commit ce8e53b809630f6735afc7ec1f5aa6e4e8dc1356 Author: Tanguy MAZE Date: Sun Dec 2 18:33:00 2018 +0100 Init commit diff --git a/files/check_crontab b/files/check_crontab new file mode 100644 index 0000000..d936609 --- /dev/null +++ b/files/check_crontab @@ -0,0 +1,26 @@ +# DO NOT EDIT THIS FILE - edit the master and reinstall. +# (/tmp/crontab.ZZlmiC/crontab installed on Fri Nov 16 14:56:13 2018) +# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) +# Edit this file to introduce tasks to be run by cron. +# +# Each task to run has to be defined through a single line +# indicating with different fields when the task will be run +# and what command to run for the task +# +# To define the time you can provide concrete values for +# minute (m), hour (h), day of month (dom), month (mon), +# and day of week (dow) or use '*' in these fields (for 'any').# +# Notice that tasks will be started based on the cron's system +# daemon's notion of time and timezones. +# +# Output of the crontab jobs (including errors) is sent through +# email to the user the crontab file belongs to (unless redirected). +# +# For example, you can run a backup of all your user accounts +# at 5 a.m every week with: +# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ +# +# For more information see the manual pages of crontab(5) and cron(8) +# +# m h dom mon dow command +00 0 * * * root /usr/sbin/check_crontab.sh diff --git a/files/default-ssl.conf b/files/default-ssl.conf new file mode 100644 index 0000000..cf25b21 --- /dev/null +++ b/files/default-ssl.conf @@ -0,0 +1,23 @@ + + + ServerAdmin tmaze@student.42.fr + + DocumentRoot /var/www/nice_website + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + + SSLCertificateFile /home/tanguy/.ssl/server.crt + SSLCertificateKeyFile /home/tanguy/.ssl/server.key + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + + diff --git a/files/firewall.conf b/files/firewall.conf new file mode 100644 index 0000000..ccfeea9 --- /dev/null +++ b/files/firewall.conf @@ -0,0 +1,19 @@ +# Generated by iptables-save v1.6.0 on Sat Nov 17 14:32:27 2018 +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT DROP [0:0] +-A INPUT -p tcp -m tcp --dport 2230 -j ACCEPT +-A INPUT -p tcp --dport 80 -j ACCEPT +-A INPUT -p tcp --dport 443 -j ACCEPT +-A INPUT -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A INPUT -p tcp -m tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A INPUT -p udp -m udp --sport 53 -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A OUTPUT -p tcp -m tcp --sport 2230 -j ACCEPT +-A OUTPUT -p tcp --sport 80 -j ACCEPT +-A OUTPUT -p tcp --sport 443 -j ACCEPT +-A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT +-A OUTPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT +-A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT +COMMIT +# Completed on Sat Nov 17 14:32:27 2018 diff --git a/files/interfaces b/files/interfaces new file mode 100644 index 0000000..0c6cb02 --- /dev/null +++ b/files/interfaces @@ -0,0 +1,25 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto enp0s3 +allow-hotplug enp0s3 +iface enp0s3 inet static + address 172.127.0.130 + netmask 255.255.255.252 + gateway 172.127.0.129 + +# The internal network interface +auto enp0s8 +allow-hotplug enp0s8 +iface enp0s8 inet static + address 192.168.99.2 + netmask 255.255.255.252 + gateway 192.168.99.1 + diff --git a/files/nice_website.conf b/files/nice_website.conf new file mode 100644 index 0000000..cf25b21 --- /dev/null +++ b/files/nice_website.conf @@ -0,0 +1,23 @@ + + + ServerAdmin tmaze@student.42.fr + + DocumentRoot /var/www/nice_website + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + + SSLCertificateFile /home/tanguy/.ssl/server.crt + SSLCertificateKeyFile /home/tanguy/.ssl/server.key + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + + diff --git a/files/rg1.yml b/files/rg1.yml new file mode 100644 index 0000000..7c78a1e --- /dev/null +++ b/files/rg1.yml @@ -0,0 +1,49 @@ +# **************************************************************************** # +# # +# ::: :::::::: # +# rg1.yml :+: :+: :+: # +# +:+ +:+ +:+ # +# By: tmaze +#+ +:+ +#+ # +# +#+#+#+#+#+ +#+ # +# Created: 2018/11/30 13:12:56 by tmaze #+# #+# # +# Updated: 2018/11/30 15:31:13 by tmaze ### ########.fr # +# # +# **************************************************************************** # + +- hosts: roger-skyline-1 + + tasks: + - name: Install all necessary packages + apt: + update_cache=yes + state=latest + name={{item}} + with_items: + - sudo + - mail + - git + - fail2ban + - apache2 + become: yes + become_method: su + tags: + - sudo + + - name: Make sure we have a 'sudo' group + group: + name=sudo + state=present + become: yes + become_method: su + tags: + - sudo + + - name: Add user tanguy to sudoers + user: + name=tanguy + groups=sudo + append=yes + become: yes + become_method: su + tags: + - sudo diff --git a/files/sshd_config b/files/sshd_config new file mode 100644 index 0000000..b09136b --- /dev/null +++ b/files/sshd_config @@ -0,0 +1,123 @@ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 2230 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/files/update_script b/files/update_script new file mode 100644 index 0000000..9aca3d1 --- /dev/null +++ b/files/update_script @@ -0,0 +1,31 @@ +# DO NOT EDIT THIS FILE - edit the master and reinstall. +# (/tmp/crontab.ZZlmiC/crontab installed on Fri Nov 16 14:56:13 2018) +# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) +# Edit this file to introduce tasks to be run by cron. +# +# Each task to run has to be defined through a single line +# indicating with different fields when the task will be run +# and what command to run for the task +# +# To define the time you can provide concrete values for +# minute (m), hour (h), day of month (dom), month (mon), +# and day of week (dow) or use '*' in these fields (for 'any').# +# Notice that tasks will be started based on the cron's system +# daemon's notion of time and timezones. +# +# Output of the crontab jobs (including errors) is sent through +# email to the user the crontab file belongs to (unless redirected). +# +# For example, you can run a backup of all your user accounts +# at 5 a.m every week with: +# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ +# +# For more information see the manual pages of crontab(5) and cron(8) + +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +# m h dom mon dow command +00 4 * * * root /usr/sbin/update_script.sh + +@reboot root /usr/sbin/update_script.sh diff --git a/files/website.html b/files/website.html new file mode 100644 index 0000000..af846c2 --- /dev/null +++ b/files/website.html @@ -0,0 +1,337 @@ + + + +A Nice Website + + + + + + + + + + + + + +
+

A Nice Website

+ +
+

Why this website ?

+
+

+Because of the roger-skyline-1 project of École 42 Paris. +

+
+
+
+

How it's made

+
+

+This website was done in Emacs using Org-mode, a strong tool that let you type +your document as you please and typeset it auto-magically via multiple export +options (this file was exported to twitter bootstrap). +

+ +

+Its capabilities extend but are not limited to: +

+
    +
  • easily formated tables and spredsheets +
    • +
  • TODO lists +
    • +
  • Calendar integration for deadlines, etc… +
    • +
  • Multiple export modules (like ODT, HTML, Twitter Bootstrap and LaTeX) +
    • +
  • Code Snippet typesetting +
    • +
  • Lists & CheckLists +
    • +
+
+
+ +
+

Support

+
+
+

Text editor

+
+ + + +++ ++ ++ ++ ++ + + + + + + + + + + + + + + + + + + +
 emacsvimatomvs-code
Has Org-mode ?nativelywith thiswith thiswith this
+
+
+ +
+

Git repository manager

+
+ + + +++ ++ ++ + + + + + + + + + + + + + + + + + + + + +
 GitHubGitlab
README
wiki
+
+
+
+ + +
+
+

Author: tmaze

+

Created: 2018-11-27 Tue 18:44

+

Emacs 26.1 (Org-mode 9.1.9)

+
+
+ + diff --git a/files/website.org b/files/website.org new file mode 100644 index 0000000..34148a3 --- /dev/null +++ b/files/website.org @@ -0,0 +1,50 @@ +# **************************************************************************** # +# # +# ::: :::::::: # +# website.org :+: :+: :+: # +# +:+ +:+ +:+ # +# By: tmaze +#+ +:+ +#+ # +# +#+#+#+#+#+ +#+ # +# Created: 2018/11/23 16:49:24 by tmaze #+# #+# # +# Updated: 2018/11/27 18:48:06 by tmaze ### ########.fr # +# # +# **************************************************************************** # + +#+TITLE: A Nice Website +#+AUTHOR: tmaze + +#+OPTIONS: whn:nil toc:nil + +** Why this website ? +Because of the =roger-skyline-1= project of École 42 Paris. +** How it's made +This website was done in Emacs using [[http://orgmode.org/en/][Org-mode]], a strong tool that let you type +your document as you please and typeset it auto-magically via multiple export +options (this file was exported to twitter bootstrap). + +Its capabilities extend but are not limited to: + * easily formated tables and spredsheets + * TODO lists + * Calendar integration for deadlines, etc... + * Multiple export modules (like ODT, HTML, Twitter Bootstrap and LaTeX) + * Code Snippet typesetting + * Lists & CheckLists + +** Support +*** Text editor +| | emacs | vim | atom | vs-code | +|----------------+----------+-----------+-----------+-----------| +| Has Org-mode ? | natively | with [[https://github.com/jceb/vim-orgmode][this]] | with [[https://atom.io/packages/org-mode][this]] | with [[https://github.com/vscode-org-mode/vscode-org-mode][this]] | + +*** Git repository manager +| | GitHub | Gitlab | +|--------+--------+--------| +| README | ✓ | ✓ | +| wiki | ✓ | ✗ | + +** Further documentation + - [[https://youtu.be/SzA2YODtgK4][/Getting Started with Org-Mode/, Harry Schwartz]] + - [[https://youtu.be/oJTwQvgfgMM][/Emacs Org-mode - a system for note-taking and project planning/, Carsten Dominik]] + - [[http://orgmode.org/en/][Org-mode website]] + - [[https://gist.github.com/tvdu29/64c46349d214e74c71f2a2f0121707a9][This page's source code]] + diff --git a/hosts-init.inv b/hosts-init.inv new file mode 100644 index 0000000..0380c3c --- /dev/null +++ b/hosts-init.inv @@ -0,0 +1 @@ +roger-skyline-1 ansible_host=192.168.99.2 ansible_port=2230 ansible_user=tanguy diff --git a/init.retry b/init.retry new file mode 100644 index 0000000..d01ca8d --- /dev/null +++ b/init.retry @@ -0,0 +1 @@ +roger-skyline-1 diff --git a/init.yml b/init.yml new file mode 100644 index 0000000..897031c --- /dev/null +++ b/init.yml @@ -0,0 +1,42 @@ +- name: "Initialise network config, packages & user tanguy" + hosts: roger-skyline-1 + become: yes + become_user: root + become_method: su + tasks: + - name: "Install necessary packages" + apt: + name: ['sudo', 'mailutils', 'fail2ban'] + update_cache: "yes" + state: "present" + - name: "Add tanguy to sudoers" + user: + name: "tanguy" + groups: "sudo" + append: yes + - name: "Upload firewall config" + copy: + src: "files/firewall.conf" + dest: "/etc/" + owner: "root" + group: "root" + - name: "Apply firewall config" + command: "iptables-restore /etc/firewall.conf" + - name: "Upload public key for tanguy" + authorized_key: + user: "tanguy" + state: "present" + key: "{{ lookup('file', '/Users/tmaze/.ssh/id_rsa.pub') }}" + - name: "Upload ssh config" + copy: + src: "files/sshd_config" + dest: "/etc/ssh/" + owner: "root" + group: "root" + - name: "Restart ssh service" + service: + name: "ssh" + state: "restarted" + enabled: yes + +