aurore
/
ansible
15
2
Fork 0
Code Issues 1 Pull Requests 13 Releases Wiki Activity
996 Commits
31 Branches
0 Tags
3.8 MiB
new-infra
bird
dns
aruba
radius
on-en-a-litteralement-rien-a-foutre
radvd
keepalived
ifupdown2
master
dhcp
cleanup_no_ldap_for_servers
infra_router
ask_vault_pass
borgfix
auditd
prometheus_apt_pending_and_reboot
move_host_vars
prometheus-ipmi-exporter
fix-portail
crans
apt
remove_old_db_servers
rspamd
wireguard-ovh
pass
nullmailer
logs
mailserver
re2o-master
mail_server
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e6363e9668'
${ noResults }
Commit Graph

533 Commits (e6363e9668372f8946eb851b70f29307ce6a2a96)

Author SHA1 Message Date
jeltz 6713b550b6 Merge branch 'master' into backups 3 years ago
jeltz cb3ec07121 Use 'inventory_hostname' instead of 'ansible_fqdn' 
While 'ansible_fdqn' can be changed by a compromised host,
'inventory_hostname' can't (hopefully).

It should therefore no longer be possible for the said host to access
the backups of another host.
 3 years ago
otthorn 243ec1fe9d [borgbackup_client] VaRi0u5 f1X3s 3 years ago
jeltz f15b222cdc Allow root to log as postgres 3 years ago
otthorn 7480a7c565 [borgbackup_client] precedence rules and sain defaults for borg config 3 years ago
otthorn b14b359027 [borgbackup_client] add exlude path to conf 3 years ago
otthorn 33a1ec02f3 [borgbackup_client] update config directory to be homogeneous 3 years ago
otthorn ebfc4f2a26 [borgbackup_client] do update cache 3 years ago
jeltz 86f8b31159 Delegate facts for borgbackup_client 3 years ago
jeltz d9f1104309 Move id_remote to /etc/borgmatic 3 years ago
otthorn c6cae75031 [borgbackup_server] fix /borg permissions 3 years ago
otthorn 46d10022ea [borgbackup_client] fix rentention date to int and list correctly source directories 3 years ago
otthorn ff750c5b63 [borgbackup_client] remove 1 minute sleep and fix verbosity 3 years ago
otthorn 2651432582 [WIP] various fixes 3 years ago
otthorn d928c7f7f0 [borgbackup_client] rename variable correclty 3 years ago
otthorn 021a5ef1e8 [borgbackup_client] various fixes for ssh keys 3 years ago
jeltz c99b611b8f Various fixes 3 years ago
jeltz 8112788396 [borgbackup_client] Add 'user:' in authorized_key 3 years ago
jeltz 2f2f71422f [borgbackup_client] Move some handlers to tasks 3 years ago
jeltz 637b74a2ad Fix some linter issues 3 years ago
jeltz f45cd77510 Merge branch 'master' into logs-first-phase 3 years ago
pz2891 f6e1949c21 Adding master VM for Rives and adapt radius role for bullseye
continuous-integration/drone/push Build is failing Details
3 years ago
otthorn 965bbe62a4 [borgbackup_client] configure encryption passphrase and storage 3 years ago
otthorn 3f8ffbe164 [borgbackup_client] Add borg username and group defaults 3 years ago
otthorn 531f7593d2 [borgbackup_client] fix identation
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
otthorn 313314a674 [borgbackup_client] fix risky file permission on apt config for pinning version 3 years ago
otthorn 4642395330 [borgbackup_client] Add initial role defintion
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz f0f56ecd3f Fix linter-related issues
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz db8dbb6c7a Add borgbackup_server role 3 years ago
jeltz 2a6c2b30de Merge pull request 'Rôle pour motd' (#38) from update_motd into master
continuous-integration/drone/push Build is failing Details 
Reviewed-on: Aurore/ansible#38
 3 years ago
pz2891 6125856c60 Merge branch 'monitoring_ups'
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
pz2891 d233fc2759 Update of threesold for warning battery 3 years ago
jeltz 6095d9cef9 Add 'no_log' for postgres passwords
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz d16f444130 Use a dict for HBA hosts
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz 4f6eda8329 Use /run instead of /var/run to please systemd 3 years ago
jeltz 628e11488d Switch postgresql to english 3 years ago
jeltz bd05b702bb Use '::' in place of '[::]' 3 years ago
jeltz 06b54d5f89 Use postgresql_privs
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 40eadf802c Add template and no_log for postgresql_user
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 8e855d7009 Listen addresses must be quoted
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz 7a07155237 Install python3-psycopg2 (required by Ansible)
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz 36b04239fd Rename 'postgresql_db' to 'postgresql_databases' 3 years ago
jeltz f919ec689a Fix 'ansible_header' → 'ansible_managed'
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz 9ef6202fdf Add configuration for users and databases
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
pz2891 bbf4ac323c Moniroting of ups environmental temperature 3 years ago
otthorn 8b9bef865e postgresql listen on pseudo-address
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
otthorn dbbaf0d26d remove tailling whitespaces
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
otthorn a4c393d3fb fix yaml ci truthy value
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
otthorn d14306a86c fix syntax for CI
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
otthorn a625a58ddd create role postgresql_server
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 2c0727a419 Update the list of packages installed via baseconfig
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 41779fb172 Merge pull request 'Add backup root SSH keys' (#27) from add-ssh-keys into master
continuous-integration/drone/push Build is failing Details 
Reviewed-on: Aurore/ansible#27
 3 years ago
jeltz deb4372588 Merge branch 'master' into add-ssh-keys
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 929baa300f Use 'update_motd' in 'prometheus_federate' (again)
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 71ee06c9c0 Fix typo
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz bc2701d8ba Use 'update_motd' in 'prometheus_federate'
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz 2353589da6 Ensures /etc/update-motd.d exists 3 years ago
jeltz 1d0200a1f0 Use 'update_motd' in 'prometheus' 3 years ago
jeltz b81600aef8 Use 'update_motd' in 'baseconfig' 3 years ago
jeltz 7e92fdfab7 Create an 'update_motd' role 3 years ago
jeltz cf07de4ec4 Fetch switch_snmp jobs
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz 8abca7916f Add switch_snmp job for prometheus 3 years ago
jeltz 763cc2eb51 Generate targets_switch_snmp.json 3 years ago
jeltz eaa0d2e0fc Fix bad indent in snmp.yml.j2 3 years ago
jeltz 21fed6ae3f Add useful lookups for switchs interfaces 3 years ago
jeltz 52124d2cad Cleanup prometheus_federate's prometheus.yml.j2
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz 7d527be1c0 Remove duplicate alerts from 'prometheus-federate' 3 years ago
jeltz 32669e1fb1 Don't load Django rules prometheus-federate 3 years ago
jeltz 4ca7ebd144 Add a unique exported label (useful for federation) 3 years ago
jeltz 802bfcc698 'prometheus-federate' must not retrieve its own federated metrics 3 years ago
jeltz 958eaa1bcb Use label federated_instance instead of instance
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
jeltz 6525508401 Forward journald logs to rsyslog
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 77a5fdac6f Remove some duplicate logs from syslog.log 3 years ago
jeltz 529550f594 Don't use 'imjournal' ('imuxsock' is already used) 
I still don't understand why it increased the size of the firewall logs
by a factor of 5 to 10, but we don't really need structured logs from
systemd-journald and the author seems to discourage it's use, so I will
not investigate further.
 3 years ago
jeltz ee041b9ead Use 'simple' instead of 'oneshot' (rotate service) 3 years ago
jeltz 1f6bfeee23 Fix broadcast address on routeur-aurore
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz 0f55b90de9 Remove 10.129.0.1 gateway on routeur-aurore-* 3 years ago
jeltz b13b22da05 Add ignored destinations for firewall logs
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz 8f815a30c5 Remove useless date (already added by journald)
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz acd5721a5b Fix typos in rotate-remote-logs.service.j2 3 years ago
jeltz 9547868c7d Send nginx logs to local syslog
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz cdb9f88614 Do not rate limit collection of journald logs
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz 9eeb8ccd73 Remove non-Ansible SSH root keys
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz 9252249d18 Use 'true' instead of 'yes'
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz e4b58c0bf4 Fix typo in 20-collector.conf.j2
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz c65b3f090b Compress and delete old remote logs
continuous-integration/drone/push Build is failing Details 
Logrotate is not used because I didn't found an easy way to configure it
to handle the compression/deletion of log files already rotated by
rsyslog (it is probably possible, but I found the script to be easier).
 3 years ago
jeltz f7183095c1 Add explicit permissions for directories
continuous-integration/drone/push Build is failing Details
3 years ago
jeltz ba8b4e8c29 Fix the ordering of rsyslog.d files
continuous-integration/drone/push Build is failing Details 
A call to sendLogsToRemote for logs received through RELP/UDP has
been added (to send them to Logstash/Redis/…), so common.conf's prefix
must be lower than collector.conf's.

Note: future "third-party" config files will also call sendLogsToRemote
and thus will also have to use a prefix higher than 10.
 3 years ago
jeltz 7fd1b5ff5d Add rsyslog_collector role 3 years ago
jeltz 6263c31785 Add rsyslog_common role 3 years ago
ynerant ba6da939ab
[certbot] Fix certificates for auro.re
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant ae151321db
[nginx/certbot] Clone roles from Crans
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
pz2891 d7d0676f5e Remove .save file; remove fo fleming prometheus
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
pz2891 74c30b81df Merge branch 'master' into Global_monitoring
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
pz2891 b278b02bc2 Remove percentage sign for load alert
continuous-integration/drone/push Build is failing Details
3 years ago
pz2891 0b90c9944b Fix CI warning from last commit
continuous-integration/drone/push Build is failing Details
3 years ago
pz2891 61001e09f5 Add alert for load usage
continuous-integration/drone/push Build is failing Details
3 years ago
pz2891 a5b4deacee Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus
continuous-integration/drone/push Build is failing Details
3 years ago
otthorn 5b2580056d 🐛 Final fix, should stop sending ill-formed mail from now on
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
otthorn f607a76ec8 🐛 Fix a small bug. Postfix does not accept trailing comments
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
otthorn 3fceeff74f Fix ansible lint for rule [208] always specify mode and owner for template
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
otthorn 3925e32188 Repect ansible-lint [106] for role names 3 years ago
otthorn 69d732e612 Fix case 3 years ago
otthorn ab3659adc2 Also config hostname just in case 3 years ago
otthorn 1ca75ccfb0 Add postfix non mailhost conf 3 years ago
otthorn f08b11445d Add postfix non mailhost task 3 years ago
otthorn a9b03aed82 Add postfix non mailhost handlers 3 years ago
pz2891 6ec449c3b3 Fix restarting prometheus snmp (not installed)
continuous-integration/drone/push Build is failing Details
3 years ago
pz2891 d8924abe66 Add prometheus-federate role 3 years ago
pz2891 4308bedf8f Monitoring of docker containers 3 years ago
pz2891 bd5b88c4fc Correcting format of percentage
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details
3 years ago
pz2891 428b6f5733 Correcting grafana stats for wireless 3 years ago
pz2891 8bfe83f73c Adaptation of UPS alerts 3 years ago
otthorn faf5fc7362 fix re2o-service -> re2o_service role name
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
3 years ago
otthorn e6b853a552 fix role name 3 years ago
otthorn 679daa633f Fix ansible lint 3 years ago
otthorn 1e136e3736 Remove rules from warn list when it is not needed 3 years ago
ynerant f9e83e514e Merge pull request 'Captive portal' (#11) from accueil into master
continuous-integration/drone/push Build is failing Details 
Reviewed-on: Aurore/ansible#11
 3 years ago
ynerant 0e224df41f
Install ipset on each router
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant c527ce16b0
Use good output interface for the main router 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant a82edc3e24
Firewall configuration without MASQUERADE 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant bbac76023c
Update masquerade configuration for the captive portal 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant 7e4a2d20c0
Clone nginx role from Crans 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant 889cb764c1
Clone certbot role from Crans 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant 154cbedec2
Deploy firewall config for the captive portal 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant 9bd06520fb
Add reverse-proxy for Re2o on the portal VM 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
jeltz e02670afb0
Les caches unbound renvoie les addresses en 10/8 3 years ago
ynerant a7b073e1cc
Add captive portal firewall configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant 89ebbd423e
Use the local firewall repository 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
ynerant 5a09b77070
Resolve DNS for the accueil vlan 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
jeltz 5fc2d0a3f9
Ajout d'accueil dans keepalived 3 years ago
jeltz 7cdef7ee96
Fix: keep the logs for 90 days 3 years ago
ynerant 3eb48edccd
Tmux everywhere
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 3 years ago
otthorn f6c9208a41 Merge pull request 'Limit floats in alerts to 2 decimal places' (#5) from human_readable_altermanager into master
continuous-integration/drone/push Build is failing Details 
Reviewed-on: Aurore/ansible#5
 3 years ago
otthorn c9352fb9ab Merge pull request 'Use unattended-upgrades for Debian-Security' (#4) from unattended into master
continuous-integration/drone/push Build is failing Details 
Reviewed-on: Aurore/ansible#4
 3 years ago
otthorn a8af3c9c72 Merge branch 'master' into monitoring_pdu
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
pz2891 eecf807b53 Delte main.yml.save
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
pz2891 a12bcbc97f Correct yamlint
continuous-integration/drone/push Build is failing Details
3 years ago
otthorn 6ec89b88d8 Limit floats in alerts to 2 decimal places
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
jeltz d59cb41d5e Use unattended-upgrades for Debian-Security
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
pz2891 e3ae912f44 Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
continuous-integration/drone/push Build is failing Details
3 years ago
pz2891 bac377f634 Update alert rules of UPS
continuous-integration/drone/push Build is failing Details
3 years ago
otthorn fff6ec5807 fix typo: restart -> reload
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
otthorn 795ee3846f fix indent 3 years ago
otthorn e6af0f2bd7 fix typo: groupe -> group
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details
3 years ago
otthorn e1a961273d fix typo: dst -> dest
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details
3 years ago
otthorn 73142dbe03 Fix yaml syntax
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
3 years ago
otthorn 43274ef2ec Add the ansible_managed var at the begining of the config file 3 years ago
otthorn 66c2ff6305 full path to logrotate for command 3 years ago
otthorn 05326c15d3 Enforce logrotate rules 3 years ago