Deploy GVM to a box at home

This commit is contained in:
Salt 2021-12-30 09:31:07 -06:00
parent ed64fc0a9a
commit 1cff8a6aa8
3 changed files with 54 additions and 7 deletions

View File

@ -58,13 +58,21 @@ zerotier_network_id: !vault |
3339633961393864330a616437613534643231366634643362383438316233376334636264303361 3339633961393864330a616437613534643231366634643362383438316233376334636264303361
65313231393433396538663463383731303661633663343066333264303330313133 65313231393433396538663463383731303661633663343066333264303330313133
# For geerlingguy.apache # For GVM
apache_remove_default_vhost: yes secret_gvm_db_pass: !vault |
apache_ssl_cipher_suite: "ECDH:AECDH:!SHA1:!SHA256:!SHA384" $ANSIBLE_VAULT;1.1;AES256
apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 36386339623936656635346132333761356566313430616536346363363335393365613731396539
3664323233396565666334306263303338346637613361390a666634656636373136313634323262
# For geerlingguy.php 37666165336437323031326262646333393439646664393066383765346631383835663762323263
##RESERVED 3363326461316636660a323465373630323435313161663362356234376563633266336534303861
39393835666661323637353830336530393361643664656536313035386338323937
secret_gvm_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
36393639656131363065343830323830323365383933646261353661326235383366343864386135
3335326666623162396234313462653264326362323261360a633736353363666538393064616439
35323734623233313937623861306337633539623761396266363939363565653638613661333366
6637306661373339350a633038336339306639386539336163386530376662663663653966336633
65383335323339366637633934323632666638366265353839306432373365376530
# For gulagbot # For gulagbot
secret_gulagbot_db_pass: !vault | secret_gulagbot_db_pass: !vault |

View File

@ -21,6 +21,22 @@
backup_s3backup_list_extra: backup_s3backup_list_extra:
- /data - /data
tags: [ backup ] tags: [ backup ]
- hosts: vm-scan-1.home.mgmt.desu.ltd
module_defaults:
docker_container:
state: started
restart_policy: unless-stopped
pull: yes
pre_tasks:
- name: ensure docker network
docker_network: name=web
tags: [ docker ]
tasks:
- name: include tasks for applications
include_tasks: tasks/{{ item }}
with_items:
- app/gvm.yml
tags: [ always ]
- hosts: vm-syncthing-1.home.mgmt.desu.ltd - hosts: vm-syncthing-1.home.mgmt.desu.ltd
module_defaults: module_defaults:
docker_container: docker_container:

View File

@ -0,0 +1,23 @@
# vim:ft=ansible:
- name: docker deploy gvm
docker_container:
name: gvm
image: securecompliance/gvm:latest
env:
DB_PASSWORD: "{{ secret_gvm_db_pass }}"
USERNAME: admin
PASSWORD: "{{ secret_gvm_pass }}"
TZ: America/Chicago
networks:
- name: web
aliases: [ "gvm" ]
volumes:
- /data/gvm/gvm:/var/lib/gvm
- /data/gvm/openvas-plugins:/var/lib/openvas/plugins
- /data/gvm/postgres:/opt/database
- /data/gvm/ssh:/etc/ssh
ports:
- 443:9392/tcp
- 5432:5432/tcp
- 2222:22/tcp
tags: [ docker, gvm ]