Commit graph

638 commits

Author SHA1 Message Date
Yohaï-Eliel BERREBY
b199c45d97 fix broken radius role
Would crash if called from anything other than the nuke radius DBs
playbook
2020-08-08 11:32:06 +02:00
Yohaï-Eliel BERREBY
af3c3dc132 enable radvd service 2020-08-08 11:19:16 +02:00
Yohaï-Eliel BERREBY
d98764d88e Merge branch 'ipv6' into ansible-2.10 2020-08-06 09:58:43 +02:00
Yohaï-Eliel BERREBY
30e503458e add ability to nuke radius DBs 2020-08-06 09:57:54 +02:00
Yohaï-Eliel BERREBY
e762091435 explain fe80::1 keepalived/radvd magic 2020-08-02 12:15:27 +02:00
Yohaï-Eliel BERREBY
de36a3bb95 announce IPv6 recursive resolver (untested) 2020-08-02 12:15:15 +02:00
Yohaï-Eliel BERREBY
8360e212cc enable SSH pipelining (THE SPEED!) 2020-08-02 12:14:57 +02:00
Yohaï-Eliel BERREBY
3a8112bf0d roll out (private) IPv6 on George Sand 2020-08-01 17:48:39 +02:00
Yohaï-Eliel BERREBY
361fd54414 keepalived: add IPv6 virtual route 2020-08-01 16:07:27 +02:00
Yohaï-Eliel BERREBY
2e6306b61e radvd: advertise keepalived VIP 2020-08-01 16:05:41 +02:00
Yohaï-Eliel BERREBY
56808e4e60 wip: begin updating 'router' role for IPv6
pending: update virtual routes
2020-08-01 15:46:41 +02:00
Yohaï-Eliel BERREBY
194c19fbf3 fix wrong hardcoded email for keepalived monitoring 2020-08-01 15:34:49 +02:00
Yohaï-Eliel BERREBY
713c93ac44 update unbound role for IPv6 2020-08-01 14:32:02 +02:00
Yohaï-Eliel BERREBY
d54da8d2b9 add ipv6_base_prefix variable 2020-08-01 14:31:49 +02:00
Yohaï-Eliel BERREBY
468bb9abde add radvd comment 2020-08-01 14:22:30 +02:00
Yohaï-Eliel BERREBY
f09b0906c6 radvd: fix wifi interface, comment out APs for now 2020-08-01 14:20:08 +02:00
Yohaï-Eliel BERREBY
a4841e6947 add radvd role, deploy in routers 2020-08-01 12:56:23 +02:00
Yohaï-Eliel BERREBY
a32116131d raise MTU at fleming
already been deployed for a while, forgot to push
2020-08-01 12:02:37 +02:00
Alexandre Iooss
c7c6e50dd9 Remove matrix mxisd 2020-07-22 10:04:25 +02:00
fpoutre
8639887fd1 Merge branch 'ansible-2.10' of gitlab.federez.net:aurore/ansible into ansible-2.10 2020-07-06 22:28:03 +02:00
fpoutre
354a5e7d63 created a dedicated ldap_replica role 2020-07-06 22:27:53 +02:00
511734a978 Add ldap-replica-gs-backup to hosts 2020-07-06 22:06:16 +02:00
fpoutre
f7617c4478 added ldap-replica-gs to hosts 2020-07-06 18:52:46 +02:00
Yohaï-Eliel BERREBY
337906c6c0 add gs dhcp, dns, routing
and add thor to inventory
2020-07-06 18:40:54 +02:00
Yohaï-Eliel BERREBY
a6b15c0e10 vars: use apartment block id for subnets 2020-05-21 20:06:47 +02:00
Yohaï-Eliel BERREBY
4866ce915c clean up README for ansible(devel) 2020-05-21 19:46:39 +02:00
Yohaï-Eliel BERREBY
63b4425a27 gs: fix vars 2020-05-21 19:45:35 +02:00
Yohaï-Eliel BERREBY
fe62055cdd radius: enable service, fix details 2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY
8ce63d14b6 radius: fix settings_local.py 2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef radius: step 2 of deployment (WIP) 2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af radius: change proxy.conf password, use vault
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f radius: initial setup 2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
8355546131 edc: raise DHCP-announced MTU to 1500 2020-05-14 17:50:06 +02:00
Yohaï-Eliel BERREBY
6d00e2733b unbound: fix log rotation
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
87b2e4f8cf pacaterie: raise MTU to 1500 2020-05-09 16:15:56 +02:00
Yohaï-Eliel BERREBY
ba3aec348f keepalived: deploy to fleming w/ proper password 2020-05-09 16:07:04 +02:00
Alexandre Iooss
a992612381
Add certbot challenge DNS-01 key 2020-05-09 13:03:31 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role 2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role 2020-05-09 12:52:17 +02:00
Alexandre Iooss
eae3a3ff44
Deploy docker-worker1-aurore and proxy-backup 2020-05-09 12:21:36 +02:00
Yohaï-Eliel BERREBY
dea4dda285 hosts: remove dhcp and recursive_dns groups
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Pierre
3f26e7d4b4 routeur de la pacaterie en ...254 au lieu de ...240 pour keepalived 2020-05-08 18:39:05 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6 dhcp: restart server on config update 2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa keepalived: no ansible_managed
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976 dhcp: allow different router IP suffix
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5 keepalived: initial config 2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
26524eccc5 ansible-list: allow lack of idempotence 2020-05-07 20:33:25 +02:00
Yohaï-Eliel BERREBY
e45bdcbba8 network.yml: ensure safety without --limit 2020-05-07 20:27:36 +02:00
Yohaï-Eliel BERREBY
fea73a13aa aurore-firewall: correct backup router ip 2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698 aurore-firewall: fix repo address + branch 2020-05-07 20:01:44 +02:00