From 19c623ab0a6b6aa12244f1ab479ae75f8b5e85f9 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 7 Jan 2023 02:25:53 +0100 Subject: [PATCH] Add config for new VMs --- .gitignore | 1 + all.yml | 11 + deploy_all.sh | 3 - playbooks/base.yml | 12 +- playbooks/bird.yml | 32 +- playbooks/chronyd.yml | 4 +- playbooks/ifupdown2.yml | 549 +++++++++++++++++++------------- playbooks/keepalived.yml | 16 +- playbooks/knotd.yml | 4 +- playbooks/radius.yml | 10 - playbooks/resolvconf.yml | 16 + playbooks/root.yml | 4 +- playbooks/router.yml | 23 -- playbooks/ssh.yml | 4 +- roles/base_utils/tasks/main.yml | 8 + 15 files changed, 389 insertions(+), 308 deletions(-) create mode 100755 all.yml delete mode 100755 deploy_all.sh delete mode 100755 playbooks/radius.yml create mode 100755 playbooks/resolvconf.yml delete mode 100755 playbooks/router.yml create mode 100644 roles/base_utils/tasks/main.yml diff --git a/.gitignore b/.gitignore index ea2eabf..c4c29ed 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.retry tmp ldap-password.txt +__pycache__/ diff --git a/all.yml b/all.yml new file mode 100755 index 0000000..403a04e --- /dev/null +++ b/all.yml @@ -0,0 +1,11 @@ +#!/usr/bin/env ansible-playbook +--- +- import_playbook: playbooks/base.yml +- import_playbook: playbooks/root.yml +- import_playbook: playbooks/ssh.yml +- import_playbook: playbooks/chronyd.yml +- import_playbook: playbooks/kresd.yml +- import_playbook: playbooks/resolvconf.yml +- import_playbook: playbooks/ifupdown2.yml +- import_playbook: playbooks/keepalived.yml +... diff --git a/deploy_all.sh b/deploy_all.sh deleted file mode 100755 index f450a8f..0000000 --- a/deploy_all.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash -# Deploy all playbooks -ansible-playbook playbooks/*.yml $@ diff --git a/playbooks/base.yml b/playbooks/base.yml index 6126147..fffa1df 100755 --- a/playbooks/base.yml +++ b/playbooks/base.yml @@ -1,10 +1,8 @@ #!/usr/bin/env ansible-playbook --- -# Put a common configuration on all servers -- hosts: all,!unifi +- hosts: + - pve_network + - vm_network roles: - - baseconfig - - basesecurity - - ldap_client - - logrotate - - update_motd + - base_utils +... diff --git a/playbooks/bird.yml b/playbooks/bird.yml index e7991df..01c11dc 100755 --- a/playbooks/bird.yml +++ b/playbooks/bird.yml @@ -5,17 +5,9 @@ - isp-2.rtr.infra.auro.re vars: bird__router_ids: - isp-1.rtr.infra.auro.re: 10.136.0.1 - isp-2.rtr.infra.auro.re: 10.136.0.2 + isp-1.rtr.infra.auro.re: 10.203.0.5 + isp-2.rtr.infra.auro.re: 10.203.0.6 bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" - bird__ospf_broadcast_interfaces: - ens20: null - bird__ospf_stub_interfaces: - - client-0 - - client-1 - - client-2 - - client-3 - - client-4 bird__radv_interfaces: client-0: prefix: @@ -43,7 +35,7 @@ domain_search: - client-4.isp.auro.re bird__radv_dns_servers: - - 2a09:6840:128::127 + - 2a09:6840:128::10:3 roles: - bird @@ -52,19 +44,9 @@ - infra-2.rtr.infra.auro.re vars: bird__router_ids: - infra-1.rtr.infra.auro.re: 10.203.1.3 - infra-2.rtr.infra.auro.re: 10.203.1.4 + infra-1.rtr.infra.auro.re: 10.203.0.3 + infra-2.rtr.infra.auro.re: 10.203.0.4 bird__router_id: "{{ bird__router_ids[inventory_hostname] }}" - bird__ospf_broadcast_interfaces: - ens19: null - bird__ospf_stub_interfaces: - - ens20 - - ens21 - - ens22 - - ens23 - - ens1 - - ens2 - - ens1s3 roles: - bird @@ -73,8 +55,8 @@ - edge-2.rtr.infra.auro.re vars: bird__router_ids: - edge-1.rtr.infra.auro.re: 10.203.1.1 - edge-2.rtr.infra.auro.re: 10.203.1.2 + edge-1.rtr.infra.auro.re: 10.203.0.1 + edge-2.rtr.infra.auro.re: 10.203.0.2 bird__asn: aurore: 43619 crans: 204515 diff --git a/playbooks/chronyd.yml b/playbooks/chronyd.yml index 71d237e..fe17d5f 100755 --- a/playbooks/chronyd.yml +++ b/playbooks/chronyd.yml @@ -17,10 +17,10 @@ - chronyd - hosts: - - all + - pve_network + - vm_network - "!ntp-1.int.infra.auro.re" - "!ntp-2.int.infra.auro.re" - - "!unifi" vars: chronyd__pools: - ntp-1.int.infra.auro.re diff --git a/playbooks/ifupdown2.yml b/playbooks/ifupdown2.yml index 716458a..42c4fdd 100755 --- a/playbooks/ifupdown2.yml +++ b/playbooks/ifupdown2.yml @@ -1,48 +1,261 @@ #!/usr/bin/env ansible-playbook --- - hosts: - - ntp-1.int.infra.auro.re - - dns-1.int.infra.auro.re - - dhcp-1.isp.auro.re - - dhcp-2.isp.auro.re - - isp-1.rtr.infra.auro.re - - isp-2.rtr.infra.auro.re - - edge-1.rtr.infra.auro.re - - edge-2.rtr.infra.auro.re - - infra-1.rtr.infra.auro.re - - infra-2.rtr.infra.auro.re + - vm_network vars: + ifupdown2__gateways: + adm: + - 2a09:6840:128::254 + - 10.128.0.254 # TODO: netbox ifupdown2__hosts: - ntp-1.int.infra.auro.re: + edge-1.rtr.infra.auro.re: ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 addresses: - - 2a09:6840:128::203/56 - - 10.128.0.203/16 + - 2a09:6840:128::10:2/56 + - 10.128.10.2/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + ipv6_addrgen: false + forward: true + ens20: + ipv6_addrgen: false + forward: true + ens21: + ipv6_addrgen: false + forward: true + ens22: + addresses: + - 2a09:6840:203:0:1::1/56 + - 10.203.0.1/16 + forward: true + edge-2.rtr.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128:10:102/56 + - 10.128.10.102/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + ipv6_addrgen: false + forward: true + ens20: + ipv6_addrgen: false + forward: true + ens21: + ipv6_addrgen: false + forward: true + ens22: + addresses: + - 2a09:6840:203:0:2::1/56 + - 10.203.0.2/16 + forward: true dns-1.int.infra.auro.re: ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 addresses: - - 2a09:6840:128::127/56 - - 10.128.0.127/16 - dhcp-1.isp.auro.re: + - 2a09:6840:128::10:3/56 + - 10.128.10.3/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:206:0:2::1/56 + - 10.206.0.2/16 + dns-2.int.infra.auro.re: ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 addresses: - - 2a09:6840:128::204/56 - - 10.128.0.204/16 - ens19: null + - 2a09:6840:128::10:103/56 + - 10.128.10.103/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:206:0:3::1/56 + - 10.206.0.3/16 + ssh-1.mgmt.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:1/56 + - 10.128.10.1/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + - 45.66.108.2/16 + ssh-2.mgmt.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:101/56 + - 10.128.10.101/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + - 45.66.108.3/16 + infra-1.rtr.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:4/56 + - 10.128.10.4/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:203:1:3::1/56 + - 10.203.1.3/16 + forward: true + ens20: + ipv6_addrgen: false + forward: true + ens21: + ipv6_addrgen: false + forward: true + ens22: + ipv6_addrgen: false + forward: true + ens23: + ipv6_addrgen: false + forward: true + ens1: + ipv6_addrgen: false + forward: true + ens2: + ipv6_addrgen: false + forward: true + enp1s3: + ipv6_addrgen: false + forward: true + infra-2.rtr.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:104/56 + - 10.128.10.104/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:203:4::1/64 + - 10.203.1.4/16 + forward: true + ens20: + ipv6_addrgen: false + forward: true + ens21: + ipv6_addrgen: false + forward: true + ens22: + ipv6_addrgen: false + forward: true + ens23: + ipv6_addrgen: false + forward: true + ens1: + ipv6_addrgen: false + forward: true + ens2: + ipv6_addrgen: false + forward: true + enp1s3: + ipv6_addrgen: false + forward: true + isp-1.rtr.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:5/56 + - 10.128.10.5/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:203:0:5::1/56 + - 10.203.0.5/16 + forward: true + ens20: + ipv6_addrgen: false clients: bridge_vlan_aware: true bridge_ports: - - ens19 + - ens20 + bridge_vids: + - 1000-1004 + bridge_disable_pvid: true + ipv6_addrgen: false + forward: true + client-0: + vlan_id: 1000 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-1: + vlan_id: 1001 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-2: + vlan_id: 1002 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-3: + vlan_id: 1003 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-4: + vlan_id: 1004 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + isp-2.rtr.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:105/56 + - 10.128.10.105/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:203:0:5::1/56 + - 10.203.0.5/16 + forward: true + ens20: + ipv6_addrgen: false + clients: + bridge_vlan_aware: true + bridge_ports: + - ens20 + bridge_vids: + - 1000-1004 + forward: true + client-0: + vlan_id: 1000 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-1: + vlan_id: 1001 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-2: + vlan_id: 1002 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-3: + vlan_id: 1003 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + client-4: + vlan_id: 1004 + vlan_raw_device: clients + ipv6_addrgen: false + forward: true + dhcp-1.isp.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:6/56 + - 10.128.10.6/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:210:1:1::1/56 + - 10.210.1.1/16 + ens20: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens20 bridge_vids: - 1000-1004 client-0: @@ -70,19 +283,21 @@ - 100.64.0.130/27 vlan_id: 1004 vlan_raw_device: clients - dhcp-2.isp.auro.re: + dhcp-2.isp.infra.auro.re: ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 addresses: - - 2a09:6840:128::91/56 - - 10.128.0.91/16 - ens19: null + - 2a09:6840:128::10:106/56 + - 10.128.10.106/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:210:1:2::1/56 + - 10.210.1.2/16 + ens20: null clients: bridge_vlan_aware: true bridge_ports: - - ens19 + - ens20 bridge_vids: - 1000-1004 client-0: @@ -110,204 +325,86 @@ - 100.64.0.131/27 vlan_id: 1004 vlan_raw_device: clients - isp-1.rtr.infra.auro.re: + radius-1.isp.infra.auro.re: ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 addresses: - - 2a09:6840:128::255/56 - - 10.128.0.255/16 - ens19: null - ens20: - forward: true - addresses: - - 2a09:6840:136:0:1::1/56 - - 10.136.0.1/16 - clients: - bridge_vlan_aware: true - bridge_ports: - - ens19 - bridge_vids: - - 1000-1004 - bridge_disable_pvid: true - forward: true - ipv6_addrgen: false - client-0: - forward: true - vlan_id: 1000 - vlan_raw_device: clients - ipv6_addrgen: false - client-1: - forward: true - vlan_id: 1001 - vlan_raw_device: clients - ipv6_addrgen: false - client-2: - forward: true - vlan_id: 1002 - vlan_raw_device: clients - ipv6_addrgen: false - client-3: - forward: true - vlan_id: 1003 - vlan_raw_device: clients - ipv6_addrgen: false - client-4: - forward: true - vlan_id: 1004 - vlan_raw_device: clients - ipv6_addrgen: false - isp-2.rtr.infra.auro.re: - ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 - addresses: - - 2a09:6840:128::158/56 - - 10.128.0.158/16 - ens19: null - ens20: - forward: true - addresses: - - 2a09:6840:136:0:2::1/56 - - 10.136.0.2/16 - clients: - bridge_vlan_aware: true - bridge_ports: - - ens19 - bridge_vids: - - 1000-1004 - client-0: - forward: true - vlan_id: 1000 - vlan_raw_device: clients - ipv6_addrgen: false - client-1: - forward: true - vlan_id: 1001 - vlan_raw_device: clients - ipv6_addrgen: false - client-2: - forward: true - vlan_id: 1002 - vlan_raw_device: clients - ipv6_addrgen: false - client-3: - forward: true - vlan_id: 1003 - vlan_raw_device: clients - ipv6_addrgen: false - client-4: - forward: true - vlan_id: 1004 - vlan_raw_device: clients - ipv6_addrgen: false - edge-1.rtr.infra.auro.re: - ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 - addresses: - - 2a09:6840:128::186/56 - - 10.128.0.186/16 - ens19: null # crans - ens20: null # vr - ens21: null # zayo - ens22: # backbone - addresses: - - 2a09:6840:203:1:1::1/64 - - 10.203.1.1/16 - edge-2.rtr.infra.auro.re: - ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 - addresses: - - 2a09:6840:128::228/56 - - 10.128.0.228/16 - ens19: null # crans - ens20: null # vr - ens21: null # zayo - ens22: # backbone - addresses: - - 2a09:6840:203:1:2::1/64 - - 10.203.1.2/16 - infra-1.rtr.infra.auro.re: - ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 - addresses: - - 2a09:6840:128::2:76/56 - - 10.128.2.76/16 + - 2a09:6840:128::10:7/56 + - 10.128.10.7/16 + gateways: "{{ ifupdown2__gateways.adm }}" ens19: addresses: - - 2a09:6840:1:3::1/64 - - 10.203.1.3/16 - ens20: - ipv6_addrgen: false - ens21: - ipv6_addrgen: false - ens22: - ipv6_addrgen: false - ens23: - ipv6_addrgen: false - ens1: - ipv6_addrgen: false - ens2: - ipv6_addrgen: false - enp1s3: - ipv6_addrgen: false - infra-2.rtr.infra.auro.re: + - 2a09:6840:210:1:1::1/56 + - 10.210.1.1/16 + radius-2.isp.infra.auro.re: ens18: - gateways: - - 2a09:6840:128::254 - - 10.128.0.254 addresses: - - 2a09:6840:128::2:27/56 - - 10.128.2.27/16 + - 2a09:6840:128::10:107/56 + - 10.128.10.107/16 + gateways: "{{ ifupdown2__gateways.adm }}" ens19: addresses: - - 2a09:6840:1:4::1/64 - - 10.203.1.4/16 - ens20: - ipv6_addrgen: false - ens21: - ipv6_addrgen: false - ens22: - ipv6_addrgen: false - ens23: - ipv6_addrgen: false - ens1: - ipv6_addrgen: false - ens2: - ipv6_addrgen: false - enp1s3: - ipv6_addrgen: false + - 2a09:6840:210:1:2::1/56 + ldap-1.int.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:8/56 + - 10.128.10.8/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:206:1:3::1/56 + - 10.206.1.3/16 + ldap-2.int.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:108/56 + - 10.128.10.108/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:206:1:4::1/56 + - 10.206.1.4/16 + ntp-1.int.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:9/56 + - 10.128.10.9/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:206:1:5::1/56 + - 10.206.1.5/16 + ntp-2.int.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:109/56 + - 10.128.10.109/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:206:1:6::1/56 + - 10.206.1.6/16 + prometheus-1.monit.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:10/56 + - 10.128.10.10/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:204:1:1::1/56 + - 10.204.1.1/16 + prometheus-2.monit.infra.auro.re: + ens18: + addresses: + - 2a09:6840:128::10:110/56 + - 10.128.10.110/16 + gateways: "{{ ifupdown2__gateways.adm }}" + ens19: + addresses: + - 2a09:6840:204:1:2::1/56 + - 10.204.1.2/16 ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}" roles: - ifupdown2 - -- hosts: - - ntp-1.int.infra.auro.re - - dns-1.int.infra.auro.re - - dhcp-1.isp.auro.re - - dhcp-2.isp.auro.re - - isp-1.rtr.infra.auro.re - - isp-2.rtr.infra.auro.re - - edge-1.rtr.infra.auro.re - - edge-2.rtr.infra.auro.re - - infra-1.rtr.infra.auro.re - - infra-2.rtr.infra.auro.re - vars: - resolvconf__nameservers: - - 2a09:6840:128::127 - - 10.128.0.127 - resolvconf__domain: auro.re - resolvconf__search: - - "{{ inventory_hostname | remove_domain_suffix }}" - - auro.re - roles: - - resolvconf ... diff --git a/playbooks/keepalived.yml b/playbooks/keepalived.yml index 044b01b..8273692 100755 --- a/playbooks/keepalived.yml +++ b/playbooks/keepalived.yml @@ -5,7 +5,7 @@ - isp-2.rtr.infra.auro.re vars: keepalived__virtual_router_id: 80 - keepalived__interface: ens20 + keepalived__interface: ens19 keepalived__virtual_addresses: client-0: - 100.64.0.1/27 @@ -61,31 +61,31 @@ keepalived__virtual_addresses: ens20: - 10.204.0.1/16 - - 2a09:6840:204::1/64 + - 2a09:6840:204::1/56 - fe80::1/10 ens21: - 10.205.0.1/16 - - 2a09:6840:205::1/64 + - 2a09:6840:205::1/56 - fe80::1/10 ens22: - 10.206.0.1/16 - - 2a09:6840:206::1/64 + - 2a09:6840:206::1/56 - fe80::1/10 ens23: - 10.207.0.1/16 - - 2a09:6840:207::1/64 + - 2a09:6840:207::1/56 - fe80::1/10 ens1: - 10.208.0.1/16 - - 2a09:6840:208::1/64 + - 2a09:6840:208::1/56 - fe80::1/10 ens2: - 10.209.0.1/16 - - 2a09:6840:209::1/64 + - 2a09:6840:209::1/56 - fe80::1/10 enp1s3: - 10.210.0.1/16 - - 2a09:6840:210::1/64 + - 2a09:6840:210::1/56 - fe80::1/10 roles: - keepalived diff --git a/playbooks/knotd.yml b/playbooks/knotd.yml index 0992d7c..1a581a8 100755 --- a/playbooks/knotd.yml +++ b/playbooks/knotd.yml @@ -361,8 +361,8 @@ - 10.128.10.1 - 2a09:6840:128::10:1 ssh-2.mgmt: - - 10.128.10.2 - - 2a09:6840:128::10:2 + - 10.128.10.101 + - 2a09:6840:128::10:101 infra-1.rtr: - 10.128.10.4 - 2a09:6840:128::10:4 diff --git a/playbooks/radius.yml b/playbooks/radius.yml deleted file mode 100755 index b48765e..0000000 --- a/playbooks/radius.yml +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# Deploy Radius -- hosts: radius-*.adm.auro.re - vars: - update_motd: - unbound: FreeRADIUS est déployé. - roles: - - radius - - update_motd diff --git a/playbooks/resolvconf.yml b/playbooks/resolvconf.yml new file mode 100755 index 0000000..e143599 --- /dev/null +++ b/playbooks/resolvconf.yml @@ -0,0 +1,16 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: + - vm_network + - pve_network + vars: + resolvconf__nameservers: + - 2a09:6840:128::10:3 + - 10.128.10.3 + resolvconf__domain: auro.re. + resolvconf__search: + - "{{ inventory_hostname | remove_domain_suffix }}" + - auro.re. + roles: + - resolvconf +... diff --git a/playbooks/root.yml b/playbooks/root.yml index 4c49aa5..425140a 100755 --- a/playbooks/root.yml +++ b/playbooks/root.yml @@ -1,6 +1,8 @@ #!/usr/bin/env ansible-playbook --- -- hosts: all,!unifi +- hosts: + - vm_network + - pve_network vars: root_shell: /bin/bash root_password: "{{ vault_root_password }}" diff --git a/playbooks/router.yml b/playbooks/router.yml deleted file mode 100755 index c273f0d..0000000 --- a/playbooks/router.yml +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# Deploy firewall and keepalived -# radvd: IPv6 SLAAC (/64 subnets, private IPs). -# Must NOT be on routeur-aurore-*, or will with DHCPv6! -- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re - vars: - update_motd: - unbound: Le routage (avec radvd) est déployé. - roles: - - router - - radvd - - update_motd - -# No radvd here -- hosts: ~routeur-aurore.*\.adm\.auro\.re - vars: - update_motd: - unbound: Le routage (avec DHCPv6) est déployé. - roles: - - router - - ipv6_edge_router - - update_motd diff --git a/playbooks/ssh.yml b/playbooks/ssh.yml index ddd78a0..51fbac1 100755 --- a/playbooks/ssh.yml +++ b/playbooks/ssh.yml @@ -1,6 +1,8 @@ #!/usr/bin/env ansible-playbook --- -- hosts: all,!unifi +- hosts: + - pve_network + - vm_network vars: openssh_users_ca_public_key: "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\ diff --git a/roles/base_utils/tasks/main.yml b/roles/base_utils/tasks/main.yml new file mode 100644 index 0000000..8f437de --- /dev/null +++ b/roles/base_utils/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Install base utils + apt: + name: + - htop + - vim + - dnsutils +...