Last active
July 30, 2019 03:55
-
-
Save geektheripper/ee61fe36d49e805401be2b84df833ac4 to your computer and use it in GitHub Desktop.
Nps Ansible 部署代码
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# roles/nps_server/templates/nps.conf | |
appname={{ nps_appname }} | |
runmode={{ nps_runmode }} | |
http_proxy_ip={{ nps_http_proxy_ip }} | |
http_proxy_port={{ nps_http_proxy_port }} | |
https_proxy_port={{ nps_https_proxy_port }} | |
https_just_proxy={{ nps_https_just_proxy }} | |
https_default_cert_file={{ nps_https_default_cert_file }} | |
https_default_key_file={{ nps_https_default_key_file }} | |
bridge_type={{ nps_bridge_type }} | |
bridge_port={{ nps_bridge_port }} | |
bridge_ip={{ nps_bridge_ip }} | |
public_vkey={{ nps_public_vkey }} | |
{% if nps_flow_store_interval is defined %} | |
flow_store_interval={{ nps_flow_store_interval }} | |
{% endif %} | |
log_level={{ nps_log_level }} | |
log_path={{ nps_log_path }} | |
{% if nps_ip_limit is defined %} | |
ip_limit={{ nps_ip_limit }} | |
{% endif %} | |
p2p_ip={{ nps_p2p_ip }} | |
p2p_port={{ nps_p2p_port }} | |
web_host={{ nps_web_host }} | |
web_username={{ nps_web_username }} | |
web_password={{ nps_web_password }} | |
web_port={{ nps_web_port }} | |
web_ip={{ nps_web_ip }} | |
auth_key={{ nps_auth_key }} | |
auth_crypt_key={{ nps_auth_crypt_key }} | |
{% if nps_allow_ports is defined %} | |
allow_ports={{ nps_allow_ports }} | |
{% endif %} | |
allow_user_login={{ nps_allow_user_login }} | |
allow_user_register={{ nps_allow_user_register }} | |
allow_user_change_username={{ nps_allow_user_change_username }} | |
allow_flow_limit={{ nps_allow_flow_limit }} | |
allow_rate_limit={{ nps_allow_rate_limit }} | |
allow_tunnel_num_limit={{ nps_allow_tunnel_num_limit }} | |
allow_local_proxy={{ nps_allow_local_proxy }} | |
allow_connection_num_limit={{ nps_allow_connection_num_limit }} | |
allow_multi_ip={{ nps_allow_multi_ip }} | |
system_info_display={{ nps_system_info_display }} | |
http_cache={{ nps_http_cache }} | |
http_cache_length={{ nps_http_cache_length }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: nps.geektr.co | |
remote_user: yumemi | |
become: yes | |
vars: | |
service_domain: nps.geektr.co | |
vars_files: | |
- "secret_vars/main.yml" | |
- "secret_vars/{{ service_domain }}.yml" | |
environment: | |
http_proxy: http://proxy.geektr.co:3128 | |
# http_proxy: http://proxy.local.geektr.co:3128 | |
roles: | |
- role: nps_server | |
tags: install | |
become_user: root | |
vars: | |
nps_web_username: "{{ geektr_default_user }}" | |
nps_web_password: "{{ geektr_default_passwd }}" | |
nps_web_host: "{{ service_domain }}" | |
nps_web_ip: 127.0.0.1 | |
nps_http_proxy_port: 8000 | |
nps_https_proxy_port: 4443 | |
- role: geektheripper.caddy | |
tags: install | |
become_user: root | |
vars: | |
caddy_plugins: | |
- http.cache | |
- http.cgi | |
- http.forwardproxy | |
- http.cors | |
- http.s3browser | |
- http.filebrowser | |
tasks: | |
- name: ensures ssl-key diectory exists | |
tags: install | |
become_user: root | |
file: | |
path: "{{ srv_ssl_key_path }}/{{ service_domain }}" | |
state: directory | |
- name: deploy ssl key | |
tags: update | |
become_user: root | |
copy: | |
src: "ssl_keys/{{ service_domain }}" | |
dest: "{{ srv_ssl_key_path }}/" | |
- name: deploy caddy file | |
tags: install | |
become_user: root | |
template: | |
src: "{{ playbook_dir }}/templates/{{ service_domain }}/caddy.conf" | |
dest: "/etc/caddy/caddy.conf" | |
- name: deploy nps vhost | |
tags: update | |
become_user: root | |
template: | |
src: "{{ playbook_dir }}/templates/{{ service_domain }}/{{ service_domain }}.conf" | |
dest: "/etc/caddy/conf.d/{{ service_domain }}.conf" | |
- name: restart service caddy | |
tags: update | |
become_user: root | |
service: | |
name: caddy | |
state: restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# roles/nps_server/templates/nps.service | |
[Unit] | |
Description=NPS A Intranet Penetration Server | |
Documentation=nps --help | |
After=network.target | |
[Service] | |
Type=forking | |
ExecStart=/usr/bin/nps start | |
ExecStop=/usr/bin/nps stop | |
ExecReload=/usr/bin/nps restart | |
CapabilityBoundingSet=CAP_NET_BIND_SERVICE | |
AmbientCapabilities=CAP_NET_BIND_SERVICE | |
PIDFile=/tmp/nps.pid | |
[Install] | |
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# roles/nps_server/defaults/main/nps.yml | |
nps_version: latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# roles/nps_server/defaults/main/ | |
nps_appname: nps | |
# Boot mode(dev|pro) | |
nps_runmode: pro | |
#HTTP(S) proxy port, no startup if empty | |
nps_http_proxy_ip: 0.0.0.0 | |
nps_http_proxy_port: 80 | |
nps_https_proxy_port: 443 | |
nps_https_just_proxy: true | |
#default https certificate setting | |
nps_https_default_cert_file: conf/server.pem | |
nps_https_default_key_file: conf/server.key | |
##bridge | |
nps_bridge_type: tcp | |
nps_bridge_port: 8024 | |
nps_bridge_ip: 0.0.0.0 | |
# Public password, which clients can use to connect to the server | |
# After the connection, the server will be able to open relevant ports and parse related domain names according to its own configuration file. | |
nps_public_vkey: 123 | |
#Traffic data persistence interval(minute) | |
#Ignorance means no persistence | |
#nps_flow_store_interval: 1 | |
# log level LevelEmergency->0 LevelAlert->1 LevelCritical->2 LevelError->3 LevelWarning->4 LevelNotice->5 LevelInformational->6 LevelDebug->7 | |
nps_log_level: 4 | |
nps_log_path: /var/log/nps/nps.log | |
#Whether to restrict IP access, true or false or ignore | |
#nps_ip_limit: true | |
#p2p | |
nps_p2p_ip: 127.0.0.1 | |
nps_p2p_port: 6000 | |
#web | |
nps_web_host: a.o.com | |
nps_web_username: geektr | |
nps_web_password: 123 | |
nps_web_port: 8080 | |
nps_web_ip: 0.0.0.0 | |
#Web API unauthenticated IP address(the len of auth_crypt_key must be 16) | |
nps_auth_key: test | |
nps_auth_crypt_key: 1234567812345678 | |
#nps_allow_ports: 9001-9009,10001,11000-12000 | |
#Web management multi-user login | |
nps_allow_user_login: false | |
nps_allow_user_register: false | |
nps_allow_user_change_username: false | |
#extension | |
nps_allow_flow_limit: false | |
nps_allow_rate_limit: false | |
nps_allow_tunnel_num_limit: false | |
nps_allow_local_proxy: false | |
nps_allow_connection_num_limit: false | |
nps_allow_multi_ip: false | |
nps_system_info_display: false | |
#cache | |
nps_http_cache: false | |
nps_http_cache_length: 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# roles/nps_server/tasks/main.yml | |
- name: fetch latest github version | |
uri: | |
url: https://api.github.com/repos/cnlh/nps/releases/latest | |
return_content: true | |
register: json_reponse | |
when: nps_version == "latest" | |
- name: download latest binary pack | |
get_url: | |
url: "https://github.com/cnlh/nps/releases/download/{{ json_reponse.json.tag_name }}/linux_amd64_server.tar.gz" | |
dest: "/tmp/linux_amd64_server.tar.gz" | |
when: nps_version == "latest" | |
- name: "download {{ nps_version }} binary pack" | |
get_url: | |
url: "https://github.com/cnlh/nps/releases/download/{{ nps_version }}/linux_amd64_server.tar.gz" | |
dest: "/tmp/linux_amd64_server.tar.gz" | |
when: nps_version != "latest" | |
- name: untar pack | |
unarchive: | |
src: "/tmp/linux_amd64_server.tar.gz" | |
dest: /tmp | |
remote_src: yes | |
- name: install nps | create directory | |
file: | |
path: "/etc/nps" | |
state: directory | |
mode: 0755 | |
- name: install nps | install web | |
command: cp -r /tmp/nps/web /etc/nps/ | |
- name: install nps | install conf | |
command: cp -r /tmp/nps/conf /etc/nps/ | |
args: | |
creates: /etc/nps/conf | |
- name: install nps | install executable | |
command: cp -r /tmp/nps/nps /usr/bin/ | |
- name: install nps | copy systemd config | |
template: src=nps.service dest=/lib/systemd/system/nps.service | |
- name: install nps | enable systemd service | |
systemd: | |
name: nps | |
enabled: yes | |
- name: install nps | systemd daemon reload | |
systemd: | |
daemon_reload: true | |
- name: configure file | |
template: src=nps.conf dest=/etc/nps/conf/nps.conf | |
- name: create log direcotry | |
file: | |
path: "{{ nps_log_path | dirname }}" | |
state: directory | |
mode: 0755 | |
owner: root | |
group: root | |
- file: path=/tmp/linux_amd64_server.tar.gz state=absent | |
- file: path=/tmp/nps state=absent | |
- name: restart nps service | |
systemd: | |
name: nps | |
state: restarted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment