diff --color -ruN base/sandbox/docker-compose.yml hybrid/sandbox/docker-compose.yml --- base/sandbox/docker-compose.yml 2025-05-16 19:46:23.713755709 +0200 +++ hybrid/sandbox/docker-compose.yml 2025-05-16 20:37:19.376016608 +0200 @@ -4,28 +4,16 @@ container_name: vaultwarden restart: unless-stopped networks: - - nginx - - vaultwarden + - internal environment: DOMAIN: "https://bitwarden.vm.local" - DATABASE_URL: "postgres://vaultwarden:vaultwarden@vaultwarden-db:5432/vaultwarden" + DATABASE_URL: "postgres://vaultwarden:vaultwarden@postgres:5432/vaultwarden" volumes: - ./vw-data/:/data/ expose: - 80 - - vaultwarden-db: - image: docker.io/library/postgres:latest - container_name: vaultwarden-db - restart: unless-stopped - environment: - POSTGRES_DB: vaultwarden - POSTGRES_USER: vaultwarden - POSTGRES_PASSWORD: vaultwarden - volumes: - - ./vw-postgres:/var/lib/postgresql/data - networks: - - vaultwarden + extra_hosts: + - "postgres:172.18.0.1" gitea: image: docker.gitea.com/gitea:latest @@ -34,15 +22,14 @@ - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=postgres - - GITEA__database__HOST=gitea-db:5432 + - GITEA__database__HOST=postgres:5432 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=gitea - GITEA__security__INSTALL_LOCK=true restart: unless-stopped networks: - - nginx - - gitea + - internal volumes: - ./gitea:/data - /etc/timezone:/etc/timezone:ro @@ -50,33 +37,24 @@ expose: - 3000 - 22 - - gitea-db: - image: docker.io/library/postgres:latest - container_name: gitea-db - restart: unless-stopped - environment: - - POSTGRES_USER=gitea - - POSTGRES_PASSWORD=gitea - - POSTGRES_DB=gitea - volumes: - - ./postgres:/var/lib/postgresql/data - networks: - - gitea + extra_hosts: + - "postgres:172.18.0.1" vulnerable: build: /vagrant/sandbox/vuln ports: - 2222:22 networks: - - nginx + - default + extra_hosts: + - "postgres:172.18.0.1" nginx: image: nginx:latest container_name: nginx restart: unless-stopped networks: - - nginx + - internal volumes: - ./nginx.conf:/etc/nginx/conf.d/default.conf - ./nginx/certs:/etc/nginx/certs @@ -85,9 +63,9 @@ - 443:443 networks: - nginx: - driver: bridge - gitea: + internal: driver: bridge - vaultwarden: - driver: bridge \ No newline at end of file + ipam: + config: + - subnet: 172.18.0.0/16 + gateway: 172.18.0.1 \ No newline at end of file diff --color -ruN base/sandbox/playbook.yml hybrid/sandbox/playbook.yml --- base/sandbox/playbook.yml 2025-05-16 14:24:38.114525247 +0200 +++ hybrid/sandbox/playbook.yml 2025-05-16 20:46:03.184604976 +0200 @@ -15,6 +15,9 @@ - curl - software-properties-common - virtualenv + - python3-psycopg2 + - postgresql + - acl state: latest update_cache: true @@ -148,6 +151,62 @@ name: ssh state: restarted + - name: Ensure PostgreSQL service is running + service: + name: postgresql + state: started + enabled: yes + + - name: Create PostgreSQL user for gitea + become: true + become_user: postgres + postgresql_user: + name: gitea + password: gitea + state: present + + - name: Create PostgreSQL database for gitea + become: true + become_user: postgres + postgresql_db: + name: gitea + owner: gitea + state: present + + - name: Create PostgreSQL user for vaultwarden + become: true + become_user: postgres + postgresql_user: + name: vaultwarden + password: vaultwarden + state: present + + - name: Create PostgreSQL database for vaultwarden + become: true + become_user: postgres + postgresql_db: + name: vaultwarden + owner: vaultwarden + state: present + + - name: Set PostgreSQL to listen on localhost and Docker bridge IP + become: yes + lineinfile: + path: /etc/postgresql/14/main/postgresql.conf + regexp: '^#?listen_addresses\s*=' + line: "listen_addresses = 'localhost,172.18.0.1'" + notify: Restart PostgreSQL + + - name: Allow connections from Docker subnet in pg_hba.conf + become: yes + lineinfile: + path: /etc/postgresql/14/main/pg_hba.conf + line: 'host all all 172.18.0.0/16 md5' + create: yes + insertafter: EOF + state: present + notify: Restart PostgreSQL + - name: Ensure Docker service is running service: name: docker @@ -157,4 +216,12 @@ - name: Run docker compose up -d command: docker compose up -d args: - chdir: /home/vagrant \ No newline at end of file + chdir: /home/vagrant + + + handlers: + - name: Restart PostgreSQL + become: yes + service: + name: postgresql + state: restarted \ No newline at end of file diff --color -ruN base/shared/ca/rootCA.pem hybrid/shared/ca/rootCA.pem --- base/shared/ca/rootCA.pem 2025-05-16 14:13:52.000000000 +0200 +++ hybrid/shared/ca/rootCA.pem 2025-05-16 20:48:56.000000000 +0200 @@ -1,26 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIEeTCCAuGgAwIBAgIQCbH+Liv4sQVPc8WF+RDDnTANBgkqhkiG9w0BAQsFADBV -MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExFTATBgNVBAsMDHJvb3RA -c2FuZGJveDEcMBoGA1UEAwwTbWtjZXJ0IHJvb3RAc2FuZGJveDAeFw0yNTA1MTYx -MjEzNTJaFw0zNTA1MTYxMjEzNTJaMFUxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9w -bWVudCBDQTEVMBMGA1UECwwMcm9vdEBzYW5kYm94MRwwGgYDVQQDDBNta2NlcnQg -cm9vdEBzYW5kYm94MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA6oue -J4Wg4kPEewbZOg6fw+so6rcP8wfsBSiZYlJfe8RpTZe4UzUFKpairLrs0ghqgwSN -GoTn3UlolEilXm3nhuwhQZ2FUluO42RyQJcxXlOKMd3yhSyf3WgsC/8WktgqsjHY -n1msUZ3YdFKc6SSnZVLQRj1/Eoj8N/b/sBqpkTFp5A/TpMizzmzx8k8rOhQVxvLy -ZbXJt2jXxM66+7tnSXFyZFp0SGTniJfGP6QhpBTtHyUEGU/IbmTOEOUHydKkBADH -r+/e6P3bb8hGmW66ksLiytzBiJuY3N+Rps1a7t+0+ZBHQxW5o2ZwmvbsWuqYpbB4 -y/xM/IuK60kM8WTFJm83ggAk2Lf4DY75OqMhw0SBEU095fJnMMnmWLtqvDdDtZaR -jZ9X1NuXRTk2WuwVVIiBwJ946qH5SUdsxfyOF2QeeX73snX8fKFmQ4Eoq0c+CnbB -FXh/gWNmlSpTN7x3j/Jnr/15HcAZeB2fA09ZVmXKbzat+mELUb/CQgrIYgGpAgMB -AAGjRTBDMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud -DgQWBBSSDE7+6Nbyr0SAytNA8cqlQbckPzANBgkqhkiG9w0BAQsFAAOCAYEA2s0z -ijDpyTdNviZZhxcHydGkSEJkOwJVsN5DVVksKrWKlcDR9f0NCYLxA1IGhaNYVg3Y -ipeAqAgqjauM71z/UvC3BrIOJhXa5lXqi36Syw9BFlUF0KH48BnklJpJfmdcRQ+T -mQf52TNFr39pBTrCjvlIGm6aMvGy+TWyuwo+GO1GyBRVT9fiD988uPNIFSNCFJWp -87xNfl+qdZxDIdYr4qh12t4y7IKziklAC+P0oAnNXcVGomACW7p+VqeLineYOaNJ -1NfEiZZ+SJ6U9KmEOuFIwPx8cSVzmbfA6V+kE6ZL4KQjRGwAJr3uQmgEvA9LTz+L -U4aYk/Nsue2xXRN72XG42FARZ68DftqH6Csi+BNWX0BpB4ph5Ue8rdrYt+97nVX7 -iRN1+lXx3xjxv80gh20iCOAEyq6Z+gblgCf19x1K7hVSFI/iuTXq0TYLdLM36mhi -pIa3uAsYU9lPn5Vig1GptLN7dg9cXmBkkZnShrNsAGi2G6qJYMQ+50So3Btk +MIIEejCCAuKgAwIBAgIRAK9Fw1j5+aJLyagdMqeXZ4YwDQYJKoZIhvcNAQELBQAw +VTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMRUwEwYDVQQLDAxyb290 +QHNhbmRib3gxHDAaBgNVBAMME21rY2VydCByb290QHNhbmRib3gwHhcNMjUwNTE2 +MTg0ODU2WhcNMzUwNTE2MTg0ODU2WjBVMR4wHAYDVQQKExVta2NlcnQgZGV2ZWxv +cG1lbnQgQ0ExFTATBgNVBAsMDHJvb3RAc2FuZGJveDEcMBoGA1UEAwwTbWtjZXJ0 +IHJvb3RAc2FuZGJveDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJy3 +m1f1srCfFhP6gB0Ov6jXev/B9YJeAbFZxafprUVRIUVwepAlteYTq5fcYtpOUKhR +SW8aYuHi6nVuOSJhXgrDvp+eVm0cgyiklO063a/XCU5hmFPvULqkKvSaGl3hF/2A +Ya51fsO/P9IqruaBJEKsBovVPCa/GMpnF8EbGbL3lWLMWeQZLCpoFoT1gAmJOyWd +TUX9MBuxVMJxwyugliUjPPWOrvuH3u5vaDKB2LBkHUmG2cGDRfKzf1Q5Z6vT4DNL +EstSD3T2DDIVYtnHr42HKMC/kYK1SKaiH+8lvTtEjKMR1T4L4Bv6AkEKuLdiy20Q ++5SPiUqCq8+EpDOrbJM8RKR+K7Y3g52iZDyTNoz+j99oBB+Kovnj7sn9OH2ZyjBb ++9pKjzx5l/d6EbobVvZwhXIkd/zF3Nhifm9v0WTN+yuCaznLzoqufSFhFZ3yOvPN +iW1FhisLIGaE33HQgfSG8P/RGMx//37eDRjZ5pvr78pS5N265SzkXneHD/i0fQID +AQABo0UwQzAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV +HQ4EFgQUN7MwujcQvMi1b6VUfCip3TiLwBcwDQYJKoZIhvcNAQELBQADggGBAGHv +XUwADq1UdY6mz3+4zk823Hd45BqDX0GHX4mamGkck0n+6f4dhEHsKsvp/ULzY2/E +wW5jVCEs/qNGY2U8iqpV/B7ldne5/nugF0rXFfKcVNRi9qLr2KJYZxeKFnbUgDeJ +VNrf7hCp8hrwSlwmF8DxdST+ZdtJk2optf5CJ+6pj+k67o7em/4pRgCQX9oy/n/4 +NHORnypwVOsEjh4j7qFSxJ44fDpSO3EzOmTdnIxeNVnb5IaY40qkCwCUlQXwjBYh +Ws0ryqRsaENbBtlZh3ZrJxRDBQhzi145xXujkaDs83vAc5QVoGYXrlF/1uHFUBNc +Suk++hOA1Y32dwOAkZZhzheZGOu8Jq0+dTsXDqM7aGeu/MfBVLBgZTUz7DumAzLT +Mfr6h9069fi50G3cqzAkhmUDSUwwJsGyGCHzulJyt5rEk9mxogPT2L5bVHmt2L8K +kLiPaz2BOiSLJCxlhChBKxSQB8gSHLUR6NS4A+3L8sBA7tU0xwmq5Y7AgdTY2Q== -----END CERTIFICATE----- diff --color -ruN base/.vagrant/machines/client/virtualbox/action_provision hybrid/.vagrant/machines/client/virtualbox/action_provision --- base/.vagrant/machines/client/virtualbox/action_provision 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/action_provision 2025-05-16 19:37:10.086762165 +0200 @@ -0,0 +1 @@ +1.5:e88dc80c-9521-4f90-95d5-4fb243f94f47 \ No newline at end of file diff --color -ruN base/.vagrant/machines/client/virtualbox/action_set_name hybrid/.vagrant/machines/client/virtualbox/action_set_name --- base/.vagrant/machines/client/virtualbox/action_set_name 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/action_set_name 2025-05-16 19:35:00.996251945 +0200 @@ -0,0 +1 @@ +1747416900 \ No newline at end of file diff --color -ruN base/.vagrant/machines/client/virtualbox/box_meta hybrid/.vagrant/machines/client/virtualbox/box_meta --- base/.vagrant/machines/client/virtualbox/box_meta 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/box_meta 2025-05-16 19:37:05.102859035 +0200 @@ -0,0 +1 @@ +{"name":"kalilinux/rolling","version":"2025.1.0","provider":"virtualbox","directory":"boxes/kalilinux-VAGRANTSLASH-rolling/2025.1.0/amd64/virtualbox"} \ No newline at end of file diff --color -ruN base/.vagrant/machines/client/virtualbox/creator_uid hybrid/.vagrant/machines/client/virtualbox/creator_uid --- base/.vagrant/machines/client/virtualbox/creator_uid 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/creator_uid 2025-05-16 19:35:00.360264104 +0200 @@ -0,0 +1 @@ +1000 \ No newline at end of file diff --color -ruN base/.vagrant/machines/client/virtualbox/id hybrid/.vagrant/machines/client/virtualbox/id --- base/.vagrant/machines/client/virtualbox/id 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/id 2025-05-16 19:35:00.360264104 +0200 @@ -0,0 +1 @@ +e88dc80c-9521-4f90-95d5-4fb243f94f47 \ No newline at end of file diff --color -ruN base/.vagrant/machines/client/virtualbox/index_uuid hybrid/.vagrant/machines/client/virtualbox/index_uuid --- base/.vagrant/machines/client/virtualbox/index_uuid 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/index_uuid 2025-05-16 19:35:00.365264008 +0200 @@ -0,0 +1 @@ +7c7ce4783d7f48b28436a1de850ba957 \ No newline at end of file diff --color -ruN base/.vagrant/machines/client/virtualbox/private_key hybrid/.vagrant/machines/client/virtualbox/private_key --- base/.vagrant/machines/client/virtualbox/private_key 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/private_key 2025-05-16 19:35:28.005734548 +0200 @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA +AAtzc2gtZWQyNTUxOQAAACCDja7QoNOjkzrCeE3ghwFsylAHTdTrCFWoRVso +r87iMwAAAJCuEJUOrhCVDgAAAAtzc2gtZWQyNTUxOQAAACCDja7QoNOjkzrC +eE3ghwFsylAHTdTrCFWoRVsor87iMwAAAEC0o0rgBdsIVpUoatFV67Dw4ZyG +PT5Q/3Sfiy88ShdsYYONrtCg06OTOsJ4TeCHAWzKUAdN1OsIVahFWyivzuIz +AAAAB3ZhZ3JhbnQBAgMEBQY= +-----END OPENSSH PRIVATE KEY----- diff --color -ruN base/.vagrant/machines/client/virtualbox/synced_folders hybrid/.vagrant/machines/client/virtualbox/synced_folders --- base/.vagrant/machines/client/virtualbox/synced_folders 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/synced_folders 2025-05-16 19:37:09.104781255 +0200 @@ -0,0 +1 @@ +{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/hybrid","disabled":false,"__vagrantfile":true}}} \ No newline at end of file diff --color -ruN base/.vagrant/machines/client/virtualbox/vagrant_cwd hybrid/.vagrant/machines/client/virtualbox/vagrant_cwd --- base/.vagrant/machines/client/virtualbox/vagrant_cwd 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/client/virtualbox/vagrant_cwd 2025-05-16 19:34:14.358140414 +0200 @@ -0,0 +1 @@ +/home/nano/Documents/bachthesis/setup/webserver/hybrid \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/action_provision hybrid/.vagrant/machines/sandbox/virtualbox/action_provision --- base/.vagrant/machines/sandbox/virtualbox/action_provision 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/action_provision 2025-05-16 20:47:43.933737193 +0200 @@ -0,0 +1 @@ +1.5:c759b140-fa01-4cb9-9e78-1bbbb473e28b \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/action_set_name hybrid/.vagrant/machines/sandbox/virtualbox/action_set_name --- base/.vagrant/machines/sandbox/virtualbox/action_set_name 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/action_set_name 2025-05-16 20:47:16.586245129 +0200 @@ -0,0 +1 @@ +1747421236 \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/box_meta hybrid/.vagrant/machines/sandbox/virtualbox/box_meta --- base/.vagrant/machines/sandbox/virtualbox/box_meta 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/box_meta 2025-05-16 20:47:39.050827934 +0200 @@ -0,0 +1 @@ +{"name":"ubuntu/jammy64","version":"20241002.0.0","provider":"virtualbox","directory":"boxes/ubuntu-VAGRANTSLASH-jammy64/20241002.0.0/virtualbox"} \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/creator_uid hybrid/.vagrant/machines/sandbox/virtualbox/creator_uid --- base/.vagrant/machines/sandbox/virtualbox/creator_uid 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/creator_uid 2025-05-16 20:47:15.934257231 +0200 @@ -0,0 +1 @@ +1000 \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/id hybrid/.vagrant/machines/sandbox/virtualbox/id --- base/.vagrant/machines/sandbox/virtualbox/id 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/id 2025-05-16 20:47:15.934257231 +0200 @@ -0,0 +1 @@ +c759b140-fa01-4cb9-9e78-1bbbb473e28b \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/index_uuid hybrid/.vagrant/machines/sandbox/virtualbox/index_uuid --- base/.vagrant/machines/sandbox/virtualbox/index_uuid 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/index_uuid 2025-05-16 20:47:15.941257101 +0200 @@ -0,0 +1 @@ +a2ce833661ec4d9ebcd90af9f8d9d658 \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/private_key hybrid/.vagrant/machines/sandbox/virtualbox/private_key --- base/.vagrant/machines/sandbox/virtualbox/private_key 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/private_key 2025-05-16 20:47:36.529874774 +0200 @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA +AAtzc2gtZWQyNTUxOQAAACCoHi4Q+gsoRdbgU6yQJUpj6kOm8/oIzTJC9uaU +O8VkWgAAAJCfxk0Yn8ZNGAAAAAtzc2gtZWQyNTUxOQAAACCoHi4Q+gsoRdbg +U6yQJUpj6kOm8/oIzTJC9uaUO8VkWgAAAEAR2S8XEN4rdFqnz7eKsrzkvU01 +aWQNxaNVNcNGrOilrqgeLhD6CyhF1uBTrJAlSmPqQ6bz+gjNMkL25pQ7xWRa +AAAAB3ZhZ3JhbnQBAgMEBQY= +-----END OPENSSH PRIVATE KEY----- diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/synced_folders hybrid/.vagrant/machines/sandbox/virtualbox/synced_folders --- base/.vagrant/machines/sandbox/virtualbox/synced_folders 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/synced_folders 2025-05-16 20:47:43.000754532 +0200 @@ -0,0 +1 @@ +{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/nano/Documents/bachthesis/setup/webserver/hybrid","disabled":false,"__vagrantfile":true}}} \ No newline at end of file diff --color -ruN base/.vagrant/machines/sandbox/virtualbox/vagrant_cwd hybrid/.vagrant/machines/sandbox/virtualbox/vagrant_cwd --- base/.vagrant/machines/sandbox/virtualbox/vagrant_cwd 1970-01-01 01:00:00.000000000 +0100 +++ hybrid/.vagrant/machines/sandbox/virtualbox/vagrant_cwd 2025-05-16 20:47:11.366181414 +0200 @@ -0,0 +1 @@ +/home/nano/Documents/bachthesis/setup/webserver/hybrid \ No newline at end of file