---
#description: Пресет для тестирования безопасности с 10 хостами (bastion + internal + monitoring)
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru

docker_network: labnet
generated_inventory: "{{ molecule_ephemeral_directory }}/inventory/hosts.ini"

# systemd-ready образы
images:
  alt9: "inecs/ansible-lab:alt9-latest"
  alt10: "inecs/ansible-lab:alt10-latest"
  astra: "inecs/ansible-lab:astra-linux-latest"
  rhel: "inecs/ansible-lab:rhel-latest"
  centos7: "inecs/ansible-lab:centos7-latest"
  centos8: "inecs/ansible-lab:centos8-latest"
  centos9: "inecs/ansible-lab:centos9-latest"
  alma: "inecs/ansible-lab:alma-latest"
  rocky: "inecs/ansible-lab:rocky-latest"
  redos: "inecs/ansible-lab:redos-latest"
  ubuntu20: "inecs/ansible-lab:ubuntu20-latest"
  ubuntu22: "inecs/ansible-lab:ubuntu22-latest"
  ubuntu24: "inecs/ansible-lab:ubuntu24-latest"
  debian9: "inecs/ansible-lab:debian9-latest"
  debian10: "inecs/ansible-lab:debian10-latest"
  debian11: "inecs/ansible-lab:debian11-latest"
  debian12: "inecs/ansible-lab:debian12-latest"
  
systemd_defaults:
  privileged: true
  command: "/sbin/init"
  volumes:
    - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
  tmpfs: ["/run", "/run/lock"]
  capabilities: ["SYS_ADMIN"]

# Описание кластера для тестирования безопасности
hosts:
  # Bastion хосты (точки входа)
  - name: bastion1
    family: rhel
    groups: [bastion, security, jump]
    publish: ["2222:22"]
  - name: bastion2
    family: debian12
    groups: [bastion, security, jump]
    publish: ["2223:22"]

  # Внутренние серверы (без внешнего доступа)
  - name: internal1
    family: rhel
    groups: [internal, servers, app]
  - name: internal2
    family: debian12
    groups: [internal, servers, app]
  - name: internal3
    family: rhel
    groups: [internal, servers, app]

  # База данных (изолированная сеть)
  - name: db-secure1
    family: rhel
    groups: [database, secure, internal]
  - name: db-secure2
    family: debian12
    groups: [database, secure, internal]

  # Мониторинг и логирование
  - name: monitor1
    family: debian12
    groups: [monitoring, security, logs]
  - name: monitor2
    family: rhel
    groups: [monitoring, security, logs]

  # Firewall и сетевые компоненты
  - name: fw1
    family: rhel
    groups: [firewall, network, security]
  - name: fw2
    family: debian12
    groups: [firewall, network, security]

  # DOoD узел для тестирования Docker безопасности
  - name: docker-secure
    type: dood
    family: debian12
    groups: [docker, security, apps]
    publish: ["8080:8080"]
    env:
      DOCKER_HOST: "unix:///var/run/docker.sock"