From 7cde4dcfe11cde4726d3b1922aa7e43515958e49 Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Mon, 19 Feb 2024 11:26:50 +0200
Subject: [PATCH 1/7] update the playbook packages

---
 ansible/runonce/db.yml              | 1 +
 ansible/runonce/docker-registry.yml | 3 +++
 ansible/runonce/mui.yml             | 1 +
 ansible/runonce/pui.yml             | 1 +
 ansible/runonce/vpngw.yml           | 2 ++
 5 files changed, 8 insertions(+)

diff --git a/ansible/runonce/db.yml b/ansible/runonce/db.yml
index 186adaa08..5c2602bb2 100644
--- a/ansible/runonce/db.yml
+++ b/ansible/runonce/db.yml
@@ -86,6 +86,7 @@
     packages:
       - curl
       - git
+      - rsync--
       - mariadb-server
       - memcached--
       - libmemcached
diff --git a/ansible/runonce/docker-registry.yml b/ansible/runonce/docker-registry.yml
index c2674774f..4e00cfc5d 100755
--- a/ansible/runonce/docker-registry.yml
+++ b/ansible/runonce/docker-registry.yml
@@ -37,9 +37,12 @@
     rcctl:
       - { name: 'supervisord', state: "enable" }
     packages:
+    - ansible
     - go
     - supervisor
     - py3-setuptools
+    - git
+    - rsync--
 
   tasks:
   - name: Install packages
diff --git a/ansible/runonce/mui.yml b/ansible/runonce/mui.yml
index 5cffb8f46..282630d07 100644
--- a/ansible/runonce/mui.yml
+++ b/ansible/runonce/mui.yml
@@ -87,6 +87,7 @@
     packages:
       - curl
       - git
+      - rsync--
       - memcached--
       - libmemcached
       - py3-mysqlclient
diff --git a/ansible/runonce/pui.yml b/ansible/runonce/pui.yml
index dce55e871..d02233d37 100644
--- a/ansible/runonce/pui.yml
+++ b/ansible/runonce/pui.yml
@@ -96,6 +96,7 @@
       - automake%1.16
       - curl
       - git
+      - rsync--
       - libmemcached
       - libtool
       - memcached--
diff --git a/ansible/runonce/vpngw.yml b/ansible/runonce/vpngw.yml
index 9e57a1850..3eadf310d 100644
--- a/ansible/runonce/vpngw.yml
+++ b/ansible/runonce/vpngw.yml
@@ -48,6 +48,7 @@
       - automake%1.16
       - curl
       - git
+      - rsync--
       - libmemcached
       - memcached--
       - libtool
@@ -67,6 +68,7 @@
       - go
       - p5-Net-Pcap
       - p5-NetPacket
+      - gnuwatch
   vars_prompt:
     - name: "myname"
       prompt: "1/16. System hostname?"

From a819fce2db8771ce83c4b156a87519dc7d262ff5 Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Mon, 19 Feb 2024 11:28:14 +0200
Subject: [PATCH 2/7] * disable facts gathering since we may not have python at
 that stage * change from openbsd_pkg to raw since ansible seems to be
 breaking this every now and then * add the actual registry.ini for
 supervisord

---
 ansible/runonce/docker-registry.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ansible/runonce/docker-registry.yml b/ansible/runonce/docker-registry.yml
index 4e00cfc5d..14c97f738 100755
--- a/ansible/runonce/docker-registry.yml
+++ b/ansible/runonce/docker-registry.yml
@@ -3,6 +3,7 @@
 - name: "Setup docker registry on an OpenBSD server (standalone)"
   hosts: all
   become_method: doas
+  gather_facts: no
   vars_prompt:
     - name: "registry_user"
       prompt: "1/5. User to run the registry as?"
@@ -46,8 +47,8 @@
 
   tasks:
   - name: Install packages
-    openbsd_pkg:
-      name: "{{packages}}"
+    raw: pkg_add {{item}}
+    with_items: "{{packages}}"
 
   - name: Add users
     user:
@@ -98,7 +99,7 @@
 
   - name: Configure supervisor registry service
     community.general.ini_file:
-      path: /etc/conf
+      path: /etc/supervisord.d/registry.ini
       section: "program:registry"
       option: "{{item.key}}"
       value:  "{{item.value}}"

From 68bb23cd9286a8c44dfe654a183b2a1c80eeff01 Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Mon, 19 Feb 2024 11:28:34 +0200
Subject: [PATCH 3/7] dont hardcode resolve.conf nameserver

---
 ansible/runonce/docker-servers.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/ansible/runonce/docker-servers.yml b/ansible/runonce/docker-servers.yml
index 535e74d19..06bdfb31b 100644
--- a/ansible/runonce/docker-servers.yml
+++ b/ansible/runonce/docker-servers.yml
@@ -37,8 +37,9 @@
 
   - name: Configure resolv.conf
     copy:
-      content: "nameserver 10.0.0.254\n"
+      content: "{{resolvconf}}\n"
       dest: /etc/resolv.conf
+    when: resolvconf is defined
 
   - name: Allow release-info to change for APT repositories
     when: ansible_facts['distribution'] == 'Debian'
@@ -120,11 +121,11 @@
       pkg: "{{post_apt}}"
     when: post_apt is defined and post_apt|length > 0
 
-  - name: Install pip packages
-    no_log: "{{DEBUG|default(true)}}"
-    pip: name="{{item.name}}" version="{{item.version|default(omit)}}" state="{{item.state}}"
-    with_items: "{{pip}}"
-    when: pip is defined
+#  - name: Install pip packages
+#    no_log: "{{DEBUG|default(true)}}"
+#    pip: name="{{item.name}}" version="{{item.version|default(omit)}}" state="{{item.state}}"
+#    with_items: "{{pip}}"
+#    when: pip is defined
 
   - name: Check if we're working with cloud-init
     ansible.builtin.stat:

From 0bd4081531a2297a84f386213dc1650733bf4509 Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Mon, 19 Feb 2024 11:28:54 +0200
Subject: [PATCH 4/7] make sure our db connection is utf8mb4

---
 ansible/runonce/mui.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/runonce/mui.yml b/ansible/runonce/mui.yml
index 282630d07..4e66735a4 100644
--- a/ansible/runonce/mui.yml
+++ b/ansible/runonce/mui.yml
@@ -299,7 +299,7 @@
 
   - name: "Create moderatorUI config/db.php"
     copy:
-      content: "<?php return [ 'class' => 'yii\\db\\Connection', 'dsn' => 'mysql:host={{db_ip}};dbname=echoCTF', 'username' => 'moderatorUI', 'password' => 'moderatorUI', 'charset' => 'utf8'];\n"
+      content: "<?php return [ 'class' => 'yii\\db\\Connection', 'dsn' => 'mysql:host={{db_ip}};dbname=echoCTF', 'username' => 'moderatorUI', 'password' => 'moderatorUI', 'charset' => 'utf8mb4'];\n"
       dest: "/home/moderatorUI/{{domain_name}}/backend/config/db.php"
       mode: '0444'
     tags:

From 72e19e65c3eb047950413d80d8e809e84e0c737c Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Mon, 19 Feb 2024 11:29:18 +0200
Subject: [PATCH 5/7] add opcache optimizations

---
 ansible/runonce/pui.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ansible/runonce/pui.yml b/ansible/runonce/pui.yml
index d02233d37..bd1f9141d 100644
--- a/ansible/runonce/pui.yml
+++ b/ansible/runonce/pui.yml
@@ -419,6 +419,11 @@
       - { section: Session, option: "session.save_path", value: "{{db_ip}}:11211"}
       - { section: Session, option: "session.gc_maxlifetime", value: "43200" }
       - { section: Session, option: "session.use_strict_mode", value: "1" }
+      - { section: opcache, option: "opcache.enable", value: "1" }
+      - { section: opcache, option: "opcache.memory_consumption", value: "128" }
+      - { section: opcache, option: "opcache.validate_timestamps", value: "0" }
+      - { section: opcache, option: "opcache.revalidate_freq", value: "2" }
+      - { section: opcache, option: "opcache.revalidate_path", value: "0" }
 
   - name: copy nginx rc.d into participant
     command: cp /etc/rc.d/nginx "/etc/rc.d/{{item}}"

From aeecb6da8f6c64c11e37960aede698d355448206 Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Mon, 19 Feb 2024 11:29:39 +0200
Subject: [PATCH 6/7] we no longer need to install these from pip, debian
 provides packages

---
 ansible/templates/docker-server-advanced.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ansible/templates/docker-server-advanced.yml b/ansible/templates/docker-server-advanced.yml
index 43507b45c..3540478bf 100644
--- a/ansible/templates/docker-server-advanced.yml
+++ b/ansible/templates/docker-server-advanced.yml
@@ -44,12 +44,14 @@ pre_apt:
  - gnupg2
  - software-properties-common
  - rdate
+ - python3-requests
+ - python3-docker
 
 post_apt:
  - docker-ce
 
-pip:
- - { name: "docker", version: "*", state: "present" }
+#pip:
+# - { name: "docker", version: "*", state: "present" }
 
 #sync:
 #  - { src: "../files/docker/build", dst: "/opt" }

From 1b37d898a81ce9fcf596284bb184ba662edd4ce5 Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Mon, 19 Feb 2024 11:30:14 +0200
Subject: [PATCH 7/7] the unbound.pid is now been written before the chroot

---
 ansible/templates/unbound.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/templates/unbound.conf.j2 b/ansible/templates/unbound.conf.j2
index 5b9914191..e118ef7ed 100644
--- a/ansible/templates/unbound.conf.j2
+++ b/ansible/templates/unbound.conf.j2
@@ -8,7 +8,7 @@ interface: {{bind.ip}}
 access-control: 0.0.0.0/0 allow
 
 do-ip6: no
-pidfile: "/var/unbound/var/run/unbound.pid"
+pidfile: "/var/run/unbound.pid"
 hide-identity: yes
 hide-version: yes