6713b550b6
Merge branch 'master' into backups
2021-03-15 07:50:11 +01:00
cb3ec07121
Use 'inventory_hostname' instead of 'ansible_fqdn'
...
While 'ansible_fdqn' can be changed by a compromised host,
'inventory_hostname' can't (hopefully).
It should therefore no longer be possible for the said host to access
the backups of another host.
2021-03-15 07:25:09 +01:00
243ec1fe9d
[borgbackup_client] VaRi0u5 f1X3s
2021-03-15 01:04:42 +01:00
f15b222cdc
Allow root to log as postgres
2021-03-14 23:45:36 +01:00
7480a7c565
[borgbackup_client] precedence rules and sain defaults for borg config
2021-03-14 22:02:34 +01:00
b14b359027
[borgbackup_client] add exlude path to conf
2021-03-14 19:21:15 +01:00
33a1ec02f3
[borgbackup_client] update config directory to be homogeneous
2021-03-14 19:07:02 +01:00
ebfc4f2a26
[borgbackup_client] do update cache
2021-03-14 19:03:44 +01:00
86f8b31159
Delegate facts for borgbackup_client
2021-03-14 18:44:13 +01:00
d9f1104309
Move id_remote to /etc/borgmatic
2021-03-14 18:42:26 +01:00
c6cae75031
[borgbackup_server] fix /borg permissions
2021-03-14 18:29:33 +01:00
46d10022ea
[borgbackup_client] fix rentention date to int and list correctly source directories
2021-03-14 18:24:36 +01:00
ff750c5b63
[borgbackup_client] remove 1 minute sleep and fix verbosity
2021-03-14 18:23:44 +01:00
2651432582
[WIP] various fixes
2021-03-14 18:22:52 +01:00
d928c7f7f0
[borgbackup_client] rename variable correclty
2021-03-14 16:11:40 +01:00
021a5ef1e8
[borgbackup_client] various fixes for ssh keys
2021-03-14 16:11:18 +01:00
c99b611b8f
Various fixes
2021-03-14 14:17:36 +01:00
8112788396
[borgbackup_client] Add 'user:' in authorized_key
2021-03-14 13:18:30 +01:00
2f2f71422f
[borgbackup_client] Move some handlers to tasks
2021-03-14 13:16:08 +01:00
637b74a2ad
Fix some linter issues
2021-03-13 05:05:30 +01:00
f45cd77510
Merge branch 'master' into logs-first-phase
2021-03-13 05:02:30 +01:00
f6e1949c21
Adding master VM for Rives and adapt radius role for bullseye
continuous-integration/drone/push Build is failing
2021-03-12 12:29:52 +01:00
965bbe62a4
[borgbackup_client] configure encryption passphrase and storage
2021-03-12 01:46:35 +01:00
3f8ffbe164
[borgbackup_client] Add borg username and group defaults
2021-03-12 00:01:11 +01:00
531f7593d2
[borgbackup_client] fix identation
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 23:37:55 +01:00
313314a674
[borgbackup_client] fix risky file permission on apt config for pinning version
2021-03-11 23:36:27 +01:00
4642395330
[borgbackup_client] Add initial role defintion
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 23:29:57 +01:00
f0f56ecd3f
Fix linter-related issues
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 20:15:35 +01:00
db8dbb6c7a
Add borgbackup_server role
2021-03-11 20:08:41 +01:00
jeltz
2a6c2b30de
Merge pull request 'Rôle pour motd' ( #38 ) from update_motd into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#38
2021-03-11 19:34:41 +01:00
6125856c60
Merge branch 'monitoring_ups'
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 14:06:38 +01:00
d233fc2759
Update of threesold for warning battery
2021-03-11 13:23:15 +01:00
6095d9cef9
Add 'no_log' for postgres passwords
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 18:18:08 +01:00
d16f444130
Use a dict for HBA hosts
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 15:59:21 +01:00
4f6eda8329
Use /run instead of /var/run to please systemd
2021-03-10 15:57:19 +01:00
628e11488d
Switch postgresql to english
2021-03-10 15:22:01 +01:00
bd05b702bb
Use '::' in place of '[::]'
2021-03-10 15:19:39 +01:00
06b54d5f89
Use postgresql_privs
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 14:27:14 +01:00
40eadf802c
Add template and no_log for postgresql_user
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 13:58:40 +01:00
8e855d7009
Listen addresses must be quoted
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:36:10 +01:00
7a07155237
Install python3-psycopg2 (required by Ansible)
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:35:18 +01:00
36b04239fd
Rename 'postgresql_db' to 'postgresql_databases'
2021-03-10 13:34:58 +01:00
f919ec689a
Fix 'ansible_header' → 'ansible_managed'
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:25:36 +01:00
9ef6202fdf
Add configuration for users and databases
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:23:52 +01:00
bbf4ac323c
Moniroting of ups environmental temperature
2021-03-10 12:55:11 +01:00
8b9bef865e
postgresql listen on pseudo-address
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:26:18 +01:00
dbbaf0d26d
remove tailling whitespaces
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:11:02 +01:00
a4c393d3fb
fix yaml ci truthy value
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:10:06 +01:00
d14306a86c
fix syntax for CI
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:08:05 +01:00
a625a58ddd
create role postgresql_server
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:01:32 +01:00
2c0727a419
Update the list of packages installed via baseconfig
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:41:42 +01:00
jeltz
41779fb172
Merge pull request 'Add backup root SSH keys' ( #27 ) from add-ssh-keys into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#27
2021-03-07 21:30:38 +01:00
deb4372588
Merge branch 'master' into add-ssh-keys
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:29:57 +01:00
929baa300f
Use 'update_motd' in 'prometheus_federate' (again)
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-06 04:48:39 +01:00
71ee06c9c0
Fix typo
continuous-integration/drone/push Build is failing
2021-03-06 04:45:00 +01:00
bc2701d8ba
Use 'update_motd' in 'prometheus_federate'
continuous-integration/drone/push Build is failing
2021-03-06 04:43:09 +01:00
2353589da6
Ensures /etc/update-motd.d exists
2021-03-06 04:42:21 +01:00
1d0200a1f0
Use 'update_motd' in 'prometheus'
2021-03-06 04:32:06 +01:00
b81600aef8
Use 'update_motd' in 'baseconfig'
2021-03-06 04:31:20 +01:00
7e92fdfab7
Create an 'update_motd' role
2021-03-06 04:30:32 +01:00
cf07de4ec4
Fetch switch_snmp jobs
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 02:41:58 +01:00
8abca7916f
Add switch_snmp job for prometheus
2021-03-06 01:57:32 +01:00
763cc2eb51
Generate targets_switch_snmp.json
2021-03-06 01:57:08 +01:00
eaa0d2e0fc
Fix bad indent in snmp.yml.j2
2021-03-06 01:56:18 +01:00
21fed6ae3f
Add useful lookups for switchs interfaces
2021-03-06 00:58:46 +01:00
52124d2cad
Cleanup prometheus_federate's prometheus.yml.j2
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 00:46:13 +01:00
7d527be1c0
Remove duplicate alerts from 'prometheus-federate'
2021-03-06 00:45:43 +01:00
32669e1fb1
Don't load Django rules prometheus-federate
2021-03-06 00:44:22 +01:00
4ca7ebd144
Add a unique exported label (useful for federation)
2021-03-06 00:40:44 +01:00
802bfcc698
'prometheus-federate' must not retrieve its own federated metrics
2021-03-06 00:38:36 +01:00
958eaa1bcb
Use label federated_instance instead of instance
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-05 00:54:44 +01:00
6525508401
Forward journald logs to rsyslog
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-02 01:24:53 +01:00
77a5fdac6f
Remove some duplicate logs from syslog.log
2021-03-02 00:56:28 +01:00
529550f594
Don't use 'imjournal' ('imuxsock' is already used)
...
I still don't understand why it increased the size of the firewall logs
by a factor of 5 to 10, but we don't really need structured logs from
systemd-journald and the author seems to discourage it's use, so I will
not investigate further.
2021-03-02 00:46:16 +01:00
ee041b9ead
Use 'simple' instead of 'oneshot' (rotate service)
2021-03-02 00:14:25 +01:00
1f6bfeee23
Fix broadcast address on routeur-aurore
continuous-integration/drone/push Build is failing
2021-03-01 20:04:38 +01:00
0f55b90de9
Remove 10.129.0.1 gateway on routeur-aurore-*
2021-03-01 20:04:02 +01:00
b13b22da05
Add ignored destinations for firewall logs
continuous-integration/drone/push Build is failing
2021-03-01 19:39:11 +01:00
8f815a30c5
Remove useless date (already added by journald)
continuous-integration/drone/push Build is failing
2021-03-01 17:47:12 +01:00
acd5721a5b
Fix typos in rotate-remote-logs.service.j2
2021-03-01 17:45:17 +01:00
9547868c7d
Send nginx logs to local syslog
continuous-integration/drone/push Build is failing
2021-03-01 17:40:05 +01:00
cdb9f88614
Do not rate limit collection of journald logs
continuous-integration/drone/push Build is failing
2021-03-01 16:31:52 +01:00
9eeb8ccd73
Remove non-Ansible SSH root keys
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-01 16:08:08 +01:00
9252249d18
Use 'true' instead of 'yes'
continuous-integration/drone/push Build is failing
2021-03-01 04:15:54 +01:00
e4b58c0bf4
Fix typo in 20-collector.conf.j2
continuous-integration/drone/push Build is failing
2021-03-01 04:07:17 +01:00
c65b3f090b
Compress and delete old remote logs
...
continuous-integration/drone/push Build is failing
Logrotate is not used because I didn't found an easy way to configure it
to handle the compression/deletion of log files already rotated by
rsyslog (it is probably possible, but I found the script to be easier).
2021-03-01 03:58:58 +01:00
f7183095c1
Add explicit permissions for directories
continuous-integration/drone/push Build is failing
2021-03-01 02:26:22 +01:00
ba8b4e8c29
Fix the ordering of rsyslog.d files
...
continuous-integration/drone/push Build is failing
A call to sendLogsToRemote for logs received through RELP/UDP has
been added (to send them to Logstash/Redis/…), so common.conf's prefix
must be lower than collector.conf's.
Note: future "third-party" config files will also call sendLogsToRemote
and thus will also have to use a prefix higher than 10.
2021-03-01 02:15:28 +01:00
7fd1b5ff5d
Add rsyslog_collector role
2021-03-01 01:27:56 +01:00
6263c31785
Add rsyslog_common role
2021-03-01 01:27:30 +01:00
ba6da939ab
[certbot] Fix certificates for auro.re
...
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 13:57:59 +01:00
ae151321db
[nginx/certbot] Clone roles from Crans
...
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 11:46:37 +01:00
d7d0676f5e
Remove .save file; remove fo fleming prometheus
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-18 17:53:15 +01:00
74c30b81df
Merge branch 'master' into Global_monitoring
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-17 19:41:06 +01:00
b278b02bc2
Remove percentage sign for load alert
continuous-integration/drone/push Build is failing
2021-02-17 19:37:33 +01:00
0b90c9944b
Fix CI warning from last commit
continuous-integration/drone/push Build is failing
2021-02-17 18:15:31 +01:00
61001e09f5
Add alert for load usage
continuous-integration/drone/push Build is failing
2021-02-17 18:08:39 +01:00
a5b4deacee
Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus
continuous-integration/drone/push Build is failing
2021-02-17 17:42:24 +01:00
5b2580056d
🐛 Final fix, should stop sending ill-formed mail from now on
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 18:10:39 +01:00
f607a76ec8
🐛 Fix a small bug. Postfix does not accept trailing comments
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 13:13:26 +01:00
3fceeff74f
Fix ansible lint for rule [208] always specify mode and owner for template
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 02:47:04 +01:00
3925e32188
Repect ansible-lint [106] for role names
2021-02-16 02:45:35 +01:00
69d732e612
Fix case
2021-02-16 02:42:08 +01:00
ab3659adc2
Also config hostname just in case
2021-02-16 02:32:46 +01:00
1ca75ccfb0
Add postfix non mailhost conf
2021-02-16 02:22:41 +01:00
f08b11445d
Add postfix non mailhost task
2021-02-16 02:15:52 +01:00
a9b03aed82
Add postfix non mailhost handlers
2021-02-16 02:02:15 +01:00
6ec449c3b3
Fix restarting prometheus snmp (not installed)
continuous-integration/drone/push Build is failing
2021-02-10 20:43:43 +01:00
d8924abe66
Add prometheus-federate role
2021-02-10 20:42:37 +01:00
4308bedf8f
Monitoring of docker containers
2021-02-10 19:06:28 +01:00
bd5b88c4fc
Correcting format of percentage
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-02-08 18:22:08 +01:00
428b6f5733
Correcting grafana stats for wireless
2021-02-08 13:57:32 +01:00
8bfe83f73c
Adaptation of UPS alerts
2021-02-08 13:52:17 +01:00
faf5fc7362
fix re2o-service -> re2o_service role name
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-07 17:39:04 +01:00
e6b853a552
fix role name
2021-02-07 17:33:29 +01:00
679daa633f
Fix ansible lint
2021-02-07 17:32:44 +01:00
1e136e3736
Remove rules from warn list when it is not needed
2021-02-07 17:31:21 +01:00
ynerant
f9e83e514e
Merge pull request 'Captive portal' ( #11 ) from accueil into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#11
2021-02-05 20:39:50 +01:00
0e224df41f
Install ipset on each router
...
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:26 +01:00
c527ce16b0
Use good output interface for the main router
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
a82edc3e24
Firewall configuration without MASQUERADE
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
bbac76023c
Update masquerade configuration for the captive portal
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
7e4a2d20c0
Clone nginx role from Crans
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
889cb764c1
Clone certbot role from Crans
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
154cbedec2
Deploy firewall config for the captive portal
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
9bd06520fb
Add reverse-proxy for Re2o on the portal VM
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
e02670afb0
Les caches unbound renvoie les addresses en 10/8
2021-02-05 20:38:50 +01:00
a7b073e1cc
Add captive portal firewall configuration
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
89ebbd423e
Use the local firewall repository
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
5a09b77070
Resolve DNS for the accueil vlan
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:49 +01:00
5fc2d0a3f9
Ajout d'accueil dans keepalived
2021-02-05 20:38:49 +01:00
7cdef7ee96
Fix: keep the logs for 90 days
2021-02-05 20:38:49 +01:00
3eb48edccd
Tmux everywhere
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-02 23:17:47 +01:00
otthorn
f6c9208a41
Merge pull request 'Limit floats in alerts to 2 decimal places' ( #5 ) from human_readable_altermanager into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#5
2021-01-29 20:48:43 +01:00
otthorn
c9352fb9ab
Merge pull request 'Use unattended-upgrades for Debian-Security' ( #4 ) from unattended into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#4
2021-01-29 20:42:24 +01:00
otthorn
a8af3c9c72
Merge branch 'master' into monitoring_pdu
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:29:28 +01:00
eecf807b53
Delte main.yml.save
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:15:21 +01:00
a12bcbc97f
Correct yamlint
continuous-integration/drone/push Build is failing
2021-01-29 20:12:14 +01:00
6ec89b88d8
Limit floats in alerts to 2 decimal places
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 19:33:38 +01:00
d59cb41d5e
Use unattended-upgrades for Debian-Security
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-28 03:42:07 +01:00
e3ae912f44
Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
continuous-integration/drone/push Build is failing
2021-01-23 22:10:57 +01:00
bac377f634
Update alert rules of UPS
continuous-integration/drone/push Build is failing
2021-01-23 19:01:27 +01:00
fff6ec5807
fix typo: restart -> reload
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 16:04:09 +01:00
795ee3846f
fix indent
2021-01-23 16:02:10 +01:00
e6af0f2bd7
fix typo: groupe -> group
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:59:03 +01:00
e1a961273d
fix typo: dst -> dest
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:42:52 +01:00
73142dbe03
Fix yaml syntax
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 14:41:25 +01:00
43274ef2ec
Add the ansible_managed var at the begining of the config file
2021-01-23 14:40:29 +01:00
66c2ff6305
full path to logrotate for command
2021-01-23 14:37:18 +01:00
05326c15d3
Enforce logrotate rules
2021-01-23 14:27:09 +01:00
ddd69e04c0
create logrotate role
2021-01-23 14:25:35 +01:00
c7a3495ae5
Alert rules for UPS
continuous-integration/drone/push Build is failing
2021-01-22 12:16:36 +01:00
40d3c22276
Setup config snmp for Prometheus, to monitore Aurore's PDU
continuous-integration/drone/push Build is failing
2021-01-21 21:26:40 +01:00
f0e3bd78c9
use command instead of shell when you don't need sh features (pipes, env, etc...)
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-19 23:27:17 +01:00
4a57dad8a6
use handlers
continuous-integration/drone/push Build is failing
2021-01-19 23:19:25 +01:00
facfe3c169
Attempt to fix ansible lint
continuous-integration/drone/push Build is failing
2021-01-17 18:21:29 +01:00
ee1726589a
Linter should pass now!
continuous-integration/drone/push Build is failing
2021-01-17 17:06:59 +01:00
0364006062
Install curl and net-tools by default
...
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:13:30 +01:00
02e4e7d48f
Sort APT packages
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:12:53 +01:00
078d141236
Add task to remove smartmontools of the VM
continuous-integration/drone/push Build is failing
2021-01-08 22:43:18 +01:00
07f9ee1fbb
yes -> true to please yaml linter (truthy)
continuous-integration/drone/push Build is failing
2021-01-07 11:21:53 +01:00
37e3fe2231
Add ldap replica rives
continuous-integration/drone/push Build is failing
2020-11-09 18:53:47 +01:00
b232d6b40b
Renommage re2o_service en re2o-service
2020-11-09 18:10:34 +01:00
chirac
8bf080dbf7
Fix radius permission bug
2020-11-08 18:50:38 +01:00
chirac
5b56f9cfc9
Revert "Use command instead of shell"
...
This reverts commit 0f9169284f
.
2020-11-08 18:13:21 +01:00
Yohann D'ANELLO
24ab53675a
Automatically renew certificates if a new domain was added
2020-11-04 23:58:27 +01:00
Yohann D'ANELLO
03d48a2d82
Add possibility to configure port forwarding, like SSH for Gitea
2020-11-04 23:49:35 +01:00
Yohann D'ANELLO
ac7696c81f
User cerbot-nginx to create certificates
2020-11-04 23:07:51 +01:00
Yohann D'ANELLO
f9b7e052b9
Store reverse proxy data in proxy host vars
2020-11-04 22:38:54 +01:00
Yohann D'ANELLO
26427665f3
Fix indentation
2020-11-04 20:11:31 +01:00
Yohann D'ANELLO
9505e87113
Use true instead of yes
2020-11-04 20:00:35 +01:00
Yohann D'ANELLO
0f9169284f
Use command instead of shell
2020-11-04 19:49:49 +01:00
Yohann D'ANELLO
4c8e05e08f
Use underscore instead of dashes
2020-11-04 19:36:40 +01:00
Yohann D'ANELLO
9b8dee098e
Always set file permissions
2020-11-04 19:31:50 +01:00
Yohann D'ANELLO
3c405db661
Add Drone
2020-11-04 00:29:31 +01:00
Yohann D'ANELLO
2a6c005190
Replace ansible_header by ansible_managed
2020-11-03 23:29:30 +01:00
chirac
518560b392
Add new ldap replica at ovh
2020-11-03 14:21:26 +01:00
chirac
a213e18d9c
Update Ldap priority
2020-11-02 17:25:38 +01:00
chirac
4a43c0f0db
Update re2o ip
2020-11-02 17:25:26 +01:00
3d64f22c39
Modification du keepalive d'OpenSSHd.
...
Les serveurs OpenSSH détectent désormais la déconnexion du client et
peuvent terminer la session.
2020-10-24 19:12:35 +02:00
chirac
68f7fd5b59
Isc-dhcp-server config for banni/accueil vlans
2020-10-17 19:48:34 +02:00
chirac
0d7bfbd872
Create group for non pve physical server
2020-10-17 19:48:17 +02:00
Yohaï-Eliel BERREBY
8adf6b8105
add ipv6-edge-router role
2020-09-28 18:15:03 +02:00
chirac
ba2baa3020
Return routes now handled by keepalived
2020-09-27 13:55:56 +02:00
bba144ef14
Inverse les opérations de lecture/ecriture par defaut -> rw
...
Ce fix corrige le problème des opérations d'écritures dans la bdd master remote,
qui marchaient mal, désormais les lignes de logs historiques sont correctement écrites.
Il semblerait que django avait du mal à savoir que ces opérations reversion sont bien des opérations
d'écriture.
2020-09-19 14:02:53 +02:00
chirac
773f39cede
Fichier inutile
2020-09-16 21:04:10 +02:00
chirac
dac049f125
Tous les cron dhcp sont décalés de 2 minutes
2020-09-16 21:02:44 +02:00
Yohaï-Eliel BERREBY
91157d80c1
dhcp: run re2o service as root in cron / directly
2020-09-13 17:54:46 +02:00
Yohaï-Eliel BERREBY
6dd6168d2a
dhcp: upgrade role for dhcp-aurore-backup
2020-09-12 16:03:33 +02:00
Yohaï-Eliel BERREBY
9b07fc9001
dhcp: manage dhcp-aurore
2020-09-11 15:13:11 +02:00
chirac
26743b464d
Add Radius-aurore.adm.auro.re to ansible managed radius servers
2020-09-09 23:17:15 +02:00
chirac
53842e4c2f
Add ipv6 Radius AURORE address
2020-09-09 23:16:35 +02:00
Yohaï-Eliel BERREBY
e48425300a
Merge branch 'ansible-2.10' into master
2020-09-08 22:35:30 +02:00
Yohann D'ANELLO
5c46191389
Register camelot and gitea, make camelot accessible for everyone
2020-09-04 09:56:02 +02:00
Yohaï-Eliel BERREBY
646ebd3ba9
router: ansibilize routeur-aurore{,backup}
2020-08-08 20:45:38 +02:00
Yohaï-Eliel BERREBY
12b0bc91dc
radvd: cosmetic changes
2020-08-08 11:32:34 +02:00
Yohaï-Eliel BERREBY
b199c45d97
fix broken radius role
...
Would crash if called from anything other than the nuke radius DBs
playbook
2020-08-08 11:32:06 +02:00
Yohaï-Eliel BERREBY
af3c3dc132
enable radvd service
2020-08-08 11:19:16 +02:00
Yohaï-Eliel BERREBY
30e503458e
add ability to nuke radius DBs
2020-08-06 09:57:54 +02:00
Yohaï-Eliel BERREBY
e762091435
explain fe80::1 keepalived/radvd magic
2020-08-02 12:15:27 +02:00
Yohaï-Eliel BERREBY
de36a3bb95
announce IPv6 recursive resolver (untested)
2020-08-02 12:15:15 +02:00
Yohaï-Eliel BERREBY
3a8112bf0d
roll out (private) IPv6 on George Sand
2020-08-01 17:48:39 +02:00
Yohaï-Eliel BERREBY
361fd54414
keepalived: add IPv6 virtual route
2020-08-01 16:07:27 +02:00
Yohaï-Eliel BERREBY
2e6306b61e
radvd: advertise keepalived VIP
2020-08-01 16:05:41 +02:00
Yohaï-Eliel BERREBY
56808e4e60
wip: begin updating 'router' role for IPv6
...
pending: update virtual routes
2020-08-01 15:46:41 +02:00
Yohaï-Eliel BERREBY
194c19fbf3
fix wrong hardcoded email for keepalived monitoring
2020-08-01 15:34:49 +02:00
Yohaï-Eliel BERREBY
713c93ac44
update unbound role for IPv6
2020-08-01 14:32:02 +02:00
Yohaï-Eliel BERREBY
d54da8d2b9
add ipv6_base_prefix variable
2020-08-01 14:31:49 +02:00
Yohaï-Eliel BERREBY
f09b0906c6
radvd: fix wifi interface, comment out APs for now
2020-08-01 14:20:08 +02:00
Yohaï-Eliel BERREBY
a4841e6947
add radvd role, deploy in routers
2020-08-01 12:56:23 +02:00
Alexandre Iooss
c7c6e50dd9
Remove matrix mxisd
2020-07-22 10:04:25 +02:00
Yohaï-Eliel BERREBY
337906c6c0
add gs dhcp, dns, routing
...
and add thor to inventory
2020-07-06 18:40:54 +02:00
Yohaï-Eliel BERREBY
fe62055cdd
radius: enable service, fix details
2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY
8ce63d14b6
radius: fix settings_local.py
2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef
radius: step 2 of deployment (WIP)
2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af
radius: change proxy.conf password, use vault
...
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f
radius: initial setup
2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
6d00e2733b
unbound: fix log rotation
...
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
ba3aec348f
keepalived: deploy to fleming w/ proper password
2020-05-09 16:07:04 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role
2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role
2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY
dea4dda285
hosts: remove dhcp and recursive_dns groups
...
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6
dhcp: restart server on config update
2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa
keepalived: no ansible_managed
...
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976
dhcp: allow different router IP suffix
...
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5
keepalived: initial config
2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
fea73a13aa
aurore-firewall: correct backup router ip
2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698
aurore-firewall: fix repo address + branch
2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528
aurore-firewall: add config after cloning
2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3
aurore-firewall: initial setup
...
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc
unbound: change task order
...
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
4f224ee817
re2o-service: install Python dependencies
2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91
baseconfig: fix resolv.conf
2020-05-07 14:51:02 +02:00
Yohaï-Eliel BERREBY
7c7abb6be5
baseconfig: set up /etc/resolv.conf
2020-05-07 12:53:59 +02:00
Alexandre IOOSS
81592fa986
Merge branch 'master' into 'aurore-dev'
...
# Conflicts:
# .gitignore
# hosts
# network.yml
# proxmox.yml
2020-05-03 16:11:19 +02:00
Yohaï-Eliel BERREBY
a77b2c4f0f
unbound: fix MTU settings
...
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
2020-05-02 18:59:22 +02:00
Yohaï-Eliel BERREBY
aae7e0120a
unbound: drop verbosity but log SERVFAILs
...
TODO: less frequent log rotation because of decreased log volume
2020-05-02 18:06:58 +02:00
Yohaï-Eliel BERREBY
c54e8f5d67
unbound: smarter logging
...
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
2020-05-02 17:13:01 +02:00
Yohaï-Eliel BERREBY
1dca5d2259
unbound: use handlers
...
Only restart unbound if the configuration
was actually updated.
2020-05-02 16:43:44 +02:00
Yohaï-Eliel BERREBY
b94c62d710
unbound-control: no certificates for local use
2020-05-02 16:37:21 +02:00
Yohaï-Eliel BERREBY
3695a3d771
unbound: attempt to fix spurious blacklisting
2020-04-28 23:14:43 +02:00
Yohaï-Eliel BERREBY
b4482b6d3b
unbound: configure unbound-control
2020-04-28 20:21:47 +02:00
Yohaï-Eliel BERREBY
bac131791b
unbound: bump verbosity up to 3
...
Some users are having issues resolving *.auro.re domains from our
network, and the bug does not show itself reliably. Increased verbosity
should help us pinpoint its source.
2020-04-28 20:13:56 +02:00
Yohaï-Eliel BERREBY
ded5f38aec
unbound: name set_fact tasks
2020-04-18 17:36:25 +02:00
Yohaï-Eliel BERREBY
662452065f
dhcp: remove Cloudflare from backup DNS
...
and rename variable, since these are not technically
upstream DNS servers
(unbound will ask the root servers, not these)
2020-04-18 17:06:38 +02:00
Yohaï-Eliel BERREBY
a0651d7703
unbound: bind to the right addresses on backup hosts
2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
b57fa6e356
dhcp: use backup DNS servers too
2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
22166bc69b
unbound: log to journalctl
2020-04-18 16:56:17 +02:00
Yohaï-Eliel BERREBY
1777d0e154
unbound: log to /var/log/unbound.log, errors only
2020-04-18 15:42:31 +02:00
Yohaï-Eliel BERREBY
7275ebda47
dhcp: ask clients to use our DNS servers
2020-04-18 15:39:32 +02:00
Yohaï-Eliel BERREBY
f05e92dc5e
unbound: remove unchecked configuration keys
2020-04-13 18:42:02 +02:00
Yohaï-Eliel BERREBY
b3712ed335
unbound: initial deployment
2020-04-13 18:41:12 +02:00
Yohaï-Eliel BERREBY
8fee0857c1
re2o-service: force clone git repository
2020-04-06 19:03:38 +02:00
Yohaï-Eliel BERREBY
8579b99b2e
dhcp: cron.d entry + let main.py restart the server
2020-04-06 19:03:10 +02:00
Yohaï-Eliel BERREBY
6cce62850d
dhcp: configure log rotation
2020-04-06 17:58:14 +02:00
Yohaï-Eliel BERREBY
7347829494
tackle logs
2020-04-06 17:48:56 +02:00
Yohaï-Eliel BERREBY
51fdb89940
extract dhcp-failover.conf into separate file
2020-04-06 17:28:04 +02:00
Yohaï-Eliel BERREBY
d323b78c16
fix bogus dhcpd config
...
- move failover peer declaration to beginning of file
- set split only on primary
- fix re2o-service hostname
- add /etc/default/isc-dhcp-server
2020-04-06 17:22:50 +02:00
Yohaï-Eliel BERREBY
34b448faec
dhcp: implement failover peer configuration
2020-04-06 14:41:34 +02:00
Yohaï-Eliel BERREBY
2a0a2e2ac6
dhcp: fix silly mix-ups
2020-04-06 13:20:52 +02:00
Yohaï-Eliel BERREBY
709e4614c2
suppression d'une déclaration DNS redondante
2020-04-05 19:04:03 +02:00
Yohaï-Eliel BERREBY
e6b2f80b49
templatisation de la config dhcpd
...
non encore testé
2020-04-05 18:44:37 +02:00
fpoutre
40e915a7e0
happy little mistakes
2020-03-22 19:06:38 +01:00
fpoutre
23f1b7a4a1
added support for edc and gs in ldap replica backup configuration
2020-03-22 18:42:00 +01:00
fpoutre
3a399bd04c
added ldap-replica support for ldap-clients of pacaterie and fleming
2020-02-20 18:42:34 +01:00
Alexandre Iooss
5061a029e0
Do not ask why, it was not there
2019-12-05 14:07:48 +01:00
Alexandre Iooss
ccbd7d3770
Failover VMs
2019-11-01 15:38:35 +01:00
Alexandre Iooss
6dec3ed0d1
Proxmox playbook and unifi ap
2019-11-01 15:17:59 +01:00
Alexandre Iooss
5b3ac2a21a
Merge crans version
2019-11-01 14:16:32 +01:00
Alexandre Iooss
e91d47ea8d
Update matrix conf
2019-08-29 07:04:37 +02:00
Alexandre Iooss
6cc0a6a6b7
Remove appservice Discord
2019-08-29 07:03:54 +02:00
Alexandre Iooss
743e902e85
Refractor ldap
2019-08-29 07:03:05 +02:00
Alexandre Iooss
e15ea7854a
Base config sync with crans
2019-08-29 07:02:15 +02:00
Alexandre Iooss
044e8af3aa
Move EtherPad to Docker
2019-07-26 08:50:07 +02:00
Alexandre Iooss
b488007578
[docker] Install docker-compose
2019-07-25 19:10:50 +02:00
Alexandre Iooss
24331ca25b
Fix CI
2019-07-22 21:04:58 +02:00
Alexandre Iooss
2e753db873
Indicate unifi role
2019-07-22 21:00:13 +02:00
Alexandre Iooss
694501dfa3
Merge crans monitoring
2019-07-22 20:56:43 +02:00
Alexandre Iooss
a45ca1a890
Move CodiMD to Docker
2019-07-22 19:14:43 +02:00
Alexandre Iooss
9a35650166
Move Riot web to docker
2019-07-22 10:32:34 +02:00
Alexandre Iooss
66d870ce36
Add docker role
2019-07-22 10:32:01 +02:00
Alexandre Iooss
9018c69da3
Fix matrix v1
2019-07-22 09:12:55 +02:00
Alexandre Iooss
1ed6228728
Simplify help message on server login
2019-05-26 13:03:09 +02:00
Alexandre Iooss
2e0679a973
[passbolt] Add some dep
2019-05-26 12:52:41 +02:00
Alexandre Iooss
a986ecd36a
Passbolt playbook
2019-05-23 07:28:44 +02:00
Alexandre Iooss
72a60a988b
Unifi playbook
2019-05-07 18:52:07 +02:00
Alexandre Iooss
b6573e68ae
Exclude Stretch from node config
2019-05-05 16:24:04 +02:00
Alexandre Iooss
c53d62712f
Make prometheus node exporter listen only on adm
2019-05-05 16:17:52 +02:00
Alexandre Iooss
c1c995e38d
Prometheus role
2019-05-05 14:07:04 +02:00
Alexandre Iooss
8dc40ecb1e
Specify git branch
2019-05-04 18:43:20 +02:00
Alexandre Iooss
8b7d4207b8
Autogenerate service config
2019-05-04 11:46:54 +02:00
Alexandre Iooss
5939d434fd
Beginning of isc-dhcp-server config
2019-05-04 10:54:51 +02:00
Alexandre Iooss
41eb131e69
Fix true values being yes
2019-05-03 22:50:48 +02:00
Alexandre Iooss
81ca7a177d
Initial DHCP re2o service
2019-05-03 22:42:55 +02:00
Alexandre Iooss
aab2daf5b7
Fix Riot depo key
2019-05-03 22:42:12 +02:00
Alexandre Iooss
5e738f40a7
Uniformize motd
2019-05-03 15:52:50 +02:00
Alexandre IOOSS
1cc6bc744b
Merge branch 'change_default_soft' into 'master'
...
Add screen and remove iPython2
See merge request aurore/ansible!20
2019-05-03 14:38:49 +02:00
Alexandre Iooss
0c8763c702
Create VM with Proxmox API
2019-05-03 13:06:26 +02:00
Alexandre Iooss
55cf8b801d
Remove useless systemd handler
2019-04-06 15:19:52 +02:00
Alexandre Iooss
1b3a6f7bf8
Configure IRC Matrix appservice
2019-04-01 18:53:37 +02:00