Merge branch 'master' into monitoring_pdu
This commit is contained in:
otthorn
commit
a8af3c9c72
12 changed files with 138 additions and 39 deletions
|
|
@ -1,2 +1,7 @@
|
|||
skip_list:
|
||||
- '301'
|
||||
|
||||
warn_list:
|
||||
- '305' # Use shell only when shell functionality is required
|
||||
- '503' # Tasks that run when changed should likely be handlers
|
||||
- experimental # all rules tagged as experimental
|
||||
|
|
|
|||
5
base.yml
5
base.yml
|
|
@ -10,3 +10,8 @@
|
|||
- hosts: all,!unifi
|
||||
roles:
|
||||
- ldap_client
|
||||
|
||||
# Install logrotate
|
||||
- hosts: all,!unifi,!pve
|
||||
roles:
|
||||
- logrotate
|
||||
|
|
|
|||
|
|
@ -2,10 +2,15 @@
|
|||
certbot:
|
||||
domains:
|
||||
- auro.re
|
||||
- chat.auro.re # cname to riot.auro.re
|
||||
- codimd.auro.re
|
||||
- element.auro.re # cname to riot.auro.re
|
||||
- ehterpad.auro.re # cname to pad.auro.re
|
||||
- grafana.auro.re
|
||||
- hedgedoc.auro.re # cname to codimd.auro.re
|
||||
- pad.auro.re
|
||||
- passbolt.auro.re
|
||||
- paste.auro.re # cname to privatebin.auro.re
|
||||
- phabricator.auro.re
|
||||
- privatebin.auro.re
|
||||
- riot.auro.re
|
||||
|
|
@ -13,7 +18,7 @@ certbot:
|
|||
- status.auro.re
|
||||
- wiki.auro.re
|
||||
- www.auro.re
|
||||
- zero.auro.re
|
||||
- zero.auro.re # cname to privatebin.auro.re
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: auro.re
|
||||
|
||||
|
|
|
|||
7
hosts
7
hosts
|
|
@ -451,6 +451,13 @@ edc_pve
|
|||
gs_pve
|
||||
rives_pve
|
||||
|
||||
# every unifi
|
||||
[unifi:children]
|
||||
gs_unifi
|
||||
edc_unifi
|
||||
fleming_unifi
|
||||
rives_unifi
|
||||
pacaterie_unifi
|
||||
|
||||
###############################################################################
|
||||
# Groups by service
|
||||
|
|
|
|||
7
logrotate.yml
Executable file
7
logrotate.yml
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Playbook to run ONLY the logrotate role
|
||||
# Install logrotate
|
||||
- hosts: all,!unifi,!pve
|
||||
roles:
|
||||
- logrotate
|
||||
|
|
@ -4,26 +4,28 @@
|
|||
when: ansible_os_family == "Debian"
|
||||
apt:
|
||||
name:
|
||||
- sudo
|
||||
- molly-guard # prevent reboot
|
||||
- ntp # network time sync
|
||||
- apt # better than apt-get
|
||||
- nano # for vulcain
|
||||
- vim # better than nano
|
||||
- emacs-nox # for maman
|
||||
- htop # better than top
|
||||
- zsh # to be able to ssh @erdnaxe
|
||||
- fish # to motivate @edpibu
|
||||
- oidentd # postgresql identification
|
||||
- aptitude # nice to have for Ansible
|
||||
- acl # advanced ACL
|
||||
- iotop # monitor i/o
|
||||
- tree # create a graphical tree of files
|
||||
- apt # better than apt-get
|
||||
- aptitude # nice to have for Ansible
|
||||
- bash-completion # because bash
|
||||
- curl # better than wget
|
||||
- emacs-nox # for maman
|
||||
- fish # to motivate @edpibu
|
||||
- git # code versioning
|
||||
- htop # better than top
|
||||
- iotop # monitor i/o
|
||||
- less # i like cats
|
||||
- screen # Vulcain asked for this
|
||||
- lsb-release
|
||||
- molly-guard # prevent reboot
|
||||
- nano # for vulcain
|
||||
- net-tools
|
||||
- ntp # network time sync
|
||||
- oidentd # postgresql identification
|
||||
- screen # Vulcain asked for this
|
||||
- sudo
|
||||
- tree # create a graphical tree of files
|
||||
- vim # better than nano
|
||||
- zsh # to be able to ssh @erdnaxe
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
|
|
@ -92,13 +94,13 @@
|
|||
apt:
|
||||
pkg: smartmontools
|
||||
state: absent
|
||||
autoremove: yes
|
||||
autoremove: true
|
||||
when: ansible_system_vendor == "QEMU"
|
||||
|
||||
- name: Remove useless packages from the cache
|
||||
apt:
|
||||
autoclean: yes
|
||||
autoclean: true
|
||||
|
||||
- name: Remove dependencies that are no longer required
|
||||
apt:
|
||||
autoremove: yes
|
||||
autoremove: true
|
||||
|
|
|
|||
8
roles/certbot/handlers/main.yml
Normal file
8
roles/certbot/handlers/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: Generate certificates
|
||||
command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
||||
|
|
@ -20,20 +20,6 @@
|
|||
src: "letsencrypt/conf.d/certname.ini.j2"
|
||||
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
||||
mode: 0644
|
||||
register: certbot_config
|
||||
|
||||
- name: Stop services to allow certbot to generate a cert.
|
||||
service:
|
||||
name: nginx
|
||||
state: stopped
|
||||
when: certbot_config.changed
|
||||
|
||||
- name: Generate new certificate if the configuration changed
|
||||
shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
||||
when: certbot_config.changed
|
||||
|
||||
- name: Restart services to allow certbot to generate a cert.
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
when: certbot_config.changed
|
||||
notify:
|
||||
- Generate certificates
|
||||
- Reload nginx
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
owner: re2o-services
|
||||
group: nogroup
|
||||
recurse: true
|
||||
mode: 755
|
||||
|
||||
- name: Install isc-dhcp-server
|
||||
apt:
|
||||
|
|
@ -101,7 +102,7 @@
|
|||
when: is_aurore_host
|
||||
|
||||
- name: force run dhcp re2o-service
|
||||
shell: /var/local/re2o-services/dhcp/main.py --force
|
||||
command: /var/local/re2o-services/dhcp/main.py --force
|
||||
|
||||
- name: Ensure dhcpd is running
|
||||
service:
|
||||
|
|
|
|||
5
roles/logrotate/handlers/main.yml
Normal file
5
roles/logrotate/handlers/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: reload logrotate
|
||||
service:
|
||||
name: logrotate
|
||||
state: reloaded
|
||||
29
roles/logrotate/tasks/main.yml
Normal file
29
roles/logrotate/tasks/main.yml
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
# Install and configure logrotate
|
||||
|
||||
# Install the apt package
|
||||
- name: Install logrotate
|
||||
apt:
|
||||
name:
|
||||
- logrotate
|
||||
|
||||
# Copy the configuration and reload the service if it has changed
|
||||
- name: Configure logrotate
|
||||
template:
|
||||
src: logrotate.d/rsyslog.j2
|
||||
dest: /etc/logrotate.d/rsyslog
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: reload logrotate
|
||||
|
||||
# Make sure the service is enabled and started
|
||||
- name: Enable logrotate service
|
||||
service:
|
||||
name: logrotate
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
# Enforce new logrotate rules now
|
||||
- name: Run logrotate now
|
||||
command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog
|
||||
39
roles/logrotate/templates/logrotate.d/rsyslog.j2
Normal file
39
roles/logrotate/templates/logrotate.d/rsyslog.j2
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
/var/log/syslog
|
||||
{
|
||||
rotate 7
|
||||
daily
|
||||
missingok
|
||||
notifempty
|
||||
delaycompress
|
||||
compress
|
||||
postrotate
|
||||
/usr/lib/rsyslog/rsyslog-rotate
|
||||
endscript
|
||||
}
|
||||
|
||||
/var/log/mail.info
|
||||
/var/log/mail.warn
|
||||
/var/log/mail.err
|
||||
/var/log/mail.log
|
||||
/var/log/daemon.log
|
||||
/var/log/kern.log
|
||||
/var/log/auth.log
|
||||
/var/log/user.log
|
||||
/var/log/lpr.log
|
||||
/var/log/cron.log
|
||||
/var/log/debug
|
||||
/var/log/messages
|
||||
{
|
||||
rotate 1
|
||||
daily
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
delaycompress
|
||||
sharedscripts
|
||||
postrotate
|
||||
/usr/lib/rsyslog/rsyslog-rotate
|
||||
endscript
|
||||
}
|
||||
Loading…
Reference in a new issue