Commit graph

320 commits

Author SHA1 Message Date
Yohaï-Eliel BERREBY
8ce63d14b6 radius: fix settings_local.py 2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef radius: step 2 of deployment (WIP) 2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af radius: change proxy.conf password, use vault
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f radius: initial setup 2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
6d00e2733b unbound: fix log rotation
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
ba3aec348f keepalived: deploy to fleming w/ proper password 2020-05-09 16:07:04 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role 2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role 2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY
dea4dda285 hosts: remove dhcp and recursive_dns groups
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6 dhcp: restart server on config update 2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa keepalived: no ansible_managed
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976 dhcp: allow different router IP suffix
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5 keepalived: initial config 2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
fea73a13aa aurore-firewall: correct backup router ip 2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698 aurore-firewall: fix repo address + branch 2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528 aurore-firewall: add config after cloning 2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3 aurore-firewall: initial setup
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc unbound: change task order
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
4f224ee817 re2o-service: install Python dependencies 2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91 baseconfig: fix resolv.conf 2020-05-07 14:51:02 +02:00
Yohaï-Eliel BERREBY
7c7abb6be5 baseconfig: set up /etc/resolv.conf 2020-05-07 12:53:59 +02:00
Alexandre IOOSS
81592fa986 Merge branch 'master' into 'aurore-dev'
# Conflicts:
#   .gitignore
#   hosts
#   network.yml
#   proxmox.yml
2020-05-03 16:11:19 +02:00
Yohaï-Eliel BERREBY
a77b2c4f0f unbound: fix MTU settings
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
2020-05-02 18:59:22 +02:00
Yohaï-Eliel BERREBY
aae7e0120a unbound: drop verbosity but log SERVFAILs
TODO: less frequent log rotation because of decreased log volume
2020-05-02 18:06:58 +02:00
Yohaï-Eliel BERREBY
c54e8f5d67 unbound: smarter logging
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
2020-05-02 17:13:01 +02:00
Yohaï-Eliel BERREBY
1dca5d2259 unbound: use handlers
Only restart unbound if the configuration
was actually updated.
2020-05-02 16:43:44 +02:00
Yohaï-Eliel BERREBY
b94c62d710 unbound-control: no certificates for local use 2020-05-02 16:37:21 +02:00
Yohaï-Eliel BERREBY
3695a3d771 unbound: attempt to fix spurious blacklisting 2020-04-28 23:14:43 +02:00
Yohaï-Eliel BERREBY
b4482b6d3b unbound: configure unbound-control 2020-04-28 20:21:47 +02:00
Yohaï-Eliel BERREBY
bac131791b unbound: bump verbosity up to 3
Some users are having issues resolving *.auro.re domains from our
network, and the bug does not show itself reliably. Increased verbosity
should help us pinpoint its source.
2020-04-28 20:13:56 +02:00
Yohaï-Eliel BERREBY
ded5f38aec unbound: name set_fact tasks 2020-04-18 17:36:25 +02:00
Yohaï-Eliel BERREBY
662452065f dhcp: remove Cloudflare from backup DNS
and rename variable, since these are not technically
upstream DNS servers
(unbound will ask the root servers, not these)
2020-04-18 17:06:38 +02:00
Yohaï-Eliel BERREBY
a0651d7703 unbound: bind to the right addresses on backup hosts 2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
b57fa6e356 dhcp: use backup DNS servers too 2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
22166bc69b unbound: log to journalctl 2020-04-18 16:56:17 +02:00
Yohaï-Eliel BERREBY
1777d0e154 unbound: log to /var/log/unbound.log, errors only 2020-04-18 15:42:31 +02:00
Yohaï-Eliel BERREBY
7275ebda47 dhcp: ask clients to use our DNS servers 2020-04-18 15:39:32 +02:00
Yohaï-Eliel BERREBY
f05e92dc5e unbound: remove unchecked configuration keys 2020-04-13 18:42:02 +02:00
Yohaï-Eliel BERREBY
b3712ed335 unbound: initial deployment 2020-04-13 18:41:12 +02:00
Yohaï-Eliel BERREBY
8fee0857c1 re2o-service: force clone git repository 2020-04-06 19:03:38 +02:00
Yohaï-Eliel BERREBY
8579b99b2e dhcp: cron.d entry + let main.py restart the server 2020-04-06 19:03:10 +02:00
Yohaï-Eliel BERREBY
6cce62850d dhcp: configure log rotation 2020-04-06 17:58:14 +02:00
Yohaï-Eliel BERREBY
7347829494 tackle logs 2020-04-06 17:48:56 +02:00
Yohaï-Eliel BERREBY
51fdb89940 extract dhcp-failover.conf into separate file 2020-04-06 17:28:04 +02:00
Yohaï-Eliel BERREBY
d323b78c16 fix bogus dhcpd config
- move failover peer declaration to beginning of file
- set split only on primary
- fix re2o-service hostname
- add /etc/default/isc-dhcp-server
2020-04-06 17:22:50 +02:00
Yohaï-Eliel BERREBY
34b448faec dhcp: implement failover peer configuration 2020-04-06 14:41:34 +02:00
Yohaï-Eliel BERREBY
2a0a2e2ac6 dhcp: fix silly mix-ups 2020-04-06 13:20:52 +02:00
Yohaï-Eliel BERREBY
709e4614c2 suppression d'une déclaration DNS redondante 2020-04-05 19:04:03 +02:00
Yohaï-Eliel BERREBY
e6b2f80b49 templatisation de la config dhcpd
non encore testé
2020-04-05 18:44:37 +02:00
fpoutre
40e915a7e0 happy little mistakes 2020-03-22 19:06:38 +01:00
fpoutre
23f1b7a4a1 added support for edc and gs in ldap replica backup configuration 2020-03-22 18:42:00 +01:00
fpoutre
3a399bd04c added ldap-replica support for ldap-clients of pacaterie and fleming 2020-02-20 18:42:34 +01:00
Alexandre Iooss
5061a029e0
Do not ask why, it was not there 2019-12-05 14:07:48 +01:00
Alexandre Iooss
ccbd7d3770
Failover VMs 2019-11-01 15:38:35 +01:00
Alexandre Iooss
6dec3ed0d1
Proxmox playbook and unifi ap 2019-11-01 15:17:59 +01:00
Alexandre Iooss
5b3ac2a21a
Merge crans version 2019-11-01 14:16:32 +01:00
Alexandre Iooss
e91d47ea8d
Update matrix conf 2019-08-29 07:04:37 +02:00
Alexandre Iooss
6cc0a6a6b7
Remove appservice Discord 2019-08-29 07:03:54 +02:00
Alexandre Iooss
743e902e85
Refractor ldap 2019-08-29 07:03:05 +02:00
Alexandre Iooss
e15ea7854a
Base config sync with crans 2019-08-29 07:02:15 +02:00
Alexandre Iooss
044e8af3aa
Move EtherPad to Docker 2019-07-26 08:50:07 +02:00
Alexandre Iooss
b488007578
[docker] Install docker-compose 2019-07-25 19:10:50 +02:00
Alexandre Iooss
24331ca25b
Fix CI 2019-07-22 21:04:58 +02:00
Alexandre Iooss
2e753db873
Indicate unifi role 2019-07-22 21:00:13 +02:00
Alexandre Iooss
694501dfa3
Merge crans monitoring 2019-07-22 20:56:43 +02:00
Alexandre Iooss
a45ca1a890
Move CodiMD to Docker 2019-07-22 19:14:43 +02:00
Alexandre Iooss
9a35650166
Move Riot web to docker 2019-07-22 10:32:34 +02:00
Alexandre Iooss
66d870ce36
Add docker role 2019-07-22 10:32:01 +02:00
Alexandre Iooss
9018c69da3
Fix matrix v1 2019-07-22 09:12:55 +02:00
Alexandre Iooss
1ed6228728
Simplify help message on server login 2019-05-26 13:03:09 +02:00
Alexandre Iooss
2e0679a973
[passbolt] Add some dep 2019-05-26 12:52:41 +02:00
Alexandre Iooss
a986ecd36a
Passbolt playbook 2019-05-23 07:28:44 +02:00
Alexandre Iooss
72a60a988b
Unifi playbook 2019-05-07 18:52:07 +02:00
Alexandre Iooss
b6573e68ae
Exclude Stretch from node config 2019-05-05 16:24:04 +02:00
Alexandre Iooss
c53d62712f
Make prometheus node exporter listen only on adm 2019-05-05 16:17:52 +02:00
Alexandre Iooss
c1c995e38d
Prometheus role 2019-05-05 14:07:04 +02:00
Alexandre Iooss
8dc40ecb1e
Specify git branch 2019-05-04 18:43:20 +02:00
Alexandre Iooss
8b7d4207b8
Autogenerate service config 2019-05-04 11:46:54 +02:00
Alexandre Iooss
5939d434fd
Beginning of isc-dhcp-server config 2019-05-04 10:54:51 +02:00
Alexandre Iooss
41eb131e69
Fix true values being yes 2019-05-03 22:50:48 +02:00
Alexandre Iooss
81ca7a177d
Initial DHCP re2o service 2019-05-03 22:42:55 +02:00
Alexandre Iooss
aab2daf5b7
Fix Riot depo key 2019-05-03 22:42:12 +02:00
Alexandre Iooss
5e738f40a7
Uniformize motd 2019-05-03 15:52:50 +02:00
Alexandre IOOSS
1cc6bc744b Merge branch 'change_default_soft' into 'master'
Add screen and remove iPython2

See merge request aurore/ansible!20
2019-05-03 14:38:49 +02:00
Alexandre Iooss
0c8763c702
Create VM with Proxmox API 2019-05-03 13:06:26 +02:00
Alexandre Iooss
55cf8b801d
Remove useless systemd handler 2019-04-06 15:19:52 +02:00
Alexandre Iooss
1b3a6f7bf8
Configure IRC Matrix appservice 2019-04-01 18:53:37 +02:00
Alexandre Iooss
84694900e4
Annonce the right Webhook URL for Matrix 2019-04-01 17:57:43 +02:00
Alexandre Iooss
2158c5c6b9
Pass Matrix Webhook through reverse proxy 2019-04-01 17:57:20 +02:00
Alexandre Iooss
88b9356f7d
Make CodiMD role more generic 2019-03-30 13:34:25 +01:00
Alexandre Iooss
48d521fb00
Use generic service model for matrix appservices 2019-03-30 13:26:20 +01:00
Alexandre Iooss
5ccb94e621
Simplify Matrix appservices 2019-03-29 19:25:11 +01:00
Alexandre Iooss
d4d6baed1a
Fix so everything is working fine today 2019-03-26 09:17:46 +01:00
Alexandre IOOSS
00ccc4c377 Merge branch 'refactor' into 'master'
Refactor

See merge request aurore/ansible!30
2019-03-26 08:36:21 +01:00
Alexandre Iooss
ee4f144b4a
Default configuration for Riot 2019-03-26 08:30:02 +01:00
Alexandre Iooss
7950191a53
Fix PVE unable to mount vfat at boot 2019-03-25 10:55:51 +01:00
Alexandre Iooss
11e084a104
Switch discord appservice to develop 2019-03-24 17:05:24 +01:00
Alexandre IOOSS
40e63ba89e Merge branch 'discord_matrix' into 'master'
Discord matrix

See merge request aurore/ansible!31
2019-03-24 12:44:23 +01:00
Alexandre Iooss
bbc04d971f
Working appservice Discord 2019-03-24 12:10:35 +01:00
Hadrien Patte
66f7b1061a
Feat: migrate from with_X to loop
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:11:27 +01:00
Hadrien Patte
c20d4fbf18
Feat: expand YAML syntax
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:45 +01:00
Hadrien Patte
8a48110c21
Feat: add validate for sudoers
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:45 +01:00
Hadrien Patte
737ca7b996
Feat: add state
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:42 +01:00
Hadrien Patte
e4a60341c5
Feat: simplify one item lists
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:04:35 +01:00
Hadrien Patte
5551fb5c16
Fix: remove unnecessary quotes
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:04:33 +01:00
Hadrien Patte
8463f1cf96
Feat: use ini_file module
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 19:21:59 +01:00
Alexandre Iooss
489bb5ddcf
sudo group by location 2019-03-23 13:49:53 +01:00
Alexandre Iooss
01ad50ef95
Whitelist proxy 2019-03-23 13:00:18 +01:00
Alexandre Iooss
bd229fb11e
Update matrix-appservice-discord config 2019-03-23 12:52:39 +01:00
Alexandre Iooss
3198a50c93
Changed URL to make the Webhooks appservice work 2019-03-17 10:42:43 +01:00
Alexandre IOOSS
2b79f9117e Merge branch 'debsums_security' into 'master'
Configure SSH and add debsums

See merge request aurore/ansible!25
2019-03-16 22:09:40 +01:00
Alexandre Iooss
724db5f8c8 Configure SSH and add debsums 2019-03-16 22:06:50 +01:00
Alexandre Iooss
a3b7cf6270 Hotfix HTTP 2019-03-16 21:10:00 +01:00
Alexandre Iooss
221be36085 Fail2ban by default 2019-03-14 15:45:19 +01:00
Alexandre Iooss
fb11981e8a Follow Mozilla guidelines 2019-03-14 12:25:27 +01:00
Alexandre Iooss
af07bb7c0a Better SSL conf 2019-03-14 11:53:55 +01:00
Alexandre Iooss
a8fa5d69ff Add proxy snippets and use nginx-light 2019-03-14 10:53:44 +01:00
Alexandre Iooss
0cc36a107c Fix CI 2019-03-12 19:58:55 +01:00
Alexandre Iooss
c9761e53dd Connect to Synapse 2019-03-12 18:33:32 +01:00
Alexandre Iooss
1a447b3807 Add matrix-appservice-webhooks and move nodejs tasks 2019-03-12 18:03:23 +01:00
Alexandre IOOSS
fa7aa8ea75 Merge branch 'master' into 'change_default_soft'
# Conflicts:
#   roles/baseconfig/tasks/main.yml
2019-03-12 17:27:23 +01:00
Alexandre Iooss
bc1459bc51 Fix various yamllint warnings 2019-03-12 17:22:42 +01:00
Alexandre Iooss
5dfd8eacc5 Replace 'yes' by 'true' 2019-03-12 17:04:06 +01:00
Alexandre Iooss
431b063db7 Maybe last fix for the CI 2019-03-12 16:56:01 +01:00
Alexandre Iooss
cc48990798 Use NPM module in matrix-appservice-discord 2019-03-12 16:51:27 +01:00
Alexandre Iooss
4a6da11837 Clean up EtherPad dep install 2019-03-12 16:34:35 +01:00
Alexandre Iooss
a8656251ab Tab is useless in sudoers 2019-03-12 07:48:09 +01:00
Alexandre Iooss
dd19efaecd Do not download rest_auth_provider.py 2019-03-12 07:47:07 +01:00
Alexandre Iooss
16ca4956dc Make EtherPad default text shorter 2019-03-11 18:15:17 +01:00
Alexandre Iooss
4b5631e60b Retry 3 times npm and yarn 2019-03-11 18:12:55 +01:00
Alexandre Iooss
b9d5601e36 Remove useless PRODUCTION var for webpack CodiMD 2019-03-11 18:10:35 +01:00
Alexandre Iooss
84263d7712 Do not use depreciated loop with APT 2019-03-11 18:02:29 +01:00
Alexandre Iooss
53b67acb07 Fix a error due to previous merge 2019-03-11 17:53:12 +01:00
Alexandre Iooss
b56ae30335 Use YARN module from Ansible 2.7 2019-03-11 17:49:48 +01:00
Alexandre Iooss
af81b41e83 Use NPM module for matrix-appservice-irc 2019-03-11 17:44:42 +01:00
Alexandre Iooss
4ebaa4f36f Add retries to APT modules in Matrix Appservices 2019-03-11 15:39:11 +01:00
Alexandre Iooss
1274ec4be4 Fix last line of CodiMD apt dep 2019-03-11 15:30:49 +01:00
Alexandre Iooss
f347daa408 Use systemd module rather than command 2019-03-11 15:12:58 +01:00
Alexandre Iooss
563d9658ed Add newline at end of 0_apt_dependencies.yml in CodiMD role 2019-03-11 15:10:17 +01:00
Alexandre IOOSS
1a4e41d318 Merge branch 'master' into 'ansible-lint'
# Conflicts:
#   roles/codimd/tasks/0_apt_dependencies.yml
2019-03-11 15:00:11 +01:00
Alexandre Iooss
ce40a5cb66 Add screen and remove iPython2 2019-03-11 14:55:21 +01:00
Alexandre Iooss
a08be12b41 Security policies based on ANSSI recommandations 2019-03-11 14:52:03 +01:00
Alexandre Iooss
0b887c2abb Add matrix-appservice-irc 2019-03-10 11:50:07 +01:00
Alexandre Iooss
d6627f5cce Add matrix-appservice-discord 2019-03-10 11:10:59 +01:00
Alexandre Iooss
c7f584cae9 Fix CodiMD build 2019-03-04 16:04:36 +01:00
Alexandre Iooss
68d246bb24 Update to CodiMD 1.3.0 2019-03-04 15:08:05 +01:00
Alexandre Iooss
bae6f4041d Add synapse conf to reverse proxy 2019-03-04 09:34:47 +01:00
Alexandre Iooss
fb21af51e2 Revert LDAP schema 2019-03-04 09:09:04 +01:00
Hadrien Patte
b55a2ee047
Fix: add a retry statement to remote package tasks
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-03 19:55:51 +01:00
Hadrien Patte
5c5195cc2c
Fix: use systemd instead of command module
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-03 19:32:42 +01:00