256d2d5df4
Post renewal hook for certbot to reload dovecot and postfix
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-05 00:05:26 +01:00
43053e57f9
Fix broken vars
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-04 23:44:32 +01:00
e316679e13
Add additional role for mailserver
2021-02-04 23:34:53 +01:00
2c531d1af2
Postfix conf add certs and other security related modifications
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-04 23:18:23 +01:00
27cfcc1320
Don't reinvent the whell, use existing roles (have to be tested)
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-04 14:47:40 +01:00
1c7b4f8560
add re2o service mail cron
continuous-integration/drone/push Build is failing
2021-02-04 01:46:55 +01:00
9e91f2e9d5
Re2o API config
2021-02-04 01:38:49 +01:00
cf58c2bac5
Add re2o mail server
continuous-integration/drone/push Build is failing
2021-02-04 01:30:14 +01:00
c85b2b58fe
Add quota to dovecot
continuous-integration/drone/push Build is failing
2021-02-03 23:20:10 +01:00
2673f771d9
Enable Dovecot sieve
2021-02-03 20:18:46 +01:00
3eb48edccd
Tmux everywhere
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-02 23:17:47 +01:00
52a29ff010
Fix syntax: don't forget the underscore
continuous-integration/drone/push Build is failing
2021-01-30 01:14:53 +01:00
b2a49c1e42
Add LMTP for Postfix-Dovecot communication
continuous-integration/drone/push Build is failing
2021-01-30 01:10:31 +01:00
809f5f9cc9
Add config in the right section
continuous-integration/drone/push Build is failing
2021-01-30 01:05:37 +01:00
c45dab323a
Don't add conf.d/*.conf into a file that is itself already there! dumb dumb
continuous-integration/drone/push Build is failing
2021-01-30 00:56:17 +01:00
af4d66c85b
remove non-existant conf file from the role
continuous-integration/drone/push Build is failing
2021-01-30 00:46:00 +01:00
fcb53b7cf5
Add sane logging timestamp format
continuous-integration/drone/push Build is failing
2021-01-30 00:41:30 +01:00
b50ef60e8a
fix conf.d template files path
continuous-integration/drone/push Build is failing
2021-01-30 00:38:15 +01:00
d05425745f
Fix indentation... again
2021-01-30 00:34:54 +01:00
8612f835af
fix typo and indentation problem
continuous-integration/drone/push Build is failing
2021-01-30 00:30:35 +01:00
99a46af244
User handlers to run when something changed
continuous-integration/drone/push Build is failing
2021-01-30 00:02:28 +01:00
8b66ba059b
use command instead of shell when no shell functionality is required
2021-01-29 23:59:53 +01:00
otthorn
f6c9208a41
Merge pull request 'Limit floats in alerts to 2 decimal places' ( #5 ) from human_readable_altermanager into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#5
2021-01-29 20:48:43 +01:00
otthorn
c9352fb9ab
Merge pull request 'Use unattended-upgrades for Debian-Security' ( #4 ) from unattended into master
...
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#4
2021-01-29 20:42:24 +01:00
otthorn
a8af3c9c72
Merge branch 'master' into monitoring_pdu
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:29:28 +01:00
eecf807b53
Delte main.yml.save
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:15:21 +01:00
a12bcbc97f
Correct yamlint
continuous-integration/drone/push Build is failing
2021-01-29 20:12:14 +01:00
6ec89b88d8
Limit floats in alerts to 2 decimal places
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 19:33:38 +01:00
094334e069
Fix mode, shoudl always be set
continuous-integration/drone/push Build is failing
2021-01-29 01:03:18 +01:00
de2758f4d6
rename roles to match regex set by linter
2021-01-29 01:01:10 +01:00
58064df056
fix typo
2021-01-29 00:57:24 +01:00
bd8942eff2
reload -> restart
2021-01-29 00:56:08 +01:00
ad1a1602eb
dovecot ldap conf
continuous-integration/drone/push Build is failing
2021-01-29 00:16:42 +01:00
d59cb41d5e
Use unattended-upgrades for Debian-Security
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-28 03:42:07 +01:00
1297884ce1
Add ssl conf
continuous-integration/drone/push Build is failing
2021-01-28 03:15:45 +01:00
026e35adc7
Add IMAP/POP/SMTP auth conf
continuous-integration/drone/push Build is failing
2021-01-28 01:34:09 +01:00
f991befbc6
renamed to fit jinja template
continuous-integration/drone/push Build is failing
2021-01-28 01:27:22 +01:00
79b75cae00
maildir conf
continuous-integration/drone/push Build is failing
2021-01-28 01:24:50 +01:00
765ce39625
auth config
2021-01-28 01:11:32 +01:00
d3cf2c7e5f
dovecot handlers
continuous-integration/drone/push Build is failing
2021-01-28 00:15:51 +01:00
e1d8382fed
fix typo
continuous-integration/drone/push Build is failing
2021-01-28 00:13:08 +01:00
241997396b
Config outside of conf.d
continuous-integration/drone/push Build is failing
2021-01-28 00:11:36 +01:00
a54c5832a3
Apt retry mechanism
2021-01-28 00:07:23 +01:00
e3ae912f44
Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
continuous-integration/drone/push Build is failing
2021-01-23 22:10:57 +01:00
bac377f634
Update alert rules of UPS
continuous-integration/drone/push Build is failing
2021-01-23 19:01:27 +01:00
fff6ec5807
fix typo: restart -> reload
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 16:04:09 +01:00
795ee3846f
fix indent
2021-01-23 16:02:10 +01:00
e6af0f2bd7
fix typo: groupe -> group
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:59:03 +01:00
e1a961273d
fix typo: dst -> dest
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-23 15:42:52 +01:00
73142dbe03
Fix yaml syntax
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 14:41:25 +01:00
43274ef2ec
Add the ansible_managed var at the begining of the config file
2021-01-23 14:40:29 +01:00
66c2ff6305
full path to logrotate for command
2021-01-23 14:37:18 +01:00
05326c15d3
Enforce logrotate rules
2021-01-23 14:27:09 +01:00
ddd69e04c0
create logrotate role
2021-01-23 14:25:35 +01:00
c7a3495ae5
Alert rules for UPS
continuous-integration/drone/push Build is failing
2021-01-22 12:16:36 +01:00
40d3c22276
Setup config snmp for Prometheus, to monitore Aurore's PDU
continuous-integration/drone/push Build is failing
2021-01-21 21:26:40 +01:00
f0e3bd78c9
use command instead of shell when you don't need sh features (pipes, env, etc...)
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-19 23:27:17 +01:00
4a57dad8a6
use handlers
continuous-integration/drone/push Build is failing
2021-01-19 23:19:25 +01:00
851e459b6f
Starting to try out postfix config
continuous-integration/drone/push Build is failing
2021-01-17 23:48:36 +01:00
facfe3c169
Attempt to fix ansible lint
continuous-integration/drone/push Build is failing
2021-01-17 18:21:29 +01:00
ee1726589a
Linter should pass now!
continuous-integration/drone/push Build is failing
2021-01-17 17:06:59 +01:00
ee16220591
Please linter
continuous-integration/drone/push Build is failing
2021-01-17 17:02:52 +01:00
9d4c630c7e
Add the mail-certificate role
continuous-integration/drone/push Build is failing
2021-01-17 17:02:05 +01:00
06917ce46b
Agree to Letsencrypt TOS
continuous-integration/drone/push Build is failing
2021-01-17 16:40:28 +01:00
72d486119e
fix typo
2021-01-17 13:27:43 +01:00
7e03eafeaa
dashes are evil, use underscore in var names
2021-01-17 13:27:24 +01:00
e77047a532
add sain defaults for NFS client
continuous-integration/drone/push Build is failing
2021-01-17 13:03:09 +01:00
5c9ae10a8c
Fix yaml lint
2021-01-17 12:47:58 +01:00
f901669341
fix var names for better hierarchy
continuous-integration/drone/push Build is failing
2021-01-17 12:34:25 +01:00
1847a5a698
Add nfs-client role
continuous-integration/drone/push Build is failing
2021-01-17 12:31:30 +01:00
0364006062
Install curl and net-tools by default
...
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:13:30 +01:00
02e4e7d48f
Sort APT packages
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:12:53 +01:00
9a04934bd2
Starting the dovecot task
2021-01-14 22:47:29 +01:00
bb8bd718a9
fix yaml lint
continuous-integration/drone/push Build is failing
2021-01-14 12:25:23 +01:00
846665961a
Add (initial) mail-utils role
2021-01-14 12:16:00 +01:00
b412210d56
Add (initial) postfix role
2021-01-14 12:15:48 +01:00
078d141236
Add task to remove smartmontools of the VM
continuous-integration/drone/push Build is failing
2021-01-08 22:43:18 +01:00
07f9ee1fbb
yes -> true to please yaml linter (truthy)
continuous-integration/drone/push Build is failing
2021-01-07 11:21:53 +01:00
37e3fe2231
Add ldap replica rives
continuous-integration/drone/push Build is failing
2020-11-09 18:53:47 +01:00
b232d6b40b
Renommage re2o_service en re2o-service
2020-11-09 18:10:34 +01:00
chirac
8bf080dbf7
Fix radius permission bug
2020-11-08 18:50:38 +01:00
chirac
5b56f9cfc9
Revert "Use command instead of shell"
...
This reverts commit 0f9169284f
.
2020-11-08 18:13:21 +01:00
Yohann D'ANELLO
24ab53675a
Automatically renew certificates if a new domain was added
2020-11-04 23:58:27 +01:00
Yohann D'ANELLO
03d48a2d82
Add possibility to configure port forwarding, like SSH for Gitea
2020-11-04 23:49:35 +01:00
Yohann D'ANELLO
ac7696c81f
User cerbot-nginx to create certificates
2020-11-04 23:07:51 +01:00
Yohann D'ANELLO
f9b7e052b9
Store reverse proxy data in proxy host vars
2020-11-04 22:38:54 +01:00
Yohann D'ANELLO
26427665f3
Fix indentation
2020-11-04 20:11:31 +01:00
Yohann D'ANELLO
9505e87113
Use true instead of yes
2020-11-04 20:00:35 +01:00
Yohann D'ANELLO
0f9169284f
Use command instead of shell
2020-11-04 19:49:49 +01:00
Yohann D'ANELLO
4c8e05e08f
Use underscore instead of dashes
2020-11-04 19:36:40 +01:00
Yohann D'ANELLO
9b8dee098e
Always set file permissions
2020-11-04 19:31:50 +01:00
Yohann D'ANELLO
3c405db661
Add Drone
2020-11-04 00:29:31 +01:00
Yohann D'ANELLO
2a6c005190
Replace ansible_header by ansible_managed
2020-11-03 23:29:30 +01:00
chirac
518560b392
Add new ldap replica at ovh
2020-11-03 14:21:26 +01:00
chirac
a213e18d9c
Update Ldap priority
2020-11-02 17:25:38 +01:00
chirac
4a43c0f0db
Update re2o ip
2020-11-02 17:25:26 +01:00
3d64f22c39
Modification du keepalive d'OpenSSHd.
...
Les serveurs OpenSSH détectent désormais la déconnexion du client et
peuvent terminer la session.
2020-10-24 19:12:35 +02:00
chirac
68f7fd5b59
Isc-dhcp-server config for banni/accueil vlans
2020-10-17 19:48:34 +02:00
chirac
0d7bfbd872
Create group for non pve physical server
2020-10-17 19:48:17 +02:00
Yohaï-Eliel BERREBY
8adf6b8105
add ipv6-edge-router role
2020-09-28 18:15:03 +02:00
chirac
ba2baa3020
Return routes now handled by keepalived
2020-09-27 13:55:56 +02:00
bba144ef14
Inverse les opérations de lecture/ecriture par defaut -> rw
...
Ce fix corrige le problème des opérations d'écritures dans la bdd master remote,
qui marchaient mal, désormais les lignes de logs historiques sont correctement écrites.
Il semblerait que django avait du mal à savoir que ces opérations reversion sont bien des opérations
d'écriture.
2020-09-19 14:02:53 +02:00
chirac
773f39cede
Fichier inutile
2020-09-16 21:04:10 +02:00
chirac
dac049f125
Tous les cron dhcp sont décalés de 2 minutes
2020-09-16 21:02:44 +02:00
Yohaï-Eliel BERREBY
91157d80c1
dhcp: run re2o service as root in cron / directly
2020-09-13 17:54:46 +02:00
Yohaï-Eliel BERREBY
6dd6168d2a
dhcp: upgrade role for dhcp-aurore-backup
2020-09-12 16:03:33 +02:00
Yohaï-Eliel BERREBY
9b07fc9001
dhcp: manage dhcp-aurore
2020-09-11 15:13:11 +02:00
chirac
26743b464d
Add Radius-aurore.adm.auro.re to ansible managed radius servers
2020-09-09 23:17:15 +02:00
chirac
53842e4c2f
Add ipv6 Radius AURORE address
2020-09-09 23:16:35 +02:00
Yohaï-Eliel BERREBY
e48425300a
Merge branch 'ansible-2.10' into master
2020-09-08 22:35:30 +02:00
Yohann D'ANELLO
5c46191389
Register camelot and gitea, make camelot accessible for everyone
2020-09-04 09:56:02 +02:00
Yohaï-Eliel BERREBY
646ebd3ba9
router: ansibilize routeur-aurore{,backup}
2020-08-08 20:45:38 +02:00
Yohaï-Eliel BERREBY
12b0bc91dc
radvd: cosmetic changes
2020-08-08 11:32:34 +02:00
Yohaï-Eliel BERREBY
b199c45d97
fix broken radius role
...
Would crash if called from anything other than the nuke radius DBs
playbook
2020-08-08 11:32:06 +02:00
Yohaï-Eliel BERREBY
af3c3dc132
enable radvd service
2020-08-08 11:19:16 +02:00
Yohaï-Eliel BERREBY
30e503458e
add ability to nuke radius DBs
2020-08-06 09:57:54 +02:00
Yohaï-Eliel BERREBY
e762091435
explain fe80::1 keepalived/radvd magic
2020-08-02 12:15:27 +02:00
Yohaï-Eliel BERREBY
de36a3bb95
announce IPv6 recursive resolver (untested)
2020-08-02 12:15:15 +02:00
Yohaï-Eliel BERREBY
3a8112bf0d
roll out (private) IPv6 on George Sand
2020-08-01 17:48:39 +02:00
Yohaï-Eliel BERREBY
361fd54414
keepalived: add IPv6 virtual route
2020-08-01 16:07:27 +02:00
Yohaï-Eliel BERREBY
2e6306b61e
radvd: advertise keepalived VIP
2020-08-01 16:05:41 +02:00
Yohaï-Eliel BERREBY
56808e4e60
wip: begin updating 'router' role for IPv6
...
pending: update virtual routes
2020-08-01 15:46:41 +02:00
Yohaï-Eliel BERREBY
194c19fbf3
fix wrong hardcoded email for keepalived monitoring
2020-08-01 15:34:49 +02:00
Yohaï-Eliel BERREBY
713c93ac44
update unbound role for IPv6
2020-08-01 14:32:02 +02:00
Yohaï-Eliel BERREBY
d54da8d2b9
add ipv6_base_prefix variable
2020-08-01 14:31:49 +02:00
Yohaï-Eliel BERREBY
f09b0906c6
radvd: fix wifi interface, comment out APs for now
2020-08-01 14:20:08 +02:00
Yohaï-Eliel BERREBY
a4841e6947
add radvd role, deploy in routers
2020-08-01 12:56:23 +02:00
Alexandre Iooss
c7c6e50dd9
Remove matrix mxisd
2020-07-22 10:04:25 +02:00
Yohaï-Eliel BERREBY
337906c6c0
add gs dhcp, dns, routing
...
and add thor to inventory
2020-07-06 18:40:54 +02:00
Yohaï-Eliel BERREBY
fe62055cdd
radius: enable service, fix details
2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY
8ce63d14b6
radius: fix settings_local.py
2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef
radius: step 2 of deployment (WIP)
2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af
radius: change proxy.conf password, use vault
...
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f
radius: initial setup
2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
6d00e2733b
unbound: fix log rotation
...
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
ba3aec348f
keepalived: deploy to fleming w/ proper password
2020-05-09 16:07:04 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role
2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role
2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY
dea4dda285
hosts: remove dhcp and recursive_dns groups
...
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6
dhcp: restart server on config update
2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa
keepalived: no ansible_managed
...
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976
dhcp: allow different router IP suffix
...
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5
keepalived: initial config
2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
fea73a13aa
aurore-firewall: correct backup router ip
2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698
aurore-firewall: fix repo address + branch
2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528
aurore-firewall: add config after cloning
2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3
aurore-firewall: initial setup
...
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc
unbound: change task order
...
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
4f224ee817
re2o-service: install Python dependencies
2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91
baseconfig: fix resolv.conf
2020-05-07 14:51:02 +02:00