AniNIX/Kapisi
AniNIX/Kapisi
3
0
Fork 0
Code Issues 25 Pull Requests Projects 1 Releases Wiki Activity

Virtualizing Core host as Yggdrasil VM

Browse Source
This commit is contained in:
DarkFeather 2023-12-07 13:28:54 -06:00
parent 7b98c953b1
commit 50167c0f03
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
7 changed files with 85 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
PKGBUILD
View File

@ -4,10 +4,10 @@ pkgrel=1
pkgrel() { pkgrel() {
git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit
} }
epoch= epoch="$(git log | grep -c commit)"
pkgdesc="$(head -n 1 README.md)" pkgdesc="$(head -n 1 README.md)"
arch=("x86_64") arch=("x86_64")
url="https://aninix.net/foundation/${pkgname}" url="$(git config remote.origin.url | sed 's/.git$//')"
license=('custom') license=('custom')
groups=() groups=()
depends=('bash>=4.4' 'python>=3.11' 'ansible>=8.3' 'tmux' 'openssh') depends=('bash>=4.4' 'python>=3.11' 'ansible>=8.3' 'tmux' 'openssh')

4
bin/generate-systemd-vms.py
View File

@ -13,7 +13,7 @@ import shutil
import sys import sys
import yaml import yaml
filepath="roles/Node/files/vm-definitions/" filepath="../roles/Node/files/vm-definitions/"
def WriteVMFile(content,hosttype,hostclass): def WriteVMFile(content,hosttype,hostclass):
### Create the service files for the hosts ### Create the service files for the hosts
@ -84,7 +84,7 @@ def GenerateFiles(file):
# Add service files for each host # Add service files for each host
WriteVMFile(content,'managed','virtual') WriteVMFile(content,'managed','virtual')
WriteVMFile(content,'unmanaged','ovas', WriteVMFile(content,'unmanaged','ovas')
WriteVMFile(content,'unmanaged','test_ovas') WriteVMFile(content,'unmanaged','test_ovas')
if __name__ == '__main__': if __name__ == '__main__':

80
examples/msn0.yml
View File

@ -44,39 +44,31 @@ all:
ip: 10.0.1.2 ip: 10.0.1.2
mac: B8:27:EB:B6:AA:0C mac: B8:27:EB:B6:AA:0C
static: true static: true
Core:
ipinterface: enp1s0f0
ip: 10.0.1.3
mac: 00:25:90:0d:6e:86
static: true
sslidentity: aninix.net-0001
secdetection: true
iptv_location: "Milwaukee|Madison"
aether_source: true
Node0: Node0:
ipinterface: enp1s0f0 ipinterface: enp1s0f0
ip: 10.0.1.4 ip: 10.0.1.4
mac: DE:8B:9E:19:55:1D mac: DE:8B:9E:19:55:1D
tap: true tap: true
Node1: Node1:
ipinterface: enp1s0f0 ipinterface: enp1s0
ip: 10.0.1.5 ip: 10.0.1.5
mac: B0:41:6F:0D:47:E1 mac: FA:EC:43:87:4D:2D
tap: true tap: true
Node2: Node2:
ipinterface: enp1s0f0 ipinterface: enp1s0
ip: 10.0.1.7 ip: 10.0.1.7
mac: B0:41:6F:0D:41:D1 mac: 56:02:ef:2c:1f:7c
tap: true tap: true
Node3: Node3:
ipinterface: enp1s0f0 ipinterface: enp1s0
ip: 10.0.1.8 ip: 10.0.1.8
mac: B0:41:6F:0D:51:0E mac: B2:C6:2C:02:B2:6E
tap: true tap: true
virtual: # 10.0.1.16/28 virtual: # 10.0.1.16/28
vars: vars:
hosts: hosts:
Sharingan: Sharingan:
node: Node2
ip: 10.0.1.16 ip: 10.0.1.16
ipinterface: ens3 ipinterface: ens3
mac: 00:15:5D:01:02:10 mac: 00:15:5D:01:02:10
@ -87,19 +79,22 @@ all:
uefi: true uefi: true
siem: true siem: true
disks: disks:
- '-drive format=raw,index=0,media=disk,file=/dev/sdb' - '-drive format=raw,index=0,media=disk,file=/dev/sdc'
# On hold because of https://aninix.net/DarkFeather/MSN0/issues/6 # On hold because of https://aninix.net/DarkFeather/MSN0/issues/6
holdpkg: "elasticsearch graylog mongodb44-bin mongodb-tools-bin" holdpkg: "elasticsearch graylog mongodb44-bin mongodb-tools-bin"
DarkNet: DarkNet:
node: Node2
ipinterface: ens3 ipinterface: ens3
ip: 10.0.1.17 ip: 10.0.1.17
mac: 00:15:5D:01:02:05 mac: 00:15:5D:01:02:05
cores: 2 cores: 4
memory: 2 memory: 4
vnc: 9 vnc: 9
bridge: br0
disks: disks:
- '-drive format=raw,index=0,media=disk,file=/dev/sdd' - '-drive format=raw,index=0,media=disk,file=/dev/sdb'
Maat: Maat:
node: Node2
ip: 10.0.1.18 ip: 10.0.1.18
ipinterface: ens3 ipinterface: ens3
mac: 00:15:5d:01:02:07 mac: 00:15:5d:01:02:07
@ -108,7 +103,26 @@ all:
bridge: br0 bridge: br0
vnc: 7 vnc: 7
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/Maat.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/Maat.qcow2'
Yggdrasil:
node: Node1
ipinterface: enp1s0f0
ip: 10.0.1.3
mac: 00:25:90:0d:6e:86
static: true
sslidentity: aninix.net-0001
secdetection: true
iptv_location: "Milwaukee|Madison"
aether_source: true
cores: 8
memory: 16
bridge: br0
vnc: 1
disks:
- '-drive format=raw,index=0,media=disk,file=/dev/sda'
- '-drive format=raw,index=0,media=disk,file=/dev/sdb'
- '-drive format=raw,index=0,media=disk,file=/dev/sdc'
- '-drive format=raw,index=0,media=disk,file=/dev/sdd'
geth_hubs: # 10.0.1.32/28 geth_hubs: # 10.0.1.32/28
vars: vars:
@ -136,6 +150,7 @@ all:
ovas: # 10.0.1.48/28 ovas: # 10.0.1.48/28
hosts: hosts:
Geth: Geth:
node: Node2
ip: 10.0.1.49 ip: 10.0.1.49
mac: DE:8B:9E:19:55:1E mac: DE:8B:9E:19:55:1E
cores: 2 cores: 2
@ -144,10 +159,11 @@ all:
bridge: br0 bridge: br0
uefi: true uefi: true
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/hassos_ova-5.13.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/hassos_ova-5.13.qcow2'
test_ovas: # 10.0.1.48/28 test_ovas: # 10.0.1.48/28
hosts: hosts:
TDS-Jump: TDS-Jump:
node: Node2
ip: 10.0.1.48 ip: 10.0.1.48
mac: 00:15:5d:01:02:08 mac: 00:15:5d:01:02:08
cores: 2 cores: 2
@ -155,7 +171,7 @@ all:
vnc: 4 vnc: 4
bridge: br0 bridge: br0
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/TDSJump.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/TDSJump.qcow2'
DedNet: DedNet:
ip: 10.0.1.50 ip: 10.0.1.50
mac: 00:15:5d:01:02:09 mac: 00:15:5d:01:02:09
@ -164,7 +180,7 @@ all:
vnc: 3 vnc: 3
bridge: br0 bridge: br0
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/DedNet.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/DedNet.qcow2'
- '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d' - '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d'
Aether: Aether:
ip: 10.0.1.51 ip: 10.0.1.51
@ -185,7 +201,7 @@ all:
bridge: br0 bridge: br0
vnc: 10 vnc: 10
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test1.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test1.qcow2'
test2: test2:
ip: 10.0.1.53 ip: 10.0.1.53
ipinterface: ens3 ipinterface: ens3
@ -195,7 +211,7 @@ all:
bridge: br0 bridge: br0
vnc: 11 vnc: 11
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test2.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test2.qcow2'
test3: test3:
ip: 10.0.1.54 ip: 10.0.1.54
ipinterface: ens3 ipinterface: ens3
@ -205,7 +221,7 @@ all:
bridge: br0 bridge: br0
vnc: 12 vnc: 12
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test3.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test3.qcow2'
# appliances are monitored -- adhoc_appliances are convenience only and not monitored. # appliances are monitored -- adhoc_appliances are convenience only and not monitored.
appliances: appliances:
hosts: # 10.0.1.64/27 hosts: # 10.0.1.64/27
@ -218,12 +234,12 @@ all:
Geth-Eyes: Geth-Eyes:
ip: 10.0.1.68 ip: 10.0.1.68
mac: 9C:A3:AA:33:A3:99 mac: 9C:A3:AA:33:A3:99
"Core-Console": # "Core-Console":
ip: 10.0.1.74 # ip: 10.0.1.74
mac: 00:25:90:0D:82:5B # mac: 00:25:90:0D:82:5B
"Node0-Console": # "Node0-Console":
ip: 10.0.1.75 # ip: 10.0.1.75
mac: 00:25:90:3E:C6:8C # mac: 00:25:90:3E:C6:8C
adhoc_appliances: adhoc_appliances:
hosts: # 10.0.1.64/27 hosts: # 10.0.1.64/27
DarkFeather: DarkFeather:

0
roles/ShadowArch/files/motd/Core → roles/ShadowArch/files/motd/Yggdrasil
View File

8
roles/ShadowArch/tasks/archlinux-network.yml
View File

@ -16,21 +16,21 @@
- name: Tap ArchLinux network config - name: Tap ArchLinux network config
become: yes become: yes
when: tap is defined and not static is defined #when: tap is defined and not static is defined
template: template:
src: netctl-tap is defined.j2 src: netctl-tap.j2
dest: "/etc/netctl/{{ ipinterface }}" dest: "/etc/netctl/{{ ipinterface }}"
- name: Bridge ArchLinux network config - name: Bridge ArchLinux network config
become: yes become: yes
when: tap is defined and not static is defined #when: tap is defined and not static is defined
template: template:
src: netctl-bond.j2 src: netctl-bond.j2
dest: "/etc/netctl/br0" dest: "/etc/netctl/br0"
- name: Tunnel ArchLinux network config - name: Tunnel ArchLinux network config
become: yes become: yes
when: tap is defined and not static is defined #when: tap is defined and not static is defined
copy: copy:
src: netctl-tun src: netctl-tun
dest: "/etc/netctl/tun0" dest: "/etc/netctl/tun0"

49
roles/ShadowArch/tasks/main.yml
View File

@ -30,26 +30,6 @@
- root - root
- "{{ ansible_user_id }}" - "{{ ansible_user_id }}"
- name: Base packages
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
package:
name:
- bash
- sudo
- git
- tmux
- vim
- sysstat
- iotop
- lsof
- rsync
- xfsprogs
state: present
update_cache: yes
- name: Ensure deploy user has sudo permissions. - name: Ensure deploy user has sudo permissions.
vars: vars:
ansible_become_method: su ansible_become_method: su
@ -105,6 +85,13 @@
group: root group: root
mode: 0644 mode: 0644
- name: Import AniNIX GPG key
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
command: /bin/bash -c 'if [ ! -f /usr/share/pacman/keyrings/aninix.gpg ]; then mkdir /tmp/aninix; curl -s https://aninix.net/AniNIX/ShadowArch/raw/branch/main/EtcFiles/aninix.gpg > /tmp/aninix/pubring.gpg; pacman-key --import /tmp/aninix; pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296; fi'
when: ansible_os_family == "Archlinux"
- name: Set up apt sources.list - name: Set up apt sources.list
vars: vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}" ansible_become_password: "{{ passwords[inventory_hostname] }}"
@ -120,6 +107,28 @@
mode: 0644 mode: 0644
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: Base packages
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
package:
name:
- bash
- sudo
- git
- tmux
- vim
- sysstat
- iotop
- lsof
- rsync
- xfsprogs
- man-db
- man-pages
state: present
update_cache: yes
- name: Install ShadowArch (ArchLinux) - name: Install ShadowArch (ArchLinux)
vars: vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}" ansible_become_password: "{{ passwords[inventory_hostname] }}"

0
roles/Sharingan/files/monit/hostdefs/Core → roles/Sharingan/files/monit/hostdefs/Yggdrasil
View File