install packer ansible provisioner as plugin

.github/workflows/packer.yaml

@@ -11,19 +11,21 @@ on:
     branches:
       - main
   workflow_dispatch:
+  schedule:
+    - cron: "0 1 * * 4"
 
 jobs:
   docker-build:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Build and save Docker image
         run: |
           docker build -t ghcr.io/enowars/bambictf:latest .
           docker save --output /tmp/bambictf.tar ghcr.io/enowars/bambictf:latest
       - name: Upload artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: bambictf
           path: /tmp/bambictf.tar
@@ -38,21 +40,21 @@ jobs:
     needs: docker-build
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Download artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: bambictf
           path: /tmp
       - name: Load Docker image
         run: docker load --input /tmp/bambictf.tar
-      - name: start docker-compose setup
+      - name: start docker compose setup
         env:
           HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }}
-        run: docker-compose up -d
+        run: docker compose up -d
       - name: prepare ansible config
-        run: docker-compose exec -T bambictf sh -c 'cp ansible/config_bambi.yml.sample ansible/config_bambi.yml'
+        run: docker compose exec -T bambictf sh -c 'cp ansible/config_bambi.yml.sample ansible/config_bambi.yml'
       - name: generate config files
-        run: docker-compose exec -T bambictf sh -c 'cd config; TEAM_COUNT=4 GATEWAY_COUNT=2 CHECKER_COUNT=2 ./gen_config.sh'
+        run: docker compose exec -T bambictf sh -c 'cd config; TEAM_COUNT=4 GATEWAY_COUNT=2 CHECKER_COUNT=2 ./gen_config.sh'
       - name: build packer image
-        run: docker-compose exec -T bambictf sh -c 'cd packer; packer build ${{ matrix.image }}.json'
+        run: docker compose exec -T bambictf sh -c 'cd packer; packer build ${{ matrix.image }}.json'

Dockerfile

@@ -19,7 +19,8 @@ RUN curl https://releases.hashicorp.com/terraform/1.0.11/terraform_1.0.11_linux_
 RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \
     apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \
     apt-get update && apt-get install packer && \
-    packer plugins install github.com/hashicorp/hcloud
+    packer plugins install github.com/hashicorp/hcloud && \
+    packer plugins install github.com/hashicorp/ansible
 
 # OpenVPN
 RUN apt-get install -y openvpn easy-rsa zip unzip

ansible/bambichecker.yml

@@ -4,20 +4,15 @@
     become_method: sudo
     vars_files:
       - config_bambi.yml
+      - static.yml
 
     roles:
       - bambi-ssh-keys
       - firewall
       - wireguard
-      - role: filebeat
-        vars:
-          elk: 192.168.3.0
-      - role: journalbeat
-        vars:
-          elk: 192.168.3.0
-      - role: metricbeat
-        vars:
-          elk: 192.168.3.0
+      - filebeat
+      - journalbeat
+      - metricbeat
       - vuln_checkers
       - docker-block-external
       - role: programs

ansible/bambielk.yml

@@ -4,24 +4,19 @@
     become_method: sudo
     vars_files:
       - config_bambi.yml
+      - static.yml
 
     roles:
       - bambi-ssh-keys
       - firewall
       - wireguard
       - enoelk
       - docker-block-external
-      - role: filebeat
-        vars:
-          elk: 192.168.3.0
-      - role: journalbeat
-        vars:
-          elk: 192.168.3.0
-      - role: metricbeat
-        vars:
-          elk: 192.168.3.0
+      - filebeat
+      - journalbeat
+      - metricbeat
       - role: programs
         vars:
           program_list:
             - "tmux"
-            - "git"
+            - "git"

ansible/bambiengine.yml

@@ -4,21 +4,16 @@
     become_method: sudo
     vars_files:
       - config_bambi.yml
+      - static.yml
 
     roles:
       - bambi-ssh-keys
       - firewall
       - wireguard
       - enoengine
-      - role: filebeat
-        vars:
-          elk: 192.168.3.0
-      - role: journalbeat
-        vars:
-          elk: 192.168.3.0
-      - role: metricbeat
-        vars:
-          elk: 192.168.3.0
+      - filebeat
+      - journalbeat
+      - metricbeat
       - docker-block-external
       - role: programs
         vars:

ansible/bambirouter.yml

@@ -4,17 +4,12 @@
     become_method: sudo
     vars_files:
       - config_bambi.yml
+      - static.yml
 
     roles:
-      - role: filebeat
-        vars:
-          elk: 192.168.3.0
-      - role: journalbeat
-        vars:
-          elk: 192.168.3.0
-      - role: metricbeat
-        vars:
-          elk: 192.168.3.0
+      - filebeat
+      - journalbeat
+      - metricbeat
       - bambi-ssh-keys
       - firewall
       - bambi-wireguard-router

ansible/bambivulnbox.yml

@@ -4,6 +4,7 @@
     become_method: sudo
     vars_files:
       - config_bambi.yml
+      - static.yml
 
     roles:
       - docker

ansible/roles/vuln_checkers/meta/main.yml

@@ -1,4 +1,7 @@
 dependencies:
 - role: "docker"
 - role: "programs"
+  vars:
+    program_list:
+      - git
 - role: "bambi-ssh-keys"

ansible/roles/vuln_services/meta/main.yml

@@ -1,4 +1,7 @@
 dependencies:
 - role: "docker"
 - role: "programs"
+  vars:
+    program_list:
+      - git
 - role: "bambi-ssh-keys"

ansible/static.yml

@@ -0,0 +1 @@
+elk: 192.168.3.0