scripts v1

ansible/deploy.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# Author: Landon Dyck
+# This is a convenience wrapper around ansible-playbook using the python env. Can take any
+# additional ansible-playbook parameters, such as tags. Use unlock.sh first for even more
+# convenience.
+# Usage: $ ./deploy.sh [additional params]
+
+PATH=${PWD}/env/bin:${PATH}
+
+set -ex
+
+if [ -f .env ]; then
+    export $(cat .env | xargs)
+fi
+
+cd ansible/
+
+time ansible-playbook main.yml --diff $@

ansible/encrypt_string.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Author: Landon Dyck
+# This is a convenience wrapper around ansible-vault's encrypt_string function in the
+# python env. Use unlock.sh first for additional convenience.
+# Usage: $ ./encrypt_string.sh
+
+PATH=${PWD}/env/bin:${PATH}
+cd ansible
+ansible-vault encrypt_string

ansible/lint.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# Author: Landon Dyck
+# This runs yamllint and ansible-lint on the ansible scripts, then ansible-playbook's syntax
+# checker. 
+# Usage: $ ./lint.sh
+
+set -e
+
+PATH=${PWD}/env/bin:${PATH}
+
+yamllint -sc ansible/yamllint.yml ansible
+
+cd ansible/
+
+ansible-lint -p
+
+ansible-playbook main.yml --syntax-check

ansible/nebula_cert.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Author: Landon Dyck
+# Generates and encrypts a new certificate for a nebula host. Calls unlock.sh so you don't
+# have to enter your password twice, but will honor an unlock.sh called outside the script.
+# Don't forget to add the host and ip address in ansible/group_vars/all/nebula.yml
+# 
+# Usage: $ ./nebula_cert.sh ip_address hostname
+# * ip_address: the ip address of the host. Make sure it's in the correct /24 network
+# * hostname: the hostname of the host. If I need to explain more, you probably should
+#             not use this
+
+. $(dirname "$0")/unlock.sh
+ca_crt=roles/nebula/files/ca.crt
+ca_key=roles/nebula/files/ca.key
+client_key=roles/nebula/files/certs/$2.key
+client_crt=roles/nebula/files/certs/$2.crt
+
+
+cd ansible/
+ansible-vault decrypt roles/nebula/files/ca.*
+nebula-cert sign \
+  -ip "$1/24" \
+  -name $2 \
+  -out-key $client_key \
+  -out-crt $client_crt  \
+  -ca-crt $ca_crt  \
+  -ca-key $ca_key
+read -p "Press [Enter] key to complete encryption"
+ansible-vault encrypt roles/nebula/files/certs/$2.* roles/nebula/files/ca.*

ansible/nebula_new_ca.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Author: Landon Dyck
+# Nebula CAs expire, and creating a new one is a hassle. This creates a new CA certificate,
+# then recreates each certificate for the hosts in ansible/group_vars/nebula.yml. Once
+# the new certificates are deployed, the old ones cannot be used. Caution should be taken
+# to avoid breaking the network.
+# 
+# Usage: $ ./nebula_new_ca.sh
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+create_cert="$SCRIPT_DIR/nebula_cert.sh"
+$SCRIPT_DIR/unlock.sh
+
+ca_key=ansible/roles/nebula/files/ca.key
+ca_crt=ansible/roles/nebula/files/ca.crt
+
+nebula-cert ca \
+  -duration 26280h \
+  -name 'Code Monkey Software LLC' \
+  -out-crt $ca_crt \
+  -out-key $ca_key
+
+
+NEBULA_CLIENTS=$(yq '.nebula.clients | keys' ansible/group_vars/all/nebula.yml -o c | tr "," "\n")
+
+for client in $NEBULA_CLIENTS
+do
+  ip=$(yq ".nebula.clients.$client.ip" ansible/group_vars/all/nebula.yml)
+  $create_cert $ip $client
+done

ansible/setup.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# Author: Landon Dyck
+# Installs ansible dependencies in a python env
+# 
+# Usage: $ ./setup.sh
+
+set -e
+
+PATH=${PWD}/env/bin:${PATH}
+
+set -x
+
+python -m venv env
+
+pip install -Ur ansible/requirements.txt
+
+cd ansible/ && ansible-galaxy install -r galaxy-requirements.yml
+
+go install github.com/mikefarah/yq/v4@latest

ansible/unlock.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Author: Landon Dyck
+# Will prompt for your bitwarden vault password and retain the open session in your environment
+# Idempotent
+
+# Usage: $ . ./unlock.sh
+
+if [[ -z "${BW_SESSION}" ]]; then
+    export BW_SESSION=$(bw unlock --raw)
+fi
+
+bw sync

ansible/virtualenv.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+# Author: Landon Dyck
+# Mounts the virtual environment in your path
+
+# Usage: $ . ./virtualenv.sh
+
+
+PATH=${PWD}/env/bin:${PATH}

dns/deploy.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Author: Landon Dyck
+# Deploys the dns configuration
+# 
+# Usage: $ ./deploy.sh
+
+export $(cat .env | xargs)
+
+cd dns
+
+dnscontrol preview
+
+echo
+read -sp $'\e[34mPress \e[1;32m[Enter]\e[0;34m key to deploy or \e[1;31mCTRL+C\e[0;34m to cancel\e[0m'
+echo
+echo
+
+dnscontrol push

dns/setup.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Author: Landon Dyck
+# Installs dnscontrol
+# 
+# Usage: $ ./setup.sh
+go install -v github.com/StackExchange/dnscontrol/v4@v4.26.0