michaelact

## tuning.conf
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_max_syn_backlog = 8192
net.core.somaxconn = 1024
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_tw_reuse = 1
net.core.default_qdisc = fq
net.ipv4.ip_local_port_range = 10240 65535
net.ipv4.tcp_abort_on_overflow = 1

## docker-compose-data01.yaml
services:
  opensearch-data01: # This is also the hostname of the container within the Docker network (i.e. https://opensearch-node1/)
    image: public.ecr.aws/opensearchproject/opensearch:2.5.0 # Specifying the latest available image - modify if you want a specific version
    container_name: opensearch-data01
    environment:
      - network.bind_host=0.0.0.0
      - network.publish_host=192.168.56.141
      - cluster.name=nightwolf-cluster # Name the cluster
      - node.name=opensearch-data01 # Name the node that will run in this container
      - node.roles=data # Role of the node

## install_docker.sh
#!/bin/bash

# Install Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg;
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null;
apt-get update;
apt-get -y install docker-ce docker-ce-cli containerd.io;

# Install Docker Compose
curl -L "https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;

## get_docker.sh
#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/engine/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
#   $ curl -fsSL https://get.docker.com -o get-docker.sh
#   $ sh get-docker.sh
#

## get-lynis.sh
#!/bin/bash
# Source:
# - https://linoxide.com/how-to-install-and-run-lynis-on-ubuntu-linux/
# - https://sysadminxpert.com/how-to-do-security-auditing-of-centos-system-using-lynis-tool/#Install_Lynis_on_Fedora
set -e

OS=$(. /etc/os-release && echo "$ID")
if [[ $OS == "ubuntu" ]]; then
  wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
  echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list

## route53-extractor.sh
#!/bin/bash
# Reference: https://stackoverflow.com/questions/20337749/exporting-dns-zonefile-from-amazon-route-53

HOSTED_ZONE_IDS=$(aws route53 list-hosted-zones --query "HostedZones[*].Id" --output text)
for zoneId in $HOSTED_ZONE_IDS; do \
  echo $zoneId >> records.txt
  aws route53 list-resource-record-sets --hosted-zone-id $zoneId --output json | jq -jr '.ResourceRecordSets[] | "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[]?.Value)\n"' >> records.txt
done

## install-k8s.sh
#!/bin/bash

# Create the .conf file to load the modules at bootup
cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter

## tflint.sh
#!/bin/sh
set -e

find . -type d | grep -v .terraform | tail -n +2 > tfdir.txt
cat tfdir.txt | parallel cp .tflint.hcl {}
cat tfdir.txt | parallel 'cd {} && tflint'
cat tfdir.txt | parallel 'cd {} && tflint --module'
cat tfdir.txt | parallel rm {}/.tflint.hcl
rm tfdir.txt

## security.tf
module "sg-elasticache" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "sg_elasticache"
  description = "Guardian of ElastiCache Cluster"
  vpc_id      = ""

  egress_rules = ["all-all"]
  ingress_with_cidr_blocks = [
    {

## Makefile
TMPL_DIR  ?= .

.PHONY: prepare
prepare:  ## Preparing Ansibila Requirements
	@ $(MAKE) --no-print-directory log-$@
	mkdir -p ${ROLE_DIR}/molecule/default
	mkdir -p ${ROLE_DIR}/meta
	touch $(ROLE_DIR)/variables.yml
	touch $(ROLE_DIR)/molecule/default/playbook.yml
	touch $(ROLE_DIR)/meta/main.yml
	net.core.rmem_max = 16777216
	net.core.wmem_max = 16777216
	net.ipv4.tcp_max_syn_backlog = 8192
	net.core.somaxconn = 1024
	net.core.netdev_max_backlog = 5000
	net.ipv4.tcp_congestion_control = bbr
	net.ipv4.tcp_tw_reuse = 1
	net.core.default_qdisc = fq
	net.ipv4.ip_local_port_range = 10240 65535
	net.ipv4.tcp_abort_on_overflow = 1
	services:
	opensearch-data01: # This is also the hostname of the container within the Docker network (i.e. https://opensearch-node1/)
	image: public.ecr.aws/opensearchproject/opensearch:2.5.0 # Specifying the latest available image - modify if you want a specific version
	container_name: opensearch-data01
	environment:
	- network.bind_host=0.0.0.0
	- network.publish_host=192.168.56.141
	- cluster.name=nightwolf-cluster # Name the cluster
	- node.name=opensearch-data01 # Name the node that will run in this container
	- node.roles=data # Role of the node
	#!/bin/bash

	# Install Docker
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg;
	echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null;
	apt-get update;
	apt-get -y install docker-ce docker-ce-cli containerd.io;

	# Install Docker Compose
	curl -L "https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;
	#!/bin/sh
	set -e
	# Docker CE for Linux installation script
	#
	# See https://docs.docker.com/engine/install/ for the installation steps.
	#
	# This script is meant for quick & easy install via:
	# $ curl -fsSL https://get.docker.com -o get-docker.sh
	# $ sh get-docker.sh
	#
	#!/bin/bash
	# Source:
	# - https://linoxide.com/how-to-install-and-run-lynis-on-ubuntu-linux/
	# - https://sysadminxpert.com/how-to-do-security-auditing-of-centos-system-using-lynis-tool/#Install_Lynis_on_Fedora
	set -e

	OS=$(. /etc/os-release && echo "$ID")
	if [[ $OS == "ubuntu" ]]; then
	wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key \| sudo apt-key add -
	echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" \| sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
	#!/bin/bash
	# Reference: https://stackoverflow.com/questions/20337749/exporting-dns-zonefile-from-amazon-route-53

	HOSTED_ZONE_IDS=$(aws route53 list-hosted-zones --query "HostedZones[*].Id" --output text)
	for zoneId in $HOSTED_ZONE_IDS; do \
	echo $zoneId >> records.txt
	aws route53 list-resource-record-sets --hosted-zone-id $zoneId --output json \| jq -jr '.ResourceRecordSets[] \| "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[]?.Value)\n"' >> records.txt
	done
	#!/bin/bash

	# Create the .conf file to load the modules at bootup
	cat <<EOF \| sudo tee /etc/modules-load.d/crio.conf
	overlay
	br_netfilter
	EOF
	sudo modprobe overlay
	sudo modprobe br_netfilter
	#!/bin/sh
	set -e

	find . -type d \| grep -v .terraform \| tail -n +2 > tfdir.txt
	cat tfdir.txt \| parallel cp .tflint.hcl {}
	cat tfdir.txt \| parallel 'cd {} && tflint'
	cat tfdir.txt \| parallel 'cd {} && tflint --module'
	cat tfdir.txt \| parallel rm {}/.tflint.hcl
	rm tfdir.txt
	module "sg-elasticache" {
	source = "terraform-aws-modules/security-group/aws"

	name = "sg_elasticache"
	description = "Guardian of ElastiCache Cluster"
	vpc_id = ""

	egress_rules = ["all-all"]
	ingress_with_cidr_blocks = [
	{
	TMPL_DIR ?= .

	.PHONY: prepare
	prepare: ## Preparing Ansibila Requirements
	@ $(MAKE) --no-print-directory log-$@
	mkdir -p ${ROLE_DIR}/molecule/default
	mkdir -p ${ROLE_DIR}/meta
	touch $(ROLE_DIR)/variables.yml
	touch $(ROLE_DIR)/molecule/default/playbook.yml
	touch $(ROLE_DIR)/meta/main.yml