5 files changed, 98 insertions, 0 deletions

diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml
index a4db5907..3e007657 100644
--- a/inventory/group_vars/chaos-at-home/network.yml
+++ b/inventory/group_vars/chaos-at-home/network.yml
@@ -90,6 +90,7 @@ network_zones:
       __svc_http__: 80
       __svc_imap__: 143
       ch-mon: 230
+      ch-greenbone: 231
       ch-router-obsd: 253
       ch-router: 254
       #############
diff --git a/inventory/group_vars/chaos-at-home/vars.yml b/inventory/group_vars/chaos-at-home/vars.yml
index 2b9cdbf9..76b1fab7 100644
--- a/inventory/group_vars/chaos-at-home/vars.yml
+++ b/inventory/group_vars/chaos-at-home/vars.yml
@@ -47,3 +47,7 @@ chaos_at_home_internal_ca_cert: |
   N+KMguLblXN36LvwTK5l4iWAfMO77F6dZUzi6VrAY1jF/Sff+V6o/vDhBFEJFzZG
   5AV4fhfS7jK1Fg3k
   -----END CERTIFICATE-----
+
+
+greenbone_target_user_ssh_keys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDk9vk5cRy4LYRViNnmNEQ+8YY3g3DwOG7m9drHJDB6a/l1OFKx1OeRFEUMN5FFVw8uehhhRZCg/9RiGzWL24YL5Rg1BgfFWqMaih0IDlzM2Od/AgU8rTCTZKaRAejvYDY0uYJUP4A4WBt5S7QxpJWVO0c67ldTI8XxuAm3WqsNdblC3Titiz7MVpzsF08KjgyDPIetBfV8bm9AXHRe3NzUGgeSzGu10QAxe3FoAevR/VmNUTsH9t0TEhMtnAG2rtYEVi7iZUYjBGWnZ/iuC3o5pKSvVUnSsraqxTjgp234na016RTkcHM2dwDHydIrXjWzocsV5mGQ0L4qKJZXpbqYX2e4hCLi4jy0x+QviPi6kL+plDOdBFMEeRtVfT9p/zcAs3VbA/hKB0W9vRNj+JLVgDgS4Hz9nDbS/8zAsGC6dPS4VPolsr0uVFgMizDOVc//9WkUA7iz4lBmtj/OLU5wKcUCQbo8NVevnHgqiZf68nHJB7VXuZz5z6WAAST0Cgc=
diff --git a/inventory/host_vars/ch-greenbone.yml b/inventory/host_vars/ch-greenbone.yml
new file mode 100644
index 00000000..674b102e
--- /dev/null
+++ b/inventory/host_vars/ch-greenbone.yml
@@ -0,0 +1,87 @@
+---
+install_jumphost: ch-jump
+
+install:
+  vm:
+    memory: 8G
+    numcpus: 4
+    autostart: False
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 30g
+        properties:
+          'syncoid:sync': 'false'
+  interfaces:
+  - bridge: br-svc
+    name: svc0
+
+network:
+  nameservers: "{{ network_zones.svc.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary: &_network_primary_
+    name: svc0
+    address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
+    gateway: "{{ network_zones.svc.gateway }}"
+    static_routes:
+    - destination: "{{ network_zones.lan.prefix }}"
+      gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
+
+ntp_variant: systemd-timesyncd
+
+
+docker_pkg_provider: docker-com
+docker_plugins:
+  - compose
+
+docker_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 20G
+  fs: ext4
+
+
+greenbone_server_version: 22.4
+greenbone_server_hostname: "{{ host_name }}.{{ host_domain }}"
+greenbone_server_tls:
+  certificate_provider: static-ca
+  certificate_config:
+    mode: "0750"
+    owner: root
+    group: www-data
+    ca:
+      key_content: "{{ chaos_at_home_internal_ca_key }}"
+      cert_content: "{{ chaos_at_home_internal_ca_cert }}"
+    key:
+      mode: "0640"
+      owner: root
+      group: www-data
+      type: RSA
+      size: 4096
+    cert:
+      mode: "0644"
+      owner: root
+      group: www-data
+      common_name: "{{ host_name }}"
+      san_extra: "{{ ['IP:'] | product(ansible_all_ipv4_addresses) | map('join') | list }}"
+      key_usage:
+      - digitalSignature
+      - keyAgreement
+      key_usage_critical: yes
+      extended_key_usage:
+      - serverAuth
+      extended_key_usage_critical: yes
+      create_subject_key_identifier: yes
+      not_before: +0h
+      not_after: +365d
+      renew_margin: +70d
+
+greenbone_server_admin_password: "{{ vault_greenbone_server_admin_password }}"
diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml
index d15e4142..df89e810 100644
--- a/inventory/host_vars/ch-testvm-phoebe.yml
+++ b/inventory/host_vars/ch-testvm-phoebe.yml
@@ -39,3 +39,7 @@ network:
     address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}"
 
 ntp_variant: systemd-timesyncd
+
+
+####
+sshd_allowusers_host: "{{ admin_users_host + ['greenbone'] }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 90240b52..0bc9c91d 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -35,6 +35,7 @@ ch-installsmb host_name=installsmb
 ch-iot host_name=iot
 ch-vpn host_name=vpn
 ch-mon host_name=mon
+ch-greenbone host_name=greenbone
 ch-epimetheus host_name=epimetheus
 ch-mclr host_name=mclr
 ch-mcbr host_name=mcbr
@@ -401,6 +402,7 @@ ch-vpn
 ch-mon
 ch-k8s-ctrl
 ch-installsmb
+ch-greenbone
 [vmhost-ch-prometheus]
 ch-prometheus
 [vmhost-ch-prometheus:children]