Commit graph

244 commits

Author SHA1 Message Date
Yohaï-Eliel BERREBY
9b07fc9001 dhcp: manage dhcp-aurore 2020-09-11 15:13:11 +02:00
chirac
26743b464d Add Radius-aurore.adm.auro.re to ansible managed radius servers 2020-09-09 23:17:15 +02:00
chirac
53842e4c2f Add ipv6 Radius AURORE address 2020-09-09 23:16:35 +02:00
Yohaï-Eliel BERREBY
e48425300a Merge branch 'ansible-2.10' into master 2020-09-08 22:35:30 +02:00
Yohann D'ANELLO
5c46191389 Register camelot and gitea, make camelot accessible for everyone 2020-09-04 09:56:02 +02:00
Yohaï-Eliel BERREBY
646ebd3ba9 router: ansibilize routeur-aurore{,backup} 2020-08-08 20:45:38 +02:00
Yohaï-Eliel BERREBY
12b0bc91dc radvd: cosmetic changes 2020-08-08 11:32:34 +02:00
Yohaï-Eliel BERREBY
b199c45d97 fix broken radius role
Would crash if called from anything other than the nuke radius DBs
playbook
2020-08-08 11:32:06 +02:00
Yohaï-Eliel BERREBY
af3c3dc132 enable radvd service 2020-08-08 11:19:16 +02:00
Yohaï-Eliel BERREBY
30e503458e add ability to nuke radius DBs 2020-08-06 09:57:54 +02:00
Yohaï-Eliel BERREBY
e762091435 explain fe80::1 keepalived/radvd magic 2020-08-02 12:15:27 +02:00
Yohaï-Eliel BERREBY
de36a3bb95 announce IPv6 recursive resolver (untested) 2020-08-02 12:15:15 +02:00
Yohaï-Eliel BERREBY
3a8112bf0d roll out (private) IPv6 on George Sand 2020-08-01 17:48:39 +02:00
Yohaï-Eliel BERREBY
361fd54414 keepalived: add IPv6 virtual route 2020-08-01 16:07:27 +02:00
Yohaï-Eliel BERREBY
2e6306b61e radvd: advertise keepalived VIP 2020-08-01 16:05:41 +02:00
Yohaï-Eliel BERREBY
56808e4e60 wip: begin updating 'router' role for IPv6
pending: update virtual routes
2020-08-01 15:46:41 +02:00
Yohaï-Eliel BERREBY
194c19fbf3 fix wrong hardcoded email for keepalived monitoring 2020-08-01 15:34:49 +02:00
Yohaï-Eliel BERREBY
713c93ac44 update unbound role for IPv6 2020-08-01 14:32:02 +02:00
Yohaï-Eliel BERREBY
d54da8d2b9 add ipv6_base_prefix variable 2020-08-01 14:31:49 +02:00
Yohaï-Eliel BERREBY
f09b0906c6 radvd: fix wifi interface, comment out APs for now 2020-08-01 14:20:08 +02:00
Yohaï-Eliel BERREBY
a4841e6947 add radvd role, deploy in routers 2020-08-01 12:56:23 +02:00
Alexandre Iooss
c7c6e50dd9 Remove matrix mxisd 2020-07-22 10:04:25 +02:00
Yohaï-Eliel BERREBY
337906c6c0 add gs dhcp, dns, routing
and add thor to inventory
2020-07-06 18:40:54 +02:00
Yohaï-Eliel BERREBY
fe62055cdd radius: enable service, fix details 2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY
8ce63d14b6 radius: fix settings_local.py 2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef radius: step 2 of deployment (WIP) 2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af radius: change proxy.conf password, use vault
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f radius: initial setup 2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
6d00e2733b unbound: fix log rotation
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
ba3aec348f keepalived: deploy to fleming w/ proper password 2020-05-09 16:07:04 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role 2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role 2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY
dea4dda285 hosts: remove dhcp and recursive_dns groups
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6 dhcp: restart server on config update 2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa keepalived: no ansible_managed
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976 dhcp: allow different router IP suffix
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5 keepalived: initial config 2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
fea73a13aa aurore-firewall: correct backup router ip 2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698 aurore-firewall: fix repo address + branch 2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528 aurore-firewall: add config after cloning 2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3 aurore-firewall: initial setup
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc unbound: change task order
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
4f224ee817 re2o-service: install Python dependencies 2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91 baseconfig: fix resolv.conf 2020-05-07 14:51:02 +02:00
Yohaï-Eliel BERREBY
7c7abb6be5 baseconfig: set up /etc/resolv.conf 2020-05-07 12:53:59 +02:00
Alexandre IOOSS
81592fa986 Merge branch 'master' into 'aurore-dev'
# Conflicts:
#   .gitignore
#   hosts
#   network.yml
#   proxmox.yml
2020-05-03 16:11:19 +02:00
Yohaï-Eliel BERREBY
a77b2c4f0f unbound: fix MTU settings
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
2020-05-02 18:59:22 +02:00
Yohaï-Eliel BERREBY
aae7e0120a unbound: drop verbosity but log SERVFAILs
TODO: less frequent log rotation because of decreased log volume
2020-05-02 18:06:58 +02:00
Yohaï-Eliel BERREBY
c54e8f5d67 unbound: smarter logging
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
2020-05-02 17:13:01 +02:00
Yohaï-Eliel BERREBY
1dca5d2259 unbound: use handlers
Only restart unbound if the configuration
was actually updated.
2020-05-02 16:43:44 +02:00