nanopenguin/bachelor-thesis
Archived
1
0
Fork 0
Code Actions

Finished base config

Browse Source
This commit is contained in:
Benedikt Galbavy 2025-04-10 20:09:04 +02:00
parent cb61014c1c
commit fe40a7b56b
26 changed files with 337 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webserver/base/.vagrant/machines/client/virtualbox/action_provision Normal file
View File

@ -0,0 +1 @@
1.5:1c3904c4-3841-41d0-a368-6511bfc3d787

1
webserver/base/.vagrant/machines/client/virtualbox/action_set_name Normal file
View File

@ -0,0 +1 @@
1744307380

1
webserver/base/.vagrant/machines/client/virtualbox/box_meta Normal file
View File

@ -0,0 +1 @@
{"name":"gusztavvargadr/ubuntu-desktop","version":"2404.0.2503","provider":"virtualbox","directory":"boxes/gusztavvargadr-VAGRANTSLASH-ubuntu-desktop/2404.0.2503/amd64/virtualbox"}

1
webserver/base/.vagrant/machines/client/virtualbox/creator_uid Normal file
View File

@ -0,0 +1 @@
1000

1
webserver/base/.vagrant/machines/client/virtualbox/id Normal file
View File

@ -0,0 +1 @@
1c3904c4-3841-41d0-a368-6511bfc3d787

1
webserver/base/.vagrant/machines/client/virtualbox/index_uuid Normal file
View File

@ -0,0 +1 @@
2f33b9ea09874a799770502541baf566

8
webserver/base/.vagrant/machines/client/virtualbox/private_key Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
AAtzc2gtZWQyNTUxOQAAACC5m1pF3zUj30DeyGCMe30VxFrMjHUi/A/TPgu7
enp12AAAAJApt4lPKbeJTwAAAAtzc2gtZWQyNTUxOQAAACC5m1pF3zUj30De
yGCMe30VxFrMjHUi/A/TPgu7enp12AAAAEBpp9qYWH0Mbzewsi0SoM0zAvsn
ejxxGl3Vu/DgGjTC67mbWkXfNSPfQN7IYIx7fRXEWsyMdSL8D9M+C7t6enXY
AAAAB3ZhZ3JhbnQBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----

1
webserver/base/.vagrant/machines/client/virtualbox/synced_folders Normal file
View File

@ -0,0 +1 @@
{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/base","disabled":false,"__vagrantfile":true}}}

1
webserver/base/.vagrant/machines/client/virtualbox/vagrant_cwd Normal file
View File

@ -0,0 +1 @@
/home/nano/Documents/bachthesis/setup/webserver/base

1
webserver/base/.vagrant/machines/sandbox/virtualbox/action_provision Normal file
View File

@ -0,0 +1 @@
1.5:bd5dac24-b9cd-44a1-b099-dc32b509bd35

1
webserver/base/.vagrant/machines/sandbox/virtualbox/action_set_name Normal file
View File

@ -0,0 +1 @@
1744308366

1
webserver/base/.vagrant/machines/sandbox/virtualbox/box_meta Normal file
View File

@ -0,0 +1 @@
{"name":"ubuntu/jammy64","version":"20241002.0.0","provider":"virtualbox","directory":"boxes/ubuntu-VAGRANTSLASH-jammy64/20241002.0.0/virtualbox"}

1
webserver/base/.vagrant/machines/sandbox/virtualbox/creator_uid Normal file
View File

@ -0,0 +1 @@
1000

1
webserver/base/.vagrant/machines/sandbox/virtualbox/id Normal file
View File

@ -0,0 +1 @@
bd5dac24-b9cd-44a1-b099-dc32b509bd35

1
webserver/base/.vagrant/machines/sandbox/virtualbox/index_uuid Normal file
View File

@ -0,0 +1 @@
cbb6ab55ad5d4e97aac9a94ccafd2a53

8
webserver/base/.vagrant/machines/sandbox/virtualbox/private_key Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
AAtzc2gtZWQyNTUxOQAAACBPPx1BkOAq97k/WUW03olnWwuhCnTpiT1Tpziw
zrlOIwAAAJAy/B12MvwddgAAAAtzc2gtZWQyNTUxOQAAACBPPx1BkOAq97k/
WUW03olnWwuhCnTpiT1TpziwzrlOIwAAAEApFi9yE4Up0kYmNSw2G8Ayc2iW
6o3bqc3a6sMZkJAR/U8/HUGQ4Cr3uT9ZRbTeiWdbC6EKdOmJPVOnOLDOuU4j
AAAAB3ZhZ3JhbnQBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----

1
webserver/base/.vagrant/machines/sandbox/virtualbox/synced_folders Normal file
View File

@ -0,0 +1 @@
{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/base/sandbox","disabled":false,"__vagrantfile":true}}}

1
webserver/base/.vagrant/machines/sandbox/virtualbox/vagrant_cwd Normal file
View File

@ -0,0 +1 @@
/home/nano/Documents/bachthesis/setup/webserver/base

12
webserver/base/.vagrant/rgloader/loader.rb Normal file
View File

@ -0,0 +1,12 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# This file loads the proper rgloader/loader.rb file that comes packaged
# with Vagrant so that encoded files can properly run with Vagrant.
if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
require File.expand_path(
"rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
else
raise "Encoded files can't be read outside of the Vagrant installer."
end

65
webserver/base/Vagrantfile vendored
View File

@ -1,17 +1,62 @@
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/focal64"
config.vm.box_version = "20240821.0.1"
config.vm.hostname = "docker-vm"
config.vm.network "private_network", type: "dhcp"
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
BOX_NAME = "ubuntu/jammy64"
BOX_VERSION = "20241002.0.0"
DESKTOP_BOX_NAME = "gusztavvargadr/ubuntu-desktop"
DESKTOP_BOX_VERSION = "2404.0.2503"
config.vm.define "sandbox" do |sandbox|
sandbox.vm.box = BOX_NAME
sandbox.vm.box_version = BOX_VERSION
sandbox.vm.hostname = "sandbox.vm"
sandbox.vm.network "private_network", ip: "192.168.56.10"
sandbox.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
sandbox.vm.synced_folder "./sandbox", "/vagrant"
sandbox.vm.provision "shell",
inline: "cp /vagrant/docker-compose.yml /home/vagrant/docker-compose.yml"
sandbox.vm.provision "shell",
inline: "cp /vagrant/nginx.conf /home/vagrant/nginx.conf"
sandbox.vm.provision "ansible_local" do |ansible|
ansible.playbook = "/vagrant/playbook.yml"
end
end
config.vm.synced_folder "./docker", "/home/vagrant/docker"
config.vm.define "client" do |client|
client.vm.box = DESKTOP_BOX_NAME
client.vm.box_version = DESKTOP_BOX_VERSION
client.vm.hostname = "client.vm"
client.vm.network "private_network", ip: "192.168.56.20"
config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "/vagrant/ansible/playbook.yml"
client.vm.provider "virtualbox" do |v|
v.memory = 4096
v.cpus = 2
end
client.vm.provision "shell" do |script|
script.path = "./scripts/client.sh"
end
end
# config.vm.define "external" do |external|
# external.vm.box = BOX_NAME
# external.vm.box_version = BOX_VERSION
# external.vm.hostname = "external.vm"
# external.vm.network "private_network", ip: "192.168.56.30"
#
# external.vm.provider "virtualbox" do |v|
# v.memory = 2048
# v.cpus = 2
# end
#
# external.vm.provision "ansible_local" do |ansible|
# ansible.playbook = "/vagrant/ansible/playbook.yml"
# end
# end
end

54
webserver/base/ansible/playbook.yml
View File

@ -1,54 +0,0 @@
---
- hosts: all
become: true
vars:
container_count: 1
default_container_name: docker
default_container_image: hello-world
default_container_command: sleep 1
tasks:
- name: Install required system packages
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- virtualenv
state: latest
update_cache: true
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present
- name: Update apt and install docker-ce
apt:
pkg:
- docker-ce
- docker-compose-plugin
state: latest
update_cache: true
- name: Copy docker-compose.yml to home directory
copy:
src: /home/vagrant/docker/docker-compose.yml
dest: /home/vagrant/docker-compose.yml
remote_src: yes
- name: Ensure Docker service is running
service:
name: docker
state: started
enabled: true
- name: Run docker compose up -d
command: docker compose up -d
args:
chdir: /home/vagrant

31
webserver/base/docker/docker-compose.yml
View File

@ -1,31 +0,0 @@
services:
bitwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
DOMAIN: "https://vw.domain.tld"
volumes:
- ./vw-data/:/data/
ports:
- 80:80
gitea:
image: docker.gitea.com/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: unless-stopped
networks:
- gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
networks:
gitea:
external: false

80
webserver/base/sandbox/docker-compose.yml Normal file
View File

@ -0,0 +1,80 @@
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
networks:
- internal
environment:
DOMAIN: "https://bitwarden.vm.local"
DATABASE_URL: "postgres://vaultwarden:vaultwarden@vaultwarden-db/vaultwarden"
volumes:
- ./vw-data/:/data/
expose:
- 80
vaultwarden-db:
image: docker.io/library/postgres:latest
container_name: vaultwarden-db
restart: unless-stopped
environment:
POSTGRES_DB: vaultwarden
POSTGRES_USER: vaultwarden
POSTGRES_PASSWORD: vaultwarden
volumes:
- ./vw-postgres:/var/lib/postgresql/data
networks:
- internal
gitea:
image: docker.gitea.com/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=gitea-db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
- GITEA__security__INSTALL_LOCK=true
restart: unless-stopped
networks:
- internal
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- 3000
- 22
gitea-db:
image: docker.io/library/postgres:latest
container_name: gitea-db
restart: unless-stopped
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
volumes:
- ./postgres:/var/lib/postgresql/data
networks:
- internal
nginx:
image: nginx:latest
container_name: nginx
restart: unless-stopped
networks:
- internal
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./nginx/certs:/etc/nginx/certs
ports:
- 80:80
- 443:443
networks:
internal:
driver: bridge

33
webserver/base/sandbox/nginx.conf Normal file
View File

@ -0,0 +1,33 @@
server {
listen 443 ssl;
server_name gitea.vm.local;
ssl_certificate /etc/nginx/certs/gitea.vm.local.crt;
ssl_certificate_key /etc/nginx/certs/gitea.vm.local.key;
location / {
proxy_pass http://gitea:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 443 ssl;
server_name bitwarden.vm.local;
ssl_certificate /etc/nginx/certs/bitwarden.vm.local.crt;
ssl_certificate_key /etc/nginx/certs/bitwarden.vm.local.key;
location / {
proxy_pass http://vaultwarden:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}

111
webserver/base/sandbox/playbook.yml Normal file
View File

@ -0,0 +1,111 @@
---
- hosts: all
become: true
vars:
container_count: 1
default_container_name: docker
default_container_image: hello-world
default_container_command: sleep 1
tasks:
- name: Install required system packages
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- virtualenv
state: latest
update_cache: true
- name: Ensure certs directory exists
file:
path: /home/vagrant/nginx/certs
state: directory
mode: '0755'
- name: Generate self-signed cert for gitea.vm.local
command: >
openssl req -x509 -nodes -days 365
-newkey rsa:2048
-keyout /home/vagrant/nginx/certs/gitea.vm.local.key
-out /home/vagrant/nginx/certs/gitea.vm.local.crt
-subj "/CN=gitea.vm.local"
args:
creates: /home/vagrant/nginx/certs/gitea.vm.local.crt
- name: Generate self-signed cert for bitwarden.vm.local
command: >
openssl req -x509 -nodes -days 365
-newkey rsa:2048
-keyout /home/vagrant/nginx/certs/bitwarden.vm.local.key
-out /home/vagrant/nginx/certs/bitwarden.vm.local.crt
-subj "/CN=bitwarden.vm.local"
args:
creates: /home/vagrant/nginx/certs/bitwarden.vm.local.crt
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present
- name: Update apt and install docker-ce
apt:
pkg:
- docker-ce
- docker-compose-plugin
state: latest
update_cache: true
- name: Add 'vagrant' and 'git' users to docker group
user:
name: "{{ item }}"
groups: docker
append: yes
loop:
- vagrant
- git
- name: Create git user
user:
name: git
shell: /home/git/docker-shell
home: /home/git
create_home: yes
- name: Deploy docker passthrough shell
copy:
dest: /home/git/docker-shell
content: |
#!/bin/sh
exec /usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
mode: '0755'
- name: Update SSH config for git user
blockinfile:
path: /etc/ssh/sshd_config
block: |
Match User git
AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/bin/docker exec -i -u git gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
- name: Restart SSH
service:
name: ssh
state: restarted
- name: Ensure Docker service is running
service:
name: docker
state: started
enabled: true
- name: Run docker compose up -d
command: docker compose up -d
args:
chdir: /home/vagrant

14
webserver/base/scripts/client.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
echo "Adding metasploit-framework repository"
add-apt-repository ppa:metasploit-official -y > /dev/null
echo "Updating repositories"
apt-get update > /dev/null
echo "Installing metasploit-framework"
apt-get install metasploit-framework -y > /dev/null
echo "Installing curl"
apt-get install curl -y > /dev/null
echo "Installing nmap"
apt-get install nmap -y > /dev/null
echo "192.168.56.10 gitea.vm.local bitwarden.vm.local" | sudo tee -a /etc/hosts > /dev/null