From 15b9a84d64f5792f2077380ece2f88fd93b5a3a6 Mon Sep 17 00:00:00 2001
From: shockrah <alejandros714@protonmail.com>
Date: Thu, 25 Nov 2021 16:34:51 -0800
Subject: [PATCH] + Scripts to setup packaging on alpha+beta and UFW

---
 .../{setup-alpha-host.yml => alpha/init.yml}  |  0
 playbooks/athens-common/ufw.yml               | 43 +++++++++++++++++++
 playbooks/beta/init.yml                       | 12 ++++++
 3 files changed, 55 insertions(+)
 rename playbooks/{setup-alpha-host.yml => alpha/init.yml} (100%)
 create mode 100644 playbooks/athens-common/ufw.yml
 create mode 100644 playbooks/beta/init.yml

diff --git a/playbooks/setup-alpha-host.yml b/playbooks/alpha/init.yml
similarity index 100%
rename from playbooks/setup-alpha-host.yml
rename to playbooks/alpha/init.yml
diff --git a/playbooks/athens-common/ufw.yml b/playbooks/athens-common/ufw.yml
new file mode 100644
index 0000000..c7d400b
--- /dev/null
+++ b/playbooks/athens-common/ufw.yml
@@ -0,0 +1,43 @@
+# This play book sets up a mirrored setup for both web service hosts
+# such that they accept web traffic in and out from anywhere
+# but only accept ssh connections from the internal network
+---
+- hosts: alpha,beta
+  remote_user: ubuntu
+  # UFW is only accessible to root so sudo is required for each task
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Install UFW in case it's not here
+      apt:
+        name: ufw
+        update_cache: yes
+    - name: Allow SSH connections from internal network
+      ufw:
+        rule: allow
+        port: ssh
+        direction: incoming
+        src: 10.0.0.128/26
+
+    - name: Rate limit SSH connections
+      ufw:
+        rule: limit
+        direction: incoming
+        port: ssh
+        proto: tcp
+
+    - name: Allow Plain-HTTP traffic from anywhere
+      ufw:
+        rule: allow
+        port: 80
+        proto: tcp
+
+    - name: Allow HTTPS traffic from anywhere
+      ufw:
+        rule: allow
+        port: 443
+        proto: tcp
+
+
+
+
diff --git a/playbooks/beta/init.yml b/playbooks/beta/init.yml
new file mode 100644
index 0000000..3421035
--- /dev/null
+++ b/playbooks/beta/init.yml
@@ -0,0 +1,12 @@
+---
+- hosts: beta
+  remote_user: ubuntu
+  tasks:
+    - name: Install Nginx
+      become: yes
+      become_method: sudo
+      apt:
+        name: nginx
+        update_cache: yes
+        state: present
+