Yohaï-Eliel BERREBY
8ce63d14b6
radius: fix settings_local.py
2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef
radius: step 2 of deployment (WIP)
2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af
radius: change proxy.conf password, use vault
...
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f
radius: initial setup
2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
6d00e2733b
unbound: fix log rotation
...
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
ba3aec348f
keepalived: deploy to fleming w/ proper password
2020-05-09 16:07:04 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role
2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role
2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY
dea4dda285
hosts: remove dhcp and recursive_dns groups
...
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6
dhcp: restart server on config update
2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa
keepalived: no ansible_managed
...
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976
dhcp: allow different router IP suffix
...
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5
keepalived: initial config
2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
fea73a13aa
aurore-firewall: correct backup router ip
2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698
aurore-firewall: fix repo address + branch
2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528
aurore-firewall: add config after cloning
2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3
aurore-firewall: initial setup
...
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc
unbound: change task order
...
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
4f224ee817
re2o-service: install Python dependencies
2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91
baseconfig: fix resolv.conf
2020-05-07 14:51:02 +02:00
Yohaï-Eliel BERREBY
7c7abb6be5
baseconfig: set up /etc/resolv.conf
2020-05-07 12:53:59 +02:00
Alexandre IOOSS
81592fa986
Merge branch 'master' into 'aurore-dev'
...
# Conflicts:
# .gitignore
# hosts
# network.yml
# proxmox.yml
2020-05-03 16:11:19 +02:00
Yohaï-Eliel BERREBY
a77b2c4f0f
unbound: fix MTU settings
...
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
2020-05-02 18:59:22 +02:00
Yohaï-Eliel BERREBY
aae7e0120a
unbound: drop verbosity but log SERVFAILs
...
TODO: less frequent log rotation because of decreased log volume
2020-05-02 18:06:58 +02:00
Yohaï-Eliel BERREBY
c54e8f5d67
unbound: smarter logging
...
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
2020-05-02 17:13:01 +02:00
Yohaï-Eliel BERREBY
1dca5d2259
unbound: use handlers
...
Only restart unbound if the configuration
was actually updated.
2020-05-02 16:43:44 +02:00
Yohaï-Eliel BERREBY
b94c62d710
unbound-control: no certificates for local use
2020-05-02 16:37:21 +02:00
Yohaï-Eliel BERREBY
3695a3d771
unbound: attempt to fix spurious blacklisting
2020-04-28 23:14:43 +02:00
Yohaï-Eliel BERREBY
b4482b6d3b
unbound: configure unbound-control
2020-04-28 20:21:47 +02:00
Yohaï-Eliel BERREBY
bac131791b
unbound: bump verbosity up to 3
...
Some users are having issues resolving *.auro.re domains from our
network, and the bug does not show itself reliably. Increased verbosity
should help us pinpoint its source.
2020-04-28 20:13:56 +02:00
Yohaï-Eliel BERREBY
ded5f38aec
unbound: name set_fact tasks
2020-04-18 17:36:25 +02:00
Yohaï-Eliel BERREBY
662452065f
dhcp: remove Cloudflare from backup DNS
...
and rename variable, since these are not technically
upstream DNS servers
(unbound will ask the root servers, not these)
2020-04-18 17:06:38 +02:00
Yohaï-Eliel BERREBY
a0651d7703
unbound: bind to the right addresses on backup hosts
2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
b57fa6e356
dhcp: use backup DNS servers too
2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
22166bc69b
unbound: log to journalctl
2020-04-18 16:56:17 +02:00
Yohaï-Eliel BERREBY
1777d0e154
unbound: log to /var/log/unbound.log, errors only
2020-04-18 15:42:31 +02:00
Yohaï-Eliel BERREBY
7275ebda47
dhcp: ask clients to use our DNS servers
2020-04-18 15:39:32 +02:00
Yohaï-Eliel BERREBY
f05e92dc5e
unbound: remove unchecked configuration keys
2020-04-13 18:42:02 +02:00
Yohaï-Eliel BERREBY
b3712ed335
unbound: initial deployment
2020-04-13 18:41:12 +02:00
Yohaï-Eliel BERREBY
8fee0857c1
re2o-service: force clone git repository
2020-04-06 19:03:38 +02:00
Yohaï-Eliel BERREBY
8579b99b2e
dhcp: cron.d entry + let main.py restart the server
2020-04-06 19:03:10 +02:00
Yohaï-Eliel BERREBY
6cce62850d
dhcp: configure log rotation
2020-04-06 17:58:14 +02:00
Yohaï-Eliel BERREBY
7347829494
tackle logs
2020-04-06 17:48:56 +02:00
Yohaï-Eliel BERREBY
51fdb89940
extract dhcp-failover.conf into separate file
2020-04-06 17:28:04 +02:00
Yohaï-Eliel BERREBY
d323b78c16
fix bogus dhcpd config
...
- move failover peer declaration to beginning of file
- set split only on primary
- fix re2o-service hostname
- add /etc/default/isc-dhcp-server
2020-04-06 17:22:50 +02:00
Yohaï-Eliel BERREBY
34b448faec
dhcp: implement failover peer configuration
2020-04-06 14:41:34 +02:00
Yohaï-Eliel BERREBY
2a0a2e2ac6
dhcp: fix silly mix-ups
2020-04-06 13:20:52 +02:00
Yohaï-Eliel BERREBY
709e4614c2
suppression d'une déclaration DNS redondante
2020-04-05 19:04:03 +02:00
Yohaï-Eliel BERREBY
e6b2f80b49
templatisation de la config dhcpd
...
non encore testé
2020-04-05 18:44:37 +02:00
fpoutre
40e915a7e0
happy little mistakes
2020-03-22 19:06:38 +01:00
fpoutre
23f1b7a4a1
added support for edc and gs in ldap replica backup configuration
2020-03-22 18:42:00 +01:00
fpoutre
3a399bd04c
added ldap-replica support for ldap-clients of pacaterie and fleming
2020-02-20 18:42:34 +01:00
Alexandre Iooss
5061a029e0
Do not ask why, it was not there
2019-12-05 14:07:48 +01:00
Alexandre Iooss
ccbd7d3770
Failover VMs
2019-11-01 15:38:35 +01:00
Alexandre Iooss
6dec3ed0d1
Proxmox playbook and unifi ap
2019-11-01 15:17:59 +01:00
Alexandre Iooss
5b3ac2a21a
Merge crans version
2019-11-01 14:16:32 +01:00
Alexandre Iooss
e91d47ea8d
Update matrix conf
2019-08-29 07:04:37 +02:00
Alexandre Iooss
6cc0a6a6b7
Remove appservice Discord
2019-08-29 07:03:54 +02:00
Alexandre Iooss
743e902e85
Refractor ldap
2019-08-29 07:03:05 +02:00
Alexandre Iooss
e15ea7854a
Base config sync with crans
2019-08-29 07:02:15 +02:00
Alexandre Iooss
044e8af3aa
Move EtherPad to Docker
2019-07-26 08:50:07 +02:00
Alexandre Iooss
b488007578
[docker] Install docker-compose
2019-07-25 19:10:50 +02:00
Alexandre Iooss
24331ca25b
Fix CI
2019-07-22 21:04:58 +02:00
Alexandre Iooss
2e753db873
Indicate unifi role
2019-07-22 21:00:13 +02:00
Alexandre Iooss
694501dfa3
Merge crans monitoring
2019-07-22 20:56:43 +02:00
Alexandre Iooss
a45ca1a890
Move CodiMD to Docker
2019-07-22 19:14:43 +02:00
Alexandre Iooss
9a35650166
Move Riot web to docker
2019-07-22 10:32:34 +02:00
Alexandre Iooss
66d870ce36
Add docker role
2019-07-22 10:32:01 +02:00
Alexandre Iooss
9018c69da3
Fix matrix v1
2019-07-22 09:12:55 +02:00
Alexandre Iooss
1ed6228728
Simplify help message on server login
2019-05-26 13:03:09 +02:00
Alexandre Iooss
2e0679a973
[passbolt] Add some dep
2019-05-26 12:52:41 +02:00
Alexandre Iooss
a986ecd36a
Passbolt playbook
2019-05-23 07:28:44 +02:00
Alexandre Iooss
72a60a988b
Unifi playbook
2019-05-07 18:52:07 +02:00
Alexandre Iooss
b6573e68ae
Exclude Stretch from node config
2019-05-05 16:24:04 +02:00
Alexandre Iooss
c53d62712f
Make prometheus node exporter listen only on adm
2019-05-05 16:17:52 +02:00
Alexandre Iooss
c1c995e38d
Prometheus role
2019-05-05 14:07:04 +02:00
Alexandre Iooss
8dc40ecb1e
Specify git branch
2019-05-04 18:43:20 +02:00
Alexandre Iooss
8b7d4207b8
Autogenerate service config
2019-05-04 11:46:54 +02:00
Alexandre Iooss
5939d434fd
Beginning of isc-dhcp-server config
2019-05-04 10:54:51 +02:00
Alexandre Iooss
41eb131e69
Fix true values being yes
2019-05-03 22:50:48 +02:00
Alexandre Iooss
81ca7a177d
Initial DHCP re2o service
2019-05-03 22:42:55 +02:00
Alexandre Iooss
aab2daf5b7
Fix Riot depo key
2019-05-03 22:42:12 +02:00
Alexandre Iooss
5e738f40a7
Uniformize motd
2019-05-03 15:52:50 +02:00
Alexandre IOOSS
1cc6bc744b
Merge branch 'change_default_soft' into 'master'
...
Add screen and remove iPython2
See merge request aurore/ansible!20
2019-05-03 14:38:49 +02:00
Alexandre Iooss
0c8763c702
Create VM with Proxmox API
2019-05-03 13:06:26 +02:00
Alexandre Iooss
55cf8b801d
Remove useless systemd handler
2019-04-06 15:19:52 +02:00
Alexandre Iooss
1b3a6f7bf8
Configure IRC Matrix appservice
2019-04-01 18:53:37 +02:00
Alexandre Iooss
84694900e4
Annonce the right Webhook URL for Matrix
2019-04-01 17:57:43 +02:00
Alexandre Iooss
2158c5c6b9
Pass Matrix Webhook through reverse proxy
2019-04-01 17:57:20 +02:00
Alexandre Iooss
88b9356f7d
Make CodiMD role more generic
2019-03-30 13:34:25 +01:00
Alexandre Iooss
48d521fb00
Use generic service model for matrix appservices
2019-03-30 13:26:20 +01:00
Alexandre Iooss
5ccb94e621
Simplify Matrix appservices
2019-03-29 19:25:11 +01:00
Alexandre Iooss
d4d6baed1a
Fix so everything is working fine today
2019-03-26 09:17:46 +01:00
Alexandre IOOSS
00ccc4c377
Merge branch 'refactor' into 'master'
...
Refactor
See merge request aurore/ansible!30
2019-03-26 08:36:21 +01:00
Alexandre Iooss
ee4f144b4a
Default configuration for Riot
2019-03-26 08:30:02 +01:00
Alexandre Iooss
7950191a53
Fix PVE unable to mount vfat at boot
2019-03-25 10:55:51 +01:00
Alexandre Iooss
11e084a104
Switch discord appservice to develop
2019-03-24 17:05:24 +01:00
Alexandre IOOSS
40e63ba89e
Merge branch 'discord_matrix' into 'master'
...
Discord matrix
See merge request aurore/ansible!31
2019-03-24 12:44:23 +01:00
Alexandre Iooss
bbc04d971f
Working appservice Discord
2019-03-24 12:10:35 +01:00
Hadrien Patte
66f7b1061a
Feat: migrate from with_X to loop
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:11:27 +01:00
Hadrien Patte
c20d4fbf18
Feat: expand YAML syntax
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:45 +01:00
Hadrien Patte
8a48110c21
Feat: add validate for sudoers
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:45 +01:00
Hadrien Patte
737ca7b996
Feat: add state
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:42 +01:00
Hadrien Patte
e4a60341c5
Feat: simplify one item lists
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:04:35 +01:00
Hadrien Patte
5551fb5c16
Fix: remove unnecessary quotes
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:04:33 +01:00
Hadrien Patte
8463f1cf96
Feat: use ini_file module
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 19:21:59 +01:00
Alexandre Iooss
489bb5ddcf
sudo group by location
2019-03-23 13:49:53 +01:00
Alexandre Iooss
01ad50ef95
Whitelist proxy
2019-03-23 13:00:18 +01:00
Alexandre Iooss
bd229fb11e
Update matrix-appservice-discord config
2019-03-23 12:52:39 +01:00
Alexandre Iooss
3198a50c93
Changed URL to make the Webhooks appservice work
2019-03-17 10:42:43 +01:00
Alexandre IOOSS
2b79f9117e
Merge branch 'debsums_security' into 'master'
...
Configure SSH and add debsums
See merge request aurore/ansible!25
2019-03-16 22:09:40 +01:00
Alexandre Iooss
724db5f8c8
Configure SSH and add debsums
2019-03-16 22:06:50 +01:00
Alexandre Iooss
a3b7cf6270
Hotfix HTTP
2019-03-16 21:10:00 +01:00
Alexandre Iooss
221be36085
Fail2ban by default
2019-03-14 15:45:19 +01:00
Alexandre Iooss
fb11981e8a
Follow Mozilla guidelines
2019-03-14 12:25:27 +01:00
Alexandre Iooss
af07bb7c0a
Better SSL conf
2019-03-14 11:53:55 +01:00
Alexandre Iooss
a8fa5d69ff
Add proxy snippets and use nginx-light
2019-03-14 10:53:44 +01:00
Alexandre Iooss
0cc36a107c
Fix CI
2019-03-12 19:58:55 +01:00
Alexandre Iooss
c9761e53dd
Connect to Synapse
2019-03-12 18:33:32 +01:00
Alexandre Iooss
1a447b3807
Add matrix-appservice-webhooks and move nodejs tasks
2019-03-12 18:03:23 +01:00
Alexandre IOOSS
fa7aa8ea75
Merge branch 'master' into 'change_default_soft'
...
# Conflicts:
# roles/baseconfig/tasks/main.yml
2019-03-12 17:27:23 +01:00
Alexandre Iooss
bc1459bc51
Fix various yamllint warnings
2019-03-12 17:22:42 +01:00
Alexandre Iooss
5dfd8eacc5
Replace 'yes' by 'true'
2019-03-12 17:04:06 +01:00
Alexandre Iooss
431b063db7
Maybe last fix for the CI
2019-03-12 16:56:01 +01:00
Alexandre Iooss
cc48990798
Use NPM module in matrix-appservice-discord
2019-03-12 16:51:27 +01:00
Alexandre Iooss
4a6da11837
Clean up EtherPad dep install
2019-03-12 16:34:35 +01:00
Alexandre Iooss
a8656251ab
Tab is useless in sudoers
2019-03-12 07:48:09 +01:00
Alexandre Iooss
dd19efaecd
Do not download rest_auth_provider.py
2019-03-12 07:47:07 +01:00
Alexandre Iooss
16ca4956dc
Make EtherPad default text shorter
2019-03-11 18:15:17 +01:00
Alexandre Iooss
4b5631e60b
Retry 3 times npm and yarn
2019-03-11 18:12:55 +01:00
Alexandre Iooss
b9d5601e36
Remove useless PRODUCTION var for webpack CodiMD
2019-03-11 18:10:35 +01:00
Alexandre Iooss
84263d7712
Do not use depreciated loop with APT
2019-03-11 18:02:29 +01:00
Alexandre Iooss
53b67acb07
Fix a error due to previous merge
2019-03-11 17:53:12 +01:00
Alexandre Iooss
b56ae30335
Use YARN module from Ansible 2.7
2019-03-11 17:49:48 +01:00
Alexandre Iooss
af81b41e83
Use NPM module for matrix-appservice-irc
2019-03-11 17:44:42 +01:00
Alexandre Iooss
4ebaa4f36f
Add retries to APT modules in Matrix Appservices
2019-03-11 15:39:11 +01:00
Alexandre Iooss
1274ec4be4
Fix last line of CodiMD apt dep
2019-03-11 15:30:49 +01:00
Alexandre Iooss
f347daa408
Use systemd module rather than command
2019-03-11 15:12:58 +01:00
Alexandre Iooss
563d9658ed
Add newline at end of 0_apt_dependencies.yml in CodiMD role
2019-03-11 15:10:17 +01:00
Alexandre IOOSS
1a4e41d318
Merge branch 'master' into 'ansible-lint'
...
# Conflicts:
# roles/codimd/tasks/0_apt_dependencies.yml
2019-03-11 15:00:11 +01:00
Alexandre Iooss
ce40a5cb66
Add screen and remove iPython2
2019-03-11 14:55:21 +01:00
Alexandre Iooss
a08be12b41
Security policies based on ANSSI recommandations
2019-03-11 14:52:03 +01:00
Alexandre Iooss
0b887c2abb
Add matrix-appservice-irc
2019-03-10 11:50:07 +01:00
Alexandre Iooss
d6627f5cce
Add matrix-appservice-discord
2019-03-10 11:10:59 +01:00
Alexandre Iooss
c7f584cae9
Fix CodiMD build
2019-03-04 16:04:36 +01:00
Alexandre Iooss
68d246bb24
Update to CodiMD 1.3.0
2019-03-04 15:08:05 +01:00
Alexandre Iooss
bae6f4041d
Add synapse conf to reverse proxy
2019-03-04 09:34:47 +01:00
Alexandre Iooss
fb21af51e2
Revert LDAP schema
2019-03-04 09:09:04 +01:00
Hadrien Patte
b55a2ee047
Fix: add a retry statement to remote package tasks
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-03 19:55:51 +01:00
Hadrien Patte
5c5195cc2c
Fix: use systemd instead of command module
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-03 19:32:42 +01:00