update ranges

.gitignore

+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environment directories
+env/
+venv/
+ENV/
+env.bak/
+venv.bak
+.venv/
+
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+pytest_cache/
+cover/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+
+# Local .terraform directories
+.terraform/
+
+# .tfstate files
+**/*.tfstate
+**/*.tfstate.*
+
+# Crash log files
+**/crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+**/*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+**/override.tf
+**/override.tf.json
+**/*_override.tf
+**/*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+**/.terraformrc
+**/terraform.rc
+
+# Custom
+.devbox/

ranges/openstack/heat/scripts/ops_config.sh

+#!/bin/bash
+PASS=$1
+STUDENT=$2
+PUBLIC_KEY=$3
+
+# ----- CREATES USER GROUPS
+echo "root:$PASS" | chpasswd
+useradd -m -U -s /bin/bash $STUDENT
+usermod -aG sudo $STUDENT
+echo "$STUDENT:$PASS" | chpasswd
+
+# Add public key to authorized_keys
+mkdir -p /home/$STUDENT/.ssh
+echo "$PUBLIC_KEY" >> /home/$STUDENT/.ssh/authorized_keys
+chown -R $STUDENT:$STUDENT /home/$STUDENT/.ssh
+chmod 600 /home/$STUDENT/.ssh/authorized_keys
+
+# --- disable daily upgrade and update
+systemctl stop apt-daily.service
+systemctl stop apt-daily.timer
+systemctl stop apt-daily-upgrade.timer
+systemctl disable apt-daily.service
+systemctl disable apt-daily.timer
+systemctl disable apt-daily-upgrade.timer
+systemctl kill --kill-who=all apt-daily.service
+
+export DEBIAN_FRONTEND=noninteractive
+
+echo "10.50.255.254 vta" > /etc/resolv.conf
+echo "search vta" >>/etc/resolv.conf
+echo "nameserver 10.50.255.254" >>/etc/resolv.conf
+
+# ----- ENABLE SUDO NOPASSWD
+sed -i '/# %wheel        ALL=(ALL)       NOPASSWD: ALL/ c\%wheel        ALL=(ALL)       NOPASSWD: ALL' /etc/sudoers
+
+# ----- ENABLES SSH
+cat <<EOF > /tmp/sshd_temp
+Include /etc/ssh/sshd_config.d/*.conf
+
+Port 22
+PermitRootLogin no
+KbdInteractiveAuthentication no
+UsePAM yes
+AllowTcpForwarding yes
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem    sftp    /usr/lib/openssh/sftp-server
+EOF
+
+mv /tmp/sshd_temp /etc/ssh/sshd_config && echo "SSHD CONFIG UPDATED"
+service sshd restart && echo "SSHD RESTARTED"
+
+# ----- INSTALL ADDITIONAL SOFTWARE
+
+apt-get update
+apt-get upgrade -y
+apt-get install ubuntu-desktop -y
+
+# Remove legacy docker packages
+for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
+
+
+# Install docker
+curl -fsSL https://get.docker.com | sh
+docker pull alpine/ansible:latest
+docker pull hashicorp/terraform:latest
+docker pull pulumi/pulumi:latest
+
+
+# Install uv (Python env/package manager)
+curl -LsSf https://astral.sh/uv/install.sh | sh
+mv $HOME/.local/bin/uv /bin/uv
+mv $HOME/.local/bin/uvx /bin/uvx
+
+cd /root/woac-infra-demo/uv-env
+uv sync
+
+# Blank Horizon SPICE console fix (can remove upon transition to VNC)
+echo "X-GNOME-Autostart-enabled=false" > /etc/xdg/autostart/spice-vdagent.desktop
+echo "X-GNOME-Autostart-enabled=false" > /usr/share/gdm/autostart/LoginWindow/spice-vdagent.desktop
+systemctl stop spice-vdagent
+systemctl disable spice-vdagent

ranges/openstack/heat/stu-ops.yaml

@@ -3,12 +3,6 @@ heat_template_version: 2018-03-02
 description: Student Op Stations - This is the Unified Student Ops Station YAML. Module configurations are made with each modules setup script and not in this YAML.
 
 parameters:
-  domain:
-    type: string
-    label: Domain
-    description: Set as '10.50.255.254' for VTA or '172.20.255.254' for VTA-DEV
-    default: 10.50.255.254
-    hidden: false
 
   username:
     type: string
@@ -24,24 +18,11 @@ parameters:
     default: password
     hidden: true
 
-  vncpass:
-    type: string
-    label: VNC-Password
-    description: Sets the regular VNC connection password
-    default: password
-    hidden: true
-
-  view_only_password:
+  public_key:
     type: string
-    label: View-Only-Password
-    description: Sets the VNC View Only Password for the instances
-    default: view_only_password
-    hidden: true
-
-  package_proxy:
-    type: string
-    label: the URL for the package cache
-    default: "http://pkg-cache.bbh.cyberschool.army.mil:3142"
+    label: Public Key
+    description: Sets the public key for the instances
+    default: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIwofrs+eeWoyxUZH89SgPsZbxn2sgpUOTd7n3LqoDdi woac-infra-demo
     hidden: true
 
 resources:
@@ -68,7 +49,7 @@ resources:
     properties:
       cidr: 192.168.65.0/27
       gateway_ip:  192.168.65.30
-      dns_nameservers: [{ get_param: domain }]
+      dns_nameservers: 10.50.255.254
       enable_dhcp: true
       host_routes: [ ]
       ip_version: 4
@@ -109,8 +90,7 @@ resources:
           template: linux_opstation_RAND
           params:
             RAND: { get_resource: rand_string }
-      # image: ubuntu_22_04_7_vta
-      image: ub204_gui
+      image: ubuntu_22_04_7_vta
       flavor: m4.medium.2
       networks:
         - port: { get_resource: linux_opstation_port }
@@ -121,68 +101,21 @@ resources:
         str_replace:
           template: |
             #!/bin/bash
+            echo -e"!!!!!\n!!!!!\n!!!!!\nSTARTING OPS CONFIGURATION\n!!!!!\n!!!!!\n!!!!!"
 
-            # ----- CREATES USER GROUPS
-            echo "root:$pass" | chpasswd
-            useradd -m -U -s /bin/bash $user
-            usermod -aG sudo $user
-            echo "$user:$pass" | chpasswd
-
-            # --- disable daily upgrade and update
-            systemctl stop apt-daily.service
-            systemctl stop apt-daily.timer
-            systemctl stop apt-daily-upgrade.timer
-            systemctl disable apt-daily.service
-            systemctl disable apt-daily.timer
-            systemctl disable apt-daily-upgrade.timer
-            systemctl kill --kill-who=all apt-daily.service
-
-            export DEBIAN_FRONTEND=noninteractive
-
-            echo "domain vta" > /etc/resolv.conf
-            echo "search vta" >>/etc/resolv.conf
-            echo "nameserver $domain" >>/etc/resolv.conf
-
-            # ----- ENABLE SUDO NOPASSWD
-            sed -i '/# %wheel        ALL=(ALL)       NOPASSWD: ALL/ c\%wheel        ALL=(ALL)       NOPASSWD: ALL' /etc/sudoers
-
-            # ----- ENABLES SSH
-            sed -i '/ssh_pwauth:   0/ c\ssh_pwauth:   1' /etc/cloud/cloud.cfg
-            sed -i '/PasswordAuthentication no/ c\PasswordAuthentication yes' /etc/ssh/sshd_config
-            sed -i '/#PermitRootLogin prohibit-password/ c\PermitRootLogin yes' /etc/ssh/sshd_config
-            sed -i '/#Port 22/ c\Port 22' /etc/ssh/sshd_config
-            sed -i '/#AllowTcpForwarding yes/AllowTcpForwarding yes/' /etc/ssh/sshd_config
-            service sshd restart
-
-            # ----- CREATES USER GROUPS
-            echo "root:$pass" | chpasswd
-            useradd -m -U -s /bin/bash $user
-            usermod -aG sudo $user
-            echo "$user:$pass" | chpasswd
-
-            # enable APT proxy/mirror to speed things up
-            # echo 'Acquire::http { Proxy "$packageproxy"; }' >> /etc/apt/apt.conf.d/00aptproxy
-            # sed -i 's/nova.clouds.archive.ubuntu.com/atl.mirrors.clouvider.net/g' /etc/apt/sources.list
-
-            # ----- updates
-
-            apt-get update
-            apt-get upgrade -y
-            apt-get install ubuntu-desktop -y
-
-
-            # Blank Horizon SPICE console fix (can remove upon transition to VNC)
-            echo "X-GNOME-Autostart-enabled=false" > /etc/xdg/autostart/spice-vdagent.desktop
-            echo "X-GNOME-Autostart-enabled=false" > /usr/share/gdm/autostart/LoginWindow/spice-vdagent.desktop
-            systemctl stop spice-vdagent
-            systemctl disable spice-vdagent
+            cd /root
+
+            git clone https://git.cybbh.space/kevin.m.crotty/woac-infra-demo.git
+            cd woac-infra-demo/ranges/openstack/heat/scripts
+            source ops_config.sh $pass $user $public_key
+            echo -e"!!!!!\n!!!!!\n!!!!!\nOPS CONFIGURATION COMPLETE\n!!!!!\n!!!!!\n!!!!!"
 
             reboot
 
-          params:
-            $user: { get_param: username }
-            $pass: { get_param: password }
-            $domain: { get_param: domain}
+
+          $user: { get_param: username }
+          $pass: { get_param: password }
+          $public_key: { get_param: public_key }
   # ----- Linux Analyst Workstation Configuration End ----- #
 
 

ranges/terraform/terraform-test/main.tf

+# Empty provider block just to test
+provider "null" {
+}
+
+# Simple null resource that does nothing
+resource "null_resource" "test" {
+}
\ No newline at end of file

uv-env/.python-version

+3.10

uv-env/pyproject.toml

+[project]
+name = "uv-env"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.10"
+dependencies = [
+    "ansible>=10.7.0",
+    "pulumi>=3.146.0",
+]