From 8f85acce789d8e67f3ddab602a7dd18708513fef Mon Sep 17 00:00:00 2001
From: DarkFeather <ircs://aninix.net:6697/DarkFeather>
Date: Tue, 9 Nov 2021 16:01:39 -0600
Subject: [PATCH] Seeding the Cyberbrain role

---
 roles/Cyberbrain/README.md                    | 15 ++++
 roles/Cyberbrain/files/cyberbrain.conf        | 22 ++++++
 roles/Cyberbrain/files/cyberbrain.service     | 10 +++
 roles/Cyberbrain/tasks/main.yml               | 71 +++++++++++++++++++
 .../templates/cyberbrain.htpasswd.j2          |  1 +
 5 files changed, 119 insertions(+)
 create mode 100644 roles/Cyberbrain/README.md
 create mode 100644 roles/Cyberbrain/files/cyberbrain.conf
 create mode 100644 roles/Cyberbrain/files/cyberbrain.service
 create mode 100644 roles/Cyberbrain/tasks/main.yml
 create mode 100644 roles/Cyberbrain/templates/cyberbrain.htpasswd.j2

diff --git a/roles/Cyberbrain/README.md b/roles/Cyberbrain/README.md
new file mode 100644
index 0000000..9e6ac8e
--- /dev/null
+++ b/roles/Cyberbrain/README.md
@@ -0,0 +1,15 @@
+Cyberbrain is a way to ensure that so long as a person is connected to the Internet and authorized, they're able to connect to, use, and control the AniNIX. It's a web-based shell emulator for connecting to the system.
+
+**Warning**: This is a fallback measure -- browsers are still inherently less secure than hard clients like [Git Bash](https://git-scm.com/download/win) or [OpenSSH](https://www.openssh.com/portable.html).
+
+# Etymology
+A [cyberbrain](https://ghostintheshell.fandom.com/wiki/Cyberbrain) is a concept from the series *Ghost in the Shell*. It's the integration of a normal brain with electronic, usually networked components. Similarly, this app serves as a core bridge between the shell environment of the AniNIX and any authorized user.
+
+# Relevant Files and Software
+This service uses a file, [/etc/conf.d/webssh](file:///etc/conf.d/webssh), to control the service. Additionally, there's a password file [/opt/openresty/nginx/passwords/cyberbrain.htpasswd](file:///opt/openresty/nginx/passwords/cyberbrain.htpasswd) that controls an initial authentication to the webserver socket.
+
+## Backups
+No backup is needed.
+
+# Available Clients
+This uses the same clients as [AniNIX/WebServer](../WebServer). Any browser will do.
diff --git a/roles/Cyberbrain/files/cyberbrain.conf b/roles/Cyberbrain/files/cyberbrain.conf
new file mode 100644
index 0000000..271828b
--- /dev/null
+++ b/roles/Cyberbrain/files/cyberbrain.conf
@@ -0,0 +1,22 @@
+server {
+    listen      443 ssl http2;
+    server_name cyberbrain.aninix.net;
+
+    include sec.conf;
+    include default.csp.conf;
+    include letsencrypt.conf;
+
+    location /
+    {
+      auth_basic "Cyberbrain";
+      auth_basic_user_file ../passwords/cyberbrain.htpasswd;
+      proxy_pass       http://127.0.0.1:8822;
+      proxy_http_version 1.1;
+      proxy_read_timeout 300;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Real-PORT $remote_port;
+    }
+}
diff --git a/roles/Cyberbrain/files/cyberbrain.service b/roles/Cyberbrain/files/cyberbrain.service
new file mode 100644
index 0000000..4be714d
--- /dev/null
+++ b/roles/Cyberbrain/files/cyberbrain.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=AniNIX/Cyberbrain | SSH Web Front End, powered by python-webssh
+
+[Service]
+User=webssh
+EnvironmentFile=/etc/conf.d/webssh
+ExecStart=/usr/bin/wssh $WEBSSH_ARGS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/Cyberbrain/tasks/main.yml b/roles/Cyberbrain/tasks/main.yml
new file mode 100644
index 0000000..641e76a
--- /dev/null
+++ b/roles/Cyberbrain/tasks/main.yml
@@ -0,0 +1,71 @@
+---
+ - name: Install python-webssh
+   become: yes
+   package:
+     name: python-webssh
+     state: present
+
+ - name: Standardize the servicefile
+   become: yes
+   register: servicefile
+   copy: 
+     src: cyberbrain.service
+     dest: /usr/lib/systemd/system/cyberbrain.service
+     owner: root
+     group: root
+     mode: 0644
+
+ - name: Ensure default webssh service file is off.
+   become: yes
+   service:
+     name: webssh
+     state: stopped
+     enabled: no 
+
+ - systemd:
+     daemon_reload: true
+   when: servicefile.changed
+   become: yes
+
+ - name: Ensure service is restarted
+   when: servicefile.changed
+   become: yes
+   service:
+     name: cyberbrain.service
+     enabled: yes
+     state: started
+
+ - name: Ensure service is started
+   when: not servicefile.changed
+   become: yes
+   service:
+     name: cyberbrain.service
+     enabled: yes
+     state: started
+
+ - name: Add the webserver conf file
+   become: yes
+   register: webserver_conf
+   copy:
+     src: cyberbrain.conf
+     dest: /opt/openresty/nginx/conf.d/cyberbrain.conf
+     owner: root
+     group: http
+     mode: 0750
+
+ - name: Ensure the password file is seeded
+   become: yes
+   template:
+     src: cyberbrain.htpasswd.j2
+     dest: /opt/openresty/nginx/passwords/cyberbrain.htpasswd
+     owner: root
+     group: http
+     mode: 0750
+
+ - name: Reload openresty
+   become: yes
+   when: webserver_conf.changed
+   service:
+     name: openresty.service
+     state: reloaded
+
diff --git a/roles/Cyberbrain/templates/cyberbrain.htpasswd.j2 b/roles/Cyberbrain/templates/cyberbrain.htpasswd.j2
new file mode 100644
index 0000000..fcf0315
--- /dev/null
+++ b/roles/Cyberbrain/templates/cyberbrain.htpasswd.j2
@@ -0,0 +1 @@
+cyberbrain:{PLAIN}{{ passwords.Cyberbrain }}