HauptJ · March 6, 2025 19:29
diff --git a/playbook.yml b/playbook.yml
 ---
 - hosts: all
  become: true

  vars_prompt:
    - name: ssh_username
      prompt: Enter SSH username
      private: false

    - name: tpot_username
      prompt: Enter TPOT username
      private: false

    - name: ssh_key_name
      prompt: Enter SSH key name
      private: false

    - name: password_salt
      prompt: Enter password salt
      private: false

    - name: password
      prompt: Enter password
      private: true

  vars:
    TPOT_FLAVOR: STANDARD

  tasks:
    - name: Ensure aptitude is installed
      apt:
        name: aptitude
        state: latest
        update_cache: true

    - name: Update apt and install required system packages
      apt:
        pkg:
          - curl
          - vim
          - git
        state: latest
        update_cache: true

    - name: Setup passwordless sudo
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^%sudo'
        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
        validate: '/usr/sbin/visudo -cf %s'

    - name: Create a new regular user with sudo privileges
      ansible.builtin.user:
        name: "{{ ssh_username }}"
        password: "{{ password | password_hash('sha512', password_salt) }}"
        state: present
        groups: sudo
        append: true
        create_home: true
        shell: /bin/bash

    - name: Set authorized key for remote user
      ansible.posix.authorized_key:
        user: "{{ ssh_username }}"
        state: present
        key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/{{ ssh_key_name }}.pub') }}"

    - name: Cloning T-Pot install directory
      ansible.builtin.git:
        repo: "https://github.com/telekom-security/tpotce.git"
        dest: /root/tpot

    - name: Copy T-Pot configuration file
      ansible.builtin.copy:
        src: /root/tpot/iso/installer/tpot.conf.dist
        dest: /root/tpot.conf
        owner: root
        group: root
        mode: 0644
        remote_src: true

    - name: Configure T-Pot configuration file
      ansible.builtin.lineinfile:
        path: /root/tpot.conf
        state: present
        regexp: "{{ item.regexp }}"
        line: "{{ item.line }}"
      loop:
        - { regexp: '^myCONF_TPOT_FLAVOR', line: 'myCONF_TPOT_FLAVOR=''{{ TPOT_FLAVOR }}'''}
        - { regexp: '^myCONF_WEB_USER', line: 'myCONF_WEB_USER=''{{ tpot_username }}'''}
        - { regexp: '^myCONF_WEB_PW', line: 'myCONF_WEB_PW=''{{ password }}'''}

    - name: Install T-Pot on instance -  be patient, this might take 15 to 30 minutes depending on the connection speed.
      ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf

    - name: Disable password authentication for root
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        state: present
        regexp: '^#?PermitRootLogin'
        line: 'PermitRootLogin prohibit-password'

    - name: Reboot
      ansible.builtin.reboot:
      ignore_errors: true
	---
	- hosts: all
	become: true

	vars_prompt:
	- name: ssh_username
	prompt: Enter SSH username
	private: false

	- name: tpot_username
	prompt: Enter TPOT username
	private: false

	- name: ssh_key_name
	prompt: Enter SSH key name
	private: false

	- name: password_salt
	prompt: Enter password salt
	private: false

	- name: password
	prompt: Enter password
	private: true

	vars:
	TPOT_FLAVOR: STANDARD

	tasks:
	- name: Ensure aptitude is installed
	apt:
	name: aptitude
	state: latest
	update_cache: true

	- name: Update apt and install required system packages
	apt:
	pkg:
	- curl
	- vim
	- git
	state: latest
	update_cache: true

	- name: Setup passwordless sudo
	lineinfile:
	path: /etc/sudoers
	state: present
	regexp: '^%sudo'
	line: '%sudo ALL=(ALL) NOPASSWD: ALL'
	validate: '/usr/sbin/visudo -cf %s'

	- name: Create a new regular user with sudo privileges
	ansible.builtin.user:
	name: "{{ ssh_username }}"
	password: "{{ password \| password_hash('sha512', password_salt) }}"
	state: present
	groups: sudo
	append: true
	create_home: true
	shell: /bin/bash

	- name: Set authorized key for remote user
	ansible.posix.authorized_key:
	user: "{{ ssh_username }}"
	state: present
	key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/{{ ssh_key_name }}.pub') }}"

	- name: Cloning T-Pot install directory
	ansible.builtin.git:
	repo: "https://github.com/telekom-security/tpotce.git"
	dest: /root/tpot

	- name: Copy T-Pot configuration file
	ansible.builtin.copy:
	src: /root/tpot/iso/installer/tpot.conf.dist
	dest: /root/tpot.conf
	owner: root
	group: root
	mode: 0644
	remote_src: true

	- name: Configure T-Pot configuration file
	ansible.builtin.lineinfile:
	path: /root/tpot.conf
	state: present
	regexp: "{{ item.regexp }}"
	line: "{{ item.line }}"
	loop:
	- { regexp: '^myCONF_TPOT_FLAVOR', line: 'myCONF_TPOT_FLAVOR=''{{ TPOT_FLAVOR }}'''}
	- { regexp: '^myCONF_WEB_USER', line: 'myCONF_WEB_USER=''{{ tpot_username }}'''}
	- { regexp: '^myCONF_WEB_PW', line: 'myCONF_WEB_PW=''{{ password }}'''}

	- name: Install T-Pot on instance - be patient, this might take 15 to 30 minutes depending on the connection speed.
	ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf

	- name: Disable password authentication for root
	ansible.builtin.lineinfile:
	path: /etc/ssh/sshd_config
	state: present
	regexp: '^#?PermitRootLogin'
	line: 'PermitRootLogin prohibit-password'

	- name: Reboot
	ansible.builtin.reboot:
	ignore_errors: true