Initial commit (with nginx...)

.gitignore

@@ -0,0 +1,2 @@
+id_ansible_lab*
+*.sw*

README.md

@@ -0,0 +1,5 @@
+# Ambiente di test locale per Ansible
+
+Il repository include i Dockerfile per tre immagini Docker basate su Debian 13, Almalinux 9 e Ubuntu 24.04 per riprodurre tramite container i sistemi operativi (attualmente) installati sulle VM in produzione.
+
+Per il corretto funzionamento delle immagini, è necessario che esista una chiave pubblica `id_ansible.pub` nelle rispettive cartelle con i Dockerfile. Questa deve ovviamente corrispondere a una chiave SSH privata `id_ansible_lab` che `inventory.yaml` cerca in `~/.ssh/`.

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+host_key_checking = False

docker/almalinux/Dockerfile

@@ -0,0 +1,29 @@
+FROM almalinux:9
+
+RUN dnf update -y && \
+    dnf install -y \
+      openssh-server \
+      sudo \
+      python3
+    #rm -rf /var/lib/apt/lists/*
+
+RUN mkdir /var/run/sshd
+
+RUN ssh-keygen -A
+
+RUN useradd -m -s /bin/bash nicolo && \
+    echo "nicolo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nicolo
+
+RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
+    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
+
+RUN mkdir /home/nicolo/.ssh && \
+    chmod 700 /home/nicolo/.ssh
+
+COPY id_ansible_lab.pub /home/nicolo/.ssh/authorized_keys
+
+RUN chown nicolo:nicolo -R /home/nicolo/.ssh && chmod 600 /home/nicolo/.ssh/authorized_keys
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
+

docker/debian/Dockerfile

@@ -0,0 +1,26 @@
+FROM debian:13
+
+RUN apt-get update && \
+    apt-get install -y \
+      openssh-server \
+      sudo \
+      python3 \
+      ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN useradd -m -s /bin/bash nicolo && \
+    echo "nicolo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nicolo
+
+RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
+    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
+
+RUN mkdir /home/nicolo/.ssh && \
+    chmod 700 /home/nicolo/.ssh
+
+COPY id_ansible_lab.pub /home/nicolo/.ssh/authorized_keys
+
+RUN chown nicolo:nicolo -R /home/nicolo/.ssh && chmod 600 /home/nicolo/.ssh/authorized_keys
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
+

docker/ubuntu/Dockerfile

@@ -0,0 +1,28 @@
+FROM ubuntu:24.04
+
+RUN apt-get update && \
+    apt-get install -y \
+      openssh-server \
+      sudo \
+      python3 \
+      ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN mkdir /var/run/sshd
+
+RUN useradd -m -s /bin/bash nicolo && \
+    echo "nicolo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nicolo
+
+RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
+    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
+
+RUN mkdir /home/nicolo/.ssh && \
+    chmod 700 /home/nicolo/.ssh
+
+COPY id_ansible_lab.pub /home/nicolo/.ssh/authorized_keys
+
+RUN chown nicolo:nicolo -R /home/nicolo/.ssh && chmod 600 /home/nicolo/.ssh/authorized_keys
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
+

inventory.yaml

@@ -0,0 +1,17 @@
+all:
+  vars:
+    ansible_user: nicolo
+    ansible_ssh_private_key_file: ~/.ssh/id_ansible_lab
+
+  children:
+    debian:
+      hosts:
+        debi13:
+          ansible_host: 127.0.0.1
+          ansible_port: 2224
+    ubuntu:
+      hosts:
+        ubu24:
+          ansible_host: 127.0.0.1
+          ansible_port: 2223
+    

playbooks/files/nginx.conf

@@ -0,0 +1,13 @@
+server {
+        listen 80; #default_server;
+        #server_name <your-domain>;
+
+        location / {
+                proxy_pass http://127.0.0.1:8080;
+
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header Host $host;
+                proxy_set_header X-Forwarded-Proto $scheme;
+        }
+}

playbooks/webservers.yml

@@ -0,0 +1,25 @@
+- name: Configure webserver with nginx
+  hosts: debian
+  become: true
+
+  tasks:
+    - name: Ensure nginx is installed
+      ansible.builtin.package:
+        name: nginx
+        state: present
+        update_cache: yes
+
+    - name: Copy nginx config file
+      ansible.builtin.copy:
+        src: nginx.conf
+        dest: /etc/nginx/conf.d/test.conf
+        owner: root
+        group: root
+        mode: '0644'
+      notify: Restart nginx
+
+  handlers:
+    - name: Restart nginx
+      ansible.builtin.service:
+        name: nginx
+        state: restarted