gitting

2023-12-18 21:38:30 +01:00
commit 9e2c1607e0
9 changed files with 205 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,47 @@
+Role Name
+=========
+
+Install burp server
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+burp_use_burpui: default false
+burp_directory: /var/spool/burp/
+burp_working_dir_recovery_method: delete
+burp_client_can_delete: 0
+burp_client_can_force_backup: 1
+burp_client_can_list: 1
+burp_client_can_restore: 1
+burp_client_can_verify: 1
+burp_restore_clients:
+  - "{{ inventory_hostname }}"
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Thomas C <thomas@opendoor.fr>
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+# defaults file for tco.burp_server
+
+burp_use_burpui: false
+burp_directory: /var/spool/burp/
+burp_working_dir_recovery_method: delete
+burp_client_can_delete: 0
+burp_client_can_force_backup: 1
+burp_client_can_list: 1
+burp_client_can_restore: 1
+burp_client_can_verify: 1
+burp_restore_clients:
+  - "{{ inventory_hostname }}"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+# handlers file for tco.burp_server
+#
+- name: restart burp
+  ansible.builtin.service:
+    name: burp
+    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -0,0 +1,54 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies:
+- { role: tco.changelog, role_version: 1.0, myrole_name: burp_server }
+
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+# tasks file for tco.burp_server
+
+- name: install burp repo
+  ansible.builtin.get_url:
+    url: https://copr.fedorainfracloud.org/coprs/yopito/burp2/repo/epel-{{ ansible_distribution_major_version }}/yopito-burp2-epel-{{ ansible_distribution_major_version }}.repo
+    dest: /etc/yum.repos.d/burp.repo
+
+- name: install burp server
+  ansible.builtin.package:
+    name: burp2-server
+    state: present
+
+- name: configure
+  ansible.builtin.template:
+    src: burp-server.conf
+    dest: /etc/burp
+  notify: restart burp
+
+- name: open firewall
+  ansible.posix.firewalld:
+    port: "{{ item }}"
+    immediate: true
+    permanent: true
+    state: enabled
+  loop:
+    - 4971/tcp
+    - 4972/tcp
+  when: use_firewalld
+
+- name: configure service
+  ansible.builtin.service:
+    name: burp
+    state: started
+    enabled: true
+
+
--- a/templates/burp-server.conf
+++ b/templates/burp-server.conf
@@ -0,0 +1,38 @@
+mode = server
+listen = 0.0.0.0:4971
+listen_status = 0.0.0.0:4972
+max_status_children = 16
+directory = {{ burp_directory }}
+dedup_group = global
+clientconfdir = /etc/burp/clientconfdir
+protocol = 0
+pidfile = /var/run/burp.server.pid
+hardlinked_archive = 0
+working_dir_recovery_method = {{ burp_working_dir_recovery_method }}
+umask = 0022
+syslog = 1
+stdout = 0
+client_can_delete = {{ burp_client_can_delete }}
+client_can_force_backup = {{ burp_client_can_force_backup }}
+client_can_list = {{ burp_client_can_list }}
+client_can_restore = {{ burp_client_can_restore }}
+client_can_verify = {{ burp_client_can_verify }}
+version_warn = 1
+keep = 7
+keep = 2
+ca_conf = /etc/burp/CA.cnf
+ca_name = burpCA
+ca_server_name = burpserver
+ca_burp_ca = /usr/sbin/burp_ca
+ca_crl_check = 1
+ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
+ssl_cert = /etc/burp/ssl_cert-server.pem
+ssl_key = /etc/burp/ssl_cert-server.key
+ssl_dhfile = /etc/burp/dhfile.pem
+timer_script = /usr/share/burp/scripts/timer_script
+timer_arg = 20h
+timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,12,13,19,20,21,22,23
+{% for client in burp_restore_clients %}
+restore_client = {{ client }}
+{% endfor %}
+monitor_browse_cache = 1
--- a/tests/inventory
+++ b/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - tco.burp_server
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for tco.burp_server