Add Kali backport

apps/linode-marketplace-kali-linux/.ansible-lint

@@ -0,0 +1,10 @@
+---
+skip_list:
+  - command-instead-of-shell
+  - no-changed-when
+  - no-jinja-when
+  - fqcn-builtins
+exclude_paths:
+  - .cache/
+  - .github/
+  - tests/

apps/linode-marketplace-kali-linux/.yamllint

@@ -0,0 +1,38 @@
+---
+# Based on ansible-lint config
+extends: default
+
+ignore: |
+  .github/*
+  .cache/*
+  tests/*
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable

apps/linode-marketplace-kali-linux/README.md

@@ -0,0 +1,86 @@
+# Linode Kali Deployment One-Click APP
+
+
+
+## Software Included
+
+| Software  | Version   | Description   |
+| :---      | :----     | :---          |
+| Kali    | latest    |  |
+
+**Supported Distributions:**
+
+- Ubuntu 22.04 LTS
+
+## Linode Helpers Included
+
+| Name  | Action  |
+| :---  | :---    |
+| Hostname   | The Hostname module uses `dnsdomainname -A` to detect the Linode's FQDN and write to the `/etc/hosts` file. This defaults to the Linode's automatically assigned rDNS. To use a custom FQDN see [Configure your Linode for Reverse DNS](https://www.linode.com/docs/guides/configure-your-linode-for-reverse-dns/).  |
+| Update Packages   | The Update Packages module performs apt update and upgrade actions as root.  |
+| UFW   | The UFW module will utilize a list generated by `linode_helpers/ufw/ufwgen.yml` in the `group_vars/linode/vars` and enables the service.  |
+| Fail2Ban   | The Fail2Ban module installs, activates and enables the Fail2Ban service.  |
+
+## Use our API
+
+Customers can choose to the deploy the Kali app through the Linode Marketplace or directly using API. Before using the commands below, you will need to create an [API token](https://www.linode.com/docs/products/tools/linode-api/get-started/#create-an-api-token) or configure [linode-cli](https://www.linode.com/products/cli/) on an environment.
+
+Make sure that the following values are updated at the top of the code block before running the commands:
+- TOKEN
+- ROOT_PASS
+
+SHELL:
+```
+export TOKEN="YOUR API TOKEN"
+export ROOT_PASS="aComplexP@ssword"
+export SOA_EMAIL_ADDRESS="[email protected]"
+
+curl -H "Content-Type: application/json" \
+    -H "Authorization: Bearer ${TOKEN}" \
+    -X POST -d '{
+      "backups_enabled": true,
+      "swap_size": 512,
+      "image": "linode/ubuntu2204",
+      "root_pass": "${ROOT_PASS}",
+      "stackscript_id": 00000000000,
+      "stackscript_data": {
+        "disable_root": "no/yes",
+        "soa_email_address": "${SOA_EMAIL_ADDRESS}"
+      },
+      "authorized_users": [
+        "myUser",
+        "secondaryUser"
+      ],
+      "booted": true,
+      "label": "linode123",
+      "type": "g6-standard-2",
+      "region": "us-east",
+      "group": "Linode-Group"
+    }' \
+https://api.linode.com/v4/linode/instances
+```
+
+CLI:
+```
+export TOKEN="YOUR API TOKEN"
+export ROOT_PASS="aComplexP@ssword"
+export SOA_EMAIL_ADDRESS="[email protected]"
+
+linode-cli linodes create \
+  --label linode123 \
+  --root_pass ${ROOT_PASS} \
+  --booted true \
+  --stackscript_id 00000000000 \
+  --stackscript_data '{"soa_email_address": "${SOA_EMAIL_ADDRESS}", "disable_root": "no/yes" }' \
+  --region us-east \
+  --type g6-standard-2 \
+  --authorized_keys "ssh-rsa AAAA_valid_public_ssh_key_123456785== user@their-computer"
+  --authorized_users "myUser"
+  --authorized_users "secondaryUser"
+```
+
+## Resources
+
+- [Create Linode via API](https://www.linode.com/docs/api/linode-instances/#linode-create)
+- [Stackscript referece](https://www.linode.com/docs/guides/writing-scripts-for-use-with-linode-stackscripts-a-tutorial/#user-defined-fields-udfs)
+

apps/linode-marketplace-kali-linux/ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+host_key_checking = False
+enable_plugins = linode
+deprecation_warnings = False
+interpreter_python = /usr/bin/python3
+roles_path=./roles:../linode_helpers/roles
+# relative or absolute roles_paths are required.

apps/linode-marketplace-kali-linux/collections.yml

@@ -0,0 +1,3 @@
+collections:
+ - name: linode.cloud
+   version: 0.16.1

apps/linode-marketplace-kali-linux/provision.yml

@@ -0,0 +1,12 @@
+---
+# kali
+- name: Setting up environment
+  hosts: localhost
+  connection: local
+  any_errors_fatal: true
+  user: root
+  vars_files:
+    - group_vars/linode/vars
+  tasks:
+    - name: Generating sudo user and password
+      import_tasks: ../linode_helpers/roles/sudouser/tasks/main.yml

apps/linode-marketplace-kali-linux/requirements.txt

@@ -0,0 +1,7 @@
+ansible==8.3.0
+ansible-lint==6.18.0
+linode-api4==5.9.0
+dnspython==2.4.2
+pyyaml==6.0.1
+pexpect==4.8.0
+jmespath==1.0.1

apps/linode-marketplace-kali-linux/roles/common/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+# set_hostname
+- name: setting up hostname
+  import_role:
+    name: hostname
+
+- name: set ssh pubkey
+  import_role:
+      name: sshkey
+
+- name: write _domain to vars
+  lineinfile: 
+    insertafter: EOF
+    path: group_vars/linode/vars
+    line: | 
+      _domain: {{ _domain }}
+  when: _domain is defined 
+
+- name: secure ssh
+  import_role:
+      name: securessh
+  when: disable_root is defined
+
+- name: update system packages
+  import_role:
+    name: update_pkgs
+
+- name: enabling ufw
+  import_role:
+    name: ufw
+
+- name: apply ufw rules
+  import_tasks: ufw_rules.yml
+
+- name: enabling fail2ban
+  import_role:
+    name: fail2ban_install

apps/linode-marketplace-kali-linux/roles/common/tasks/ufw_rules.yml

@@ -0,0 +1,20 @@
+---
+# set app specific ufw rules 
+- name: Allow all access to tcp port 22
+  community.general.ufw:
+    rule: allow
+    port: '22'
+    proto: tcp
+
+# allow certbot
+- name: Allow all access to tcp port 80
+  community.general.ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+
+- name: Allow all access to tcp port 443
+  community.general.ufw:
+    rule: allow
+    port: '443'
+    proto: tcp

apps/linode-marketplace-kali-linux/roles/kali/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+- name: Add non-free repository
+  apt_repository:
+    repo: deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware
+    state: present
+    filename: kali-nonfree
+
+- name: Update apt cache
+  apt:
+    update_cache: yes
+
+- name: Install firmware-misc-nonfree
+  apt:
+    name: firmware-misc-nonfree
+    state: present
+    update_cache: yes
+  environment:
+    DEBIAN_FRONTEND: noninteractive
+
+- name: Fix broken packages
+  apt:
+    clean: true
+    autoclean: true
+    autoremove: true
+  environment:
+    DEBIAN_FRONTEND: noninteractive
+
+- name: Install Kali Linux
+  apt:
+    name: "{{ kali_package }}"
+    state: present
+  when: kali_package is defined
+
+- name: Set up VNC
+  import_tasks: vnc_setup.yml
+  when: vnc_enabled | bool

apps/linode-marketplace-kali-linux/roles/kali/tasks/vnc_setup.yml

@@ -0,0 +1,44 @@
+---
+- name: Install XFCE and VNC packages
+  apt:
+    name:
+      - xfce4
+      - xfce4-goodies
+      - dbus-x11
+      - tigervnc-standalone-server
+      - expect
+    state: present
+
+- name: Create VNC user
+  user:
+    name: "{{ vnc_username }}"
+    password: "{{ vnc_password | password_hash('sha512') }}"
+    shell: /bin/bash
+
+- name: Set up VNC password
+  expect:
+    command: vncserver
+    responses:
+      Password: "{{ vnc_password }}"
+      Verify: "{{ vnc_password }}"
+      "Would you like to enter a view-only password (y/n)?": "n"
+  become: yes
+  become_user: "{{ vnc_username }}"
+
+- name: Kill VNC process
+  shell: |
+    killall Xtigervnc
+  ignore_errors: yes
+
+- name: Create VNC service file
+  template:
+    src: [email protected]
+    dest: /etc/systemd/system/[email protected]
+    mode: '0644'
+
+- name: Start and enable VNC service
+  systemd:
+    name: [email protected]
+    state: started
+    enabled: yes
+    daemon_reload: yes

apps/linode-marketplace-kali-linux/roles/kali/templates/vncserver@.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Start TigerVNC server at startup
+After=syslog.target network.target
+
+[Service]
+Type=forking
+User={{ vnc_username }}
+Group={{ vnc_username }}
+WorkingDirectory=/home/{{ vnc_username }}
+
+ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
+ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost :%i
+ExecStop=/usr/bin/vncserver -kill :%i
+
+[Install]
+WantedBy=multi-user.target

apps/linode-marketplace-kali-linux/roles/post/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+# motd and creds gen
+- name: copy MOTD template to /etc/motd
+  template:
+    src: templates/motd.j2
+    dest: /etc/motd
+
+- name: writing credentials into file
+  template:
+    src: templates/credentials.j2
+    dest: '/home/{{ username }}/.credentials'
+    mode: '0600'
+    owner: '{{ username }}'
+    group: '{{ username }}'

apps/linode-marketplace-kali-linux/roles/post/templates/credentials.j2

@@ -0,0 +1,13 @@
+Sudo Credentials:
+Username: {{ username }}
+Password: {{ password }}
+
+{% if vnc_enabled | bool %}
+VNC Credentials:
+Username: {{ vnc_username }}
+Password: {{ vnc_password }}
+{% endif %}
+
+{% if kali_package is defined and kali_package != '' %}
+Kali Linux Package Installed: {{ kali_package }}
+{% endif %}

apps/linode-marketplace-kali-linux/roles/post/templates/motd.j2

@@ -0,0 +1,24 @@
+*********************************************************
+Akamai Connected Cloud Kali Marketplace App
+
+###################################
+#   VNC SSH Tunnel Instructions   #
+###################################
+
+* Ensure you have a VNC Client installed on your local machine
+* Run the command below to start the SSH tunnel for VNC 
+
+    ssh -L 61000:127.0.0.1:5901 -N -l {{ vnc_username }} {{ ansible_default_ipv4.address }}
+
+* For more Detailed documentation please visit the official Documentation below
+
+    https://www.linode.com/docs/marketplace-docs/guides/kali-linux/
+
+### To remove this message, you can edit the /etc/motd file ###
+
+Credentials File: /home/{{ username }}/.credentials
+*********************************************************
+To delete this message of the day: rm /etc/motd
+
+
+