snstac
diff --git a/‎LICENSE‎
Lines changed: 201 additions & 674 deletions b/‎LICENSE‎
Lines changed: 201 additions & 674 deletions
diff --git a/‎README.md‎
Lines changed: 4 additions & 4 deletions b/‎README.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎defaults/main.yml‎
Lines changed: 37 additions & 1 deletion b/‎defaults/main.yml‎
Lines changed: 37 additions & 1 deletion
diff --git a/‎files/CoreConfig.xml‎
Lines changed: 200 additions & 0 deletions b/‎files/CoreConfig.xml‎
Lines changed: 200 additions & 0 deletions
diff --git a/‎files/DP.pref‎
Lines changed: 17 additions & 0 deletions b/‎files/DP.pref‎
Lines changed: 17 additions & 0 deletions
@@ -28,10 +28,10 @@ This template contains the following items:
 
 ---
 
-Role Name
+TAK Server
 =========
 
-A brief description of the role goes here.
+An Ansible role for deploying & configuring a [TAK Server](https://www.tak.gov/)
 
 Requirements
 ------------
@@ -60,9 +60,9 @@ ansible-playbook tests/test.yml -i tests/inventory --extra-vars '{"var":"value"}
 License
 -------
 
-GPLv3
+Apache License, Version 2.0
 
 Author Information
 ------------------
 
-[Coopdevs](https://coopdevs.org)
+SNSTAC
@@ -1,4 +1,40 @@
+# Description: Default variables for the TAK Server role
+
 takserver_rpm: |
   You must specify the TAK Server RPM in the
   takserver_rpm variable.
-  
+
+takserver_epel_repo_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
+takserver_epel_repo_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+takserver_epel_repofile_path: "/etc/yum.repos.d/epel.repo"
+takserver_epel_repo_disable: false
+
+takserver_cert_name: "takserver"
+takserver_ca_name: "takserver-ca"
+takserver_intermediateca_name: "takserver-intermediate-ca"
+takserver_ca_state: "California"
+takserver_ca_city: "San Francisco"
+takserver_ca_org: "TAK Server"
+takserver_ca_ou: "TAK Server"
+takserver_ca_country: "US"
+takserver_ca_email: "[email protected]"
+takserver_ca_capass: "atakatak"
+
+takserver_cert_pass: "atakatak"
+takserver_cert_keysize: 2048
+takserver_cert_days: 3650
+
+takserver_db_name: "cot"
+takserver_db_user: "martiuser"
+takserver_db_pass: "atakatak"
+takserver_db_host: "localhost"
+takserver_db_port: 5432
+takserver_db_sslmode: "disable"
+takserver_db_sslcert: ""
+takserver_db_sslkey: ""
+takserver_db_sslrootcert: ""
+takserver_db_sslcrl: ""
+
+takserver_users: ["takadmin", "enroll"]
+takserver_user_pass: "-default-X-2025-"
+takserver_admins: ["takadmin"]
@@ -0,0 +1,200 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- CoreConfig.xml from https://github.com/snstac/ansible-takserver -->
+<Configuration xmlns="http://bbn.com/marti/xml/config"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:schemaLocation="CoreConfig.xsd">
+
+	<network multicastTTL="5" serverId="serverId">
+
+		<input _name="stdssl" protocol="tls" port="8089" coreVersion="2" auth="x509" />
+
+		<!-- <input _name="stdudp" protocol="udp" port="8087" auth="anonymous"/> -->
+		<!-- <input _name="streamtcp" protocol="stcp" port="8088" auth="anonymous"/> -->
+		<!-- <input _name="stdtcp" protocol="tcp" port="8087" auth="anonymous"/> -->
+		<!-- <input _name="SAproxy" protocol="mcast" group="239.2.3.1" port="6969" auth="anonymous" /> -->
+		<!-- <input _name="GeoChatproxy" protocol="mcast" group="224.10.10.1" port="17012" auth="anonymous" /> -->
+		<!--<announce enable="true" uid="Marti1" group="239.2.3.1" port="6969" interval="1" ip="192.168.1.137" />-->
+		<!--<input _name="stdssl" protocol="tls" port="8089"/>-->
+		<!--<input _name="sslauth" protocol="tls" port="8090" auth="ldap"/> -->
+
+		<!--<input _name="stdtcpwithgroups" protocol="tcp" port="8087" auth="anonymous">-->
+			<!--<filtergroup>group one</filtergroup>-->
+			<!--<filtergroup>group two</filtergroup>-->
+		<!--</input>-->
+
+		<!--<input _name="stdtcpwithfilters" protocol="tcp" port="8087" auth="anonymous">-->
+			<!--<filter>-->
+				<!--<geospatialFilter>-->
+					<!--<boundingBox minLongitude="-80" minLatitude="34" maxLongitude="-70" maxLatitude="36" />-->
+					<!--<boundingBox minLongitude="-100" minLatitude="34" maxLongitude="-90" maxLatitude="36" />-->
+				<!--</geospatialFilter>-->
+			<!--</filter>-->
+		<!--</input>-->
+
+		<!-- web connectors -->
+		<connector port="8443" _name="https"/>
+		<!-- <connector port="8451" _name="https" enableAdminUI="true" enableWebtak="false" /> -->
+		<!-- <connector port="8452" _name="https" enableAdminUI="false" enableWebtak="true" /> -->
+		<!-- <connector port="8453" _name="https" enableAdminUI="false" enableWebtak="false" enableNonAdminUI="false"/> -->
+
+		<connector port="8444" useFederationTruststore="true" _name="fed_https"/>
+		<!-- <connector port="8446" clientAuth="false" _name="cert_https" enableWebtak="false"/> -->
+
+		<connector port="8446" clientAuth="false" _name="cert_https"/>
+		<!-- <connector port="8446" clientAuth="false" _name="cert_https" keystore="JKS" keystoreFile="certs/files/letsencrypt/demo.snstak.net.jks" keystorePass="atakatak"/> -->
+		<!-- <connector port="8080" tls="false" _name="http_plaintext"/> -->
+	</network>
+
+	<auth>
+                <!-- Example OpenLDAP -->
+		<!--
+		<ldap
+			url="ldap://hostname.bbn.com/"
+			userstring="uid={username},ou=People,dc=XXX,dc=bbn,dc=com"
+			updateinterval="60"
+			style="DS"
+		/>
+		-->
+
+		<!-- Example ActiveDirectory -->
+
+		<!--NOTE!! In the example below, GroupBaseDN should be specified relative to the naming context provided in the url attribute below -->
+		<!--
+		<ldap
+			url="ldap://hostname.bbn.com/dc=XXX,dc=bbn,dc=com"
+			userstring="DOMAIN\{username}"
+			updateinterval="60"
+			groupprefix=""
+			style="AD"
+			ldapSecurityType="simple"
+			serviceAccountDN="cn=fred001,cn=Users,cn=Partition1,dc=XYZ,dc=COM"
+			serviceAccountCredential="XXXXXX"
+			groupObjectClass="group"
+			groupBaseRDN="CN=Groups"/>
+		/>
+
+		-->
+				<File location="UserAuthenticationFile.xml"/>
+	</auth>
+
+	<submission ignoreStaleMessages="false" validateXml="false"/>
+
+	<subscription reloadPersistent="false">
+		<!-- example static subscription that publishes messages to a UDP multicast address and port -->
+		<!-- <static _name="MulticastProxy" protocol="udp" address="239.2.3.1" port="6969" /> -->
+	</subscription>
+
+	<repository enable="true" numDbConnections="200" primaryKeyBatchSize="500" insertionBatchSize="500">
+
+		<connection url="jdbc:postgresql://127.0.0.1:5432/cot" username="martiuser" password="4mEt48lCJgar2yq" />
+	
+		<!-- <connection url="jdbc:postgresql://127.0.0.1:5432/cot" username="martiuser"
+								sslEnabled="true" sslMode="verify-ca"
+								sslCert="certs/files/martiuser.pem" sslKey="certs/files/martiuser.key.pk8"
+								sslRootCert="certs/files/ca.pem"/> -->
+	
+	</repository>
+
+	<repeater enable="true" periodMillis="3000" staleDelayMillis="15000">
+		<!-- Examples -->
+		<repeatableType initiate-test="/event/detail/emergency[@type='911 Alert']" cancel-test="/event/detail/emergency[@cancel='true']" _name="911"/>
+		<repeatableType initiate-test="/event/detail/emergency[@type='Ring The Bell']" cancel-test="/event/detail/emergency[@cancel='true']" _name="RingTheBell"/>
+		<repeatableType initiate-test="/event/detail/emergency[@type='Geo-fence Breached']" cancel-test="/event/detail/emergency[@cancel='true']" _name="GeoFenceBreach"/>
+		<repeatableType initiate-test="/event/detail/emergency[@type='Troops In Contact']" cancel-test="/event/detail/emergency[@cancel='true']" _name="TroopsInContact"/>
+	</repeater>
+
+	<dissemination smartRetry="false" />
+
+	<filter>
+		<flowtag enable="true" text=""/>
+		<streamingbroker enable="true"/>
+		<!--
+		<injectionfilter enable="false"/>
+		<dropfilter>
+			<typefilter type="u-d-p" />
+			<typefilter type="u-d-c" />
+		</dropfilter>
+		-->
+		<scrubber enable="false" action="overwrite"/>
+	</filter>
+
+	<buffer>
+		<latestSA enable="true"/>
+		<queue/>
+	</buffer>
+
+	<security>
+		<tls context="TLSv1.2"
+			keymanager="SunX509"
+			keystore="JKS" keystoreFile="certs/files/takserver.jks" keystorePass="atakatak"
+			truststore="JKS" truststoreFile="certs/files/truststore-root.jks" truststorePass="atakatak">
+		<!-- <crl _name="TAKServer CA" crlFile="certs/files/ca.crl"/>  -->
+
+		</tls>
+
+		<!-- previous locations of keystore and truststore -->
+		<!--
+		<tls context="TLSv1.2"
+			keymanager="SunX509"
+			keystore="JKS" keystoreFile="certs/TAKServer.jks" keystorePass="atakatak"
+			truststore="JKS" truststoreFile="certs/truststore.jks" truststorePass="atakatak">
+		</tls>
+		-->
+
+	</security>
+
+	<federation>
+		<federation-server port="9000" v1enabled="false" v2port="9001" v2enabled="true">
+			<tls context="TLSv1.2"
+			keymanager="SunX509"
+			keystore="JKS" keystoreFile="certs/files/takserver.jks" keystorePass="atakatak"
+			truststore="JKS" truststoreFile="certs/files/fed-truststore.jks" truststorePass="atakatak"/>
+		</federation-server>
+	</federation>
+
+<!-- previous locations of federate keystore and truststore -->
+
+<!--
+<tls context="TLSv1.2"
+		keymanager="SunX509"
+		keystore="JKS" keystoreFile="certs/TAKServer.jks" keystorePass="atakatak"
+		truststore="JKS" truststoreFile="certs/fed-truststore.jks" truststorePass="atakatak"/>
+	-->
+
+	<certificateSigning CA="TAKServer">
+		<certificateConfig>
+			<nameEntries>
+				<nameEntry name="O" value="SNSTAC"/>
+				<nameEntry name="OU" value="SNSTAK"/>
+			</nameEntries>
+		</certificateConfig>
+		<TAKServerCAConfig keystore="JKS" keystoreFile="certs/files/ca-signing.jks" keystorePass="atakatak" validityDays="90" signatureAlg="SHA256WithRSA" CAcertificate="certs/files/intermediate"/>
+	</certificateSigning>
+
+<!--
+<certificateSigning CA="{TAKServer | MicrosoftCA}">
+	<certificateConfig>
+		<nameEntries>
+			<nameEntry name="O" value="Test Org Name"/>
+			<nameEntry name="OU" value="Test Org Unit Name"/>
+		</nameEntries>
+	</certificateConfig>
+	<TAKServerCAConfig
+		keystore="JKS"
+		keystoreFile="certs/files/intermediate-signing.jks"
+		keystorePass="atakatak"
+		validityDays="30"
+		signatureAlg="SHA256WithRSA" />
+	<MicrosoftCAConfig
+		username="{MS CA Username}"
+		password="{MS CA Password}"
+		truststore="/opt/tak/certs/files/keystore.jks"
+		truststorePass="atakatak"
+		svcUrl="https://{server}/{CA name}_CES_UsernamePassword/service.svc"
+		templateName="Copy of User"/>
+</certificateSigning>
+-->
+
+    <vbm enabled="false" />
+
+</Configuration>
@@ -0,0 +1,17 @@
+<?xml version='1.0' standalone='yes'?>
+<preferences>
+  <preference version="1" name="cot_streams">
+    <entry key="count" class="class java.lang.Integer">1</entry>
+    <entry key="description0" class="class java.lang.String">Example TAK Server</entry>
+    <entry key="enabled0" class="class java.lang.Boolean">true</entry>
+    <entry key="connectString0" class="class java.lang.String">tak.example.net:8089:ssl</entry>
+    <entry key="caLocation0" class="class java.lang.String">cert/truststore.p12</entry>
+    <entry key="caPassword0" class="class java.lang.String">atakatak</entry>
+    <entry key="enrollForCertificateWithTrust0" class="class java.lang.Boolean">true</entry>
+    <entry key="useAuth0" class="class java.lang.Boolean">false</entry>
+    <entry key="certificateLocation0" class="class java.lang.String">cert/client.p12</entry>
+    <entry key="clientPassword0" class="class java.lang.String">atakatak</entry>
+  </preference>
+  <preference version="1" name="com.atakmap.app_preferences">
+  </preference>
+</preferences>