aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

Merge branch 'add-CI' into 'master'

Browse source 
Add CI pipeline

See merge request aurore/ansible!6
This commit is contained in:
Alexandre IOOSS 2019-03-03 08:01:24 +01:00
commit da7bf811d6
49 changed files with 182 additions and 205 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,6 @@
---
image: quay.io/ansible/molecule:2.19
yamllint:
script: yamllint -c .yamllint.yml .
...

7
.yamllint.yml Normal file
View file

@ -0,0 +1,7 @@
---
extends: default
rules:
line-length:
level: warning
...

1
README.md
View file

@ -47,4 +47,3 @@ d'Ansible.
```
ansible -i hosts ldap-replica-fleming1.adm.auro.re -m setup --ask-vault-pass
```

1
base.yml
View file

@ -3,4 +3,3 @@
- hosts: all
roles:
- baseconfig

1
dokuwiki.yml
View file

@ -4,4 +4,3 @@
- hosts: horus-wikitest
roles:
- dokuwiki

1
etherpad.yml
View file

@ -4,4 +4,3 @@
roles:
- debian-backports
- etherpad

1
group_vars/all/vars.yml
View file

@ -30,4 +30,3 @@ ssh_pub_keys: "{{ vault_ssh_pub_keys }}"
# Monitoring
monitoring_mail: 'monitoring.aurore@lists.crans.org'

5
group_vars/fleming/ldap_local_replica.yml
View file

@ -1,5 +1,4 @@
---
ldap_local_replica_uri:
- 'ldap://ldap-replica-fleming1.adm.auro.re'
- 'ldap://ldap-replica-fleming2.adm.auro.re'
- 'ldap://ldap-replica-fleming1.adm.auro.re'
- 'ldap://ldap-replica-fleming2.adm.auro.re'

3
group_vars/ovh-testing/ldap_local_replica.yml
View file

@ -1,4 +1,3 @@
---
ldap_local_replica_uri:
- 'ldap://10.128.0.100'
- 'ldap://10.128.0.100'

1
hosts
View file

@ -61,4 +61,3 @@ fleming-pve
# every LDAP replica
[ldap-replica:children]
fleming-vm-ldap-replica

7
ldap.yml
View file

@ -6,7 +6,6 @@
# Clone LDAP on local geographic location
# DON'T DO THIS AS IT RECREATES THE REPLICA
#- hosts: ldap-replica
# roles:
# - ldap-replica
# - hosts: ldap-replica
# roles:
# - ldap-replica

1
matrix.yml
View file

@ -12,4 +12,3 @@
- hosts: riot.adm.auro.re
roles:
- matrix-riot

63
nginx-reverse-proxy.yml
View file

@ -3,36 +3,35 @@
- hosts: proxy.adm.auro.re
vars:
reversed_proxy_subdomains:
- name: re2o
from: re2o.auro.re
to: 10.128.0.10
- name: intranet
from: intranet.auro.re
to: 10.128.0.10
- name: pad
from: pad.auro.re
to: 10.128.0.54:9001
- name: phabricator
from: phabricator.auro.re
to: 10.128.0.50
- name: wiki
from: wiki.auro.re
to: 10.128.0.51
- name: www
from: www.auro.re
to: 10.128.0.52
- name: main
from: auro.re
to: 10.128.0.52
- name: re2o-test
from: re2o-test.auro.re
to: 10.128.0.100
- name: riot
from: riot.auro.re
to: riot.adm.auro.re
- name: codimd
from: codimd.auro.re
to: codimd.adm.auro.re:8080
- name: re2o
from: re2o.auro.re
to: 10.128.0.10
- name: intranet
from: intranet.auro.re
to: 10.128.0.10
- name: pad
from: pad.auro.re
to: 10.128.0.54:9001
- name: phabricator
from: phabricator.auro.re
to: 10.128.0.50
- name: wiki
from: wiki.auro.re
to: 10.128.0.51
- name: www
from: www.auro.re
to: 10.128.0.52
- name: main
from: auro.re
to: 10.128.0.52
- name: re2o-test
from: re2o-test.auro.re
to: 10.128.0.100
- name: riot
from: riot.auro.re
to: riot.adm.auro.re
- name: codimd
from: codimd.auro.re
to: codimd.adm.auro.re:8080
roles:
- nginx-reverse-proxy
- nginx-reverse-proxy

1
roles/baseconfig/tasks/apt-listchanges.yml
View file

@ -17,4 +17,3 @@
confirm: 'confirm=true'
email_address: "email_address={{ monitoring_mail }}"
which: 'which=both'

27
roles/baseconfig/tasks/main.yml
View file

@ -8,17 +8,17 @@
update_cache: yes
vars:
packages:
- bash-completion # for bash users
- zsh # alternative shell
- sudo # to gain root access
- git # code versioning
- nano # basic text editor
- vim # like nano but more powerful and complex
- htop # better than top
- less # i like cats
- tree # create a graphical tree of files
- ipython # better Python shell
- acl # for Ansible become support
- bash-completion # for bash users
- zsh # alternative shell
- sudo # to gain root access
- git # code versioning
- nano # basic text editor
- vim # like nano but more powerful and complex
- htop # better than top
- less # i like cats
- tree # create a graphical tree of files
- ipython # better Python shell
- acl # for Ansible become support
# Pimp my server
- name: Customize motd
@ -29,7 +29,9 @@
# Configure APT mirrors on Debian Stretch
- name: Configure APT mirrors
when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: 'apt/sources.list.j2'
dest: '/etc/apt/sources.list'
@ -55,4 +57,3 @@
with_dict:
dot_zshrc: .zshrc
dot_zshrc.local: .zshrc.local

1
roles/baseconfig/tasks/molly-guard.yml
View file

@ -13,4 +13,3 @@
dest: /etc/molly-guard/rc
regexp: '^#*\s*ALWAYS_QUERY_HOSTNAME.*$'
line: 'ALWAYS_QUERY_HOSTNAME=true'

1
roles/baseconfig/templates/apt/sources.list.j2
View file

@ -28,4 +28,3 @@ deb {{ debian_security_mirror }} {{ ansible_distribution_release }}/updates {{ d
# Backports
deb {{ debian_security_mirror }} {{ ansible_distribution_release }}-backports {{ debian_components }}
{% endif %}

1
roles/codimd/handlers/main.yml
View file

@ -10,4 +10,3 @@
# Reload systemd daemons when a service file changes
- name: Reload systemd daemons
command: systemctl daemon-reload

4
roles/codimd/tasks/0_apt_dependencies.yml
View file

@ -1,7 +1,9 @@
---
# For NodeJS package
- name: Configure NodeJS pin
when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/nodejs.j2
dest: /etc/apt/preferences.d/nodejs

17
roles/codimd/tasks/main.yml
View file

@ -7,14 +7,14 @@
# Download CodiMD
# TODO : temporally disabled until 1.3.0 is out (because of uws bug)
#- name: Clone CodiMD project
# git:
# repo: https://github.com/hackmdio/codimd.git
# dest: /var/local/codimd/codimd
# version: 1.2.1
# become: yes
# become_user: codimd
# notify: Build front-end for CodiMD
# - name: Clone CodiMD project
# git:
# repo: https://github.com/hackmdio/codimd.git
# dest: /var/local/codimd/codimd
# version: 1.2.1
# become: yes
# become_user: codimd
# notify: Build front-end for CodiMD
# Setup dependencies and configs
- name: Install CodiMD depedencies
@ -66,4 +66,3 @@
name: codimd
state: started
enabled: true

1
roles/codimd/templates/apt/nodejs.j2
View file

@ -3,4 +3,3 @@
Package: node* libuv1*
Pin: release a=stretch-backports
Pin-Priority: 600

1
roles/codimd/templates/systemd/codimd.service.j2
View file

@ -16,4 +16,3 @@ Restart=always
[Install]
WantedBy=multi-user.target

1
roles/debian-backports/tasks/main.yml
View file

@ -5,4 +5,3 @@
src: backports.list.j2
dest: /etc/apt/sources.list.d/backports.list
mode: 0644

1
roles/debian-backports/templates/backports.list.j2
View file

@ -6,4 +6,3 @@
{% endif %}
deb {{ debian_mirror }} {{ ansible_distribution_release }}-backports main

9
roles/dokuwiki/tasks/main.yml
View file

@ -1,7 +1,9 @@
---
# For DokuWiki package
- name: Configure Debian Buster mirrors
when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/buster.list.j2
dest: /etc/apt/sources.list.d/buster.list
@ -9,7 +11,9 @@
# For DokuWiki package
- name: Configure DokuWiki pin
when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/dokuwiki.j2
dest: /etc/apt/preferences.d/dokuwiki
@ -20,4 +24,3 @@
apt:
name: dokuwiki
update_cache: yes

1
roles/dokuwiki/templates/apt/buster.list.j2
View file

@ -7,4 +7,3 @@
deb {{ debian_mirror }} buster main
deb-src {{ debian_mirror }} buster main

1
roles/dokuwiki/templates/apt/dokuwiki.j2
View file

@ -7,4 +7,3 @@ Pin-Priority: 990
Package: dokuwiki
Pin: release n=buster
Pin-Priority: 990

1
roles/etherpad/handlers/main.yml
View file

@ -2,4 +2,3 @@
# Reload systemd daemons when a service file changes
- name: Reload systemd daemons
command: systemctl daemon-reload

5
roles/etherpad/tasks/0_apt_dependencies.yml
View file

@ -1,7 +1,9 @@
---
# For NodeJS package
- name: Configure NodeJS pin
when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/nodejs.j2
dest: /etc/apt/preferences.d/nodejs
@ -19,4 +21,3 @@
- git
- nodejs
- npm

1
roles/etherpad/tasks/1_user_group.yml
View file

@ -24,4 +24,3 @@
owner: etherpad
group: etherpad
mode: 0750

1
roles/etherpad/tasks/main.yml
View file

@ -57,4 +57,3 @@
# TODO-list
# * Configure admin user, logs
# Plugins : https://framacloud.org/fr/cultiver-son-jardin/etherpad.html#concernant-framapad

1
roles/etherpad/templates/apt/nodejs.j2
View file

@ -3,4 +3,3 @@
Package: node* libuv1*
Pin: release a=stretch-backports
Pin-Priority: 600

1
roles/etherpad/templates/systemd/etherpad-lite.service.j2
View file

@ -15,4 +15,3 @@ Restart=always
[Install]
WantedBy=multi-user.target

1
roles/ldap-client/handlers/main.yml
View file

@ -14,4 +14,3 @@
state: restarted
ignore_errors: true # Sometimes service do not exist
listen: Restart nslcd service

17
roles/ldap-client/tasks/0_install_ldap.yml
View file

@ -12,11 +12,11 @@
# Reduce LDAP load
# For the moment it is broken on Stretch when using PHP7.3
#- name: Install LDAP cache package
# apt:
# name: nscd
# state: present
# update_cache: yes
# - name: Install LDAP cache package
# apt:
# name: nscd
# state: present
# update_cache: yes
# Configure /etc/nslcd.conf
- name: Configure nslcd LDAP credentials
@ -33,9 +33,8 @@
regexp: "^{{ item.key }}:"
line: "{{ item.value }}"
with_dict:
passwd: 'passwd: files ldap'
group: 'group: files ldap'
shadow: 'shadow: files ldap'
passwd: 'passwd: files ldap'
group: 'group: files ldap'
shadow: 'shadow: files ldap'
sudoers: 'sudoers: files ldap'
notify: Restart nslcd service

1
roles/ldap-client/tasks/1_group_security.yml
View file

@ -18,4 +18,3 @@
dest: /etc/sudoers
regexp: "^%{{ sudo_group }}"
line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"

1
roles/ldap-client/tasks/2_userland_scripts.yml
View file

@ -15,4 +15,3 @@
src: /usr/local/bin/chsh
dest: /usr/local/bin/chsh.ldap
state: link

1
roles/ldap-client/tasks/main.yml
View file

@ -22,4 +22,3 @@
key: "{{ ssh_pub_keys }}"
state: present
# exclusive: True

1
roles/ldap-client/templates/passwd.j2
View file

@ -1,4 +1,3 @@
#!/bin/sh
# {{ ansible_managed }}
echo "Pour changer votre mot de passe,\nAllez sur l'intranet : {{intranet_url}}"

1
roles/ldap-replica/tasks/main.yml
View file

@ -56,4 +56,3 @@
# Save the day
- name: Start LDAP server
service: name=slapd state=started

1
roles/ldap-replica/templates/schema.ldiff.j2
View file

@ -1183,4 +1183,3 @@ createTimestamp: 20150305013830Z
entryCSN: 20160607103125.521039Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20160607103125Z

1
roles/matrix-mxisd/handlers/main.yml
View file

@ -4,4 +4,3 @@
service:
name: mxisd
state: restarted

1
roles/matrix-mxisd/templates/mxisd/mxisd.yaml.j2
View file

@ -87,4 +87,3 @@ threepid:
# Password for the account
password: ""

1
roles/matrix-riot/tasks/main.yml
View file

@ -49,4 +49,3 @@
dest: /etc/nginx/sites-enabled/riot
state: link
notify: Reload NGINX service

1
roles/matrix-synapse/handlers/main.yml
View file

@ -4,4 +4,3 @@
service:
name: matrix-synapse
state: restarted

1
roles/matrix-synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2
View file

@ -15,4 +15,3 @@ listeners:
compress: true
- names: [federation]
compress: false

1
roles/nginx-reverse-proxy/handlers/main.yml
View file

@ -4,4 +4,3 @@
service:
name: nginx
state: reloaded

1
roles/nginx-reverse-proxy/tasks/main.yml
View file

@ -29,4 +29,3 @@
state: link
loop: "{{ reversed_proxy_subdomains }}"
notify: Reload NGINX service

1
roles/nginx-reverse-proxy/templates/nginx-sites-available.j2
View file

@ -33,4 +33,3 @@ server {
add_header X-Clacks-Overhead "GNU Terry Pratchett";
}
}