From 50167c0f03925dc22513d855037c652636fef02b Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Thu, 7 Dec 2023 13:28:54 -0600 Subject: [PATCH] Virtualizing Core host as Yggdrasil VM --- PKGBUILD | 4 +- bin/generate-systemd-vms.py | 4 +- examples/msn0.yml | 80 +++++++++++-------- .../ShadowArch/files/motd/{Core => Yggdrasil} | 0 roles/ShadowArch/tasks/archlinux-network.yml | 8 +- roles/ShadowArch/tasks/main.yml | 49 +++++++----- .../files/monit/hostdefs/{Core => Yggdrasil} | 0 7 files changed, 85 insertions(+), 60 deletions(-) rename roles/ShadowArch/files/motd/{Core => Yggdrasil} (100%) rename roles/Sharingan/files/monit/hostdefs/{Core => Yggdrasil} (100%) diff --git a/PKGBUILD b/PKGBUILD index d8defda..a001664 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -4,10 +4,10 @@ pkgrel=1 pkgrel() { git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit } -epoch= +epoch="$(git log | grep -c commit)" pkgdesc="$(head -n 1 README.md)" arch=("x86_64") -url="https://aninix.net/foundation/${pkgname}" +url="$(git config remote.origin.url | sed 's/.git$//')" license=('custom') groups=() depends=('bash>=4.4' 'python>=3.11' 'ansible>=8.3' 'tmux' 'openssh') diff --git a/bin/generate-systemd-vms.py b/bin/generate-systemd-vms.py index f1ba1b6..b4d672f 100755 --- a/bin/generate-systemd-vms.py +++ b/bin/generate-systemd-vms.py @@ -13,7 +13,7 @@ import shutil import sys import yaml -filepath="roles/Node/files/vm-definitions/" +filepath="../roles/Node/files/vm-definitions/" def WriteVMFile(content,hosttype,hostclass): ### Create the service files for the hosts @@ -84,7 +84,7 @@ def GenerateFiles(file): # Add service files for each host WriteVMFile(content,'managed','virtual') - WriteVMFile(content,'unmanaged','ovas', + WriteVMFile(content,'unmanaged','ovas') WriteVMFile(content,'unmanaged','test_ovas') if __name__ == '__main__': diff --git a/examples/msn0.yml b/examples/msn0.yml index bf69562..9ef93dc 100644 --- a/examples/msn0.yml +++ b/examples/msn0.yml @@ -44,39 +44,31 @@ all: ip: 10.0.1.2 mac: B8:27:EB:B6:AA:0C static: true - Core: - ipinterface: enp1s0f0 - ip: 10.0.1.3 - mac: 00:25:90:0d:6e:86 - static: true - sslidentity: aninix.net-0001 - secdetection: true - iptv_location: "Milwaukee|Madison" - aether_source: true Node0: ipinterface: enp1s0f0 ip: 10.0.1.4 mac: DE:8B:9E:19:55:1D tap: true Node1: - ipinterface: enp1s0f0 + ipinterface: enp1s0 ip: 10.0.1.5 - mac: B0:41:6F:0D:47:E1 + mac: FA:EC:43:87:4D:2D tap: true Node2: - ipinterface: enp1s0f0 + ipinterface: enp1s0 ip: 10.0.1.7 - mac: B0:41:6F:0D:41:D1 + mac: 56:02:ef:2c:1f:7c tap: true Node3: - ipinterface: enp1s0f0 + ipinterface: enp1s0 ip: 10.0.1.8 - mac: B0:41:6F:0D:51:0E + mac: B2:C6:2C:02:B2:6E tap: true virtual: # 10.0.1.16/28 vars: hosts: Sharingan: + node: Node2 ip: 10.0.1.16 ipinterface: ens3 mac: 00:15:5D:01:02:10 @@ -87,19 +79,22 @@ all: uefi: true siem: true disks: - - '-drive format=raw,index=0,media=disk,file=/dev/sdb' + - '-drive format=raw,index=0,media=disk,file=/dev/sdc' # On hold because of https://aninix.net/DarkFeather/MSN0/issues/6 holdpkg: "elasticsearch graylog mongodb44-bin mongodb-tools-bin" DarkNet: + node: Node2 ipinterface: ens3 ip: 10.0.1.17 mac: 00:15:5D:01:02:05 - cores: 2 - memory: 2 + cores: 4 + memory: 4 vnc: 9 + bridge: br0 disks: - - '-drive format=raw,index=0,media=disk,file=/dev/sdd' + - '-drive format=raw,index=0,media=disk,file=/dev/sdb' Maat: + node: Node2 ip: 10.0.1.18 ipinterface: ens3 mac: 00:15:5d:01:02:07 @@ -108,7 +103,26 @@ all: bridge: br0 vnc: 7 disks: - - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/Maat.qcow2' + - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/Maat.qcow2' + Yggdrasil: + node: Node1 + ipinterface: enp1s0f0 + ip: 10.0.1.3 + mac: 00:25:90:0d:6e:86 + static: true + sslidentity: aninix.net-0001 + secdetection: true + iptv_location: "Milwaukee|Madison" + aether_source: true + cores: 8 + memory: 16 + bridge: br0 + vnc: 1 + disks: + - '-drive format=raw,index=0,media=disk,file=/dev/sda' + - '-drive format=raw,index=0,media=disk,file=/dev/sdb' + - '-drive format=raw,index=0,media=disk,file=/dev/sdc' + - '-drive format=raw,index=0,media=disk,file=/dev/sdd' geth_hubs: # 10.0.1.32/28 vars: @@ -136,6 +150,7 @@ all: ovas: # 10.0.1.48/28 hosts: Geth: + node: Node2 ip: 10.0.1.49 mac: DE:8B:9E:19:55:1E cores: 2 @@ -144,10 +159,11 @@ all: bridge: br0 uefi: true disks: - - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/hassos_ova-5.13.qcow2' + - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/hassos_ova-5.13.qcow2' test_ovas: # 10.0.1.48/28 hosts: TDS-Jump: + node: Node2 ip: 10.0.1.48 mac: 00:15:5d:01:02:08 cores: 2 @@ -155,7 +171,7 @@ all: vnc: 4 bridge: br0 disks: - - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/TDSJump.qcow2' + - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/TDSJump.qcow2' DedNet: ip: 10.0.1.50 mac: 00:15:5d:01:02:09 @@ -164,7 +180,7 @@ all: vnc: 3 bridge: br0 disks: - - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/DedNet.qcow2' + - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/DedNet.qcow2' - '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d' Aether: ip: 10.0.1.51 @@ -185,7 +201,7 @@ all: bridge: br0 vnc: 10 disks: - - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test1.qcow2' + - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test1.qcow2' test2: ip: 10.0.1.53 ipinterface: ens3 @@ -195,7 +211,7 @@ all: bridge: br0 vnc: 11 disks: - - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test2.qcow2' + - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test2.qcow2' test3: ip: 10.0.1.54 ipinterface: ens3 @@ -205,7 +221,7 @@ all: bridge: br0 vnc: 12 disks: - - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test3.qcow2' + - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test3.qcow2' # appliances are monitored -- adhoc_appliances are convenience only and not monitored. appliances: hosts: # 10.0.1.64/27 @@ -218,12 +234,12 @@ all: Geth-Eyes: ip: 10.0.1.68 mac: 9C:A3:AA:33:A3:99 - "Core-Console": - ip: 10.0.1.74 - mac: 00:25:90:0D:82:5B - "Node0-Console": - ip: 10.0.1.75 - mac: 00:25:90:3E:C6:8C + # "Core-Console": + # ip: 10.0.1.74 + # mac: 00:25:90:0D:82:5B + # "Node0-Console": + # ip: 10.0.1.75 + # mac: 00:25:90:3E:C6:8C adhoc_appliances: hosts: # 10.0.1.64/27 DarkFeather: diff --git a/roles/ShadowArch/files/motd/Core b/roles/ShadowArch/files/motd/Yggdrasil similarity index 100% rename from roles/ShadowArch/files/motd/Core rename to roles/ShadowArch/files/motd/Yggdrasil diff --git a/roles/ShadowArch/tasks/archlinux-network.yml b/roles/ShadowArch/tasks/archlinux-network.yml index 98ebeff..35a3210 100644 --- a/roles/ShadowArch/tasks/archlinux-network.yml +++ b/roles/ShadowArch/tasks/archlinux-network.yml @@ -16,21 +16,21 @@ - name: Tap ArchLinux network config become: yes - when: tap is defined and not static is defined + #when: tap is defined and not static is defined template: - src: netctl-tap is defined.j2 + src: netctl-tap.j2 dest: "/etc/netctl/{{ ipinterface }}" - name: Bridge ArchLinux network config become: yes - when: tap is defined and not static is defined + #when: tap is defined and not static is defined template: src: netctl-bond.j2 dest: "/etc/netctl/br0" - name: Tunnel ArchLinux network config become: yes - when: tap is defined and not static is defined + #when: tap is defined and not static is defined copy: src: netctl-tun dest: "/etc/netctl/tun0" diff --git a/roles/ShadowArch/tasks/main.yml b/roles/ShadowArch/tasks/main.yml index 1d1da47..b36b249 100644 --- a/roles/ShadowArch/tasks/main.yml +++ b/roles/ShadowArch/tasks/main.yml @@ -30,26 +30,6 @@ - root - "{{ ansible_user_id }}" - - name: Base packages - vars: - ansible_become_method: su - ansible_become_password: "{{ passwords[inventory_hostname] }}" - become: yes - package: - name: - - bash - - sudo - - git - - tmux - - vim - - sysstat - - iotop - - lsof - - rsync - - xfsprogs - state: present - update_cache: yes - - name: Ensure deploy user has sudo permissions. vars: ansible_become_method: su @@ -105,6 +85,13 @@ group: root mode: 0644 + - name: Import AniNIX GPG key + vars: + ansible_become_password: "{{ passwords[inventory_hostname] }}" + become: yes + command: /bin/bash -c 'if [ ! -f /usr/share/pacman/keyrings/aninix.gpg ]; then mkdir /tmp/aninix; curl -s https://aninix.net/AniNIX/ShadowArch/raw/branch/main/EtcFiles/aninix.gpg > /tmp/aninix/pubring.gpg; pacman-key --import /tmp/aninix; pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296; fi' + when: ansible_os_family == "Archlinux" + - name: Set up apt sources.list vars: ansible_become_password: "{{ passwords[inventory_hostname] }}" @@ -120,6 +107,28 @@ mode: 0644 when: ansible_os_family == "Debian" + - name: Base packages + vars: + ansible_become_method: su + ansible_become_password: "{{ passwords[inventory_hostname] }}" + become: yes + package: + name: + - bash + - sudo + - git + - tmux + - vim + - sysstat + - iotop + - lsof + - rsync + - xfsprogs + - man-db + - man-pages + state: present + update_cache: yes + - name: Install ShadowArch (ArchLinux) vars: ansible_become_password: "{{ passwords[inventory_hostname] }}" diff --git a/roles/Sharingan/files/monit/hostdefs/Core b/roles/Sharingan/files/monit/hostdefs/Yggdrasil similarity index 100% rename from roles/Sharingan/files/monit/hostdefs/Core rename to roles/Sharingan/files/monit/hostdefs/Yggdrasil