From f87a4053bcc649f9b8be09f7ccc3eb12322765b6 Mon Sep 17 00:00:00 2001
From: surtur <a_mirre@utb.cz>
Date: Thu, 13 May 2021 02:41:18 +0200
Subject: [PATCH] feat: per-vm cloudinit template

---
 vms/cloudinit.host-attacker.cfg               | 65 +++++++++++++++++++
 vms/cloudinit.host-defender.cfg               | 59 +++++++++++++++++
 ...loudinit.cfg => cloudinit.host-victim.cfg} |  2 -
 vms/cloudinit.router.cfg                      | 50 ++++++++++++++
 vms/main.tf                                   |  2 +-
 5 files changed, 175 insertions(+), 3 deletions(-)
 create mode 100644 vms/cloudinit.host-attacker.cfg
 create mode 100644 vms/cloudinit.host-defender.cfg
 rename vms/{cloudinit.cfg => cloudinit.host-victim.cfg} (98%)
 create mode 100644 vms/cloudinit.router.cfg

diff --git a/vms/cloudinit.host-attacker.cfg b/vms/cloudinit.host-attacker.cfg
new file mode 100644
index 0000000..46c1c3e
--- /dev/null
+++ b/vms/cloudinit.host-attacker.cfg
@@ -0,0 +1,65 @@
+#cloud-config
+# vim: ft=yaml
+
+runcmd:
+  - cat /etc/resolv.conf
+  - uname -r
+
+ssh_pwauth: true
+chpasswd:
+  list: |
+     root:1234
+  expire: false
+
+users:
+  - name: overlord
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']
+    shell: /bin/bash
+    groups: wheel
+  - name: root
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
+  - name: ansible
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']
+    shell: /bin/bash
+    groups: wheel
+
+ssh_publish_hostkeys:
+  enabled: false
+ssh:
+  emit_keys_to_console: false
+
+# hostname is set based on main.tf variables
+preserve_hostname: false
+fqdn: ${hostname}.${domainname}
+hostname: ${hostname}
+
+
+# reboot after fqdn is set to update the info in libvirt's dnsmasq
+power_state:
+ delay: "+1"
+ mode: reboot
+ condition: true
+
+packages:
+  - vim
+  - gcc
+  - lld
+  - golang
+  - htop
+  - kernel-devel
+  - kernel-headers
+  - nmap
+  - python39 # for ansible
+  - "@Security Lab"
+  - sudo
+  - tcpdump
+  - tcpflow
+  - tcptrack
+
+package_upgrade: true
+package_reboot_if_required: true
diff --git a/vms/cloudinit.host-defender.cfg b/vms/cloudinit.host-defender.cfg
new file mode 100644
index 0000000..a8cf4e6
--- /dev/null
+++ b/vms/cloudinit.host-defender.cfg
@@ -0,0 +1,59 @@
+#cloud-config
+# vim: ft=yaml
+
+runcmd:
+  - cat /etc/resolv.conf
+  - uname -r
+
+ssh_pwauth: true
+chpasswd:
+  list: |
+     root:1234
+  expire: false
+
+users:
+  - name: root
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
+  - name: ansible
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']
+    shell: /bin/bash
+    groups: wheel
+
+ssh_publish_hostkeys:
+  enabled: false
+ssh:
+  emit_keys_to_console: false
+
+# hostname is set based on main.tf variables
+preserve_hostname: false
+fqdn: ${hostname}.${domainname}
+hostname: ${hostname}
+
+
+# reboot after fqdn is set to update the info in libvirt's dnsmasq
+power_state:
+ delay: "+1"
+ mode: reboot
+ condition: true
+
+packages:
+  - vim
+  - gcc
+  - lld
+  - golang
+  - htop
+  - kernel-devel
+  - kernel-headers
+  - nmap
+  - python39 # for ansible
+  - "@Security Lab"
+  - sudo
+  - tcpdump
+  - tcpflow
+  - tcptrack
+
+package_upgrade: true
+package_reboot_if_required: true
diff --git a/vms/cloudinit.cfg b/vms/cloudinit.host-victim.cfg
similarity index 98%
rename from vms/cloudinit.cfg
rename to vms/cloudinit.host-victim.cfg
index 843fb9e..78e8833 100644
--- a/vms/cloudinit.cfg
+++ b/vms/cloudinit.host-victim.cfg
@@ -46,8 +46,6 @@ power_state:
  condition: true
 
 packages:
-  - vim
-  - htop
   - sudo
   - python39 # for ansible
 
diff --git a/vms/cloudinit.router.cfg b/vms/cloudinit.router.cfg
new file mode 100644
index 0000000..eb7d049
--- /dev/null
+++ b/vms/cloudinit.router.cfg
@@ -0,0 +1,50 @@
+#cloud-config
+# vim: ft=yaml
+
+runcmd:
+  - cat /etc/resolv.conf
+  - uname -r
+
+ssh_pwauth: true
+chpasswd:
+  list: |
+     root:1234
+  expire: false
+
+users:
+  - name: root
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
+  - name: ansible
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']
+    shell: /bin/bash
+    groups: wheel
+
+ssh_publish_hostkeys:
+  enabled: false
+ssh:
+  emit_keys_to_console: false
+
+# hostname is set based on main.tf variables
+preserve_hostname: false
+fqdn: ${hostname}.${domainname}
+hostname: ${hostname}
+
+
+# reboot after fqdn is set to update the info in libvirt's dnsmasq
+power_state:
+ delay: "+1"
+ mode: reboot
+ condition: true
+
+packages:
+  - vim
+  - frr
+  - htop
+  - python39 # for ansible
+  - sudo
+
+package_upgrade: true
+package_reboot_if_required: true
diff --git a/vms/main.tf b/vms/main.tf
index bed15d4..cccdfca 100644
--- a/vms/main.tf
+++ b/vms/main.tf
@@ -79,8 +79,8 @@ resource "libvirt_volume" "qcow2_volume" {
 # Use cloudinit config file
 # pass certain vars to cloudinit
 data "template_file" "user_data" {
-  template = file("${path.module}/cloudinit.cfg")
   for_each = var.hosts
+  template = file("${path.module}/cloudinit.${each.value.category}.cfg")
   vars = {
     hostname   = each.value.name
     domainname = var.domainname