx/certs/bitwarden.vm.local.pem;
ssl_certificate_key /etc/nginx/certs/bitwarden.vm.local.key; ssl_certificate_key /etc/nginx/certs/bitwarden.vm.local-key.pem;
location / { location / {
proxy_pass http://vaultwarden:80; proxy_pass http://vaultwarden:80;

85
webserver/base/sandbox/playbook.yml
View File

@ -17,6 +17,16 @@
- virtualenv - virtualenv
state: latest state: latest
update_cache: true update_cache: true
- name: Copy nginx conf
copy:
src: /vagrant/sandbox/nginx.conf
dest: /home/vagrant/nginx.conf
- name: Copy docker compose
copy:
src: /vagrant/sandbox/docker-compose.yml
dest: /home/vagrant/docker-compose.yml
- name: Ensure certs directory exists - name: Ensure certs directory exists
file: file:
@ -24,25 +34,64 @@
state: directory state: directory
mode: '0755' mode: '0755'
- name: Generate self-signed cert for gitea.vm.local - name: Install mkcert dependencies
command: > apt:
openssl req -x509 -nodes -days 365 pkg:
-newkey rsa:2048 - libnss3-tools
-keyout /home/vagrant/nginx/certs/gitea.vm.local.key - ca-certificates
-out /home/vagrant/nginx/certs/gitea.vm.local.crt state: present
-subj "/CN=gitea.vm.local" update_cache: yes
args:
creates: /home/vagrant/nginx/certs/gitea.vm.local.crt
- name: Generate self-signed cert for bitwarden.vm.local - name: Download mkcert binary
command: > get_url:
openssl req -x509 -nodes -days 365 url: https://github.com/FiloSottile/mkcert/releases/latest/download/mkcert-v1.4.4-linux-amd64
-newkey rsa:2048 dest: /usr/local/bin/mkcert
-keyout /home/vagrant/nginx/certs/bitwarden.vm.local.key mode: '0755'
-out /home/vagrant/nginx/certs/bitwarden.vm.local.crt register: mkcert_download
-subj "/CN=bitwarden.vm.local"
- name: Ensure mkcert CAROOT directory exists
file:
path: /home/vagrant/.local/share/mkcert
state: directory
mode: '0755'
- name: Initialize mkcert CA
command: mkcert -install
environment:
XDG_DATA_HOME: /home/vagrant/.local/share
CAROOT: /home/vagrant/.local/share/mkcert
args: args:
creates: /home/vagrant/nginx/certs/bitwarden.vm.local.crt creates: /home/vagrant/.local/share/mkcert/rootCA.pem
- name: Generate cert for gitea.vm.local
command: >
mkcert
-cert-file /home/vagrant/nginx/certs/gitea.vm.local.pem
-key-file /home/vagrant/nginx/certs/gitea.vm.local-key.pem
gitea.vm.local
args:
creates: /home/vagrant/nginx/certs/gitea.vm.local.pem
- name: Generate cert for bitwarden.vm.local
command: >
mkcert
-cert-file /home/vagrant/nginx/certs/bitwarden.vm.local.pem
-key-file /home/vagrant/nginx/certs/bitwarden.vm.local-key.pem
bitwarden.vm.local
args:
creates: /home/vagrant/nginx/certs/bitwarden.vm.local.pem
- name: Ensure export directory exists
file:
path: /vagrant/shared/ca
state: directory
mode: '0755'
- name: Copy mkcert rootCA.pem to shared directory
copy:
src: /home/vagrant/.local/share/mkcert/rootCA.pem
dest: /vagrant/shared/ca/rootCA.pem
remote_src: yes
- name: Add Docker GPG apt Key - name: Add Docker GPG apt Key
apt_key: apt_key:
@ -61,7 +110,7 @@
- docker-compose-plugin - docker-compose-plugin
state: latest state: latest
update_cache: true update_cache: true
- name: Add 'vagrant' and 'git' users to docker group - name: Add 'vagrant' and 'git' users to docker group
user: user:
name: "{{ item }}" name: "{{ item }}"

14
webserver/base/scripts/client.sh
View File

@ -1,14 +0,0 @@
#!/bin/bash
echo "Adding metasploit-framework repository"
add-apt-repository ppa:metasploit-official -y > /dev/null
echo "Updating repositories"
apt-get update > /dev/null
echo "Installing metasploit-framework"
apt-get install metasploit-framework -y > /dev/null
echo "Installing curl"
apt-get install curl -y > /dev/null
echo "Installing nmap"
apt-get install nmap -y > /dev/null
echo "192.168.56.10 gitea.vm.local bitwarden.vm.local" | sudo tee -a /etc/hosts > /dev/null