diff --git a/beacon-import.yml b/beacon-import.yml deleted file mode 100644 index ab9aa69f5..000000000 --- a/beacon-import.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Beacon Import - become: true - hosts: - - beacon_import - vars_files: - - "secret_group_vars/all.yml" - - secret_group_vars/beacon.yml - vars: - hostname: beacon-import.galaxyproject.eu - script_user: beacon - script_dir: /home/beacon/script - galaxy_api_url: https://usegalaxy.eu - collections: - - devsec.hardening - roles: - - role: usegalaxy_eu.handy.os_setup - vars: - enable_hostname: true - enable_powertools: true # geerlingguy.repo-epel role doesn't enable PowerTools repository - - geerlingguy.repo-epel # Install EPEL repository - - usegalaxy-eu.autoupdates # keep all of our packages up to date - - influxdata.chrony - - dj-wasabi.telegraf - - usegalaxy-eu.dynmotd # nicer MOTD/welcome message - - paprikant.beacon-importer - - os_hardening - - ssh_hardening diff --git a/beacon.yml b/beacon.yml index c7793ceb1..d08b6686a 100644 --- a/beacon.yml +++ b/beacon.yml @@ -4,13 +4,25 @@ hosts: - beacon vars_files: - - secret_group_vars/beacon.yml + - secret_group_vars/all.yml + - group_vars/all.yml + - group_vars/beacon/vars.yml + - group_vars/beacon/vault.yml vars: - postgres_data_dir: /data/postgresql/data - postgres_init_dir: /data/postgresql/init - bp_external_binding: 80 - postgres_user: "{{ beacon_db_user }}" - postgres_pass: "{{ beacon_db_password }}" - postgres_external_binding: "{{ beacon_db_port }}" + collections: + - devsec.hardening roles: + - role: usegalaxy_eu.handy.os_setup + vars: + enable_hostname: true + enable_powertools: true # geerlingguy.repo-epel role doesn't enable PowerTools repository + enable_remap_user: true + enable_create_user: true + - usegalaxy-eu.autoupdates # keep all of our packages up to date + - influxdata.chrony + - dj-wasabi.telegraf + - usegalaxy-eu.dynmotd # nicer MOTD/welcome message - paprikant.beacon + - paprikant.beacon-importer +# - os_hardening +# - ssh_hardening diff --git a/group_vars/beacon/vars.yml b/group_vars/beacon/vars.yml new file mode 100644 index 000000000..cf886ad01 --- /dev/null +++ b/group_vars/beacon/vars.yml @@ -0,0 +1,18 @@ +--- +postgres_data_dir: /data/postgresql/data +postgres_init_dir: /data/postgresql/init +bp_external_binding: 80 +postgres_user: "{{ beacon_db_user }}" +postgres_pass: "{{ beacon_db_password }}" +postgres_external_binding: "{{ beacon_db_port }}" +hostname: beacon.galaxyproject.eu +script_user: beacon +script_dir: /home/beacon/script +galaxy_api_url: https://usegalaxy.eu +handy_groups: + - group_name: beacon + group_gid: 999 +handy_users: + - user_name: beacon + user_uid: 999 + user_group: beacon diff --git a/secret_group_vars/beacon.yml b/group_vars/beacon/vault.yml similarity index 100% rename from secret_group_vars/beacon.yml rename to group_vars/beacon/vault.yml diff --git a/group_vars/maintenance.yml b/group_vars/maintenance.yml index b598846f8..524007bfe 100644 --- a/group_vars/maintenance.yml +++ b/group_vars/maintenance.yml @@ -347,6 +347,12 @@ walle_extra_env_vars: This means your jobs were terminated and you can not login anymore. However it is possible to restore the account and its data. If you think your account was deleted due to an error, please contact contact@usegalaxy.eu +walle_envs_database: + MALWARE_LIB: "{{ walle_malware_database_location }}/{{ walle_database_file }}" + PGPASSFILE: "{{ walle_pgpass_file }}" + PGUSER: galaxy + PGDATABASE: galaxy + GXADMIN_PATH: /usr/local/bin/gxadmin walle_cron_day: "*" walle_cron_hour: "*" walle_cron_minute: "0" diff --git a/hosts b/hosts index b5d4ded1d..83b2a1ed1 100644 --- a/hosts +++ b/hosts @@ -6,10 +6,7 @@ stats.galaxyproject.eu build.galaxyproject.eu ansible_ssh_user=root [beacon] -beacon.galaxyproject.eu ansible_ssh_user=rocky - -[beacon_import] -beacon-import.galaxyproject.eu +beacon.galaxyproject.eu ansible_ssh_user=root [influxdb] influxdb.galaxyproject.eu