feat(anubis): add ansible role and playbook

playbooks/anubis.yml

@@ -0,0 +1,7 @@
+---
+- name: Ensure anubis is installed and configured
+  hosts: "{{ anubis_hosts | default('anubis') }}"
+  gather_facts: "{{ anubis_gather_facts | default(false) }}"
+  become: "{{ anubis_become | default(false) }}"
+  roles:
+    - role: finallycoffee.services.anubis

roles/anubis/README.md

@@ -0,0 +1,5 @@
+# `finallycoffee.services.anubis`
+
+Install [Anubis](https://anubis.techaro.lol/), a HTTP proxy which
+detects (AI) scrapers by providing a lightweight, non-interactive
+browser challenge to clients likely to match scrapers.

roles/anubis/defaults/main/config.yml

@@ -0,0 +1,20 @@
+---
+anubis_config_dir: "{{ anubis_config_file | dirname }}"
+anubis_config_file: "/etc/anubis/{{ anubis_service }}.env"
+anubis_bot_policy_file: "{{ anubis_config_dir }}/{{ anubis_service }}.botPolicies.yaml"
+
+anubis_config_bind: "8923"
+anubis_config_metrics_bind: "[::1]:8240"
+anubis_config_difficulty: "4"
+anubis_config_policy_fname: "{{ anubis_bot_policy_file }}"
+anubis_config_target: ~
+
+anubis_default_config:
+  "BIND": "{{ anubis_config_bind }}"
+  "METRICS_BIND": "{{ anubis_config_metrics_bind }}"
+  "DIFFICULTY": "{{ anubis_config_difficulty }}"
+  "POLICY_FNAME": "{{ anubis_config_policy_fname }}"
+  "TARGET": "{{ anubis_config_target }}"
+anubis_config: {}
+anubis_merged_config: >-2
+  {{ anubis_default_config | combine(anubis_config | default({}, true)) }}

roles/anubis/defaults/main/main.yml

@@ -0,0 +1,10 @@
+---
+anubis_version: "1.25.0"
+anubis_base_path: "/opt/anubis"
+anubis_bin_path: "{{ anubis_base_path }}/bin"
+anubis_state: "present"
+
+anubis_os_name: "linux"
+anubis_architecture: "amd64"
+
+anubis_service: "gitea"

roles/anubis/defaults/main/package.yml

@@ -0,0 +1,32 @@
+---
+anubis_package_server: "https://github.com"
+anubis_package_namespace: "TecharoHQ"
+anubis_package_repository: "anubis"
+# https://github.com/TecharoHQ/anubis/releases/download/v1.25.0/anubis-1.25.0-linux-amd64.tar.gz
+anubis_package_url: >-2
+  {{
+    [
+      anubis_package_server,
+      anubis_package_namespace,
+      anubis_package_repository,
+      'releases/download',
+      'v' + anubis_version,
+      [
+        anubis_package_repository,
+        anubis_version,
+        anubis_os_name,
+        anubis_architecture
+      ] | flatten | join('-') + '.tar.gz'
+    ] | flatten | join('/')
+  }}
+anubis_tarball_path: "{{ anubis_base_path }}/anubis-{{ anubis_version }}.tar.gz"
+anubis_package_path: >-2
+  {{ anubis_bin_path }}/anubis-{{ anubis_version }}-{{ anubis_os_name }}-{{ anubis_architecture }}
+anubis_tarball_binary: >-2
+  {{ anubis_package_path }}/bin/anubis
+anubis_tarball_systemd_unit_path: >-2
+  {{ anubis_package_path }}/run/{{ anubis_systemd_template_service_name }}
+anubis_tarball_bot_policies: >-2
+  {{ anubis_package_path }}/doc/botPolicies.yaml
+anubis_tarball_default_config_file: >-2
+  {{ anubis_package_path }}/run/default.env

roles/anubis/defaults/main/systemd.yml

@@ -0,0 +1,8 @@
+---
+anubis_systemd_service: "anubis@{{ anubis_service }}.service"
+anubis_systemd_template_service_name: "anubis@.service"
+anubis_systemd_unit_dir: "/etc/systemd/system"
+anubis_systemd_service_enabled: >-2
+  {{ anubis_state == 'present' }}
+anubis_systemd_service_state: >-2
+  {{ (anubis_state == 'present') | ternary('started', 'stopped') }}

roles/anubis/defaults/main/user.yml

@@ -0,0 +1,5 @@
+---
+anubis_user: "anubis"
+anubis_user_state: "{{ anubis_state }}"
+anubis_user_system: true
+anubis_user_create_home: false

roles/anubis/meta/main.yml

@@ -0,0 +1,10 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: anubis
+  description: Ansible role to deploy anubis
+  galaxy_tags:
+    - anubis
+    - ai
+    - llm

roles/anubis/tasks/configure.yml

@@ -0,0 +1,18 @@
+---
+- name: Ensure 'anubis_config_target' is populated
+  ansible.builtin.fail:
+    msg: >-2
+      Variable 'anubis_config_target' must be populated!
+  when: anubis_config_target | ansible.builtin.type_debug == 'NoneType'
+
+- name: Configure anubis for service '{{ anubis_service }}'
+  ansible.builtin.lineinfile:
+    path: "{{ anubis_config_file }}"
+    line: "{{ config_entry.key }}={{ config_entry.value }}"
+    regexp: "^{{ config_entry.key }}="
+    state: present
+  when: anubis_state == 'present'
+  loop: "{{ anubis_merged_config | dict2items }}"
+  loop_control:
+    loop_var: "config_entry"
+    label: "{{ config_entry.key }}={{ config_entry.value }}"

roles/anubis/tasks/deploy.yml

@@ -0,0 +1,10 @@
+---
+- name: Ensure systemd service {{ anubis_systemd_service }} is enabled
+  ansible.builtin.systemd_service:
+    name: "{{ anubis_systemd_service }}"
+    enabled: "{{ anubis_systemd_service_enabled }}"
+
+- name: Ensure systemd service {{ anubis_systemd_service }} is {{ anubis_systemd_service_state }}
+  ansible.builtin.systemd_service:
+    name: "{{ anubis_systemd_service }}"
+    state: "{{ anubis_systemd_service_state }}"

roles/anubis/tasks/install.yml

@@ -0,0 +1,51 @@
+---
+- name: Download and install anubis@{{ anubis_version }}
+  when: anubis_state == 'present'
+  block:
+    - name: Download anubis tarball from {{ anubis_package_url }} to '{{ anubis_tarball_path }}'
+      ansible.builtin.get_url:
+        url: "{{ anubis_package_url }}"
+        url_username: "{{ anubis_package_server_username | default(omit) }}"
+        url_password: "{{ anubis_package_server_password | default(omit) }}"
+        dest: "{{ anubis_tarball_path }}"
+
+    - name: Create folder '{{ anubis_bin_path }}' to extract archive into
+      ansible.builtin.file:
+        dest: "{{ anubis_bin_path }}"
+        state: directory
+
+    - name: Uncompress release tarball into {{ anubis_bin_path }}
+      ansible.builtin.unarchive:
+        src: "{{ anubis_tarball_path }}"
+        dest: "{{ anubis_bin_path }}"
+        remote_src: true
+      ignore_errors: "{{ ansible_check_mode }}"
+
+    - name: Ensure anubis binary is installed
+      ansible.builtin.copy:
+        src: "{{ anubis_tarball_binary }}"
+        dest: "/usr/bin/anubis"
+        remote_src: true
+
+    - name: Install systemd unit
+      ansible.builtin.copy:
+        src: "{{ anubis_tarball_systemd_unit_path }}"
+        dest: "{{ anubis_systemd_unit_dir }}"
+        remote_src: true
+
+    - name: Ensure configuration folder '{{ anubis_config_dir }}' exists
+      ansible.builtin.file:
+        dest: "{{ anubis_config_dir }}"
+        state: "directory"
+
+    - name: Copy default configuration to {{ anubis_config_file }}
+      ansible.builtin.copy:
+        src: "{{ anubis_tarball_default_config_file }}"
+        dest: "{{ anubis_config_file }}"
+        remote_src: true
+
+    - name: Copy bot policy for service '{{ anubis_service }}' to {{ anubis_bot_policy_file }}
+      ansible.builtin.copy:
+        src: "{{ anubis_tarball_bot_policies }}"
+        dest: "{{ anubis_bot_policy_file }}"
+        remote_src: true

roles/anubis/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Ensure 'anubis_state' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Invalid state '{{ anubis_state }}'! Supported
+      states are {{ anubis_states | join(', ') }}
+  when: anubis_state not in anubis_states
+
+- name: Ensure anubis user '{{ anubis_user }}' is {{ anubis_user_state }}
+  ansible.builtin.user:
+    name: "{{ anubis_user }}"
+    state: "{{ anubis_user_state }}"
+    system: "{{ anubis_user_system }}"
+    create_home: "{{ anubis_user_create_home }}"
+
+- name: Ensure anubis base path '{{ anubis_base_path }}' is {{ anubis_state }}
+  ansible.builtin.file:
+    path: "{{ anubis_base_path }}"
+    state: "directory"
+  when: anubis_state == 'present'
+
+- name: Ensure anubis is installed
+  ansible.builtin.include_tasks:
+    file: "install.yml" 
+
+- name: Ensure anubis is configured
+  ansible.builtin.include_tasks:
+    file: "configure.yml"
+  when: anubis_state == 'present'
+
+- name: Ensure anubis is deployed
+  ansible.builtin.include_tasks:
+    file: "deploy.yml"

roles/anubis/vars/main.yml

@@ -0,0 +1,4 @@
+---
+anubis_states:
+  - "present"
+  - "absent"