From 2c4fcbacc3209f3ab7d29eb119809d20f0d5963f Mon Sep 17 00:00:00 2001
From: Kris Lamoureux <kris@lamoureux.io>
Date: Fri, 15 Sep 2023 23:46:45 -0400
Subject: [PATCH] Introduce forward-ssh.sh method & reorganize

- Abandoned update-hosts.sh in favor of loopback SSH forwarding
- Adopted *.local.krislamo.org as a wildcard loopback domain
- Bound Traefik to ports 443/80 on Dockerbox dev
- Removed outdated Gitea config from Dockerbox
- Relocated production playbooks to a new directory
---
 dev/dockerbox.yml                            |  2 +-
 dev/host_vars/bitwarden.yml                  |  4 +-
 dev/host_vars/dockerbox.yml                  | 22 +++---
 dev/host_vars/mediaserver.yml                |  2 +-
 dev/host_vars/nextcloud.yml                  |  4 +-
 dev/host_vars/nginx.yml                      |  4 +-
 dev/host_vars/proxy.yml                      |  2 +-
 dev/host_vars/wordpress.yml                  |  4 +-
 dockerbox.yml                                | 25 ------
 forward-ssh.sh                               | 80 ++++++++++++++++++++
 backup.yml => playbooks/backup.yml           |  0
 bitwarden.yml => playbooks/bitwarden.yml     |  0
 docker.yml => playbooks/docker.yml           |  0
 playbooks/dockerbox.yml                      | 11 +++
 hypervisor.yml => playbooks/hypervisor.yml   |  0
 mediaserver.yml => playbooks/mediaserver.yml |  0
 minecraft.yml => playbooks/minecraft.yml     |  0
 proxy.yml => playbooks/proxy.yml             |  0
 unifi.yml => playbooks/unifi.yml             |  0
 update-hosts.sh                              | 42 ----------
 20 files changed, 111 insertions(+), 91 deletions(-)
 delete mode 100644 dockerbox.yml
 create mode 100755 forward-ssh.sh
 rename backup.yml => playbooks/backup.yml (100%)
 rename bitwarden.yml => playbooks/bitwarden.yml (100%)
 rename docker.yml => playbooks/docker.yml (100%)
 create mode 100644 playbooks/dockerbox.yml
 rename hypervisor.yml => playbooks/hypervisor.yml (100%)
 rename mediaserver.yml => playbooks/mediaserver.yml (100%)
 rename minecraft.yml => playbooks/minecraft.yml (100%)
 rename proxy.yml => playbooks/proxy.yml (100%)
 rename unifi.yml => playbooks/unifi.yml (100%)
 delete mode 100755 update-hosts.sh

diff --git a/dev/dockerbox.yml b/dev/dockerbox.yml
index 811418a..48927c4 100644
--- a/dev/dockerbox.yml
+++ b/dev/dockerbox.yml
@@ -1,4 +1,4 @@
-- name: Install Docker Box Server
+- name: Install Dockerbox Server
   hosts: all
   become: true
   vars_files:
diff --git a/dev/host_vars/bitwarden.yml b/dev/host_vars/bitwarden.yml
index c14f96b..468b3ec 100644
--- a/dev/host_vars/bitwarden.yml
+++ b/dev/host_vars/bitwarden.yml
@@ -9,14 +9,14 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.vm.krislamo.org
+traefik_domain: traefik.local.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
 
 # bitwarden
 # Get Installation ID & Key at https://bitwarden.com/host/
-bitwarden_domain: vault.vm.krislamo.org
+bitwarden_domain: vault.local.krislamo.org
 bitwarden_dbpass: password
 bitwarden_install_id: 4ea840a3-532e-4cb6-a472-abd900728b23
 bitwarden_install_key: 1yB3Z2gRI0KnnH90C6p
diff --git a/dev/host_vars/dockerbox.yml b/dev/host_vars/dockerbox.yml
index c08c37f..95e8545 100644
--- a/dev/host_vars/dockerbox.yml
+++ b/dev/host_vars/dockerbox.yml
@@ -9,40 +9,36 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.vm.krislamo.org
+traefik_domain: traefik.local.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
+traefik_web_entry: 0.0.0.0:80
+traefik_websecure_entry: 0.0.0.0:443
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
-traefik_http_only: true # if behind reverse-proxy
+#traefik_http_only: true # if behind reverse-proxy
 
 # nextcloud
 nextcloud_version: stable
 nextcloud_admin: admin
 nextcloud_pass: password
-nextcloud_domain: cloud.vm.krislamo.org
+nextcloud_domain: cloud.local.krislamo.org
 
 nextcloud_dbversion: latest
 nextcloud_dbpass: password
 
-# gitea
-gitea_domain: git.vm.krislamo.org
-gitea_version: 1
-gitea_dbversion: latest
-gitea_dbpass: password
-
 # jenkins
 jenkins_version: lts
-jenkins_domain: jenkins.vm.krislamo.org
+jenkins_domain: jenkins.local.krislamo.org
 
 # prometheus (includes grafana)
 prom_version: latest
-prom_domain: prom.vm.krislamo.org
+prom_domain: prom.local.krislamo.org
 grafana_version: latest
-grafana_domain: grafana.vm.krislamo.org
+grafana_domain: grafana.local.krislamo.org
 prom_targets: "['10.0.2.15:9100']"
 
 # nginx
-nginx_domain: nginx.vm.krislamo.org
+nginx_domain: nginx.local.krislamo.org
 nginx_name: staticsite
 nginx_repo_url: https://git.krislamo.org/kris/example-website/
 nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
diff --git a/dev/host_vars/mediaserver.yml b/dev/host_vars/mediaserver.yml
index eda610d..e553918 100644
--- a/dev/host_vars/mediaserver.yml
+++ b/dev/host_vars/mediaserver.yml
@@ -1,4 +1,4 @@
-base_domain: vm.krislamo.org
+base_domain: local.krislamo.org
 
 # base
 allow_reboot: false
diff --git a/dev/host_vars/nextcloud.yml b/dev/host_vars/nextcloud.yml
index 53f78a9..11d0f92 100644
--- a/dev/host_vars/nextcloud.yml
+++ b/dev/host_vars/nextcloud.yml
@@ -5,14 +5,14 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.vm.krislamo.org
+traefik_domain: traefik.local.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 
 # container settings
 nextcloud_version: stable
 nextcloud_admin: admin
 nextcloud_pass: password
-nextcloud_domain: cloud.vm.krislamo.org
+nextcloud_domain: cloud.local.krislamo.org
 
 # database settings
 nextcloud_dbversion: latest
diff --git a/dev/host_vars/nginx.yml b/dev/host_vars/nginx.yml
index e098f4e..59d2ca1 100644
--- a/dev/host_vars/nginx.yml
+++ b/dev/host_vars/nginx.yml
@@ -9,13 +9,13 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.vm.krislamo.org
+traefik_domain: traefik.local.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
 
 # nginx
-nginx_domain: nginx.vm.krislamo.org
+nginx_domain: nginx.local.krislamo.org
 nginx_name: staticsite
 nginx_repo_url: https://git.krislamo.org/kris/example-website/
 nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
diff --git a/dev/host_vars/proxy.yml b/dev/host_vars/proxy.yml
index f4bf756..998884c 100644
--- a/dev/host_vars/proxy.yml
+++ b/dev/host_vars/proxy.yml
@@ -1,4 +1,4 @@
-base_domain: vm.krislamo.org
+base_domain: local.krislamo.org
 
 # base
 allow_reboot: false
diff --git a/dev/host_vars/wordpress.yml b/dev/host_vars/wordpress.yml
index 83b139e..8772568 100644
--- a/dev/host_vars/wordpress.yml
+++ b/dev/host_vars/wordpress.yml
@@ -9,14 +9,14 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.vm.krislamo.org
+traefik_domain: traefik.local.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
 
 # container settings
 wordpress_version: latest
-wordpress_domain: wordpress.vm.krislamo.org
+wordpress_domain: wordpress.local.krislamo.org
 wordpress_multisite: true
 
 # database settings
diff --git a/dockerbox.yml b/dockerbox.yml
deleted file mode 100644
index fe5658f..0000000
--- a/dockerbox.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright (C) 2020  Kris Lamoureux
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-- name: Install Docker Box Server
-  hosts: dockerhosts
-  become: true
-  roles:
-    - base
-    - docker
-    - traefik
-    - nextcloud
-    - jenkins
-    - prometheus
-    - nginx
diff --git a/forward-ssh.sh b/forward-ssh.sh
new file mode 100755
index 0000000..ba8101a
--- /dev/null
+++ b/forward-ssh.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# Finds the SSH private key under ./.vagrant and connects to
+# the Vagrant box, port forwarding localhost ports: 8443, 80, 443
+
+# Root check
+if [ "$EUID" -ne 0 ]; then
+  echo "[ERROR]: Please run script as root"
+  exit 1
+fi
+
+# Clean environment
+unset PRIVATE_KEY
+unset HOST_IP
+unset MATCH_PATTERN
+unset PKILL_ANSWER
+
+# Function to create the SSH tunnel
+function ssh_connect {
+  printf "[INFO]: Starting new vagrant SSH tunnel on PID "
+  sudo -u "$USER" ssh -fNT -i "$PRIVATE_KEY" \
+    -L 8443:localhost:8443 \
+    -L 80:localhost:80 \
+    -L 443:localhost:443 \
+    -o UserKnownHostsFile=/dev/null \
+    -o StrictHostKeyChecking=no \
+      vagrant@"$HOST_IP" 2>/dev/null
+  sleep 2
+  pgrep -f "$MATCH_PATTERN"
+}
+
+# Check for valid PRIVATE_KEY location
+PRIVATE_KEY="$(find .vagrant -name "private_key" 2>/dev/null)"
+if ! ssh-keygen -l -f "$PRIVATE_KEY" &>/dev/null; then
+  echo "[ERROR]: The SSH key '$PRIVATE_KEY' is not valid. Is your virtual machine running?"
+  exit 1
+fi
+echo "[CHECK]: Valid key at $PRIVATE_KEY"
+
+# Grab first IP or use whatever HOST_IP_FIELD is set to and check that the guest is up
+HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f${HOST_IP_FIELD:-1}" 2>/dev/null)"
+HOST_IP="${HOST_IP::-1}" # trim
+if ! ping -c 1 "$HOST_IP" &>/dev/null; then
+  echo "[ERROR]: Cannot ping the host IP '$HOST_IP'"
+  exit 1
+fi
+echo "[CHECK]: Host at $HOST_IP is up"
+
+# Pattern for matching processes running
+MATCH_PATTERN="ssh -fNT -i ${PRIVATE_KEY}.*vagrant@"
+
+# Check amount of processes that match the pattern
+if [ "$(pgrep -afc "$MATCH_PATTERN")" -eq 0 ]; then
+  ssh_connect
+else
+  # Processes found, so prompt to kill remaining ones then start tunnel
+  printf "\n[WARNING]: Found processes running:\n"
+  pgrep -fa "$MATCH_PATTERN"
+  printf '\n'
+  read -rp "Would you like to kill these processes? [y/N] " PKILL_ANSWER
+  echo
+  case "$PKILL_ANSWER" in
+    [yY])
+      echo "[WARNING]: Killing old vagrant SSH tunnel(s): "
+      pgrep -f "$MATCH_PATTERN" | tee >(xargs kill -15)
+      echo
+      if [ "$(pgrep -afc "$MATCH_PATTERN")" -eq 0 ]; then
+        ssh_connect
+      else
+        echo "[ERROR]: Unable to kill processes:"
+        pgrep -f "$MATCH_PATTERN"
+        exit 1
+      fi
+      ;;
+    *)
+      echo "[INFO]: Declined to kill existing processes"
+      exit 0
+      ;;
+  esac
+fi
diff --git a/backup.yml b/playbooks/backup.yml
similarity index 100%
rename from backup.yml
rename to playbooks/backup.yml
diff --git a/bitwarden.yml b/playbooks/bitwarden.yml
similarity index 100%
rename from bitwarden.yml
rename to playbooks/bitwarden.yml
diff --git a/docker.yml b/playbooks/docker.yml
similarity index 100%
rename from docker.yml
rename to playbooks/docker.yml
diff --git a/playbooks/dockerbox.yml b/playbooks/dockerbox.yml
new file mode 100644
index 0000000..15fc95c
--- /dev/null
+++ b/playbooks/dockerbox.yml
@@ -0,0 +1,11 @@
+- name: Install Dockerbox Server
+  hosts: "{{ PLAYBOOK_HOST | default('none') }}"
+  become: true
+  roles:
+    - base
+    - docker
+    - traefik
+    - nextcloud
+    - jenkins
+    - prometheus
+    - nginx
diff --git a/hypervisor.yml b/playbooks/hypervisor.yml
similarity index 100%
rename from hypervisor.yml
rename to playbooks/hypervisor.yml
diff --git a/mediaserver.yml b/playbooks/mediaserver.yml
similarity index 100%
rename from mediaserver.yml
rename to playbooks/mediaserver.yml
diff --git a/minecraft.yml b/playbooks/minecraft.yml
similarity index 100%
rename from minecraft.yml
rename to playbooks/minecraft.yml
diff --git a/proxy.yml b/playbooks/proxy.yml
similarity index 100%
rename from proxy.yml
rename to playbooks/proxy.yml
diff --git a/unifi.yml b/playbooks/unifi.yml
similarity index 100%
rename from unifi.yml
rename to playbooks/unifi.yml
diff --git a/update-hosts.sh b/update-hosts.sh
deleted file mode 100755
index 2dc7cc8..0000000
--- a/update-hosts.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-COMMENT="Project Moxie"
-DOMAIN="vm.krislamo.org"
-HOST[0]="traefik.${DOMAIN}"
-HOST[1]="cloud.${DOMAIN}"
-HOST[2]="git.${DOMAIN}"
-HOST[3]="jenkins.${DOMAIN}"
-HOST[4]="prom.${DOMAIN}"
-HOST[5]="grafana.${DOMAIN}"
-HOST[6]="nginx.${DOMAIN}"
-HOST[7]="vault.${DOMAIN}"
-HOST[8]="wordpress.${DOMAIN}"
-HOST[9]="site1.wordpress.${DOMAIN}"
-HOST[10]="site2.wordpress.${DOMAIN}"
-HOST[11]="unifi.${DOMAIN}"
-HOST[12]="jellyfin.${DOMAIN}"
-
-# Get Vagrantbox guest IP
-VAGRANT_OUTPUT=$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)
-
-# Remove ^M from the end
-[ ${#VAGRANT_OUTPUT} -gt 1 ] && IP=${VAGRANT_OUTPUT::-1}
-
-echo "Purging project addresses from /etc/hosts"
-sudo sed -i "s/# $COMMENT//g" /etc/hosts
-for address in "${HOST[@]}"; do
-  sudo sed -i "/$address/d" /etc/hosts
-done
-
-# Remove trailing newline
-sudo sed -i '${/^$/d}' /etc/hosts
-
-if [ -n "$IP" ]; then
-  echo -e "Adding new addresses...\n"
-  echo -e "# $COMMENT" | sudo tee -a /etc/hosts
-  for address in "${HOST[@]}"; do
-    echo -e "$IP\t$address" | sudo tee -a /etc/hosts
-  done
-else
-  echo "Cannot find address. Is the Vagrant box running?"
-fi