commit 0d5bd926e249b66cb213417c4c21aca743ef9768 Author: Nicolò P. Date: Tue Feb 24 18:28:01 2026 +0100 Initial commit (with nginx...) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6e7f8d4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +id_ansible_lab* +*.sw* diff --git a/README.md b/README.md new file mode 100644 index 0000000..89538b1 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# Ambiente di test locale per Ansible + +Il repository include i Dockerfile per tre immagini Docker basate su Debian 13, Almalinux 9 e Ubuntu 24.04 per riprodurre tramite container i sistemi operativi (attualmente) installati sulle VM in produzione. + +Per il corretto funzionamento delle immagini, è necessario che esista una chiave pubblica `id_ansible.pub` nelle rispettive cartelle con i Dockerfile. Questa deve ovviamente corrispondere a una chiave SSH privata `id_ansible_lab` che `inventory.yaml` cerca in `~/.ssh/`. diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..14c8065 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +host_key_checking = False diff --git a/docker/almalinux/Dockerfile b/docker/almalinux/Dockerfile new file mode 100644 index 0000000..896c77d --- /dev/null +++ b/docker/almalinux/Dockerfile @@ -0,0 +1,29 @@ +FROM almalinux:9 + +RUN dnf update -y && \ + dnf install -y \ + openssh-server \ + sudo \ + python3 + #rm -rf /var/lib/apt/lists/* + +RUN mkdir /var/run/sshd + +RUN ssh-keygen -A + +RUN useradd -m -s /bin/bash nicolo && \ + echo "nicolo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nicolo + +RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \ + sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config + +RUN mkdir /home/nicolo/.ssh && \ + chmod 700 /home/nicolo/.ssh + +COPY id_ansible_lab.pub /home/nicolo/.ssh/authorized_keys + +RUN chown nicolo:nicolo -R /home/nicolo/.ssh && chmod 600 /home/nicolo/.ssh/authorized_keys + +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] + diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile new file mode 100644 index 0000000..ed3bf69 --- /dev/null +++ b/docker/debian/Dockerfile @@ -0,0 +1,26 @@ +FROM debian:13 + +RUN apt-get update && \ + apt-get install -y \ + openssh-server \ + sudo \ + python3 \ + ca-certificates && \ + rm -rf /var/lib/apt/lists/* + +RUN useradd -m -s /bin/bash nicolo && \ + echo "nicolo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nicolo + +RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \ + sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config + +RUN mkdir /home/nicolo/.ssh && \ + chmod 700 /home/nicolo/.ssh + +COPY id_ansible_lab.pub /home/nicolo/.ssh/authorized_keys + +RUN chown nicolo:nicolo -R /home/nicolo/.ssh && chmod 600 /home/nicolo/.ssh/authorized_keys + +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] + diff --git a/docker/ubuntu/Dockerfile b/docker/ubuntu/Dockerfile new file mode 100644 index 0000000..2aeaf37 --- /dev/null +++ b/docker/ubuntu/Dockerfile @@ -0,0 +1,28 @@ +FROM ubuntu:24.04 + +RUN apt-get update && \ + apt-get install -y \ + openssh-server \ + sudo \ + python3 \ + ca-certificates && \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir /var/run/sshd + +RUN useradd -m -s /bin/bash nicolo && \ + echo "nicolo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nicolo + +RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \ + sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config + +RUN mkdir /home/nicolo/.ssh && \ + chmod 700 /home/nicolo/.ssh + +COPY id_ansible_lab.pub /home/nicolo/.ssh/authorized_keys + +RUN chown nicolo:nicolo -R /home/nicolo/.ssh && chmod 600 /home/nicolo/.ssh/authorized_keys + +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] + diff --git a/inventory.yaml b/inventory.yaml new file mode 100644 index 0000000..c837742 --- /dev/null +++ b/inventory.yaml @@ -0,0 +1,17 @@ +all: + vars: + ansible_user: nicolo + ansible_ssh_private_key_file: ~/.ssh/id_ansible_lab + + children: + debian: + hosts: + debi13: + ansible_host: 127.0.0.1 + ansible_port: 2224 + ubuntu: + hosts: + ubu24: + ansible_host: 127.0.0.1 + ansible_port: 2223 + diff --git a/playbooks/files/nginx.conf b/playbooks/files/nginx.conf new file mode 100644 index 0000000..db709b0 --- /dev/null +++ b/playbooks/files/nginx.conf @@ -0,0 +1,13 @@ +server { + listen 80; #default_server; + #server_name ; + + location / { + proxy_pass http://127.0.0.1:8080; + + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/playbooks/webservers.yml b/playbooks/webservers.yml new file mode 100644 index 0000000..f653844 --- /dev/null +++ b/playbooks/webservers.yml @@ -0,0 +1,25 @@ +- name: Configure webserver with nginx + hosts: debian + become: true + + tasks: + - name: Ensure nginx is installed + ansible.builtin.package: + name: nginx + state: present + update_cache: yes + + - name: Copy nginx config file + ansible.builtin.copy: + src: nginx.conf + dest: /etc/nginx/conf.d/test.conf + owner: root + group: root + mode: '0644' + notify: Restart nginx + + handlers: + - name: Restart nginx + ansible.builtin.service: + name: nginx + state: restarted diff --git a/roles/nodejs.yml b/roles/nodejs.yml new file mode 100644 index 0000000..e69de29