From e5b136168ca7b9b330e5eb3bc069cce432719fd8 Mon Sep 17 00:00:00 2001 From: Brian Lee Date: Mon, 14 Aug 2023 14:37:34 -0700 Subject: [PATCH] Initialize repository for Snort role. --- .gitignore | 0 LICENSE | 17 +++++++++++++++ README.md | 46 ++++++++++++++++++++++++++++++++++++++++ defaults/main.yml | 7 ++++++ docs/examples/nginx.conf | 1 + tasks/install.yml | 23 ++++++++++++++++++++ tasks/main.yml | 9 ++++++++ tasks/setup.yml | 23 ++++++++++++++++++++ tests/inventory | 2 ++ tests/test.yml | 6 ++++++ 10 files changed, 134 insertions(+) create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 docs/examples/nginx.conf create mode 100644 tasks/install.yml create mode 100644 tasks/main.yml create mode 100644 tasks/setup.yml create mode 100644 tests/inventory create mode 100644 tests/test.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..4baac1e --- /dev/null +++ b/LICENSE @@ -0,0 +1,17 @@ +MIT No Attribution License + +Copyright (c) 2023 Brian Lee + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the “Software”), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..172456c --- /dev/null +++ b/README.md @@ -0,0 +1,46 @@ +# Ansible Role: snort + +This Ansible Role builds and installs the [snort](https://github.com/v0l/snort) Typescript frontend assets. It is intended to be composed with a separate role for the web proxy configuration. + +Tested on: + +* Archlinux +* Ubuntu 22.04 + +## Requirements + +* [ansible-role-nodejs](https://github.com/bleetube/ansible-role-nodejs) + +`requirements.yml`: + +```yaml +roles: + - src: https://github.com/bleetube/ansible-role-nodejs + name: bleetube.nodejs +``` + +It will set up node, npm, yarn, and n using the nodesource Debian repositories. + +## Dependencies + +* [nginx_conf](docs/examples/nginx_conf.yml) (optional) + +## Role Variables + +See the role [defaults](defaults/main.yml). For a working example, see this [homelab stack](https://github.com/bleetube/satstack). + +## Example Playbook + +This role should not be run as root. + +```yaml +- hosts: snort + roles: + - role: nginxinc.nginx_core.nginx + become: true + - role: bleetube.snort + tags: snort + tasks: + - import_tasks: nginx_conf.yml + become: true +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..b215821 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,7 @@ +--- +node_version: 16 +snort_root_path: /var/www/snort +snort_repository_url: https://github.com/v0l/snort.git +snort_version: main # follow main branch +snort_devmode: no +snort_repository_path: "{{ ansible_env.HOME }}/src/snort" \ No newline at end of file diff --git a/docs/examples/nginx.conf b/docs/examples/nginx.conf new file mode 100644 index 0000000..dcd7da3 --- /dev/null +++ b/docs/examples/nginx.conf @@ -0,0 +1 @@ +--- # WIP \ No newline at end of file diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..365d828 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,23 @@ +--- +- name: Ensure requirements using yarn + ansible.builtin.command: + cmd: yarn + chdir: "{{ snort_repository_path }}" + when: snort_devmode or git_repository.changed + +- name: Build the frontend assets using yarn build + ansible.builtin.command: + cmd: yarn build + chdir: "{{ snort_repository_path }}" + when: snort_devmode or git_repository.changed + +- name: Copy frontend assets for the web proxy to serve directly + ansible.builtin.copy: + src: "{{ snort_repository_path }}/{{ item }}" + dest: "{{ snort_root_path }}" + remote_src: yes + become: yes + loop: + - packages/app/build/ + - packages/app/public/ + \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..fd27f64 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Assert that we are not logged in as root + assert: + that: + - ansible_user_id != 'root' + fail_msg: "This role builds Javascript assets and should not be run as root. It will escalate privileges as needed." + +- import_tasks: setup.yml +- import_tasks: install.yml diff --git a/tasks/setup.yml b/tasks/setup.yml new file mode 100644 index 0000000..9dd9597 --- /dev/null +++ b/tasks/setup.yml @@ -0,0 +1,23 @@ +--- +- name: Ensure root path + ansible.builtin.file: + path: "{{ snort_root_path }}" + state: directory + mode: '0755' + become: yes + +- name: Clone git repository + ansible.builtin.git: + repo: "{{ snort_repository_url }}" + dest: "{{ snort_repository_path }}" + version: "{{ snort_version }}" + force: true + register: git_repository + when: not snort_devmode + +- name: "Ensure node is version {{ node_version }}" + ansible.builtin.command: + cmd: "n {{ node_version }}" + chdir: "{{ snort_repository_path }}" + when: snort_devmode or git_repository.changed + become: yes diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..879967c --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: localhost + remote_user: root + connection: local + roles: + - peertube