From d141bc8a7565a5c472939ee1b79b7d5137d778e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Tue, 15 Oct 2024 12:24:26 +0200
Subject: [PATCH] Refs #8025 Role debian-base: Refactor vn-repo to ensure
 idempotency and enhance major Bacula task.

---
 inventories/group_vars/all.yml             | 14 --------------
 roles/debian-base/defaults/main.yaml       | 16 ++++++++++++++++
 roles/debian-base/tasks/bacula.yml         | 22 ++++++++++++++++++----
 roles/debian-base/tasks/main.yml           |  4 ++++
 roles/debian-base/tasks/vn-repo.yml        | 11 +----------
 roles/debian-base/templates/bacula-fd.conf |  4 ++--
 roles/debian-base/templates/jail.local     |  1 +
 7 files changed, 42 insertions(+), 30 deletions(-)

diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml
index 28f9649..d1b6a61 100644
--- a/inventories/group_vars/all.yml
+++ b/inventories/group_vars/all.yml
@@ -20,18 +20,4 @@ awx_pub_key: >
   ssh-ed25519 
   AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H 
   awx@verdnatura.es
-base_packages:
-  - htop
-  - psmisc
-  - bash-completion
-  - screen
-  - aptitude
-  - tree
-  - btop
-  - ncdu
-  - debconf-utils
-  - net-tools
-locales_present:
-  - en_US.UTF-8
-  - es_ES.UTF-8
 passbolt_folder: e0d517be-6783-4b97-9742-acaa9b09742f
diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml
index f7f697f..ff6a7c7 100644
--- a/roles/debian-base/defaults/main.yaml
+++ b/roles/debian-base/defaults/main.yaml
@@ -12,8 +12,24 @@ fail2ban_base_packages:
 vn_host:
   url: http://apt.verdnatura.es/pool/main/v/vn-host
   package: vn-host_2.0.2_all.deb
+  name: vn-host
 time_server_spain: ntp.roa.es
 nagios_packages:
   - nagios-nrpe-server
   - nagios-plugins-contrib
   - monitoring-plugins-basic
+base_packages:
+  - htop
+  - psmisc
+  - bash-completion
+  - screen
+  - aptitude
+  - tree
+  - btop
+  - ncdu
+  - debconf-utils
+  - net-tools
+locales_present:
+  - en_US.UTF-8
+  - es_ES.UTF-8
+
diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian-base/tasks/bacula.yml
index 2cfcb6d..2482ad4 100644
--- a/roles/debian-base/tasks/bacula.yml
+++ b/roles/debian-base/tasks/bacula.yml
@@ -2,19 +2,33 @@
   apt:
     name: bacula-fd
     state: present
-- name: Load Bacula default passwords
+- name: Read content file in base64
   slurp:
     src: /etc/bacula/common_default_passwords
-  register: bacula_passwords
+  register: file_content
+- name: Going to text plane
+  set_fact:
+    file_content_decoded: "{{ file_content.content | b64decode }}"
+- name: Extracting passwords
+  set_fact:
+    passwords: "{{ file_content_decoded.splitlines() | select('match', '^[^#]') | map('regex_replace', '^([^=]+)=(.+)$', '\\1:\\2') | list }}"
+- name: Initialize password dictionary
+  set_fact:
+    bacula_passwords: {}
+- name: Convert lines to individual variables generating a new dict
+  set_fact:
+    bacula_passwords: "{{ bacula_passwords | combine({item.split(':')[0].lower(): item.split(':')[1] | regex_replace('\\n$', '') }) }}"
+  loop: "{{ passwords }}"
+  when: "'FDPASSWD' in item or 'FDMPASSWD' in item"
 - name: Configure Bacula FD
   template:
     src: bacula-fd.conf
     dest: /etc/bacula/bacula-fd.conf
     owner: root
     group: bacula
-    mode: u=rw,g=r,o=
+    mode: '0640'
     backup: true
 - name: Restart Bacula FD service
   service:
     name: bacula-fd
-    state: restarted
+    state: restarted
\ No newline at end of file
diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml
index 0228231..ca79ad2 100644
--- a/roles/debian-base/tasks/main.yml
+++ b/roles/debian-base/tasks/main.yml
@@ -24,3 +24,7 @@
   tags: nrpe
 - import_tasks: fail2ban.yml
   tags: fail2ban
+- import_tasks: bacula.yml
+  tags: bacula
+- import_tasks: vn-repo.yml
+  tags: vn-repo
diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml
index b8dc6b0..2c63da7 100644
--- a/roles/debian-base/tasks/vn-repo.yml
+++ b/roles/debian-base/tasks/vn-repo.yml
@@ -1,12 +1,3 @@
-- name: Download vn-host Debian package
-  get_url:
-    url: "{{ vn_host.url }}/{{ vn_host.package }}"
-    dest: "/tmp/{{ vn_host.package }}"
-    mode: u=rw,g=r,o=r
 - name: Install package
   apt:
-    deb: "/tmp/{{ vn_host.package }}"
-- name: Delete package
-  file:
-    path: "/tmp/{{ vn_host.package }}"
-    state: absent
+    deb: "{{ vn_host.url }}/{{ vn_host.package }}"
diff --git a/roles/debian-base/templates/bacula-fd.conf b/roles/debian-base/templates/bacula-fd.conf
index e205166..0e2d00a 100644
--- a/roles/debian-base/templates/bacula-fd.conf
+++ b/roles/debian-base/templates/bacula-fd.conf
@@ -1,10 +1,10 @@
 Director {
   Name = bacula-dir
-  Password = "{{ FDPASSWD }}"
+  Password = "{{ bacula_passwords.fdpasswd }}"
 }
 Director {
   Name = bacula-mon
-  Password = "{{ FDMPASSWD }}"
+  Password = "{{ bacula_passwords.fdmpasswd }}"
   Monitor = yes
 }
 FileDaemon {
diff --git a/roles/debian-base/templates/jail.local b/roles/debian-base/templates/jail.local
index 69847a7..d3840df 100644
--- a/roles/debian-base/templates/jail.local
+++ b/roles/debian-base/templates/jail.local
@@ -14,6 +14,7 @@ action    = %(action_)s
 #+++++++++++++++ Jails
 
 [sshd]
+ignoreip  = 127.0.0.1/8
 enabled   = true
 port      = 0:65535
 filter    = sshd