Commit graph

450 commits

Author SHA1 Message Date
256d2d5df4 Post renewal hook for certbot to reload dovecot and postfix
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-05 00:05:26 +01:00
43053e57f9 Fix broken vars
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-04 23:44:32 +01:00
e316679e13 Add additional role for mailserver 2021-02-04 23:34:53 +01:00
2c531d1af2 Postfix conf add certs and other security related modifications
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-04 23:18:23 +01:00
27cfcc1320 Don't reinvent the whell, use existing roles (have to be tested)
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-04 14:47:40 +01:00
1c7b4f8560 add re2o service mail cron
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-04 01:46:55 +01:00
9e91f2e9d5 Re2o API config 2021-02-04 01:38:49 +01:00
cf58c2bac5 Add re2o mail server
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-04 01:30:14 +01:00
c85b2b58fe Add quota to dovecot
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-03 23:20:10 +01:00
2673f771d9 Enable Dovecot sieve 2021-02-03 20:18:46 +01:00
3eb48edccd
Tmux everywhere
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-02 23:17:47 +01:00
52a29ff010 Fix syntax: don't forget the underscore
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 01:14:53 +01:00
b2a49c1e42 Add LMTP for Postfix-Dovecot communication
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 01:10:31 +01:00
809f5f9cc9 Add config in the right section
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 01:05:37 +01:00
c45dab323a Don't add conf.d/*.conf into a file that is itself already there! dumb dumb
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 00:56:17 +01:00
af4d66c85b remove non-existant conf file from the role
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 00:46:00 +01:00
fcb53b7cf5 Add sane logging timestamp format
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 00:41:30 +01:00
b50ef60e8a fix conf.d template files path
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 00:38:15 +01:00
d05425745f Fix indentation... again 2021-01-30 00:34:54 +01:00
8612f835af fix typo and indentation problem
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 00:30:35 +01:00
99a46af244 User handlers to run when something changed
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-30 00:02:28 +01:00
8b66ba059b use command instead of shell when no shell functionality is required 2021-01-29 23:59:53 +01:00
otthorn
f6c9208a41 Merge pull request 'Limit floats in alerts to 2 decimal places' (#5) from human_readable_altermanager into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#5
2021-01-29 20:48:43 +01:00
otthorn
c9352fb9ab Merge pull request 'Use unattended-upgrades for Debian-Security' (#4) from unattended into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#4
2021-01-29 20:42:24 +01:00
otthorn
a8af3c9c72 Merge branch 'master' into monitoring_pdu
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:29:28 +01:00
eecf807b53 Delte main.yml.save
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:15:21 +01:00
a12bcbc97f Correct yamlint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-29 20:12:14 +01:00
6ec89b88d8 Limit floats in alerts to 2 decimal places
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 19:33:38 +01:00
094334e069 Fix mode, shoudl always be set
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-29 01:03:18 +01:00
de2758f4d6 rename roles to match regex set by linter 2021-01-29 01:01:10 +01:00
58064df056 fix typo 2021-01-29 00:57:24 +01:00
bd8942eff2 reload -> restart 2021-01-29 00:56:08 +01:00
ad1a1602eb dovecot ldap conf
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-29 00:16:42 +01:00
d59cb41d5e Use unattended-upgrades for Debian-Security
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-28 03:42:07 +01:00
1297884ce1 Add ssl conf
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-28 03:15:45 +01:00
026e35adc7 Add IMAP/POP/SMTP auth conf
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-28 01:34:09 +01:00
f991befbc6 renamed to fit jinja template
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-28 01:27:22 +01:00
79b75cae00 maildir conf
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-28 01:24:50 +01:00
765ce39625 auth config 2021-01-28 01:11:32 +01:00
d3cf2c7e5f dovecot handlers
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-28 00:15:51 +01:00
e1d8382fed fix typo
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-28 00:13:08 +01:00
241997396b Config outside of conf.d
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-28 00:11:36 +01:00
a54c5832a3 Apt retry mechanism 2021-01-28 00:07:23 +01:00
e3ae912f44 Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 22:10:57 +01:00
bac377f634 Update alert rules of UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 19:01:27 +01:00
fff6ec5807 fix typo: restart -> reload
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 16:04:09 +01:00
795ee3846f fix indent 2021-01-23 16:02:10 +01:00
e6af0f2bd7 fix typo: groupe -> group
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:59:03 +01:00
e1a961273d fix typo: dst -> dest
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:42:52 +01:00
73142dbe03 Fix yaml syntax
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 14:41:25 +01:00
43274ef2ec Add the ansible_managed var at the begining of the config file 2021-01-23 14:40:29 +01:00
66c2ff6305 full path to logrotate for command 2021-01-23 14:37:18 +01:00
05326c15d3 Enforce logrotate rules 2021-01-23 14:27:09 +01:00
ddd69e04c0 create logrotate role 2021-01-23 14:25:35 +01:00
c7a3495ae5 Alert rules for UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-22 12:16:36 +01:00
40d3c22276 Setup config snmp for Prometheus, to monitore Aurore's PDU
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-21 21:26:40 +01:00
f0e3bd78c9 use command instead of shell when you don't need sh features (pipes, env, etc...)
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-19 23:27:17 +01:00
4a57dad8a6 use handlers
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-19 23:19:25 +01:00
851e459b6f Starting to try out postfix config
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 23:48:36 +01:00
facfe3c169 Attempt to fix ansible lint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 18:21:29 +01:00
ee1726589a Linter should pass now!
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 17:06:59 +01:00
ee16220591 Please linter
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 17:02:52 +01:00
9d4c630c7e Add the mail-certificate role
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 17:02:05 +01:00
06917ce46b Agree to Letsencrypt TOS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 16:40:28 +01:00
72d486119e fix typo 2021-01-17 13:27:43 +01:00
7e03eafeaa dashes are evil, use underscore in var names 2021-01-17 13:27:24 +01:00
e77047a532 add sain defaults for NFS client
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 13:03:09 +01:00
5c9ae10a8c Fix yaml lint 2021-01-17 12:47:58 +01:00
f901669341 fix var names for better hierarchy
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 12:34:25 +01:00
1847a5a698 Add nfs-client role
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 12:31:30 +01:00
0364006062
Install curl and net-tools by default
Some checks failed
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:13:30 +01:00
02e4e7d48f
Sort APT packages
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:12:53 +01:00
9a04934bd2 Starting the dovecot task 2021-01-14 22:47:29 +01:00
bb8bd718a9 fix yaml lint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-14 12:25:23 +01:00
846665961a Add (initial) mail-utils role 2021-01-14 12:16:00 +01:00
b412210d56 Add (initial) postfix role 2021-01-14 12:15:48 +01:00
078d141236 Add task to remove smartmontools of the VM
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-08 22:43:18 +01:00
07f9ee1fbb yes -> true to please yaml linter (truthy)
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-07 11:21:53 +01:00
37e3fe2231 Add ldap replica rives
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-09 18:53:47 +01:00
b232d6b40b Renommage re2o_service en re2o-service 2020-11-09 18:10:34 +01:00
chirac
8bf080dbf7 Fix radius permission bug 2020-11-08 18:50:38 +01:00
chirac
5b56f9cfc9 Revert "Use command instead of shell"
This reverts commit 0f9169284f.
2020-11-08 18:13:21 +01:00
Yohann D'ANELLO
24ab53675a Automatically renew certificates if a new domain was added 2020-11-04 23:58:27 +01:00
Yohann D'ANELLO
03d48a2d82 Add possibility to configure port forwarding, like SSH for Gitea 2020-11-04 23:49:35 +01:00
Yohann D'ANELLO
ac7696c81f User cerbot-nginx to create certificates 2020-11-04 23:07:51 +01:00
Yohann D'ANELLO
f9b7e052b9 Store reverse proxy data in proxy host vars 2020-11-04 22:38:54 +01:00
Yohann D'ANELLO
26427665f3 Fix indentation 2020-11-04 20:11:31 +01:00
Yohann D'ANELLO
9505e87113 Use true instead of yes 2020-11-04 20:00:35 +01:00
Yohann D'ANELLO
0f9169284f Use command instead of shell 2020-11-04 19:49:49 +01:00
Yohann D'ANELLO
4c8e05e08f Use underscore instead of dashes 2020-11-04 19:36:40 +01:00
Yohann D'ANELLO
9b8dee098e Always set file permissions 2020-11-04 19:31:50 +01:00
Yohann D'ANELLO
3c405db661 Add Drone 2020-11-04 00:29:31 +01:00
Yohann D'ANELLO
2a6c005190 Replace ansible_header by ansible_managed 2020-11-03 23:29:30 +01:00
chirac
518560b392 Add new ldap replica at ovh 2020-11-03 14:21:26 +01:00
chirac
a213e18d9c Update Ldap priority 2020-11-02 17:25:38 +01:00
chirac
4a43c0f0db Update re2o ip 2020-11-02 17:25:26 +01:00
3d64f22c39 Modification du keepalive d'OpenSSHd.
Les serveurs OpenSSH détectent désormais la déconnexion du client et
peuvent terminer la session.
2020-10-24 19:12:35 +02:00
chirac
68f7fd5b59 Isc-dhcp-server config for banni/accueil vlans 2020-10-17 19:48:34 +02:00
chirac
0d7bfbd872 Create group for non pve physical server 2020-10-17 19:48:17 +02:00
Yohaï-Eliel BERREBY
8adf6b8105 add ipv6-edge-router role 2020-09-28 18:15:03 +02:00
chirac
ba2baa3020 Return routes now handled by keepalived 2020-09-27 13:55:56 +02:00
bba144ef14 Inverse les opérations de lecture/ecriture par defaut -> rw
Ce fix corrige le problème des opérations d'écritures dans la bdd master remote,
qui marchaient mal, désormais les lignes de logs historiques sont correctement écrites.
Il semblerait que django avait du mal à savoir que ces opérations reversion sont bien des opérations
d'écriture.
2020-09-19 14:02:53 +02:00
chirac
773f39cede Fichier inutile 2020-09-16 21:04:10 +02:00
chirac
dac049f125 Tous les cron dhcp sont décalés de 2 minutes 2020-09-16 21:02:44 +02:00
Yohaï-Eliel BERREBY
91157d80c1 dhcp: run re2o service as root in cron / directly 2020-09-13 17:54:46 +02:00
Yohaï-Eliel BERREBY
6dd6168d2a dhcp: upgrade role for dhcp-aurore-backup 2020-09-12 16:03:33 +02:00
Yohaï-Eliel BERREBY
9b07fc9001 dhcp: manage dhcp-aurore 2020-09-11 15:13:11 +02:00
chirac
26743b464d Add Radius-aurore.adm.auro.re to ansible managed radius servers 2020-09-09 23:17:15 +02:00
chirac
53842e4c2f Add ipv6 Radius AURORE address 2020-09-09 23:16:35 +02:00
Yohaï-Eliel BERREBY
e48425300a Merge branch 'ansible-2.10' into master 2020-09-08 22:35:30 +02:00
Yohann D'ANELLO
5c46191389 Register camelot and gitea, make camelot accessible for everyone 2020-09-04 09:56:02 +02:00
Yohaï-Eliel BERREBY
646ebd3ba9 router: ansibilize routeur-aurore{,backup} 2020-08-08 20:45:38 +02:00
Yohaï-Eliel BERREBY
12b0bc91dc radvd: cosmetic changes 2020-08-08 11:32:34 +02:00
Yohaï-Eliel BERREBY
b199c45d97 fix broken radius role
Would crash if called from anything other than the nuke radius DBs
playbook
2020-08-08 11:32:06 +02:00
Yohaï-Eliel BERREBY
af3c3dc132 enable radvd service 2020-08-08 11:19:16 +02:00
Yohaï-Eliel BERREBY
30e503458e add ability to nuke radius DBs 2020-08-06 09:57:54 +02:00
Yohaï-Eliel BERREBY
e762091435 explain fe80::1 keepalived/radvd magic 2020-08-02 12:15:27 +02:00
Yohaï-Eliel BERREBY
de36a3bb95 announce IPv6 recursive resolver (untested) 2020-08-02 12:15:15 +02:00
Yohaï-Eliel BERREBY
3a8112bf0d roll out (private) IPv6 on George Sand 2020-08-01 17:48:39 +02:00
Yohaï-Eliel BERREBY
361fd54414 keepalived: add IPv6 virtual route 2020-08-01 16:07:27 +02:00
Yohaï-Eliel BERREBY
2e6306b61e radvd: advertise keepalived VIP 2020-08-01 16:05:41 +02:00
Yohaï-Eliel BERREBY
56808e4e60 wip: begin updating 'router' role for IPv6
pending: update virtual routes
2020-08-01 15:46:41 +02:00
Yohaï-Eliel BERREBY
194c19fbf3 fix wrong hardcoded email for keepalived monitoring 2020-08-01 15:34:49 +02:00
Yohaï-Eliel BERREBY
713c93ac44 update unbound role for IPv6 2020-08-01 14:32:02 +02:00
Yohaï-Eliel BERREBY
d54da8d2b9 add ipv6_base_prefix variable 2020-08-01 14:31:49 +02:00
Yohaï-Eliel BERREBY
f09b0906c6 radvd: fix wifi interface, comment out APs for now 2020-08-01 14:20:08 +02:00
Yohaï-Eliel BERREBY
a4841e6947 add radvd role, deploy in routers 2020-08-01 12:56:23 +02:00
Alexandre Iooss
c7c6e50dd9 Remove matrix mxisd 2020-07-22 10:04:25 +02:00
Yohaï-Eliel BERREBY
337906c6c0 add gs dhcp, dns, routing
and add thor to inventory
2020-07-06 18:40:54 +02:00
Yohaï-Eliel BERREBY
fe62055cdd radius: enable service, fix details 2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY
8ce63d14b6 radius: fix settings_local.py 2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef radius: step 2 of deployment (WIP) 2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af radius: change proxy.conf password, use vault
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f radius: initial setup 2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
6d00e2733b unbound: fix log rotation
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
ba3aec348f keepalived: deploy to fleming w/ proper password 2020-05-09 16:07:04 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role 2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role 2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY
dea4dda285 hosts: remove dhcp and recursive_dns groups
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6 dhcp: restart server on config update 2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa keepalived: no ansible_managed
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976 dhcp: allow different router IP suffix
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5 keepalived: initial config 2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
fea73a13aa aurore-firewall: correct backup router ip 2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698 aurore-firewall: fix repo address + branch 2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528 aurore-firewall: add config after cloning 2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3 aurore-firewall: initial setup
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc unbound: change task order
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
4f224ee817 re2o-service: install Python dependencies 2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91 baseconfig: fix resolv.conf 2020-05-07 14:51:02 +02:00