Commit graph

379 commits

Author SHA1 Message Date
4a57dad8a6 use handlers
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-19 23:19:25 +01:00
facfe3c169 Attempt to fix ansible lint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 18:21:29 +01:00
ee1726589a Linter should pass now!
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-17 17:06:59 +01:00
0364006062
Install curl and net-tools by default
Some checks failed
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:13:30 +01:00
02e4e7d48f
Sort APT packages
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-17 12:12:53 +01:00
078d141236 Add task to remove smartmontools of the VM
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-08 22:43:18 +01:00
07f9ee1fbb yes -> true to please yaml linter (truthy)
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-07 11:21:53 +01:00
37e3fe2231 Add ldap replica rives
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-09 18:53:47 +01:00
b232d6b40b Renommage re2o_service en re2o-service 2020-11-09 18:10:34 +01:00
chirac
8bf080dbf7 Fix radius permission bug 2020-11-08 18:50:38 +01:00
chirac
5b56f9cfc9 Revert "Use command instead of shell"
This reverts commit 0f9169284f.
2020-11-08 18:13:21 +01:00
Yohann D'ANELLO
24ab53675a Automatically renew certificates if a new domain was added 2020-11-04 23:58:27 +01:00
Yohann D'ANELLO
03d48a2d82 Add possibility to configure port forwarding, like SSH for Gitea 2020-11-04 23:49:35 +01:00
Yohann D'ANELLO
ac7696c81f User cerbot-nginx to create certificates 2020-11-04 23:07:51 +01:00
Yohann D'ANELLO
f9b7e052b9 Store reverse proxy data in proxy host vars 2020-11-04 22:38:54 +01:00
Yohann D'ANELLO
26427665f3 Fix indentation 2020-11-04 20:11:31 +01:00
Yohann D'ANELLO
9505e87113 Use true instead of yes 2020-11-04 20:00:35 +01:00
Yohann D'ANELLO
0f9169284f Use command instead of shell 2020-11-04 19:49:49 +01:00
Yohann D'ANELLO
4c8e05e08f Use underscore instead of dashes 2020-11-04 19:36:40 +01:00
Yohann D'ANELLO
9b8dee098e Always set file permissions 2020-11-04 19:31:50 +01:00
Yohann D'ANELLO
3c405db661 Add Drone 2020-11-04 00:29:31 +01:00
Yohann D'ANELLO
2a6c005190 Replace ansible_header by ansible_managed 2020-11-03 23:29:30 +01:00
chirac
518560b392 Add new ldap replica at ovh 2020-11-03 14:21:26 +01:00
chirac
a213e18d9c Update Ldap priority 2020-11-02 17:25:38 +01:00
chirac
4a43c0f0db Update re2o ip 2020-11-02 17:25:26 +01:00
3d64f22c39 Modification du keepalive d'OpenSSHd.
Les serveurs OpenSSH détectent désormais la déconnexion du client et
peuvent terminer la session.
2020-10-24 19:12:35 +02:00
chirac
68f7fd5b59 Isc-dhcp-server config for banni/accueil vlans 2020-10-17 19:48:34 +02:00
chirac
0d7bfbd872 Create group for non pve physical server 2020-10-17 19:48:17 +02:00
Yohaï-Eliel BERREBY
8adf6b8105 add ipv6-edge-router role 2020-09-28 18:15:03 +02:00
chirac
ba2baa3020 Return routes now handled by keepalived 2020-09-27 13:55:56 +02:00
bba144ef14 Inverse les opérations de lecture/ecriture par defaut -> rw
Ce fix corrige le problème des opérations d'écritures dans la bdd master remote,
qui marchaient mal, désormais les lignes de logs historiques sont correctement écrites.
Il semblerait que django avait du mal à savoir que ces opérations reversion sont bien des opérations
d'écriture.
2020-09-19 14:02:53 +02:00
chirac
773f39cede Fichier inutile 2020-09-16 21:04:10 +02:00
chirac
dac049f125 Tous les cron dhcp sont décalés de 2 minutes 2020-09-16 21:02:44 +02:00
Yohaï-Eliel BERREBY
91157d80c1 dhcp: run re2o service as root in cron / directly 2020-09-13 17:54:46 +02:00
Yohaï-Eliel BERREBY
6dd6168d2a dhcp: upgrade role for dhcp-aurore-backup 2020-09-12 16:03:33 +02:00
Yohaï-Eliel BERREBY
9b07fc9001 dhcp: manage dhcp-aurore 2020-09-11 15:13:11 +02:00
chirac
26743b464d Add Radius-aurore.adm.auro.re to ansible managed radius servers 2020-09-09 23:17:15 +02:00
chirac
53842e4c2f Add ipv6 Radius AURORE address 2020-09-09 23:16:35 +02:00
Yohaï-Eliel BERREBY
e48425300a Merge branch 'ansible-2.10' into master 2020-09-08 22:35:30 +02:00
Yohann D'ANELLO
5c46191389 Register camelot and gitea, make camelot accessible for everyone 2020-09-04 09:56:02 +02:00
Yohaï-Eliel BERREBY
646ebd3ba9 router: ansibilize routeur-aurore{,backup} 2020-08-08 20:45:38 +02:00
Yohaï-Eliel BERREBY
12b0bc91dc radvd: cosmetic changes 2020-08-08 11:32:34 +02:00
Yohaï-Eliel BERREBY
b199c45d97 fix broken radius role
Would crash if called from anything other than the nuke radius DBs
playbook
2020-08-08 11:32:06 +02:00
Yohaï-Eliel BERREBY
af3c3dc132 enable radvd service 2020-08-08 11:19:16 +02:00
Yohaï-Eliel BERREBY
30e503458e add ability to nuke radius DBs 2020-08-06 09:57:54 +02:00
Yohaï-Eliel BERREBY
e762091435 explain fe80::1 keepalived/radvd magic 2020-08-02 12:15:27 +02:00
Yohaï-Eliel BERREBY
de36a3bb95 announce IPv6 recursive resolver (untested) 2020-08-02 12:15:15 +02:00
Yohaï-Eliel BERREBY
3a8112bf0d roll out (private) IPv6 on George Sand 2020-08-01 17:48:39 +02:00
Yohaï-Eliel BERREBY
361fd54414 keepalived: add IPv6 virtual route 2020-08-01 16:07:27 +02:00
Yohaï-Eliel BERREBY
2e6306b61e radvd: advertise keepalived VIP 2020-08-01 16:05:41 +02:00
Yohaï-Eliel BERREBY
56808e4e60 wip: begin updating 'router' role for IPv6
pending: update virtual routes
2020-08-01 15:46:41 +02:00
Yohaï-Eliel BERREBY
194c19fbf3 fix wrong hardcoded email for keepalived monitoring 2020-08-01 15:34:49 +02:00
Yohaï-Eliel BERREBY
713c93ac44 update unbound role for IPv6 2020-08-01 14:32:02 +02:00
Yohaï-Eliel BERREBY
d54da8d2b9 add ipv6_base_prefix variable 2020-08-01 14:31:49 +02:00
Yohaï-Eliel BERREBY
f09b0906c6 radvd: fix wifi interface, comment out APs for now 2020-08-01 14:20:08 +02:00
Yohaï-Eliel BERREBY
a4841e6947 add radvd role, deploy in routers 2020-08-01 12:56:23 +02:00
Alexandre Iooss
c7c6e50dd9 Remove matrix mxisd 2020-07-22 10:04:25 +02:00
Yohaï-Eliel BERREBY
337906c6c0 add gs dhcp, dns, routing
and add thor to inventory
2020-07-06 18:40:54 +02:00
Yohaï-Eliel BERREBY
fe62055cdd radius: enable service, fix details 2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY
8ce63d14b6 radius: fix settings_local.py 2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef radius: step 2 of deployment (WIP) 2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af radius: change proxy.conf password, use vault
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f radius: initial setup 2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
6d00e2733b unbound: fix log rotation
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
ba3aec348f keepalived: deploy to fleming w/ proper password 2020-05-09 16:07:04 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role 2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role 2020-05-09 12:52:17 +02:00
Yohaï-Eliel BERREBY
dea4dda285 hosts: remove dhcp and recursive_dns groups
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6 dhcp: restart server on config update 2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa keepalived: no ansible_managed
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976 dhcp: allow different router IP suffix
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5 keepalived: initial config 2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
fea73a13aa aurore-firewall: correct backup router ip 2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698 aurore-firewall: fix repo address + branch 2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528 aurore-firewall: add config after cloning 2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3 aurore-firewall: initial setup
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc unbound: change task order
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
4f224ee817 re2o-service: install Python dependencies 2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91 baseconfig: fix resolv.conf 2020-05-07 14:51:02 +02:00
Yohaï-Eliel BERREBY
7c7abb6be5 baseconfig: set up /etc/resolv.conf 2020-05-07 12:53:59 +02:00
Alexandre IOOSS
81592fa986 Merge branch 'master' into 'aurore-dev'
# Conflicts:
#   .gitignore
#   hosts
#   network.yml
#   proxmox.yml
2020-05-03 16:11:19 +02:00
Yohaï-Eliel BERREBY
a77b2c4f0f unbound: fix MTU settings
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
2020-05-02 18:59:22 +02:00
Yohaï-Eliel BERREBY
aae7e0120a unbound: drop verbosity but log SERVFAILs
TODO: less frequent log rotation because of decreased log volume
2020-05-02 18:06:58 +02:00
Yohaï-Eliel BERREBY
c54e8f5d67 unbound: smarter logging
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
2020-05-02 17:13:01 +02:00
Yohaï-Eliel BERREBY
1dca5d2259 unbound: use handlers
Only restart unbound if the configuration
was actually updated.
2020-05-02 16:43:44 +02:00
Yohaï-Eliel BERREBY
b94c62d710 unbound-control: no certificates for local use 2020-05-02 16:37:21 +02:00
Yohaï-Eliel BERREBY
3695a3d771 unbound: attempt to fix spurious blacklisting 2020-04-28 23:14:43 +02:00
Yohaï-Eliel BERREBY
b4482b6d3b unbound: configure unbound-control 2020-04-28 20:21:47 +02:00
Yohaï-Eliel BERREBY
bac131791b unbound: bump verbosity up to 3
Some users are having issues resolving *.auro.re domains from our
network, and the bug does not show itself reliably. Increased verbosity
should help us pinpoint its source.
2020-04-28 20:13:56 +02:00
Yohaï-Eliel BERREBY
ded5f38aec unbound: name set_fact tasks 2020-04-18 17:36:25 +02:00
Yohaï-Eliel BERREBY
662452065f dhcp: remove Cloudflare from backup DNS
and rename variable, since these are not technically
upstream DNS servers
(unbound will ask the root servers, not these)
2020-04-18 17:06:38 +02:00
Yohaï-Eliel BERREBY
a0651d7703 unbound: bind to the right addresses on backup hosts 2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
b57fa6e356 dhcp: use backup DNS servers too 2020-04-18 16:56:34 +02:00
Yohaï-Eliel BERREBY
22166bc69b unbound: log to journalctl 2020-04-18 16:56:17 +02:00
Yohaï-Eliel BERREBY
1777d0e154 unbound: log to /var/log/unbound.log, errors only 2020-04-18 15:42:31 +02:00
Yohaï-Eliel BERREBY
7275ebda47 dhcp: ask clients to use our DNS servers 2020-04-18 15:39:32 +02:00
Yohaï-Eliel BERREBY
f05e92dc5e unbound: remove unchecked configuration keys 2020-04-13 18:42:02 +02:00
Yohaï-Eliel BERREBY
b3712ed335 unbound: initial deployment 2020-04-13 18:41:12 +02:00
Yohaï-Eliel BERREBY
8fee0857c1 re2o-service: force clone git repository 2020-04-06 19:03:38 +02:00
Yohaï-Eliel BERREBY
8579b99b2e dhcp: cron.d entry + let main.py restart the server 2020-04-06 19:03:10 +02:00
Yohaï-Eliel BERREBY
6cce62850d dhcp: configure log rotation 2020-04-06 17:58:14 +02:00
Yohaï-Eliel BERREBY
7347829494 tackle logs 2020-04-06 17:48:56 +02:00
Yohaï-Eliel BERREBY
51fdb89940 extract dhcp-failover.conf into separate file 2020-04-06 17:28:04 +02:00
Yohaï-Eliel BERREBY
d323b78c16 fix bogus dhcpd config
- move failover peer declaration to beginning of file
- set split only on primary
- fix re2o-service hostname
- add /etc/default/isc-dhcp-server
2020-04-06 17:22:50 +02:00
Yohaï-Eliel BERREBY
34b448faec dhcp: implement failover peer configuration 2020-04-06 14:41:34 +02:00
Yohaï-Eliel BERREBY
2a0a2e2ac6 dhcp: fix silly mix-ups 2020-04-06 13:20:52 +02:00
Yohaï-Eliel BERREBY
709e4614c2 suppression d'une déclaration DNS redondante 2020-04-05 19:04:03 +02:00
Yohaï-Eliel BERREBY
e6b2f80b49 templatisation de la config dhcpd
non encore testé
2020-04-05 18:44:37 +02:00
fpoutre
40e915a7e0 happy little mistakes 2020-03-22 19:06:38 +01:00
fpoutre
23f1b7a4a1 added support for edc and gs in ldap replica backup configuration 2020-03-22 18:42:00 +01:00
fpoutre
3a399bd04c added ldap-replica support for ldap-clients of pacaterie and fleming 2020-02-20 18:42:34 +01:00
Alexandre Iooss
5061a029e0
Do not ask why, it was not there 2019-12-05 14:07:48 +01:00
Alexandre Iooss
ccbd7d3770
Failover VMs 2019-11-01 15:38:35 +01:00
Alexandre Iooss
6dec3ed0d1
Proxmox playbook and unifi ap 2019-11-01 15:17:59 +01:00
Alexandre Iooss
5b3ac2a21a
Merge crans version 2019-11-01 14:16:32 +01:00
Alexandre Iooss
e91d47ea8d
Update matrix conf 2019-08-29 07:04:37 +02:00
Alexandre Iooss
6cc0a6a6b7
Remove appservice Discord 2019-08-29 07:03:54 +02:00
Alexandre Iooss
743e902e85
Refractor ldap 2019-08-29 07:03:05 +02:00
Alexandre Iooss
e15ea7854a
Base config sync with crans 2019-08-29 07:02:15 +02:00
Alexandre Iooss
044e8af3aa
Move EtherPad to Docker 2019-07-26 08:50:07 +02:00
Alexandre Iooss
b488007578
[docker] Install docker-compose 2019-07-25 19:10:50 +02:00
Alexandre Iooss
24331ca25b
Fix CI 2019-07-22 21:04:58 +02:00
Alexandre Iooss
2e753db873
Indicate unifi role 2019-07-22 21:00:13 +02:00
Alexandre Iooss
694501dfa3
Merge crans monitoring 2019-07-22 20:56:43 +02:00
Alexandre Iooss
a45ca1a890
Move CodiMD to Docker 2019-07-22 19:14:43 +02:00
Alexandre Iooss
9a35650166
Move Riot web to docker 2019-07-22 10:32:34 +02:00
Alexandre Iooss
66d870ce36
Add docker role 2019-07-22 10:32:01 +02:00
Alexandre Iooss
9018c69da3
Fix matrix v1 2019-07-22 09:12:55 +02:00
Alexandre Iooss
1ed6228728
Simplify help message on server login 2019-05-26 13:03:09 +02:00
Alexandre Iooss
2e0679a973
[passbolt] Add some dep 2019-05-26 12:52:41 +02:00
Alexandre Iooss
a986ecd36a
Passbolt playbook 2019-05-23 07:28:44 +02:00
Alexandre Iooss
72a60a988b
Unifi playbook 2019-05-07 18:52:07 +02:00
Alexandre Iooss
b6573e68ae
Exclude Stretch from node config 2019-05-05 16:24:04 +02:00
Alexandre Iooss
c53d62712f
Make prometheus node exporter listen only on adm 2019-05-05 16:17:52 +02:00
Alexandre Iooss
c1c995e38d
Prometheus role 2019-05-05 14:07:04 +02:00
Alexandre Iooss
8dc40ecb1e
Specify git branch 2019-05-04 18:43:20 +02:00
Alexandre Iooss
8b7d4207b8
Autogenerate service config 2019-05-04 11:46:54 +02:00
Alexandre Iooss
5939d434fd
Beginning of isc-dhcp-server config 2019-05-04 10:54:51 +02:00
Alexandre Iooss
41eb131e69
Fix true values being yes 2019-05-03 22:50:48 +02:00
Alexandre Iooss
81ca7a177d
Initial DHCP re2o service 2019-05-03 22:42:55 +02:00
Alexandre Iooss
aab2daf5b7
Fix Riot depo key 2019-05-03 22:42:12 +02:00
Alexandre Iooss
5e738f40a7
Uniformize motd 2019-05-03 15:52:50 +02:00
Alexandre IOOSS
1cc6bc744b Merge branch 'change_default_soft' into 'master'
Add screen and remove iPython2

See merge request aurore/ansible!20
2019-05-03 14:38:49 +02:00
Alexandre Iooss
0c8763c702
Create VM with Proxmox API 2019-05-03 13:06:26 +02:00
Alexandre Iooss
55cf8b801d
Remove useless systemd handler 2019-04-06 15:19:52 +02:00
Alexandre Iooss
1b3a6f7bf8
Configure IRC Matrix appservice 2019-04-01 18:53:37 +02:00
Alexandre Iooss
84694900e4
Annonce the right Webhook URL for Matrix 2019-04-01 17:57:43 +02:00
Alexandre Iooss
2158c5c6b9
Pass Matrix Webhook through reverse proxy 2019-04-01 17:57:20 +02:00
Alexandre Iooss
88b9356f7d
Make CodiMD role more generic 2019-03-30 13:34:25 +01:00
Alexandre Iooss
48d521fb00
Use generic service model for matrix appservices 2019-03-30 13:26:20 +01:00