Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/justin-p/ansible-role-chisel

A Ansible role to deploy a https://github.com/jpillora/chisel client and/or server as a systemd service.
https://github.com/justin-p/ansible-role-chisel

ansible ansible-galaxy ansible-role chisel golang hacktoberfest http systemd tcp tunnel

Last synced: 25 days ago
JSON representation

A Ansible role to deploy a https://github.com/jpillora/chisel client and/or server as a systemd service.

Host: GitHub
URL: https://github.com/justin-p/ansible-role-chisel
Owner: justin-p
License: mit
Created: 2020-10-06T23:04:34.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-03-19T19:58:53.000Z (8 months ago)
Last Synced: 2024-03-19T20:59:32.857Z (8 months ago)
Topics: ansible, ansible-galaxy, ansible-role, chisel, golang, hacktoberfest, http, systemd, tcp, tunnel
Language: Jinja
Homepage:
Size: 58.6 KB
Stars: 3
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# ansible-role-chisel

[![Ansible Role Name](https://img.shields.io/ansible/role/d/justin_p/chisel?style=flat-square
)](https://galaxy.ansible.com/justin_p/chisel)
[![Github Actions](https://img.shields.io/github/actions/workflow/status/justin-p/ansible-role-chisel/main.yml?label=Github%20Actions&logo=github&style=flat-square)](https://github.com/justin-p/ansible-role-chisel/actions)

A Ansible role to deploy a [chisel](https://github.com/jpillora/chisel) client and/or server as a systemd service. The main idea is to use this to easily automate a dropbox scenario that ensures the client always callsback regardless of network issues, reboots or program crashes, while also taking advantage of what chisel can offer over a SSH or VPN based solution.

## Requirements

None.

## Variables

`defaults/main.yml`

| Variable
| :-------------------------------
| chisel_version
| chisel_download_url_linux_amd64
| chisel_linux_amd64_sha256
| chisel_download_destination
| chisel_install_destination
| chisel_service_name
| chisel_service_destination
| chisel_service_template
| chisel_config_name
| chisel_config_folder
| chisel_config_template
| chisel_config_destination
| chisel_client_server_url
| chisel_client_remotes
| chisel_client_server_fingerprint
| chisel_client_auth_username
| chisel_client_auth_password
| chisel_client_keepalive
| chisel_client_max_retry_count
| chisel_client_max_retry_interval
| chisel_client_proxy
| chisel_client_headers
| chisel_client_hostname
| chisel_client_tls_ca
| chisel_client_tls_key
| chisel_client_tls_cert
| chisel_server_host
| chisel_server_port
| chisel_server_key
| chisel_server_auth_file
| chisel_server_auth
| chisel_server_keepalive
| chisel_server_backend
| chisel_server_tls_ca
| chisel_server_tls_key
| chisel_server_tls_cert | Description | Default value | | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------- | | The release version of chisel linux amd64 to download. | 1.8.1 | | The download url. | `https:\\github.com/jpillora/chisel/releases/download/v{{ chisel_version }}/chisel\_{{ chisel_version }}\_linux_amd64.gz` | | The sha256 checksum of the downloaded file. | 0461e84f847489e8968b011128b6be6b001f487ae75b2a0c14ff6d4eafc9f2df | | The download destination. | /tmp/chisel\_{{ chisel_version }}.gz | | The location to install chisel. | /usr/local/bin/chisel | | The name of the service that should be installed. | chisel-client | | The destination where of the service file should be installed. | "/lib/systemd/system/{{ chisel_service_name }}.service" | | This role has 2 built-in templates, [chisel-client](https://github.com/justin-p/ansible-chisel/blob/main/templates/chisel-client.service.j2) and [chisel-server](https://github.com/justin-p/ansible-chisel/blob/main/templates/chisel-server.service.j2). | "{{ chisel_service_name }}.service.j2" | | The name of the chisel config. | chisel-client | | The folder where the chisel config will be installed. | /etc/chisel/ | | This role has 2 built-in templates, [chisel-client](https://github.com/justin-p/ansible-chisel/blob/main/templates/chisel-client.conf.j2) and [chisel-server](https://github.com/justin-p/ansible-chisel/blob/main/templates/chisel-server.conf.j2). | "{{ chisel_config_name }}.conf.j2" | | The full path where the chisel config will be installed. | "{{ chisel_config_folder }}{{ chisel_config_name }}.conf" | | The URL of the chisel server. | `http://127.0.0.1` | | The remotes that are tunneled through the server. | "8080" | | The fingerprint of the server. | aa:bb:cc:dd:ee:ff:gg | | The username to authenticate with. | user | | The password to authenticate with. | pass | | The keep alive for the client. | 25s | | The max retry count for the client. | unlimited | | The max retry interval for the client. | 5 | | An optional HTTP CONNECT or SOCKS5 proxy which will be used to reach the chisel server. | `http://admin:[email protected]:8081` | | Set a custom header in the form "HeaderName: HeaderContent". | '--header "Foo : Bar" --header "Hello : World"' | | Optionally set the 'Host' header. | example.com | | An optional root certificate bundle used to verify the chisel server. | /path/to/bundle | | A path to a PEM encoded private key used for client authentication. | /path/to/PEM | | A path to a PEM encoded certificate matching the provided private key. | /path/to/PEM | | Defines the HTTP listening host – the network interface. | 0.0.0.0 | | Defines the HTTP listening port. | 80 | | An optional string to seed the generation of a ECDSA keypair. | a_random_string | | An optional path to a users.json file. | /path/to/user.json | | An optional string representing a single user with full access. | user:pass | | The keep alive for the server. | 25s | | Specifies another HTTP server to proxy requests to when chisel receives a normal HTTP request. | `http://127.0.0.1:8081` | | A path to a PEM encoded CA certificate bundle. | /path/to/PEM | | Enables TLS and provides optional path to a PEM-encoded TLS private key. | /path/to/PEM | | Enables TLS and provides optional path to a PEM-encoded TLS certificate. | /path/to/PEM |

## Dependencies

None.

## Example Playbooks

### Client with example template

```yml
---
- hosts: local
become: yes
roles:
- role: justin_p.chisel
```

### Server with example template

```yml
---
- hosts: local
become: yes
roles:
- role: justin_p.chisel
vars:
chisel_service_name: chisel-server
chisel_config_name: chisel-server
```

## Local Development

This role includes molecule that will spin up a local docker environment to deploy, configure and test this role.

Development requirements:

- Docker
- Molecule
- yamllint
- ansible-lint

or simply use a VM with [this](https://github.com/justin-p/ansible-terraform-workstation) configuration.

## License

MIT

## Authors

Justin Perdok ([@justin-p](https://github.com/justin-p/)), Orange Cyberdefense

## Contributing

Feel free to open issues, contribute and submit your Pull Requests. You can also ping me on Twitter ([@JustinPerdok](https://twitter.com/JustinPerdok))