jeltz
6713b550b6
Merge branch 'master' into backups
3 years ago
jeltz
cb3ec07121
Use 'inventory_hostname' instead of 'ansible_fqdn'
...
While 'ansible_fdqn' can be changed by a compromised host,
'inventory_hostname' can't (hopefully).
It should therefore no longer be possible for the said host to access
the backups of another host.
3 years ago
otthorn
243ec1fe9d
[borgbackup_client] VaRi0u5 f1X3s
3 years ago
jeltz
f15b222cdc
Allow root to log as postgres
3 years ago
otthorn
7480a7c565
[borgbackup_client] precedence rules and sain defaults for borg config
3 years ago
otthorn
b14b359027
[borgbackup_client] add exlude path to conf
3 years ago
otthorn
33a1ec02f3
[borgbackup_client] update config directory to be homogeneous
3 years ago
otthorn
ebfc4f2a26
[borgbackup_client] do update cache
3 years ago
jeltz
86f8b31159
Delegate facts for borgbackup_client
3 years ago
jeltz
d9f1104309
Move id_remote to /etc/borgmatic
3 years ago
otthorn
c6cae75031
[borgbackup_server] fix /borg permissions
3 years ago
otthorn
46d10022ea
[borgbackup_client] fix rentention date to int and list correctly source directories
3 years ago
otthorn
ff750c5b63
[borgbackup_client] remove 1 minute sleep and fix verbosity
3 years ago
otthorn
2651432582
[WIP] various fixes
3 years ago
otthorn
d928c7f7f0
[borgbackup_client] rename variable correclty
3 years ago
otthorn
021a5ef1e8
[borgbackup_client] various fixes for ssh keys
3 years ago
jeltz
c99b611b8f
Various fixes
3 years ago
jeltz
8112788396
[borgbackup_client] Add 'user:' in authorized_key
3 years ago
jeltz
2f2f71422f
[borgbackup_client] Move some handlers to tasks
3 years ago
jeltz
637b74a2ad
Fix some linter issues
3 years ago
jeltz
f45cd77510
Merge branch 'master' into logs-first-phase
3 years ago
pz2891
f6e1949c21
Adding master VM for Rives and adapt radius role for bullseye
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
965bbe62a4
[borgbackup_client] configure encryption passphrase and storage
3 years ago
otthorn
3f8ffbe164
[borgbackup_client] Add borg username and group defaults
3 years ago
otthorn
531f7593d2
[borgbackup_client] fix identation
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
otthorn
313314a674
[borgbackup_client] fix risky file permission on apt config for pinning version
3 years ago
otthorn
4642395330
[borgbackup_client] Add initial role defintion
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
f0f56ecd3f
Fix linter-related issues
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
db8dbb6c7a
Add borgbackup_server role
3 years ago
jeltz
2a6c2b30de
Merge pull request 'Rôle pour motd' ( #38 ) from update_motd into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#38
3 years ago
pz2891
6125856c60
Merge branch 'monitoring_ups'
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
pz2891
d233fc2759
Update of threesold for warning battery
3 years ago
jeltz
6095d9cef9
Add 'no_log' for postgres passwords
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
d16f444130
Use a dict for HBA hosts
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
4f6eda8329
Use /run instead of /var/run to please systemd
3 years ago
jeltz
628e11488d
Switch postgresql to english
3 years ago
jeltz
bd05b702bb
Use '::' in place of '[::]'
3 years ago
jeltz
06b54d5f89
Use postgresql_privs
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
40eadf802c
Add template and no_log for postgresql_user
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
8e855d7009
Listen addresses must be quoted
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
7a07155237
Install python3-psycopg2 (required by Ansible)
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
36b04239fd
Rename 'postgresql_db' to 'postgresql_databases'
3 years ago
jeltz
f919ec689a
Fix 'ansible_header' → 'ansible_managed'
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
9ef6202fdf
Add configuration for users and databases
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
pz2891
bbf4ac323c
Moniroting of ups environmental temperature
3 years ago
otthorn
8b9bef865e
postgresql listen on pseudo-address
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
otthorn
dbbaf0d26d
remove tailling whitespaces
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
otthorn
a4c393d3fb
fix yaml ci truthy value
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
d14306a86c
fix syntax for CI
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
a625a58ddd
create role postgresql_server
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
2c0727a419
Update the list of packages installed via baseconfig
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
41779fb172
Merge pull request 'Add backup root SSH keys' ( #27 ) from add-ssh-keys into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#27
3 years ago
jeltz
deb4372588
Merge branch 'master' into add-ssh-keys
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
929baa300f
Use 'update_motd' in 'prometheus_federate' (again)
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
71ee06c9c0
Fix typo
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
bc2701d8ba
Use 'update_motd' in 'prometheus_federate'
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
2353589da6
Ensures /etc/update-motd.d exists
3 years ago
jeltz
1d0200a1f0
Use 'update_motd' in 'prometheus'
3 years ago
jeltz
b81600aef8
Use 'update_motd' in 'baseconfig'
3 years ago
jeltz
7e92fdfab7
Create an 'update_motd' role
3 years ago
jeltz
cf07de4ec4
Fetch switch_snmp jobs
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
8abca7916f
Add switch_snmp job for prometheus
3 years ago
jeltz
763cc2eb51
Generate targets_switch_snmp.json
3 years ago
jeltz
eaa0d2e0fc
Fix bad indent in snmp.yml.j2
3 years ago
jeltz
21fed6ae3f
Add useful lookups for switchs interfaces
3 years ago
jeltz
52124d2cad
Cleanup prometheus_federate's prometheus.yml.j2
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
7d527be1c0
Remove duplicate alerts from 'prometheus-federate'
3 years ago
jeltz
32669e1fb1
Don't load Django rules prometheus-federate
3 years ago
jeltz
4ca7ebd144
Add a unique exported label (useful for federation)
3 years ago
jeltz
802bfcc698
'prometheus-federate' must not retrieve its own federated metrics
3 years ago
jeltz
958eaa1bcb
Use label federated_instance instead of instance
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
jeltz
6525508401
Forward journald logs to rsyslog
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
77a5fdac6f
Remove some duplicate logs from syslog.log
3 years ago
jeltz
529550f594
Don't use 'imjournal' ('imuxsock' is already used)
...
I still don't understand why it increased the size of the firewall logs
by a factor of 5 to 10, but we don't really need structured logs from
systemd-journald and the author seems to discourage it's use, so I will
not investigate further.
3 years ago
jeltz
ee041b9ead
Use 'simple' instead of 'oneshot' (rotate service)
3 years ago
jeltz
1f6bfeee23
Fix broadcast address on routeur-aurore
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
0f55b90de9
Remove 10.129.0.1 gateway on routeur-aurore-*
3 years ago
jeltz
b13b22da05
Add ignored destinations for firewall logs
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
8f815a30c5
Remove useless date (already added by journald)
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
acd5721a5b
Fix typos in rotate-remote-logs.service.j2
3 years ago
jeltz
9547868c7d
Send nginx logs to local syslog
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
cdb9f88614
Do not rate limit collection of journald logs
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
9eeb8ccd73
Remove non-Ansible SSH root keys
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
9252249d18
Use 'true' instead of 'yes'
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
e4b58c0bf4
Fix typo in 20-collector.conf.j2
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
c65b3f090b
Compress and delete old remote logs
...
continuous-integration/drone/push Build is failing
Details
Logrotate is not used because I didn't found an easy way to configure it
to handle the compression/deletion of log files already rotated by
rsyslog (it is probably possible, but I found the script to be easier).
3 years ago
jeltz
f7183095c1
Add explicit permissions for directories
continuous-integration/drone/push Build is failing
Details
3 years ago
jeltz
ba8b4e8c29
Fix the ordering of rsyslog.d files
...
continuous-integration/drone/push Build is failing
Details
A call to sendLogsToRemote for logs received through RELP/UDP has
been added (to send them to Logstash/Redis/…), so common.conf's prefix
must be lower than collector.conf's.
Note: future "third-party" config files will also call sendLogsToRemote
and thus will also have to use a prefix higher than 10.
3 years ago
jeltz
7fd1b5ff5d
Add rsyslog_collector role
3 years ago
jeltz
6263c31785
Add rsyslog_common role
3 years ago
ynerant
ba6da939ab
[certbot] Fix certificates for auro.re
...
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
ae151321db
[nginx/certbot] Clone roles from Crans
...
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
pz2891
d7d0676f5e
Remove .save file; remove fo fleming prometheus
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
pz2891
74c30b81df
Merge branch 'master' into Global_monitoring
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
pz2891
b278b02bc2
Remove percentage sign for load alert
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
0b90c9944b
Fix CI warning from last commit
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
61001e09f5
Add alert for load usage
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
a5b4deacee
Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
5b2580056d
🐛 Final fix, should stop sending ill-formed mail from now on
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
f607a76ec8
🐛 Fix a small bug. Postfix does not accept trailing comments
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
3fceeff74f
Fix ansible lint for rule [208] always specify mode and owner for template
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
3925e32188
Repect ansible-lint [106] for role names
3 years ago
otthorn
69d732e612
Fix case
3 years ago
otthorn
ab3659adc2
Also config hostname just in case
3 years ago
otthorn
1ca75ccfb0
Add postfix non mailhost conf
3 years ago
otthorn
f08b11445d
Add postfix non mailhost task
3 years ago
otthorn
a9b03aed82
Add postfix non mailhost handlers
3 years ago
pz2891
6ec449c3b3
Fix restarting prometheus snmp (not installed)
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
d8924abe66
Add prometheus-federate role
3 years ago
pz2891
4308bedf8f
Monitoring of docker containers
3 years ago
pz2891
bd5b88c4fc
Correcting format of percentage
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
428b6f5733
Correcting grafana stats for wireless
3 years ago
pz2891
8bfe83f73c
Adaptation of UPS alerts
3 years ago
otthorn
faf5fc7362
fix re2o-service -> re2o_service role name
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
otthorn
e6b853a552
fix role name
3 years ago
otthorn
679daa633f
Fix ansible lint
3 years ago
otthorn
1e136e3736
Remove rules from warn list when it is not needed
3 years ago
ynerant
f9e83e514e
Merge pull request 'Captive portal' ( #11 ) from accueil into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#11
3 years ago
ynerant
0e224df41f
Install ipset on each router
...
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
c527ce16b0
Use good output interface for the main router
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
a82edc3e24
Firewall configuration without MASQUERADE
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
bbac76023c
Update masquerade configuration for the captive portal
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
7e4a2d20c0
Clone nginx role from Crans
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
889cb764c1
Clone certbot role from Crans
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
154cbedec2
Deploy firewall config for the captive portal
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
9bd06520fb
Add reverse-proxy for Re2o on the portal VM
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
jeltz
e02670afb0
Les caches unbound renvoie les addresses en 10/8
3 years ago
ynerant
a7b073e1cc
Add captive portal firewall configuration
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
89ebbd423e
Use the local firewall repository
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
5a09b77070
Resolve DNS for the accueil vlan
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
jeltz
5fc2d0a3f9
Ajout d'accueil dans keepalived
3 years ago
jeltz
7cdef7ee96
Fix: keep the logs for 90 days
3 years ago
ynerant
3eb48edccd
Tmux everywhere
...
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
otthorn
f6c9208a41
Merge pull request 'Limit floats in alerts to 2 decimal places' ( #5 ) from human_readable_altermanager into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#5
3 years ago
otthorn
c9352fb9ab
Merge pull request 'Use unattended-upgrades for Debian-Security' ( #4 ) from unattended into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#4
3 years ago
otthorn
a8af3c9c72
Merge branch 'master' into monitoring_pdu
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
pz2891
eecf807b53
Delte main.yml.save
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
pz2891
a12bcbc97f
Correct yamlint
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
6ec89b88d8
Limit floats in alerts to 2 decimal places
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
d59cb41d5e
Use unattended-upgrades for Debian-Security
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
pz2891
e3ae912f44
Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
bac377f634
Update alert rules of UPS
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
fff6ec5807
fix typo: restart -> reload
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
795ee3846f
fix indent
3 years ago
otthorn
e6af0f2bd7
fix typo: groupe -> group
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
e1a961273d
fix typo: dst -> dest
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
73142dbe03
Fix yaml syntax
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
43274ef2ec
Add the ansible_managed var at the begining of the config file
3 years ago
otthorn
66c2ff6305
full path to logrotate for command
3 years ago
otthorn
05326c15d3
Enforce logrotate rules
3 years ago