Skip to content

Instantly share code, notes, and snippets.

@geektheripper
Last active July 30, 2019 03:55
Show Gist options
  • Save geektheripper/ee61fe36d49e805401be2b84df833ac4 to your computer and use it in GitHub Desktop.
Save geektheripper/ee61fe36d49e805401be2b84df833ac4 to your computer and use it in GitHub Desktop.
Nps Ansible 部署代码
# roles/nps_server/templates/nps.conf
appname={{ nps_appname }}
runmode={{ nps_runmode }}
http_proxy_ip={{ nps_http_proxy_ip }}
http_proxy_port={{ nps_http_proxy_port }}
https_proxy_port={{ nps_https_proxy_port }}
https_just_proxy={{ nps_https_just_proxy }}
https_default_cert_file={{ nps_https_default_cert_file }}
https_default_key_file={{ nps_https_default_key_file }}
bridge_type={{ nps_bridge_type }}
bridge_port={{ nps_bridge_port }}
bridge_ip={{ nps_bridge_ip }}
public_vkey={{ nps_public_vkey }}
{% if nps_flow_store_interval is defined %}
flow_store_interval={{ nps_flow_store_interval }}
{% endif %}
log_level={{ nps_log_level }}
log_path={{ nps_log_path }}
{% if nps_ip_limit is defined %}
ip_limit={{ nps_ip_limit }}
{% endif %}
p2p_ip={{ nps_p2p_ip }}
p2p_port={{ nps_p2p_port }}
web_host={{ nps_web_host }}
web_username={{ nps_web_username }}
web_password={{ nps_web_password }}
web_port={{ nps_web_port }}
web_ip={{ nps_web_ip }}
auth_key={{ nps_auth_key }}
auth_crypt_key={{ nps_auth_crypt_key }}
{% if nps_allow_ports is defined %}
allow_ports={{ nps_allow_ports }}
{% endif %}
allow_user_login={{ nps_allow_user_login }}
allow_user_register={{ nps_allow_user_register }}
allow_user_change_username={{ nps_allow_user_change_username }}
allow_flow_limit={{ nps_allow_flow_limit }}
allow_rate_limit={{ nps_allow_rate_limit }}
allow_tunnel_num_limit={{ nps_allow_tunnel_num_limit }}
allow_local_proxy={{ nps_allow_local_proxy }}
allow_connection_num_limit={{ nps_allow_connection_num_limit }}
allow_multi_ip={{ nps_allow_multi_ip }}
system_info_display={{ nps_system_info_display }}
http_cache={{ nps_http_cache }}
http_cache_length={{ nps_http_cache_length }}
- hosts: nps.geektr.co
remote_user: yumemi
become: yes
vars:
service_domain: nps.geektr.co
vars_files:
- "secret_vars/main.yml"
- "secret_vars/{{ service_domain }}.yml"
environment:
http_proxy: http://proxy.geektr.co:3128
# http_proxy: http://proxy.local.geektr.co:3128
roles:
- role: nps_server
tags: install
become_user: root
vars:
nps_web_username: "{{ geektr_default_user }}"
nps_web_password: "{{ geektr_default_passwd }}"
nps_web_host: "{{ service_domain }}"
nps_web_ip: 127.0.0.1
nps_http_proxy_port: 8000
nps_https_proxy_port: 4443
- role: geektheripper.caddy
tags: install
become_user: root
vars:
caddy_plugins:
- http.cache
- http.cgi
- http.forwardproxy
- http.cors
- http.s3browser
- http.filebrowser
tasks:
- name: ensures ssl-key diectory exists
tags: install
become_user: root
file:
path: "{{ srv_ssl_key_path }}/{{ service_domain }}"
state: directory
- name: deploy ssl key
tags: update
become_user: root
copy:
src: "ssl_keys/{{ service_domain }}"
dest: "{{ srv_ssl_key_path }}/"
- name: deploy caddy file
tags: install
become_user: root
template:
src: "{{ playbook_dir }}/templates/{{ service_domain }}/caddy.conf"
dest: "/etc/caddy/caddy.conf"
- name: deploy nps vhost
tags: update
become_user: root
template:
src: "{{ playbook_dir }}/templates/{{ service_domain }}/{{ service_domain }}.conf"
dest: "/etc/caddy/conf.d/{{ service_domain }}.conf"
- name: restart service caddy
tags: update
become_user: root
service:
name: caddy
state: restarted
# roles/nps_server/templates/nps.service
[Unit]
Description=NPS A Intranet Penetration Server
Documentation=nps --help
After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/nps start
ExecStop=/usr/bin/nps stop
ExecReload=/usr/bin/nps restart
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
PIDFile=/tmp/nps.pid
[Install]
WantedBy=multi-user.target
# roles/nps_server/defaults/main/nps.yml
nps_version: latest
# roles/nps_server/defaults/main/
nps_appname: nps
# Boot mode(dev|pro)
nps_runmode: pro
#HTTP(S) proxy port, no startup if empty
nps_http_proxy_ip: 0.0.0.0
nps_http_proxy_port: 80
nps_https_proxy_port: 443
nps_https_just_proxy: true
#default https certificate setting
nps_https_default_cert_file: conf/server.pem
nps_https_default_key_file: conf/server.key
##bridge
nps_bridge_type: tcp
nps_bridge_port: 8024
nps_bridge_ip: 0.0.0.0
# Public password, which clients can use to connect to the server
# After the connection, the server will be able to open relevant ports and parse related domain names according to its own configuration file.
nps_public_vkey: 123
#Traffic data persistence interval(minute)
#Ignorance means no persistence
#nps_flow_store_interval: 1
# log level LevelEmergency->0 LevelAlert->1 LevelCritical->2 LevelError->3 LevelWarning->4 LevelNotice->5 LevelInformational->6 LevelDebug->7
nps_log_level: 4
nps_log_path: /var/log/nps/nps.log
#Whether to restrict IP access, true or false or ignore
#nps_ip_limit: true
#p2p
nps_p2p_ip: 127.0.0.1
nps_p2p_port: 6000
#web
nps_web_host: a.o.com
nps_web_username: geektr
nps_web_password: 123
nps_web_port: 8080
nps_web_ip: 0.0.0.0
#Web API unauthenticated IP address(the len of auth_crypt_key must be 16)
nps_auth_key: test
nps_auth_crypt_key: 1234567812345678
#nps_allow_ports: 9001-9009,10001,11000-12000
#Web management multi-user login
nps_allow_user_login: false
nps_allow_user_register: false
nps_allow_user_change_username: false
#extension
nps_allow_flow_limit: false
nps_allow_rate_limit: false
nps_allow_tunnel_num_limit: false
nps_allow_local_proxy: false
nps_allow_connection_num_limit: false
nps_allow_multi_ip: false
nps_system_info_display: false
#cache
nps_http_cache: false
nps_http_cache_length: 100
# roles/nps_server/tasks/main.yml
- name: fetch latest github version
uri:
url: https://api.github.com/repos/cnlh/nps/releases/latest
return_content: true
register: json_reponse
when: nps_version == "latest"
- name: download latest binary pack
get_url:
url: "https://github.com/cnlh/nps/releases/download/{{ json_reponse.json.tag_name }}/linux_amd64_server.tar.gz"
dest: "/tmp/linux_amd64_server.tar.gz"
when: nps_version == "latest"
- name: "download {{ nps_version }} binary pack"
get_url:
url: "https://github.com/cnlh/nps/releases/download/{{ nps_version }}/linux_amd64_server.tar.gz"
dest: "/tmp/linux_amd64_server.tar.gz"
when: nps_version != "latest"
- name: untar pack
unarchive:
src: "/tmp/linux_amd64_server.tar.gz"
dest: /tmp
remote_src: yes
- name: install nps | create directory
file:
path: "/etc/nps"
state: directory
mode: 0755
- name: install nps | install web
command: cp -r /tmp/nps/web /etc/nps/
- name: install nps | install conf
command: cp -r /tmp/nps/conf /etc/nps/
args:
creates: /etc/nps/conf
- name: install nps | install executable
command: cp -r /tmp/nps/nps /usr/bin/
- name: install nps | copy systemd config
template: src=nps.service dest=/lib/systemd/system/nps.service
- name: install nps | enable systemd service
systemd:
name: nps
enabled: yes
- name: install nps | systemd daemon reload
systemd:
daemon_reload: true
- name: configure file
template: src=nps.conf dest=/etc/nps/conf/nps.conf
- name: create log direcotry
file:
path: "{{ nps_log_path | dirname }}"
state: directory
mode: 0755
owner: root
group: root
- file: path=/tmp/linux_amd64_server.tar.gz state=absent
- file: path=/tmp/nps state=absent
- name: restart nps service
systemd:
name: nps
state: restarted
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment