Deploy GVM to a box at home

2021-12-30 09:31:07 -06:00 · 2021-12-30 09:31:07 -06:00 · 1cff8a6aa8
commit 1cff8a6aa8
parent ed64fc0a9a
3 changed files with 54 additions and 7 deletions
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -58,13 +58,21 @@ zerotier_network_id: !vault |
          3339633961393864330a616437613534643231366634643362383438316233376334636264303361
          65313231393433396538663463383731303661633663343066333264303330313133

-# For geerlingguy.apache
-apache_remove_default_vhost: yes
-apache_ssl_cipher_suite: "ECDH:AECDH:!SHA1:!SHA256:!SHA384"
-apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
-
-# For geerlingguy.php
-##RESERVED
+# For GVM
+secret_gvm_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36386339623936656635346132333761356566313430616536346363363335393365613731396539
+          3664323233396565666334306263303338346637613361390a666634656636373136313634323262
+          37666165336437323031326262646333393439646664393066383765346631383835663762323263
+          3363326461316636660a323465373630323435313161663362356234376563633266336534303861
+          39393835666661323637353830336530393361643664656536313035386338323937
+secret_gvm_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36393639656131363065343830323830323365383933646261353661326235383366343864386135
+          3335326666623162396234313462653264326362323261360a633736353363666538393064616439
+          35323734623233313937623861306337633539623761396266363939363565653638613661333366
+          6637306661373339350a633038336339306639386539336163386530376662663663653966336633
+          65383335323339366637633934323632666638366265353839306432373365376530

 # For gulagbot
 secret_gulagbot_db_pass: !vault |
--- a/playbooks/home_app.yml
+++ b/playbooks/home_app.yml
@ -21,6 +21,22 @@
        backup_s3backup_list_extra:
          - /data
      tags: [ backup ]
+- hosts: vm-scan-1.home.mgmt.desu.ltd
+  module_defaults:
+    docker_container:
+      state: started
+      restart_policy: unless-stopped
+      pull: yes
+  pre_tasks:
+    - name: ensure docker network
+      docker_network: name=web
+      tags: [ docker ]
+  tasks:
+    - name: include tasks for applications
+      include_tasks: tasks/{{ item }}
+      with_items:
+        - app/gvm.yml
+      tags: [ always ]
 - hosts: vm-syncthing-1.home.mgmt.desu.ltd
  module_defaults:
    docker_container:
--- a/playbooks/tasks/app/gvm.yml
+++ b/playbooks/tasks/app/gvm.yml
@ -0,0 +1,23 @@
+# vim:ft=ansible:
+- name: docker deploy gvm
+  docker_container:
+    name: gvm
+    image: securecompliance/gvm:latest
+    env:
+      DB_PASSWORD: "{{ secret_gvm_db_pass }}"
+      USERNAME: admin
+      PASSWORD: "{{ secret_gvm_pass }}"
+      TZ: America/Chicago
+    networks:
+      - name: web
+        aliases: [ "gvm" ]
+    volumes:
+      - /data/gvm/gvm:/var/lib/gvm
+      - /data/gvm/openvas-plugins:/var/lib/openvas/plugins
+      - /data/gvm/postgres:/opt/database
+      - /data/gvm/ssh:/etc/ssh
+    ports:
+      - 443:9392/tcp
+      - 5432:5432/tcp
+      - 2222:22/tcp
+  tags: [ docker, gvm ]