From e144f88bcdbeaa9f6ffcc7d3865d158d433a1303 Mon Sep 17 00:00:00 2001
From: Mira Kuntz <mira.kuntz@yahoo.com>
Date: Tue, 10 Dec 2024 10:52:26 +0100
Subject: [PATCH 1/2] merge beacon into one playbook and use KVM

---
 beacon-import.yml                             | 28 -------------------
 beacon.yml                                    | 26 ++++++++++++-----
 group_vars/beacon/vars.yml                    | 18 ++++++++++++
 .../beacon.yml => group_vars/beacon/vault.yml |  0
 hosts                                         |  5 +---
 5 files changed, 38 insertions(+), 39 deletions(-)
 delete mode 100644 beacon-import.yml
 create mode 100644 group_vars/beacon/vars.yml
 rename secret_group_vars/beacon.yml => group_vars/beacon/vault.yml (100%)

diff --git a/beacon-import.yml b/beacon-import.yml
deleted file mode 100644
index ab9aa69f5..000000000
--- a/beacon-import.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- name: Beacon Import
-  become: true
-  hosts:
-    - beacon_import
-  vars_files:
-    - "secret_group_vars/all.yml"
-    - secret_group_vars/beacon.yml
-  vars:
-    hostname: beacon-import.galaxyproject.eu
-    script_user: beacon
-    script_dir: /home/beacon/script
-    galaxy_api_url: https://usegalaxy.eu
-  collections:
-    - devsec.hardening
-  roles:
-    - role: usegalaxy_eu.handy.os_setup
-      vars:
-        enable_hostname: true
-        enable_powertools: true        # geerlingguy.repo-epel role doesn't enable PowerTools repository
-    - geerlingguy.repo-epel     # Install EPEL repository
-    - usegalaxy-eu.autoupdates  # keep all of our packages up to date
-    - influxdata.chrony
-    - dj-wasabi.telegraf
-    - usegalaxy-eu.dynmotd # nicer MOTD/welcome message
-    - paprikant.beacon-importer
-    - os_hardening
-    - ssh_hardening
diff --git a/beacon.yml b/beacon.yml
index c7793ceb1..d08b6686a 100644
--- a/beacon.yml
+++ b/beacon.yml
@@ -4,13 +4,25 @@
   hosts:
     - beacon
   vars_files:
-    - secret_group_vars/beacon.yml
+    - secret_group_vars/all.yml
+    - group_vars/all.yml
+    - group_vars/beacon/vars.yml
+    - group_vars/beacon/vault.yml
   vars:
-    postgres_data_dir: /data/postgresql/data
-    postgres_init_dir: /data/postgresql/init
-    bp_external_binding: 80
-    postgres_user: "{{ beacon_db_user }}"
-    postgres_pass: "{{ beacon_db_password }}"
-    postgres_external_binding: "{{ beacon_db_port }}"
+  collections:
+    - devsec.hardening
   roles:
+    - role: usegalaxy_eu.handy.os_setup
+      vars:
+        enable_hostname: true
+        enable_powertools: true        # geerlingguy.repo-epel role doesn't enable PowerTools repository
+        enable_remap_user: true
+        enable_create_user: true
+    - usegalaxy-eu.autoupdates  # keep all of our packages up to date
+    - influxdata.chrony
+    - dj-wasabi.telegraf
+    - usegalaxy-eu.dynmotd # nicer MOTD/welcome message
     - paprikant.beacon
+    - paprikant.beacon-importer
+#    - os_hardening
+#    - ssh_hardening
diff --git a/group_vars/beacon/vars.yml b/group_vars/beacon/vars.yml
new file mode 100644
index 000000000..cf886ad01
--- /dev/null
+++ b/group_vars/beacon/vars.yml
@@ -0,0 +1,18 @@
+---
+postgres_data_dir: /data/postgresql/data
+postgres_init_dir: /data/postgresql/init
+bp_external_binding: 80
+postgres_user: "{{ beacon_db_user }}"
+postgres_pass: "{{ beacon_db_password }}"
+postgres_external_binding: "{{ beacon_db_port }}"
+hostname: beacon.galaxyproject.eu
+script_user: beacon
+script_dir: /home/beacon/script
+galaxy_api_url: https://usegalaxy.eu
+handy_groups:
+  - group_name: beacon
+    group_gid: 999
+handy_users:
+  - user_name: beacon
+    user_uid: 999
+    user_group: beacon
diff --git a/secret_group_vars/beacon.yml b/group_vars/beacon/vault.yml
similarity index 100%
rename from secret_group_vars/beacon.yml
rename to group_vars/beacon/vault.yml
diff --git a/hosts b/hosts
index b5d4ded1d..83b2a1ed1 100644
--- a/hosts
+++ b/hosts
@@ -6,10 +6,7 @@ stats.galaxyproject.eu
 build.galaxyproject.eu ansible_ssh_user=root
 
 [beacon]
-beacon.galaxyproject.eu ansible_ssh_user=rocky
-
-[beacon_import]
-beacon-import.galaxyproject.eu
+beacon.galaxyproject.eu ansible_ssh_user=root
 
 [influxdb]
 influxdb.galaxyproject.eu

From 047e30f98227789c937182018da36942ab7a787d Mon Sep 17 00:00:00 2001
From: Mira Kuntz <mira.kuntz@yahoo.com>
Date: Wed, 11 Dec 2024 16:32:22 +0100
Subject: [PATCH 2/2] remove redundant bashrc exports

---
 group_vars/maintenance.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/group_vars/maintenance.yml b/group_vars/maintenance.yml
index b598846f8..524007bfe 100644
--- a/group_vars/maintenance.yml
+++ b/group_vars/maintenance.yml
@@ -347,6 +347,12 @@ walle_extra_env_vars:
       This means your jobs were terminated and you can not login anymore.
       However it is possible to restore the account and its data.
       If you think your account was deleted due to an error, please contact contact@usegalaxy.eu
+walle_envs_database:
+  MALWARE_LIB: "{{ walle_malware_database_location }}/{{ walle_database_file }}"
+  PGPASSFILE: "{{ walle_pgpass_file }}"
+  PGUSER: galaxy
+  PGDATABASE: galaxy
+  GXADMIN_PATH: /usr/local/bin/gxadmin
 walle_cron_day: "*"
 walle_cron_hour: "*"
 walle_cron_minute: "0"