From e46a671a7e1c469101f1174b5f95f138f90c43ee Mon Sep 17 00:00:00 2001 From: Mauro Rosero P Date: Sun, 5 Jan 2025 22:12:29 -0500 Subject: [PATCH] =?UTF-8?q?[IMPROVED]=20Gesti=C3=B3n=20de=20Usuarios=20PRI?= =?UTF-8?q?TUNL=20VPN=20-=20Crea=20usuario=20-=20Elimina=20usuario=20-=20H?= =?UTF-8?q?abilita=20y=20deshabilita=20usuario=20(modulo=20ansible=20falla?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 7 + bin/ansible/includes/load_messages.yaml | 15 ++ bin/ansible/includes/sops_credentials.yaml | 26 +++ bin/ansible/messages/MESG-ES.yaml | 20 +++ bin/ansible/pritunl_users.yaml | 133 ++++++++++++++ bin/lib/console.lib | 32 ++++ bin/msg/head.es | 1 + bin/msg/pritunl.es | 48 +++++ bin/vpn_users.sh | 197 +++++++++++++++++++++ inventory/base.ini | 12 ++ inventory/group_vars/all/connection.yaml | 66 +++++++ inventory/group_vars/all/owner.yaml | 34 ++++ inventory/group_vars/all/sops.yaml | 19 ++ 13 files changed, 610 insertions(+) create mode 100644 bin/ansible/includes/load_messages.yaml create mode 100644 bin/ansible/includes/sops_credentials.yaml create mode 100644 bin/ansible/messages/MESG-ES.yaml create mode 100644 bin/ansible/pritunl_users.yaml create mode 100644 bin/msg/pritunl.es create mode 100755 bin/vpn_users.sh create mode 100644 inventory/base.ini create mode 100644 inventory/group_vars/all/connection.yaml create mode 100644 inventory/group_vars/all/owner.yaml create mode 100644 inventory/group_vars/all/sops.yaml diff --git a/.gitignore b/.gitignore index 33502d5..19068a0 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,9 @@ !bin/lib/ !bin/msg/ !bin/config/ +!bin/ansible/ +!inventory +!templates # Permitir el seguimiento de archivos específicos # !archivo1.txt @@ -22,3 +25,7 @@ !bin/lib/* !bin/msg/* !bin/config/* +!bin/ansible/** +!inventory/** +!templates/** +!sops/*.yaml diff --git a/bin/ansible/includes/load_messages.yaml b/bin/ansible/includes/load_messages.yaml new file mode 100644 index 0000000..4a83b86 --- /dev/null +++ b/bin/ansible/includes/load_messages.yaml @@ -0,0 +1,15 @@ +--- +# Include: includes/load_messages.yaml +# Description: load messages languages +# Author: Mauro Rosero P. +# Email: mauro@rosero.one (mauro.rosero@gmail.com) +# Organization: ROSERO ONE +# Created: Ene 04, 2025 12:00:00 +# Updated: 2025-01-05 00:00:00 + + - name: Include language vars messages file + ansible.builtin.include_vars: + file: '{{ messages_file }}' + name: messages + connection: local + become: no diff --git a/bin/ansible/includes/sops_credentials.yaml b/bin/ansible/includes/sops_credentials.yaml new file mode 100644 index 0000000..26817bf --- /dev/null +++ b/bin/ansible/includes/sops_credentials.yaml @@ -0,0 +1,26 @@ +--- +# Include: includes/sops_credentials.yaml +# Description: Get sops secure encrypted credentials +# Author: Mauro Rosero P. +# Email: mauro@rosero.one (mauro.rosero@gmail.com) +# Organization: ROSERO ONE +# Created: Ene 04, 2025 12:00:00 +# Updated: 2025-01-05 00:00:00 + + - name: Get if credential access exists + ansible.builtin.stat: + path: "{{ sops_file }}" + register: credentials_access + connection: local + become: no + + - name: Check if credentials access exists + ansible.builtin.assert: + that: + - credentials_access.stat.exists + fail_msg: "{{ messages.console.error.no_credentials }}" + quiet: true + + - name: Get sops credentials access vars + set_fact: + sops_vars: "{{ lookup('community.sops.sops', sops_file, input_type='yaml', output_type='yaml') | from_yaml }}" diff --git a/bin/ansible/messages/MESG-ES.yaml b/bin/ansible/messages/MESG-ES.yaml new file mode 100644 index 0000000..109f212 --- /dev/null +++ b/bin/ansible/messages/MESG-ES.yaml @@ -0,0 +1,20 @@ +--- +# ROSERO.ONE PERSONAL PLATFORM +# ANSIBLE MESSAGES (ES) +# File bin/ansible/messages/MESG-ES.yaml +# Global Definitions & Parameters +# Created 2024-03-14-00:12:00 +# Updated 2024-06-01-00:41:00 + + console: + info: + hello: "{{ info }}Bienvenido, esto es una prueba" + warn: + hello: "{{ warn }}Bienvenido, esto es una prueba" + error: + hello: "{{ fail }}Bienvenido, esto es una prueba" + no_credentials: "{{ fail }}Archivo de credenciales sops no definido!" + credentials_fail: "{{ fail }}Archivo de credenciales es incorrecto!" + no_pritunl_user: "{{ fail }}USUARIO PRITUNL VPN no fue definido!" + no_pritunl_email: "{{ fail }}Correo electrónico de USUARIO PRITUNL VPN no fue definido!" + no_pritunl_action: "{{ fail }}Acción para gestión de USUARIO PRITUNL VPN es invalida!" diff --git a/bin/ansible/pritunl_users.yaml b/bin/ansible/pritunl_users.yaml new file mode 100644 index 0000000..166ac98 --- /dev/null +++ b/bin/ansible/pritunl_users.yaml @@ -0,0 +1,133 @@ +--- +# Devops Ansible Script +# Playbook: pritunl_users.yaml +# Description: Add, enable, disable or remove pritunl vpn users +# Author: Mauro Rosero P. +# Email: mauro@rosero.one (mauro.rosero@gmail.com) +# Organization: ROSERO ONE +# Created: Ene 04, 2025 12:00:00 +# Updated: 2025-01-05 00:00:00 + + +- name: PLAYBOOK - {{ playbook_program | upper }} ({{ playbook_description | upper }}) + hosts: [localhost] + become: no + gather_facts: no + + vars: + playbook_program: 'pritunl_users' + playbook_description: 'Add, enable, disable or remove pritunl vpn users' + managed_sufix: 'pritunl-vpn' + main_action: 'MANAGE PRITUNL VPN USERS' + language: "{{ lang_modified | default(default_lang, true) }}" + messages_file: "{{ messages_path }}/{{ messages_prefix | upper}}-{{ language | upper }}.yaml" + + pre_tasks: + + - name: PRE -- LOAD FULL LANGUAGE MESSAGES FOR THIS PLAYBOOK + include_tasks: + file: includes/load_messages.yaml + run_once: true + + - name: PRE -- SET PRITUNL VPN CREDENTIALS SOPS FILE + set_fact: + sops_file: '{{ sops_vpnadm_file }}' + + - name: PRE -- GET REQUIRED SOPS CREDENTIALS + include_tasks: + file: includes/sops_credentials.yaml + run_once: true + + - name: Check for succesfull credential vars loaded + ansible.builtin.assert: + that: + - sops_vars is defined + - sops_vars.PRITUNL_SECRET is defined + - sops_vars.PRITUNL_TOKEN is defined + fail_msg: "{{ messages.console.error.credentials_fail }}" + quiet: true + run_once: true + + - name: Check if pritunl action is defined + ansible.builtin.assert: + that: + - input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action in ["add", "remove", "enable", "disable"] ) + fail_msg: "{{ messages.console.error.no_pritunl_action }}" + quiet: true + run_once: true + + - name: Check if pritunl user is defined + ansible.builtin.assert: + that: + - input_pritunl_user is defined + fail_msg: "{{ messages.console.error.no_pritunl_user }}" + quiet: true + run_once: true + + - name: Check if pritunl email for user is defined + ansible.builtin.assert: + that: + - input_pritunl_email is defined + fail_msg: "{{ messages.console.error.no_pritunl_email }}" + quiet: true + when: input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action != "remove" ) + run_once: true + + tasks: + + - block: + + - name: --|| WAIT FOR SERVER(S) CONNECTION + wait_for_connection: + timeout: '{{ sysop_timeout_connection | int }}' + when: ansible_connection is defined and ansible_connection != 'local' + + - block: + + - name: --|| ADD PRITUNL VPN USER ({{ input_pritunl_user | upper }}) + community.general.pritunl_user: + pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}" + pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}" + pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}" + organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}" + user_name: '{{ input_pritunl_user | lower }}' + user_email: '{{ input_pritunl_email | lower }}' + user_disabled: '{{ platform_pritunl_usr_default }}' + user_gravatar: '{{ platform_pritunl_img_default }}' + when: input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action == 'add' ) + + - name: --|| REMOVE PRITUNL VPN USER ({{ input_pritunl_user | upper }}) + community.general.pritunl_user: + pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}" + pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}" + pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}" + state: absent + organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}" + user_name: '{{ input_pritunl_user | lower }}' + when: input_pritunl_action is defined and input_pritunl_action == 'remove' + + - name: --|| ENABLE PRITUNL VPN USER ({{ input_pritunl_user | upper }}) + community.general.pritunl_user: + pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}" + pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}" + pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}" + organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}" + user_name: '{{ input_pritunl_user | lower }}' + user_email: '{{ input_pritunl_email | lower }}' + user_disabled: false + when: input_pritunl_action is defined and input_pritunl_action == 'enable' + + - name: --|| DISABLE PRITUNL VPN USER ({{ input_pritunl_user | upper }}) + community.general.pritunl_user: + pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}" + pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}" + pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}" + organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}" + user_name: '{{ input_pritunl_user | lower }}' + user_email: '{{ input_pritunl_email | lower }}' + user_disabled: true + when: input_pritunl_action is defined and input_pritunl_action == 'disable' + + when: true + + when: true diff --git a/bin/lib/console.lib b/bin/lib/console.lib index 33ca0ca..7fdb60d 100755 --- a/bin/lib/console.lib +++ b/bin/lib/console.lib @@ -123,6 +123,38 @@ function dialog_input_menu() { } +# Dialog Main Menu +function menu_actions() { + local head_menu="$1" + local keys=$(echo -e "$2") + local rows=$3 + options=() + + + while IFS= read -r line + do + name=$(echo "$line" | cut -d':' -f2) + index=$(echo "$line" | cut -d':' -f1) + options+=("${index}" "${name}") + ((rows++)) + done <<< "$keys" + + choice=$(dialog --clear \ + --erase-on-exit \ + --cancel-label "${head_exit}" \ + --backtitle "${title}" \ + --title "${apps_title}" \ + --menu "\n${head_menu}" \ + ${rows} 56 2 \ + "${options[@]}" \ + 2>&1 >/dev/tty) + if [ $? -ne 0 ] + then + choice="${head_key_end}" + fi + echo "${choice}" +} + # Dialog Select File Box Input function dialog_input_filepath() { diff --git a/bin/msg/head.es b/bin/msg/head.es index 94d8734..cd5933e 100644 --- a/bin/msg/head.es +++ b/bin/msg/head.es @@ -37,6 +37,7 @@ head_nodockerfile="No existe el archivo de configuración Dockerfile" head_nobuilded="No se pudo completar la construcción del contenedor" head_builded="Construcción del contenedor completada!" head_zip="Utilitario zip no ha sido instalado!" +head_key_end="999999END" head_container="Generando contenedor" label_email="Correo Electrónico:" diff --git a/bin/msg/pritunl.es b/bin/msg/pritunl.es new file mode 100644 index 0000000..576a671 --- /dev/null +++ b/bin/msg/pritunl.es @@ -0,0 +1,48 @@ +#!/usr/bin/env bash +#bash script : pritunl.es +#apps : Pritunl VPN Utilities +#description : Pritunl VPN Translate Messages (es) +#author : MRP/mrp - Mauro Rosero P. +#company email : mauro@rosero.one +#personal email : mauro.rosero@gmail.com +#date : 20250101 +#version : 1.0.2 +#notes : +#============================================================================== +#============================================================================== + +plmsg_000="(PRITUNL VPN TOOLS)" +plmsg_001="- PRITUNL VPN" +plmsg_002="Ansible no ha sido instalado!" +plmsg_003_1="Uso:" +plmsg_003_2="[--help] [--version] " +plmsg_004="Descripción: Este script permite gestionar usuarios de PRITUNL VPN." +plmsg_005="Opciones:" +plmsg_006=" --help Muestra este mensaje de ayuda." +plmsg_007=" --version Muestra la versión del script." + +plmsg_100="MENÚ PRINCIPAL" +plmsg_101="GESTIÓN DE USUARIOS VPN" + +# plmnu_000 - User Main Manu Keys +plmnu_k01="C" +plmnu_k02="A" +plmnu_k03="I" +plmnu_k04="E" + +# plmnu_000 - User Main Manu Display Actions +plmnu_000="${plmnu_k01}:Crear Usuario" +plmnu_000="${plmnu_000}\n${plmnu_k02}:Activar Usuario" +plmnu_000="${plmnu_000}\n${plmnu_k03}:Inhabilitar Usuario" +plmnu_000="${plmnu_000}\n${plmnu_k04}:Eliminar Usuario" + +# Input: Organización PRITUNL VPN +pllbl_000="Organización VPN" +plhlp_000="Código de Organización VPN para el usuario" +# Input: Usuario PRITUNL VPN +pllbl_001="Usuario VPN" +plhlp_001="Identifique el usuario VPN (minúsculas, sin caracteres especiales y espacios)" +# Input: Email VPN +pllbl_002="Email VPN" +plhlp_002="Correo Electrónico del Usuario VPN" + diff --git a/bin/vpn_users.sh b/bin/vpn_users.sh new file mode 100755 index 0000000..06346d6 --- /dev/null +++ b/bin/vpn_users.sh @@ -0,0 +1,197 @@ +#!/bin/bash +# +# vpn_users.sh +# Modified: 2024/12/01 15:27:00 +# Derechos de Autor (C) [2025] [Mauro Rosero P. (mauro.rosero@gmail.com)] +# +# Este programa es software libre: usted puede redistribuirlo y/o modificarlo +# bajo los términos de la Licencia Pública Affero General de GNU tal como +# lo publica la Free Software Foundation, ya sea la versión 3 de la licencia, +# o (a su elección) cualquier versión posterior. +# +# Este programa se distribuye con la esperanza de que sea útil, +# pero SIN NINGUNA GARANTÍA; sin siquiera la garantía implícita de +# COMERCIABILIDAD o IDONEIDAD PARA UN PROPÓSITO PARTICULAR. Consulte la +# Licencia Pública Affero General de GNU para obtener más detalles. +# +# Debería haber recibido una copia de la Licencia Pública Affero General +# junto con este programa. Si no la recibió, consulte . + +DEVSPATH=devs +BIN_HOME=$HOME/$DEVSPATH +BIN_MESG=bin/msg +BIN_LIBS=bin/lib +VERSION=1.0.1 + +# CHECK SHELL LANGUAGE +BIN_LANG=${LANG:0:2} + +# LOAD BASE BASH LIBRARY +source $BIN_HOME/$BIN_LIBS/base.lib +#baselib_test + + +# LOAD CONSOLE BASH LIBRARY +source $BIN_HOME/$BIN_LIBS/console.lib +#consolelib_test + + +# Load head messages +load_messages $BIN_HOME $BIN_MESG $BIN_LANG "head" + +# Load head messages +load_messages $BIN_HOME $BIN_MESG $BIN_LANG "pritunl" + +# Function to display help message +function help() { + echo "$plmsg_003_1 $0 $plmsg_003_2" + echo "$plmsg_004" + echo "$plmsg_005" + echo "$plmsg_006" + echo "$plmsg_007" +} + +# Function to capture data to add, enable, disable, remove pritunl vpn users +function vpn_pritunl_users_form() { + + local action=$1 + + declare -a response c_lbl, c_hlp, c_mod, c_opt, c_val, c_dat, c_def + + # Input: Organization Pritunl VPN + c_lbl[0]="${pllbl_000}" + c_hlp[0]="${plhlp_000}" + c_mod[0]=1 + c_opt[0]=0 + c_def[0]="CUSTOMERS" + c_val[0]=0 + c_dat[0]="" + # Input: User Pritunl VPN + c_lbl[1]="${pllbl_001}" + c_hlp[1]="${plhlp_001}" + c_mod[1]=1 + c_opt[1]=0 + c_def[1]="" + c_val[1]=0 + c_dat[1]="" + # Input count + c_end=2 + if [ "${action}" != "remove" ]; then + # Input count + c_end=3 + # Input: User Email Pritunl VPN + i=2 + c_lbl[$i]="${pllbl_002}" + c_hlp[$i]="${plhlp_002}" + c_mod[$i]=1 + c_opt[$i]=0 + c_def[$i]="" + c_val[$i]=010 + c_dat[$i]="" + fi + + dialog_form + if [ $? -eq 0 ] + then + display_text_header ${BIN_HOME} "${plmsg_000} ${plmsg_101}" + if [ "${action}" != "remove" ] + then + ansible-playbook -i ${BIN_HOME}/inventory/base.ini ${BIN_HOME}/bin/ansible/pritunl_users.yaml \ + -e "input_pritunl_action=${action} input_pritunl_org=${response[0]} input_pritunl_user=${response[1]} input_pritunl_email=${response[2]}" + else + ansible-playbook -i $BIN_HOME/inventory/base.ini ${BIN_HOME}/bin/ansible/pritunl_users.yaml \ + -e "input_pritunl_action=${action} input_pritunl_org=${response[0]} input_pritunl_user=${response[1]}" + fi + read -p "${head_pause}" + return 0 + fi +} + +########### MAIN PROGRAM ########### + +# Check if dialog is not installed, exited! +if ! command -v dialog >/dev/null 2>&1 +then + display_text_header ${BIN_HOME} "${plmsg_000} ${plmsg_101}" + echo "${head_001}" + exit 200 +fi + +# Check if ansible-playbook is not installed, exited! +if ! command -v ansible-playbook >/dev/null 2>&1 +then + display_text_header ${BIN_HOME} "${plmsg_000} ${plmsg_101}" + echo "${plmsg_002}" + exit 210 +fi + +# Check for arguments option +help=false +version=false +while [[ $# -gt 0 ]]; do + case $1 in + --help) + help=true + shift + ;; + --version) + version=true + shift + ;; + esac +done + +# Check to show help +if $help; then + help + exit 0 +fi + +# Check to show command version +if $version; then + echo "${head_version} ${VERSION}" + exit 0 +fi + +# Set program title +APPS_NAME="${head_000} ${head_002}" +title="${APPS_NAME} ${plmsg_001}" +apps_title="${plmsg_101}" + +# Check if os is valid! +get_osname +if [ "${os_name}" == "${head_unknow}" ] +then + dialog_error_box "${head_error}" "${head_os_error}" + exit 3 +fi + +# Main Menu (users actions) +menu_option="" +menu_action="" +while [ "${menu_option}" != "${head_key_end}" ] +do + menu_option=$(menu_actions "${plmsg_100}" "${plmnu_000}" 8) + case "${menu_option}" in + "${plmnu_k01}") + menu_action="add" + vpn_pritunl_users_form "${menu_action}" + ;; + "${plmnu_k02}") + menu_action="enable" + vpn_pritunl_users_form "${menu_action}" + ;; + "${plmnu_k03}") + menu_action="disable" + vpn_pritunl_users_form "${menu_action}" + ;; + "${plmnu_k04}") + menu_action="remove" + vpn_pritunl_users_form "${menu_action}" + ;; + esac +done + +# Clear console and exit +clear +exit 0 diff --git a/inventory/base.ini b/inventory/base.ini new file mode 100644 index 0000000..d0de2e4 --- /dev/null +++ b/inventory/base.ini @@ -0,0 +1,12 @@ +# DEVOPS PLATFORM BASE INVENTORY +# File inventory/base.ini +# Created 2024-06-14-00:12:00 +# Updated 2024-06-14-00:12:00 + +[all] +localhost ansible_connection=local +stations ansible_connection=local + +[install] +stations + diff --git a/inventory/group_vars/all/connection.yaml b/inventory/group_vars/all/connection.yaml new file mode 100644 index 0000000..030ee00 --- /dev/null +++ b/inventory/group_vars/all/connection.yaml @@ -0,0 +1,66 @@ +--- +# DEVS ANSIBLE DEFINITIONS +# File inventory/group_vars/all/connections.yml +# Global Definitions & Parameters +# Created 2024-03-14-00:12:00 +# Updated 2024-06-01-00:41:00 + +# Devops Default Path Configuration + +# Base & Default configuration + timeout_connection: 15 + bootstrap_wait_for_host: false + default_tz: "America/Panama" + default_lang: "{{ lookup('env','DEVS_LANG') | default('es', true) }}" + timezone: "{{ lookup('env','TZ') | default(default_tz, true) }}" + ansible_ssh_common_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" + ansible_python_interpreter: /usr/bin/python3 + ansible_today: "{{ lookup('pipe','date +%Y-%m-%d-%H:%M:%S') }}" + +# Base paths + devs_default: "{{ lookup('env','DEVS_DEFAULT') | default('devs', true) }}" + home_path: "{{ lookup('env','HOME') }}" + initial_path: "{{ lookup('env','AWXPATH') | default(home_path + '/' + devs_default, true) }}" + bin_path: "{{ initial_path }}/bin" + playbook_path: "{{ bin_path }}/ansible" + include_path: "{{ playbook_path }}/includes" + role_path: "{{ playbook_path }}/roles" + collection_path: "{{ playbook_path }}/collections" + assert_path: "{{ playbook_path }}/asserts" + +# Inventory paths + inventory_default: "{{ initial_path }}/inventory }}/" + inventory_path: "{{ lookup('env','INV_PATH') | default(inventory_default, true) }}" + inventory_group_path: "{{ lookup('env','INV_GROUP') | default(inventory_path + 'group_vars', true) }}" + inventory_host_path: "{{ lookup('env','INV_HOST') | default(inventory_path + 'host_vars', true) }}" + inventory_all_path: "{{ lookup('env','INV_ALL') | default(default(inventory_group_path + '/all', true) }}" + +# Messages definitions + messages_path: "{{ lookup('env','MESSAGES_PATH')| default(playbook_path + '/messages', true) }}" + messages_prefix: "MESG" + +# ssh configuration + ssh_default_path: "{{ home_path }}/.ssh" + ssh_prefix_devops: id_github_rsa + ssh_prefix_server: id_rsa + ssh_pri_devops_default: "{{ ssh_prefix_devops }}" + ssh_pub_devops_default: "{{ ssh_prefix_devops }}.pub" + ssh_pri_server_default: "{{ ssh_prefix_server }}" + ssh_pub_server_default: "{{ ssh_prefix_server }}.pub" + ssh_forced: no + ssh_key_type: RSA + ssh_key_size: 4096 + +# Messages types + info: "INFO: " + warn: "ALERTA: " + fail: "ERROR: " + +# Templates paths + template_path: "{{ lookup('env','TEMPLATE_PATH') | default(bin_path + '/templates', true) }}" + +# Managed paths + managed_path: "/etc/managed" + +# Temporal update flag files + ansible_remote_tmp: /tmp diff --git a/inventory/group_vars/all/owner.yaml b/inventory/group_vars/all/owner.yaml new file mode 100644 index 0000000..cfad075 --- /dev/null +++ b/inventory/group_vars/all/owner.yaml @@ -0,0 +1,34 @@ +--- +# DEVOPS PLATFORM +# GLOBAL OWNER DATA +# File inventory/group_vars/all/owner.yml +# Global Definitions & Parameters +# Created 2024-03-14-00:12:00 +# Updated 2024-06-01-00:41:00 + +# Devops Default Path Configuration + + platform_name: "DEVOPS ROSERO ONE" + platform_domain: "rosero.one" + platform_devops_group: 'Devops' + platform_owner_user: "mrosero" + platform_owner_fname: 'Mauro' + platform_owner_mname: ' ' + platform_owner_lname: 'Rosero' + platform_owner_sname: 'Pérez' + platform_owner_codename: 'gandalf' + platform_owner_fullname: "{{ platform_owner_fname }}{ platform_owner_mname }}{{ platform_owner_lname }} {{ platform_owner_sname }}" + platform_owner_email: "{{ platform_owner_fname | lower }}@{{ platform_domain }}" + platform_devops_email: "{{ platform_devops_group | lower }}@{{ platform_domain }}" + platform_owner_web: "{{ platform_owner_fname | lower }}.{{ platform_domain }}" + platform_git_server: "git.{{ platform_domain }}" + platform_vpn_server_devs: "vpnc.{{ platform_domain }}" + platform_web_protocol: "https://" + platform_vpn_api_port: 9443 + platform_pritunl_org_default: CUSTOMERS + platform_pritunl_usr_default: false + platform_pritunl_img_default: false + platform_ssh_owner: true + platform_owner_sshkey: "{{ lookup('env','OWNER_SSHPATH') | default(ssh_default_path, true) }}" + linux_user_owner_uid: 10005 + diff --git a/inventory/group_vars/all/sops.yaml b/inventory/group_vars/all/sops.yaml new file mode 100644 index 0000000..f264560 --- /dev/null +++ b/inventory/group_vars/all/sops.yaml @@ -0,0 +1,19 @@ +--- +# DEVOPS PLATFORM +# GLOBAL SOPS CREDENTIALS DEFINITIONS +# File inventory/group_vars/all/sops.yaml +# Global Definitions & Parameters +# Created 2024-03-14-00:12:00 +# Updated 2024-06-01-00:41:00 + +# Devops Secret OperationS Encrypted Data + + sops_secure: "secure/sops" + sops_devops_default: "{{ initial_path }}/sops" + sops_personal_default: "{{ home_path }}/{{ sops_secure }}" + sops_peronal_path: "{{ lookup('env','SOPS_PERSONAL')|default(sops_personal_default, true) }}" + sops_devops_path: "{{ lookup('env','SOPS_DEVOPS')|default(sops_devops_default, true) }}" + +# SopS Secure Encrypted Files + + sops_vpnadm_file: "{{ sops_peronal_path }}/vpnadm-rosero-one.yaml"