remade base playbook and roles
This commit is contained in:
parent
d331e4d0e9
commit
6a4870a9cc
31 changed files with 304 additions and 289 deletions
|
@ -1,5 +1,11 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: apt_proxies
|
- hosts: apt_proxy
|
||||||
roles:
|
roles:
|
||||||
- apt_cacher_ng
|
- apt_cacher_ng
|
||||||
|
|
||||||
|
- import_playbook: vpn.yml
|
||||||
|
|
||||||
|
- hosts: vpn
|
||||||
|
roles:
|
||||||
|
- client_apt_proxy
|
||||||
|
|
|
@ -1,18 +1,18 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: vpn
|
|
||||||
roles:
|
|
||||||
- vpn
|
|
||||||
- client_apt_proxy
|
|
||||||
|
|
||||||
- hosts: server
|
- hosts: server
|
||||||
roles:
|
roles:
|
||||||
- networking
|
- networking
|
||||||
- base_config
|
- base
|
||||||
- prometheus-node-exporter
|
|
||||||
|
|
||||||
- hosts: server
|
|
||||||
roles:
|
|
||||||
- users
|
- users
|
||||||
- ssh_totp
|
- ssh
|
||||||
|
tasks:
|
||||||
|
- name: Check if host is using cloud init
|
||||||
|
stat:
|
||||||
|
path: /etc/cloud
|
||||||
|
register: cloudinit_folder
|
||||||
|
- include_role:
|
||||||
|
name: cloudinit
|
||||||
|
when: cloudinit_folder.stat.exists
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: prometheus_servers
|
- hosts: prometheus
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
- prometheus-alert-manager
|
- prometheus-alert-manager
|
||||||
- grafana
|
- grafana
|
||||||
- prometheus-blackbox-exporter
|
- prometheus-blackbox-exporter
|
||||||
|
|
||||||
- hosts: all, !tests,
|
- hosts: server
|
||||||
roles:
|
roles:
|
||||||
- prometheus-node-exporter
|
- prometheus-node-exporter
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: vpn, !tests
|
- hosts: vpn
|
||||||
roles:
|
roles:
|
||||||
- vpn
|
- vpn
|
||||||
- networking
|
|
||||||
|
|
|
@ -28,6 +28,11 @@ intranet:
|
||||||
ipv4: 172.20.1.5
|
ipv4: 172.20.1.5
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: Matrix server
|
comment: Matrix server
|
||||||
|
technetium:
|
||||||
|
domaine: technetium
|
||||||
|
ipv4: 172.20.1.99
|
||||||
|
netmaskv4: 32
|
||||||
|
comment: Test VM
|
||||||
guest_hellman:
|
guest_hellman:
|
||||||
domaine: hllm
|
domaine: hllm
|
||||||
ipv4: 172.20.198.0
|
ipv4: 172.20.198.0
|
||||||
|
|
9
group_vars/all/users.example
Normal file
9
group_vars/all/users.example
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
user_dict:
|
||||||
|
lorem:
|
||||||
|
shell: "/bin/bash",
|
||||||
|
password_hash: "$6$lvbzekjvbzejbvzvzvbzvbzhvbzbv....aezrfv/", # the string betwenn the first and second `:` in /etc/shadow
|
||||||
|
ssh_keys:
|
||||||
|
- "ssh-rsa azrekgnbmoienbzrinoien...aoeuzn lorem@host1",
|
||||||
|
- "ssh-ed25519 azrekgnbmoienbzrinoien...aoeuzn lorem@host2",
|
||||||
|
totp: "daeae8ce486f6636d68c37c21ce002" # the hex value
|
|
@ -1,135 +1,130 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
32663331653233353731353139666138323138373161633338653030366131353635333031343366
|
33616537616365396333336638636535353264303632353932306133323533356566666238323764
|
||||||
6262363661383266393163333436643265336430633665330a646636616530626237306236393063
|
3662623730313661316266313535393332616534336565320a323864623561306530613934313961
|
||||||
34383165613330663935623565326430626561303961366464663739393465633735303634653865
|
36336665636437336135323163643430386261633062626434376636666561656632393537306561
|
||||||
3731393330383366620a316139346166616335343564353431613938363266343962663831613034
|
6363333965656334350a323935656335343863353838633666383331626237323135303264336630
|
||||||
30626561316663336239613230386663316266393638643761336432383566623066343838323133
|
30326563626661636437616533663966373434303930356464373835613162313635613038333437
|
||||||
31613765623162636462303638363930636433303331666434303764386337663162643537663361
|
32353333343664663665313865303163616264373432336633376138643432373931306532383232
|
||||||
39373337376635306132386538323939646239633461633733666132343430643235313633386464
|
34363764383738386336336631313262626661663463666330633361346436396564303436396139
|
||||||
39346238333836353238396466336330343862393733306333363265366363303136343932623736
|
62613731616339386239383762356438646333613538363130353065383437376633363238306531
|
||||||
36666337363165343239636262336363613236396162303061343331313839353731616162666561
|
37633161326139386533386334633731383039663661633631373961656438653930643038303039
|
||||||
61333235306237613161653632616332383332376365373733326335333739316563316439633361
|
32373861313662393963623963616163323534386339383734303364663036333565353663616138
|
||||||
65393366346134366137663263616165613063333166636532393734393963613033313363353163
|
37396332616464313966353835623839633264326231663030363039643465393630613466363562
|
||||||
32333832353931613738353530396637613534393839336338336231356632616239303662623339
|
33653761373734343336643035616233386464336266633438316138303939636663376532633062
|
||||||
61373836383538346565363963623662616530316634346564643730383032656130626636333135
|
64303839613062343765663162353938333764386233346463653961373562663631623732313065
|
||||||
36383631663766616131373537376435326461316536373337646136623664373365643732383630
|
61666562616237386631356165393439323533336363373636373166343562373932353935383963
|
||||||
63313563666466316535663531613265313933343664303439653336323935373832326632333961
|
31663630636238613335616335346430313862616462333134336537383037663237623539346462
|
||||||
38363366396136636231383136323934396532313233353538313831616231383637633665623261
|
36663932623437333138613663636132316533383939623530386630353230666435343332316561
|
||||||
39336162636561363438323636616363373939306332376433303934396531666534333431313965
|
34323732653565333565623930383265303934313562353835303064623166656637383035616635
|
||||||
63376665323537613263353531646135633861663364336564363131383633623065383938363665
|
34343633666432663562363564303636303036643961666236366565373966663162333735636337
|
||||||
38353338323732306463333138623966666563323263363534363664666532323038393463636635
|
61323337636136626261323065353432643939353735643136653236376235356366333466316531
|
||||||
33323434363733393739363562626237393031336461313338643562383334656230346132666532
|
37393238393262633433616434326535306237666232666664386361303735373861643539663539
|
||||||
66326362613263303262343837623835323161373163643438313937316530633230646132626264
|
38346637653332623033393663366331336238666337643762666530663761303966383364343031
|
||||||
38643536353764313661383430383962326131346338643632633161663262333232623662316365
|
66316639353666323334396334333831366436383466633033363839363632623033363865376530
|
||||||
30316236346338303331313266386266663239303963363761393766386430383338343163616137
|
36373933333265613462353532373032666561613332333539363864376132336266626638653766
|
||||||
36616536336165653936333463343737323961356135626563383161373431613362633564653863
|
37393562356362353339366234613035393934663661393964346339633137636232623363633131
|
||||||
36393963663766383533376335373165343465316261356536336333643665393065333433386261
|
39323034663834636332383330636466316630303136363330363162383132633365636433383131
|
||||||
62613534353934633830623762376436633661383666316635386436616533633561353032303261
|
65313533643264613735336333393463303533366139343364313065336436336630336439383733
|
||||||
66376536353333623832303365386265336264366439386261333064643062303035613936306261
|
63666663653635373461336438353161326666613632613733383530626430376631333563636164
|
||||||
37313932336331326265666163356333373163363161336665386338643864656232643332373363
|
36333762346439393665626333393066646237316466643563373838656235323132326534623335
|
||||||
34366337323232346361623839623631393730363961353530396162343666313233313132636630
|
33303161633638386334363465663164626165383763306436636362346135613238313262343636
|
||||||
31323231316463306663623039623165653465313232363532316564326639653161323264623837
|
65623461313863666462333235636436366237643561323661323332306130363036613861376561
|
||||||
66373165656535353933656365626462373566336663363335653232393233613132316236373233
|
32356236306161343831613966396236313638313938653831353863316465346635346161616131
|
||||||
65653135623235616430316330386666333031646565646461386335343164336334393237656262
|
31323335636532353234396665643033366334376131343962316136373737626136373561373065
|
||||||
63636232613237363061393633663762376166393364663731376261323434383862303935363565
|
30633930346465363832633335613761353039386666633561396637306265383734396630656166
|
||||||
37643136613339313366356165623631376131356232646438373135343539313463383362636633
|
63613931653235613537333431373666303339333666366236626235393737653132633833353637
|
||||||
34386261333866646562643335343636663563346263383462353235623738383065353137373266
|
35623566356635623331376631393233346663666466616366386464323462313130666264326565
|
||||||
34366664366434346563383933656333343266613434613035396465316630326261313737623464
|
36633664306236666432623430643935363735303936646165306534383764336133336333366531
|
||||||
65316631363361626564393763323063326537636333303566316236353763393838356237376135
|
62333965383336383365613766356264343431626535613037386266373536363763666462386437
|
||||||
65646433303139393263383136346361383136356331633832643233333262333033316535393433
|
66653962313830316166653032336162636166313532323139306562316238656461643733636133
|
||||||
34373233343235323061393538346135306133366335303764336262613133376637633436376637
|
34666561396261313733323961313563643362336635343937303663646436323064313239643533
|
||||||
36396366616231336161396232316535323963353131366138636264303737363137353538653136
|
64643161386532366331623835623838633739613337376362333936613063623034326336623662
|
||||||
38323030626139363638646165623438626338306435356361353731643337366161386561613464
|
31316438643834353061613765383336643062386464336336396330373564613436323166623836
|
||||||
37626132613238626237666337616336653639356331363166613431363636626365623664353736
|
62353663343533653362396637386538306333326365336336316130353863356264626536303734
|
||||||
38323836373563386137643362386465343064363030633963623864616335636630353936366662
|
65316166656637643266636664633838636636346133356264343036383839666632626662353366
|
||||||
31353263326533313562306530376232303933396239303739326238343736333732356666633034
|
62646133356633353538376664353364616237653739346365663632613230346235656431376638
|
||||||
39643038656137356161373031626131346435396262356238643937653164356566633434623362
|
38383835373833376536356537393032346132396661326330393532663630393832616362666466
|
||||||
62336431366266623164616462366137343564636431383930346530663039356563343163393365
|
38353366316631366335366139313935666366383534383731636464303434373831313833323139
|
||||||
63633335303036356130623062616433643138626466383761333731306239353565636336626166
|
66633764383338636134303830343731666465396665346430643061383031393034313564653261
|
||||||
65333431656634666163376661343538303563646438666333396636303331356434356132636235
|
35393762656266613463643766656134323465373464313034353363363138636433653361346263
|
||||||
30353938663634383537376232653261363932613135663734306536663733613862356639613466
|
66363762393362306632346338316662396331306661663037663939353363383434393937643962
|
||||||
34326630326362373830383263306132313763616265646235353562373430376630666432353136
|
65353030363036363532366538316531316266313137363439386439353361646564653035626533
|
||||||
36633034653761373636626139353837643130326162316564626165383232663830633662373562
|
62346433653439646236333031343239323935353930623238306131633039383233623637666566
|
||||||
30633565393235373261663962396535666430343133626261323063353137386431353330316134
|
32376639383437643434653432636663643635386637303864656635303734306363666661643965
|
||||||
33336637363862646366633362653066373234656131626132643661333532633535363332363966
|
63363234363332386633363264333639343866303935303332643465653039343635343961653533
|
||||||
30633761306539346432656131376463633631323630663762613832613332653762353865306137
|
32363030353731663334376638333832346464663365343939303434326239306632326638373439
|
||||||
31663465633462636663333735666137326166656135653036633830663463623466336134303032
|
63396539393933323463626130653630376330356561373336313764373731356462343766323762
|
||||||
64663036646238326237353336633365643238653938363039376337616139306132663939353036
|
65653134363637383535326232333337636438366231653961346166333637376131643662626266
|
||||||
64663166343939333361626136313434633639376566663865613339663331386530356663303038
|
63356639313263646136616462366234386465333335313266333763333766313866393439393031
|
||||||
33343235383434346532343762353661336136383034653030656631333332313639336239323838
|
35306564376432393436656663646265633861396536366236353663643864386134666438646537
|
||||||
65376231666338333331663432326539663334663136313162306666663564353738303639646335
|
31663635366231373139323338643036313631613635313237633030386231613931623036343661
|
||||||
38333431323839333135643966383861383065333930666433653663636134636236666430363063
|
30363834646265343363333333333230383265366561363765326337306666373333313563393962
|
||||||
65373639343432333762666138376461323562316261663961356530613733376463386538663830
|
37366637303631376338636265336566386438323061303034666638643335356138336365666463
|
||||||
37333762613866363939646662626239353765306266616236643037373865316461326437303039
|
32323136363834336437643263376262313730326264613438623230343830636439396137346633
|
||||||
37653431323864303431316337363739656235386534383533386635343930646130383839333139
|
30663563653035346461616632656161303534613137386532653339333963396133353739386332
|
||||||
39666165333363653939646236653135653163643364666135323439346266353738653065323063
|
61323234376564333032363739313934356165353261313538636130373735306563656134626539
|
||||||
30656265333136353436643062623738306531376435626463356337313764366665373939343033
|
39353932656463326534323731643865663732383938353865663232393365356364626534306164
|
||||||
65396635323638316662333537613865336532613932636262643634643232316438356135626432
|
30316663343234323832353465333631633965373932393462316664356365313139323439373364
|
||||||
30636138383366373338313166366161626563633736343663343132653035646131393530653233
|
65623466653061376166313066363763386536363134666633613533393166663563393364343631
|
||||||
64303762363865616536306365333832303563656664653164346462666262646365643435646639
|
38643739353438356433626236356135623364616261663563393439656233356264613037316331
|
||||||
31383230373135366236373634396531393638373830653565376535656364626361383834616465
|
39616534633266336139633736643333623666636666643839323833643133623861373232323939
|
||||||
34666536303230303638356530346635326239326237373730343138333137623162343566633466
|
64656436353561626461366461663366306663616362333161663032333738623834616363386266
|
||||||
31363166643566623866383637633864326662613131326339323236633662396665613864323434
|
34346164393039363230643532623637653963376262326135623338373430383731313133346333
|
||||||
62303866323537663264663732303562306562316632346361373433376364623566356232613435
|
35303739353465383766663061306439383861376430623563396465353230653937336262313834
|
||||||
64316261646432663039393062613166323264333433323633353532306332343662616166366533
|
63383435623062663235623966306630343832646361373630313732613934653064346531393037
|
||||||
30613737303331356462646337653236643935353638363837313661343233613839373264346530
|
32346364383463363739633566616237333066623862356238383261373361316164303332343461
|
||||||
37326536633561646436643832303861313366303562393230653733353862333734336561323266
|
33376638396130363032633734353538343261393335343232353765666535303432633563373438
|
||||||
61303230613066643636313230303232343436323135363765633232643863326235653766623365
|
64396665363162626633393366623239373231663131353038383637353435333764613565633466
|
||||||
31353132663030346361626632336539666263336661376433663039633134623065373635363561
|
61636530356163303737653131633130643231346465613966643131616339336531376336643337
|
||||||
37613138316336613738633639386635396462393336336534616533303165623837393639636364
|
63393762353938323232373636346232343761373830363639613763633835343766356434623435
|
||||||
34326163333461346566356361623632373361613163663065643065366236623664633430366430
|
31626337386466623537376633326438353235396262636432393733623430353237396336303965
|
||||||
38376539653235666535383434316466333165313339343063356362363038656137346231366330
|
39323333663862363033393732643139383036613939656134306665333039633864653034343635
|
||||||
39623230643831393334393338656664343765623034346465666633653731623762383634656666
|
66393962353638303964666564393732396434306638366531316366333933323565333164626164
|
||||||
37396632343532396139386565303865393034333266363230396433383466346661623639376166
|
62646561346661333338663136643732333432666366633839303939386264646330663764356661
|
||||||
66636536656539316239323461663061316166303335633961343836633262353833313736666637
|
30343236333837363736366263396334333437363962653761313039646663316338663030386339
|
||||||
31386634373934326532376631336430316663613062336332643562323565363936633530663231
|
34343963616366316432313264653636353366623364653761356566363964396262366464396165
|
||||||
31643630616338663431633038373035393636643464623333663831353962383439666633386564
|
66393035653937656334653737326463373039373562386139323937303633626630376337636437
|
||||||
33353231363630353833373964663433623165613662343032616564396233346632356166316466
|
64643539623239323730386336306238663931393061636434343766313935636465623766613266
|
||||||
30666631373235396336363934386438323166626332313030643230373362633238333361323732
|
63306461653430346135633461633130666232373565336136306561353165333237316263306431
|
||||||
64626464303561666230313365366636346366376435333833633764376562343839646539353261
|
32343439666462346565393138653663393634303164656636616131303466363732353932336436
|
||||||
32646630326530396438353435306336303963666333626339396133303666383730376362643735
|
61343732386533643231383861623066383066383031363731306661393830646564366338333365
|
||||||
35346161333062326535336232386134613434356234663665383964373935373137336639646130
|
61396537313163323166373736623339616162623937396565363633623361613863643336613134
|
||||||
35383564313133393931376164316632356635323463393762353038373234393539363565303862
|
39373734623030663632386633656438326366346333643434303439313532636132313161393037
|
||||||
36313731316537363932663337336138633230643965353335356233326434626665333061353233
|
65373764376538363365323432643230376366663733316235613534393432613038343763666230
|
||||||
61383861326639363531383033623935363537396332393361633837626638303963336633323430
|
32356630343835313532356434663436613431666562306138623830373938653061353630313532
|
||||||
33653834633866353431396438346231656333643136633861333834336639613137326564356262
|
39356661353966626231636631336362373531353238623737323935623738653333376139613434
|
||||||
65376238373631626339366661343563663233336231303965633336393539393162663230626634
|
64353035666332343361666563636535623934303535633636333666396165396637663866613534
|
||||||
32346433373934383264356661383032393138343436343039343566643164393933643239363834
|
34623966303639646339333565363364353937653830393663383162313562623431336434393364
|
||||||
30343739326463363633306461363062313532393261323134646536303336643563353063313538
|
65633030623939393264613736336265366564383138326538646635323764306165333165363962
|
||||||
38383466653161396466643336663732343932383839623135366532363566353138633161333463
|
33383433663638323562366162396534333961353635323033633666386363646135386138613438
|
||||||
39303461396235366365656166326632636235306131356538386263313262626463613735346338
|
31353463366539653530643464396666333735376465386331396336356635383064633132383763
|
||||||
63303535653964356632386135333033306561383962633538363462353061343962373438316265
|
39366233623337643764343439653632326564343635323064326366396362336566393863363765
|
||||||
39386263636133666636393064343831636236646162306636633836363737323930336435396138
|
31313165353565366663383466386330396166363065396661326137653737643462656363306131
|
||||||
33366535613931626230633136613864383336356661633565333362363436343838376330366333
|
33343939393534656238376531303039616265323465353334643531663263366332623934633763
|
||||||
30363332373831393364333237626134366533333533363130643662316366343238633464666436
|
63353638323538653163373263383539613733623661366233393265646131386232333766613362
|
||||||
62346534616330623333626138616330323631633763656330353738616263626233386337323963
|
33636138636434383539616238613866383338333534393263656439396263366365303032633035
|
||||||
32303565313465303464343366376334353533396264663561346438626266376463306635333831
|
62623635636137316536333630373865643036353664616438663535663765313339323461653435
|
||||||
66613861653965653434376633363034336462316635386332653063356637343531316439653030
|
61303461663562616632373061613031333332356330303035636231303864306464306138656538
|
||||||
32313734303762613563393762653661303735653364326131656236613230656635636630376537
|
63633566636636633738646266343733616639303138363336326565663232383230376533613964
|
||||||
30613730363761383438383262626432396631393832346262333266346537336436653862366663
|
38303230636333356236386538326631333561316332396366313337303839396337396639636432
|
||||||
38656138336236333939623333326234656166326163643165646631313230633263613732363533
|
64626661383037356537323866613039633637376331386438663236383937616631343731643733
|
||||||
36643665386366363637376138343339646435373062313563316433306232363266386236663931
|
31616132383437623663623230383661373034393735323937363332336331366364336335376636
|
||||||
62623433646239636263643039646462633936653331303032326335336231323561326534643932
|
31393866383332363762626136613663626630656534373764363733623763336132336135366533
|
||||||
62333865646565326338386339336264613036313631633431343561303936623733363163386630
|
63636133656133346661393764343564653035363834613730626139313736346161633330656134
|
||||||
33353738316438376539643234303433313137303063326264313135626231363731666535313363
|
64373031616664366566396637363465333636366237363130663334643131373262383162653334
|
||||||
34353231363864313365653162303631613362623562336663356664636437653137383635333263
|
62663162613634666535346630343134666131376362636262633862373833356263656535386431
|
||||||
65373331653065303932306133306636623265373939346431363633633538626666306431386463
|
37316461373731656236613463646639383966336336346637613562653538396161393662363636
|
||||||
38663137386166633166343930663663663165316261656631613734643838663237333034306461
|
31626332376238323061646530653838616433333934616639316430393065373165393766646132
|
||||||
37383838336338633965626231393839626664656536323938616164656666346665333432616437
|
39613462363331356239616365393132373866396330656430376633356131316138333230633536
|
||||||
32336333343266653561396232393639336365616237626465343333326332653732363733353031
|
37333761653763333139303566633966616337356637623330396334333931303232346239303164
|
||||||
33633965333639393531383231373334393332373038393666626231613862666162346431626132
|
66323865643131383830623232313766373834393733653162623761643431316239663037336336
|
||||||
35336233313266613933383266323765303538396535343461393832646238343335323433663734
|
36353365346466363166666366326635366632323836393265353530336132326239343138313662
|
||||||
30376136376537333535643132633866643232363133653934363733323035366665663338633464
|
39393064363034646562643163313735363833623733303666643434326436623465636664646339
|
||||||
62303234323238613531323237366636656336343165646436646366323235393537663539623765
|
62343932316631623862336437386139386165623635653164363662633239616633383363623462
|
||||||
62346264613236636463313565366562393238313537313962666466393939363863393633323532
|
33663565356134383135376263653437393530346634663163383364636664393431306337646338
|
||||||
64643935366630346135646232663161323033376138633633316265353138303834313034616233
|
34383735623839396162373737343163363266343866626330373236666665396432303531366230
|
||||||
34366336643832383139313865626237353461336637346135613334326638653361326163646536
|
39336337363239646165666639383965396662666533386637633533643835363338343065346631
|
||||||
34316362616230376462636134366663616437316333323064326461363338373565396231306362
|
33343933643664353937393366383465366563363531386134313338393938666430353938303339
|
||||||
32623261333764336264653762393730323465653563613534343431363965386663396162663364
|
36363535363938373732646233663837363232663938333265343031313735363332653237333235
|
||||||
35646164323236653934633039373236363565653030396265663439326637653734643963393830
|
39663534373564653230353632396464623434623931353663343063316230616330323039356135
|
||||||
62346137653137663265353531333161616238303839643638643531646332343365373639396232
|
31343033653439366232376464613834363036636161366662363939333466383235
|
||||||
31323030323833653164636461323733616466636662366663323138346232643837386331643636
|
|
||||||
39663432613064343732393732643138663263613662373139396130616534653466376631373165
|
|
||||||
32623838653365303331386633633962613536623334393536616465323734336266613936663435
|
|
||||||
64626438396365396536616665313131646131326435356463356431616339343939653561346261
|
|
||||||
6366396261353230613565393938323965613832313865623132
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
---
|
|
||||||
ansible_host: sulfur.lan
|
|
38
host_vars/sulfur/main.yml
Normal file
38
host_vars/sulfur/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
ansible_host: sulfur.lan
|
||||||
|
|
||||||
|
## Users
|
||||||
|
users:
|
||||||
|
g33kex: sudo
|
||||||
|
histausse: sudo
|
||||||
|
dorian: sudo
|
||||||
|
thomyrock: sudo
|
||||||
|
|
||||||
|
## Networking
|
||||||
|
interfaces:
|
||||||
|
ens18:
|
||||||
|
type: dhcp
|
||||||
|
wg0:
|
||||||
|
ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
|
||||||
|
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||||
|
type: wireguard
|
||||||
|
|
||||||
|
ipv4_forwarding: false
|
||||||
|
ipv6_forwarding: false
|
||||||
|
|
||||||
|
lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
|
||||||
|
|
||||||
|
## VPN
|
||||||
|
vpn_interfaces:
|
||||||
|
wg0:
|
||||||
|
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||||
|
private_key: "{{ vpn_key }}"
|
||||||
|
public_key: "oQH8CBofxNSOGevaz1HZlz3ZW+H3ndb/TmqM0pCiRR8="
|
||||||
|
keepalive: true
|
||||||
|
peers:
|
||||||
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
|
allowed_ips:
|
||||||
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
|
comment: "hindley"
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
interfaces:
|
|
||||||
ens18:
|
|
||||||
type: dhcp
|
|
||||||
wg0:
|
|
||||||
ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
|
|
||||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
|
||||||
type: wireguard
|
|
||||||
|
|
||||||
ipv4_forwarding: false
|
|
||||||
ipv6_forwarding: false
|
|
||||||
|
|
||||||
lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
|
|
9
host_vars/sulfur/secrets.yml
Normal file
9
host_vars/sulfur/secrets.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
65636333393239393537363163356565376535366136633266643165393662306533613137396262
|
||||||
|
3263333334636263383162623533333637303466383139660a356161616138353764326166383566
|
||||||
|
39383038613361616663646166626335396537343466336133356135633130643532373165633233
|
||||||
|
3437613237656666630a346263643330343336633431313264373365633439623235396236353133
|
||||||
|
63623733363935663035393666343739643461393263393966356336346563306434623833303139
|
||||||
|
63653036343662333062393936316138613236326332363336326561316131356239646266643936
|
||||||
|
30366265636138366239626633363562613330623432626266386135313537643030366534613237
|
||||||
|
65633430346337643331
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
users:
|
|
||||||
- g33kex: sudo
|
|
||||||
- histausse: sudo
|
|
||||||
- dorian: sudo
|
|
||||||
- thomyrock: sudo
|
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
vpn_interfaces:
|
|
||||||
wg0:
|
|
||||||
ip: "{{ interfaces.wg0.ipv4 }}"
|
|
||||||
private_key: "{{ vpn_vault_matrix_key }}"
|
|
||||||
public_key: "oQH8CBofxNSOGevaz1HZlz3ZW+H3ndb/TmqM0pCiRR8="
|
|
||||||
keepalive: true
|
|
||||||
peers:
|
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
|
||||||
allowed_ips:
|
|
||||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
|
||||||
comment: "hindley"
|
|
|
@ -1,2 +0,0 @@
|
||||||
---
|
|
||||||
ansible_host: "technetium.lan"
|
|
36
host_vars/technetium/main.yml
Normal file
36
host_vars/technetium/main.yml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
ansible_host: technetium.lan
|
||||||
|
|
||||||
|
## Users
|
||||||
|
users:
|
||||||
|
g33kex: sudo, video
|
||||||
|
histausse: sudo, video
|
||||||
|
|
||||||
|
## Networking
|
||||||
|
interfaces:
|
||||||
|
eth0:
|
||||||
|
type: dhcp
|
||||||
|
wg0:
|
||||||
|
ipv4: "{{ intranet.subnets.physical.subnets.technetium.ipv4 }}"
|
||||||
|
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||||
|
type: wireguard
|
||||||
|
|
||||||
|
ipv4_forwarding: false
|
||||||
|
ipv6_forwarding: false
|
||||||
|
|
||||||
|
lan_address: "{{ intranet.subnets.physical.subnets.technetium.ipv4 }}"
|
||||||
|
|
||||||
|
## VPN
|
||||||
|
vpn_interfaces:
|
||||||
|
wg0:
|
||||||
|
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||||
|
private_key: "{{ vpn_key }}"
|
||||||
|
public_key: "sBk95X1alesUr7EhbJ04SfQ3HXHhnE4mm9PGYNa1xmc="
|
||||||
|
keepalive: true
|
||||||
|
peers:
|
||||||
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
|
allowed_ips:
|
||||||
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
|
comment: "hindley"
|
||||||
|
|
8
host_vars/technetium/secrets.yml
Normal file
8
host_vars/technetium/secrets.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
66656663643539653865323364386464393932303834303832313463636662643161396533656534
|
||||||
|
3330346432353736323266653063303538306232356133650a373134623933666137636538343832
|
||||||
|
65323430353263623234616336396530613038333530333433383966653739336439643431363065
|
||||||
|
6363313939623162340a626635633335333631306332386535393861653462383765376464613230
|
||||||
|
63313033613462393331313431616138306430316634373334656537323431336633663833636132
|
||||||
|
33323365316533373462323361383561623535326336643232633631316438316362653166616462
|
||||||
|
333165626564653538333033393233303435
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
users:
|
|
||||||
histausse: sudo, video
|
|
||||||
g33kex: sudo, video
|
|
10
hosts
10
hosts
|
@ -36,11 +36,12 @@ hindley
|
||||||
[vpn]
|
[vpn]
|
||||||
hindley
|
hindley
|
||||||
sulfur
|
sulfur
|
||||||
|
technetium
|
||||||
|
|
||||||
[apt_proxies]
|
[apt_proxy]
|
||||||
hindley
|
hindley
|
||||||
|
|
||||||
[prometheus_servers]
|
[prometheus]
|
||||||
hindley
|
hindley
|
||||||
|
|
||||||
[matrix]
|
[matrix]
|
||||||
|
@ -52,8 +53,3 @@ vanadium
|
||||||
[backup]
|
[backup]
|
||||||
barium
|
barium
|
||||||
|
|
||||||
[no_user]
|
|
||||||
sulfur
|
|
||||||
|
|
||||||
[tests]
|
|
||||||
technetium
|
|
||||||
|
|
|
@ -19,9 +19,6 @@
|
||||||
- acl
|
- acl
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
- name: Customize motd
|
- name: Customize motd
|
||||||
copy:
|
copy:
|
|
@ -1,22 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install the PAM lib
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- libpam-oath
|
|
||||||
state: latest
|
|
||||||
update_cache: true
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
- name: Add the totp secret for users
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/users.oath
|
|
||||||
regexp: "{{ item.name }}"
|
|
||||||
line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ users.key }} - {{ users_dict[users.key].totp }}"
|
|
||||||
create: true
|
|
||||||
group: root
|
|
||||||
owner: root
|
|
||||||
mode: '600'
|
|
||||||
loop: "{{ users | dict2items }}"
|
|
||||||
no_log: true
|
|
14
roles/cloudinit/tasks/main.yml
Normal file
14
roles/cloudinit/tasks/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
- name: Remove cloudinit sudoers file
|
||||||
|
file:
|
||||||
|
path: "/etc/sudoers.d/90-cloud-init-users"
|
||||||
|
state: absent
|
||||||
|
- name: Disable cloudinit
|
||||||
|
file:
|
||||||
|
path: "/etc/cloud/cloud-init.disabled"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
state: touch
|
||||||
|
modification_time: preserve
|
||||||
|
access_time: preserve
|
|
@ -6,9 +6,6 @@
|
||||||
- ifupdown2
|
- ifupdown2
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
when: ansible_facts["lsb"]["id"] == "Debian"
|
when: ansible_facts["lsb"]["id"] == "Debian"
|
||||||
|
|
||||||
- name: Install bridge-utils
|
- name: Install bridge-utils
|
||||||
|
@ -17,40 +14,23 @@
|
||||||
- bridge-utils
|
- bridge-utils
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
when: (ansible_facts["lsb"]["id"] == "Debian") and
|
when: (ansible_facts["lsb"]["id"] == "Debian") and
|
||||||
(lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list)
|
(lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list)
|
||||||
|
|
||||||
- name: Enable ipv4 forwarding
|
- name: Enable ipv4 forwarding
|
||||||
ansible.posix.sysctl:
|
ansible.posix.sysctl:
|
||||||
name: net.ipv4.ip_forward
|
name: net.ipv4.ip_forward
|
||||||
value: '1'
|
value: "'{{ ipv4_forwarding | int }}'"
|
||||||
sysctl_set: true
|
sysctl_set: true
|
||||||
when: ipv4_forwarding
|
when: ipv4_forwarding
|
||||||
|
|
||||||
- name: Enable ipv6 forwarding
|
- name: Enable ipv6 forwarding
|
||||||
ansible.posix.sysctl:
|
ansible.posix.sysctl:
|
||||||
name: net.ipv6.conf.all.forwarding
|
name: net.ipv6.conf.all.forwarding
|
||||||
value: '1'
|
value: "'{{ ipv6_forwarding | int }}'"
|
||||||
sysctl_set: true
|
sysctl_set: true
|
||||||
when: ipv6_forwarding
|
when: ipv6_forwarding
|
||||||
|
|
||||||
- name: Disable ipv4 forwarding
|
|
||||||
ansible.posix.sysctl:
|
|
||||||
name: net.ipv4.ip_forward
|
|
||||||
value: '0'
|
|
||||||
sysctl_set: true
|
|
||||||
when: not ipv4_forwarding
|
|
||||||
|
|
||||||
- name: Disable ipv6 forwarding
|
|
||||||
ansible.posix.sysctl:
|
|
||||||
name: net.ipv6.conf.all.forwarding
|
|
||||||
value: '0'
|
|
||||||
sysctl_set: true
|
|
||||||
when: not ipv6_forwarding
|
|
||||||
|
|
||||||
- name: Create interface config files
|
- name: Create interface config files
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "debian_interfaces.j2"
|
src: "debian_interfaces.j2"
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
- name: reload_sshd
|
||||||
- name: Reload sshd
|
|
||||||
systemd:
|
systemd:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: reloaded
|
state: reloaded
|
8
roles/ssh/tasks/main.yml
Normal file
8
roles/ssh/tasks/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
- name: sshd_config
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: sshd_config.j2
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: reload_sshd
|
13
roles/ssh/templates/sshd_config.j2
Normal file
13
roles/ssh/templates/sshd_config.j2
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
{% if ansible_os_family == "Ubuntu" %}
|
||||||
|
Include /etc/ssh/sshd_config.d/*.conf
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
|
||||||
|
PermitRootLogin no
|
||||||
|
PasswordAuthentication no
|
||||||
|
ChallengeResponseAuthentication no
|
||||||
|
UsePAM yes
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
|
PrintMotd yes
|
|
@ -1,2 +0,0 @@
|
||||||
dependencies:
|
|
||||||
- role: base_totp
|
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
- name: Eddit pam config for ssh
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/pam.d/sshd
|
|
||||||
regexp: 'pam_oath.so'
|
|
||||||
line: "auth required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
|
|
||||||
insertafter: "^# PAM configuration for the Secure Shell service"
|
|
||||||
|
|
||||||
- name: Set ChallengeResponseAuthentication in sshd conf
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
regexp: '^#?ChallengeResponseAuthentication'
|
|
||||||
line: 'ChallengeResponseAuthentication yes'
|
|
||||||
notify: Reload sshd
|
|
||||||
|
|
||||||
- name: Set UsePAM in sshd conf
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
regexp: '^#?UsePAM'
|
|
||||||
line: 'UsePAM yes'
|
|
||||||
notify: Reload sshd
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -15,5 +15,6 @@
|
||||||
key: "{{ user_dict[item.key].ssh_keys | join('\n') }}"
|
key: "{{ user_dict[item.key].ssh_keys | join('\n') }}"
|
||||||
user: "{{ item.key }}"
|
user: "{{ item.key }}"
|
||||||
exclusive: no
|
exclusive: no
|
||||||
|
path: "/etc/ssh/authorized_keys/{{ item.key }}"
|
||||||
state: present
|
state: present
|
||||||
loop: "{{ users | dict2items }}"
|
loop: "{{ users | dict2items }}"
|
||||||
|
|
|
@ -4,5 +4,5 @@
|
||||||
name: "wg-quick@{{ item.key }}"
|
name: "wg-quick@{{ item.key }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
loop:
|
loop:
|
||||||
- "{{ lookup('dict', vpn_interfaces) }}"
|
- "{{ vpn_interfaces | dict2items }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb http://deb.debian.org/debian buster-backports main
|
repo: deb http://deb.debian.org/debian buster-backports main
|
||||||
state: present
|
state: present
|
||||||
when: ('debian_buster' in group_names) or ('proxmox_buster' in group_names)
|
when: ansible_facts["lsb"]["codename"] == "buster"
|
||||||
|
|
||||||
- name: Install wireguard dependencies for proxmox
|
- name: Install wireguard dependencies for proxmox
|
||||||
apt:
|
apt:
|
||||||
|
@ -12,10 +12,7 @@
|
||||||
- wireguard-dkms # May need a `dkms autoinstall` and reboot ?
|
- wireguard-dkms # May need a `dkms autoinstall` and reboot ?
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
register: apt_result
|
when: ('proxmox' in group_names)
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
when: ('proxmox_buster' in group_names)
|
|
||||||
|
|
||||||
- name: Install wireguard
|
- name: Install wireguard
|
||||||
apt:
|
apt:
|
||||||
|
@ -23,9 +20,6 @@
|
||||||
- wireguard
|
- wireguard
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
- name: Create wireguard config files
|
- name: Create wireguard config files
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -35,15 +29,13 @@
|
||||||
group: root
|
group: root
|
||||||
mode: '600'
|
mode: '600'
|
||||||
notify: Restart wireguard for interface
|
notify: Restart wireguard for interface
|
||||||
loop:
|
loop: "{{ vpn_interfaces | dict2items }}"
|
||||||
- "{{ lookup('dict', vpn_interfaces) }}"
|
no_log: "{{ enable_no_log | default('true') }}"
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Enable interface
|
- name: Enable interface
|
||||||
systemd:
|
systemd:
|
||||||
name: "wg-quick@{{ item.key }}"
|
name: "wg-quick@{{ item.key }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
loop:
|
loop: "{{ vpn_interfaces | dict2items }}"
|
||||||
- "{{ lookup('dict', vpn_interfaces) }}"
|
no_log: "{{ disable_no_log | not | default('true') }}"
|
||||||
no_log: true
|
|
||||||
|
|
Loading…
Reference in a new issue