Pains-Perdus
/
ansible
3
1
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Compare commits

base: Pains-Perdus:master
Branches Tags
Pains-Perdus:dev
Pains-Perdus:big_cleanup
Pains-Perdus:master
Pains-Perdus:monitoring
Pains-Perdus:matrix
Pains-Perdus:networking
Pains-Perdus:DNS
..
compare: Pains-Perdus:DNS
Branches Tags
Pains-Perdus:dev
Pains-Perdus:big_cleanup
Pains-Perdus:master
Pains-Perdus:monitoring
Pains-Perdus:matrix
Pains-Perdus:networking
Pains-Perdus:DNS

No commits in common. 'master' and 'DNS' have entirely different histories.
master ... DNS

149 changed files with 33 additions and 7999 deletions
Show Stats

4
.gitignore vendored
Unescape Escape View File

@ -1,5 +1,3 @@
# ---> Ansible
*.retry
.main_vault_password
.user_vault_password
.vpn_vault_password
.vault_password

18
.gitmodules vendored
Unescape Escape View File

@ -1,18 +0,0 @@
[submodule "roles/matrix-bridge-discord"]
path = roles/matrix-bridge-discord
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-discord.git
[submodule "roles/matrix-bridge-facebook"]
path = roles/matrix-bridge-facebook
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-facebook.git
[submodule "roles/matrix-bridge-signal"]
path = roles/matrix-bridge-signal
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-signal.git
[submodule "roles/matrix-bridge-instagram"]
path = roles/matrix-bridge-instagram
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-instagram.git
[submodule "roles/postgre"]
path = roles/postgre
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/postgre.git
[submodule "roles/matrix-bridge-telegram"]
path = roles/matrix-bridge-telegram
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-telegram.git

17
README.md
Unescape Escape View File

@ -26,20 +26,3 @@ ssh-add
ansible all -m ping # or whatever you want to do with ansible
exit
```
## Vault managment
To use multiple vaults with multiple password, we use vault id.
The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list:
`vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password`
To create a new vault with an id and password registered in ansible.cfg:
`ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault`
## User managment
The user managment role allows to manage user.
Especially, it generate the described users on each hosts.
The password are stored in the variables in there hash form. The script `hash_passwd.py` can give you the hash of a password.

40
TODO.md
Unescape Escape View File

@ -1,40 +0,0 @@
# My todo list
Stuff that I should do but will probably never do.
## Polish the user role
The role is fine, but could use some default filter, like for the shell value.
Also, the variables are messy.
Also, a more atomique gestion of the users would be great.
## Create a role "generate certificate"
Curently, reverse_proxt_http and similare roles implement certbot themselves, and there is a role
for generating self signed certificate.
It would be better to manage certbot in a role, to allow off-wan machine to use reverse_proxy_http with self signed certificates for instance.
Bonus point if the role chose whether to use certbot or a self-signed certificate (but the dependencie gestion could begin to get tricky :/ )
## Proxmox setup
setup:
- x509 for clickodrom
- bind the clickodrom to a specific interface
- remove the "please pay us" message
- remove the enterprise apt repo
## VM setup
- create a VM from template using cloud init
- add VM to dynamic inventory
- use the cloud init account to connect to the new VM
- setup the VM
- disable cloud init
- remove cloud init account and change the connenction variable for the vm
good luck

9
ansible.cfg
Unescape Escape View File

@ -1,4 +1,4 @@
# Ansible configuration
# Ansible configuration, copy from the AURORE config.
[defaults]
@ -8,11 +8,8 @@ retry_files_enabled = False
# Use inventory
inventory = ./hosts
# roles location
roles_path = ./roles
# Custom header in templates
ansible_managed = Ansible managed
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
# Do not use cows (with cowsay)
nocows = 1
@ -23,7 +20,7 @@ forks = 15
# Some SSH connection will take time
timeout = 60
vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password, vpn_vault@.vpn_vault_password
vault_password_file = .vault_password
[privilege_escalation]

4
books/apt_proxy.yml → base.yml
Unescape Escape View File

@ -1,5 +1,5 @@
#!/usr/bin/env ansible-playbook
---
- hosts: apt_proxies
- hosts: all,
roles:
- apt_cacher_ng
- base_config

18
books/base.yml
Unescape Escape View File

@ -1,18 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: vpn, !tests,
roles:
- vpn
- client_apt_proxy
- hosts: all, !tests,
roles:
- networking
- base_config
- prometheus-node-exporter
- hosts: all, !tests, !no_user,
roles:
- create_users
- ssh_totp

8
books/gitea.yml
Unescape Escape View File

@ -1,8 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: gitea_host
roles:
- install_docker
- generate_self_signed_certificate
- install_gitea

8
books/keycloak.yml
Unescape Escape View File

@ -1,8 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: keycloak_host
roles:
- install_docker
- generate_self_signed_certificate
- install_keycloak

14
books/matrix.yml
Unescape Escape View File

@ -1,14 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: matrix
roles:
- synapse
- matrix-bridge-discord
- matrix-bridge-facebook
- matrix-bridge-signal
- matrix-bridge-instagram
- matrix-bridge-telegram
- hosts: proxy
roles:
- rp_synapse

12
books/monitoring.yml
Unescape Escape View File

@ -1,12 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: prometheus_servers
roles:
- prometheus
- prometheus-alert-manager
- grafana
- prometheus-blackbox-exporter
- hosts: all, !tests,
roles:
- prometheus-node-exporter

7
books/users.yml
Unescape Escape View File

@ -1,7 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all, !tests, !no_user
roles:
- create_users
- base_totp

6
books/vpn.yml
Unescape Escape View File

@ -1,6 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: vpn, !tests
roles:
- vpn
- networking

1
books/dns.yml → dns.yml
Unescape Escape View File

@ -4,5 +4,6 @@
# Reverse proxy
- hosts: proxy
roles:
- install_nginx
- configure_resolved
- reverse_proxy_stream

9
group_vars/all/apt_proxy.yml
Unescape Escape View File

@ -1,9 +0,0 @@
---
apt_proxy_port: 3142
apt_proxy_admin_user: admin
apt_proxy_admin_mdp: "{{ vault_apt_proxy_admin_mdp }}"
apt_proxy_allowed_clients:
- "{{ intranet['ipv4'] }}/{{ intranet['netmaskv4'] }}"
apt_proxy_address: "{{ intranet['subnets']['physical']['subnets']['hindley']['ipv4'] }}"

57
group_vars/all/ca.yml
Unescape Escape View File

@ -1,57 +0,0 @@
---
ca_passphrase: "{{ vault_ca_passphrase }}"
ca_key: "{{ vault_ca_key }}"
ca_cert: |
-----BEGIN CERTIFICATE-----
MIIFhzCCA2+gAwIBAgIUP+ptXLNUBVsZm5oYpynQd5mhB60wDQYJKoZIhvcNAQEL
BQAwUzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxFTATBgNVBAoM
DFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPQ0EgUGFpbnMtUGVyZHVzMB4XDTIxMDky
MTE0NDUxNloXDTMxMDkxOTE0NDUxNlowUzELMAkGA1UEBhMCRlIxEzARBgNVBAgM
ClNvbWUtU3RhdGUxFTATBgNVBAoMDFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPQ0Eg
UGFpbnMtUGVyZHVzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4jG+
8N5YN91KghYjYTOBQ+lRYJ45X5S9mfcwwf8OIMGe+NyNkXx2GX4uYpZOitYOApI4
rGnAjhll7tdZevzfdqpUDCYUDT6iR4BzL32k22mIN+iW6zQPaZetOU7VIA9V5TsM
WbDsftqh6fj3N4SwVMpHiuiajMkX8CIELxoXDAJULvwyreWOONlwDMObtVCHBIhM
uf1Jbx2DfRNS/w6lbHPCrZefMCea1FrSaotOANXxNgQfptX3fLZbhH5RiZQLDU8k
ZChAUoW9hE4+uiSOUMd2hl9XgCWHcGEMcKyWG+/lx8UUw3Zl+oOrfb+IWo5IByVZ
8nV5aiTMCuRlcTcMHUuedRaPcWfl5ZaEOVzhYXIYM4Oa8ShqXuWqW0WZ8oIhI2ya
hTE03mIPV1nX3ucE9GsDZpnrj7t+qd8etiZXFGVihKEqVFfhzKRsPh4wgUKH/gwG
AJshPA9NyJ0JpzUaWQ2acUjo3Hg9WPSTaMb46FS7hUdZUcZZiwSq9JjHDNAUKjNY
zudKjTyqJXkqwhNvMfKWFIGYjldvZgQXzuT8XmSHYSKuLfH9Ko28FX0Aujye1TTH
MPljXruyO04Q7NUg/jqtxdsWRpH/qCt12PmRuIiXsNCAeLjSuc75H+AOPbNudJLT
w2AUTkfn3mw/XTwEBfemHAo6GAdtCDKo6GxBqvcCAwEAAaNTMFEwHQYDVR0OBBYE
FIh4sxxlmesmbVKPWKo81BXMFVqVMB8GA1UdIwQYMBaAFIh4sxxlmesmbVKPWKo8
1BXMFVqVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAKipx6Nu
QwnYmwYPd3kUVBOj9ia0PVeE4LoUSRapzRTF2HilSIo9Sa7qD1HVxbWrghUPLjW/
Ru04k82hxvAm26gc1XeqIBzpgZmxwF0QibCeuj1vDXsndACXVHd6Atvnl0rW4bEI
pVCqerXNu0T4STk2V/xNqndGMRp/vZX67BlyHAHD4el957R9RYlyxW6fADrHDKqk
tC1eTeQtEi5W7v9X3dNGdtFS+exDrYpUTHPDwM81u25oCGUFGsH3RlG7LUEQ5mYW
SsJ3EKpIkMxSZB3/GqttCIHi+yEMtwDDL3dN8UnVaTkRjVNQxraOUwe66QByGqnJ
9YeQNpUfZxWFW/GW2fBAvD/RaLrLZ4ywhUze38ks4jsLnAIduawjQ8GlNg9i2MqD
zvDat41LWSCDjRUOfCp7fc9lMlI5blTafozrAddMV8YUs3bQ6XD0H31pP59jb7nc
5kmwqH6RivbFZZYBquQVujiiI7d+9m+X9OfTZJTCpRPCGYZcLuqH7txyPhixxrZd
a8lWJ+5jHOdncV/ZWSB5JnjKbaMMEPcaTo3puEPt/yl74CR7UOJXr5oM0bVFKjas
90hY5U+jPAcneCk2oc44R4NWuQ7qbsjPRfcxxi27DoLbhlmPp9jQwYQEqmdflcZ0
zCTEq81KO2mAbJgTc/ahhcvAV/huJ5d8c9R1
-----END CERTIFICATE-----
crl_distribution_points:
- full_name: "URI:https://ca.deso-palaiseau.fr/revocations.crl"
reasons:
- key_compromise
- ca_compromise
- affiliation_changed
- superseded
- cessation_of_operation
- certificate_hold
- privilege_withdrawn
- aa_compromise
- full_name: "URI:https://ca-pains-perdus.intra/revocations.crl"
reasons:
- key_compromise
- ca_compromise
- affiliation_changed
- superseded
- cessation_of_operation
- certificate_hold
- privilege_withdrawn
- aa_compromise

3
group_vars/all/generate_self_signed_certificate.yml
Unescape Escape View File

@ -1,3 +0,0 @@
---
country_name: FR
organization_name: Pains-Perdus

11
group_vars/all/in_memoriam.yml
Unescape Escape View File

@ -1,11 +0,0 @@
---
in_memoriam:
- Terry Pratchett
- Pierre Bottero
- Alan Turing
- Ada Lovelace
- Evariste Galois
- Grace Hopper
- John Conway
- Leonhard Euler

3
group_vars/all/install_gitea
Unescape Escape View File

@ -1,3 +0,0 @@
---
gitea_ssh_port: 2222
gitea_https_port: 8443

2
group_vars/all/install_keycloak
Unescape Escape View File

@ -1,2 +0,0 @@
---
keycloak_https_port: 7443

65
group_vars/all/matrix.yml
Unescape Escape View File

@ -1,65 +0,0 @@
---
matrix_server_name: pains-perdus.fr
matrix_local_server_name: synapse.pp.intra
matrix_enable_registration: False
synapse_postgre_user_pwd: "{{ vault_synapse_postgre_user_pwd }}"
matrix_max_upload_size: 50M
matrix_registration_shared_secret: "{{ vault_matrix_registration_shared_secret }}"
matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}"
matrix_form_secret: "{{ vault_matrix_form_secret }}"
matrix_apps_services:
- discord
- facebook
- signal
- instagram
- telegram
# bridge discord
matrix_bridge_discord_postgre_user_pwd: "{{ vault_matrix_bridge_discord_postgre_user_pwd }}"
matrix_bridge_discord_client_ID: "{{ vault_matrix_bridge_discord_client_ID }}"
matrix_bridge_discord_botToken: "{{ vault_matrix_bridge_discord_botToken }}"
# bridge facebook
matrix_bridge_facebook_postgre_user_pwd: "{{ vault_matrix_bridge_facebook_postgre_user_pwd }}"
# Those values are generated by the bridge the first time the bridge is launched.
# we copied the values generated from our test config
matrix_bridge_facebook_integration_manager_shared_secret: "{{ vault_matrix_bridge_facebook_integration_manager_shared_secret }}"
# matrix_bridge_facebook_as_token: "{{ vault_matrix_bridge_facebook_as_token }}"
# matrix_bridge_facebook_hs_token: "{{ vault_matrix_bridge_facebook_hs_token }}"
matrix_bridge_facebook_admins:
- g33kex
- histausse
matrix_bridge_facebook_allowed_external_user:
- '@dorianx:matrix.rezel.net'
# bridge signal
matrix_bridge_signal_postgre_user_pwd: "{{ vault_matrix_bridge_signal_postgre_user_pwd }}"
matrix_bridge_signal_admins:
- g33kex
- histausse
matrix_bridge_signal_allowed_external_user:
- '@dorianx:matrix.rezel.net'
# bridge instagram
matrix_bridge_instagram_postgre_user_pwd: "{{ vault_matrix_bridge_instagram_postgre_user_pwd }}"
matrix_bridge_instagram_admins:
- g33kex
- histausse
matrix_bridge_instagram_allowed_external_user:
- '@dorianx:matrix.rezel.net'
# bridge telegram
matrix_bridge_telegram_postgre_user_pwd: "{{ vault_matrix_bridge_telegram_postgre_user_pwd }}"
matrix_bridge_telegram_admins:
- g33kex
- histausse
matrix_bridge_telegram_allowed_external_user:
- '@dorianx:matrix.rezel.net'
matrix_bridge_telegram_api_id: "{{ vault_matrix_bridge_telegram_api_id }}"
matrix_bridge_telegram_api_hash: "{{ vault_matrix_bridge_telegram_api_hash }}"
matrix_bridge_telegram_bot_token: "{{ vault_matrix_bridge_telegram_bot_token }}"
# Not configured for now
matrix_stats_endpoint: https://127.0.0.1/report-usage-stats/push

59
group_vars/all/networking.yml
Unescape Escape View File

@ -1,59 +0,0 @@
---
intranet:
domaine: intra
ipv4: 172.20.0.0
netmaskv4: 16
gateway: 172.20.1.1
comment: The intranet
subnets:
physical:
domaine: phy
ipv4: 172.20.1.0
netmaskv4: 24
gateway: 172.20.1.1
comment: Physical machines
subnets:
hindley:
domaine: hindley
ipv4: 172.20.1.1
netmaskv4: 32
comment: Hindley
router_hellman:
domaine: 'router-hellman'
ipv4: 172.20.1.3
netmaskv4: 32
comment: Router on Hellman
matrix:
domaine: matrix
ipv4: 172.20.1.5
netmaskv4: 32
comment: Matrix server
guest_hellman:
domaine: hllm
ipv4: 172.20.198.0
netmaskv4: 24
gateway: 172.20.198.1
comment: Lan for the vm hosted on hellman
subnets:
hellman:
domaine: router
ipv4: 172.20.198.1
netmaskv4: 32
comment: Router
test:
domaine: test
ipv4: 172.20.199.0
netmaskv4: 24
comment: Test VM
guest:
domaine: guest
ipv4: 172.20.200.0
netmaskv4: 24
comment: Guest machines
subnets:
knuth:
domaine: knuth
ipv4: 172.20.200.1
netmaskv4: 32
comment: Knuth

9
group_vars/all/revers_proxy.yml
Unescape Escape View File

@ -1,9 +0,0 @@
---
reverse_proxy_sites:
- {from: wiki.pains-perdus.fr, to: "https://azerty.fil.sand.auro.re:2443"}
- {from: hindley.pains-perdus.fr, to: "http://127.0.0.1:5000"}
- {from: "{{ grafana_domain_name }}", to: "http://127.0.0.1:3000"}
sharing_sites:
- {from: share.deso-palaiseau.fr, folder: "/home/histausse/www", user: histausse, group: histausse}

3
group_vars/all/reverse_proxy_stream.yml
Unescape Escape View File

@ -1,4 +1,5 @@
---
reverse_proxy_stream:
- {from_port: 2222, type: "tcp", to: "azerty.fil.sand.auro.re:2222"}
- {from_port: 53, type: "udp", to: "dns-histausse.fil.sand.auro.re:53"}
- {from_port: 53, type: "tcp", to: "dns-histausse.fil.sand.auro.re:53"}

4
group_vars/all/totp.yml
Unescape Escape View File

@ -1,4 +0,0 @@
---
totp_periode: 60
totp_digits: 6
totp_machine: "pains-perdus"

162
group_vars/all/user_vault
Unescape Escape View File

@ -1,162 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;user_vault
66646139353961656263643538333430306336343661306434346136646234336534393663333732
6265656462333262363466366232313434643739616235660a323232393330383037636664303162
66343861653038663534313139653266376563613030633934323335383431623538643135643637
6634656439313233390a316435623232376135323666656332323038646565353733393039373533
64663035613930303631313536636130333363633362383934623863333631633538393231633531
30646430346634346433323339343461323430643938613634613164393461613863356633346638
33396463303162333338623731646431663839623034613664616166383237323435623631393737
32316336393330633330616530306538353136623737346530343838313634386535376633393134
36306438393531613464326561356633373139663863666564323433353161656266616638626436
66316363663631646562333566356638343830626437643666306335393364353165313939323363
39323362333364323531353330343164643938346636333865626630363431663130373161353263
34366131333362396634326336396635343961393239333665626632343533363263653535306438
66343430343734653261386230653738373436313432393839313765333062363165373762303536
34303939663837333531626437653263383662326238306162356361333362353863313466343031
65646537323762373234633134323737333137316161343539663065386538653762616236396133
33313637316331326432363132643462666438663037613537363263306564316530396433383662
34356464353562336331623934316138376662396466626430383162656430653935626537303138
61663033353961303061646364363865653135346362373433666531363432366566396638376139
32656265636163326632356133653639623633663934353636396365356662666563623735353830
33386166326564656135386161653032646635663832383662323162343039323665326165613263
38613732373962363264373237643239383961383639393832616631613535316332306330353637
39613638656434393039613362383738383039343030393761666534393633666630656632613739
65376461323363643462613064336566353463363031303436616335633632623838306565313464
61323431363635356431333336323434353334666539323233666132333931633636633632626461
39366335613739393634636637663535643663353035663731613939323864613965663632616136
61613133316636336336623563373564333533343062333262336539363962623739373233633462
66643664616438383030303764313038613133353535636130643531623564373639396563333934
32353663343533616262323165373564303239356635633136306133326666313037363062633132
62363364623465353435386461623062373836353531616361346533626266623961393166323639
35613261666533363436386438656232653732396631626638356532306163656661633738326361
38353961323135383439326331663139613730303362326233363436353532373865656633633462
32326339323865666531393565333633386234663463663133386463323730323230646533393535
35356336326235333536663165393938353730653862356161356137666532653231396265663336
63633330336264383765356661303431353239346433326138383565396663643638666330633161
65323338646436323237613235343936636333653332666435373461346632643462383961356233
62373066616239303437383637323838613666353465383035303230386565366138663933653838
33626665663562353137316561303863333862376537303831316665653164656336323461666436
33323165393762616664356561633138383836316433623635383664353564353664383566313561
38623631356432316431343934306334633532383034383432323562313033356238323736316239
31653261333035663631666362366231303237656630656435373636383164306266646164363265
30653064306132393330376561616431343765656637356336306565306135336664373837353566
65323636646235386661616132316461376531653738343632393638663938626564333235643238
61653164616331653933336138393763613837353030653239626532633562396530373736316462
63643930313264393363613564316637306562643336373536353036306233343266653066343832
35306231383866613439636333623039376465386463653266663365646332336335326564323939
65386630336131343964653037646365616631663466323036623661363836363135363636623361
65613831653164393732623031613234323437383136636466353362313966656661623861373532
64653063373933373730386363353939373062386637303936646566646137353238633765326132
62393239386264346133623039616630636139646261366132623765613439303836336266323930
64623861386131613239323261306636373065343233353566353565643532643031346332336331
35663564353433383966633961383061613739373039643265653661666139363735313131363637
62383539643433633164313563366161393133333433656131656331383861393566366631656136
32653131363836366330313239383635336662633838363734366234343533353035356334303662
66613833653930653836663137333064656564376464633435636431326336316339336533613866
31373962333134653863316339623838333439386433663937306539343635363134633062306237
64663834613937663733666662343933633839343532376662366561326535316530363466663432
33626332303032386232363165653439666233616362306665656133656561306564363561633138
34393237316239643462613931633530643062373130386162333537663136666131623263363534
34333164376238353534623038333532343266636535366532633837633161393363393734613765
37333438613332653466653231303361623439376465343231383135316230323337616330613262
31613235356137313233616637333733633437376262383862323566343865313138633538333136
35356261336263323330653664306635656332646365646630373437386536363538376636323533
63383531336261626463613265386337346639616130613333363061643065313766326262313635
30396438653535653739316264346531646438323862346438633339613563383930306230663932
39653564336531376234373364306462396433633738313565363335303435353736616264313131
38363738303431653963363765666238613435386261613037353465303337613933353430353131
38653366643866303863616366383339653631666466646332323463616663376139636632393434
35376537646236623339346366613066383061353535303036383732616337643331616263373131
32633336303963653562386664313532373666346132663334313065336564346362373433326532
65396532356238326237353034333264393233343138363739383830653230643665646362663630
39333537353832616331363534326164323133373761306630623130383465663636636464313539
61646363626434393530333465316333623139626433326337383766343730323963353731333930
35646535376531656262326536306536633137636138663732366330656565633565313533306465
34383464326330353133303731303534663834393837323965393363303635343236313666656264
33633735653135643062313664663432363231653230636339386438386339623363323336393566
62353037346564633535376638363037363861366263323766333961303534393539356530633562
61616664633236613865626663636632323066643534393630393033626635663336366632393134
32326565303031333566346461633136326566306461323436393539353533313033333061383032
34326337616338626630316661663237333831616363346130653663663861353562366164643730
34656638303531353861386437646662346132346662336164616232623839303934383166623532
63343538656130306636313337646238663663636432376237353738303864303835646433353137
61653931383837353934663536663266636636373936376230353836636134653531353031363938
65333361303361363334393733666466643063653266363262306233633834353331666565353266
38666431643139316139623263663864386534376566393437373965346530343433366535323732
65626336396362393331623564656436383135636539333934633233666330643465633531316166
62306637323739346639306630623132346665373630343566656437303630626664333465383766
62303365653332653162336230336634333232663732653237386533646531643839643465366637
65303964626463363130383164633938636538316461366335356664613138336463653539393465
35353637616462613833636137333139356538386162616538613562333337383233313038313035
31303065663630353865303338643533393839373665373231383666646634353035316261613662
34663661323235383331643634636534363238353934303837666531376630643830323863343932
32333934376332646537373064346666343535303038383234356165303635633732373939656438
30326463396631376538346366373135373164666631323036623066613664376334353331386463
32346132643361646136376362356266316231336162333834646232353935656363373766323338
63616337343631383963343165303938333665333731373163383264656537356130343536626661
63663236643539313436636531623232643163643036363438616230306264373166336630363833
39396530643765336436386639323533643638336566636135613438643936623531613436653733
62326536663538376266393233373135333231613161613335323562613734653639633137383364
39313263303036396635663431356363663964393231333663396433653263333337653763613738
66653636653436326636353361623637346562303465303034356561663964666139623630366261
34656338363863393861323735613739366339363063633762363235626264666561373334376135
33396663306131313530663763393137313264383335373830333939636238393163303065323731
33636630363033646530383438343465623462346666333131626434616138363435623732663030
65616632393866633466363837383238386264363536633439366661313265316333666435333536
33376661663733343136353061623065393061306435396338623961623466376532613163353739
64343033626666646130663861383236613961663335623134313063376436383666636338633332
65643365656161373631633232353930343533653134346566643066376265626661366234303439
33386539386536663932636238626234646266643432626162633534376161633262366631356662
63643066383631326632643732616432343733306134616432636561393333326431626230643935
32663232373331643335356562336563653837656164653531323561623432303334333330656263
35303237663131616133643235646634373931313831313965346661356334396266356437613362
63393136353762636666343538663134336138353661663161663936366531316662373666363035
65363333393464303933646230396230363238313264373665623465393434346638663837366364
65633536633464306138663033323132653436663461646432636161353038663836393735316663
32316130383234633664663163663965313436656461353835633439303239663038646464653662
63636261653263373337356433353935323563616438363964653036633139393836366537343562
35323935396461303136623961633730623361663631393036633635663564306139353139646230
32333731643838613465343064633638663738333666653637393331373033383834346134396261
62393564633630353065646563336439623735636461313231343864326132323935633235643637
33353935383665613162663364356232356661393565386231396534633865303938663239353137
36323364346438386231643664306637333039353330616232356536323361356332643564323065
64373137316131643631333331353062643930323265663935656532613430333537663038666337
30656636666233386564663362386366353634613261393261303738643762656266653463633534
35643537376639633563363266663534633662363432373032613738613130313065643134613635
33336236346231346534363064356461653330383763626133386663616661306330393438333139
63326264623864623463333937303338383061393835386132383336666234396437313165373634
37346363616237666337613335313432386563323434333031626261373031343662376430336638
30316466633362623663353037353863633037383631653233616334383562333236386633326464
37336134663563656233623639643665343633323965613136613536633161353835363636663863
34376234633364323534616465633762643033396433326436316435663533653639303536303931
33643261623935363032346233393462653136346461383334336462613735633836663732323735
61353538623534313564643037333162396562373836383763373861343361373164646564343537
34326230393730333766356663343831616663666564613237636661353237313162623237313565
38343239336561343435326535363363313739353165663835363865333164623332346234346430
36336333626434343964383635363864386535343230313036663331666538363433363639346634
65356534343432643064356332343337633034323735623531303638366461383137383038663833
35373262356462666136313564643932663534396366386161326662316166626336353334313333
64326238383962386534396466636235616464633166636134313162646663356438393331633066
37333532373137646139653535623938386364613331346437626537646637366565653038633563
63643431653538396363333566343339326632626566383035356631323931643135303830316162
35336563396534633136343166623638643661623662366466613432616332313133663366323735
63663533383735623262643963353530643330353130356131623733373937623662336536613565
62306535353738613139326337326130333234373036646663633932366532336463616162343936
33373764336530383439333133646339646330376265396639393063623761386464303532376338
30306630626262333839613533663766613730653764373939306437613032323536623531353363
32316464636231386634356534616162373064653066326637636533393230643263633635303263
31663939393236306362616534646136643038666436306137313139366162303163333366323231
33313763623839306162373134623361626263363365633834636331313030313635353932313165
61666364646435643233303862613238373333303130333465643561656634663531303231323936
37626565366334386536343637366162666464613639356139353761656563313532343764653064
31396139373337353363643436666634623037613136333637313931323539383833316338623164
63633562313536396462613437373031396137396532616466343034333839316461663632366365
39396663366536373833363533353039623833613436393065366163383566303537316334343064
31356334343034356431303533633236646334376136666665326365373239376233636436666337
35333731366133616365303365396338653031343432373966356633313136303063653033643462
36653566363630646564303531336330343566383861313431633933386265343661393965653439
65636262393335373038643432633236646134356135323835616336323737373738353636323036
35396363613565633431333434376530666662316434313938653338316163303033623931373932
38363538303561646161636662633136313536633634366133316166366631663732633162663130
33313038383230313464656131623039396230613661626534303563353033623365663765363936
38396234356563373465366134646165633464323166333832393465393433363361

10
group_vars/all/user_vault.example
Unescape Escape View File

@ -1,10 +0,0 @@
---
uservault_users:
- {
name: lorem,
groups: sudo,
shell: "/bin/bash",
password_hash: "$6$lvbzekjvbzejbvzvzvbzvbzhvbzbv....aezrfv/", # the string betwenn the first and second `:` in /etc/shadow
ssh_key: "ssh-rsa azrekgnbmoienbzrinoien...aoeuzn user@host",
totp: "daeae8ce486f6636d68c37c21ce002" # the hex value
}

11
group_vars/all/vars.yml
Unescape Escape View File

@ -2,14 +2,3 @@
# Use python 3
ansible_python_interpreter: /usr/bin/python3
dns_resolve_server: 1.1.1.1
# Default prometheus serveur, to overide in host_vars or something
appointed_prometheus_server: hindley
grafana_admin_password: "{{ vault_grafana_admin_password }}"
grafana_domain_name: monitoring.deso-palaiseau.fr
kassandra_username: cassandre
kassandra_password: "{{ vault_kassandra_password }}"
alert_rooms:
- "#monitoring:pains-perdus.fr"

310
group_vars/all/vault
Unescape Escape View File

@ -1,305 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
66396364626137653230336236313132366334386632383339303335333062323833373534643931
3035323936343830646136386237623565303262616366320a303665383565613936323763383538
32373832626130636665313664356636623339353266656433366563366439363764386136616537
6230376436363463620a663761633130383262353661313461343839656361356238376433396639
36643034376539383136633937613031343862653739396536346130303164346465356530323564
38396130343031343862383237383566333661623466353538343462343565373765316132666430
32393635623834343566303932343734653566326231303531346662303436653437663034333865
65666230623861393161353339336663616131393830333136373366626233363966613064656630
65663362636566323263353838393932343036613337383533393838636338393738303835666538
34373266393237326465613064656231616562626531353937653565346634646162653038356566
37643364336562643439616464636536353335666162623831313035663039386637323639623035
66653538646665306130393934333732346366366439396637313932366463343935303264613033
64633162373062373534643938646633306332303064356662366163366366326561656266636234
36613630346162353061313532386330653939373663616534653263306339633139653935663565
31316237373766653865326632306232346234613237643038613334353737323930636365303562
63333261646638633031313032386239383938386439376333613762346237313463643663336133
36353833333661323632633461333064313263323937613263356264366539313036366637646138
63373761626566613732623365643065626234643032323263623965316464343734386532333165
37626561616334396561333930326461393863346139663738393536626135386463366366396336
36306538373331616562373263653636643938643031386435633234666561353164386463323339
63353761653538663264333762613731336333656139313434613563343061386462643535346533
65366263383735306336386430636338396561346236333837336465323866333933333337626235
39653030326430663332636263333938326536356366643734346362643430336366623164633330
65383838383830306133626461643632656637336264666638383636376565666231373331393834
38663939633137363236303632616638646238313431653262346437313237356263616530656339
34336634386133383434623739326234313339333265636364373963343334363836313934653565
64336132376336323063663765643365336366303732666137376631323231343631656439383666
36383535316232636434653238313738653166633836303461376232333933316332326462656432
39313166396234613162623361343037383131663465383438356438663130306138356266656561
37306232653730653962656336373634643937333633623361343132393964623739623161373233
35373461303833343666623261616534323435663634363639316466613761616533646531616635
37663038396537343361393635343264613635666564343065313930376365393361363934643234
34663830386664613062626465633666616430646566633435303837623536646466616337376162
39376431643738336163653333333638663564356237393630636537306564333531336330333039
61386261316335323866353637626536363939346564373333633561323361396264373034353063
33613835393064393363326263623964353131326566353938623431396566663961633863313465
37373264343331333839356538346436336561656435643434353532626539333538343261616336
66623432653930633334363266316339373830643631316432303633633337666537373039323037
62316333356438346364663734613863316334636365316565336561626563373266386636366164
62346536313965643661356433383538646532633234313137353035633732356366643934663661
63373735323138356565613131373938613338653061383734643633636363353438373533313765
65393665616139343137643565626437373033363737633061386362376332353739313861623339
66333538666563636264303239353535306166656530346363396338373963653536333066383035
39633938353932303164306236626564306235326237646238393461306464386536616463376132
38666237376533353965656131373639353533333532396430616165383037303266653033633432
36666535616633333736653033386263616434343361383066663163363936386435626130303836
66623833323735643435653261323437386338663137653633663261336434636234623232356664
39376338303433303534636632376136656366633165616638623934666362666638653730343564
38303566653464383231633464306139306635386136336634643732623237643961643636333761
66326136633434346262343364633732303831323337663566613833646537346237643761616236
36373966356330333233336330663063663966633337373835656334326330326630353261666437
65316362643165353166656330313839623562633562373161356561663163636437633133323131
30373462336532353063663164303837653332383565663436383436396265373966653036316661
62663534383061656363643439633032383735376237653832616563383865613733356633323633
65326631353265383433346130636364656533333736653834333661623733333966666638326437
37353833663432613133336566663337313833323334393065303633396464613333393663643732
39666235353664323036306531306462653161613937313633623333306663333834303763623362
34613362396331383636626237376433303966626463633364353265356637653533623538653630
35393766306639633431373530363633306635663666373137653932663963363939616134643366
37363436336535663861336463653639653536303634363661666335666633306530633934363466
31386437363765633938633966343535386335323735623739656131623232393238316161353634
38633338643937623663346561383239313933613330626166636334333838333531666233356233
65343439373233353463663462333036376362643066613762303963383065633337326139353638
39373461386664313935393463313231353833663133663930323435353332373562396638343138
33636465626238663534313765363333326561386164346139396432336431376234383238333530
66356535353966633132626161343661643465633730633164666465366332623061386261383164
39313433663237633166343033353063613733383130636237393063623962613938373164653630
66343031613439316434666364366662373838626164653637636232643737376637633863616330
30326233323137323865643262363837353162363634333336353465373264336337383066323939
35336462336462613634363831343266336364646334386239373832653863323832303766643435
34356339653964373532326138303132616530663362303664633861373931373061393566313765
66343937343532386162346431623166366262623163306633393933663266616135663961643436
37653663303337623662393761336632356534663430316264343437653763656635323437646637
38393661306362313064613434396331613366373037613464356565373461393663636138633532
64343561346463316532366361646438323731383963646337623165383663666266316139656166
37336463633834636435343761613837666635653166326163346539626139613562396439306130
33363230626633346138303538373439626161623163626135643665613932666535343532303036
35373431343635393665616366643332643035623133613666396234353338623636663762636336
35346431303536613962323861336539396333346234393763396438383539383036333636353637
39646333383633326238393164333835393237623734383537376230353264346237353866333264
38643231343536356339373531633165393334353365336261656665336230373266633938343134
37646266383438633835323233306363643765653833666363376338356265663831636431646637
39633532353130396635383965643531363564373766323064616165376134613834303666306231
38643366333166633238626335313463623935373233353236393663353561383763636131383862
34623536343664623962326237326532643830636533636361666432333261363530373464356233
64373865653035613363373832653163326165363061623531373337663765653937303036656663
66636463346139663962393431633162303664313031306331323865313739323661303538336238
65313639663663393962396333666438633432323533613064313765353362326532613834373136
65326265646136613030353862326233646331396238343634323534626136376136356561316635
66333662666437613339396563323531396261366138323938303834393865633439313965613463
38343961646664626663346464393061396234356237663339323462623864663864383939353862
34313266373138346235626236303433613062306332343638663538356431663930303863306461
63386262333663393262623364343864376437616237313537343839656632363436613933376438
65346137313732316639353937336162313661386536383339633938613763336532353634373935
64393635366435666639346537386661383362623565623365636136316363336337663738356463
32333466363366336337653739313166396435323434376662356165643662353332306431383839
61613331313164336537313037393166356537656530616336663138316532323164346266353831
65666238306135346235376237376561333063373163633433386461383834633762646431396462
65313637623266646332336332363139376265363037383533613763373734313664343835396335
35323230326463356333653833326561306236336238373539653938653933636239626661376436
35303639643832343364393439386631616632313830363461326665303162383839653762366630
34656330393539636564346461316638396230323566376431636236306632616331323132623962
35666466326136633166323466666361326137306335353565326232373363323965373261636235
32363935323865303630383836303964326138393632333234643261386361393961336161636664
36393163343634633033396561313535663534623936323564373430396238356635356231386365
64313331633231336361613333313532626439393562356430386238396430393861396136633339
34303962343336356331663530613031636361333836646132316131343839623235356561633266
31343733353631653266353631376161613632373063323765663932646633653964366563363531
31313363393136643036366531333138353135666235303335393531353833313231386364393934
63653566616235303835393136646562626562353830653663386564366633343061613034383634
33363238303661313034636562356235393861356563333039313136396232343964613437356232
36346239303732333462613838653232326234353737633236396165616433656531393332663433
62366161373231646235656562323765653662343161383031613461643138303462386236666339
33623037366431353462346534636565393234626434613134343135343466623662386537386535
62306533386532353962626532613839346236303963646265333235336363653037373961663236
34366162353466373265643765356236313732353830303934376538343833343065363562356362
61623364386366396366353037393434626530326231623165376337306261373164343030383533
39353633656332363130326361636233363739333662663362366534396331353330343633313130
61326266343235396461353637333630333133326339303431376234356433623631316132633632
34653365623632613630306134643666373961623137393135393163383666326232633933393630
34666430316266326638613537373337386138383261643564313564666663666664363363323463
38366633346563343964653561316533323965366662663965623661613735366333313133663730
63626432306132356138623762366432613064326138646238643766313737653531653530663337
62393136356331636131303163313236386436663261613935353532666534386265313964656235
62633135643630313032666134393638663136373162646365343163353432333232613733346539
36666664613461343831373733393231303962356461383632303539633862633630636331613236
65376464363235326338366262323535646636316438356161316333663134613865326465626639
34633834376130663235316563333936633036623031326232636436363563633432323930383636
36383538333162623836306339613236623632353063366332636366376231353132663163623737
66373563663166666235313364383761383730346233363466623133386530313265383962333130
61313064316264613466626131616162376563346363323639303630343361613230333434613836
39303065626232393663626562376239356531613931323530323666353734396132613461643133
66356564626666303836326262666466623431373933303435616461653837383765393363623635
63386335313835366139633761613539366539356536663763396530356230353138633833316337
62343434323330393439656236626336323439333063376131643964376631376564306339323066
39666433663438306266393430303538316435336238383934323439323261373936326666623539
39633035313633313563663366666231383865333032333162386365633163366635393766366162
35663334303061303862346337376435616337663130633864383439653764366262323539666433
61306432626635323730373964353338323030656437656364663035336531353537653839623133
66363934333866356635383930383036326638326534333164383034613730383861303439383632
30343434623834366162366564356131356139363432353864646535623537656137383166303262
33313433303561333932333832383465366633336262386163363137353731393135636632323931
37373233663336333332326238323338373639346333663366383966653337623132653537356632
66366462336133613735666631366661643432333037383536303736333432663338623165653834
36383930303664313432363433333130396236343332303561373261353561303331356333393330
38613037383038376335313836363337313633346539626532383132323766613838303237333766
62623235343232663566616233653764323132613634316263373330356635396232656264346333
31333339336630373934353130353464373962656264613938366132646665646531646633646536
37373639393030303161373032373638656566316666393239326338353164626434393235366264
63343864646336376538323235313333363531303563316634373338393137656663323132333533
35343062373534376531383531313835303738376439636630336161303539346363633064383435
38656434666239396539353338396662343035626333633862323739366136393063646431363531
33643566343736616665666361633961336163306632383632616264636165366165396132303237
32643436613034623062616463623038313061356364303235656439323430366430623339386339
66383130323530333963666431306130633565353833336464626331313030616239336138343035
31343833613631666461313631336565376264333336353561386233626234623730323561373134
61616236333962386231343532323464646235633530333062343663373830656130636665623865
36643633323539376165616238646139336365316532643565656266353539366433366330323330
62663735396233386463653437616639313331623736613562343236613564306139336233656263
65646534643762336435323232373062306434393463623662323963333232373631373530353237
35373131356538646462303961663862656533643162383436303361306639643134383436343739
66393238663837353164333662653933353530376433633930663336373634383036393637663934
39336337313264366135386464363061356664303638333866303562316664336636333566623366
32306639303963336233386365373562366466303930303931643266373235343366336163303930
30386337393966633135326164646532376637636265663762326562336565383935613062323462
62353536663936633837316363653366356231323664363439393866393133336261346134333863
64643832306236666636333939326531346163346335356636643566333362643533333034643739
36373736353464653531316262636231343963376633653239633037336133373130643762626461
35346637653434656339323861316233303863393263373638353664326430303731643439613430
65313161336137656536346435356132343835326636616164366266373561323864386366366432
66613039663836626161643336316432343436333130383935306638393564303838373938313930
37393633343562646461653339626135303262626434343132303462353662323066633639346433
64336239663733613234333738633730306337313936343865323030626566323066306266336334
33393332373163353130623132633264656137386163373662613965343162646433653263393566
39356464393962636233306462323730333837656363643164376438363565303138666564656633
33343933313138386539303837306365373639373464306537663439376637303134626262656264
64336663663238376231323030306438616434626466616566303135363333366564346636323562
32343765353931663261633338356161383734303764356465616136643862393266343031353534
37393030656663613764323831353839616466633664623530663962666466383562663464353334
37376435363230366362633939613764383863653438303933633962653937643332633063353937
36613434306634623362643233313164333832663639653066313137336565333138363864306363
31643366393733316236353263316537396336656139643435373365313965383235376166353862
62363438613163626564383966343331316338343835656236303565303631313733353265396537
38316463633931633431653837633134383563366133373362326664323731326363326137326232
30373536386435353236313330373537303239313538303361396330663837383166393536383966
34313466623333623466326365643664383737363363623731316565353366373864636135656333
64633132613138313564336337383338656639666330313939376234343839386438636433373832
37653366633238663266383565346564396135356163326566313665343339346333323765336631
35643762313662636662376331336139373866373437623631363636326135346536363765613936
32306166306135313638643633353131643939366465346233636639663961303563643162366133
32316634383963653038613037366266346634323361313337666262343432386239326337326334
65653461626264353564323161656631373865666433353139363639393338376661353064353966
33663064613665326564333737303733633433333735303461613933353435303461333033623433
62356236323735653338333861656435616661386339303439653531643065643030393536663963
64613730343036353636616462633365326661333038383264616336633839346466393665393465
30316465323466633234376466383538613539313239353937353531316462636463316238356634
38346439363033336363396165376162633536363361386564633362623864316339623233313235
36646161323832346332386261623837663135646237343864333564653533623835333834343333
33333739633130386131316537386636363234333466623730303061336136633330646361366632
37386336623862373561386663353063616635326131663535313337623232376164316631346436
65656536313761653739623130313766366662613630396337373034323562343633333234373031
63383861656461336333303436353739646461623333616236333962356564623566363031353334
38636165646632346633353766393230343736313966333564313730353262636135633164393334
32373063393964656365333164623165326532643633313563643337653062363566393636653934
63383533326337393762343462313732323561316532303137336133616634373339633864306334
64333032356531313763313838353730633939393536383165376130663163643339393439616163
35363162313063663765616332613834306134393731633662306130656464336132303130303165
32303261333162303438366436653963326162626334613030653038343834336232333733643461
62326632373832623863333536613339373539396533393639326463633837306439383439643437
61326261373064313733636566316631343132656663376234323339383464363537643266383238
63353366383664653837326637376537616266346161653038306331353938373230386131333032
36653461633134373034656534623262383335626539623939313936396136376565643332353230
62643633323835376563653337306631376664336464646234666336626532356562613864626464
64323135373835613239613830616134303561363630623435346562633466323462643839303536
62303634386563313565663837393761666532303834623063343431343364363338663838313961
39643431366661333465313066643939356336643264613133653738666438653630353239386465
32363739663566616431623665363763613531346134343933333963623033313762346438343937
31306262353364353434663231656538376262393235346432383936663065316165376364326134
61396563636462396438623262343537636131636339636566393138666565356438333562613461
64313139326365393439366138623366646435333132326638656438396161386139393036656439
32646535663564663462343862366666386633623730336333346335666436623866613564636665
64316230343332306266303831373139353934353633323032646135376632303631616533663534
31656539353538653539306331373233333337653864323433393038636232373439326462336337
65356565633835333939373736383134373963396132306638323664363639663262393232383335
30386231353535643139363536653065326663353665353932376533363634373164333061326634
33343330626136363465313132363563326666323335383239376133633161623033386231616332
66636566353337356433333266336565646133346637386366353239623937626431633039663734
31656466383362666333393165306561323164313164363030393639363435656262643461613033
30303466623230643330313164663535663836363536353238663136373133356663323062336438
33393935353161633536356134363064646235323339663730383464636134636433353062353537
30613135626264366566623339613037383636353334363530653732626165323738643461613337
35383138323336616563333965643630353836383032363034623963373733626232353365643536
32303761613033353563333531396630646261343966393662336661313336626662306538636633
30346430653736346636646264633936353562313537323863363462316561333865353563363630
37326336363234313933363333396336626436343936623535316665366437656637386539303862
34336330316430626563623331656464313663633432396263346564376532306364353566363664
61653131643837633639356533376163643465326166636436646165336635323838386265316264
38393433346262626365303261303533653931366531303565623165376661323834333535376364
30633034346635663262653835326131396165306632663161366138376631366364356162626338
65666465336365313535376637313365653632346432393937326334633861313562323564663638
36623462653539356339623666643234363361656639313133313635306362373738636264646531
32313063393731373666373266326661623562633935656233383339383161316564393130643932
39336163306462336638646138626236396237363939323461633330633762616561343432613937
66636663623063333333376666646334306662303561656231333365626164366336653237396236
63323531333139646336393033633731653437313230376465616663623734623339623238313863
35366639613930303166393739393163313635663063326432323434333363613930653937653136
65663766616465383736333164346533643236326561323335653331623931326130616236306462
63336434326464613335356333666237303261326432396361376534326566346435376461613933
39313537323939373264333064356166386339356131396466376437323638313366336336653766
63613365303032373939326463383463303136396239333236303437326331636637356133353135
63666430386631626139626664376264333833386437316563383830666135663431383162383366
33343463633462333263613965383034666336396564376635313666343434346366376434313830
38613638656439343465363261653737333362316433353964653530366562613137303231633464
33656364363032396566353830656634613434636561633063643261396334613935343133653830
37386634653166636561646163623964313465616163343661646464313036356435636338313237
39323266623861366562323238316666613237353236363235333436303333653561316635373233
61323233346330643431333866623861656632376164616533653765393866623432363130653331
36323937393138616162326438323463363438633437303665313630643432353633316337613537
33623130303738623763383936653333386631333135616637393731346665626634633238326537
36336539306166333062313465653630393134363936616237643866313264306531363163616136
30616166643439643034616562646464316662666539653439626461636537333639383636643630
38353266303831396630653261643536376633633430616365303866366132343062306539346530
65353836313464333833623364326661356164313963383462623138306534613934373366646535
38646630363564343865613035383130666663373333643530643237323030643432633139646239
61623136663139343866636663313731633530363033666536666137303861643339306331313233
30633665306333653734383731396663396433353862326162643463326365363565303634396661
36663832626636333936336131383236323538306131613237393835663235313636373330633164
32383331636561386164373964373664643436663830623361393965656265646137666263666632
33653736363232373838653235343665663465333562653861646436633061393430333133613735
33343238373633383966366365383333373263343139646533356439333763663462343263383631
35663666656562383230333065376439643132313734316166313430386661313234396164356338
39653265306637376239343537626237323332313234373862393862653265386266323161316135
64353139613530323264326639333464333366323437633932363334633635343436353462343130
32623337663533666334323965656435636561333865303461326163653061316137306339626136
64363166623962346366353732633865373037636563373338333061303263636363393632633337
61633833646466626663613063663131323139663263356663356538623536313230623361363332
35343630353637376636663762323564323033393834336261333838326332333966383266333363
66626436323566623866333462333832323536363465373265333830353265306263343731343662
37663036356330353537333434313165313662303038326335653761343432383639663365613334
63376239373638343432616665336437373266376463623330393238396138393734633934626661
34333164643330313531346636636432656230633264396130636338613564306337353337653030
39623466373732336435343738383539663833356233666165616638356436373231656661613138
31353062393463383035323962633330393733346237666366363939333437396163353433336638
65393433613337373935353338613630666539303231633139376235376162373932646338333436
65663363613831363538336233616666393836316237653432343137376262636632646234363230
39373133333931393963363339376166623563633733363137363361653463333066666465613432
39316662613734636462393936613338346361323438396634313234393335323462666632653938
65626464393733666431366161653238373266646266376463633366336332303133633738343165
32616239653230646565316463373139373933323365366430663463653631343837376232613666
63336134316536353962396430326166306339656137333765306233336234393233646136633833
31623861303530313739666636373138353339393434396335646535613932343666643261383639
39386135356463663335616466633137623035376639623635613765303732326232303937366262
34326464336666613566333562316164333339303636613265323538373263363866333932656532
33306163343437343861363861666533393462373561303562386135306133363664313638336163
61666239636535326634393437656536333034313139383961353062326138373463323361613533
61376264616361393262306237336363386237383665383839373637346535663639323065636135
33363436383031373232323936653163383535633436623936653766666231343838656533643532
64623961613837363362393563353438656631666336653861666233636437363632376365363630
66636536343365653761353235353435383132366464306432323434386135356631653538306134
65616630323833373732323535633932633563386233353062333739393562353338663663343734
62616333366630303833313131313633346539316163633665633438323237396533636232396661
63333432636166646433366138356263343535613334623538396335303739356135313566353265
34313936393436356334396139643863383561616130376466643533336363323163386437636138
34663961313534646439
66346339616339316665383163613863376439383934626434313163376634306435656437353165
6263666165323933346232356234656137646466336466360a656639643838323563643235363933
30333435366138343930636130373239663735303164636639633039326131343533343561393561
3864653732636464320a396563643963393862353962323462616231393332633131633832336338
36633138646430623563316538643534666230363638333732633432316533343263303766616561
6431623436633030393133616166323434613464636631646338

5
group_vars/all/vault.example
Unescape Escape View File

@ -1,5 +0,0 @@
vault_email: user@example.com
# keycloak
vault_admin_keycloak: admin
vault_mdp_admin_keycloak: my_password

6
group_vars/all/vpn.yml
Unescape Escape View File

@ -1,6 +0,0 @@
---
vpn_port: 51820
vpn_keepalive_period: 25
vpn_guest_keys:
knuth: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="

36
group_vars/all/vpn_vault
Unescape Escape View File

@ -1,36 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;vpn_vault
63336164323763623961373136616238363832356135343764343966356631333766396265653566
6139626665393664343961363966363339346636376431340a343730653565383265616365386366
32333533666333373663373037653731666361343737356261636532303562663063343633346537
3337643137653839320a346236613362393636363935373162643237343831333535393461633963
37343039383931613031663733666538383735383064356532373232633661386237366433396236
63666134376463313637643061623934653666353364353235323431633930373663636137313462
30666263386237303563393936373566386563386631656162303634306466656663666330313937
32313431343536666437626130646231333237343734303538363639383933633661323565353661
32343065383433623730346664643361306539623937656331333764346336396231656465373561
33343034303263303833373936383936366131663962613961666161303134316134316635626639
36666334393961306662626162393433643961646339323934653335613933383131633635623763
34656538336434303339613032623432613239303239373937643361306535383137643239646134
33336461613034303362353837313362643934666239363036333432373631336162646330333532
36303332306333623765653838373361353435646366323462383237343134643736376230353434
35333738313030636339363538656130643163353238666638383830316665646438366164636138
30643031336164323862633135313630666561656335626464336162386564306261396532396238
36666139386236663736613936633964363166343765626366323566613733353233313862646165
33373264633763386166373739313136343362383864343866323231373536633130633032616334
30383930333130646636666134363661316236323937373861343333333833616633346161323965
31343966396635626465613630333732353335373264646464373764363433393439656635636430
31303930333731656339633032366166386265653632633638323932626161623966613761636236
61303134663931636139336436313637333739626336643838663861626539323336393239643131
37383665326332393663323166643338353135363831306561623639643663326364343639316665
38343337323633353066653666366238633932393836396338336261663331656565653532613438
36323462326431333235376566343134663734373534663834316133333236636166386439633766
31323931363066343334363764356630383764346332353162316461333762613366663130393831
36633430383131326335333130303832666430366134393462616163326239383538616531373166
37383130616339343832313335636364623434636434393430383566376433363565626336303064
63376234613835666338373662373735386561643431633037336231643033393563316363613131
61656232363035333635636464656465613763613032376666623238613362343032613465313331
62353035313862323631653766393463383565336535616630383839376135393037363038343639
39646531666130626638666535623533373766386531343236313962636539373233363462363032
61373938373139376236633062353063643037333062363464383638333635643331616465643533
34646238663731616635313131313438376536633862346165666631326632623534306666396264
636139633664356536626239303631643864

4
group_vars/all/vpn_vault.example
Unescape Escape View File

@ -1,4 +0,0 @@
---
vpn_vault_hindley_key: "AAAAAcxofuT6w7K0ev6L9zxHk/nLvnGgXVgYzXRJNXw="
vpn_vault_azerty_key: "BBBBBcxofuT6w7K0ev6L9zxHk/nLvnGgXVgYzXRJNXw="
vpn_vault_hellman_key: "CCCCCcxofuT6w7K0ev6L9zxHk/nLvnGgXVgYzXRJNXw="

5
group_vars/all/web_services.yml
Unescape Escape View File

@ -1,8 +1,5 @@
---
reverse_proxy_sites:
- {from: wiki.pains-perdus.fr, to: "https://azerty.fil.sand.auro.re:2443"}
- {from: hindley.pains-perdus.fr, to: "http://127.0.0.1:5000"}
sharing_sites:
- {from: share.deso-palaiseau.fr, folder: "/home/histausse/www", user: histausse, group: histausse}
- {from: wiki.deso-palaiseau.fr, folder: "/home/histausse/wiki/public", user: histausse, group: histausse}

2
host_vars/hindley/ansible.yml
Unescape Escape View File

@ -1,2 +0,0 @@
---
ansible_host: "hindley.adh.auro.re"

3
host_vars/hindley/apt_proxy.yml
Unescape Escape View File

@ -1,3 +0,0 @@
---
proxy_apt_interfaces:
- "{{ interfaces['wg0'].ipv4 }}"

14
host_vars/hindley/networking.yml
Unescape Escape View File

@ -1,14 +0,0 @@
---
interfaces:
enp2s0:
ipv4: 45.66.110.3
type: dhcp
wg0:
ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
type: wireguard
ipv4_forwarding: true
ipv6_forwarding: false
lan_address: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"

27
host_vars/hindley/vpn.yml
Unescape Escape View File

@ -1,27 +0,0 @@
---
vpn_interfaces:
wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_hindley_key }}"
public_key: "Ce48/ZdvpI2S82bIivhiWHQsyidzTAtxCnEYojY3xEA="
keepalive: false
peers:
- endpoint: ""
public_key: "jvjOCj5xVTLwyQ8o7QsYvF2ep1HbD/GKnmjpqJuztB8="
allowed_ips:
- "{{ intranet.subnets.physical.subnets.router_hellman.ipv4 }}/{{ intranet.subnets.physical.subnets.router_hellman.netmaskv4 }}"
- "{{ intranet.subnets.guest_hellman.ipv4 }}/{{ intranet.subnets.guest_hellman.netmaskv4 }}"
comment: "Router hosted on Hellman"
- endpoint: ""
public_key: "{{ vpn_guest_keys.knuth }}"
allowed_ips:
- "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}/{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
comment: "Client laptop: knuth"
- endpoint: ""
public_key: "{{ hostvars['matrix_server'].vpn_interfaces.wg0.public_key }}"
allowed_ips:
- "{{ hostvars['matrix_server'].vpn_interfaces.wg0.ip }}/32"
comment: "matrix VM, hosted on g33kex's server"

4
host_vars/matrix_server/ansible.yml
Unescape Escape View File

@ -1,4 +0,0 @@
---
#ansible_host: "172.20.1.5"
ansible_host: "nyx.ovh"
ansible_port: "4502"

13
host_vars/matrix_server/networking.yml
Unescape Escape View File

@ -1,13 +0,0 @@
---
interfaces:
ens18:
type: dhcp
wg0:
ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
type: wireguard
ipv4_forwarding: false
ipv6_forwarding: false
lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"

13
host_vars/matrix_server/vpn.yml
Unescape Escape View File

@ -1,13 +0,0 @@
---
vpn_interfaces:
wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_matrix_key }}"
public_key: "oQH8CBofxNSOGevaz1HZlz3ZW+H3ndb/TmqM0pCiRR8="
keepalive: true
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

31
hosts
Unescape Escape View File

@ -1,28 +1,21 @@
# Servers and VMs inventory
all:
children:
ubuntu:
hosts:
hindley:
debian_bullseye:
hindley.adh.auro.re:
debian:
hosts:
matrix_server:
proxy:
hosts:
hindley:
vpn:
hosts:
hindley:
matrix_server:
apt_proxies:
azerty.fil.sand.auro.re:
dns-histausse.fil.sand.auro.re:
re2o.deso-palaiseau.fr:
proxmox:
hosts:
hindley:
prometheus_servers:
hosts:
hindley:
matrix:
hellman.fil.sand.auro.re:
proxy:
hosts:
matrix_server:
no_user:
hindley.adh.auro.re:
dns:
hosts:
matrix_server:
dns-histausse.fil.sand.auro.re:

5
roles/apt_cacher_ng/handlers/main.yml
Unescape Escape View File

@ -1,5 +0,0 @@
---
- name: Restart apt-cacher-ng
systemd:
name: apt-cacher-ng
state: restarted

88
roles/apt_cacher_ng/tasks/main.yml
Unescape Escape View File

@ -1,88 +0,0 @@
---
- name: Use a newer version of apt cacher nc for ubuntu 20.04
block:
- name: Set the default release
lineinfile:
path: /etc/apt/apt.conf.d/01-vendor-ubuntu
regexp: '^APT::Default-Release '
line: "APT::Default-Release \"{{ ansible_facts['lsb']['codename'] }}\";"
- name: Pin node exporter
copy:
dest: /etc/apt/preferences.d/pin-apt-cacher-nc
content: |
Package: apt-cacher-nc
Pin: release n={{ ansible_facts['lsb']['codename'] }}
Pin-Priority: -10
Package: apt-cacher-nc
Pin: release n=groovy
Pin-Priority: 900
- name: Add the repo from groovy
apt_repository:
repo: deb http://fr.archive.ubuntu.com/ubuntu groovy universe
state: present
when: ansible_facts['lsb']['id'] == 'Ubuntu' and ansible_facts['lsb']['codename'] == 'focal'
- name: Install apt-cacher-ng
apt:
name:
- apt-cacher-ng
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create config files
template:
src: "acng.conf.j2"
dest: "/etc/apt-cacher-ng/acng.conf"
owner: root
group: root
mode: '644'
notify: Restart apt-cacher-ng
- name: Set admin auth
template:
src: "security.conf.j2"
dest: "/etc/apt-cacher-ng/security.conf"
owner: root
group: apt-cacher-ng
mode: '640'
notify: Restart apt-cacher-ng
no_log: true
# This is uggly, and overkill
- name: Set cron job to clear the cache
template:
src: "clear-apt-cache_cron.j2"
dest: "/etc/cron.daily/clear-apt-cache"
owner: root
group: root
mode: '755'
- name: Edit the clients allowed to use the proxy
lineinfile:
path: /etc/hosts.allow
regexp: '^apt-cacher-ng'
line: "apt-cacher-ng: 127.0.0.1 {{ apt_proxy_allowed_clients | join(' ') }}"
owner: root
group: root
mode: '644'
notify: Restart apt-cacher-ng
- name: Block everyone else
lineinfile:
path: /etc/hosts.deny
regexp: '^apt-cacher-ng'
line: "apt-cacher-ng: ALL"
owner: root
group: root
mode: '644'
notify: Restart apt-cacher-ng
- name: Enable apt-cacher-ng
systemd:
name: "apt-cacher-ng"
state: started
enabled: yes

112
roles/apt_cacher_ng/templates/acng.conf.j2
Unescape Escape View File

@ -1,112 +0,0 @@
{{ ansible_managed | comment }}
# Storage directory for downloaded data and related maintenance activity.
CacheDir: /var/cache/apt-cacher-ng
# Log file directory, can be set empty to disable logging
LogDir: /var/log/apt-cacher-ng
# A place to look for additional configuration and resource files if they are not
# found in the configuration directory
SupportDir: /usr/lib/apt-cacher-ng
# TCP server port for incoming http (or HTTP proxy) connections.
# Can be set to 9999 to emulate apt-proxy. Value of 0 turns off TCP server
# (SocketPath must be set in this case).
Port:{{ apt_proxy_port }}
# Addresses or hostnames to listen on. Multiple addresses must be separated by
# spaces. Each entry must be an exact local address which is associated with a
# local interface. DNS resolution is performed using getaddrinfo(3) for all
# available protocols (IPv4, IPv6, ...). Using a protocol specific format will
# create binding(s) only on protocol specific socket(s), e.g. 0.0.0.0 will
# listen only to IPv4. The endpoint can also be specified as host:port (or
# [ipv6-address]:port) which allows binding on non-standard ports (Port
# directive is ignored in this case).
BindAddress: localhost {{ proxy_apt_interfaces | join(' ') }}
# The specification of another HTTP proxy which shall be used for downloads.
# It can include user name and password but see the manual for limitations.
#
# Default: uses direct connection
#
# Proxy: http://www-proxy.example.net:3128
# Proxy: https://username:proxypassword@proxy.example.net:3129
# Repository remapping. See manual for details.
# In this example, some backends files might be generated during package
# installation using information collected on the system.
# Examples:
Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
Remap-klxrep: file:kali_mirrors /kali ; file:backends_kali # Kali Linux Archives
Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here
Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
Remap-fedora: file:fedora_mirrors # Fedora Linux
Remap-epel: file:epel_mirrors # Fedora EPEL
Remap-slrep: file:sl_mirrors # Scientific Linux
Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives
Remap-secdeb: security.debian.org security.debian.org/debian-security deb.debian.org/debian-security /debian-security ; deb.debian.org/debian-security security.debian.org
# Virtual page accessible in a web browser to see statistics and status
# information, i.e. under http://localhost:3142/acng-report.html
# NOTE: This option must be configured to run maintenance jobs (even when used
# via acngtool in cron scripts). The AdminAuth option can be used to restrict
# access to sensitive areas on that page.
ReportPage: acng-report.html
# Days before considering an unreferenced file expired (to be deleted).
# WARNING: if the value is set too low and particular index files are not
# available for some days (mirror downtime) then there is a risk of removal of
# still useful package files.
ExThreshold: 4
# Usually, general purpose proxies like Squid expose the IP address of the
# client user to the remote server using the X-Forwarded-For HTTP header. This
# behaviour can be optionally turned on with the Expose-Origin option.
ExposeOrigin: 0
# When logging the originating IP address, trust the information supplied by
# the client in the X-Forwarded-For header.
LogSubmittedOrigin: 0
# Fast fallback timeout, in seconds. This is the time to wait before
# alternative target addresses for a client connection are tried, which can be
# usefull for quick fallback to IPv4 in case of whacky IPv6 configuration.
#
# FastTimeout = 4
# It's possible to use use apt-cacher-ng as a regular web server with a limited
# feature set, i.e. directory browsing, downloads of any files, Content-Type
# based on /etc/mime.types, but without sorting, CGI execution, index page
# redirection and other funny things.
# To get this behavior, mappings between virtual directories and real
# directories on the server must be defined with the LocalDirs directive.
# Virtual and real directories are separated by spaces, multiple pairs are
# separated by semi-colons. Real directories must be absolute paths.
# NOTE: Since the names of that key directories share the same namespace as
# repository names (see Remap-...) it is administrator's job to avoid conflicts
# between them or explicitly create them.
#
# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm
LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
# Specifies the IP protocol families to use for remote connections. Order does
# matter, first specified are considered first. Possible combinations:
# v6 v4
# v4 v6
# v6
# v4
# Default: use native order of the system's TCP/IP stack, influenced by the
# BindAddress value.
#
# ConnectProto: v6 v4
# Allow data pass-through mode for certain hosts when requested by the client
# using a CONNECT request. This is particularly useful to allow access to SSL
# sites (https proxying). The string is a regular expression which should cover
# the server name with port and must be correctly formated and terminated.
# Examples:
# PassThroughPattern: private-ppa\.launchpad\.net:443$
PassThroughPattern: .* # this would allow CONNECT to everything

5
roles/apt_cacher_ng/templates/clear-apt-cache_cron.j2
Unescape Escape View File

@ -1,5 +0,0 @@
{{ ansible_managed | comment }}
systemctl stop apt-cacher-ng
rm -rf /var/chache/apt-cacher-ng/
systemctl start apt-cacher-ng

12
roles/apt_cacher_ng/templates/security.conf.j2
Unescape Escape View File

@ -1,12 +0,0 @@
{{ ansible_managed | comment }}
# This file contains confidential data and should be protected with file
# permissions from being read by untrusted users.
#
# NOTE: permissions are fixated with dpkg-statoverride on Debian systems.
# Read its manual page for details.
# Basic authentication with username and password, required to
# visit pages with administrative functionality. Format: username:password
AdminAuth: {{ apt_proxy_admin_user }}:{{ apt_proxy_admin_mdp }}

10
roles/base_config/tasks/main.yml
Unescape Escape View File

@ -1,24 +1,18 @@
---
- name: Install and update basic tools
apt:
update_cache: true
name:
- sudo
- vim
- htop
- ntp # network time sync
- ntp
- bash-completion
- less
- screen
- git
- curl
- python3-pip # Because I like python
- tree
- unzip
- tcpdump
- net-tools
- acl
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded

22
roles/base_totp/tasks/main.yml
Unescape Escape View File

@ -1,22 +0,0 @@
---
- name: Install the PAM lib
apt:
name:
- libpam-oath
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Add the totp secret for users
lineinfile:
path: /etc/users.oath
regexp: "{{ item.name }}"
line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ item.name }} - {{item.totp}}"
create: true
group: root
owner: root
mode: '600'
loop: "{{ uservault_users }}"
no_log: true

8
roles/client_apt_proxy/tasks/main.yml
Unescape Escape View File

@ -1,8 +0,0 @@
---
- name: Tell apt to use the proxy
template:
src: "00aptproxy.j2"
dest: "/etc/apt/apt.conf.d/00aptproxy"
owner: root
group: root
mode: '644'

3
roles/client_apt_proxy/templates/00aptproxy.j2
Unescape Escape View File

@ -1,3 +0,0 @@
{{ ansible_managed | comment }}
Acquire::http::Proxy "http://{{ apt_proxy_address }}:{{ apt_proxy_port }}/";

17
roles/create_users/tasks/main.yml
Unescape Escape View File

@ -1,17 +0,0 @@
---
- name: Generate user
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
shell: "{{ item.shell }}"
password: "{{ item.password_hash }}"
loop: "{{ uservault_users }}"
no_log: true
- name: Add ssh key
authorized_key:
key: "{{ item.ssh_key }}"
user: "{{ item.name }}"
loop: "{{ uservault_users }}"
no_log: true

167
roles/generate-cert/LICENSE
Unescape Escape View File

@ -1,167 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser
General Public License, and the "GNU GPL" refers to version 3 of the GNU
General Public License.
"The Library" refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A "Combined Work" is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".
The "Minimal Corresponding Source" for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort to
ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that the
Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license
document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this
License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (a) uses at run time
a copy of the Library already present on the user's computer
system, and (b) will operate properly with a modified version
of the Library that is interface-compatible with the Linked
Version.
e) Provide Installation Information, but only if you would otherwise
be required to provide such information under section 6 of the
GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the
Application with a modified version of the Linked Version. (If
you use option 4d0, the Installation Information must accompany
the Minimal Corresponding Source and Corresponding Application
Code. If you use option 4d1, you must provide the Installation
Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the
Library side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based
on the Library, uncombined with any other library facilities,
conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of it
is a work based on the Library, and explaining where to find the
accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Library as you received it specifies that a certain numbered version
of the GNU Lesser General Public License "or any later version"
applies to it, you have the option of following the terms and
conditions either of that published version or of any later version
published by the Free Software Foundation. If the Library as you
received it does not specify a version number of the GNU Lesser
General Public License, you may choose any version of the GNU Lesser
General Public License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the
Library.

9
roles/generate-cert/README.md
Unescape Escape View File

@ -1,9 +0,0 @@
# generate-cert
This role is part of the project [Ansible Hacky PKI](https://gitea.auro.re/histausse/ansible_hacky_pki) licenced under the LGPL 3.
You can use it to generate certificate and manage de small pki, but keep it mind that this program is distributed **WITHOUT ANY WARRANTY**.
In particular, the **security** of the pki generated and the process of generated the pki **is not guaranteed**. If you find any vulnerability,
please contact me to see if we can find a patch.
Copyright 2021 Jean-Marie Mineau <histausse@protonmail.com>

8
roles/generate-cert/defaults/main.yml
Unescape Escape View File

@ -1,8 +0,0 @@
---
key_usage:
- digitalSignature
- keyEncipherment
validity_duration: "+365d"
time_before_expiration_for_renewal: "+30d" # need a better name
force_renewal: no
store_directory: /etc/hackypky

165
roles/generate-cert/tasks/main.yml
Unescape Escape View File

@ -1,165 +0,0 @@
---
- name: Ensure the directories used to store certs exist
file:
path: "{{ item }}"
state: directory
group: root
owner: root
mode: u=rwx,g=rx,o=rx
loop:
- "{{ store_directory }}"
- "{{ store_directory }}/crts"
- "{{ store_directory }}/keys"
- name: Ensure the directory containing the cert exist
file:
path: "{{ directory }}"
state: directory
- name: Test if the key already exist
stat:
path: "{{ store_directory}}/keys/{{ cname }}.key"
register: key_file
- name: Test if the cert already exist
stat:
path: "{{ store_directory}}/crts/{{ cname }}.crt"
register: cert_file
- name: Test if we need to renew the certificate
openssl_certificate_info:
path: "{{ store_directory }}/crts/{{ cname }}.crt"
valid_at:
renewal: "{{ time_before_expiration_for_renewal }}"
register: validity
when: cert_file.stat.exists
- name: Generate the certificate
block:
- name: Generate private key
become: false
openssl_privatekey:
path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
mode: u=rw,g=,o=
size: "{{ key_size | default(omit) }}"
delegate_to: localhost
- name: Generate a Certificate Signing Request
become: false
openssl_csr:
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
privatekey_path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
common_name: "{{ cname }}"
country_name: "{{ country_name | default(omit) }}"
locality_name: "{{ locality_name | default(omit) }}"
state_or_province_name: "{{ state_or_province_name | default(omit) }}"
organization_name: "{{ organization_name | default(omit) }}"
organizational_unit_name: "{{ organizational_unit_name | default(omit) }}"
email_address: "{{ email_address | default(omit) }}"
basic_constraints:
- CA:FALSE # syntax?
basic_constraints_critical: yes
key_usage: "{{ key_usage }}"
key_usage_critical: yes
subject_alt_name: "{{ subject_alt_name | default(omit) }}"
crl_distribution_points: "{{ crl_distribution_points | default(omit) }}"
delegate_to: localhost
- name: Put the CA in a file
become: false
copy:
content: "{{ ca_cert }}"
dest: "/tmp/ansible_hacky_pki_ca.crt"
delegate_to: localhost
- name: Put the CA key in a file
become: false
copy:
content: "{{ ca_key }}"
dest: "/tmp/ansible_hacky_pki_ca.key"
mode: u=rw,g=,o=
delegate_to: localhost
no_log: yes
- name: Sign the certificate
become: false
openssl_certificate:
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
csr_path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
ownca_not_after: "{{ validity_duration }}"
ownca_path: /tmp/ansible_hacky_pki_ca.crt
ownca_privatekey_passphrase: "{{ ca_passphrase }}"
ownca_privatekey_path: /tmp/ansible_hacky_pki_ca.key
provider: ownca
delegate_to: localhost
- name: Send private key to the server
copy:
src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
dest: "{{ store_directory }}/keys/{{ cname }}.key"
owner: "{{ owner | default('root') }}"
group: "{{ group | default('root') }}"
mode: "{{ key_mode | default('u=rw,g=,o=') }}"
no_log: yes
- name: Send certificate to the server
copy:
src: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
dest: "{{ store_directory }}/crts/{{ cname }}.crt"
owner: "{{ owner | default('root') }}"
group: "{{ group | default('root') }}"
mode: "{{ key_mode | default('u=rw,g=r,o=r') }}"
# Clean up
- name: Remove the local cert key
become: false
file:
path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
state: absent
delegate_to: localhost
- name: Remove the CSR
become: false
file:
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
state: absent
delegate_to: localhost
- name: Remove the local certificate
become: false
file:
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
state: absent
delegate_to: localhost
- name: Remove the CA certificate
become: false
file:
path: /tmp/ansible_hacky_pki_ca.crt
state: absent
delegate_to: localhost
- name: Remove the CA key
become: false
file:
path: /tmp/ansible_hacky_pki_ca.key
state: absent
delegate_to: localhost
when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
- name: Create the link to cert
file:
src: "{{ store_directory }}/crts/{{ cname }}.crt"
dest: "{{ directory }}/{{ cname }}.crt"
owner: "{{ owner | default('root') }}"
group: "{{ group | default('root') }}"
state: link
- name: Create the link to key
file:
src: "{{ store_directory }}/keys/{{ cname }}.key"
dest: "{{ directory }}/{{ cname }}.key"
owner: "{{ owner | default('root') }}"
group: "{{ group | default('root') }}"
state: link

36
roles/generate_self_signed_certificate/tasks/main.yml
Unescape Escape View File

@ -1,36 +0,0 @@
---
- name: Install openssl
apt:
name: python3-openssl
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Ensure the cert directory exists
file:
path: /var/certificates
state: directory
- name: Generate an OpenSSL private key
openssl_privatekey:
path: "/var/certificates/{{ server_hostname }}_privkey.pem"
size: 4096
type: RSA
- name: Generate an OpenSSL Certificate Signing Request with Subject information
openssl_csr:
path: "/var/certificates/{{ server_hostname }}.csr"
privatekey_path: "/var/certificates/{{ server_hostname }}_privkey.pem"
country_name: "{{ country_name }}"
organization_name: "{{ organization_name }}"
email_address: "{{ vault_email }}"
common_name: "{{ server_hostname }}"
- name: Generate a Self Signed OpenSSL certificate
openssl_certificate:
path: "/var/certificates/{{ server_hostname }}_cert.pem"
privatekey_path: "/var/certificates/{{ server_hostname }}_privkey.pem"
csr_path: "/var/certificates/{{ server_hostname }}.csr"
provider: selfsigned

5
roles/grafana/handlers/main.yml
Unescape Escape View File

@ -1,5 +0,0 @@
---
- name: Restart Grafana
systemd:
name: grafana-server
state: restarted

79
roles/grafana/tasks/main.yml
Unescape Escape View File

@ -1,79 +0,0 @@
---
- name: Install apt transport https
apt:
name:
- apt-transport-https
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Add Graphana Repo Key
apt_key:
url: https://packages.grafana.com/gpg.key
state: present
- name: Add Grafana Repository
apt_repository:
repo: deb https://packages.grafana.com/oss/deb stable main
state: present
- name: Install Grafana
apt:
name:
- grafana
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Configure Grafana
template:
src: grafana.ini
dest: /etc/grafana/grafana.ini
owner: grafana
group: grafana
mode: u=rw,g=r,o=
no_log: true
notify: Restart Grafana
- name: Copy the CA cert
copy:
content: "{{ ca_cert }}"
dest: /etc/grafana/ca.crt
notify: Restart prometheus
- name: Generate certificate
include_role:
name: generate-cert
vars:
directory: /etc/grafana/
cname: "grafana-{{ lan_address }}"
owner: grafana
group: grafana
key_mode: u=rw,g=,o=
subject_alt_name: "IP:{{ lan_address }}"
# Need an equivalent to notify here
## THIS CERT CANNOT BE MONITORED BECAUSE IT IS A CLIENT CERT :'(
#- name: Ensured the certificate is monitored
# import_tasks: register-cert-to-monitoring.yml
# vars:
# target: "{{ lan_address }}:<PORT>|grafana-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
- name: Add Prometheus data source
template:
src: prometheus_datasource.yaml
dest: /etc/grafana/provisioning/datasources/prometheus_datasource.yaml
owner: grafana
group: grafana
mode: u=rw,g=r,o=
notify: Restart Grafana
- name: Enable Grafana
systemd:
name: grafana-server
enabled: true
state: started

23
roles/grafana/tasks/register-cert-to-monitoring.yml
Unescape Escape View File

@ -1,23 +0,0 @@
---
- name: Get the list of targets of the server
slurp:
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
register: server_tls_targets_file
delegate_to: "{{ appointed_prometheus_server }}"
- name: Set target variable from file
set_fact:
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
- name: Register the endpoint to the prometheus server
block:
- name: Add the target
set_fact:
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
- name: Put the new target list
copy:
content: "{{ new_server_tls_targets | to_nice_json }}"
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
delegate_to: "{{ appointed_prometheus_server }}"
when: target not in server_tls_targets.0.targets

1008
roles/grafana/templates/grafana.ini
View File

File diff suppressed because it is too large Load Diff

17
roles/grafana/templates/prometheus_datasource.yaml
Unescape Escape View File

@ -1,17 +0,0 @@
{{ ansible_managed | comment }}
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
# Access mode - proxy (server in the UI) or direct (browser in the UI).
access: proxy
url: https://{{ lan_address }}:9090
jsonData:
httpMethod: POST
tlsAuth: true
tlsAuthWithCACert: true
secureJsonData:
tlsCACert: $__file{/etc/grafana/ca.crt}
tlsClientCert: $__file{/etc/grafana/grafana-{{ lan_address }}.crt}
tlsClientKey: $__file{/etc/grafana/grafana-{{ lan_address }}.key}

38
roles/install_docker/tasks/main.yml
Unescape Escape View File

@ -1,38 +0,0 @@
---
- name: Add the docker repo key
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add docker repo
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian buster stable
# TODO replace by "... /linux/debian $(lsb_release -cs) stable"
state: present
- name: Install docker
apt:
update_cache: true
name:
- docker-ce
- docker-ce-cli
- containerd.io
state: latest
register: apt_result
retries: 3
until: apt_result is succeeded
# Official methode for docker compose, redundant with pip
#- name: Install docker-compose
# get_url:
# url: https://github.com/docker/compose/releases/download/1.28.0/docker-compose-Linux-x86_64
# # TODO: replace by "...1.28.0/docker-compose-$(uname -s)-$(uname -m)"
# dest: /usr/local/bin/docker-compose
# mode: '0755'
# Methode requiered by ansible docker_compose module
- name: Install docker and docker-compose
pip:
name:
- docker
- docker-compose>=1.28.0

5
roles/install_gitea/handlers/main.yml
Unescape Escape View File

@ -1,5 +0,0 @@
---
- name: restart gitea
docker_compose:
project_src: /var/local/gitea
restarted: yes

74
roles/install_gitea/tasks/main.yml
Unescape Escape View File

@ -1,74 +0,0 @@
---
- name: Ensure the directory exist
file:
path: /var/local/gitea
state: directory
- name: Ensure the user gitea exists
user:
name: gitea
create_home: no
password_lock: yes
- name: Retrieve info about users
getent:
database: passwd
- name: Warning
debug:
msg: This is a test server, do not use in production
- name: Copy docker-compose.yml
template:
src: docker-compose.yml.j2
dest: /var/local/gitea/docker-compose.yml
mode: 0644
owner: root
group: staff
- name: Start the container
docker_compose:
project_src: /var/local/gitea
- name: Copy key
copy:
src: /var/certificates/{{ server_hostname }}_privkey.pem
dest: /var/local/gitea/gitea/key.pem
owner: gitea
group: gitea
mode: 0600
remote_src: yes
notify: restart gitea
- name: Copy certificate
copy:
src: /var/certificates/{{ server_hostname }}_cert.pem
dest: /var/local/gitea/gitea/cert.pem
owner: gitea
group: gitea
remote_src: yes
notify: restart gitea
- name: Specify the link the private key
lineinfile:
path: /var/local/gitea/gitea/gitea/conf/app.ini
insertafter: '^\[server\]'
regexp: '^KEY_FILE'
line: KEY_FILE = /data/key.pem
notify: restart gitea
- name: Specify the link the private key
lineinfile:
path: /var/local/gitea/gitea/gitea/conf/app.ini
insertafter: '^\[server\]'
regexp: '^CERT_FILE'
line: CERT_FILE = /data/cert.pem
notify: restart gitea
- name: Use https
lineinfile:
path: /var/local/gitea/gitea/gitea/conf/app.ini
insertafter: '^\[server\]'
regexp: '^PROTOCOL'
line: PROTOCOL = https
notify: restart gitea

43
roles/install_gitea/templates/docker-compose.yml.j2
Unescape Escape View File

@ -1,43 +0,0 @@
# {{ ansible_managed }}
# version: "3.8"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:1.13.1
container_name: gitea
environment:
- USER_UID={{ getent_passwd["gitea"].1 }}
- USER_GID={{ getent_passwd["gitea"].2 }}
- DB_TYPE=postgres
- DB_HOST=db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "{{ gitea_https_port }}:3000"
- "{{ gitea_ssh_port }}:22"
depends_on:
- db
db:
image: postgres:9.6
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- gitea
volumes:
- ./postgres:/var/lib/postgresql/data

66
roles/install_keycloak/tasks/main.yml
Unescape Escape View File

@ -1,66 +0,0 @@
---
- name: Ensure the directory exist
file:
path: /var/local/keycloak
state: directory
- name: Ensure the user keycloak exists
user:
name: keycloak
create_home: no
password_lock: yes
- name: Retrieve info about users
getent:
database: passwd
- name: Warning
debug:
msg: This is a test server, do not use in production
- name: Copy env variables
template:
src: dot_env.j2
dest: /var/local/keycloak/.env
mode: 0400
owner: root
group: staff
- name: Ensure the certificate directory exist
file:
path: /var/local/keycloak/certificates
state: directory
- name: Copy key
copy:
src: /var/certificates/{{ server_hostname }}_privkey.pem
dest: /var/local/keycloak/certificates/tls.key
remote_src: yes
owner: keycloak
group: keycloak
mode: 0644 # 0600
# I wanted to limite read access to the private key to one "keycloak" user,
# but It doesn't works because the user running some script inside the container
# has a fix uid (1000) and obviously this uid is taken on the host by the first
# user created... I hope you're serveur is well protected...
- name: Copy certificate
copy:
src: /var/certificates/{{ server_hostname }}_cert.pem
dest: /var/local/keycloak/certificates/tls.crt
remote_src: yes
owner: keycloak
group: keycloak
- name: Copy docker-compose.yml
template:
src: docker-compose.yml.j2
dest: /var/local/keycloak/docker-compose.yml
mode: 0644
owner: root
group: staff
- name: Start the container
docker_compose:
project_src: /var/local/keycloak

18
roles/install_keycloak/templates/docker-compose.yml.j2
Unescape Escape View File

@ -1,18 +0,0 @@
# {{ ansible_managed }}
# version: "3.8"
services:
server:
image: jboss/keycloak
container_name: keycloak
restart: always
environment:
- USER_UID={{ getent_passwd["keycloak"].1 }}
- USER_GID={{ getent_passwd["keycloak"].2 }}
- "KEYCLOAK_USER=${USERNAME}"
- "KEYCLOAK_PASSWORD=${PASSWORD}"
volumes:
- ./certificates:/etc/x509/https
- /etc/localtime:/etc/localtime:ro
ports:
- "{{ keycloak_https_port }}:8443"

4
roles/install_keycloak/templates/dot_env.j2
Unescape Escape View File

@ -1,4 +0,0 @@
# {{ ansible_managed }}
USERNAME={{ vault_admin_keycloak }}
PASSWORD={{ vault_mdp_admin_keycloak }}

9
roles/install_nginx/tasks/main.yml
Unescape Escape View File

@ -8,12 +8,3 @@
retries: 3
until: apt_result is succeeded
- name: Add wasm to mime type
lineinfile:
path: /etc/nginx/mime.types
regexp: '\s*application/wasm\s+wasm;$'
line: ' application/wasm wasm;'
owner: root
group: root
mode: '0644'
insertbefore: '}'

1
roles/matrix-bridge-discord

@ -1 +0,0 @@
Subproject commit 2358c022895b3ce2f2a08dea41580e4cf84d218f

1
roles/matrix-bridge-facebook

@ -1 +0,0 @@
Subproject commit 89fb99ebb7c35ec3c11ecd5e4fbb194817f9cae6

1
roles/matrix-bridge-instagram

@ -1 +0,0 @@
Subproject commit 70675bec04af6bf456857c30687c5e57fa5e812a

1
roles/matrix-bridge-signal

@ -1 +0,0 @@
Subproject commit b27360700e82dd14fc42de6bdffc3d80bf3fa975

1
roles/matrix-bridge-telegram

@ -1 +0,0 @@
Subproject commit c8e442e4a931acc2220e4406282925c2d4a48954

13
roles/networking/handlers/main.yml
Unescape Escape View File

@ -1,13 +0,0 @@
---
- name: Reload network interfaces debian
become: true
command: /sbin/ifreload -a
- name: Restart dhcpcd raspbian
systemd:
name: dhcpcd
state: restarted
- name: Apply netplan ubuntu
become: true
command: netplan apply

82
roles/networking/tasks/main.yml
Unescape Escape View File

@ -1,82 +0,0 @@
---
- name: Install ifupdown2
apt:
name:
- ifupdown2
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
when: ansible_facts["lsb"]["id"] == "Debian"
- name: Install bridge-utils
apt:
name:
- bridge-utils
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
when: (ansible_facts["lsb"]["id"] == "Debian") and
(lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list)
- name: Enable ipv4 forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: true
when: ipv4_forwarding
- name: Enable ipv6 forwarding
ansible.posix.sysctl:
name: net.ipv6.conf.all.forwarding
value: '1'
sysctl_set: true
when: ipv6_forwarding
- name: Disable ipv4 forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '0'
sysctl_set: true
when: not ipv4_forwarding
- name: Disable ipv6 forwarding
ansible.posix.sysctl:
name: net.ipv6.conf.all.forwarding
value: '0'
sysctl_set: true
when: not ipv6_forwarding
- name: Create interface config files
ansible.builtin.template:
src: "debian_interfaces.j2"
dest: "/etc/network/interfaces"
owner: root
group: root
mode: '644'
notify: Reload network interfaces debian
when: ansible_facts["lsb"]["id"] == "Debian"
- name: Create dhcpcd config files
ansible.builtin.template:
src: "raspbian_dhcpcd.conf.j2"
dest: "/etc/dhcpcd.conf"
owner: root
group: netdev
mode: '664'
notify: Restart dhcpcd raspbian
when: ansible_facts["lsb"]["id"] == "Raspbian"
- name: Create netplan config files
ansible.builtin.template:
src: "ubuntu_00-installer-config.yaml.j2"
dest: "/etc/netplan/00-installer-config.yaml"
owner: root
group: root
mode: '644'
notify: Apply netplan ubuntu
when: ansible_facts["lsb"]["id"] == "Ubuntu"

47
roles/networking/templates/debian_interfaces.j2
Unescape Escape View File

@ -1,47 +0,0 @@
{{ ansible_managed | comment }}
# The loopback network interface
auto lo
iface lo inet loopback
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type not in ['wireguard', 'void', ] %}
auto {{ item.key }}
{% if item.value.type == 'dhcp' %}
iface {{ item.key }} inet dhcp
{% elif item.value.type == 'static' %}
iface {{ item.key }} inet static
{% elif item.value.type == 'manual' %}
iface {{ item.key }} inet manual
{% endif %}
{% if 'routes' in item.value %}{# route up #}
{% for route in item.value.routes %}
post-up ip route add {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
{% endfor %}
{% endif %}{# end route up #}
{% if 'ipv4' in item.value %}
address {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% endif %}
{% if 'gateway' in item.value %}
gateway {{ item.value.gateway }}
{% endif %}
{% if 'bridge' in item.value and item.value.bridge %}
{% if 'interfaces' in item.value and item.value.interfaces %}
bridge-ports {{ item.value.interfaces | join(' ') }}
{% else %}
bridge-ports none
{% endif %}
bridge-stp off
bridge-fd 0
{% endif %}
{% if 'routes' in item.value %}{# route dw #}
{% for route in item.value.routes %}
post-down ip route del {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
{% endfor %}
{% endif %}{# end route dw #}
{% elif item.value.type == 'void' %}{# end (not in [wireguard, void, ]) #}
iface {{ item.key }} inet manual
{% endif %}
{% endfor %}

56
roles/networking/templates/raspbian_dhcpcd.conf.j2
Unescape Escape View File

@ -1,56 +0,0 @@
{{ ansible_managed | comment }}
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.
# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel
# Inform the DHCP server of our hostname for DDNS.
hostname
# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid
# Persist interface configuration when dhcpcd exits.
persistent
# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit
# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu
# Most distributions have NTP support.
#option ntp_servers
# A ServerID is required by RFC2131.
require dhcp_server_identifier
# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type == 'static' %}
interface {{ item.key }}
{% if 'ipv4' in item.value %}
static ip_address={{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% endif %}
{% if 'gateway' in item.value %}
static routers={{ item.value.gateway }}
{% endif %}
{% endif %}
{% endfor %}

75
roles/networking/templates/ubuntu_00-installer-config.yaml.j2
Unescape Escape View File

@ -1,75 +0,0 @@
{{ ansible_managed | comment }}
network:
ethernets:
{% for item in lookup('dict', interfaces, wantlist=True) %}
{% if item.value.type not in ['wireguard', ] %}
{% if not ('bridge' in item.value and item.value.bridge) %}
{{ item.key }}:
{% if item.value.type == 'dhcp' %}
dhcp4: true
{% elif item.value.type == 'static' %}
dhcp4: false
addresses:
- {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% if 'gateway' in item.value %}
gateway4: {{ item.value.gateway }}
{% endif %}
nameservers:
addresses:
- 1.1.1.1
{# the nameservers are hardcoded for now #}
{% elif item.value.type in ['void', 'manual'] %}
dhcp4: false
dhcp6: false
{% endif %}{# end (type == *) #}
{% if 'routes' in item.value %}{# routes #}
routes:
{% for route in item.value.routes %}
- to: {{ route.subnet }}/{{ route.netmask }}
via: {{ route.gateway }}
metric: 100
{% endfor %}
{% endif %}{# end routes #}
{% endif %}{# end not bridge #}
{% endif %}{# end (not in [wireguard, ]) #}
{% endfor %}
{% if (lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list) %}
bridges:
{% for item in (lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list) %}
{% if item.value.type not in ['wireguard', ] %}
{{ item.key }}:
{% if 'interfaces' in item.value and item.value.interfaces %}
interfaces: [ {{ item.value.interfaces | join(', ') }} ]
{% else %}
interfaces: []
{% endif %}
{% if item.value.type == 'dhcp' %}
dhcp4: true
{% elif item.value.type == 'static' %}
dhcp4: false
addresses:
- {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% if 'gateway' in item.value %}
gateway4: {{ item.value.gateway }}
{% endif %}
nameservers:
addresses:
- 1.1.1.1
{# the nameservers are hardcoded for now #}
{% elif item.value.type in ['void', 'manual'] %}
dhcp4: false
dhcp6: false
{% endif %}{# end (type == *) #}
{% if 'routes' in item.value %}{# routes #}
routes:
{% for route in item.value.routes %}
- to: {{ route.subnet }}/{{ route.netmask }}
via: {{ route.gateway }}
metric: 100
{% endfor %}
{% endif %}{# end routes #}
{% endif %}{# end (not in [wireguard, ]) #}
{% endfor %}
{% endif %}
version: 2

1
roles/postgre

@ -1 +0,0 @@
Subproject commit e5ce16268f165be36d4f2f893caf47f9bdb6f332

10
roles/prometheus-alert-manager/handlers/main.yml
Unescape Escape View File

@ -1,10 +0,0 @@
---
- name: Restart Alertmanager
systemd:
name: prometheus-alertmanager.service
state: restarted
- name: Restart kassandra
systemd:
name: kassandra.service
state: restarted

2
roles/prometheus-alert-manager/meta/main.yml
Unescape Escape View File

@ -1,2 +0,0 @@
dependencies:
- role: install_nginx

73
roles/prometheus-alert-manager/tasks/kassandra.yml
Unescape Escape View File

@ -1,73 +0,0 @@
---
- name: Install dependencies
apt:
name:
- python3.9
- python3.9-venv
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create the kassandra user
user:
name: kassandra
home: /opt/kassandra
password_lock: yes
system: yes
- name: Install kassandra
become: yes
become_user: kassandra
pip:
name:
- wheel
- "kassandra @ git+https://gitea.auro.re/histausse/kassandra.git"
virtualenv: /opt/kassandra
virtualenv_command: "python3.9 -m venv"
- name: Configure kassandra
template:
src: kassandra-config.yaml
dest: /opt/kassandra/config.yaml
owner: kassandra
group: nogroup
mode: '0600'
notify: Restart kassandra
no_log: true
- name: Copy the CA cert
copy:
content: "{{ ca_cert }}"
dest: /opt/kassandra/ca.crt
notify: Restart kassandra
- name: Generate certificate
include_role:
name: generate-cert
vars:
directory: /opt/kassandra/
cname: "kassandra-{{ lan_address }}"
owner: kassandra
group: nogroup
key_mode: u=rw,g=,o=
subject_alt_name: "IP:{{ lan_address }}"
# Need an equivalent to notify here
- name: Ensured the certificate is monitored
import_tasks: register-cert-to-monitoring.yml
vars:
target: "{{ lan_address }}:8000|kassandra-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
- name: Copy the daemon configuration
template:
src: kassandra.service
dest: /etc/systemd/system/kassandra.service
notify: Restart kassandra
- name: Enable the daemon
systemd:
name: kassandra
state: started
enabled: yes

75
roles/prometheus-alert-manager/tasks/main.yml
Unescape Escape View File

@ -1,75 +0,0 @@
---
- name: Install Prometheus Alert Manager
apt:
name:
- prometheus-alertmanager
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Setup the arguments for alertmanager
template:
src: prometheus-alertmanager
dest: /etc/default/prometheus-alertmanager
owner: root
group: root
mode: '0644'
notify: Restart Alertmanager
vars:
args:
- name: web.listen-address
value: "127.0.0.1:9093"
- name: Copy the CA cert
copy:
content: "{{ ca_cert }}"
dest: /etc/prometheus/ca.crt
notify:
- Restart Alertmanager
- Reload nginx
- name: Generate certificate
include_role:
name: generate-cert
vars:
directory: /etc/prometheus/
cname: "alertmanager-{{ lan_address }}"
owner: prometheus
group: prometheus
key_mode: u=rw,g=,o=
subject_alt_name: "IP:{{ lan_address }}"
# Need an equivalent to notify here
- name: Ensured the certificate is monitored
import_tasks: register-cert-to-monitoring.yml
vars:
target: "{{ lan_address }}:9093|alertmanager-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
- name: Setup the alertmanager config
template:
src: alertmanager.yml
dest: /etc/prometheus/alertmanager.yml
owner: prometheus
group: prometheus
mode: '0640'
notify: Restart Alertmanager
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
template:
src: atrocious_nginx_stub
dest: "/etc/nginx/sites-available/internal-alertmanager"
notify: Reload nginx
- name: Activate the config
file:
src: "/etc/nginx/sites-available/internal-alertmanager"
dest: "/etc/nginx/sites-enabled/internal-alertmanager"
state: link
force: yes
- name: Setup the matrix bot
import_tasks: kassandra.yml

23
roles/prometheus-alert-manager/tasks/register-cert-to-monitoring.yml
Unescape Escape View File

@ -1,23 +0,0 @@
---
- name: Get the list of targets of the server
slurp:
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
register: server_tls_targets_file
delegate_to: "{{ appointed_prometheus_server }}"
- name: Set target variable from file
set_fact:
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
- name: Register the endpoint to the prometheus server
block:
- name: Add the target
set_fact:
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
- name: Put the new target list
copy:
content: "{{ new_server_tls_targets | to_nice_json }}"
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
delegate_to: "{{ appointed_prometheus_server }}"
when: target not in server_tls_targets.0.targets

32
roles/prometheus-alert-manager/templates/alertmanager.yml
Unescape Escape View File

@ -1,32 +0,0 @@
{{ ansible_managed | comment }}
# See https://prometheus.io/docs/alerting/configuration/ for documentation.
global:
# Config used by default by the receivers
http_config:
tls_config:
ca_file: "/etc/prometheus/ca.crt"
cert_file: "/etc/prometheus/alertmanager-{{ lan_address }}.crt"
key_file: "/etc/prometheus/alertmanager-{{ lan_address }}.key"
# The directory from which notification templates are read.
templates:
- "/etc/prometheus/alertmanager_templates/*.tmpl"
# The root route on which each incoming alert enters.
route:
repeat_interval: 6h
# A default receiver
receiver: kassandra
# Inhibition rules allow to mute a set of alerts given that another alert is
# firing.
# We use this to mute any warning-level notifications if the same alert is
# already critical.
inhibit_rules:
receivers:
- name: kassandra
webhook_configs:
- url: "https://{{ lan_address }}:8000/webhook"

13
roles/prometheus-alert-manager/templates/atrocious_nginx_stub
Unescape Escape View File

@ -1,13 +0,0 @@
{{ ansible_managed | comment }}
server {
listen {{ lan_address }}:9093 ssl;
ssl_certificate /etc/prometheus/alertmanager-{{ lan_address }}.crt;
ssl_certificate_key /etc/prometheus/alertmanager-{{ lan_address }}.key;
ssl_client_certificate /etc/prometheus/ca.crt;
ssl_verify_client on;
location / {
proxy_pass http://127.0.0.1:9093;
}
}

16
roles/prometheus-alert-manager/templates/kassandra-config.yaml
Unescape Escape View File

@ -1,16 +0,0 @@
---
{{ ansible_managed | comment }}
username: {{ kassandra_username }}
homeserver: https://{{ matrix_server_name}}
password: {{ kassandra_password }}
tls: yes
tls_auth: yes
host: {{ lan_address }}
tls_crt: kassandra-{{ lan_address }}.crt
tls_key: kassandra-{{ lan_address }}.key
ca_crt: ca.crt
alert_rooms:
{% for room in alert_rooms %}
- "{{ room }}"
{% endfor %}
...

12
roles/prometheus-alert-manager/templates/kassandra.service
Unescape Escape View File

@ -1,12 +0,0 @@
{{ ansible_managed | comment }}
[Unit]
Description=Kassandra bot for alertmanager
[Service]
WorkingDirectory=/opt/kassandra
ExecStart=/opt/kassandra/bin/kassandra
User=kassandra
[Install]
WantedBy=multi-user.target

75
roles/prometheus-alert-manager/templates/prometheus-alertmanager
Unescape Escape View File

@ -1,75 +0,0 @@
{{ ansible_managed | comment }}
# Set the command-line arguments to pass to the server.
{% if not args %}
ARGS=""
{% else %}
ARGS="\
{% for arg in args %}
--{{ arg.name }}={{ arg.value }} \
{% endfor %}
"
{% endif %}
# The alert manager supports the following options:
# --config.file="/etc/prometheus/alertmanager.yml"
# Alertmanager configuration file name.
# --storage.path="/var/lib/prometheus/alertmanager/"
# Base path for data storage.
# --data.retention=120h
# How long to keep data for.
# --alerts.gc-interval=30m
# Interval between alert GC.
# --log.level=info
# Only log messages with the given severity or above.
# --web.external-url=WEB.EXTERNAL-URL
# The URL under which Alertmanager is externally reachable (for example,
# if Alertmanager is served via a reverse proxy). Used for generating
# relative and absolute links back to Alertmanager itself. If the URL has
# a path portion, it will be used to prefix all HTTP endpoints served by
# Alertmanager. If omitted, relevant URL components will be derived
# automatically.
# --web.route-prefix=WEB.ROUTE-PREFIX
# Prefix for the internal routes of web endpoints. Defaults to path of
# --web.external-url.
# --web.listen-address=":9093"
# Address to listen on for the web interface and API.
# --web.ui-path="/usr/share/prometheus/alertmanager/ui/"
# Path to static UI directory.
# --template.default="/usr/share/prometheus/alertmanager/default.tmpl"
# Path to default notification template.
# --cluster.listen-address="0.0.0.0:9094"
# Listen address for cluster.
# --cluster.advertise-address=CLUSTER.ADVERTISE-ADDRESS
# Explicit address to advertise in cluster.
# --cluster.peer=CLUSTER.PEER ...
# Initial peers (may be repeated).
# --cluster.peer-timeout=15s
# Time to wait between peers to send notifications.
# --cluster.gossip-interval=200ms
# Interval between sending gossip messages. By lowering this value (more
# frequent) gossip messages are propagated across the cluster more
# quickly at the expense of increased bandwidth.
# --cluster.pushpull-interval=1m0s
# Interval for gossip state syncs. Setting this interval lower (more
# frequent) will increase convergence speeds across larger clusters at
# the expense of increased bandwidth usage.
# --cluster.tcp-timeout=10s Timeout for establishing a stream connection
# with a remote node for a full state sync, and for stream read and write
# operations.
# --cluster.probe-timeout=500ms
# Timeout to wait for an ack from a probed node before assuming it is
# unhealthy. This should be set to 99-percentile of RTT (round-trip time)
# on your network.
# --cluster.probe-interval=1s
# Interval between random node probes. Setting this lower (more frequent)
# will cause the cluster to detect failed nodes more quickly at the
# expense of increased bandwidth usage.
# --cluster.settle-timeout=1m0s
# Maximum time to wait for cluster connections to settle before
# evaluating notifications.
# --cluster.reconnect-interval=10s
# Interval between attempting to reconnect to lost peers.
# --cluster.reconnect-timeout=6h0m0s
# Length of time to attempt to reconnect to a lost peer.

47
roles/prometheus-blackbox-exporter/files/alerts-blackbox.yml
Unescape Escape View File

@ -1,47 +0,0 @@
---
groups:
- name: BlackBoxAllInstances
rules:
- alert: SiteUp
expr: probe_success{job="blackbox http-down"} == 1
annotations:
title: '{{ $labels.instance }} is UP!'
description: '{{ $labels.instance }} is now up!'
labels:
value: "{{ $value }}"
severity: 'critical'
- alert: SiteDown
expr: probe_success{job="blackbox http-up"} == 0
for: 5m
annotations:
title: '{{ $labels.instance }} is Down'
description: >-
{{ $labels.instance }} has been down for more than 5 minutes.
labels:
value: "{{ $value }}"
severity: 'warning'
- alert: CertExpLess30daysProb
expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 2592000
annotations:
title: '{{ $labels.cname }} will expire soon'
description: >-
The certificate {{ $labels.cname }} on {{ $labels.instance }} will expire in
{{ $value | humanizeDuration }}, it's time to renew it.
labels:
value: "{{ $value }}"
severity: 'warning'
- alert: CertExpLess10daysProb
expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 864000
annotations:
title: '{{ $labels.cname }} expiracy is imminent!'
description: >-
The certificate {{ $labels.cname }} on {{ $labels.instance }} will expire in
{{ $value | humanizeDuration }}!
labels:
value: "{{ $value }}"
severity: 'critical'
...

10
roles/prometheus-blackbox-exporter/handlers/main.yml
Unescape Escape View File

@ -1,10 +0,0 @@
---
- name: Restart blackbox-exporter
systemd:
name: prometheus-blackbox-exporter.service
state: restarted
- name: Restart prometheus
systemd:
name: prometheus
state: restarted

2
roles/prometheus-blackbox-exporter/meta/main.yml
Unescape Escape View File

@ -1,2 +0,0 @@
dependencies:
- role: install_nginx

96
roles/prometheus-blackbox-exporter/tasks/main.yml
Unescape Escape View File

@ -1,96 +0,0 @@
---
- name: Install Prometheus Components
apt:
name:
- prometheus-blackbox-exporter
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Copy the CA cert
copy:
content: "{{ ca_cert }}"
dest: /etc/prometheus/ca.crt
notify:
- Restart blackbox-exporter
- Reload nginx
- name: Generate certificate
include_role:
name: generate-cert
vars:
directory: /etc/prometheus/
cname: "blackbox-{{ lan_address }}"
owner: prometheus
group: prometheus
key_mode: u=rw,g=,o=
subject_alt_name: "IP:{{ lan_address }}"
# Need an equivalent to notify here
- name: Ensured the certificate is monitored
import_tasks: register-cert-to-monitoring.yml
vars:
target: "{{ lan_address }}:9115|blackbox-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
- name: Setup the blackbox config
template:
src: blackbox.yml
dest: /etc/prometheus/blackbox.yml
owner: prometheus
group: prometheus
mode: '0640'
notify: Restart blackbox-exporter
no_log: true
#- name: Copy the web-config folder
# template:
# src: web-config.yaml
# dest: /etc/prometheus/web-config-blackbox.yaml
# group: prometheus
# owner: prometheus
# mode: u=rw,g=r,o=r
# notify: Restart blackbox-exporter
- name: Setup the arguments for prometheus
template:
src: prometheus-blackbox-exporter
dest: /etc/default/prometheus-blackbox-exporter
owner: root
group: root
mode: '0644'
notify: Restart blackbox-exporter
vars:
args:
- name: web.listen-address
value: "127.0.0.1:9115"
# value: "{{ lan_address }}:9115"
- name: config.file
value: /etc/prometheus/blackbox.yml
# - name: web.config.file
# value: /etc/prometheus/web-config.yaml
## Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
template:
src: atrocious_nginx_stub
dest: "/etc/nginx/sites-available/internal-blackbox"
notify: Reload nginx
- name: Activate the config
file:
src: "/etc/nginx/sites-available/internal-blackbox"
dest: "/etc/nginx/sites-enabled/internal-blackbox"
state: link
force: yes
- name: Add alert rules for node on the prometheus server
copy:
src: alerts-blackbox.yml
dest: /etc/prometheus/alertsblackbox.yml
owner: prometheus
group: prometheus
mode: u=rw,g=r,o=r
notify: Restart prometheus

23
roles/prometheus-blackbox-exporter/tasks/register-cert-to-monitoring.yml
Unescape Escape View File

@ -1,23 +0,0 @@
---
- name: Get the list of targets of the server
slurp:
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
register: server_tls_targets_file
delegate_to: "{{ appointed_prometheus_server }}"
- name: Set target variable from file
set_fact:
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
- name: Register the endpoint to the prometheus server
block:
- name: Add the target
set_fact:
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
- name: Put the new target list
copy:
content: "{{ new_server_tls_targets | to_nice_json }}"
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
delegate_to: "{{ appointed_prometheus_server }}"
when: target not in server_tls_targets.0.targets

13
roles/prometheus-blackbox-exporter/templates/atrocious_nginx_stub
Unescape Escape View File

@ -1,13 +0,0 @@
{{ ansible_managed | comment }}
server {
listen {{ lan_address }}:9115 ssl;
ssl_certificate /etc/prometheus/blackbox-{{ lan_address }}.crt;
ssl_certificate_key /etc/prometheus/blackbox-{{ lan_address }}.key;
ssl_client_certificate /etc/prometheus/ca.crt;
ssl_verify_client on;
location / {
proxy_pass http://127.0.0.1:9115;
}
}

23
roles/prometheus-blackbox-exporter/templates/blackbox.yml
Unescape Escape View File

@ -1,23 +0,0 @@
{{ ansible_managed | comment }}
modules:
http_2xx:
prober: http
http:
http_post_2xx:
prober: http
http:
method: POST
tcp_connect:
prober: tcp
icmp:
prober: icmp
internal_tls_connect:
prober: tcp
timeout: 10s
tcp:
tls: true
tls_config:
ca_file: '/etc/prometheus/ca.crt'
cert_file: '/etc/prometheus/blackbox-{{ lan_address }}.crt'
key_file: '/etc/prometheus/blackbox-{{ lan_address }}.key'

21
roles/prometheus-blackbox-exporter/templates/prometheus-blackbox-exporter
Unescape Escape View File

@ -1,21 +0,0 @@
{{ ansible_managed | comment }}
# Set the command-line arguments to pass to the server.
{% if not args %}
ARGS=""
{% else %}
ARGS="\
{% for arg in args %}
--{{ arg.name }}={{ arg.value }} \
{% endfor %}
"
{% endif %}
# Usage of prometheus-blackbox-exporter:
# --config.file="blackbox.yml"
# Blackbox exporter configuration file.
# --web.listen-address=":9115"
# The address to listen on for HTTP requests.
# --timeout-offset=0.5 Offset to subtract from timeout in seconds.
# --log.level=info Only log messages with the given severity or above.
# One of: [debug, info, warn, error]

6
roles/prometheus-blackbox-exporter/templates/targets.json
Unescape Escape View File

@ -1,6 +0,0 @@
[
{
"targets": [
]
}
]

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save