From 99070ed5efaf7c865ad47bc780a8354094164536 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yoha=C3=AF-Eliel=20BERREBY?= <yberreby@protonmail.ch>
Date: Thu, 21 May 2020 18:06:37 +0200
Subject: [PATCH] radius: step 2 of deployment (WIP)

---
 README.md                                     |  13 +
 group_vars/all/vars.yml                       |   3 +
 group_vars/all/vault.yml                      | 326 +++++++++---------
 network.yml                                   |   2 +-
 roles/radius/tasks/main.yml                   | 134 ++++++-
 .../radius/templates/freeradius-logrotate.j2  |  50 +++
 roles/re2o-service/tasks/main.yml             |   4 +-
 roles/router/tasks/main.yml                   |   2 +-
 8 files changed, 363 insertions(+), 171 deletions(-)
 create mode 100644 roles/radius/templates/freeradius-logrotate.j2

diff --git a/README.md b/README.md
index 6b7d611..d52b7aa 100644
--- a/README.md
+++ b/README.md
@@ -118,3 +118,16 @@ for ip in `cat hosts|grep .adm.auro.re`; do
     ssh-copy-id -i ~/.ssh/id_rsa.pub $ip
 done
 ```
+
+
+### Passage à Ansible 2.10 (release: 30 juillet)
+
+```bash
+ansible-galaxy collection install community.general
+ansible-galaxy collection install ansible.posix
+```
+
+Erreur avec sudo ?
+Workaround: `$  export ANSIBLE_BECOME_PASS='<votre mot de passe LDAP>'`
+(notez l'espace au début pour ne pas log la commande dans votre historique
+shell)
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index eb846b4..3b0c131 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -67,3 +67,6 @@ re2o_aes_key: "{{ vault_re2o_aes_key }}"
 radius_secret_aurore: "{{ vault_radius_secrets.aurore }}"
 radius_secret_wifi: "{{ vault_radius_secrets.wifi }}"
 radius_secret_wired: "{{ vault_radius_secrets.wired[apartment_block] }}"
+
+radius_pg_replication_password: "{{ vault_re2o_db_user_passwords.replication }}"
+radius_pg_re2o_ro_password: "{{ vault_re2o_db_user_passwords.re2o_ro }}"
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 1443e22..ff1c922 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,162 +1,166 @@
 $ANSIBLE_VAULT;1.1;AES256
-61336339613837303864333338376131306234356334366237613038323565363539656161643663
-3630396462363834616166383634323735386461653430330a353861386131386130613733663465
-66363639336164303137326133373364643539663032303237633831333764376534366464313030
-6161663162613636660a393262663061656235333836356331366638313263333364306262636631
-62393434336561313630343366626136393933383966613463353135643334666432366433383038
-39306538616266656536373435363963336463366635653433666566343162623065323738336339
-38346632383039663666623137393431313931656538326136356433386261303638616165626336
-63326134336330646236336631306266306532366435323830333233363565366134373236623263
-62653836386362613166643762633865303239666662313138363866373335333566353033613732
-38663634313962373264393763303733616236346230393665633366316538666334333537306536
-61643061356633646133616138396163346538633065313935666639623531303861303663666466
-63346531666362386363383534303436376338653034633565383361386430386636336664626431
-62613263306132633336363562323030613832373363646464303263616264353431386664626137
-36633434343536346333383530343965313262353639363266656562633132343036656137383938
-63333165333835636634336336343732383865306634393939343332396565643661313666656239
-61633635623236383764646664356539383834303437636338633138343465656337643962616365
-37633032303161616664333264336331626531613031363066323137313539373637646533623663
-66313662356438666566313364653933316335376438313939313430643865643432356139353231
-31356236663234383564383162633431376436396331613838613039343762336562343562653738
-33383163653535373538646237623865356462626665613136316365623036396536373633363536
-30613932656534313966633664303661336366336561656434373438373361643532623335643234
-61353466323636663463643262616635653639633463373235636432616561623662393838636335
-30646164633962353138396164303666633366363364373039393339383063316238393332623139
-62333166393831636232373738643962613063396530633132366536663839333136656338336464
-37633039626138666261343863363232633936323234386362373463353737343330656430643966
-30633037613033383134653133653232373236353535663033323634633564656636316636383537
-65373663393235323561386232613634663962653564373634333034373530353264333037663431
-32326438613436333935346335313364363361383732323362383437626234663533396235333935
-31333132366534373832636637333664346365393236353366363937306138333961393939626138
-33333036653839623138373832613233326262633836363562346261323639383536353433613764
-63323434663437653236383334346634633765636339646665653638333938303665643132643735
-63393838363732646339343937323732653939656466313637383738626131396261303838326565
-34393934333738323137646264666633386661343637613462393864613134383538653966383732
-64383738653833306266663431623162643333616537656136373439373462626266383663303031
-63666265373664653334373266616437653764623765616539343139373934356133613338376239
-63393735613066636432663466353865666661316232393361306438623036643438346130383937
-36373762316263643764303638383633373161383862373630386465643462396432656134313764
-61666534636565366136653438666339346539303238613135613261333431336361346138333161
-33393130333765326361336239373365366332626566396639643966313434666561626262646664
-37386534316136613061343333656630303839356366623835656239306562646436656131366366
-36346635393235663630633331646231313737363535643663333162616135316566396530303030
-33346331303935326631646563663833663266323937383134396162353131396231323837656631
-66373864316332646433316131633435386133373239333261616136613632613162346366643366
-30363030393736343438643866343363366331393031633638333731393732646132393165383361
-31303637386535366535386332666133316564366463313465313637393663623662373431646234
-62663461353961626237343663356664623731376432343538656332613866323135373637313831
-34396132343961656266656430663838643464353362393732623739393938353764323065303464
-66656435303333616432313232333431326535613635396536663835626361643733363461653831
-33313634656632633831313866306233363633316330313037313035366537373034326231383463
-34633062353635396261353438633564623564346536356131353166353835336135316662343262
-34386333353731313335333339323936643862386264363565373737383364623366663265353339
-62663730623430303535333138653636323864383039653361383435383062336537633865356466
-64303532303338383365326635353363363161613962336166663764353562666236336133353538
-35343733343338346666366139363261313662633866306263666331313336336330326537636538
-37326330393732636163333161643831356533393238303039643663663766613634376336303062
-66316138396433356365623437323932663632393831613835366632653138656530336236383063
-31376433343664643863396537663730663335656262306663303961333832343366343835616362
-34393032363862636639656338656462636436343238616663616634393365353432623361323763
-66323937643936636537323866353461653232653136663631313231613731353231313130353565
-31373336643261336535663739316366626634323635616537666131653534333164353836336531
-36613763353135346630323138643039383634393234656330306664346136346238343762646639
-38383466356332383063613565383765313931356235363330366138333064383938316538373933
-32353836663535613339636130303832323231633832353366393166373235306538656364633666
-62386134643738363830613130353565666337343861653538366530373966626330343032393531
-64373162626336353631306661623837353036663364383930303633613561373432303366323463
-37633963633835363565643131343962656463376163336366383531303164303263663034303530
-30616337373466663939333666313761313334626335376236363436376563626534626666383230
-35373537633135346138323231316565633862666432626430386231653532663132333532373837
-38316161316565346663323138623538356130303564306638623461323765366634633161356234
-39313862336532326161346436363865353833663663376566303865616264303035323864633739
-30383435653961303861646365356462376261663634383433383137363734616337643836333730
-37643737626339646434386638326439663264373362333165623637306664396330303164363366
-66353234386137343136363764633463666137653438393131393436613563313934313736303165
-33633638373561623933623033333036346339346533373435336262346164656162303561366638
-30383035623338653430343731353766653164616139616638636563643630313735333463376662
-62666661623438333936323762616433373236396439636563646237313535343866333064393432
-64336139623933323265333633616131396661656264396262646662303633346262356662633535
-31333038666163316132613365386662396330366630313562663561313962366261323131623939
-33626634303663353466306631653439633430383138643534386430623238326332303232623965
-61653165323132303335353338353366323462633763623062616335663831653266323463353364
-61303339336162663235303837643432383333343466333365333535633763396664353636613165
-38306536656665333731376339383061383232346437643564346134396265633362616161306339
-63333264656235393639386435353631333438376166646662656631353838326338656438326231
-65326563363431653266623034393435383061333533316235363236393131333231366665343964
-65376438653165633265646233343131373133313939666163313735336564333038333765623766
-38633061303731623832353638396566373238393535383631396566343035656137353461613838
-65363239303664613132363466383336313038653962343939616363323339333866343036613238
-34656537663765346430623332656266323035343435616361343537306263363466373665306361
-39663066633833306330336334306437323430643764306266626634633139396231353638633665
-66336364633536323931343930623832306331393533626539306361333961306663353266303631
-30326633326332353861383735656362306334646238656137656533323835633937313439356538
-38653130656465656531623635343565663739306665313932356562313131373934393435623932
-38663737306135306332373730613466386631353463633261663532393933663034633634343934
-34353437393934663866323236346236383664343963383239636332643639623131376466656363
-32336363616661303535633037303334343861616263616334626430396334633934303162633839
-65613163303037653963353535343132323431326262643862393365356437316566393130383866
-32666133333166656566373532373064373138333335313563633963393938383363396464396532
-61303037326665316634363536653537393933666532396339366531636362306537626638623634
-32383363663134623133626332343132333335356133646134656330376339306538633165353634
-65663731313832613264633430393531633765353233363766386137306364303138373339633438
-62323837653531393738636531303130653530656632393535393739363565666162376436376138
-65656131656165626636386435346132623030626664656437633261383037396332323534653664
-31306137313162356638653064363236336434626134313966613335653633623338356230323133
-61653437663537376561633235646361633233316662313331303962303161393937346565333366
-31326362303735353937313734363738636439323338646531383235626137393334306363393031
-32383861643734396132626231333537656431656165316261376237333734623635623837623366
-61346566663433366364326561313663333732303737346533363536313365353863333632386232
-63363639656230373639336636333464336136343839353835616565313165336537613666613233
-33313130373838633736306237326666383736616663343838323137663632626630313334623063
-34313737613334343331613864343062663130633963386466626233386332633233663762306237
-35316635396439333934363836353134363538643430363066616636343634643230383630626138
-65623931383631396465353163636161376337346335303738326433363835346162643732393464
-32346462383432636530636166633466393239316631663834653562353436636637393136663933
-36326538646331333436316262373037343065656662623563313465643832626539326261333738
-62353063373461373835333662626465303030366535303332336362663166633736316237313535
-32336533333536626461383737643161373738616539396339336165333162333830633661363162
-38626365616633363431303333613237343538393734653533663831613336346164343734313435
-62366264323738383038393938663366613533666438393261636336363266393736636634323436
-37643262316663663938353338343338373162356337313566376134313464643336326138313838
-36366136306163306265663836663235623231306334633734633736306239316334616132303531
-39663562373762653634666438333861626563353366396231356232663737396436633934363734
-33353738656430383066373463313336623231613530313830633965356361323138396139353664
-38393339613064303365343766663536643061393864313466343966356666633231353765376364
-37636439356164646633313231346365376566663930386563633062633234303163333131663332
-38653431303264636266326665633465303635373762363663303164636330356636616137626633
-30366466626164333332613933396362666135623137636537653838646664643235626233303531
-64373833646434653530613935336434323737313061333930316563653331643938623438626632
-34386236633462616231353063353330346663323535333335383465366135653064343535616233
-31613236303238663331613739623261366231613661653033626562376664336161303134646535
-36393461626237666466353862303564306333356635303035346237653062663238323030313866
-37613530346335623031316165666137626631653965333236396162323966356633306630633934
-66323465643834396635363131343735643365363163646132373537383233663830643330643666
-38316461313830326433643566366566343966376362373661373839353933353231653539393534
-61373437663937616237353064653934333330306230373034376631633963316236626232643136
-36633865343363373530646566313636326130323136346235636430346561333030393361623161
-38636531626632633632616139613861363332383030396338356461623865323262663763303564
-33643661353230336430383930643433613938646133316636666463626363396264643638363762
-30343135643530356633373330353565373264383665333237663331373035613336653135333133
-37386439303763616138313661333335626532633731373939633966323332646364383665333331
-35623133303865346464313761396462613435613262383339663735386639393536646634323935
-34646661613839386639313733333036623439666536396463336663393737383130383962366336
-37656431653533333338633162663938646432306163376438396134376565353531353832663439
-34366435326364356464366633356332656231623164646361653737333331653636353136626465
-63353233396234386630643864333364373562643333343036386639333036326362383264313431
-62636362663631376666383034303337393562613135376537376335343939343630343766356362
-63326435646163663737633133313735316663386337363830646261396333636431363938623062
-63363338373334343634366139363866343731626561626565663339643164633731396363353435
-32663634366532343939366130363233373634323664313765636235383638613061323034663364
-65646665653732326530383962313762313035353866636362363835613261643331666135336365
-35353161663966643564383935386331633730386134343837613164623537393462313130636235
-66653539396639623264303733636232343131373339303034633337333930393061306139373638
-30363139386238636436316239366537663662363432366132346361666436353337663830363037
-38643365366339343961383234313830623138316235383464346439396166363739623937653166
-31323639383838323362323663316265333162393664346262323562646232613134626335366231
-63366230623733643336373132383633356530653766653834663430383538366366363966393237
-64633436653332646336343037303665306465323162643863336235623435666131636661616635
-34336562393961383737393632623035633362383763666138343533363166363731323832343534
-31343038666533343130396264613836396434323363396434653938353131336262373936353333
-65373265306132623235316439373936353834376639386364383763643438373039393263383538
-30366532313335306332306261333434613733383430356633626338643537373030336434383231
-39656162643264316239646339643835343934323639623334303931613938363531
+62663038646261303939313365653235313039653639333833663661336439363961633861346332
+6236636666353436383264333661303737653131333031360a633432616130616665623732633332
+31346339633935366164316539393134343864376265333336393863356438313638393563656635
+3765386136656566350a663032663462646337616365313966373735663062323766653935336638
+64396235383663633066643039613630383266663430356639366635333334653035653932386238
+39323937646437306435656464653833383139656138393861653836653435316265623764393739
+61626636646335633238333337393163653465333136626238373931363561663034633035623335
+66653531623235633535363363373333356366636438643666636133336166313839373836333436
+36333831306261376363663633306432656361326133663732633161636633323439343830613863
+32333036373463343138656639303762396237396365613665643231393837616531626261663439
+36363165313033366365383134303333316336363264663966393637393933363931353766363264
+64383363316361663939396463373938396562313434626235653532666237613035313734343764
+33303339653038656632316538653337653330326261653037626165323533363335306635613133
+61346234613266646538636465323231623830363264336465626436373434613339646236326335
+33633036663663303633326136613838653662653165643832666365656561313064313138643061
+37653664343666386138306164626263313634366232633033396238323737373230346261376436
+65643433613465333230356366383333653665653361663262326530653930303637303565333936
+39613130356165363731343037303630376438613533396235313161333366303235373561386261
+64656562373031323031363933663966663362303534643965616162616436393037346563393864
+66663438616139323137663466383338323833393030366162353430613233323366356537356335
+62636137393338326136353532386130366362346366316538386139663832386534643664306561
+62646362306265333532666364303364373334613139386438306439643235346630363631396661
+61643265666337303437633535353833353866633234343262353330383232373932623134623164
+31353566313861376334613665343838626432303130383537613235316261633664613865376430
+30386265353461626232626339316232333561346139346165623531353732313033636530363634
+35626334633734623132626534393134306366356535623739303364383865306135393338653862
+33303435323864376335356162343634383361363066386335636337363138353337613061666165
+36363439393130323234666630303239613735633633306534376135363832613331633766623433
+32633761663361643164613036333266653037363361646538636162343535306463643461643663
+36353062303636616563393535656163316364623832393863393738383532366234326139643635
+35626339663238613566616163336565383963393734663131396438353633363936393965633363
+33366131636563623537656634613439643732373532333238626364373631303534376134306237
+31643163306663353164616234303061366163623434393137373432316565386133363865633036
+37396334383364393238666331386663386433613134316231636431653464623639346266323363
+37333033663738313061303339626539343632303235363032346362393462313866363363623366
+34353432383630663765643138613936653538376464333737626437353939393637333038356161
+66353663363730613633616431636237363961306661343638656164666165656338313465663463
+31313037353665396338663233386266346231333366373464623163353036363832336463633731
+39373665666231396136393462633163333738633362633464646263643237646663633730616163
+38653632333638396138656531653438643731636530313034656237313830366336383037343162
+66313835303432616437613931643165643763636333363163643864613531313339353765313864
+61643234326633316564326135633036656234336131353166643236643362343565646264346635
+38313063613238316432363830383334636261643537303338343362376131373661316634633936
+62646237326638343338613163373562643232366231626166616338326532396465366461343732
+34663366653837666339633931303735326437396562306534613366336137373361323563346333
+64363730633033316630613832356633613637646362653039393462636530363532633930323934
+63376136313339393530323538633831356432353338393365363432363639373064383761336362
+62346261343135643430666662643762656361613736356537616636613337363462366530313833
+63656439303162373830643231313432613166663036616564613966333562363063376565363132
+62323562353665343837393966646366396538656562646264653265383737386265626265656635
+37613331623763363638383331626364353666396330306666366633363264333166393038393537
+38326263313534643763313064386437653835373831356531653633336636383336323438346531
+62303162306362396464653663363162343734613538653163343533383431346661363230323264
+30393661306661336266396361616637373334343535656564363962386262336234346133306233
+62366261666238363238336536636564303635363131643235636537656233303862363132316138
+30373631326635653437616464326436666462393564343834313464663230303538393937343066
+61346439626337663230393962623261333638373534623935396265633364373334383434613664
+63646338326239333365646335666232316265653338373836373435343966653464393163323464
+66616466653130343566336432313465313664313938636535343330633331383435346265386463
+37363864663561363334633864303534393434363237383032353636373261303566633461666138
+39333234313838663837616664353634666435323134663436366665326262333863356337313363
+32313839666232616133636363326661316133396533386639316166353831663361393130396438
+38396161633031333736353636366130613439376163626664386366656335636235303537323462
+38316233373664666531326566323738613635393035336139663164313333323464396439623264
+38383738373866303462336533633238303731633531613338653132393436626137323066363861
+61653333383637623638643533633039303734666466666566353638393564643361643630613638
+30633964346337613235366230393337653337633837303032613465623339373838336432623236
+34316365653964313235373337323534316330396363303365313037383064323430656534613033
+36623366373335613766336339633535396364356130306365366634306463336630323365653932
+36666664393739303631353438353466383332633662346364313466303839356632316537306139
+61363037633933343131643365343565396532326631643738336635333430306365383563666462
+38616439363131366637333533326162663030313535643664643130613535666135653263313031
+37316465343839613231656135383734663163343232303930376131323239353838393464336163
+36616233396266663637383439313239383834353465666634363739323565633934353734666135
+37393231323066313161616331343537663462356339323136363463383833316637663931633931
+38336331646365303461663362663839306566396666323834376562326134663765393161373866
+38396232663036343362326364303230353762376562306230653966633132393837633464323761
+35653339373861303763333131636464373031386333633036663635313234663639356238376665
+32626265653637626663336531383964636232376334666365373330353337386333653665323263
+38636233393837626131663161643532623836306339303464346166376431616435323363333864
+32383161656331306539363130653633313561326230653234396464326333613431383537376464
+65393862386532363465343266393231306566316464366537316631653764356638336138663331
+63656361383165303463326536383039616438646362303632643334613336323266616136613435
+64373533313266363861363938306565363734353135393734303231313539386239323538316164
+37376139333839343135613465376335663466383663623131346437356639373335396666323265
+62376561353436653832636639383265663961343661346365616536653737343132396333393966
+33376465396666316230616635313463386439623862373332656161333739656236386131636436
+66336439613537326439333862353032316238343736386236343932636165663766313765333665
+37303630383339323464663061333663346438656663383737643862333761373834613435353830
+38303937613136323666643266393032376137376438616261326563383862356436616230613331
+65316234616334353365353930326536623836313833643236636437323735363832383638373162
+37636466636339326163613164306365356334616437643565306339303262633539363234363261
+39346433656635373635343731393039633261643332313735373930633030613938383530373935
+63656633623931616530306661353261386462393365646536393733323731616462653465356161
+34626134653532653265393839346438613639643264666236393532643764643066333462353936
+39373431656363303831626230353037353139323834633266353663386635306335346166633065
+64386366333531363530393531326438633937373238303730383261616163663962383263633561
+38613764303439643361373832356266363539326162643462653661366666353234353631383761
+38623433393766633965323062303964663331353863663063396365313631643464656138656131
+34393362313366313737633032663763336462373134316439663635363563346332333335363937
+36613837363430663961396439313462326435323639616363303638313566373266373830633261
+34393434616438636231303331666331396162383332646139636362373630363731396134373930
+36383030333061353532653338383735623634623232316333663133393934666339343763366231
+31323738626637353230356633336165303466333666616534653330303634643532353264373236
+32613833623935383162346263633330356633613565626539326662333035376533373962306237
+34333936336264656533373062366332623937333031396237616331383039356539343036613735
+35323061393233343662616231313235383635326237383435363031306137343465386438623635
+39303331613862643533313363333036383866646534346331313133333339616665633236393031
+63323737633065323465653964393162663337633238643764346362623437653739333438666237
+32366230353736323866343436363335653761663931613239333131646565376430376162326164
+65343136313434303332373464363339363564306564353061643432653566653562643633653439
+66356339313934663534613161316137653638613862613439313762353035653861626230336461
+65663733616339313830316266633738333662623466336333333065623533393734353064363332
+31326165343834376265396634623739356334383762353135333863373437353936333034313562
+64626238393339636538633233313364303837356531356237373930393864663733646539626639
+66383966653333626264663732326635326232393334646464303364643531333831366638666263
+30636433353439343463656636326565393733616339623635326362303739356331316334303732
+62323964643961326465323964383763663337643961366634306439343337616361393661613938
+38376338363834366339663630363464633665336364326133323631326561623935316134366237
+65636137326164346238363630633337626231633836623235323636623033323031383031653466
+34333431386338626265356538366335396531333839343461633164383831326337663236653166
+64383834326362633238653537643362663561323337316339633038383731643538326466636364
+31383530396565393464313130336565653963306563306531636639373236306165383365663036
+37303162663261633236376666393533616661643530333731333637356431326438333665303334
+64613363653635643336323462353733346330643030653434643165346165303332646165346665
+63646663366165313064636433303034613366356437383438353734353565366638353930383530
+62323537356136306635623630623239346464353064666538373565366162316466303261623866
+65303663313231343864656434306239663564356465636632316466346236383862393966613534
+39343631303732393764316436366264326133336537383131626261343265333034383037633165
+64313933653665396535616266633933613061393838386262336135303166663464363134323764
+31386261373937373765613935323964386232653135353038653766396531363663383039393431
+38623465316231313162383666383239306263303035613465313463396133613939666664613237
+30343265383163646531623837303662343463323431343337656331643664633639626635313232
+62386333656538326634663935646330386662376136373362616630303431346235313364613661
+35383533613432343238653536333736303537333063366262313136343032323061636239313261
+30616164373265663636646162366235363733386431623766636331396431316664303837383362
+64346631643033623731623863393037623865306531336338393166313561353436396561646464
+62653534303735623830663432316636303533353866336234613166616664643738363862623665
+38313661313266663163363936636631303437356634316337663936613935333834626631643335
+33356632396438333530316236333639303562646539663533613637613338663661376161336164
+66316232336365306330616434623837356438373435323136363363623737373837623264363765
+39373862633865333566643134626139316231323331363930626462373331653433613932316632
+64616630356631643862623436303533323665313965396532363537313263313463643662323230
+31393662633663323964363262643563396435323038626261366631323465613366633562393938
+39653661356432366466616166643034653835643263383961323161373764656334303031356264
+35366165666234343031646463303038323261653765366332326137356564306637663633376333
+61633361313765666638336135326632613434323131346464646632303064396335653334613732
+66616136393638313038313365393838366163656264326466666636656162323135613761376336
+31333533383632376339383761393537333339623735393133373463613965343631626530313661
+30623637356436323636363537363730376462643133343039303932663763336435616561346461
+66383431353530393039613437323334366238333464336261656434616666633863663061353665
+33303166653364303538653938393465356330386665313639383232666261653638333065346362
+38663037303339306439373166666637663965613839666334383237663133663831373139653166
+65663931353066633262396662393234366361363361333034303836343939663030363732323536
+32376565316639353434343163653066646162643130393332373766336564613139316263386631
+65343563326261333962363536323438666536373861386365396366646439653564393263653332
+32663434653339363939616231383933613331393539333264633739383239336464633437643631
+32303961366333646130653036366661373062613832373362306439363338313737343232313264
+65333138333561353031326266633564326331643532363563613131383235653663376464636365
+38386465353431386331626633306162386334313331353634313631393066613233656431656235
+33316534663934346636316134616664623633376266633535386264383961383665666262346439
+32343133316332636338363732646630656637623565363836656432366538663261666663323864
+36626430383765353437653030356566396263363238333635386237353535663238356132646464
+65326266616533666231333336353430303663666630643435613763376534666663653434373061
+64633863343439323932616231333030633038366135393761396134343665363238
diff --git a/network.yml b/network.yml
index 300c0d2..4958116 100755
--- a/network.yml
+++ b/network.yml
@@ -28,7 +28,7 @@
 
 
 # Radius (backup only for now)
-- hosts: radius-edc-backup.adm.auro.re
+- hosts: ~radius-(edc|fleming)-backup\.adm\.auro\.re
   roles:
     - radius
 
diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml
index 9820e4b..574a3ef 100644
--- a/roles/radius/tasks/main.yml
+++ b/roles/radius/tasks/main.yml
@@ -5,6 +5,7 @@
     - "deb"
     - "deb-src"
 
+
 - name: Ensure /var/www exists
   file:
     name: "/var/www"
@@ -17,7 +18,7 @@
     version: "master_freeradius_python3"
     force: true
 
-- name: Template local settings
+- name: Template local re2o settings
   template:
     src: settings_local.py.j2
     dest: "/var/www/re2o/re2o/settings_local.py"
@@ -30,6 +31,8 @@
 - name: try to install freeradius-python3 (this will fail on post-install)
   apt:
     name: freeradius-python3
+    default_release: buster-backports
+    update_cache: yes
   ignore_errors: yes
   no_log: yes
 
@@ -38,6 +41,12 @@
     src: freeradius-python3.postinst.j2
     dest: /var/lib/dpkg/info/freeradius-python3.postinst
 
+- name: reinstall broken backpage
+  apt:
+    name: freeradius-python3
+    default_release: buster-backports
+    force: yes
+
 - name: Setup radius symlinks
   file:
     src: "/var/www/re2o/freeradius_utils/{{ item.local_prefix }}{{ item.filename }}"
@@ -54,7 +63,7 @@
     - local_prefix: freeradius3/
       filename: mods-enabled/eap
 
-- name: Configure radius clients.conf
+- name: Configure freeradius
   template:
     src: "{{ item }}.j2"
     dest: "/etc/freeradius/3.0/{{ item }}"
@@ -64,10 +73,6 @@
     - sites-enabled/inner-tunnel
     - proxy.conf
 
-- name: reinstall broken backpage
-  apt:
-    name: freeradius-python3
-    force: yes
 
 - name: Install radius requirements (except freeradius-python3)
   shell:
@@ -79,3 +84,120 @@
 
 
 # End of hideousness (hopefully).
+
+- name: Configure log rotation
+  template:
+    src: "freeradius-logrotate.j2"
+    dest: "/etc/logrotate.d/freeradius"
+
+
+
+# Database setup
+
+
+- name: Install postgresql
+  apt:
+    name:
+      - postgresql
+      - postgresql-client
+
+- name: Install postgresql ansible module requirement(s)
+  pip:
+    name: psycopg2
+
+- name: Create read-only user
+  community.general.postgresql_user:
+    name: re2o_ro
+    password: "{{ radius_pg_re2o_ro_password }}"
+  become_user: postgres
+
+- name: Create replication user
+  community.general.postgresql_user:
+    name: replication
+    password: "{{ radius_pg_replication_password }}"
+  become_user: postgres
+
+- name: Create local DB
+  community.general.postgresql_db:
+    name: re2o
+    owner: replication
+    state: present
+    encoding: "UTF8"
+    lc_collate: 'fr_FR.UTF-8'
+    lc_ctype: 'fr_FR.UTF-8'
+  become_user: postgres
+
+
+- name: Dump radius re2o PostgreSQL database schema from master
+  community.general.postgresql_db:
+    name: re2o
+    state: dump
+    target: /tmp/re2o-schema.sql
+    target_opts: '-s'
+    login_host: 10.128.0.12
+    login_user: replication
+    login_password: "{{ radius_pg_replication_password }}"
+
+
+- name: Restore DB
+  tags:
+    - restore
+  community.general.postgresql_db:
+    name: re2o
+    state: restore
+    target: /tmp/re2o-schema.sql
+    target_opts: "-s"
+    login_host: localhost
+    login_user: replication
+    login_password: "{{ radius_pg_replication_password }}"
+
+
+- name: Grant select permissions on all tables to read-only user
+  tags:
+    - perms
+  community.general.postgresql_privs:
+    database: re2o
+    privs: SELECT
+    objs: ALL_IN_SCHEMA
+    schema: public
+    roles: re2o_ro
+  become_user: postgres
+
+- name: Grant usage permission on schema to read-only user
+  tags:
+    - perms
+  community.general.postgresql_privs:
+    database: re2o
+    privs: USAGE
+    objs: public
+    type: schema
+    roles: re2o_ro
+  become_user: postgres
+
+- name: Set default privileges in schema
+  tags:
+    - perms
+  community.general.postgresql_privs:
+    database: re2o
+    privs: SELECT
+    schema: public
+    objs: TABLES
+    type: default_privs
+    roles: re2o_ro
+  become_user: postgres
+
+
+- name: Set up subscription to main database
+  tags:
+    - sub
+  community.general.postgresql_subscription:
+    name: "re2o_subscription_{{ inventory_hostname_short | replace('-','_') }}"
+    connparams:
+      host: re2o-db.adm.auro.re
+      user: replication
+      password: "{{ radius_pg_replication_password }}"
+      dbname: re2o
+    db: re2o
+    publications:
+       - re2o_pub
+  become_user: postgres
diff --git a/roles/radius/templates/freeradius-logrotate.j2 b/roles/radius/templates/freeradius-logrotate.j2
new file mode 100644
index 0000000..91d5df4
--- /dev/null
+++ b/roles/radius/templates/freeradius-logrotate.j2
@@ -0,0 +1,50 @@
+#  The main server log
+/var/log/freeradius/radius.log {
+        # common options
+        daily
+        rotate 365
+        missingok
+        compress
+        delaycompress
+        notifempty
+
+        copytruncate
+}
+
+# (in order)
+#  Session monitoring utilities
+#  Session database modules
+#  SQL log files
+/var/log/freeradius/checkrad.log /var/log/freeradius/radwatch.log
+/var/log/freeradius/radutmp /var/log/freeradius/radwtmp
+/var/log/freeradius/sqllog.sql
+{
+        # common options
+        daily
+        rotate 365
+        missingok
+        compress
+        delaycompress
+        notifempty
+
+        nocreate
+}
+
+# There are different detail-rotating strategies you can use.  One is
+# to write to a single detail file per IP and use the rotate config
+# below.  Another is to write to a daily detail file per IP with:
+#     detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail
+# (or similar) in radiusd.conf, without rotation.  If you go with the
+# second technique, you will need another cron job that removes old
+# detail files.  You do not need to comment out the below for method #2.
+/var/log/freeradius/radacct/*/detail {
+        # common options
+        daily
+        rotate 365
+        missingok
+        compress
+        delaycompress
+        notifempty
+
+        nocreate
+}
diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o-service/tasks/main.yml
index 5b7d039..68e963c 100644
--- a/roles/re2o-service/tasks/main.yml
+++ b/roles/re2o-service/tasks/main.yml
@@ -21,8 +21,8 @@
   become: true
   become_user: "{{ service_user }}"
 
-- name: Configure re2o {{ service_name }} project
-  ini_file:
+- name: "Configure re2o {{ service_name }} project"
+  community.general.ini_file:
     path: "{{ service_homedir }}/config.ini"
     section: Re2o
     option: "{{ item.key }}"
diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml
index 6073afe..dd7f865 100644
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Enable IPv4 packet forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: '1'
     sysctl_set: yes