otthorn
3fceeff74f
Fix ansible lint for rule [208] always specify mode and owner for template
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
3925e32188
Repect ansible-lint [106] for role names
3 years ago
otthorn
69d732e612
Fix case
3 years ago
otthorn
ab3659adc2
Also config hostname just in case
3 years ago
otthorn
1ca75ccfb0
Add postfix non mailhost conf
3 years ago
otthorn
f08b11445d
Add postfix non mailhost task
3 years ago
otthorn
a9b03aed82
Add postfix non mailhost handlers
3 years ago
pz2891
6ec449c3b3
Fix restarting prometheus snmp (not installed)
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
d8924abe66
Add prometheus-federate role
3 years ago
pz2891
4308bedf8f
Monitoring of docker containers
3 years ago
pz2891
bd5b88c4fc
Correcting format of percentage
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
428b6f5733
Correcting grafana stats for wireless
3 years ago
pz2891
8bfe83f73c
Adaptation of UPS alerts
3 years ago
otthorn
faf5fc7362
fix re2o-service -> re2o_service role name
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3 years ago
otthorn
e6b853a552
fix role name
3 years ago
otthorn
679daa633f
Fix ansible lint
3 years ago
otthorn
1e136e3736
Remove rules from warn list when it is not needed
3 years ago
f9e83e514e
Merge pull request 'Captive portal' ( #11 ) from accueil into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#11
3 years ago
ynerant
0e224df41f
Install ipset on each router
...
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
c527ce16b0
Use good output interface for the main router
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
a82edc3e24
Firewall configuration without MASQUERADE
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
bbac76023c
Update masquerade configuration for the captive portal
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
7e4a2d20c0
Clone nginx role from Crans
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
889cb764c1
Clone certbot role from Crans
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
154cbedec2
Deploy firewall config for the captive portal
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
9bd06520fb
Add reverse-proxy for Re2o on the portal VM
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
jeltz
e02670afb0
Les caches unbound renvoie les addresses en 10/8
3 years ago
ynerant
a7b073e1cc
Add captive portal firewall configuration
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
89ebbd423e
Use the local firewall repository
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
5a09b77070
Resolve DNS for the accueil vlan
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
jeltz
5fc2d0a3f9
Ajout d'accueil dans keepalived
3 years ago
jeltz
7cdef7ee96
Fix: keep the logs for 90 days
3 years ago
ynerant
3eb48edccd
Tmux everywhere
...
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
f6c9208a41
Merge pull request 'Limit floats in alerts to 2 decimal places' ( #5 ) from human_readable_altermanager into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#5
3 years ago
c9352fb9ab
Merge pull request 'Use unattended-upgrades for Debian-Security' ( #4 ) from unattended into master
...
continuous-integration/drone/push Build is failing
Details
Reviewed-on: Aurore/ansible#4
3 years ago
a8af3c9c72
Merge branch 'master' into monitoring_pdu
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
pz2891
eecf807b53
Delte main.yml.save
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
pz2891
a12bcbc97f
Correct yamlint
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
6ec89b88d8
Limit floats in alerts to 2 decimal places
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
jeltz
d59cb41d5e
Use unattended-upgrades for Debian-Security
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
pz2891
e3ae912f44
Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
bac377f634
Update alert rules of UPS
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
fff6ec5807
fix typo: restart -> reload
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
795ee3846f
fix indent
3 years ago
otthorn
e6af0f2bd7
fix typo: groupe -> group
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
e1a961273d
fix typo: dst -> dest
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
73142dbe03
Fix yaml syntax
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
43274ef2ec
Add the ansible_managed var at the begining of the config file
3 years ago
otthorn
66c2ff6305
full path to logrotate for command
3 years ago
otthorn
05326c15d3
Enforce logrotate rules
3 years ago
otthorn
ddd69e04c0
create logrotate role
3 years ago
pz2891
c7a3495ae5
Alert rules for UPS
continuous-integration/drone/push Build is failing
Details
3 years ago
pz2891
40d3c22276
Setup config snmp for Prometheus, to monitore Aurore's PDU
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
f0e3bd78c9
use command instead of shell when you don't need sh features (pipes, env, etc...)
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
3 years ago
otthorn
4a57dad8a6
use handlers
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
facfe3c169
Attempt to fix ansible lint
continuous-integration/drone/push Build is failing
Details
3 years ago
otthorn
ee1726589a
Linter should pass now!
continuous-integration/drone/push Build is failing
Details
3 years ago
ynerant
0364006062
Install curl and net-tools by default
...
continuous-integration/drone/push Build is failing
Details
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
ynerant
02e4e7d48f
Sort APT packages
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
3 years ago
pz2891
078d141236
Add task to remove smartmontools of the VM
continuous-integration/drone/push Build is failing
Details
4 years ago
otthorn
07f9ee1fbb
yes -> true to please yaml linter (truthy)
continuous-integration/drone/push Build is failing
Details
4 years ago
pz2891
37e3fe2231
Add ldap replica rives
continuous-integration/drone/push Build is failing
Details
4 years ago
pz2891
b232d6b40b
Renommage re2o_service en re2o-service
4 years ago
8bf080dbf7
Fix radius permission bug
4 years ago
5b56f9cfc9
Revert "Use command instead of shell"
...
This reverts commit 0f9169284f
4 years ago
24ab53675a
Automatically renew certificates if a new domain was added
4 years ago
03d48a2d82
Add possibility to configure port forwarding, like SSH for Gitea
4 years ago
ac7696c81f
User cerbot-nginx to create certificates
4 years ago
f9b7e052b9
Store reverse proxy data in proxy host vars
4 years ago
26427665f3
Fix indentation
4 years ago
9505e87113
Use true instead of yes
4 years ago
0f9169284f
Use command instead of shell
4 years ago
4c8e05e08f
Use underscore instead of dashes
4 years ago
9b8dee098e
Always set file permissions
4 years ago
3c405db661
Add Drone
4 years ago
2a6c005190
Replace ansible_header by ansible_managed
4 years ago
518560b392
Add new ldap replica at ovh
4 years ago
a213e18d9c
Update Ldap priority
4 years ago
4a43c0f0db
Update re2o ip
4 years ago
jeltz
3d64f22c39
Modification du keepalive d'OpenSSHd.
...
Les serveurs OpenSSH détectent désormais la déconnexion du client et
peuvent terminer la session.
4 years ago
68f7fd5b59
Isc-dhcp-server config for banni/accueil vlans
4 years ago
0d7bfbd872
Create group for non pve physical server
4 years ago
8adf6b8105
add ipv6-edge-router role
4 years ago
ba2baa3020
Return routes now handled by keepalived
4 years ago
chirac
bba144ef14
Inverse les opérations de lecture/ecriture par defaut -> rw
...
Ce fix corrige le problème des opérations d'écritures dans la bdd master remote,
qui marchaient mal, désormais les lignes de logs historiques sont correctement écrites.
Il semblerait que django avait du mal à savoir que ces opérations reversion sont bien des opérations
d'écriture.
4 years ago
773f39cede
Fichier inutile
4 years ago
dac049f125
Tous les cron dhcp sont décalés de 2 minutes
4 years ago
91157d80c1
dhcp: run re2o service as root in cron / directly
4 years ago
6dd6168d2a
dhcp: upgrade role for dhcp-aurore-backup
4 years ago
9b07fc9001
dhcp: manage dhcp-aurore
4 years ago
26743b464d
Add Radius-aurore.adm.auro.re to ansible managed radius servers
4 years ago
53842e4c2f
Add ipv6 Radius AURORE address
4 years ago
e48425300a
Merge branch 'ansible-2.10' into master
4 years ago
5c46191389
Register camelot and gitea, make camelot accessible for everyone
4 years ago
646ebd3ba9
router: ansibilize routeur-aurore{,backup}
4 years ago
12b0bc91dc
radvd: cosmetic changes
4 years ago
b199c45d97
fix broken radius role
...
Would crash if called from anything other than the nuke radius DBs
playbook
4 years ago
af3c3dc132
enable radvd service
4 years ago
30e503458e
add ability to nuke radius DBs
4 years ago
e762091435
explain fe80::1 keepalived/radvd magic
4 years ago
de36a3bb95
announce IPv6 recursive resolver (untested)
4 years ago
3a8112bf0d
roll out (private) IPv6 on George Sand
4 years ago
361fd54414
keepalived: add IPv6 virtual route
4 years ago
2e6306b61e
radvd: advertise keepalived VIP
4 years ago
56808e4e60
wip: begin updating 'router' role for IPv6
...
pending: update virtual routes
4 years ago
194c19fbf3
fix wrong hardcoded email for keepalived monitoring
4 years ago
713c93ac44
update unbound role for IPv6
4 years ago
d54da8d2b9
add ipv6_base_prefix variable
4 years ago
f09b0906c6
radvd: fix wifi interface, comment out APs for now
4 years ago
a4841e6947
add radvd role, deploy in routers
4 years ago
c7c6e50dd9
Remove matrix mxisd
4 years ago
337906c6c0
add gs dhcp, dns, routing
...
and add thor to inventory
4 years ago
fe62055cdd
radius: enable service, fix details
4 years ago
8ce63d14b6
radius: fix settings_local.py
4 years ago
99070ed5ef
radius: step 2 of deployment (WIP)
4 years ago
e2fa1964af
radius: change proxy.conf password, use vault
...
and also actually template it... it wasn't being
uploaded.
4 years ago
266b0dde6f
radius: initial setup
4 years ago
6d00e2733b
unbound: fix log rotation
...
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
4 years ago
ba3aec348f
keepalived: deploy to fleming w/ proper password
4 years ago
9c226c680c
Certbot wildcard role
4 years ago
544498c81a
New reverse proxy role
4 years ago
dea4dda285
hosts: remove dhcp and recursive_dns groups
...
Use patterns instead for now.
4 years ago
a4d0f051b6
dhcp: restart server on config update
4 years ago
223578eefa
keepalived: no ansible_managed
...
Used to restart keepalived needlessly
4 years ago
4372b21976
dhcp: allow different router IP suffix
...
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
4 years ago
e58ee1c4b5
keepalived: initial config
4 years ago
fea73a13aa
aurore-firewall: correct backup router ip
4 years ago
8ba2de1698
aurore-firewall: fix repo address + branch
4 years ago
44be43e528
aurore-firewall: add config after cloning
4 years ago
c77ae7f4c3
aurore-firewall: initial setup
...
group_vars: add apartment_block_id var
dhcp: move vars to role
4 years ago
e4d428d1dc
unbound: change task order
...
Seems to be necessary to restart unbound manually for some reason?...
4 years ago
4f224ee817
re2o-service: install Python dependencies
4 years ago
24a6063a91
baseconfig: fix resolv.conf
4 years ago
7c7abb6be5
baseconfig: set up /etc/resolv.conf
4 years ago
81592fa986
Merge branch 'master' into 'aurore-dev'
...
# Conflicts:
# .gitignore
# hosts
# network.yml
# proxmox.yml
4 years ago
a77b2c4f0f
unbound: fix MTU settings
...
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
4 years ago
aae7e0120a
unbound: drop verbosity but log SERVFAILs
...
TODO: less frequent log rotation because of decreased log volume
4 years ago
c54e8f5d67
unbound: smarter logging
...
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
4 years ago
1dca5d2259
unbound: use handlers
...
Only restart unbound if the configuration
was actually updated.
4 years ago
b94c62d710
unbound-control: no certificates for local use
4 years ago
3695a3d771
unbound: attempt to fix spurious blacklisting
4 years ago
b4482b6d3b
unbound: configure unbound-control
4 years ago
bac131791b
unbound: bump verbosity up to 3
...
Some users are having issues resolving *.auro.re domains from our
network, and the bug does not show itself reliably. Increased verbosity
should help us pinpoint its source.
4 years ago
ded5f38aec
unbound: name set_fact tasks
4 years ago
662452065f
dhcp: remove Cloudflare from backup DNS
...
and rename variable, since these are not technically
upstream DNS servers
(unbound will ask the root servers, not these)
4 years ago
a0651d7703
unbound: bind to the right addresses on backup hosts
4 years ago
b57fa6e356
dhcp: use backup DNS servers too
4 years ago
22166bc69b
unbound: log to journalctl
4 years ago
1777d0e154
unbound: log to /var/log/unbound.log, errors only
4 years ago
7275ebda47
dhcp: ask clients to use our DNS servers
4 years ago
f05e92dc5e
unbound: remove unchecked configuration keys
4 years ago
b3712ed335
unbound: initial deployment
4 years ago
8fee0857c1
re2o-service: force clone git repository
4 years ago
8579b99b2e
dhcp: cron.d entry + let main.py restart the server
4 years ago
6cce62850d
dhcp: configure log rotation
4 years ago
7347829494
tackle logs
4 years ago
51fdb89940
extract dhcp-failover.conf into separate file
4 years ago
d323b78c16
fix bogus dhcpd config
...
- move failover peer declaration to beginning of file
- set split only on primary
- fix re2o-service hostname
- add /etc/default/isc-dhcp-server
4 years ago
34b448faec
dhcp: implement failover peer configuration
4 years ago
2a0a2e2ac6
dhcp: fix silly mix-ups
4 years ago
709e4614c2
suppression d'une déclaration DNS redondante
4 years ago
e6b2f80b49
templatisation de la config dhcpd
...
non encore testé
4 years ago
40e915a7e0
happy little mistakes
4 years ago
23f1b7a4a1
added support for edc and gs in ldap replica backup configuration
4 years ago
3a399bd04c
added ldap-replica support for ldap-clients of pacaterie and fleming
4 years ago
5061a029e0
Do not ask why, it was not there
5 years ago
ccbd7d3770
Failover VMs
5 years ago
6dec3ed0d1
Proxmox playbook and unifi ap
5 years ago
5b3ac2a21a
Merge crans version
5 years ago
e91d47ea8d
Update matrix conf
5 years ago
6cc0a6a6b7
Remove appservice Discord
5 years ago
743e902e85
Refractor ldap
5 years ago
e15ea7854a
Base config sync with crans
5 years ago
044e8af3aa
Move EtherPad to Docker
5 years ago
b488007578
[docker] Install docker-compose
5 years ago
24331ca25b
Fix CI
5 years ago
2e753db873
Indicate unifi role
5 years ago
694501dfa3
Merge crans monitoring
5 years ago
a45ca1a890
Move CodiMD to Docker
5 years ago
9a35650166
Move Riot web to docker
5 years ago
66d870ce36
Add docker role
5 years ago
9018c69da3
Fix matrix v1
5 years ago
1ed6228728
Simplify help message on server login
5 years ago
2e0679a973
[passbolt] Add some dep
5 years ago
a986ecd36a
Passbolt playbook
5 years ago
72a60a988b
Unifi playbook
5 years ago
b6573e68ae
Exclude Stretch from node config
5 years ago
c53d62712f
Make prometheus node exporter listen only on adm
5 years ago
c1c995e38d
Prometheus role
5 years ago
8dc40ecb1e
Specify git branch
5 years ago
8b7d4207b8
Autogenerate service config
5 years ago
5939d434fd
Beginning of isc-dhcp-server config
5 years ago
41eb131e69
Fix true values being yes
5 years ago
81ca7a177d
Initial DHCP re2o service
5 years ago
aab2daf5b7
Fix Riot depo key
5 years ago
5e738f40a7
Uniformize motd
5 years ago
1cc6bc744b
Merge branch 'change_default_soft' into 'master'
...
Add screen and remove iPython2
See merge request aurore/ansible!20
5 years ago
0c8763c702
Create VM with Proxmox API
5 years ago
55cf8b801d
Remove useless systemd handler
5 years ago
1b3a6f7bf8
Configure IRC Matrix appservice
5 years ago
84694900e4
Annonce the right Webhook URL for Matrix
5 years ago
2158c5c6b9
Pass Matrix Webhook through reverse proxy
5 years ago
88b9356f7d
Make CodiMD role more generic
5 years ago
48d521fb00
Use generic service model for matrix appservices
5 years ago
5ccb94e621
Simplify Matrix appservices
5 years ago
d4d6baed1a
Fix so everything is working fine today
5 years ago
00ccc4c377
Merge branch 'refactor' into 'master'
...
Refactor
See merge request aurore/ansible!30
5 years ago
ee4f144b4a
Default configuration for Riot
5 years ago
7950191a53
Fix PVE unable to mount vfat at boot
5 years ago
11e084a104
Switch discord appservice to develop
5 years ago
40e63ba89e
Merge branch 'discord_matrix' into 'master'
...
Discord matrix
See merge request aurore/ansible!31
5 years ago
bbc04d971f
Working appservice Discord
5 years ago
66f7b1061a
Feat: migrate from with_X to loop
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
5 years ago
c20d4fbf18
Feat: expand YAML syntax
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
5 years ago
8a48110c21
Feat: add validate for sudoers
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
5 years ago
737ca7b996
Feat: add state
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
5 years ago
e4a60341c5
Feat: simplify one item lists
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
5 years ago
5551fb5c16
Fix: remove unnecessary quotes
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
5 years ago
8463f1cf96
Feat: use ini_file module
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
5 years ago
489bb5ddcf
sudo group by location
5 years ago
01ad50ef95
Whitelist proxy
5 years ago
bd229fb11e
Update matrix-appservice-discord config
5 years ago
3198a50c93
Changed URL to make the Webhooks appservice work
5 years ago
2b79f9117e
Merge branch 'debsums_security' into 'master'
...
Configure SSH and add debsums
See merge request aurore/ansible!25
5 years ago
724db5f8c8
Configure SSH and add debsums
5 years ago
a3b7cf6270
Hotfix HTTP
5 years ago
221be36085
Fail2ban by default
5 years ago
fb11981e8a
Follow Mozilla guidelines
5 years ago
af07bb7c0a
Better SSL conf
5 years ago
a8fa5d69ff
Add proxy snippets and use nginx-light
5 years ago
0cc36a107c
Fix CI
5 years ago
c9761e53dd
Connect to Synapse
5 years ago
1a447b3807
Add matrix-appservice-webhooks and move nodejs tasks
5 years ago
fa7aa8ea75
Merge branch 'master' into 'change_default_soft'
...
# Conflicts:
# roles/baseconfig/tasks/main.yml
5 years ago
bc1459bc51
Fix various yamllint warnings
5 years ago
5dfd8eacc5
Replace 'yes' by 'true'
5 years ago
431b063db7
Maybe last fix for the CI
5 years ago
cc48990798
Use NPM module in matrix-appservice-discord
5 years ago
4a6da11837
Clean up EtherPad dep install
5 years ago
a8656251ab
Tab is useless in sudoers
5 years ago
dd19efaecd
Do not download rest_auth_provider.py
5 years ago
16ca4956dc
Make EtherPad default text shorter
5 years ago
4b5631e60b
Retry 3 times npm and yarn
5 years ago
b9d5601e36
Remove useless PRODUCTION var for webpack CodiMD
5 years ago
84263d7712
Do not use depreciated loop with APT
5 years ago
53b67acb07
Fix a error due to previous merge
5 years ago
b56ae30335
Use YARN module from Ansible 2.7
5 years ago
af81b41e83
Use NPM module for matrix-appservice-irc
5 years ago
4ebaa4f36f
Add retries to APT modules in Matrix Appservices
5 years ago
1274ec4be4
Fix last line of CodiMD apt dep
5 years ago
otthorn
pz2891
ynerant
ynerant
jeltz
otthorn
chirac
Yohann D'ANELLO
Yohaï-Eliel BERREBY
chirac
Alexandre Iooss
fpoutre
Hadrien Patte