ACNG: Kennwortschutz fur Webinterface eingebaut (#73)

ACNG: Kennwortschutz fur Webinterface eingebaut

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#73
Co-Authored-By: mg <mg@noreply.git.mgrote.net>
Co-Committed-By: mg <mg@noreply.git.mgrote.net>

group_vars/acng.yml

@@ -13,3 +13,5 @@
   ### mgrote.acng
   acng_server_port: 9999
   acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf
+  acng_server_auth_user: acngadmin
+  acng_server_auth_pass: "{{ lookup('keepass', 'acng_webinterface', 'password' }}"

roles/mgrote.acng/defaults/main.yml

@@ -1,3 +1,6 @@
 ---
-  acng_server_exthreshold: "60"
-  acng_server_port: 9999
+  acng_exthreshold: "60"
+  acng_server_port: "9999"
+  acng_security_conf_path: "/etc/apt-cacher-ng/security.conf"
+  acng_server_auth_user: acngadmin
+  acng_server_auth_pass: klauspeter

roles/mgrote.acng/tasks/main.yml

@@ -12,3 +12,11 @@
       dest: "/etc/apt-cacher-ng/acng.conf"
       mode: 0664
     notify: acng_starten_aktivieren
+
+  - name: templating security.conf
+    become: yes
+    ansible.builtin.template:
+      src: "security.conf"
+      dest: "{{ acng_security_conf_path }}"
+      mode: 0640
+    notify: acng_starten_aktivieren

roles/mgrote.acng/templates/security.conf

@@ -0,0 +1,10 @@
+# This file contains confidential data and should be protected with file
+# permissions from being read by untrusted users.
+#
+# NOTE: permissions are fixated with dpkg-statoverride on Debian systems.
+# Read its manual page for details.
+
+# Basic authentication with username and password, required to
+# visit pages with administrative functionality. Format: username:password
+
+AdminAuth: {{ acng_server_auth_user }}:{{ acng_server_auth_pass }}