Merge remote-tracking branch 'refs/remotes/origin/master'

create-semaphore-db.sql

@@ -0,0 +1,23 @@
+CREATE DATABASE semaphore;
+CREATE USER 'semaphore'@'localhost' IDENTIFIED BY 'semaphore';
+GRANT Usage ON *.* TO 'semaphore'@'localhost';
+GRANT Alter ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Create ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Create view ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Delete ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Delete history ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Drop ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Index ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Insert ON semaphore.* TO 'semaphore'@'localhost';
+GRANT References ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Select ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Show view ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Trigger ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Update ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Alter routine ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Create routine ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Create temporary tables ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Execute ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Lock tables ON semaphore.* TO 'semaphore'@'localhost';
+GRANT Show Create Routine ON semaphore.* TO 'semaphore'@'localhost';
+

disable-rp-filter.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+sysctl -a|grep \.rp_filter|gawk '{print $1}' |xargs -I{} sysctl -w {}=0

init-packages

@@ -0,0 +1,3 @@
+wget
+curl
+git

init.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+dnf install -y $( cat init-packages )

install-ansible.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+dnf install -y python3.12 python3.12-devel python3.12-pip
+
+update-alternatives --set python3 /usr/bin/python3.12
+
+python3 -m pip install --upgrade pip
+
+python3 -m pip install --upgrade ansible

install-ngtech-squid.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+dnf module disable squid -y
+
+cat <<EOF > /etc/yum.repos.d/ngtech-squid.repo
+[ngtech-squid]
+name=Rocky Linux \$releasever - NgTech Squid Repo
+#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=\$basearch&repo=BaseOS-\$releasever
+baseurl=https://www.ngtech.co.il/repo/rocky/\$releasever/\$basearch/
+gpgcheck=0
+enabled=1
+countme=1
+EOF
+
+dnf check-update
+
+dnf install -y squid squid-helpers
+
+dnf install -y epel-release
+
+crb enable
+
+dnf install -y epel-release
+
+dnf install -y iptstate atop htop conntrack-tools curl jq wget iptables-services iptables-utils \
+	tcpdump 
+
+systemctl disable firewalld --now
+
+cp -vf rules.v4 /etc/sysconfig/iptables
+cp -vf rules.v6 /etc/sysconfig/ip6tables
+
+
+systemctl start iptables
+systemctl start ip6tables
+
+systemctl enable iptables
+systemctl enable ip6tables

install-semaphore.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+dnf install -y jq
+
+RPM_URL="https://github.com/semaphoreui/semaphore/releases/download/v2.10.22/semaphore_2.10.22_linux_amd64.rpm"
+OUTPUT_FILENAME="semaphore_2.10.22_linux_amd64.rpm"
+
+
+wget "${RPM_URL}" -O "${OUTPUT_FILENAME}"
+
+dnf localinstall -y ./semaphore*amd64.rpm
+
+dnf module disable mariadb -y
+
+wget "https://downloads.mariadb.com/MariaDB/mariadb_repo_setup" -O "mariadb_repo_setup"
+# Checksum check
+bash "mariadb_repo_setup"
+
+dnf install mariadb-server -y
+
+systemctl start mariadb
+systemctl enable mariadb
+
+## Create database and user
+
+## setup semaphore
+
+## install config
+
+mkdir -p /etc/semaphore
+cp -vf config.json /etc/semaphore/
+
+##Create service
+
+cat > /etc/systemd/system/semaphore.service <<EOF
+[Unit]
+Description=Semaphore Ansible
+Documentation=https://github.com/semaphoreui/semaphore
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStart=/usr/bin/semaphore server --config=/etc/semaphore/config.json
+SyslogIdentifier=semaphore
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+
+systemctl start semaphore
+systemctl enable semaphore
+
+firewall-cmd --add-port=3000/tcp --permanent
+firewall-cmd --reload

rules.v6

@@ -0,0 +1,37 @@
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*filter
+:INPUT ACCEPT [9:758]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*security
+:INPUT ACCEPT [9:758]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*raw
+:PREROUTING ACCEPT [9:758]
+:OUTPUT ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*mangle
+:PREROUTING ACCEPT [9:758]
+:INPUT ACCEPT [9:758]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [9:608]
+:POSTROUTING ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024