diff --git a/.provision/README.md b/.provision/README.md
new file mode 100644
index 0000000..5f0a68b
--- /dev/null
+++ b/.provision/README.md
@@ -0,0 +1,7 @@
+## ansible-role-lufi
+
+An ansible role deploy the application on host machine(Ubuntu 20.04)
+
+## terraform-aws-deploy
+
+A terraform plan creates necessary AWS infrastructure and deploy the lufi. This terraform plan uses the above ansible roles `ansible-role-lufi` to configure the application on AWS.
\ No newline at end of file
diff --git a/.provision/ansible-role-lufi/README.md b/.provision/ansible-role-lufi/README.md
new file mode 100644
index 0000000..ee540e0
--- /dev/null
+++ b/.provision/ansible-role-lufi/README.md
@@ -0,0 +1,50 @@
+Ansible-Role-Lufi
+=========
+This role installs the and configures Lufi on Debian/Ubuntu servers with nginx web server configuration.
+
+Role Variables
+--------------
+| Variable name | Value | Description |
+| ------------- | ----- | ----------- |
+| `app_dir` | /var/www/lufi | Set the application directory for the best practice |
+| `lufi_owner` | www-data | Set the application user for the best practice |
+| `lufi_group` | www-data | Set the application group for the best practice |
+| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
+| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files |
+| `project_version` | master | We can chose the project version either Master branch, Dev branch or tag based |
+| `servername` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations |
+
+Sample example of use in a playbook
+--------------
+
+The following code has been tested with Ubuntu 20.04
+
+```yaml
+
+- name: "install lufi"
+ hosts: enter your hosts file
+ become: yes
+ role:
+ - ansible-role-lufi
+ vars:
+ lufi_owner: "www-data"
+ lufi_group: "www-data"
+ contact: "contact.example.com"
+ report: "report@example.com"
+ app_dir: "/var/www/lufi"
+ project_version: "master"
+ servername: "IP address (or) CNAME/FQDN"
+```
+
+Contributing
+------------
+Don’t hesitate to create a pull request
+
+
+
+
+
+
+
+
+
diff --git a/.provision/ansible-role-lufi/defaults/main.yml b/.provision/ansible-role-lufi/defaults/main.yml
new file mode 100644
index 0000000..6677300
--- /dev/null
+++ b/.provision/ansible-role-lufi/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# defaults file for roles/servers
+
+robots_text: /var/www/html/
diff --git a/.provision/ansible-role-lufi/files/cronjob b/.provision/ansible-role-lufi/files/cronjob
new file mode 100644
index 0000000..ea00e4a
--- /dev/null
+++ b/.provision/ansible-role-lufi/files/cronjob
@@ -0,0 +1,8 @@
+#Path of the script
+PATH=/var/www/lufi
+
+carton exec script/lufi cron cleanbdd --mode production
+carton exec script/lufi cron cleanfiles --mode production
+carton exec script/lufi cron watch --mode production
+
+
diff --git a/.provision/ansible-role-lufi/files/robots.txt b/.provision/ansible-role-lufi/files/robots.txt
new file mode 100644
index 0000000..1ac58a5
--- /dev/null
+++ b/.provision/ansible-role-lufi/files/robots.txt
@@ -0,0 +1,7 @@
+User-agent: *
+Allow: /$
+Allow: /js/
+Allow: /css/
+Allow: /font/
+Allow: /img/
+Disallow: /r/
diff --git a/.provision/ansible-role-lufi/handlers/main.yml b/.provision/ansible-role-lufi/handlers/main.yml
new file mode 100644
index 0000000..fd947a6
--- /dev/null
+++ b/.provision/ansible-role-lufi/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+# handlers file for roles/servers
+
+- name: restart nginx
+ service: name=nginx state=restarted
diff --git a/.provision/ansible-role-lufi/tasks/apprun.yml b/.provision/ansible-role-lufi/tasks/apprun.yml
new file mode 100644
index 0000000..6038d0e
--- /dev/null
+++ b/.provision/ansible-role-lufi/tasks/apprun.yml
@@ -0,0 +1,23 @@
+#apprun.yml
+---
+ - name: This command will install the postgress module
+ ansible.builtin.shell:
+ cmd: carton install --deployment --without=test --without=sqlite --without=mysql
+ chdir: "{{ app_dir }}"
+
+ - name: Upload application file
+ template:
+ src: ../templates/lufi.conf.j2
+ dest: "{{ app_dir }}/lufi.conf"
+
+ - name: Run the command for app_executes
+ ansible.builtin.shell:
+ cmd: carton exec hypnotoad script/lufi
+ chdir: "{{ app_dir }}"
+
+ - name: Nginx configuration file add
+ template:
+ src: ../templates/app.conf
+ dest: /etc/nginx/conf.d/
+ mode: '0644'
+ notify: restart nginx
\ No newline at end of file
diff --git a/.provision/ansible-role-lufi/tasks/cron.yml b/.provision/ansible-role-lufi/tasks/cron.yml
new file mode 100644
index 0000000..ae4eb68
--- /dev/null
+++ b/.provision/ansible-role-lufi/tasks/cron.yml
@@ -0,0 +1,34 @@
+#cron.yml
+---
+ - name: Copy the cronjob file
+ ansible.builtin.copy:
+ src: ../files/cronjob
+ dest: /etc/cron.d/
+ owner: www-data
+ group: www-data
+
+ - name: "example cronjob"
+ ansible.builtin.cron:
+ name: "cronjob"
+ state: present
+ user: www-data
+ minute: "0"
+ hour: "0"
+ day: "*"
+ month: "*"
+ weekday: "*"
+ job: |
+ carton exec script/lufi cron cleanbdd --mode production; carton exec script/lufi cron cleanfiles --mode production; carton exec script/lufi cron watch --mode production
+
+
+
+#- name: Crontab file exists
+# cron:
+# name: Add date and time to a file.
+# minute: "*/2"
+# hour: 9-16
+# weekday: 1-5
+# user: devops
+# job: df >> /home/devops/disk_usage
+# cron_file: disk_usage
+# state: present
\ No newline at end of file
diff --git a/.provision/ansible-role-lufi/tasks/dependencies.yml b/.provision/ansible-role-lufi/tasks/dependencies.yml
new file mode 100644
index 0000000..04272af
--- /dev/null
+++ b/.provision/ansible-role-lufi/tasks/dependencies.yml
@@ -0,0 +1,17 @@
+ - name: Install Dependencies
+ apt:
+ name:
+ - nginx
+ - build-essential
+ - libssl-dev
+ - libio-socket-ssl-perl
+ - liblwp-protocol-https-perl
+ - zlib1g-dev
+ - libmojo-sqlite-perl
+ - carton
+ state: present
+
+ - name: Install Postgress Dev Packages
+ apt:
+ name:
+ - libpq-dev
\ No newline at end of file
diff --git a/.provision/ansible-role-lufi/tasks/gitclone.yml b/.provision/ansible-role-lufi/tasks/gitclone.yml
new file mode 100644
index 0000000..b83007e
--- /dev/null
+++ b/.provision/ansible-role-lufi/tasks/gitclone.yml
@@ -0,0 +1,29 @@
+#gitclone
+---
+
+- name: clone the repository
+ ansible.builtin.git:
+ repo: 'https://framagit.org/fiat-tux/hat-softwares/lufi.git'
+ dest: "{{ app_dir }}"
+ clone: yes
+ update: yes
+ version: "{{ project_version }}"
+
+- name: Change the owner
+ ansible.builtin.file:
+ path: "{{ app_dir }}"
+ owner: "{{ lufi_owner }}"
+ group: "{{ lufi_group }}"
+ state: directory
+ recurse: yes
+
+- name: Add the robots.txt file
+ ansible.builtin.copy:
+ src: ../files/robots.txt
+ dest: "{{ robots_text }}"
+
+
+
+
+
+
diff --git a/.provision/ansible-role-lufi/tasks/main.yml b/.provision/ansible-role-lufi/tasks/main.yml
new file mode 100644
index 0000000..b78a2be
--- /dev/null
+++ b/.provision/ansible-role-lufi/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+# tasks file for roles/servers
+
+- include: dependencies.yml
+- include: gitclone.yml
+- include: apprun.yml
+- include: cron.yml
diff --git a/.provision/ansible-role-lufi/templates/lufi.conf.j2 b/.provision/ansible-role-lufi/templates/lufi.conf.j2
new file mode 100644
index 0000000..45dfbe8
--- /dev/null
+++ b/.provision/ansible-role-lufi/templates/lufi.conf.j2
@@ -0,0 +1,362 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+ ####################
+ # Hypnotoad settings
+ ####################
+ # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+ hypnotoad => {
+ # array of IP addresses and ports you want to listen to
+ # you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
+ listen => ['http://0.0.0.0:8081'],
+ # if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
+ # if you use Lufi directly, let it commented
+ #proxy => 1,
+
+ # Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers
+ # to adjust this to your server
+ workers => 30,
+ clients => 1,
+ },
+
+ # Put a way to contact you here and uncomment it
+ # You can put some HTML in it
+ # MANDATORY
+ contact => 'Contact page',
+
+ # Put an URL or an email address to receive file reports and uncomment it
+ # It's for make reporting illegal files easy for users
+ # MANDATORY
+ report => '{{ report }}',
+
+ # Array of random strings used to encrypt cookies
+ # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
+ #secrets => ['fdjsofjoihrei'],
+
+ # Name of the instance, displayed next to the logo
+ # optional, default is Lufi
+ #instance_name => 'Lufi',
+
+ # Choose a theme. See the available themes in `themes` directory
+ # Optional, default is 'default'
+ #theme => 'default',
+
+ # Length of the random URL
+ # optional, default is 8
+ #length => 8,
+
+ # How many URLs will be provisioned in a batch ?
+ # optional, default is 5
+ #provis_step => 5,
+
+ # Max number of URLs to be provisioned
+ # optional, default is 100
+ #provisioning => 100,
+
+ # Length of the modify/delete token
+ # optional, default is 32
+ #token_length => 32,
+
+ # Max file size, in octets
+ # You can write it 100*1024*1024
+ # optional, no default
+ #max_file_size => 104857600,
+
+ # If you want to have piwik statistics, provide a piwik image tracker
+ # Only the image tracker is allowed, no javascript
+ # optional, no default
+ #piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
+
+ # Broadcast_message which will displayed on the index page
+ # optional, no default
+ #broadcast_message => 'Maintenance',
+
+ # Default time limit for files
+ # Valid values are 0, 1, 7, 30 and 365
+ # optional, default is 0 (no limit)
+ #default_delay => 0,
+
+ # Number of days after which the files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
+ # A warning message will be displayed on homepage
+ # optional, default is 0 (no limit)
+ #max_delay => 0,
+
+ # Size thresholds: if you want to define max delays for different sizes of file
+ # The keys are size in Bytes, you can't have 10*1000*10000 as key
+ # If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
+ # optional, default is using max_delay (see above) for all sizes
+ #delay_for_size => {
+ # 10000000 => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
+ # 50000000 => 60, # between 50MB ans 1GB => max is 60 days
+ # 1000000000 => 2, # more than 1GB => max is 2 days
+ #},
+
+ # URL sub-directory in which you want Lufi to be accessible
+ # example: you want to have Lufi under https://example.org/lufi/
+ # => set prefix to '/lufi' or to '/lufi/', it doesn't matter
+ # optional, defaut is /
+ #prefix => '/',
+
+ # Array of authorized domains for API calls.
+ # If you want to authorize everyone to use the API: ['*']
+ # optional, no domains allowed by default
+ #allowed_domains => ['http://1.example.com', 'http://2.example.com'],
+
+ # String of the URL to be redirected to when accessing /logout
+ # optional, default is no redirection after logging out
+ #logout_custom => 'https://sso.example.com/logout?redirect_uri=https%3A%2F%2Fexample.com',
+
+ # Define a path to the upload directory, where the uploaded files will be stored
+ # You can define it relative to lufi directory or set an absolute path
+ # Remember that it has to be in a directory writable by Lufi user
+ # optional, default is 'files'
+ #upload_dir => 'files',
+
+ #!!!!!!!!!!!!!!!
+ # EXPERIMENTAL !
+ #!!!!!!!!!!!!!!!
+ # You can store files on Swift object storage (https://en.wikipedia.org/wiki/OpenStack#Swift) instead of filesystem
+ # Please read https://metacpan.org/pod/Net::OpenStack::Swift#SYNOPSIS to know how to configure this setting
+ # IMPORTANT: add a `container` key in it, to let Lufi know which container to use. This is not a regular Net::OpenStack::Swift setting, but Lufi need it.
+ # EXPERIMENTAL: if the upload or download of files are stucked, reload Lufi and create a cron task to reload Lufi once a day
+ # You can copy Lufi files to Swift object storage by launching the command `carton exec script/lufi copyFilesToSwift` (can take a long time)
+ # optional, no default
+ #swift => {
+ # auth_url => 'https://auth-endpoint-url/v2.0',
+ # user => 'userid',
+ # password => 'password',
+ # tenant_name => 'project_id',
+ # container => 'lufi'
+ #},
+
+ # Allow to add a password on files, asked before allowing to download files
+ # optional, default is 0
+ #allow_pwd_on_files => 0,
+
+ # Force all files to be in "Burn after reading mode"
+ # optional, default is 0
+ #force_burn_after_reading => 0,
+
+ # If set, the files' URLs will always use this domain
+ # optional, no default
+ #fixed_domain => 'example.org',
+
+ # Abuse reasons
+ # Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
+ # The reason will be displayed to the downloader, according to the reasons you will configure here.
+ # optional, no default
+ #abuse => {
+ # 0 => 'Copyright infringment',
+ # 1 => 'Illegal content',
+ #},
+
+ ###############
+ # Mail settings
+ ###############
+
+ # Mail configuration
+ # See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
+ # optional, default to sendmail method with no arguments
+ #mail => {
+ # # Valid values are 'sendmail' and 'smtp'
+ # how => 'smtp',
+ # howargs => ['smtp.example.org']
+ #},
+
+ # Email sender address
+ # optional, default to no-reply@lufi.io
+ #mail_sender => 'no-reply@lufi.io',
+
+ # Disable sending mail through the server
+ # optional, default is false
+ #disable_mail_sending => 0,
+
+ #############
+ # DB settings
+ #############
+
+ # Choose what database you want to use
+ # Valid choices are sqlite, postgresql and mysql (all lowercase)
+ # optional, default is sqlite
+ # dbtype => 'sqlite',
+
+ # SQLite ONLY - only used if dbtype is set to sqlite
+ # Define a path to the SQLite database
+ # You can define it relative to lufi directory or set an absolute path
+ # Remember that it has to be in a directory writable by Lufi user
+ # optional, default is lufi.db
+ # db_path => 'lufi.db',
+
+ # PostgreSQL ONLY - only used if dbtype is set to postgresql
+ # These are the credentials to access the PostgreSQL database
+ # mandatory if you choosed postgresql as dbtype
+ pgdb => {
+ database => 'lufi',
+ host => 'localhost',
+ # optional, default is 5432
+ port => 5432,
+ user => 'DBUSER',
+ pwd => 'DBPASSWORD',
+ # https://mojolicious.org/perldoc/Mojo/Pg#max_connections
+ # optional, default is 1
+ #max_connections => 1,
+ },
+
+ # MySQL ONLY - only used if dbtype is set to mysql
+ # These are the credentials to access the MySQL database
+ # mandatory if you choosed mysql as dbtype
+ #mysqldb => {
+ # database => 'lufi',
+ # host => 'localhost',
+ # # optional, default is 3306
+ # #port => 3306,
+ # user => 'DBUSER',
+ # pwd => 'DBPASSWORD',
+ # # https://metacpan.org/pod/Mojo::mysql#max_connections
+ # # optional, default is 5 (set to 0 to disable persistent connections)
+ # #max_connections => 5,
+ #},
+
+ #############################################
+ # LDAP settings (authentication and features)
+ #############################################
+
+ # Set `ldap` if you want that only authenticated users can upload files
+ # Please note that everybody can still download files
+ # optional, no default
+ #ldap => {
+ # uri => 'ldaps://ldap.example.org', # server URI
+ # user_tree => 'ou=users,dc=example,dc=org', # search base DN
+ # bind_dn => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
+ # bind_pwd => 'secr3t', # search bind password
+ # user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
+ # user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.)
+ # # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
+ # # don't set or uncomment if you don't want to configure it
+ # start_tls => {
+ # verify => 'optional',
+ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
+ # }
+ #},
+
+ # If you've set ldap above, the session will last `session_duration` seconds before
+ # the user needs to reauthenticate
+ # optional, default is 3600
+ #session_duration => 3600,
+
+ # If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
+ # Those attributes will be accessible with:
+ # $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
+ # <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
+ #
+ # Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
+ # Note that you can’t use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
+ # optional, no default
+ #ldap_map_attr => {
+ # displayname => 'cn',
+ # mail => 'mail'
+ #},
+
+ # When using LDAP authentication, LDAP users can invite people (by mail) to use Lufi to send them files without
+ # being authenticated.
+ # This is where you configure the behavior of the invitations.
+ # You may need to fetch some attributes from LDAP to use some invitations settings. See `ldap_map_attr` above.
+ # optional, no default
+ #invitations => {
+ # # The name of the key set in `ldap_map_attr` (above) that corresponds to the mail of the LDAP user
+ # # optional, default is `mail`
+ # mail_attr => 'mail',
+ # # The `From` header of invitation mail can be the mail of the LDAP user
+ # # Be sure to have a mail system that will correctly send the mail from your users! (DKIM, SPF…)
+ # # To enable this feature, set it to 1
+ # # optional, disabled by default
+ # send_invitation_with_ldap_user_mail => 1,
+ # # The user is able to set an expiration delay for the invitation.
+ # # This expiration delay can’t be more than this setting (in days).
+ # # optional, default is 30 days
+ # max_invitation_expiration_delay => 30,
+ # # Once the guest has submitted his files, he has an additional period of time to submit forgotten files.
+ # # You can set that additional period of time in minutes here.
+ # # To disable that feature, set it to 0 or less
+ # # optional, default is 10 minutes
+ # max_additional_period => 10,
+ # # Lufi follows privacy-by-design, so, by default, no files URLs (with the decode secret) are stored in database.
+ # # However, the concern is different for this case. Storing files URLs makes users able to retrieve the guests’ sent files
+ # # from their `invitations` page.
+ # # Set to 1 to store guests’ files URLs in database
+ # # optional, default is 0 (disabled)
+ # save_files_url_in_db => 0,
+ # # Users can resend the invitation to their guest. This does not extend the invitation’s expiration delay unless you
+ # # set this option to 1.
+ # # optional, default is 0 (disabled)
+ # extend_invitation_expiration_on_resend => 0,
+ #},
+
+ #########################
+ # Htpasswd authentication
+ #########################
+
+ # Set `htpasswd` if you want to use an htpasswd file instead of ldap
+ # See 'man htpasswd' to know how to create such file
+ #htpasswd => 'lufi.passwd',
+
+ #######################
+ # HTTP Headers settings
+ #######################
+
+ # Content-Security-Policy header that will be sent by Lufi
+ # Set to '' to disable CSP header
+ # https://content-security-policy.com/ provides a good documentation about CSP.
+ # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+ # optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+ #csp => "",
+
+ # X-Frame-Options header that will be sent by Lufi
+ # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+ # Set to '' to disable X-Frame-Options header
+ # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+ # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+ # optional, default is 'DENY'
+ #x_frame_options => 'DENY',
+
+ # X-Content-Type-Options that will be sent by Lufi
+ # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ # Set to '' to disable X-Content-Type-Options header
+ # optional, default is 'nosniff'
+ #x_content_type_options => 'nosniff',
+
+ # X-XSS-Protection that will be sent by Lufi
+ # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+ # Set to '' to disable X-XSS-Protection header
+ # optional, default is '1; mode=block'
+ #x_xss_protection => '1; mode=block',
+
+ #########################
+ # Lufi cron jobs settings
+ #########################
+
+ # Expired files will be kept for 2 additional days after the expiration time has passed!
+ # The reasoning behind this is to allow downloads to complete and avoid deleting them while
+ # they are still being tranfered.
+
+ # Number of days senders' IP addresses are kept in database
+ # After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
+ # optional, default is 365
+ keep_ip_during => 1,
+
+ # Max size of the files directory, in octets
+ # Used by script/lufi cron watch to trigger an action
+ # optional, no default
+ max_total_size => 10*1024*1024*1024,
+
+ # Default action when files directory is over max_total_size (used with script/lufi cron watch)
+ # Valid values are 'warn', 'stop-upload' and 'delete'
+ # Please, see README.md
+ # optional, default is 'warn'
+ policy_when_full => 'warn',
+
+ # Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
+ # If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
+ # optional, no default
+ delete_no_longer_viewed_files => 1,
+};
diff --git a/.provision/ansible-role-lufi/templates/update.sh b/.provision/ansible-role-lufi/templates/update.sh
new file mode 100644
index 0000000..e6bc564
--- /dev/null
+++ b/.provision/ansible-role-lufi/templates/update.sh
@@ -0,0 +1,10 @@
+# install perl dependencies
+apt install liblwp-protocol-https-perl carton
+sleep 5
+git pull
+sleep 5
+carton install --deployment --without=test --without=sqlite --without=mysql
+sleep5
+carton exec hypnotoad script/lufi
+
+
diff --git a/.provision/ansible-role-lufi/vars/main.yml b/.provision/ansible-role-lufi/vars/main.yml
new file mode 100644
index 0000000..dff6c35
--- /dev/null
+++ b/.provision/ansible-role-lufi/vars/main.yml
@@ -0,0 +1,16 @@
+---
+# vars file for roles/servers
+
+lufi_owner: "www-data"
+
+lufi_group: "www-data"
+
+contact: "contact.example.com"
+
+report: "report@example.com"
+
+app_dir: ""
+
+project_version: ""
+
+servername: ""
diff --git a/.provision/terraform-aws-deploy/README.md b/.provision/terraform-aws-deploy/README.md
new file mode 100644
index 0000000..6565b5a
--- /dev/null
+++ b/.provision/terraform-aws-deploy/README.md
@@ -0,0 +1,18 @@
+# Terraform-AWS-Deploy
+
+ This terraform plan create the resourcess of EC2 instance
+
+## Terraform Variables
+ Edit the `vars.tf` file to add the variables as per your need.
+
+| Variable name | Value | Description |
+| ------------- | ----- | ----------- |
+| `aws_region` | us-east-1 | Set the region |
+| `vpc_cidr` | 10.0.0.0/16 | Set the cidr value for the vpc |
+| `public_subnet_cidr` | 10.0.2.0/24 | Set the cidr value for the public subnet |
+| `user` | ubuntu | Set the EC2 instance user name |
+| `public_key` | /home/user_name/.ssh/id_rsa_pub | Set the publickey value for the ec2 instance from the host machine |
+| `private_key` | /home/user_name/.ssh/id_rsa | Set the private key value for the ec2 instance from the hostmachine |
+| `aws_access_key` | AWSACCESSKEY | Enter your aws access key |
+| `aws_secrete_key` | AWSSECRETEKEY | Enter your aws secrete key |
+| `instance_name` | Lufi_app_instance | Set the name for instance |
diff --git a/.provision/terraform-aws-deploy/main.tf b/.provision/terraform-aws-deploy/main.tf
new file mode 100644
index 0000000..f4b7de5
--- /dev/null
+++ b/.provision/terraform-aws-deploy/main.tf
@@ -0,0 +1,126 @@
+#Create the VPC
+resource "aws_vpc" "MAIN" {
+ cidr_block = "${var.vpc_cidr}"
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ instance_tenancy = "default"
+ tags = {
+ Name = "lufi-master-vpc"
+ }
+}
+
+# Create InternetGateWay and attach to VPC
+
+resource "aws_internet_gateway" "IGW" {
+ vpc_id = "${aws_vpc.MAIN.id}"
+ tags = {
+ "Name" = "lufi-master-igw"
+ }
+}
+
+# Create a public subnet
+
+resource "aws_subnet" "publicsubnet" {
+ vpc_id = "${aws_vpc.MAIN.id}"
+ cidr_block = "${var.public_subnet_cidr}"
+ map_public_ip_on_launch = true
+ tags = {
+ Name = "lufi-master-us-east-1-public"
+ }
+}
+
+# Create routeTable
+resource "aws_route_table" "publicroute" {
+ vpc_id = "${aws_vpc.MAIN.id}"
+ route {
+ cidr_block = "0.0.0.0/0"
+ gateway_id = "${aws_internet_gateway.IGW.id}"
+ }
+
+ tags = {
+ Name = "lufi-master-us-east-1-public-rt"
+ }
+}
+
+resource "aws_main_route_table_association" "mainRTB" {
+ vpc_id = "${aws_vpc.MAIN.id}"
+ route_table_id = "${aws_route_table.publicroute.id}"
+}
+## Create security group
+resource "aws_security_group" "security" {
+ name = "lufi-master-sg"
+ description = "allow all traffic"
+ vpc_id = "${aws_vpc.MAIN.id}"
+
+ ingress {
+ description = "allow all traffic"
+ from_port = "0"
+ to_port = "65535"
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+ ingress {
+ description = "allow port SSH"
+ from_port = "22"
+ to_port = "22"
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+}
+
+#Create key_pair for the instance
+
+resource "aws_key_pair" "genkey" {
+ key_name = "lufi.webapp"
+ public_key = "${file(var.public_key)}"
+}
+
+# Craete ec2 instance
+resource "aws_instance" "ec2_instance" {
+ ami = "ami-04505e74c0741db8d"
+ instance_type = "t2.medium"
+ associate_public_ip_address = "true"
+ subnet_id = "${aws_subnet.publicsubnet.id}"
+ vpc_security_group_ids = ["${aws_security_group.security.id}"]
+ key_name = "lufi.webapp"
+
+ connection {
+ agent = false
+ type = "ssh"
+ host = aws_instance.ec2_instance.public_dns
+ private_key = "${file(var.private_key)}"
+ user = "${var.user}"
+ }
+
+ provisioner "remote-exec" {
+ inline = [
+ "sudo apt update -y",
+ "sudo apt install python3.9 -y",
+ ]
+ }
+
+ provisioner "local-exec" {
+ command = < hosts && \
+ echo "[Lufi]" | tee -a hosts && \
+ echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \
+ export ANSIBLE_HOST_KEY_CHECKING=False && \
+ ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml
+ EOT
+ }
+
+ tags = {
+ Name = "${var.instance_name}"
+ }
+}
+
+
+
diff --git a/.provision/terraform-aws-deploy/output.tf b/.provision/terraform-aws-deploy/output.tf
new file mode 100644
index 0000000..52c6607
--- /dev/null
+++ b/.provision/terraform-aws-deploy/output.tf
@@ -0,0 +1,7 @@
+output "public_ip" {
+ value = "${aws_instance.ec2_instance.public_ip}"
+}
+
+output "App_running_at" {
+ value = "http://${aws_instance.ec2_instance.public_ip}:8081"
+}
diff --git a/.provision/terraform-aws-deploy/provider.tf b/.provision/terraform-aws-deploy/provider.tf
new file mode 100644
index 0000000..22f192f
--- /dev/null
+++ b/.provision/terraform-aws-deploy/provider.tf
@@ -0,0 +1,5 @@
+provider "aws" {
+access_key = "${var.aws_access_key}"
+secret_key = "${var.aws_secret_key}"
+region = "${var.aws_region}"
+}
\ No newline at end of file
diff --git a/.provision/terraform-aws-deploy/vars.tf b/.provision/terraform-aws-deploy/vars.tf
new file mode 100644
index 0000000..f2bfde5
--- /dev/null
+++ b/.provision/terraform-aws-deploy/vars.tf
@@ -0,0 +1,36 @@
+variable "aws_region" {
+ default = "aws_region"
+}
+variable "vpc_cidr" {
+ default = "cidr_value"
+}
+variable "public_subnet_cidr" {
+ default = "cidr_value"
+}
+variable "public_subnet1_cidr" {
+ default = "cidr_value"
+}
+
+variable "user" {
+ default = "user_of_instance"
+}
+
+variable "public_key" {
+ default = "$PWD_publickey"
+}
+variable "private_key" {
+ default = "$PWD_privatekey"
+}
+variable "aws_access_key" {
+ default = "aws_access_key"
+}
+
+variable "aws_secret_key" {
+ default = "aws_secrete_key"
+}
+
+variable "instance_name" {
+ default = "instance_name"
+}
+
+
diff --git a/README.md b/README.md
index 5e18ce3..8bc53e1 100644
--- a/README.md
+++ b/README.md
@@ -95,3 +95,7 @@ It uses:
* [Stanford Javascript Crypto Library](http://bitwiseshiftleft.github.com/sjcl/)
* [Moment.js](http://momentjs.com/) for displaying real dates instead of unix timestamps.
* [Filesize.js](http://filesizejs.com/) for displaying file sizes
+
+## Deploy Lufi
+
+An ansible role and a terraform plan reside under the `.provision` directory. An user could utilize the terraform plan if they chose to deploy lufi on AWS, if that's not the goal, they could simply execute the ansible role in part. Usage docs for both are present in their respective directories.