de36a3bb95
announce IPv6 recursive resolver (untested)
2020-08-02 12:15:15 +02:00
3a8112bf0d
roll out (private) IPv6 on George Sand
2020-08-01 17:48:39 +02:00
361fd54414
keepalived: add IPv6 virtual route
2020-08-01 16:07:27 +02:00
2e6306b61e
radvd: advertise keepalived VIP
2020-08-01 16:05:41 +02:00
56808e4e60
wip: begin updating 'router' role for IPv6
...
pending: update virtual routes
2020-08-01 15:46:41 +02:00
194c19fbf3
fix wrong hardcoded email for keepalived monitoring
2020-08-01 15:34:49 +02:00
713c93ac44
update unbound role for IPv6
2020-08-01 14:32:02 +02:00
d54da8d2b9
add ipv6_base_prefix variable
2020-08-01 14:31:49 +02:00
f09b0906c6
radvd: fix wifi interface, comment out APs for now
2020-08-01 14:20:08 +02:00
a4841e6947
add radvd role, deploy in routers
2020-08-01 12:56:23 +02:00
c7c6e50dd9
Remove matrix mxisd
2020-07-22 10:04:25 +02:00
337906c6c0
add gs dhcp, dns, routing
...
and add thor to inventory
2020-07-06 18:40:54 +02:00
fe62055cdd
radius: enable service, fix details
2020-05-21 19:25:30 +02:00
8ce63d14b6
radius: fix settings_local.py
2020-05-21 18:39:50 +02:00
99070ed5ef
radius: step 2 of deployment (WIP)
2020-05-21 18:06:37 +02:00
e2fa1964af
radius: change proxy.conf password, use vault
...
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
266b0dde6f
radius: initial setup
2020-05-16 22:08:22 +02:00
6d00e2733b
unbound: fix log rotation
...
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
ba3aec348f
keepalived: deploy to fleming w/ proper password
2020-05-09 16:07:04 +02:00
9c226c680c
Certbot wildcard role
2020-05-09 12:54:38 +02:00
544498c81a
New reverse proxy role
2020-05-09 12:52:17 +02:00
dea4dda285
hosts: remove dhcp and recursive_dns groups
...
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
a4d0f051b6
dhcp: restart server on config update
2020-05-08 16:44:32 +02:00
223578eefa
keepalived: no ansible_managed
...
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
4372b21976
dhcp: allow different router IP suffix
...
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
e58ee1c4b5
keepalived: initial config
2020-05-08 16:25:02 +02:00
fea73a13aa
aurore-firewall: correct backup router ip
2020-05-07 20:23:30 +02:00
8ba2de1698
aurore-firewall: fix repo address + branch
2020-05-07 20:01:44 +02:00
44be43e528
aurore-firewall: add config after cloning
2020-05-07 19:57:00 +02:00
c77ae7f4c3
aurore-firewall: initial setup
...
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
e4d428d1dc
unbound: change task order
...
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
4f224ee817
re2o-service: install Python dependencies
2020-05-07 14:55:12 +02:00
24a6063a91
baseconfig: fix resolv.conf
2020-05-07 14:51:02 +02:00
7c7abb6be5
baseconfig: set up /etc/resolv.conf
2020-05-07 12:53:59 +02:00
81592fa986
Merge branch 'master' into 'aurore-dev'
...
# Conflicts:
# .gitignore
# hosts
# network.yml
# proxmox.yml
2020-05-03 16:11:19 +02:00
a77b2c4f0f
unbound: fix MTU settings
...
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
2020-05-02 18:59:22 +02:00
aae7e0120a
unbound: drop verbosity but log SERVFAILs
...
TODO: less frequent log rotation because of decreased log volume
2020-05-02 18:06:58 +02:00
c54e8f5d67
unbound: smarter logging
...
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
2020-05-02 17:13:01 +02:00
1dca5d2259
unbound: use handlers
...
Only restart unbound if the configuration
was actually updated.
2020-05-02 16:43:44 +02:00
b94c62d710
unbound-control: no certificates for local use
2020-05-02 16:37:21 +02:00
3695a3d771
unbound: attempt to fix spurious blacklisting
2020-04-28 23:14:43 +02:00
b4482b6d3b
unbound: configure unbound-control
2020-04-28 20:21:47 +02:00
bac131791b
unbound: bump verbosity up to 3
...
Some users are having issues resolving *.auro.re domains from our
network, and the bug does not show itself reliably. Increased verbosity
should help us pinpoint its source.
2020-04-28 20:13:56 +02:00
ded5f38aec
unbound: name set_fact tasks
2020-04-18 17:36:25 +02:00
662452065f
dhcp: remove Cloudflare from backup DNS
...
and rename variable, since these are not technically
upstream DNS servers
(unbound will ask the root servers, not these)
2020-04-18 17:06:38 +02:00
a0651d7703
unbound: bind to the right addresses on backup hosts
2020-04-18 16:56:34 +02:00
b57fa6e356
dhcp: use backup DNS servers too
2020-04-18 16:56:34 +02:00
22166bc69b
unbound: log to journalctl
2020-04-18 16:56:17 +02:00
1777d0e154
unbound: log to /var/log/unbound.log, errors only
2020-04-18 15:42:31 +02:00
7275ebda47
dhcp: ask clients to use our DNS servers
2020-04-18 15:39:32 +02:00
f05e92dc5e
unbound: remove unchecked configuration keys
2020-04-13 18:42:02 +02:00
b3712ed335
unbound: initial deployment
2020-04-13 18:41:12 +02:00
8fee0857c1
re2o-service: force clone git repository
2020-04-06 19:03:38 +02:00
8579b99b2e
dhcp: cron.d entry + let main.py restart the server
2020-04-06 19:03:10 +02:00
6cce62850d
dhcp: configure log rotation
2020-04-06 17:58:14 +02:00
7347829494
tackle logs
2020-04-06 17:48:56 +02:00
51fdb89940
extract dhcp-failover.conf into separate file
2020-04-06 17:28:04 +02:00
d323b78c16
fix bogus dhcpd config
...
- move failover peer declaration to beginning of file
- set split only on primary
- fix re2o-service hostname
- add /etc/default/isc-dhcp-server
2020-04-06 17:22:50 +02:00
34b448faec
dhcp: implement failover peer configuration
2020-04-06 14:41:34 +02:00
2a0a2e2ac6
dhcp: fix silly mix-ups
2020-04-06 13:20:52 +02:00
709e4614c2
suppression d'une déclaration DNS redondante
2020-04-05 19:04:03 +02:00
e6b2f80b49
templatisation de la config dhcpd
...
non encore testé
2020-04-05 18:44:37 +02:00
40e915a7e0
happy little mistakes
2020-03-22 19:06:38 +01:00
23f1b7a4a1
added support for edc and gs in ldap replica backup configuration
2020-03-22 18:42:00 +01:00
3a399bd04c
added ldap-replica support for ldap-clients of pacaterie and fleming
2020-02-20 18:42:34 +01:00
5061a029e0
Do not ask why, it was not there
2019-12-05 14:07:48 +01:00
ccbd7d3770
Failover VMs
2019-11-01 15:38:35 +01:00
6dec3ed0d1
Proxmox playbook and unifi ap
2019-11-01 15:17:59 +01:00
5b3ac2a21a
Merge crans version
2019-11-01 14:16:32 +01:00
e91d47ea8d
Update matrix conf
2019-08-29 07:04:37 +02:00
6cc0a6a6b7
Remove appservice Discord
2019-08-29 07:03:54 +02:00
743e902e85
Refractor ldap
2019-08-29 07:03:05 +02:00
e15ea7854a
Base config sync with crans
2019-08-29 07:02:15 +02:00
044e8af3aa
Move EtherPad to Docker
2019-07-26 08:50:07 +02:00
b488007578
[docker] Install docker-compose
2019-07-25 19:10:50 +02:00
24331ca25b
Fix CI
2019-07-22 21:04:58 +02:00
2e753db873
Indicate unifi role
2019-07-22 21:00:13 +02:00
694501dfa3
Merge crans monitoring
2019-07-22 20:56:43 +02:00
a45ca1a890
Move CodiMD to Docker
2019-07-22 19:14:43 +02:00
9a35650166
Move Riot web to docker
2019-07-22 10:32:34 +02:00
66d870ce36
Add docker role
2019-07-22 10:32:01 +02:00
9018c69da3
Fix matrix v1
2019-07-22 09:12:55 +02:00
1ed6228728
Simplify help message on server login
2019-05-26 13:03:09 +02:00
2e0679a973
[passbolt] Add some dep
2019-05-26 12:52:41 +02:00
a986ecd36a
Passbolt playbook
2019-05-23 07:28:44 +02:00
72a60a988b
Unifi playbook
2019-05-07 18:52:07 +02:00
b6573e68ae
Exclude Stretch from node config
2019-05-05 16:24:04 +02:00
c53d62712f
Make prometheus node exporter listen only on adm
2019-05-05 16:17:52 +02:00
c1c995e38d
Prometheus role
2019-05-05 14:07:04 +02:00
8dc40ecb1e
Specify git branch
2019-05-04 18:43:20 +02:00
8b7d4207b8
Autogenerate service config
2019-05-04 11:46:54 +02:00
5939d434fd
Beginning of isc-dhcp-server config
2019-05-04 10:54:51 +02:00
41eb131e69
Fix true values being yes
2019-05-03 22:50:48 +02:00
81ca7a177d
Initial DHCP re2o service
2019-05-03 22:42:55 +02:00
aab2daf5b7
Fix Riot depo key
2019-05-03 22:42:12 +02:00
5e738f40a7
Uniformize motd
2019-05-03 15:52:50 +02:00
1cc6bc744b
Merge branch 'change_default_soft' into 'master'
...
Add screen and remove iPython2
See merge request aurore/ansible!20
2019-05-03 14:38:49 +02:00
0c8763c702
Create VM with Proxmox API
2019-05-03 13:06:26 +02:00
55cf8b801d
Remove useless systemd handler
2019-04-06 15:19:52 +02:00
1b3a6f7bf8
Configure IRC Matrix appservice
2019-04-01 18:53:37 +02:00
84694900e4
Annonce the right Webhook URL for Matrix
2019-04-01 17:57:43 +02:00
2158c5c6b9
Pass Matrix Webhook through reverse proxy
2019-04-01 17:57:20 +02:00
88b9356f7d
Make CodiMD role more generic
2019-03-30 13:34:25 +01:00
48d521fb00
Use generic service model for matrix appservices
2019-03-30 13:26:20 +01:00
5ccb94e621
Simplify Matrix appservices
2019-03-29 19:25:11 +01:00
d4d6baed1a
Fix so everything is working fine today
2019-03-26 09:17:46 +01:00
00ccc4c377
Merge branch 'refactor' into 'master'
...
Refactor
See merge request aurore/ansible!30
2019-03-26 08:36:21 +01:00
ee4f144b4a
Default configuration for Riot
2019-03-26 08:30:02 +01:00
7950191a53
Fix PVE unable to mount vfat at boot
2019-03-25 10:55:51 +01:00
11e084a104
Switch discord appservice to develop
2019-03-24 17:05:24 +01:00
40e63ba89e
Merge branch 'discord_matrix' into 'master'
...
Discord matrix
See merge request aurore/ansible!31
2019-03-24 12:44:23 +01:00
bbc04d971f
Working appservice Discord
2019-03-24 12:10:35 +01:00
66f7b1061a
Feat: migrate from with_X to loop
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:11:27 +01:00
c20d4fbf18
Feat: expand YAML syntax
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:45 +01:00
8a48110c21
Feat: add validate for sudoers
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:45 +01:00
737ca7b996
Feat: add state
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:05:42 +01:00
e4a60341c5
Feat: simplify one item lists
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:04:35 +01:00
5551fb5c16
Fix: remove unnecessary quotes
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 20:04:33 +01:00
8463f1cf96
Feat: use ini_file module
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-23 19:21:59 +01:00
489bb5ddcf
sudo group by location
2019-03-23 13:49:53 +01:00
01ad50ef95
Whitelist proxy
2019-03-23 13:00:18 +01:00
bd229fb11e
Update matrix-appservice-discord config
2019-03-23 12:52:39 +01:00
3198a50c93
Changed URL to make the Webhooks appservice work
2019-03-17 10:42:43 +01:00
2b79f9117e
Merge branch 'debsums_security' into 'master'
...
Configure SSH and add debsums
See merge request aurore/ansible!25
2019-03-16 22:09:40 +01:00
724db5f8c8
Configure SSH and add debsums
2019-03-16 22:06:50 +01:00
a3b7cf6270
Hotfix HTTP
2019-03-16 21:10:00 +01:00
221be36085
Fail2ban by default
2019-03-14 15:45:19 +01:00
fb11981e8a
Follow Mozilla guidelines
2019-03-14 12:25:27 +01:00
af07bb7c0a
Better SSL conf
2019-03-14 11:53:55 +01:00
a8fa5d69ff
Add proxy snippets and use nginx-light
2019-03-14 10:53:44 +01:00
0cc36a107c
Fix CI
2019-03-12 19:58:55 +01:00
c9761e53dd
Connect to Synapse
2019-03-12 18:33:32 +01:00
1a447b3807
Add matrix-appservice-webhooks and move nodejs tasks
2019-03-12 18:03:23 +01:00
fa7aa8ea75
Merge branch 'master' into 'change_default_soft'
...
# Conflicts:
# roles/baseconfig/tasks/main.yml
2019-03-12 17:27:23 +01:00
bc1459bc51
Fix various yamllint warnings
2019-03-12 17:22:42 +01:00
5dfd8eacc5
Replace 'yes' by 'true'
2019-03-12 17:04:06 +01:00
431b063db7
Maybe last fix for the CI
2019-03-12 16:56:01 +01:00
cc48990798
Use NPM module in matrix-appservice-discord
2019-03-12 16:51:27 +01:00
4a6da11837
Clean up EtherPad dep install
2019-03-12 16:34:35 +01:00
a8656251ab
Tab is useless in sudoers
2019-03-12 07:48:09 +01:00
dd19efaecd
Do not download rest_auth_provider.py
2019-03-12 07:47:07 +01:00
16ca4956dc
Make EtherPad default text shorter
2019-03-11 18:15:17 +01:00
4b5631e60b
Retry 3 times npm and yarn
2019-03-11 18:12:55 +01:00
b9d5601e36
Remove useless PRODUCTION var for webpack CodiMD
2019-03-11 18:10:35 +01:00
84263d7712
Do not use depreciated loop with APT
2019-03-11 18:02:29 +01:00
53b67acb07
Fix a error due to previous merge
2019-03-11 17:53:12 +01:00
b56ae30335
Use YARN module from Ansible 2.7
2019-03-11 17:49:48 +01:00
af81b41e83
Use NPM module for matrix-appservice-irc
2019-03-11 17:44:42 +01:00
4ebaa4f36f
Add retries to APT modules in Matrix Appservices
2019-03-11 15:39:11 +01:00
1274ec4be4
Fix last line of CodiMD apt dep
2019-03-11 15:30:49 +01:00
f347daa408
Use systemd module rather than command
2019-03-11 15:12:58 +01:00
563d9658ed
Add newline at end of 0_apt_dependencies.yml in CodiMD role
2019-03-11 15:10:17 +01:00
1a4e41d318
Merge branch 'master' into 'ansible-lint'
...
# Conflicts:
# roles/codimd/tasks/0_apt_dependencies.yml
2019-03-11 15:00:11 +01:00
ce40a5cb66
Add screen and remove iPython2
2019-03-11 14:55:21 +01:00
a08be12b41
Security policies based on ANSSI recommandations
2019-03-11 14:52:03 +01:00
0b887c2abb
Add matrix-appservice-irc
2019-03-10 11:50:07 +01:00
d6627f5cce
Add matrix-appservice-discord
2019-03-10 11:10:59 +01:00
c7f584cae9
Fix CodiMD build
2019-03-04 16:04:36 +01:00
68d246bb24
Update to CodiMD 1.3.0
2019-03-04 15:08:05 +01:00
bae6f4041d
Add synapse conf to reverse proxy
2019-03-04 09:34:47 +01:00
fb21af51e2
Revert LDAP schema
2019-03-04 09:09:04 +01:00
b55a2ee047
Fix: add a retry statement to remote package tasks
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-03 19:55:51 +01:00
5c5195cc2c
Fix: use systemd instead of command module
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-03 19:32:42 +01:00
cf7e16d8b7
Define default input locale
2019-03-03 09:43:14 +01:00
775179b410
Update logo
2019-03-03 09:22:28 +01:00
eeb2e5a2ae
Write become true rather than yes
2019-03-03 09:16:52 +01:00
ac3d2dee23
Write update_cache true rather than yes
2019-03-03 09:00:29 +01:00
b420d31b2f
Remove last empty line in chsh
2019-03-03 08:54:48 +01:00
3892e49971
Move synapse rest auth url
2019-03-03 08:18:50 +01:00
d54421b013
Fix: line length
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-02 13:31:51 +01:00
58cb43d0d0
Fix: indentations and spaces
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-02 12:16:43 +01:00
5f08a7522e
Fix: blank lines and trailing spaces
...
Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
2019-03-02 12:07:48 +01:00
11bc3b8e22
Configure Synapse provider
2019-02-26 18:04:46 +01:00
9ba730392e
mxisd role
2019-02-26 16:49:18 +01:00
be6c9796e8
Change owner to matrix-synapse
2019-02-26 13:42:45 +01:00
21cfa2c404
Fix synapse templates
2019-02-26 13:34:30 +01:00
6237f3de46
Configure Matrix Synapse
2019-02-26 13:23:14 +01:00
c7dd68089a
Name correctly LDAP userland scripts
2019-02-19 11:41:08 +01:00
4274194b95
Use ansible_managed tag
2019-02-19 11:10:05 +01:00
98622807e1
Clean tasks files
2019-02-19 10:49:18 +01:00
d4a187e449
Remove README per role
2019-02-19 10:43:55 +01:00
5cc4e5bbc0
Make templates end in .j2
2019-02-19 10:42:57 +01:00
36434e3323
Add Matrix synapse
2019-02-16 12:50:18 +01:00
feed96e103
Rename matrix riot role
2019-02-16 12:26:09 +01:00
69f633a83d
Add LDAP on CodiMD
2019-02-09 11:47:09 +01:00
19c2eca917
Add systemd unit
2019-02-09 10:02:53 +01:00
5f194f0e30
Merge branch 'vulcain_codimd' into 'master'
...
Role Ansible pour setup de CodiMD
See merge request erdnaxe/ansible-aurore!2
2019-02-09 09:32:33 +01:00
63804b56af
Todo list
2019-02-09 09:29:14 +01:00
d3070b1611
Do not clone temporally
2019-02-09 09:26:05 +01:00
dc776a0ba4
Fix uws compilation
2019-02-09 08:59:48 +01:00
7e4d247e14
We need a C++ compiler
2019-02-09 08:46:16 +01:00
ebb716d5f2
Only rebuild when code changes
2019-02-09 08:45:16 +01:00
9cee4b5ada
Remove useless comment
2019-02-09 08:39:16 +01:00
41c41d2f02
Add CodiMD database password
2019-02-09 08:29:50 +01:00
a316a5d461
Fix main.yml
2019-02-09 08:07:10 +01:00
d165343631
Add nodeJS pin file
2019-02-09 08:01:35 +01:00
fd7efc6775
Fix YML
2019-02-09 08:01:19 +01:00
fff8a1f2de
Remove useless quotes
2019-02-09 07:58:06 +01:00
9a866f549a
Fix typo in nginx-riot.j2
2019-02-09 07:52:59 +01:00
c8229fee9b
Role ansible pour setup de CodiMD
2019-02-07 13:37:11 +01:00
79266d2476
Uniformize
2019-02-07 13:04:46 +01:00
d58a356e71
Ansible rule for Riot
2019-02-07 13:37:03 +01:00
74c0d481a8
Prepare TP for newcomers
2019-02-07 09:37:47 +01:00
02d4c5684a
Fix cert path
2019-02-07 09:33:20 +01:00
234c3556c6
Remove old ACME challenge
2019-02-06 21:32:14 +01:00
c8617e45cc
Add CodiMD container
2019-02-05 12:42:05 +01:00
4a3c11d719
Beggining of Matrix Riot server
2019-02-05 11:39:58 +01:00
bdb4dadaa7
Don't use anymore submodules as there are too many
2019-02-05 08:35:45 +01:00
ce5bc76853
Add Debian backports role
2019-02-05 08:31:25 +01:00
9cb3d49678
Update hosts
2019-01-19 15:58:05 +01:00
cc496ad785
Update submodules
2019-01-08 11:04:54 +01:00
52d2163752
EtherPad
2019-01-07 13:29:06 +01:00
3711c66476
Make logo selectionnable
2019-01-07 07:41:03 +01:00
a2dd147a37
Add reverse conf for auro.re
2019-01-07 07:40:14 +01:00
221dc968a3
Add NGINX reverse proxy role
2019-01-06 11:36:41 +01:00
431306538f
Fix molly-guard config
2019-01-05 10:31:04 +01:00
c06f12d321
Add EtherPad role
2019-01-04 13:54:52 +01:00
635b6ec410
Use local replica
2019-01-03 19:20:14 +01:00
c30a4eeff1
Dokuwiki role
2019-01-03 16:55:07 +01:00
27342aa406
LDAP replica working
2019-01-03 16:43:50 +01:00
ed10fc8241
Replication role
2019-01-03 14:52:52 +01:00
1ca4391c66
Rename some variables
2019-01-03 14:51:11 +01:00
e4da3088b4
Add LDAP replica role
2019-01-03 12:48:34 +01:00
3c4eafa0de
Send mail to monitor apt changelog
2019-01-02 18:23:11 +01:00
2dd483e4a6
Add security on all servers to verify shutdowns
2019-01-02 18:10:17 +01:00
cd189b397b
Fix perm on user dir
2018-12-27 17:51:30 +01:00
614b8d8142
Execute playbook with become activated
2018-12-27 10:27:20 +01:00
3f24f011c7
Do not use OVH mirrors
2018-12-26 09:58:56 +01:00
0eaee34ebb
Horus uses OVH mirrors
2018-12-25 17:54:34 +01:00
9a94b9daaa
Update submodules
2018-12-25 16:39:51 +01:00
599f0acb3d
Add a way to test
2018-12-24 10:50:22 +01:00
42fd4e7c2e
Inventory clean up
2018-12-23 16:09:12 +01:00
32aa3121ec
Add roles as submodules
2018-12-23 12:25:52 +01:00
Yohaï-Eliel BERREBY