Compare commits

..

261 commits

Author SHA1 Message Date
3b1ae6206f
misc: dns + locales + pve + … 2024-06-22 20:27:15 +02:00
81f95aa14d
collabora: misc 2024-05-19 16:30:50 +02:00
708781b722
collabora: migrate to new infra 2024-05-19 15:26:16 +02:00
0782695471
misc: misc 2024-05-19 13:59:17 +02:00
1e1783fd59
caddy: add email addr 2024-05-02 22:43:25 +02:00
4d0f820df0
Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra 2024-05-02 22:40:45 +02:00
48c4ecafae
WIP: caddy: add support for error msg 2024-05-02 22:40:26 +02:00
9aaa619173
chore(bird): Improve code readability 2024-04-01 00:20:41 +02:00
54d227232b
chore(bird): Fix None flag 2024-04-01 00:13:22 +02:00
ba033f9099
feat(bird): Add net.match 2024-04-01 00:06:05 +02:00
8d0139925e
feat(bird): Add as_path.{contains,len}, net.len 2024-03-31 18:12:38 +02:00
7f9ccf3e59
chore(black): Add configuration file (line-limit) 2024-03-31 16:12:51 +02:00
4f18b6c8ef
relax temperature alert for quanta switch 2024-03-10 12:04:00 +01:00
004a033606
Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra 2024-03-09 20:18:43 +01:00
d20c89defe
WIP: caddy: very early role 2024-03-09 20:18:12 +01:00
97496ef4b8
path security issue (getting root privileges) 2024-03-09 20:09:24 +01:00
0b40cc4b9b
configure timeout on snmp scraping for quanta 2024-03-09 19:35:38 +01:00
66e6c960d3
misc 2024-03-09 12:13:19 +01:00
a004555681 Merge pull request 'collabora' (#106) from collabora into new-infra
Reviewed-on: #106
2024-02-24 19:34:24 +01:00
7fe391c16f
grafana: minor fixes again again again !!!! 2024-02-24 18:55:10 +01:00
e660d8688a
grafana: minor fixes again again !!!! 2024-02-24 14:32:51 +01:00
e5e6dd8056
grafana: minor fixes again 2024-02-24 14:28:08 +01:00
67b29517e2
grafana: i am dumb 2024-02-24 14:06:17 +01:00
b141a1d955 grafana: minor fixes 2024-02-24 13:16:19 +01:00
f70e515769
collabora: minor fixes 2024-02-20 20:44:57 +01:00
806fa25b06
Initial config of collabora 2024-02-17 12:45:33 +01:00
00dcf27614
Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra 2024-01-28 19:33:04 +01:00
029b001f9b
misc: add collabora.pub 2024-01-28 19:30:51 +01:00
39119a4ffa
feat(mail): Add dovecot configuration 2023-12-17 18:08:54 +01:00
10087b354b
feat(mail): Add postfix configuration 2023-12-17 17:30:28 +01:00
3f02039de1
base_utils: add some useful utils 2023-12-17 15:47:45 +01:00
91d3087047
WIP: misc: test infrastructure for mail 2023-12-17 15:47:06 +01:00
887aadb5fe
misc: WIP: vpn again 2023-11-07 06:07:48 +01:00
02910a8fc0
misc: WIP: vpn 2023-11-07 04:11:28 +01:00
061b6f1049
prometheus_snmp: WIP: lldp 2023-11-06 22:07:06 +01:00
94ba30cc3b
prometheus: remove redundant '%' symbols 2023-11-06 22:05:53 +01:00
934137903a
misc: move some plugins to roles 2023-11-06 22:05:06 +01:00
8359d2ebea
prometheus: Add LLDP for quanta 2023-11-04 23:26:10 +01:00
5c8358ec95
bird: add rr client/cluster id option 2023-11-04 21:43:32 +01:00
261ccfeb5c
WIP: misc: add eaton ups 2023-11-04 21:36:27 +01:00
9eb5793b38
prometheus: fix quanta temp alert queries 2023-11-04 14:02:06 +01:00
68f36ae048
prometheus: filter out outtake quanta sensors 2023-11-04 13:49:52 +01:00
c2f2c03af6
prometheus: use humanize/humanizePercentage 2023-11-04 13:33:06 +01:00
19953b2951
misc: add ff-3.core.sw 2023-11-04 13:23:47 +01:00
3864b641eb
prometheus: cleanup bird alerts 2023-11-03 20:52:12 +01:00
c4744e9ab6
prometheus: fix typo 2023-11-03 20:51:49 +01:00
98f122bb69
prometheus: lower changes threshold for keepalived alerts 2023-11-03 20:51:17 +01:00
41852b4ab8
prometheus: add keep_firing_for for QuantaTemp 2023-11-03 20:50:56 +01:00
a61c997366
prometheus: monitor link usage for switches 2023-11-03 20:50:34 +01:00
3e16224213
misc: add more quanta switches 2023-11-03 20:50:09 +01:00
136dcb693f
misc: add r3-1.core.sw 2023-11-02 22:22:32 +01:00
db7729b3cb
prometheus_snmp: set type of ifType 2023-11-02 22:22:14 +01:00
6949cc202f
firewall: allow monit → prometheus-bird-exporter on infra 2023-11-02 21:32:32 +01:00
83ff27b856
misc: add ec-1.core.sw 2023-11-02 21:32:11 +01:00
16a0d95936
prometheus: refactoring of the config 2023-11-02 20:27:45 +01:00
2928d7e809
misc: infra: edge bgp session 2023-11-02 17:55:52 +01:00
071d82529d
misc: edge: oti vip 2023-11-02 17:55:07 +01:00
f9f278cb65
prometheus: temporarily disable alerts for rezel, vr & isp 2023-11-02 06:15:47 +01:00
4c61d2bc18
prometheus: add bird bgp import alert rules 2023-11-02 06:11:32 +01:00
3fa998ae68
prometheus: cleanup + bird alert rules 2023-11-02 05:53:02 +01:00
071daad994
prometheus_snmp: retype if(Admin|Oper)Status 2023-11-02 00:37:43 +01:00
fc7f59b231
misc: various monitoring changes 2023-11-02 00:25:35 +01:00
9e483d5285
prometheus: add quanta alerts 2023-11-01 18:56:44 +01:00
4c33b77695
Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra 2023-11-01 18:46:26 +01:00
5e5d2268f3
prometheus_snmp: add various overrides 2023-11-01 18:45:53 +01:00
51674bc1f6
prometheus_snmp: Add alerts on Quanta system 2023-11-01 18:43:32 +01:00
190f31dffd
misc: add gk-1.core.sw 2023-11-01 17:51:29 +01:00
a00a9b123f
prometheus_snmp: set snChasPwrSupplyOperStatus type 2023-11-01 17:14:07 +01:00
9524f29d1f
prometheus_snmp: change snChasFanOperStatus type 2023-11-01 17:00:02 +01:00
14b1f47842
prometheus_snmp: remove snNTP 2023-11-01 16:43:50 +01:00
229a6617de
prometheus: add queue overflow quanta alert 2023-11-01 07:11:30 +01:00
69701f4875
prometheus_snmp: remove index on pwr + add snAgentTemp 2023-11-01 06:41:31 +01:00
6728d2bb00
prometheus_snmp: add snChasPwr and snNTP 2023-11-01 06:30:47 +01:00
be261ab257
prometheus_snmp: add snChasFan 2023-11-01 06:11:27 +01:00
13f22bc7b8
Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra 2023-11-01 05:58:29 +01:00
2e2e4995ed
misc: prometheus_snmp + various minor fixes 2023-11-01 05:57:21 +01:00
7d58a98bb4
unattended_upgrades: remove codename in origins-pattern 2023-10-03 14:28:20 +02:00
45d380c641
unattended_upgrades: migration 2023-10-03 14:09:48 +02:00
35cdf782c8
wip: bird: misc 2023-09-18 17:15:57 +02:00
fbdeddfc72
misc: move variables to {host,group}_vars 2023-09-17 20:32:05 +02:00
17b46bab5e
firewall: add default value for file based zones 2023-09-17 20:30:09 +02:00
93bccaddfd
quemu_guest: add role + playbook 2023-09-16 02:30:17 +02:00
ddc0597e2a
nftables: remove old role + playbook 2023-09-16 01:57:35 +02:00
fa87d9789d
wip: misc: setup infra-2 2023-09-16 01:52:35 +02:00
078d9a3de9
wip: misc: setup infra-1 2023-09-16 01:24:01 +02:00
e87de918db
keepalived: add blackhole routes 2023-09-11 13:28:27 +02:00
14288224b4
keepalived: add vroute for infra-*:ext0 2023-09-11 11:16:02 +02:00
0e581e7d23
update interface on infra-{1,2} 2023-09-11 03:14:57 +02:00
175e375682
firewall: add role + playbook 2023-09-11 01:58:32 +02:00
cb6ef5dae0
add oti and vpn interfaces 2023-09-07 17:28:05 +02:00
15dda43f21
WIP: readressing + wireguard 2023-07-05 01:25:25 +02:00
1a63ba3bea
add vpn-1 2023-07-05 01:23:21 +02:00
75f0ee785b
bird: param bird__bgp_sessions is now a dict 2023-07-05 01:20:47 +02:00
9de88d0a28
ifupdown2: improve wireguard support
- add prio to ensure idempotency when reloading the iface
- add proto to ease route filtering in bird
2023-07-05 01:18:52 +02:00
655f744a11
ifupdown2: wireguard + routing tables support 2023-07-04 04:05:31 +02:00
0c7b5a2c68
openssh: cleanup playblook + role 2023-07-04 04:04:48 +02:00
e0c95b8f10
iproute2: create role + playbook 2023-07-04 03:45:29 +02:00
058fe0b3f5
freeradius: fix vlan logging 2023-07-02 21:56:37 +02:00
2f4c6a53d8
freeradius: fallback to default vlan whem proxying to federez 2023-07-02 21:26:02 +02:00
ddd8c6dcc0
freeradius: fixes + minimal support for federez 2023-07-02 20:51:42 +02:00
2c64d27fd3
freeradius: add vlan support 2023-07-02 16:45:32 +02:00
b3d18e92b6
freeradius: rewrite *-Station-Id and log SSID 2023-06-25 19:49:12 +02:00
ace765b682
freeradius: user domain is optional 2023-06-25 19:33:33 +02:00
ca1c6c8040
freeradius: remove some modules 2023-06-25 19:33:16 +02:00
f8b932014f
freeradius: improve logging robustness 2023-06-25 19:25:50 +02:00
a5b527ec0e
freeradius: add logging 2023-06-25 00:27:08 +02:00
20bce8a0da
pve: add loutr 2023-06-24 17:25:40 +02:00
4a5b3bbfde
Merge branch 'radius' into new-infra 2023-06-22 17:39:00 +02:00
4a9c0e6d8e
bird: add rezel 2023-06-22 17:30:37 +02:00
aa1e422c58
ifupdown2: add rezel addrs 2023-06-22 17:30:17 +02:00
455a0bdc2a
prometheus: temporarily disable BirdProtocolDown 2023-06-22 17:29:16 +02:00
452066fcfb
pve: add pz2891 2023-04-15 17:13:08 +02:00
669c7ec801
resolvconf: add dns-2 2023-04-08 00:54:33 +02:00
d455bbe00e
kresd + prometheus: monitor kresd 2023-04-08 00:54:13 +02:00
6522a6f076
ansible.cfg: retry SSH connections 2023-04-07 08:57:29 +02:00
5391f2b956
all: update playbook 2023-04-07 08:57:20 +02:00
bbaab0b767
pve_auth: disable root user 2023-04-06 18:22:37 +02:00
676dabd76b
pve: configure users 2023-04-06 00:01:21 +02:00
1978f12794
pve_auth: fix groups + enabled 2023-04-05 23:27:11 +02:00
8f51a2fb80
pve_auth: create role 2023-04-05 22:06:50 +02:00
32ed73735f
pve_activate: add role 2023-04-05 00:19:04 +02:00
4ad25f7057
hostname: add role 2023-04-05 00:18:41 +02:00
454f1d75cb
rename rtr → back 2023-04-05 00:18:25 +02:00
cc1786eb2b
backbone → back + ap → wifi 2023-04-04 01:33:16 +02:00
8bf1f1a1fa
keepalived: add dbus support 2023-04-04 01:32:52 +02:00
dcd56413e8
prometheus: monitor keepalived 2023-04-04 01:29:13 +02:00
e160b98f0e
prometheus_node: collect textfiles 2023-04-04 01:28:51 +02:00
94953e1aa7
snmpd: remove role 2023-04-04 01:28:09 +02:00
833d25078d
prometheus_keepalived: add role 2023-04-04 01:27:26 +02:00
8b5d587f26
keepalived: add snmp support 2023-04-03 18:02:49 +02:00
6ee7a19f21
snmpd: create role 2023-04-02 14:25:09 +02:00
0807dc1d70
prometheus-bird-role → dedicated role + various alerts 2023-04-02 13:25:03 +02:00
922b6894a7
prometheus: cleanup role (lots of features missing) 2023-04-02 05:08:01 +02:00
7db15d9c63
prometheus_node: cleanup 2023-04-01 22:32:42 +02:00
b4fe111c91
knotd: add vote + gisti :) 2023-04-01 21:54:44 +02:00
67ac2a7618
rename hyperv → pve + backbone → back 2023-04-01 21:53:48 +02:00
fcb9ac9d17
rename interfaces 2023-03-28 20:36:46 +02:00
9e24c5373e
root_account: set PS1 statically 2023-03-28 20:35:24 +02:00
b36dd15d3c
rename interfaces + fix fallback 2023-03-27 21:51:07 +02:00
a2e181493d
systemd_link: rename interfaces 2023-03-27 13:09:58 +02:00
71befe1b44
ifupdown2: remove useless forward directives 2023-03-27 11:57:58 +02:00
9c41558d62
ip_forward: create role + playbook 2023-03-27 11:56:17 +02:00
66a015c135
migrate again 2023-03-26 19:02:18 +02:00
eb8368b2e6
migrate edge routers (routeur-aurore.adm -> edge-{1,2}.rtr) 2023-03-26 17:06:34 +02:00
67f0e4ccbc changed ip 2023-03-25 19:20:26 +01:00
f3d67e93b4
ifupdown2: add ens23 & enp2s1 2023-03-25 17:56:19 +01:00
45f5920cdd corrected error 2023-03-25 17:48:40 +01:00
3294cde7a6 added ens20 adresses for later testing 2023-03-25 17:47:03 +01:00
6eeb578d89
bird: more filtering 2023-01-13 10:50:23 +01:00
8b39a7f7dc
filter_plugins: remove soft_unicode import 2023-01-13 09:59:40 +01:00
dcc038bd7c
nftables + bird: add role + fix IP addresses 2023-01-13 08:56:16 +01:00
0a621b53b4
keepalived: set keepalived_main 2023-01-13 08:55:17 +01:00
8ec059ce55
root_account: add alias for bridge 2023-01-13 08:54:57 +01:00
621f39a8f2
base_utils: add tcpdump + tmux 2023-01-13 08:54:38 +01:00
f579e08e21
keepalived: change priorities 2023-01-13 08:53:56 +01:00
48deabba50
bird + ifupdown2: fix IP addrs + iBGP for isp-{1,2} 2023-01-07 09:12:44 +01:00
9f850aa4da
add format_rev plugin 2023-01-07 08:59:16 +01:00
1aba1e5606
dhcpd: remove dhcpd__failover_peer 2023-01-07 08:56:12 +01:00
6d66e56b15
bird: filter by proto (ugly) 2023-01-07 08:53:44 +01:00
e7c3a9c771
ansible: use 'debug' stdout_callback 2023-01-07 08:52:46 +01:00
5eff05f8c5
keepalived + bird: fix IP addrs + OSPF 2023-01-07 03:19:40 +01:00
eca5d1563d
dhcpd: add new VMs 2023-01-07 02:42:18 +01:00
c32b949d04
Merge branch 'dhcp' into new-infra 2023-01-07 02:26:35 +01:00
19c623ab0a
Add config for new VMs 2023-01-07 02:25:53 +01:00
7c21275a11
Merge branch 'bird' into new-infra 2023-01-04 08:05:04 +01:00
95c812b101
root_account: add ip alias 2023-01-04 08:04:51 +01:00
830e5b103d
kresd: add dns-{1,2} 2023-01-04 08:04:36 +01:00
873b5cc6f5
knotd: add network-{1,2} hosts 2023-01-04 08:04:08 +01:00
e995b06ea9
chronyd: add ntp-{1,2} 2023-01-04 08:03:52 +01:00
34b67791bd
Add network-{1,2} hosts 2023-01-04 08:03:28 +01:00
9c19e41afd
Simplify ansible_managed 2023-01-04 08:03:09 +01:00
5c17bc9664
WIP: playbooks: OSPF config for infra-{1,2} 2022-12-22 15:56:52 +01:00
d653432d18
playbooks: add infra-{1,2}.rtr 2022-12-22 15:45:07 +01:00
5a43708a87
playbooks: add infra-{1,2}.rtr 2022-12-22 15:17:00 +01:00
9cd983aa4c
playbooks: add edge-{1,2}.rtr.infra.auro.re 2022-12-22 14:40:53 +01:00
0a0fc8e52c
bird: typos 2022-12-22 13:12:24 +01:00
2db69a8f1c
bird: return -> accept/reject 2022-12-22 12:35:32 +01:00
ac9947c50f
bird: function -> filter 2022-12-22 12:12:01 +01:00
6773c5e90d
bird: cleanup + bogons filtering 2022-12-22 12:02:56 +01:00
cc82841560
bird: typos 2022-12-22 11:00:37 +01:00
b9fb9f377f
bird: remove unused OSPF protocol instances 2022-12-22 10:50:51 +01:00
f43775fc02
bird: don't export static routes to kernel 2022-12-22 10:48:52 +01:00
412a63dc6c
playbooks: add edge-{1,2} 2022-12-21 21:02:12 +01:00
a670cbaba4
bird: typos 2022-12-21 21:01:47 +01:00
ea78f609b5
bird: indent with spaces 2022-12-21 19:53:40 +01:00
aac9151280
bird: restart prometheus-bird-exporter
reload is not supported by the service
2022-12-21 19:49:46 +01:00
1c47ccc4a8
bird: install prometheus-bird-exporter 2022-12-21 19:48:22 +01:00
64dcb4b282
bird: add suffix filter 2022-12-21 18:50:05 +01:00
99ba67f074
bird: add IPv6 support 2022-12-21 18:43:00 +01:00
618cad720a
bird: add OSPF stubnet support 2022-12-21 16:51:43 +01:00
8863eed924
bird: add minimal BGP support 2022-12-21 16:39:28 +01:00
0254b82356
Add edge-{1,2} 2022-10-07 21:34:58 +02:00
d0175e961e
knotd: add services-{1..3}.pve.infra (+ CNAME pve) 2022-09-28 14:11:56 +02:00
e13e450a1f
Disable some unused modules 2022-09-23 12:47:07 +02:00
a15a05ce69
resolvconf: add defaults 2022-09-04 07:42:57 +02:00
45ca2a3236
keepalived: change global VIP + interface for VRRP adv. 2022-09-04 07:41:17 +02:00
b0e12b19f8
bird: prevent duplicate rules 2022-09-04 07:40:51 +02:00
61cdb980ea
keepalived: add minimal support for virtual_routes 2022-09-03 14:09:37 +02:00
c7d7320367
ifupdown2: configure isp-{1,2}.rtr interfaces 2022-09-03 04:06:48 +02:00
866f175ed2
bird: add role + playbook, with support for OSPF + RAdv 2022-09-03 04:06:39 +02:00
c4e9ecacd7
freeradius: disable chase_referal + rebind 2022-09-01 22:28:11 +02:00
2d6ee91f93
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00
e99f183743
knotd: replace A/AAAA to CNAME for pz28.adh
Temporary fix until a dynamic DNS service is available.
2022-09-01 13:45:40 +02:00
231c3aac09
freeradius: remove trailing whitespace 2022-09-01 08:19:15 +02:00
3f29960a04
freeradius: explicitly disable OCSP 2022-09-01 08:18:39 +02:00
67994d988b
freeradius: disable detail + detail.log modules 2022-09-01 03:42:33 +02:00
ea843e2f47
freeradius: minimal config for attr_filter 2022-09-01 03:42:24 +02:00
c6afab5728
freeradius: add eap_inner module 2022-09-01 02:21:12 +02:00
553b371797
ifupdown2: configure radius-1.isp 2022-08-31 10:16:06 +02:00
a816fb1f01
freeradius: add support for sites 2022-08-31 05:04:19 +02:00
4bd54fe371
freeradius: remove more unused files 2022-08-31 04:54:20 +02:00
8f27164c17
freeradius: include clients.conf 2022-08-31 04:54:00 +02:00
8937e4f8e8
freeradius: fix clients.conf (ipv4addr + ipv6addr) 2022-08-31 04:53:37 +02:00
3d6e0f21b6
freeradius: configure eap module + remove more modules 2022-08-31 03:44:20 +02:00
953403d0b3
freeradius: create minimal role + playbook 2022-08-31 02:01:41 +02:00
5a7c8b280d
Merge branch 'master' into dns 2022-08-30 13:54:54 +02:00
8f452c76aa
Add radius-1.isp 2022-08-30 13:48:17 +02:00
a505441f4d
hosts: add dhcp-{1,2} 2022-08-27 10:43:19 +02:00
b894959c91
dhcpd: add sample playbook 2022-08-27 10:37:56 +02:00
204ad7f2ce
Merge branch 'master' into dhcp 2022-08-27 10:26:39 +02:00
138ffd6097
knotd: add isp-2.rtr 2022-08-27 05:33:54 +02:00
526eaf84d2
knotd: add isp-1.rtr 2022-08-27 05:17:43 +02:00
ec01fbde95
hosts: add ns-1.auro.re 2022-08-27 05:15:16 +02:00
35087971c3
kresd: increase amount of cache 2022-08-26 10:00:04 +02:00
2ff44c58b7
add requirements.txt 2022-08-26 02:23:01 +02:00
9fc0aa1fe8
kresd: create role + playbook 2022-08-26 02:01:12 +02:00
cdc68cedd5
knotd: add dns-1.int 2022-08-26 01:51:33 +02:00
50b0e023dc
Add ntp-1.int 2022-08-25 20:52:48 +02:00
3216307404
Add pz28.adh.auro.re 2022-08-25 20:44:06 +02:00
1938cc24da
isc_dhcp_server: remove old role 2022-08-20 19:34:54 +02:00
874f75d47d
dns_zone: add requirements.txt 2022-08-20 19:09:35 +02:00
4d82018f62
knotd + hosts: add ldap-1 2022-08-20 19:08:33 +02:00
69c3949ef8
dhcpd: add support for failover 2022-08-20 16:53:10 +02:00
6bb2bbb54f
dhcpd: create role with support for DHCPv4 only 2022-08-20 16:08:25 +02:00
d5ab886dd4
dns_zone: add support for diff and check modes 2022-08-20 04:34:47 +02:00
426296d8bd
knotd: fix typo 2022-08-20 04:34:28 +02:00
2389367582
playbooks: add isp.auro.re 2022-08-20 00:06:01 +02:00
c1833e77b3
playbooks: various fixes for knotd.yml 2022-08-19 21:50:43 +02:00
4446c2c47e
dns_zone: do not relativize zone file 2022-08-19 21:50:15 +02:00
8d92035a81
playbooks: add adh.auro.re 2022-08-19 15:54:03 +02:00
6f32c9bc2c
knotd: do not try to load zone file of slave zones 2022-08-19 15:52:06 +02:00
5542e63d14
add filter_plugins path in ansible.cfg 2022-08-19 05:06:59 +02:00
b34c232904
playbooks: WIP: add knotd playbook 2022-08-19 05:03:19 +02:00
5740b64b1e
hosts: add ns-{1,2,master} to inventory 2022-08-19 05:03:19 +02:00
bb2590358d
vault: add TSIG keys 2022-08-19 05:03:18 +02:00
c775a48ca8
net_utils: add miscellaneous Jinja2 filters 2022-08-19 05:03:07 +02:00
126d0f49df
dns_zone + knotd: add 'reverse_hosts' option 2022-08-19 04:44:49 +02:00
4a29c317a5
knotd: hide version in chaos txt 2022-08-18 21:24:12 +02:00
e36e31d18b
remove playbooks/knot.yml 2022-08-18 21:23:48 +02:00
b1f26f2cd7
knotd: fix knotd__queryacl type 2022-08-18 19:50:35 +02:00
9f8dcecf63
dns_zone: ensure zone files are sorted 2022-08-18 16:35:16 +02:00
b9dd74af40
dns_zone + knot: rename some fields + add record types 2022-08-18 16:32:56 +02:00
86277d05c2
knotd: add knotd__soa_rname variable 2022-08-18 03:59:43 +02:00
642b3eb801
knotd: use human times for SOA fields 2022-08-18 03:47:59 +02:00
2744b3b512
dns_zone: make rname relative to zone origin 2022-08-18 03:47:23 +02:00
f321b12d2f
knotd: add queryacl support 2022-08-18 01:35:35 +02:00
43693c2fc8
dns_zone: bug: replace generator with set 2022-08-18 01:33:52 +02:00
961a2f1105
Add knotd role 2022-08-17 19:00:07 +02:00
11939a6032
Add library path in ansible.cfg 2022-08-17 18:59:40 +02:00
4dbe0e562d
dns_zone: cleanup + hosts + product 2022-08-17 18:23:47 +02:00
c97dca8fa8
Add library/dns_zone.py 2022-08-16 20:13:25 +02:00
283 changed files with 32308 additions and 4116 deletions

1
.gitignore vendored
View file

@ -1,3 +1,4 @@
*.retry *.retry
tmp tmp
ldap-password.txt ldap-password.txt
__pycache__/

18
all.yml Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/env ansible-playbook
---
- import_playbook: playbooks/base.yml
- import_playbook: playbooks/root.yml
- import_playbook: playbooks/ssh.yml
- import_playbook: playbooks/chronyd.yml
- import_playbook: playbooks/kresd.yml
- import_playbook: playbooks/knotd.yml
- import_playbook: playbooks/resolvconf.yml
- import_playbook: playbooks/ifupdown2.yml
- import_playbook: playbooks/systemd_link.yml
- import_playbook: playbooks/keepalived.yml
- import_playbook: playbooks/ip_forward.yml
- import_playbook: playbooks/dhcpd.yml
- import_playbook: playbooks/bird.yml
- import_playbook: playbooks/pve.yml
- import_playbook: playbooks/prometheus.yml
...

View file

@ -3,8 +3,10 @@ ask_vault_pass = True
roles_path = ./roles roles_path = ./roles
retry_files_enabled = False retry_files_enabled = False
inventory = ./hosts inventory = ./hosts
stdout_callback = debug
library = ./library
filter_plugins = ./filter_plugins filter_plugins = ./filter_plugins
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S ansible_managed = Ansible managed
nocows = 1 nocows = 1
forks = 15 forks = 15
timeout = 60 timeout = 60
@ -15,3 +17,4 @@ always = yes
[ssh_connection] [ssh_connection]
pipelining = True pipelining = True
retries = 3

View file

@ -1,3 +0,0 @@
#!/usr/bin/env bash
# Deploy all playbooks
ansible-playbook playbooks/*.yml $@

16
filter_plugins/enquote.py Normal file
View file

@ -0,0 +1,16 @@
class FilterModule:
def filters(self):
return {
"enquote": enquote,
}
def enquote(string, delimiter='"', escape="\\"):
translation = str.maketrans(
{
delimiter: f"{escape}{delimiter}",
escape: f"{escape}{escape}",
}
)
escaped = string.translate(translation)
return f"{delimiter}{escaped}{delimiter}"

View file

@ -0,0 +1,9 @@
class FilterModule:
def filters(self):
return {
"format_rev": format_rev,
}
def format_rev(text, fmt, *args, **kwargs):
return fmt.format(text, *args, **kwargs)

View file

@ -7,11 +7,39 @@ import dns.name
class FilterModule: class FilterModule:
def filters(self): def filters(self):
return { return {
"add_origin": add_origin,
"add_origin_keys": add_origin_keys,
"ip_filter": ip_filter,
"remove_domain_suffix": remove_domain_suffix, "remove_domain_suffix": remove_domain_suffix,
"ipaddr_sort": ipaddr_sort, "ipaddr_sort": ipaddr_sort,
} }
def first_addr(addresses, ipv4 = True):
version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
for addr in addresses:
parsed = ipaddress.ip_address(xx)
if isinstance(parsed, version):
return parsed
raise ValueError("missing address")
def ip_filter(addresses, networks):
if isinstance(addresses, dict):
return {k: ip_filter(v, networks) for k, v in addresses.items()}
ip_networks = [ipaddress.ip_network(n) for n in networks]
ip_addresses = [ipaddress.ip_address(a) for a in addresses]
return [str(a) for a in ip_addresses if any(a in n for n in ip_networks)]
def add_origin(name, origin="."):
return dns.name.from_text(name, dns.name.from_text(origin)).to_text()
def add_origin_keys(dct, origin="."):
return {add_origin(k, origin): v for k, v in dct.items()}
def remove_domain_suffix(name): def remove_domain_suffix(name):
parent = dns.name.from_text(name).parent() parent = dns.name.from_text(name).parent()
return parent.to_text() return parent.to_text()

9
filter_plugins/suffix.py Normal file
View file

@ -0,0 +1,9 @@
class FilterModule:
def filters(self):
return {
"suffix": suffix,
}
def suffix(value, suffix):
return value + suffix

4
group_vars/all/bird.yml Normal file
View file

@ -0,0 +1,4 @@
---
bird__as:
aurore: 43619
...

View file

@ -0,0 +1,5 @@
---
chronyd__pools:
- ntp-1.int.infra.auro.re
- ntp-2.int.infra.auro.re
...

View file

@ -0,0 +1,24 @@
---
ifupdown2__wireguard_proto: wireguard
ifupdown2__gateways:
adm:
- 2a09:6840:128::254
- 10.128.0.254
int:
- 2a09:6840:206::1
- 10.206.0.1
ext:
- 2a09:6840:211::1
- 10.211.0.1
monit:
- 2a09:6840:204::1
- 10.204.0.1
isp:
- 2a09:6840:210::1
- 10.210.0.1
pub:
- 2a09:6840:215::1
- 45.66.111.204
ovh:
- 92.222.211.254
...

View file

@ -0,0 +1,10 @@
---
openssh__users_ca_public_key:
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
openssh__authorized_principals:
- any
- "{{ inventory_hostname }}"
...

View file

@ -0,0 +1,3 @@
---
prometheus_node__text_dir: /var/run/prometheus-node-exporter
...

View file

@ -0,0 +1,13 @@
---
resolvconf__nameservers:
- 2a09:6840:206::1:1
- 2a09:6840:206::1:2
- 10.206.1.1
- 10.206.1.2
resolvconf__domain: auro.re.
resolvconf__search:
- "{{ inventory_hostname | remove_domain_suffix }}"
- auro.re.
...

5
group_vars/all/root.yml Normal file
View file

@ -0,0 +1,5 @@
---
root__shell: /bin/bash
root__password: "{{ vault_root_password }}"
...

View file

@ -1,246 +1,298 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
64313161633263303464663933363265373935633862653634643862343232643432343966376438 61343966306561383238303434393933613538616662326430626564353466356235666537646263
6134633764383937373966346538306530316539303966320a363035303038616435383366656532 3464666132613834306435376533353564633634643931310a376435336364333437633633643537
39346463396563626166333362306464343836386365303836356461323663633831636562393039 30636165313433333039616337633765346232326362663834396462653637636438356638616263
3832636432626238350a666566323435623834396166656233306639333830343130326265616234 6333336530663764660a316331363464616132383835646362306635623261643333313639303132
61666365663963643437386530363261306438376665386463376366363662656161316263303831 66303137623563343066363933633939306432383331643662626130393865346237353432343035
61393136363934316462616131326463333736656136643038623061313363386538393833663637 39643562343231623539393833386461363362363566366339323066316463363334353430666564
36373565333566306632313865646538633532393731313430633462666334323762653337383338 62313039306234346663343934333435303636643632353336643638343532306330316238636663
63313433333835653366363061343839326131666139346563306366656365316663333438363837 39646366396136303663343662313264363831636232303466353536643362396139346138333934
33323165353936343165646464306434303161313139653561346461653537616164623434376534 65323463366438333838343265396261366136643662633733343737376466643636643265323964
33666662343734633766356230383761353239333632613031396365346536373432363433633564 63323735643965653637393031323166356335623838616562366238366337636131363333613666
61633762393033343336373864653438336436613630366539333731383336346665313732396265 64313963643138613831633436313262336431336563323337663035373138323439396231613361
32356138666135383562656366353131366436363464643630656130303437623131333239386363 33653538336633353432623632373730666437306265616631363235646633313565316663303435
66373866393064306565306565386230373638633733326661333065633136633130323963323765 38373933323439366664383334326364393838366436616563663062356635333635613966656262
30353262323835313365383562326363343965636634376133613331363133313030346561653931 32343063666132646638343965336336386265623566613662313634366235363235636139396362
39363636636235646131353034663861336362383263613165323230366439383561653165363764 33383334613032643030366433653164313538313239623062356161386535303163656637323639
65366130623362623539393461363832353435616266393036386439303834316635366438393936 34653162386338626430643662376263316264306133323038353362386239623939333365633964
33383933366262636232383066663130383965306137356363363539633661373664613738336539 61646264383834663038303464633334373639383961616665653362626464336136353662333630
31363131616135623039346465623530376533386263343836376662316562386530336266303062 38343033386361626339653239363266383866656466656335633763353539333732393438616365
64386531303938623939653635313163633261336339366139666135323130653862346132646636 31623030653365643166323230646533333563633935626436356165643036663530323331616461
30363065303235346331333434653331646333616337623562643564366435613938643235333664 32376265393139666161643330343530643036366666336639666265613138646561393931613661
30626164373030303237656366623631396138333265383566333664663061613536666363623630 35383839336539613738343638333636313063613935633833656564303535653831653033623131
61623362383439636239336234333161366635306432363230366630383836326330343932303863 61343466353461656338396364313531323865333338346364363463393666656265386166303834
39393232373831363863333332636362396639663831656266336430313837666463336439353332 36633164383839613830316434356632356436353630363666376330373762306632386533643636
63303036633433323439613535326663633332346565646338353761363733643766363132666365 33343934313936323439393530633563666463323761363737396537336666626639376562633833
34303865656262303563323665363730663062626537363461646363636461633762663237366366 38376434363662623136386238373339613235386361386566636563323433343431353234303732
64393133656464643065633634313261336662646435313735306266316132636530393631353830 65663530336261656466636536393763393537613665383261636234366263393039616337343235
61303939373363323131316463333136326365333430626266376636356130396239323464353937 31313636393166386634643635316135326264636134323032646462343861346231656237653131
64616232373532396334343433636332353530386662633164353235626361623164313039336666 61646662343330623266613064313632636238323166616463613132353761303662633163313562
31636434666437393839393133633961373139313663616366373239386163623064373836376164 63373361623935383466623236633232323130343064393765633038643638323437353735643832
62316638366366376134386231306435616138656461373633393339653532363434393834393430 30333763396565376266343434646263316333336130626463336365306132663036353133316266
37363335623934306661333135343266663464623438353665613330356236323036363139643064 39333962353862626638623464363634316239653233316435306332383934303239363930363363
62383934363465316338393065383935646134353230376131613935613431656333383565353134 36313931643730373865393665613633333064333530663937636438306164386533623138333665
34643866353131653061623236306536363163373639396564336434653839346263303930633663 30646239316633313164386339326132306666346633363865303861666536333662666263393034
39393935636235313431303032336361313730373238333732626465346662363038636361383631 38363638393435633238616232363763366237653530613763333762333330353531613036336164
65393433346363366337383233646166306339653533646632623262376630383265393438326135 36653536316532356337316262663863346333636336613830383363356537353038653065633163
31643039333835666338383762336163336337343532393063323165636531353361613731363065 63323937306431303435343135636562323939383434666363303631313461643038313235366437
65303637396332613432663636326334646635346237396461636366356133303333306239393739 34316563356365623130623664346435373066633832363639306237396233343531313965356232
34353966653662346230383865643231313239626533643761366162613164333132373636623237 65323537376535313261656663316265326661316237363336656536646535666334326663623237
32356335643766646266646266633366363165373861306433316561363166363865303133633939 64373234646261303463306362633762623735376465323536316638373165623264656135333761
34633132343438363034323638376666313061383965323566646463653163313235373364386666 62323761626231663263363764643465303133646531386165366266636266306338353665343732
62393865373137343237306637363536383939303833663532396333313931336162333837613935 36623765393538353139646362616638363365306565353662396638376133663761396663383533
66383266343735396337663936333162323738383264376533316536376563396333343263643931 35353165396261346665626431613838653763613331323262613864663437323235386337323961
65646535363337373865353265306434356432353066656665366638353331366334366339613538 34356564366230313062316139616366343132393261363564333632383934646435386261326131
32373637633564613861626538373365336362313434633137613966353861393462623862663330 33313438663631393466343633386637396463373838363938333131666137316235343136373936
64386431373066306334383863366133333564373163386433313231363366393830343230323734 65323235643130643638383661383837343636363266633165373436363165386264613631323261
61633962356637326538336663386330653563353763663236623539363630626363323237333237 66353133313637376638396465323533373934383135323831363266613931336361616139313766
30656139626561313064323330373032323031343137366638303966313832646365666238326337 61346436383330353265336330633234313334643566363066303835306263663630336439366164
63306363613361653933306234386163383837666430616663383664386563323839326232383761 62616139663666353861313265316463323932306364386637326438633861666231626539303638
35373539626438356539393266653864353066633365383437623437356464383335383039343137 33663361376131306365316537316637653661376637633438613366313230323138663030643061
61373539343631373932373033656233323964353666626162386537616333366562346265656238 61393965306133353434346531656632383735363232346531636338393561396461633431373133
35396130356166303564303036383664656435626534303064653363316464616335303965376330 35646166353538396534636663313564646339363866656336326131366465303239663363393464
61646638383138323265313631613037396561626162306661653231646230343139656135333236 31346130353139633363393161653637353838623131393536383235393161393562356239633038
63303838316266333665636335663361656262353066666430656162323236633564313337353665 65653933373130326466633163383066346332666662393862633334356333353032363135663834
35363565303736633564356632346632343832363934343962313030646132663566346664313632 36323638346134343131396538646334613463383362656261623834623162623664393261663562
38393061613163356265643434626166393366366634343032626637333332316361663639623534 37643238343461366531653761653466343165373838656566636664376435343665333534613766
62323239373639393337373537646232663531653835356165313264663561623633633830373734 36633763656563653363376462336336343530646166313333313064666264633337643733356364
31336234613633666538373961626430316530346462343061323661353564323938353338373961 33363865353232656464396562626530653833316233313562353137373038643165643465653430
64616637303734303333626166306330613238646265636136653939363936356165356232396436 62633865616265363036373737366336626436396133363062313032323634323864363465353361
65353731633836363433616534636330663565643561363233396538386430393964353433616437 32646431353733323134616162306337646332363631613563666334396131623764653463363634
36343936313936303165396236393463646363383338366238363961666530623335653234656139 35383732623164623532303036656337373166326366313037326133353465393937353266343765
65346337663437623134376137326166323933613861663032623965643538343638376234316232 37323965343632326361346632616161653261616333336561333730613664663133633933623835
36333065323234663263343630353739313661373536316162366532336438373263303730626464 61303037333739316333313763653466646436363239653361653864643335646435313362343632
38613136393166626663636631363064303736666235333036616435373063363762666565363136 35633931376562326165613236393134623235313961336332643936373835326238326633396563
38333966303831313333613831313132633062616235353365313533386236613338373130303836 64313937623034313738303764326337666239666266613131306133386265643039393864393465
61326262313833306437366364316433393931353265326131653563656131333436376338613266 66393964393437353965663764666338383033326633376232326565346236636136666464383861
39326632613366666136643137303635336631353230396435313537656366326239626362313833 39363265653166643239363861353839373038336636376366346430353263323136386565313865
62653039343261613265306362323234623264366664306561663839306631663465303962386462 62343730353265396338326463353535653939383336626630393838626132636230363139663536
39353934643562383762623937643034383534393962333466613636346637323235346438666636 38383962323763653464656233373163343463346638363334616534373235353334623732396565
31613838313535666166663063373333653439313035346266666463623666613837313933623837 31373162623035343938336564363964613135393435396430626232653230646239336635373735
63343565663739393764353761316432626237346234663032316131306262356233333439323961 62363931623235303839663433323236346633366465643961303730633865316536373938303339
38646664383030303832646563393836643135303731306435383338623633626638306165386637 63356165353538626337306130663035363432323836626136356466376362333834393937643463
65393238653464623032336437643838333932366131656332333165376261383539386466343139 30323036623239373031396237623964373037396462363833323565393230396636633963366564
65613733383837323832303738363664653138613830376333363038383839623463623631666237 30636330393735666563623730376336646462613365303330643634386236623436656666313862
63363263396533353763373934373034643763376665316638353435663635346135333265363235 61333334323230383061303730353963396466356335343532656533623264373462656265633635
62663432343935343964626432353563313036303761393039386231343530663737633466643035 32636437393866626434633066643566376334633963326465363763386665396530306462366664
65343835353037643539316439666666633866356530363237373230373439373133313337653237 39313533656536376435386438396666323963393663356331373435616532353139656561393161
66613631373637313534353862653437393234363365323032393035376438616264336661616262 64333838336365366164663864363263633630336162303866343434306433656263616432363735
37336435326135373065353564383637626637343532396331623334643139386364316431376435 33373136626230363234316534316230353836623033336639643235653731623934376639643435
36356566363033636539363430356565373039363863396565643730656531346364626334393436 36333037343636326438366531336165633064396334623334663835303736336564666132613839
33343839303538383530363231366166623233333730323163323432373831313639626337346230 30626239343930393864663635663765343233396134326364393236666636353630303561316263
30333930333064393337616564386163623436613933623466353933393733346339383534633239 62616639626666326631333734643665366262636531373138613930393366393762383637343435
30633365313364666566643533326163336330323232353533316633313739343035383465376330 63363365363062376339393966613134643731376531336230633536626330306633383834646266
65356139386463633565366132383832643032333234633964373437633836343435393631396166 34636363383734633065303336383362643130313732653436393133393963653361376561666334
34633439643764623936366536353931646132373539326238303761383339643661616266646130 33346664353861353136643733363335646336613637666236653765383235636233356533643930
30393166393465326365393130636136336433623262346435353936306133616135653734383635 35303361626634343565616361326233643135393963356632316663626137653733376433663565
65393530633836613937346430366337626365363361663533313837363063396538663766646566 63303865343032383364636431363736633463373739316662386663613139306638656664636234
63373639653732353135343562353266316164303863336365303635653464393232613939396131 35313562323234663730343162313364656231656164313766653635653961396330363536343062
30636361343932663233663566656131363938656161623966316366656561343166336532613666 31333065633665326132326532356632353931363735313134346362616562313839306539383139
65613534663762353662353262623634616264373964316336626166353330303539356130646166 38383463393035323462623035306464363631626361373439393632336436383931643861663263
63643435353765633766626165643465386331333637366562393861613834323464363932306430 63366238353732643365346462636364373739613364623939326337363437643965626365383934
32643836646266643031396262626136313363623663366430376432373036643835653863323631 62656661343538396461313634663030383336643362623637363631643766643762646364656331
30613164326430633664306630333632363931656135643465363439376263386561383534633666 39613763616464663866373732343431656331316231393234333163366561663665303634653938
64323763656466343064396639313264386239356664663461333166626332326536623132333434 61396161616131623166313266646632373338623966656635306635393730613238636339633734
62303261643164643330333662623935383037353338306135613737306563326336336162633138 37363838666137386637343261643733336134396233323761396333363761613634393833636433
33623066373265663362303133363032343933306336396466383034636131333837313333326531 33346230323066643136393165376638306235636635383632643137646335656565663039363337
39336163313633623639303462313763656632633030336236643030343262653366633939643536 37346264333232616462643332363736653439653764386663343933633966366631363739313731
31636535393864663363353930363761623264343630396336396431663330323436613462633136 63653532666165663161353065323866613461383162653639376666623739316361313139313935
37336464353730643566393432343762333336653932333366636265343663323462626232623635 65626633633732313562656332643735643663313334333566643632376261396364643334303865
34346136333630363539633666316561376266373032373961313437653564636537656630303261 30363462373036633839323833313930633862326263363634653736626330366235353635636631
37313639333233333365383763333061373730623939303530303832646365323739356564626137 65643532633239303061393332363264643336653365626634363339303538623230373035343837
35633366393636376463393961333830343232363266633931613332643134643234303733373466 61326662326631386234653833313663646232653939383833316266343530373166633339326135
35323831623931633436626636346431303965663639666566623433383736633834626330303265 63366235356334343130663832346238386133663364386266373932663036346565373964376433
37353337656233663938663839373931623137666662623266336537383631626631306235363064 65343931363538323734383339323131343337323332353163373338633634613036663331326533
33313564316438633139336261623736336336326239376630316335313631376132646563333430 62343663646537636534386631333230396235383961303538643433343037363065356137336133
33656432643130643832343065353834633366363339353964623762666564633835633636313731 61636462343335336431386538623037383639333735663465663864653337616534626634656138
63353637636165663136623736343234393038313235333363643237643566623766393838386635 31616634653863663935356432313839346666326361383631613936303231323930653666306331
33646233623032653233336266636335666233353032303837663162303939383262373761623261 36646265373538353038313563653739353030636637613930353866623433626633656532643039
35366661363966346233633739663635353361303264356534366235616164316138623730623632 65386563373064613263663935386337623938383936396336313538326131313530643565333065
62316362623736396264366632373661373835393434343364353431316362666235616635633566 36383334613961323237336362633833383438326331623565383966636330656163656431336537
64353530633334393737346663653562346335323065356665643132353738363132623031353664 32326238663236326536363862396134343565336432656233663631343264653639643732313734
66666639326238386634363664356664343161386435323736316636343536326435303066353035 30356537386439383639376165313639666237356433333964646662663032643834383930366565
37363731613138393333636562386363333932386362303139643262386237353863363764643139 36323063653366373132623664663664313434336463653361373636313964343939633036383730
64616561373239346464623165616332623434303433626638376232333733646136376431626438 33343261363334396639623035663436373431653366313866353263373036373733393035613531
66613134343639656331626630303030366133356636663735353466353834613430356265386162 35636433303132356333343539393236353331653932356530616662353939663961656137616634
66613332663232623438636661306332613162666561353537313336643134663664306630636639 61383538656363333437346535643132333163333936643361613835333861363561313930323862
61613363353264373831393962333631383236666130646333336431303735333165656438363432 64623439383335386565396130323366383962333833383238393361636562366361316563333731
38396530333631636135653534393531326434306362396237366430383166323832336434376364 62613037396236623461373432653261663261316530353434376665663339623464616265393931
38393431646338316232373431613930326532646333386435303034356564336665346133393866 35646463373262366564663034333038633733353032363331643265643836643136613233653065
61643533643361646265313334633463616437393437653935613261366635616430313064346532 32646537643562353565326332633230396235653234666637313535346530383766386130396539
32363831613565313836376338646466323130373032613863323037323566643164653132633735 65663661323934646630373361656262643231333465653138626266663161653831303230656561
65636562653535626461396666643330386333663137613333643165656336633038323036373162 37613431323333343936616430343434323366643535663562336535666536623365613361303861
31376338613862333334643561313332326237646565633934323032626662633631633033623063 33613035616139363537646239376563393165373363643037383639326362383963653736616631
63306664656437663732323339383735306132616531373865323835633264333639336163366466 63633239333265646430383630613462313933353566663765333533363863323861366566386331
33373433653839393638323034623835643531393266306331313563613265616633353763653438 34356133333635343866613063313738393733633965663739336663316231623038623736633264
65363532653163303861383531356639316331343531666666636336373634636134633331366364 35336631613165313532666161303265616365653038306333346136386162653861633036356664
62366230366435323435613964636533353236373935626632623536396664313264653031623062 64616136663430623562646132306262366362353861613239663563633234386366626564333537
33366166343630313839366262313234346262343336386538336335393835646138666330656361 65623439666139396634376534316630613461336666343162333139376461636235613639626663
61313936323838653832633130346539636363613838343363663431623063333933383466353938 34346232643764643065313130333765363766616631373265336234386664616334633261663631
65383361333561383631643938613862343236346233363466333237316339616362366565306639 62343439363163623731356538623061343935313366353839323665346266376631383234656135
39356563656132303463346138356435303038303165363935343266396462326365363262393336 37343536313136656633343938336465373131313033643136666164623338313063653262383961
37396235366639623761366239386165613065626431633733306234343866663266633631656237 61386336363932336131323735626162386264396236376330306336326331643834626537333164
63643430383433393835663635356265636635363137613064353066313338346436356632346265 62303237333538326432363137653261333937326234373665313135643465613734333065306463
38393730336465396263373137383238653337396364643061303234666266663064663265383434 66363662373165363337386534373965666466366566663832363433616334376139623937333435
36636138643432373633313038393737663735363838396164366234643533633762383062353831 62363433343330643763613435303839313665393162313737313439356331376137613635383630
66326231363337323666386263373438656630346336663239643030386434636264666634393631 38333032636564623236656236633031313838396131356431303133386364333763613534316264
39313364333761343532346165396365306463393037643935666363323630326664616638313338 66376665656535636331663333626163633035663332653139636262613031336532353336393131
39396336653738353333343835363861643166376565346463303135376439336134666235623230 66373861343332656131366265326230376662326162336638396365643532303666616630353537
32363031303732666133386164313437366164326539373564623236356432303132633436323563 35656433353765333531303464323166323538656437646564393039626337303361306564333234
36323634373538376133613736633133356638323861636434646465643432636366376138636232 62353666613439613565623932373937306130303730626332653333396631393031313031636535
63633830613462613831313938326339343632393038376639623131366364623536353338363439 31636263303632666466346263343232306262623231323161393866376165353938616536633662
32613331623863336165636364616634303264356630303665383638663737343836663831363263 39623962313465363561393434313331313065323665656266306338626665323863663362313264
63366562393734323030306436346534626530656465396535323835316139633562363830373437 32346136613339306539326561383333376632643365663834646465376364643965323934303835
63626530326530383538623165356532303862353763326432373966626436303465373431373762 39323935613463363431663333383638346665633434376232363163396664336335303866336563
38613539623164353732623636376630643465343839666531306438326633343362306665366132 37303435393962313061303365313261633037636165663339333534383461363335353533303133
39396537366266353864656232616334336130333337306463313932393832653661343036396261 65393834666431343630366461313563646162346232323838373834626334666532303062373236
64613461633433356334623631643861303133383963336635623138326139613564343838366565 64653662623362363535363962333561396131613638613237643164636335346231373539376232
36343130353462333162313736636139306233366466626231306561626335396262663531333839 61633731373632366461343630306662343130373665626138376434633963653932336233613336
61336437343137356335633764373730306466326133356331333530353537616661373062656438 32326237363063663233616533306337373331613234376264353531633034616638323462373264
35356235666464656466323937353837623535643937383866666133383633396563333338633034 66643238363838366430316135663161616663316165343334343533376637373632373634636339
38366531613164363966323137646237393135383164643230663331306335636432656565633636 64386230616139316435666661306237633434623638373235646161623538363132363833646532
34343031633632346533353666353034666266666561346464306665386634313263323333653330 65346431373439343434656630636164653766356439303530306432333931303539666131333332
66323033393531343633356466613837346164393332613037636465343230623731616361336338 31663039303133306436373531333831633461623635663332376438326133303538636137386263
61373332373636646435353734386366613334323161626437396232613534613330613532323534 37396263663737373264653863396233623333313930353661333264326230613466376535653933
65653065386432313733663165616333663666363733623162306536303833663136353334656466 32363232336531323034316637663061616136613038383966346337313534623738306662326533
64353931363838613761663561666639373865393438396565626661343934353662363834636535 34616464336239363431626537396164623562303662316564623964613630613065333630376633
65363664393433313036383438643864663339626331343230343337316437336634636363303563 36663864646463393333616539613731653339343332363061393664613563633836383331343836
35373539383535353235633730386232363539616632336566376264393832383637663330613133 66636538613265666430346634386561343538653730336130326333393733343866646430373930
37643261363966633138373935333438393536373938383265373261363232343030373539366335 36313730313338303538633739316365366364333563393432336565623330313734343030393364
61633162663137643061363366653135323639363838626266386262666133306461333432313738 32383434356330336234303666326464656537643664356565666661396161623234383262396465
30313332626166303630363839396663396564633961383863326663356230343938643833303933 31346130386635336136666335346431303061326538633361613763656166646266666330616266
34333032353935323565346633363537656639613663356130383264373739636231363364613066 36663662663739323032653935313766343330313133306661623237373836363863646135666434
36653664346434393933383337313630623131396461343930383537633536643365306564396665 64373036343639306337353465656631643566373561333464323630633466373462626131356234
31353861643335353538623838393335326364393738376239623431306231363739656438626265 38613231663833393732333663653162336466346130313833633630663965626130363065313031
37666532336661306262303761616238666239623265663231386165353437366631376234343035 32343465623932643036373830623965356437383864383037346430393065376530353133333030
33393037316563373534373765616238616639303031346430623561663430393536303163613338 61653032643238303338636638613464316539373761636662343935353363646434656131663435
65353062336164626335376235656235343637366438353334356436653266333062663838316263 65326135656366666436313661303065376137333462366537643666326664323735303939643961
32623732306462356162623437393035626433336631643833626463656634366332613936346465 37373764623733356633353236623534323734383664306166303762353135346237366462646131
34653331363133373635633330363564333264623566613432383439396537343963653239336265 63306533663930393665333864666530666232353562373436333034626236653462336638663438
33326132663434363065646265646130333935303662623037363938313464366564323734333437 64613564636537306530353839373366646136353039626264646463306539336261613735623461
36336335303738643634653164306332636130316161393335656536386131396662616366383139 38323735393166383861613065386466626534373034353130653731666138643837663662383130
36663863343736666665363337663537326330323437346565346465326231366563643136366365 66303363663635333530363630653937633332316535643261346238663932363963323932373266
37636361343961326261336437616266373962643765346438333766306537303137353764396330 66663436343361656464333533663633633564326234363062613433346536323731333438636633
39626635373631353635313935363834363730386132376363663462653330623130663266373432 37316464326432616432616661323635623236636361313166353230306362383437323231626237
65343237326535613535386363396236336536366165306463643162346638623638373433646163 62663338383461613239306339323336626361656165353532633834326337656533303334613661
62613935363636353639623839396231393838303135346536383037353636613563323234626131 65626565613337636238653031356635393062643739666661623463643633386233633634353265
64373666303436393861373164376564646235366131343433623733663832653039393738343537 37396363636339653765643435303535393738303637313835653564306463306637353132303735
65323534343464613230346532623966616462353532373064623566626563336464326336393364 65333236663733333262663336393266346134613435636535376462363033383062356263333263
39626237646431313135323036303065343138616632343237396136366332636132303037376132 39356561333435643639666562363338616133386338353837336230666232646135386436343265
33623031623635653162616265316366663262373666636638386130643336383130643232643662 35666537313862643466313635643834363138653735633364636138376162623463343330336163
34326663343562613962343033396332303261636230353331313730336630633461333736626333 30333832663438396531333136396362636263343430393732396433316132616238333034353634
66636430643330383032646634396133626339623036333963396662313234623466366634636334 62326133303466373662616237353865396363363932363161643939333564663335363661653939
33373762386662613966353664346239666133656435353365653536356331613632666132376264 35356362653163613966313063326630616339373133333236636138383662616236643262393332
62613433366633663065306166396166633836306139376533396165393966323465303638373563 39633962336366666331343537643032303337326637303466346435643730626361376132393962
63326330323161303065643365343363313338326238363137663139613463613434643834613662 33303932373136613261396639636264353832643531653635306231616531636462616238363038
64663365633965653363633165653038333335333232633434323037643936646561376431626230 38316439373637316465663833356539383839393236313639326364303861656333613663353231
66356138373136366134373533386634373061666330663364376336383433306331386162393633 62323533363534363165313462656230623930373361373039313362613861363832396638386630
33636330643531396464313736363061303466393861613730323563626363643731333633366532 65636266303661336331383562626561633035376135383164343265383432326438303163623338
64646130636234653566346533323962353332653335336239353630633535623935396638663366 63303432663664363232333838343937353535346131613762386338346131643865333139616161
37383661343636613261623833653032373764653164346634663431653664636233323734666166 66306237303331623339396162663966666336366632313034366130353762373031366664376639
36373664306566663930353338366431623563396166356638626166333165623263636336613138 34346432616334356565633438346134336363386434656238343830346661326465623235656165
34343936393964666564306637346561393538383137663162663630336462656663316338376236 30366565316666633433393663646139623234303735386430346132616239303365666432313533
63633666333263663734353861633164653132663334306664643133663736663766626639393236 34653336303334663433303438303137313939343535303332306163346562643033653632633639
32653430333163313363343731666135656662363838366132383732346130313130363365656263 33633632376433346333663665666339653334623934636231616637613837633731383963356434
32643533393163376264653632663262353966306630333064313932616262323134326361633764 65316566666666666233363965303961366338653632313265353137383332633138383133363166
63383837303936616434616630653833653833623263623532306363373836323431393335623530 37343262393330663130346361336233656361376334353332636566373339623133346264376430
34316562343035326265333164643163356230643639373431326431303538346363376332373434 36323334326633623430353837346638653931333033373230303238303132333838373835626130
31313666313663343363353130306561646136393732663164393232636330663635346434343134 30636639363936383236366130646331356333623132303630336263373062653230633034363431
33663138663336636430373763396435323138373633666438623234363631336232366635366532 65333037656332353930396461633938303534396464613433393566363136366232653363313636
62616239663934653462656163326134303261376635323864633435383666363065656665303538 31623637326163356236393732646361633134373330303166316138313630343535643863323163
62626538343638366236646136363232373437336630383739656438636465326531646664366462 63626237313131653838303035643863663863646561343463653331393762663336346362346135
36353663626634386538336239623734323234393463313034303837363164363263623065613061 38303134643233623134326434643534663637626466396533386464353038663561336236636237
38333162646232366339333662313965663336613238386530393162346266636532353433656136 62313562646365346531346331646537326534366137313230386663623537623465373834646438
66326436323836376432313238613165373565643233333435393361636637653361616435393438 35356539376565633065306134356366306563306235643132393763343164373633313463663136
32383763393561343734643438346635613663393736613839623263663866336165343235663933 39376663623963323063636631626264356230636434386666666366333561393430613264396164
66623137616561313462653631613830363666653635336534643935373739353138363934656134 36306436366366666461306239663438323764363130346534336334346265313631363033363134
35663063396162623432373534333463376231666466393963336231653939326663396336383735 32346434346263343933343236306432666434653035313638626637626664383836613964353761
34633763336163313432616163313638623963306666643432306661393632346339373963633265 66303539663239313766343661396233333236633763313037396235626136323432313236623339
32303862643661376433356661383335313365306534663534396638313531373538326236636363 65343931343035663636363062626432613836303861653236363736356163396264633032306132
37626138333437393363323261336663653163643565303063313231346131376261653763356631 32366238623464633031343261616665393530633264633664333063313736363331653032313164
62306262336337366134626632333663363139393131306666303235303761623665356431646234 35313939333035373663353063633066323137336233616131623565313365373563363563623861
33666461663035303066353137623762653565353533613435663839396238336337333463636465 38336532396531343834623330336264303964383564336664396139663765376635313333663034
38353135356634626137376232613330393235383432356436393030313564306537616363383136 35353961663562333137613864346234326261626630623861326533323435663561663165383132
66356463373138313661373565326565343066643133633630313031303132313031663739316631 30623631393235616136636536363032346363363032613730336238666366356131383862613862
66666631386163313034306532393862393930653931363235396662366262636466363464396466 31626134636637336361323435656365383261383235316136393032663338653032343065363637
61303962303066633764393831396632626233343633313061323838623134373036393164633139 61383764306630333765393533303238316466626361353937636339306666623134303565386632
30303861636335636131376334376239636235653233323435623262366132663934613661333135 64656636643334646665336532643436343132653461356339366431653037393737383533383564
61386136326435363337316363666330363431613135663661303438383664663930656564373730 62396663366332353735363030626165663664666465643238316237633538623664313533343062
32373731393666333364633835646431646662313232383136616238303264383438663766356462 33393363323762393130653665336161383935303336386531656133373665613332663736646137
32346664376430663934626661663039656461383738626265346162393861346163656161323333 32373139376263333731366164383834343365333837633736366632386139383563366131323666
39323666643031376530303230626166613233383731363766373634623430633635303963313466 65313862626335653630623262316563386331393236383633336133343062353031346435616339
34646331363539636133373134353535356265393265393635323532323134643034343663636362 30383534313865363162356130616130656434383133643365306462313361666361613836633763
38633261613433393634396234396265623063346138363133646532366638306632396464646432 37383933666264646163643033323836306333633264326335316163333464623737343465373961
61373961383438386535336131393633303430346162613738343839653038303035303033626535 35393661393664323335626639333361393034306339393164373132373665383036323566626363
37343030623530333332306265373539633735616634663666356437303862636338363866613861 30623733306363626237626466613462623362646664346533316362333037393736363161363133
38346130336338373865343866306665616530313938616366346131376262346135323537663137 63373539626232633565636362646637336465623734366164396663303037623333656161313331
39383366313766666234323234363937623264353532323033363966313135653163343036666262 62303139646130316263633165653063666366383964376535343232343363393062393336663538
34393832613034383239393930383063336131356364303231323966303633333331633666373764 36356362366665643365656566653638343361306663396661303735353536323737653338306534
65383137333965663234663933303231356165376233326233303035316536666563656363343933 35323139616563383339656235353230316436666534366362323631316263333435316531303766
36633039666432643135636331353932633164633964623661373739633665313433306561303637 62376263363439366236636133613634333238336237333665636662353132373134326230356133
62373534346562363132643063643732343462653838393635343266626535353864656437313434 32383537633764663538326466663936373266376232643131393732356361353864353235303162
34376538303965616539626534613431623834376337643936613137323031323139393762636463 32623038616231653965373538653036393864373064646366333162363639306364396363636337
66346664666361623636666533663037613434353135393862376633636233656330366136646434 36303533663862313133336533653439623663373463633162353638313434353766633765623938
30653735323961383130393763333630306131376430363436623238646632363462383739653636 35306432626562386331396534643261663362363861366532343831646463653330343037643832
37346566663039383866323639633565366338353438386461616239313639343766333661346435 36333433633761633765363531356439663861313936353863366164343163646239313830346364
33316538366463383733346663316564656566656165396465393461363061613239666165346661 65303632373335346231643662336564303764633239396232326366383662346637666336666366
62346639623163363762366431313831663135643062336363323336303737393437653863303665 38643937306561663839383933663035393664663531353961393138333330616663396338623763
36643466336566336236353166333063633830646461626262333937316162353365353130353535 63643165346532326565613466643066643366363237356337663239386437356234363861633066
30383164363532363532306364393236303537383139643431393962333063633162313033613561 63313763323064633030333338613565316362346338643439396532303635633337643931656363
32323434336364343061386666616639336566373461633462393130336461303531353436623065 34383365616364373530613864363934303837653639373831383139633765656337353764323261
65663430623066336533373662306566396263376562343936666166626666323964373334613835 36663738393863613263356230666636616534333036663964343862333763646636653063373235
64633535303365643564626562643562636363363834353865353765356665643965663861366436 39373639343138366530396136313435633163346264643566323537616330643639643230656430
63333736613232353130616466316637613966646139323565356537666331666564623832333439 33613637653033313135383332373433633639393564316337633764356565306130663237393533
36376131663431616430616265323039646432393166613631313762613264313765323231663961 65666632316562306366616536633535636635613566636336363462346533303537393132303932
65616636306362386534626130636261636566626365643630616135323634343935653033653433 38613934653363393437316261323931346633623632363863396365346562373964313237363130
3061 64333137396235303765643464353931636466376437626130336366653339306335656235336235
38636532393165346132313161316339616362623834636465396362373734646533646334313335
34613534643764663832666139666631316334653232613036306634643337666236353931326431
62363965663736653865373838326563363937313334373937353564363562323834383335663633
36393731366263353565646463646464613236663232333035376531333863343261383933363764
36303466353536633961633536333663393862396136353930333033373664616266646463333465
31333636333337656537353631656631376432376562386235346464323933303666616661313639
62646439633264623735343164613066623464613538666134316338356235363861643965343034
33656664373766616137383937363738313935616162326435616630373234613161333132323230
36366330343034646431343163626235313863376237353465373562363966366161636165353365
61336661376162396633383939323566643730613837313233623339656433303862336665393762
35616365343239376432363061626566653931643633373634396565623965323239396466313462
62393466636436353763336635306365373730626161363836663137646437343330326135393231
64343539613233353637323534306337643865623738633030373637636335626437373162336662
30313033373336363735393435383063303133636334303531343061333133343537373239313433
61303131353535303937636432633337323763363463366636396632663438396234343133643636
34343938323537356465613764656239663764363161663931666631643132393538613265353235
30326364346362353661346431316666363037633031343236363365336234353963303863636662
36323231393433623239613065326239323866323430646530376366353035336665383536313962
61303838376235333532643338323361356339323966343334353731373932656563306263646632
62343164353162313164373036393139353566396638356532633234396661656633313437313732
62396134663436663133376465636164306634343531393431383630376563343062313866363839
66393939383138396632313962613736343431643834646564353562343938313033636166623031
62383863613465656638646236356334346130623163333630323935326439636632663333393136
32373265373665386164333330366535383663623235336362653634656164643635396163363930
66346137313031636533386337653137336263323138313462343936643630383233323236613466
65313435386565366161336631333064383734616464356134383661613665623566346131303730
38653339643962616538373263373433396535623066373466326331323131623866613132363765
65373433336133303839383463663861383835336337303537306136666134393631393133306666
32353836623636343037383032663333333265393835623531323532376330326130613134396261
64303063393332393439323930376464333338626331643261326131636434343538343761643231
64616233376236373436396234383235343662343538383830633337373037326231313332653263
34333830353633626136633737303138363932303534343238333234626535313433666337376162
34366365353335396163313032663561643466393535366139626266363732633363343963383561
61626334303635383463636163306238653830366236396632653866636533613334653737646633
65626166323531353139313538386435363961386664653036336136636337653463376136336565
37623531636639363434393738373038376264626163363131383835653965323566356639323239
35396238323831356133393365666238663563333335373664313165373039373465323532333361
38623635313838626135303262653935653539646130306138363662626664623263303661366632
37623035336336396636383139373139353034373864653235336132626531666366653564373735
30666364623463386465366635643935393332306630313233653234326663376137663065653937
32306461396132313630646462363962316238363935386339333236653364643330356535646630
36353237343961303164616236613063333163303233316666313864666363396361316337326263
39613665366662313430306230663235393331626335623334303161643232656337313066363235
64376635653231343031323838363931396235383936373735303965636633323530306233336264
31343063653636616532343764623434393936363433356265633433633434343266303462626131
65663638373565613233643566373032376434646566613835376639366539386336396134353166
64663832343239383234393264383961663461376238373132613933643363393665663833356664
66323064623738326636343236306639656634373263356433303264386333363933343438623531
34306632323665613266626666623134303338306639633466356232333336363438623630303734
30336237316235363535396633313561373931623133373564383165643339613337616437353033
33303439616232366331393763326564613439383630316530646432353866303563643637373738
3764

69
group_vars/dhcp/dhcpd.yml Normal file
View file

@ -0,0 +1,69 @@
---
dhcpd__omapi_key:
algorithm: hmac-sha512
secret: 99XuJO0ofX3VAnWWlyixWbQ5YTagPfgxyh14IbLNBb3/JzEklkWopvQdj/PXVYbfb/sRyFJBhLexPag4dLh7PA==
dhcpd__interfaces:
- client0
- client1
- client2
- client3
- client4
dhcpd__dns_servers:
- 10.128.10.3
- 10.128.10.103
dhcpd__domain_search:
- isp.auro.re.
- auro.re.
dhcpd__subnets:
- network: 100.64.0.0/27
routers:
- 100.64.0.1
start: 100.64.0.4
end: 100.64.0.30
domain_name: client0.isp.auro.re
failover: true
- network: 100.64.0.32/27
routers:
- 100.64.0.31
start: 100.64.0.33
end: 100.64.0.63
domain_name: client1.isp.auro.re
failover: true
- network: 100.64.0.64/27
routers:
- 100.64.0.65
start: 100.64.0.67
end: 100.64.0.95
domain_name: client2.isp.auro.re
failover: true
- network: 100.64.0.96/27
routers:
- 100.64.0.97
start: 100.64.0.99
end: 100.64.0.127
domain_name: client3.isp.auro.re
failover: true
- network: 100.64.0.128/27
routers:
- 100.64.0.129
start: 100.64.0.131
end: 100.64.0.159
domain_name: client4.isp.auro.re
dhcpd__failover:
dhcp-1.isp.infra.auro.re: 10.210.1.1
dhcp-2.isp.infra.auro.re: 10.210.1.2
dhcpd__failover_address: "{{ dhcpd__failover[inventory_hostname] }}"
dhcpd__failover_peer_address: "{{ dhcpd__failover
| dict2items
| selectattr('key', '!=',
inventory_hostname)
| map(attribute='value')
| first }}"
...

24
group_vars/dns/kresd.yml Normal file
View file

@ -0,0 +1,24 @@
---
kresd__listen:
- address: 0.0.0.0
port: 53
kind: dns
- address: "::"
port: 53
kind: dns
- address: 0.0.0.0
port: 853
kind: tls
- address: "::"
port: 853
kind: tls
- address: 0.0.0.0
port: 8453
kind: webmgmt
- address: "::"
port: 8453
kind: webmgmt
tls: false
kresd__cache_size: 512
...

View file

@ -0,0 +1,21 @@
---
keepalived__virtual_router_id: 81
keepalived__interface: back0
keepalived__virtual_addresses:
crans0:
- 185.230.79.254/29
- 2a0c:700:28::2/64
- fe80::1/10
zayo0:
- 2001:1b48:2:103::d7:2/126
- 83.167.52.69/31
- fe80::1/10
oti0:
- 2a00:a4c0:100c:1::b/127
- 77.95.70.11/31
- fe80::1/10
keepalived__main: "{{ inventory_hostname_short == 'edge-1' }}"
...

86
group_vars/infra/bird.yml Normal file
View file

@ -0,0 +1,86 @@
---
bird__kernel:
kernel:
learn: true
import: accept
export: accept
bird__ospf:
limits:
import: 4000
export: 4000
import: accept
export:
protos: kernel
areas:
0:
broadcast:
- back0
stub:
- monit0
- wifi0
- int0
- sw0
- bmc0
- pve0
- isp0
- ext0
- pub0
- th30
- ups0
1:
broadcast:
- vpn0
bird__bgp:
edge1:
local:
address: "{{ bird__bgp_addr.back }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:203::1:1
- 10.203.1.1
as: "{{ bird__as.aurore }}"
import:
- pref_src: "{{ bird__pref_src_addr }}"
- accept
export: reject
edge2:
local:
address: "{{ bird__bgp_addr.back }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:203::1:2
- 10.203.1.2
as: "{{ bird__as.aurore }}"
import:
- pref_src: "{{ bird__pref_src_addr }}"
- accept
export: reject
#wg1:
#local:
#address: "{{ bird__bgp_addr.vpn }}"
#as: "{{ bird__as.aurore }}"
#neighbor:
#address:
# - 2a09:6840:213::1:3
# - 10.213.1.3
#as: "{{ bird__as.aurore }}"
#rr_cluster_client: 10.203.1.1
#import: reject
#export: accept
#wg2:
#local:
#address: "{{ bird__bgp_addr.vpn }}"
#as: "{{ bird__as.aurore }}"
#neighbor:
#address:
# - 2a09:6840:213::1:4
# - 10.203.1.4
#as: "{{ bird__as.aurore }}"
#rr_cluster_client: 10.203.1.1
#import: reject
#export: accept
...

View file

@ -0,0 +1,365 @@
---
firewall__zones:
adm-legacy:
addrs:
- 2a09:6840:128::/64
- 10.128.0.0/16
ups:
addrs:
- 2a09:6840:201::/64
- 10.201.0.0/16
back:
addrs:
- 2a09:6840:203::/64
- 10.203.0.0/16
monit:
addrs:
- 2a09:6840:204::/64
- 10.204.0.0/16
wifi:
addrs:
- 2a09:6840:205::/64
- 10.205.0.0/16
int:
addrs:
- 2a09:6840:206::/64
- 10.206.0.0/16
sw:
addrs:
- 2a09:6840:207::/64
- 10.207.0.0/16
bmc:
addrs:
- 2a09:6840:208::/64
- 10.208.0.0/16
pve:
addrs:
- 2a09:6840:209::/64
- 10.209.0.0/16
isp:
addrs:
- 2a09:6840:210::/64
- 10.210.0.0/16
ext:
addrs:
- 2a09:6840:211::/64
- 10.211.0.0/16
pub:
addrs:
- 2a09:6840:215::/64
- 45.66.111.192/27
vpn-clients:
addrs:
- 2a09:6840:212::/64
- 10.212.0.0/16
vpn:
addrs:
- 2a09:6840:213::/64
- 10.213.0.0/16
infra:
zones:
- adm-legacy
- ups
- back
- monit
- wifi
- int
- sw
- bmc
- pve
- isp
- ext
- pub
- vpn
internet:
negate: true
addrs:
- 2a09:6840::/32
- 2a09:6841::/32
- 2a09:6842::/32
- 45.66.108.0/22
- 10.0.0.0/8
- 100.64.0.0/10
prometheus.int:
addrs:
- 2a09:6840:204::1:1
- 10.204.1.1
- 2a09:6840:204::1:2
- 10.204.1.2
grafana.adm:
addrs:
- 2a09:6840:128::98
- 10.128.0.98
nextcloud.adm:
addrs:
- 2a09:6840:128::58
- 10.128.0.58
dns.int:
addrs:
- 2a09:6840:206::1:1
- 10.206.1.1
- 2a09:6840:206::1:2
- 10.206.1.2
ntp.int:
addrs:
- 2a09:6840:206::1:5
- 10.206.1.5
- 2a09:6840:206::1:6
- 10.206.1.6
docker-ovh.adm:
addrs:
- 2a09:6840:128::150
- 10.128.0.150
mx.test:
addrs:
- 2a09:6840:211::1:5
- 45.66.111.208
- 10.128.1.5
proxy.pub:
addrs:
- 2a09:6840:215::1:1
- 45.66.111.206
collabora.ext:
addrs:
- 2a09:6840:211::1:1
- 10.211.1.1
ns-1.pub:
addrs:
- 2a09:6840:215::1:2
- 45.66.111.205
ns-2.pub:
addrs:
- 2a09:6840:215::1:3
- 45.66.111.207
ns-master.int:
addrs:
- 2a09:6840:206::1:7
- 10.206.1.7
firewall__input:
- iif:
- back0 # FIXME link-local
- vpn0
verdict: accept
- src:
- back
- vpn
verdict: accept
- src: monit
protocols:
tcp:
dport: 9100
verdict: accept
- src: monit
protocols:
tcp:
dport: 9324
verdict: accept
- protocols:
icmp: true
verdict: accept
- protocols:
tcp:
dport: 22
verdict: accept
- verdict: drop
firewall__output:
- verdict: accept
firewall__forward:
- src: back
dst: infra
verdict: accept
- src: infra # FIXME: temporary
dst: internet
verdict: accept
- src: monit
dst: bmc
protocols:
icmp: true
verdict: accept
- dst: mx.test
protocols:
icmp: true
verdict: accept
- dst: mx.test
protocols:
tcp:
dport:
- 25
- 465
- 993
verdict: accept
# NS
- dst:
- ns-1.pub
- ns-2.pub
protocols:
tcp:
dport: 53
verdict: accept
- dst:
- ns-1.pub
- ns-2.pub
protocols:
udp:
dport: 53
verdict: accept
- src:
- ns-1.pub
- ns-2.pub
dst: ns-master.int
protocols:
udp:
dport: 53
verdict: accept
- src:
- ns-1.pub
- ns-2.pub
dst: ns-master.int
protocols:
tcp:
dport: 53
verdict: accept
# SNMP
- src: monit
dst:
- sw
- ups
protocols:
udp:
dport: 161
verdict: accept
# Alertmanager
- src: monit
dst: docker-ovh.adm
protocols:
tcp:
dport: 9093
verdict: accept
- src: adm-legacy
dst: bmc
verdict: accept
# Prometheus for Grafana
- src: grafana.adm
dst: prometheus.int
protocols:
tcp:
dport: 9090
verdict: accept
# Admin VPN clients
- src: vpn-clients
dst: infra
verdict: accept
# Prometheus node
- src: monit
dst: infra
protocols:
tcp:
dport: 9100
verdict: accept
# Prometheus bird
- src: monit
dst: back
protocols:
tcp:
dport: 9324
verdict: accept
# Prometheus kresd
- src: monit
dst: dns.int
protocols:
tcp:
dport: 8453
verdict: accept
# Allow DNS from infra to dns-{1,2}
- src: infra
dst: dns.int
protocols:
udp:
dport: 53
verdict: accept
- src: infra
dst: dns.int
protocols:
tcp:
dport: 53
verdict: accept
# Allow NTP from infra to ntp-{1,2}
- src: infra
dst: ntp.int
protocols:
udp:
dport: 123
verdict: accept
# Admin Wireguard
- dst:
- 2a09:6840:211::1:1
- 45.66.111.204
- 10.211.1.1
protocols:
udp:
dport: 5121
verdict: accept
# Proxy web
- dst: proxy.pub
protocols:
tcp:
dport:
- 80
- 443
verdict: accept
- src: proxy.pub
dst: grafana.adm
protocols:
tcp:
dport: 3000
verdict: accept
- src: proxy.pub
dst: nextcloud.adm
protocols:
tcp:
dport: 8080
- src: proxy.pub
dst: adm-legacy
protocols:
tcp:
dport:
- 80
- 443
verdict: accept
# ICMP to public vlan
- dst: pub
protocols:
icmp: true
verdict: accept
# Proxy -> Collabora
- src: proxy.pub
dst: collabora.ext
protocols:
tcp:
dport: 9980
verdict: accept
# Collabora -> Proxy
- src: collabora.ext
dst: proxy.pub
protocols:
tcp:
dport:
- 80
- 443
verdict: accept
firewall__nat:
- src: 10.0.0.0/8
dst: internet
protocols: null
snat:
addr: 45.66.111.200/30
#- src: monit
# dst: adm-legacy
# protocols: null
# snat:
# addr: 10.203.1.3/32
...

View file

@ -0,0 +1,59 @@
---
keepalived__virtual_router_id: 82
keepalived__interface: back0
keepalived__virtual_addresses:
ups0:
- 10.201.0.1/16
- 2a09:6840:201::1/64
- fe80::1/10
monit0:
- 10.204.0.1/16
- 2a09:6840:204::1/64
- fe80::1/10
wifi0:
- 10.205.0.1/16
- 2a09:6840:205::1/64
- fe80::1/10
int0:
- 10.206.0.1/16
- 2a09:6840:206::1/64
- fe80::1/10
sw0:
- 10.207.0.1/16
- 2a09:6840:207::1/64
- fe80::1/10
bmc0:
- 10.208.0.1/16
- 2a09:6840:208::1/64
- fe80::1/10
pve0:
- 10.209.0.1/16
- 2a09:6840:209::1/64
- fe80::1/10
isp0:
- 10.210.0.1/16
- 2a09:6840:210::1/64
- fe80::1/10
ext0:
- 10.211.0.1/16
- 2a09:6840:211::1/64
- fe80::1/10
th30:
- 10.126.0.6/24
- fe80::1/10
pub0:
- 2a09:6840:215::1/64
- 45.66.111.204/27
- fe80::1/10
#keepalived__virtual_routes:
# ext0:
# - 45.66.111.204/30
keepalived__virtual_blackholes:
- 45.66.111.200/30 # NAT
keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
...

53
group_vars/isp/bird.yml Normal file
View file

@ -0,0 +1,53 @@
---
bird__kernel:
kernel:
learn: true
import: accept
export: accept
bird__ospf:
limits:
import: 4000
export: 4000
import: accept
export:
protos: kernel
areas:
0:
broadcast:
- back0
stub:
- client0
- client1
- client2
- client3
- client4
bird__bgp:
edge1:
local:
address: "{{ bird__bgp_addr.back }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:203::1:1
- 10.203.1.1
as: "{{ bird__as.aurore }}"
import:
- pref_src: "{{ bird__pref_src_addr }}"
- accept
export: reject
bird__radv:
rdnss:
- 2a09:6840:206::1:1
- 2a09:6840:206::1:2
interfaces:
client0:
max_interval: 5
prefixes:
- 2a09:6841::/64
dnssl: client0.isp.auro.re
domain_search:
- auro.re
...

View file

@ -0,0 +1,40 @@
---
firewall__zones:
internet:
negate: true
addrs:
- 2a09:6840::/32
- 2a09:6841::/32
- 2a09:6842::/32
- 45.66.108.0/22
- 10.0.0.0/8
- 100.64.0.0/10
clients:
addrs:
- 100.64.0.0/10
non_clients:
negate: true
zones: clients
allowed_clients:
file:
path: /var/run/firewall/allowed_clients.yml
default: []
firewall__input:
- verdict: accept
firewall__output:
- verdict: accept
firewall__forward:
- src: allowed_clients
dst: non_clients
verdict: accept
firewall__nat:
- src: clients
dst: internet
protocols: null
snat:
addr: 45.66.111.220
...

View file

@ -0,0 +1,32 @@
---
keepalived__virtual_router_id: 80
keepalived__interface: back0
keepalived__virtual_addresses:
client0:
- 100.64.0.1/27
- 2a09:6841::1/56
- fe80::1/10
client1:
- 100.64.0.33/27
- 2a09:6841:0:1::1/64
- fe80::1/10
client2:
- 100.64.0.65/27
- 2a09:6841:0:2::1/64
- fe80::1/10
client3:
- 100.64.0.97/27
- 2a09:6841:0:3::1/64
- fe80::1/10
client4:
- 100.64.0.129/27
- 2a09:6841:0:4::1/64
- fe80::1/10
keepalived__virtual_blackholes:
- 45.66.111.220/32
keepalived__main: "{{ inventory_hostname_short == 'isp-1' }}"
...

71
group_vars/ns/knotd.yml Normal file
View file

@ -0,0 +1,71 @@
---
knotd__listen:
- address: 0.0.0.0
- address: "::"
knotd__keys:
xfr:
algorithm: hmac-sha512
secret: "{{ vault_knotd_xfr_key }}"
knotd__remotes:
xfr-master:
address: 2a09:6840:206::1:7
key: xfr
knotd__acl:
notify-master:
address:
- 2a09:6840:206::1:7
- 10.206.1.7
key: xfr
action: notify
knotd__queryacl:
local:
addresses:
- 10.0.0.0/8
knotd__zones:
auro.re:
dnssec_validation: true
acl:
- notify-master
master: xfr-master
test.auro.re:
dnssec_validation: true
acl:
- notify-master
master: xfr-master
infra.auro.re:
dnssec_validation: true
acl:
- notify-master
#queryacl: local
master: xfr-master
108.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
109.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
110.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
111.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
0.4.8.6.9.0.a.2.ip6.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
...

View file

@ -0,0 +1,13 @@
---
chronyd__allow_networks:
- 2a09:6840::/32
- 10.0.0.0/8
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
chronyd__local_stratum: 10
...

View file

@ -0,0 +1,144 @@
---
prometheus__scraping_bird:
targets: "{{ groups.router }}"
address:
port: 9324
prometheus__rules_bird:
- record: bird:protocol_up:bgp_all
expr:
label_replace(
bird_protocol_up{proto="BGP"},
"group", "$1",
"instance", "^([^0-9\\.]+)-[0-9]+.*"
)
# FIXME: sessions en cours d'installation, pas encore monitorées
- record: bird:protocol_up:bgp
expr:
bird:protocol_up:bgp_all
unless bird:protocol_up:bgp_all{
group="edge",
name=~"^(viarezo|isp[12]|rezel)[46]$"
}
# Sessions qui ne sont volontairement pas redondées
# au sein d'un groupe
- record: bird:protocol_up:bgp:non_redundant
expr:
bird:protocol_up:bgp{
group="edge",
name=~"^(oti|crans|legacy|edge)[46]$"
}
# Sessions qui le sont
- record: bird:protocol_up:bgp:redundant
expr:
bird:protocol_up:bgp
unless
bird:protocol_up:bgp:non_redundant
- alert: BirdBGPRedundancyDegraded
expr:
(
count by (group, name) (
bird:protocol_up:bgp:redundant{state="Established"}
) + (
count by (group, name) (
bird:protocol_up:bgp:redundant{state!="Established"} * 0
)
)
) < 2
for: 0m
labels:
severity: warning
annotations:
Session: !unsafe "{{ $labels.name }}"
Count: !unsafe "{{ $value }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPDown
expr:
(
count by (group, name) (
bird:protocol_up:bgp{state="Established"}
) + (
count by (group, name) (
bird:protocol_up:bgp{state!="Established"} * 0
)
)
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
# TODO: warning pour redondant ?
- alert: BirdBGPNoExportedPrefixRedundant
expr:
bird_protocol_prefix_export_count{
export_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:redundant{state="Established"}
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPNoImportedPrefixRedundant
expr:
bird_protocol_prefix_import_count{
import_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:redundant{state="Established"}
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPNoExportedPrefixNonRedundant
expr:
sum by (group) (
bird_protocol_prefix_export_count{
export_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:non_redundant{state="Established"}
)
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPNoImportedPrefixNonRedundant
expr:
sum by (group) (
bird_protocol_prefix_import_count{
import_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:non_redundant{state="Established"}
)
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdOSPFNeighboursChange
expr:
changes(bird_ospf_neighbor_count[5m]) > 0
or changes(bird_ospfv3_neighbor_count[5m]) > 0
for: 0m
labels:
severity: warning
- alert: BirdOSPFDown
expr:
bird_ospf_running == 0
for: 0m
labels:
severity: critical
annotations:
Instance: !unsafe "{{ $labels.name }}"
...

View file

@ -0,0 +1,11 @@
---
prometheus__rules_common:
- alert: CollectorDown
expr:
up == 0
for: 3m
labels:
severity: critical
annotations:
Job: !unsafe "{{ $labels.job }}"
...

View file

@ -0,0 +1,11 @@
---
prometheus__scraping_eaton:
targets: "{{ groups.eaton_ups }}"
address: 127.0.0.1:9116
path: /snmp
params:
module:
- eaton
prometheus__rules_eaton: {}
...

View file

@ -0,0 +1,23 @@
---
prometheus__rules_keepalived:
- alert: KeepalivedVrrpFault
expr:
keepalived_vrrp_state{state="fault"} > 0
for: 0m
labels:
severity: critical
annotations:
Instance: !unsafe "{{ $labels.instance }}"
- alert: KeepalivedMasterChange
expr:
changes(
keepalived_vrrp_state{
keepalived_vvrp_state="master"
}[1m]
) > 0
for: 0m
labels:
severity: warning
annotations:
Instance: !unsafe "{{ $labels.instance }}"
...

View file

@ -0,0 +1,6 @@
---
prometheus__scraping_kresd:
targets: "{{ groups.dns }}"
address:
port: 8453
...

View file

@ -0,0 +1,25 @@
---
prometheus__alertmanager_targets:
- docker-ovh.adm.auro.re:9093
prometheus__tsdb_retention_time: 90d
prometheus__scraping:
node: "{{ prometheus__scraping_node }}"
prometheus: "{{ prometheus__scraping_prometheus }}"
kresd: "{{ prometheus__scraping_kresd }}"
bird: "{{ prometheus__scraping_bird }}"
quanta: "{{ prometheus__scraping_quanta }}"
snmp: "{{ prometheus__scraping_snmp }}"
eaton: "{{ prometheus__scraping_eaton }}"
prometheus__rules:
common: "{{ prometheus__rules_common }}"
switch: "{{ prometheus__rules_switch }}"
prometheus: "{{ prometheus__rules_prometheus }}"
node: "{{ prometheus__rules_node }}"
keepalived: "{{ prometheus__rules_keepalived }}"
quanta: "{{ prometheus__rules_quanta }}"
bird: "{{ prometheus__rules_bird }}"
#eaton: "{{ prometheus__rules_eaton }}"
...

View file

@ -0,0 +1,200 @@
---
prometheus__scraping_node:
targets: "{{ groups.vm + groups.pve }}"
address:
port: 9100
prometheus__rules_node:
- alert: OutOfMemory
expr:
(
node_memory_MemFree_bytes
+ node_memory_Cached_bytes
+ node_memory_Buffers_bytes
) / node_memory_MemTotal_bytes < 0.1
for: 5m
labels:
severity: warning
annotations:
FreeMemory: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostSwapIsFillingUp
expr:
(
1 - (
node_memory_SwapFree_bytes
/ node_memory_SwapTotal_bytes
)
) >= 0.5
for: 3m
labels:
severity: critical
annotations:
UsedSwap: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostPhysicalComponentTooHot
expr:
node_hwmon_temp_celsius > 79
for: 3m
labels:
severity: critical
annotations:
Temperature: !unsafe "{{ $value | humanize }} °C"
Chip: !unsafe "{{ $labels.chip }}"
Sensor: !unsafe "{{ $labels.sensor }}"
- alert: HostNodeOvertemperatureAlarm
expr:
node_hwmon_temp_crit_alarm_celsius == 1
for: 0m
labels:
severity: critical
annotations:
Chip: !unsafe "{{ $labels.chip }}"
Sensor: !unsafe "{{ $labels.sensor }}"
- alert: HostRaidArrayGotInactive
expr:
node_md_state{state="inactive"} > 0
for: 0m
labels:
severity: critical
annotations:
Device: !unsafe "{{ $labels.device }}"
- alert: HostRaidDiskFailure
expr:
node_md_disks{state="failed"} > 0
for: 0m
labels:
severity: critical
annotations:
severity: !unsafe "{{ $labels.md_device }}"
- alert: HostOomKillDetected
expr:
increase(node_vmstat_oom_kill[1m]) > 0
for: 0m
labels:
severity: warning
annotations:
PID: !unsafe "{{ $value }}"
- alert: HostEdacCorrectableErrorsDetected
expr:
increase(node_edac_correctable_errors_total[1m]) > 0
for: 0m
labels:
severity: warning
annotations:
CorrectedErrors: !unsafe "{{ $value }}"
- alert: HostEdacUncorrectableErrorsDetected
expr:
increase(node_edac_uncorrectable_errors_total[1m]) > 0
for: 0m
labels:
severity: warning
annotations:
DetectedErrors: !unsafe "{{ $value }}"
- alert: OutOfDiskSpace
expr:
(
node_filesystem_free_bytes
/ node_filesystem_size_bytes < 0.1
)
and on (instance, device, mountpoint) (
node_filesystem_readonly
) == 0
for: 5m
labels:
severity: critical
annotations:
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
FreeSpace: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostConntrackLimit
expr:
(
node_nf_conntrack_entries
/ node_nf_conntrack_entries_limit
) > 0.8
for: 5m
labels:
severity: warning
annotations:
Filled: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostClockSkew
expr:
(
node_timex_offset_seconds > 0.05
and deriv(node_timex_offset_seconds[5m]) >= 0
) or (
node_timex_offset_seconds < -0.05
and deriv(node_timex_offset_seconds[5m]) <= 0
)
for: 2m
labels:
severity: warning
- alert: HostClockNotSynchronising
expr:
min_over_time(node_timex_sync_status[1m]) == 0
and node_timex_maxerror_seconds >= 16
for: 2m
labels:
severity: warning
- alert: HostRequiresReboot
expr:
node_reboot_required > 0
for: 5m
labels:
severity: warning
- alert: OutOfInodes
expr:
node_filesystem_files_free
/ node_filesystem_files < 0.1
for: 3m
labels:
severity: warning
annotations:
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
FreeInodes: !unsafe "{{ $value | humanizePercentage }}"
- alert: CpuUsage
expr:
(
1 - avg by (instance) (
irate(node_cpu_seconds_total{mode="idle"}[5m])
)
) > 0.75
for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
- alert: SystemdServiceFailed
expr:
node_systemd_unit_state{state="failed"} == 1
for: 10m
labels:
severity: warning
annotations:
Service: !unsafe "{{ $labels.name }}"
- alert: LoadUsage
expr:
node_load1 > 5
for: 2m
labels:
severity: warning
annotations:
Load1: !unsafe "{{ $value | humanize }}"
- alert: UnhealthyDisk
expr:
smartmon_device_smart_healthy < 1
for: 10m
labels:
severity: critical
annotations:
Disk: !unsafe "{{ $labels.disk }}"
- alert: HostCpuStealNoisyNeighbor
expr:
avg by (instance) (
rate(node_cpu_seconds_total{mode="steal"}[5m])
) > 0.1
for: 5m
labels:
severity: warning
annotations:
Disk: !unsafe "{{ $labels.disk }}"
Steal: !unsafe "{{ $value | humanizePercentage }}"
...

View file

@ -0,0 +1,14 @@
---
prometheus__scraping_prometheus:
targets: "{{ groups.prom }}"
address:
port: 9090
prometheus__rules_prometheus:
- alert: PrometheusTsdbCompactionFailed
expr:
increase(prometheus_tsdb_compactions_failed_total[1m]) > 0
for: 0m
labels:
severity: critical
...

View file

@ -0,0 +1,97 @@
---
prometheus__scraping_quanta:
targets: "{{ groups.quanta }}"
address: 127.0.0.1:9116
path: /snmp
timeout: 60s
params:
module:
- quanta
prometheus__rules_quanta:
- alert: QuantaQueueOverflow
expr:
snAgGblQueueOverflow == 1
for: 0m
labels:
severity: critical
- alert: QuantaCpuUsage
expr:
snAgGblCpuUtil1MinAvg > 50
for: 5m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value }} %"
- alert: QuantaCpuUsage
expr:
snAgGblCpuUtil1MinAvg > 80
for: 5m
labels:
severity: critical
annotations:
Usage: !unsafe "{{ $value }} %"
- alert: QuantaMemoryUsage
expr:
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 50
for: 5m
labels:
severity: warning
annotations:
UsedMemory: !unsafe "{{ $value }} %"
- alert: QuantaMemoryUsage
expr:
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 80
for: 5m
labels:
severity: alert
annotations:
UsedMemory: !unsafe "{{ $value }} %"
- alert: QuantaFanHealth
expr:
snChasFanOperStatus{snChasFanOperStatus="normal"} == 0
for: 0m
labels:
severity: critical
annotations:
Description: !unsafe "{{ $labels.shChasFanDescription }}"
Status: !unsafe "{{ $labels.snChasFanOperStatus }}"
- alert: QuantaMissingIntakeTemp
expr:
count by (instance) (
snAgentTempValue
) - count by (instance) (
snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"}
) == 0
for: 0m
labels:
severity: critical
- alert: QuantaIntakeTemp
expr:
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 60
for: 10m
keep_firing_for: 30m
labels:
severity: warning
annotations:
Temperature: !unsafe "{{ $value }} °C"
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
- alert: QuantaIntakeTemp
expr:
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 70
for: 10m
keep_firing_for: 30m
labels:
severity: critical
annotations:
Temperature: !unsafe "{{ $value }} °C"
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
- alert: QuantaPowerRedundancyFailure
expr:
count by (instance) (
snChasPwrSupplyOperStatus{snChasPwrSupplyOperStatus="normal"}
) < 2
for: 0m
labels:
severity: warning
...

View file

@ -0,0 +1,6 @@
---
prometheus__scraping_snmp:
targets: "{{ groups.prom }}"
address:
port: 9116
...

View file

@ -0,0 +1,91 @@
---
prometheus__rules_switch:
- alert: SwitchPromiscuousChange
expr:
changes(ifPromiscuousMode[5m]) > 0
for: 0m
labels:
severity: warning
annotations:
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInterfaceUpChange
expr:
changes(ifOperStatus{ifOperStatus="up"}[5m]) > 0
for: 0m
labels:
severity: warning
annotations:
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInErrors
expr:
irate(ifInErrors[5m]) / (
irate(ifInUcastPkts[5m])
+ irate(ifInNUcastPkts[5m])
) > 0.0001
for: 0m
labels:
severity: warning
annotations:
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchOutErrors
expr:
irate(ifOutErrors[5m]) / (
irate(ifOutUcastPkts[5m])
+ irate(ifOutNUcastPkts[5m])
) > 0.0001
for: 0m
labels:
severity: warning
annotations:
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInLinkUsage
expr:
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
for: 5m
keep_firing_for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInLinkUsage
expr:
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
for: 5m
keep_firing_for: 10m
labels:
severity: critical
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchOutLinkUsage
expr:
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
for: 5m
keep_firing_for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchOutLinkUsage
expr:
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
for: 5m
keep_firing_for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
...

View file

@ -0,0 +1,42 @@
---
prometheus_snmp__modules_eaton:
version: 1
auth:
community: "{{ vault_snmp_eaton_community }}"
walk:
- sysUpTime
#- upsBattery
#- xupsBattery
#- xupsInput
- xupsInput
- xupsOutput
- xupsBypass
- xupsEnvironment
- xupsBattery
- xupsConfig
lookups:
- source_indexes:
- xupsInputPhase
lookup: xupsInputName
- source_indexes:
- xupsOutputPhase
lookup: xupsOutputName
- source_indexes:
- xupsBypassPhase
lookup: xupsBypassName
overrides:
#upsBatteryStatus:
# type: EnumAsStateSet
xupsInputId:
type: EnumAsStateSet
xupsOutputId:
type: EnumAsStateSet
xupsBypassId:
type: EnumAsStateSet
xupsOutputSource:
type: EnumAsStateSet
xupsBatteryAbmStatus:
type: EnumAsStateSet
xupsContactType:
type: EnumAsStateSet
...

View file

@ -0,0 +1,5 @@
---
prometheus_snmp__modules:
quanta: "{{ prometheus_snmp__modules_quanta }}"
eaton: "{{ prometheus_snmp__modules_eaton }}"
...

View file

@ -0,0 +1,125 @@
---
prometheus_snmp__modules_quanta:
auth:
community: "{{ vault_snmp_quanta_community }}"
timeout: 60s
retries: 3
walk:
- interfaces
- ifXTable
- snAgGblQueueOverflow
- snAgGblDynMemTotal
- snAgGblDynMemFree
- snAgGblCpuUtil1SecAvg
- snAgGblCpuUtil5SecAvg
- snAgGblCpuUtil1MinAvg
- sysUpTime
- snAgentCpuUtilPercent
- snAgent
- snChasFan
- snChasPwr
- snAgentTemp
- snAgentCpu
- snSwInfo
- snSwIfInfoTable
- dot3StatsTable
- dot3HCStatsTable
- dot3Errors
- dot3Tests
- dot3CollTable
- lldpLocChassisId
- lldpRemTable
- lldpLocPortTable
- dot1dBasePort
lookups:
- source_indexes:
- ifIndex
lookup: ifAlias
- source_indexes:
- ifIndex
lookup: ifDescr
- source_indexes:
- ifIndex
lookup: ifName
- source_indexes:
- snChasFanIndex
lookup: snChasFanDescription
- source_indexes:
- snAgentTempSlotNum
- snAgentTempSensorId
lookup: snAgentTempSensorDescr
- source_indexes:
- snSwIfInfoPortNum
lookup: snSwIfName
- source_indexes:
- snSwIfInfoPortNum
lookup: snSwIfDescr
- source_indexes:
- dot3StatsIndex
lookup: ifAlias
- source_indexes:
- dot3StatsIndex
lookup: ifDescr
- source_indexes:
- dot3StatsIndex
lookup: ifName
- source_indexes:
- lldpRemTimeMark
- lldpRemLocalPortNum
- lldpRemIndex
lookup: lldpRemChassisId
#- source_indexes:
# - lldpLocPortNum
# lookup: lldpLocPortIdSubtype
overrides:
ifIndex:
ignore: true
ifAlias:
ignore: true
ifDescr:
ignore: true
ifName:
ignore: true
ifOperStatus:
type: EnumAsStateSet
ifAdminStatus:
type: EnumAsStateSet
snChasFanIndex:
ignore: true
snChasFanDescription:
ignore: true
snChasPwrSupplyIndex:
ignore: true
snAgentTempSensorDescr:
ignore: true
snChasFanOperStatus:
type: EnumAsStateSet
snChasPwrSupplyOperStatus:
type: EnumAsStateSet
snSwIfName:
ignore: true
snSwIfDescr:
ignore: true
snSwIfVlanId:
ignore: true
snSwIfInfoPortNum:
ignore: true
snSwIfInfoMonitorMode:
type: EnumAsStateSet
snSwIfInfoMirrorPorts:
ignore: true
snSwIfInfoMediaType:
type: EnumAsInfo
ifType:
type: EnumAsInfo
dot3StatsIndex:
ignore: true
dot3StatsEtherChipSet:
ignore: true
dot3StatsDuplexStatus:
type: EnumAsStateSet
lldpLocPortIdSubtype:
type: EnumAsInfo
lldpRemPortIdSubtype:
type: EnumAsInfo
...

View file

@ -0,0 +1,35 @@
---
pve_auth__groups:
admin:
- Administrator
pve_auth__pam_users:
root:
enabled: false
pve_auth__users:
elkmaennchen:
password: "{{ vault_pve_passwords.elkmaennchen }}"
groups:
- admin
jeltz:
password: "{{ vault_pve_passwords.jeltz }}"
groups:
- admin
otthorn:
password: "{{ vault_pve_passwords.otthorn }}"
groups:
- admin
v-lafeychine:
password: "{{ vault_pve_passwords['v-lafeychine'] }}"
groups:
- admin
pz2891:
password: "{{ vault_pve_passwords.pz2891 }}"
groups:
- admin
loutr:
password: "{{ vault_pve_passwords.loutr }}"
groups:
- admin
...

View file

@ -0,0 +1,17 @@
---
radiusd__guest_vlan: 1000
radiusd__clients:
localhost:
addr: 127.0.0.1
secret: abcdef
type: aurore
wifi-ap-v4:
addr: 10.102.0.0/16
secret: abcdef
type: aurore
wifi-ap-v6:
addr: 2a09:6840:102::/56
secret: abcdef
type: aurore
...

View file

@ -0,0 +1,3 @@
---
prometheus_keepalived__dest: /var/run/prometheus-node-exporter/keepalived.prom
...

60
group_vars/vpn/bird.yml Normal file
View file

@ -0,0 +1,60 @@
---
bird__tables:
- wg
bird__kernel:
kernel:
learn: true
import: accept
export: accept
vrf:
learn: true
import:
sources:
- "{{ iproute2__custom_protos.wireguard }}"
export: accept
table: wg
kernel: "{{ iproute2__custom_tables.wireguard }}"
bird__ospf:
limits:
import: 4000
export: 4000
table: wg
import: accept
export:
sources:
- "{{ iproute2__custom_protos.wireguard }}"
areas:
1:
broadcast:
- vpn0
bird__bgp:
infra1:
local:
address: "{{ bird__bgp_addr.vpn }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:213::1:1
- 10.213.1.1
as: "{{ bird__as.aurore }}"
table: wg
import: accept
export: reject
next_hop_self: true
infra2:
local:
address: "{{ bird__bgp_addr.vpn }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:213::1:2
- 10.213.1.2
as: "{{ bird__as.aurore }}"
table: wg
import: accept
export: reject
next_hop_self: true
...

View file

@ -0,0 +1,16 @@
---
ifupdown2__vrf:
wg-vrf:
table: "{{ iproute2__custom_tables.wireguard }}"
ifupdown2__wireguard:
wg0:
private_key: "{{ vault_wireguard_wg0_private }}"
listen_port: 5121
vrf: wg-vrf
table: "{{ iproute2__custom_tables.wireguard }}"
peer_allowed_addresses:
- 2a09:6840:212::1:1/128
- 10.212.1.1/32
peer_public_key: 0kP/XjaGOpu4p9KHTAoAhkLwXzC8wJUdPIdhdpgeKhY=
...

View file

@ -0,0 +1,7 @@
---
iproute2__custom_tables:
wireguard: 2000
iproute2__custom_protos:
wireguard: 200
...

View file

@ -0,0 +1,22 @@
---
systemd_link__links:
pub0: ae:ae:ae:2C:60:35
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:128::220/64
- 10.128.0.220/16
gateways: "{{ ifupdown2__gateways.adm }}"
collabora__server_name: office.auro.re
collabora__post_allow_addrs:
- 2a09:6840:215::1:1
- 45.66.111.206
collabora__wopi_groups:
- host: https://cloud.auro.re:443
aliases:
- https://nextcloud.auro.re:443
...

View file

@ -0,0 +1,47 @@
---
systemd_link__links:
isp0: 02:00:00:c6:3f:6f
trunk0: 02:00:00:b1:8d:d6
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:1/64
- 10.210.1.1/16
gateways: "{{ ifupdown2__gateways.isp }}"
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
addresses:
- 100.64.0.2/27
vlan_id: 1000
vlan_raw_device: clients0
client1:
addresses:
- 100.64.0.34/27
vlan_id: 1001
vlan_raw_device: clients0
client2:
addresses:
- 100.64.0.66/27
vlan_id: 1002
vlan_raw_device: clients0
client3:
addresses:
- 100.64.0.98/27
vlan_id: 1003
vlan_raw_device: clients0
client4:
addresses:
- 100.64.0.130/27
vlan_id: 1004
vlan_raw_device: clients0
...

View file

@ -0,0 +1,47 @@
---
systemd_link__links:
isp0: 04:00:00:8c:d1:36
trunk0: 04:00:00:33:2c:3c
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:2/64
- 10.210.1.2/16
gateways: "{{ ifupdown2__gateways.isp }}"
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
addresses:
- 100.64.0.3/27
vlan_id: 1000
vlan_raw_device: clients0
client1:
addresses:
- 100.64.0.35/27
vlan_id: 1001
vlan_raw_device: clients0
client2:
addresses:
- 100.64.0.67/27
vlan_id: 1002
vlan_raw_device: clients0
client3:
addresses:
- 100.64.0.99/27
vlan_id: 1003
vlan_raw_device: clients0
client4:
addresses:
- 100.64.0.131/27
vlan_id: 1004
vlan_raw_device: clients0
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
int0: 02:00:00:9f:d9:f9
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:1/64
- 10.206.1.1/16
gateways: "{{ ifupdown2__gateways.int }}"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
int0: 04:00:00:3c:c0:5a
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:2/64
- 10.206.1.2/16
gateways: "{{ ifupdown2__gateways.int }}"
...

View file

@ -0,0 +1,39 @@
---
systemd_link__links:
adm0: 02:00:00:9E:3E:21
crans0: 02:00:00:A2:7C:68
zayo0: 02:00:00:35:89:82
rezel0: 02:00:00:8F:4A:AD
back0: 02:00:00:1C:3A:2E
viarezo0: 02:00:00:ED:70:64
router0: 02:00:00:5A:17:7C
oti0: 02:00:00:05:0E:A6
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:2/64
- 10.128.10.2/16
crans0:
ipv6_addrgen: false
zayo0:
ipv6_addrgen: false
rezel0:
addresses:
- 2a09:6842:19:9116::1/64
- 45.66.111.1/29
back0:
addresses:
- 2a09:6840:203::1:1/64
- 10.203.1.1/16
viarezo0:
addresses:
- 2a0c:b641:2ff::6/125
- 192.159.121.133/29
router0:
addresses:
- 2a09:6840:129::10:2/56
- 10.129.10.2/16
oti0:
ipv6_addrgen: false
...

View file

@ -0,0 +1,39 @@
---
systemd_link__links:
adm0: 04:00:00:F5:69:B9
crans0: 04:00:00:CF:E1:D0
zayo0: 04:00:00:67:7B:12
rezel0: 04:00:00:C6:05:B7
back0: 04:00:00:DE:22:E6
viarezo0: 04:00:00:45:FA:E6
router0: 04:00:00:AD:D7:71
oti0: 02:00:00:05:0E:A6
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:102/64
- 10.128.10.102/16
crans0:
ipv6_addrgen: false
zayo0:
ipv6_addrgen: false
rezel0:
addresses:
- 2a09:6842:19:9116::3/64
- 45.66.111.3/29
back0:
addresses:
- 2a09:6840:203::1:2/64
- 10.203.1.2/16
viarezo0:
addresses:
- 2a0c:b641:2ff::7/125
- 192.159.121.134/29
router0:
addresses:
- 2a09:6840:129::10:102/56
- 10.129.10.102/16
oti0:
ipv6_addrgen: false
...

View file

@ -0,0 +1,63 @@
---
systemd_link__links:
ups0: 02:00:00:fe:6f:0e
back0: 02:00:00:f8:93:22
monit0: 02:00:00:da:97:7f
wifi0: 02:00:00:8c:c5:bf
int0: 02:00:00:75:40:3e
sw0: 02:00:00:ca:e8:d1
bmc0: 02:00:00:47:d1:b9
pve0: 02:00:00:b3:35:e7
isp0: 02:00:00:6b:53:14
ext0: 02:00:00:32:86:60
vpn0: 02:00:00:52:5f:85
th30: 02:00:00:23:a7:d3
pub0: 02:00:00:7d:34:06
ifupdown2__interfaces:
back0:
addresses:
- 2a09:6840:203::1:3/64
- 10.203.1.3/16
- 45.66.111.210/32 # secondary
ups0:
ipv6_addrgen: false
monit0:
ipv6_addrgen: false
wifi0:
ipv6_addrgen: false
int0:
ipv6_addrgen: false
sw0:
ipv6_addrgen: false
bmc0:
ipv6_addrgen: false
pve0:
ipv6_addrgen: false
isp0:
ipv6_addrgen: false
ext0:
ipv6_addrgen: false
pub0:
ipv6_addrgen: false
vpn0:
addresses:
- 2a09:6840:213::1:1/64
- 10.213.1.1/16
th30:
ipv6_addrgen: false
bird__router_id: 10.203.1.3
bird__bgp_addr:
back:
- 2a09:6840:203::1:3
- 10.203.1.3
vpn:
- 2a09:6840:213::1:1
- 10.213.1.1
bird__pref_src_addr:
- 2a09:6840:203::1:3
- 45.66.111.210
...

View file

@ -0,0 +1,63 @@
---
systemd_link__links:
ups0: 04:00:00:6d:97:83
back0: 04:00:00:46:ba:f9
monit0: 04:00:00:72:0b:2d
wifi0: 04:00:00:ee:42:0f
int0: 04:00:00:21:fd:d0
sw0: 04:00:00:2e:5b:16
bmc0: 04:00:00:bb:5a:a6
pve0: 04:00:00:0b:2b:82
isp0: 04:00:00:f4:4c:5d
ext0: 04:00:00:1d:0e:83
vpn0: 04:00:00:02:ba:dd
th30: 04:00:00:9e:8d:4f
pub0: 04:00:00:f8:3b:9b
ifupdown2__interfaces:
back0:
addresses:
- 2a09:6840:203::1:4/64
- 10.203.1.4/16
- 45.66.111.211/32 # secondary
ups0:
ipv6_addrgen: false
monit0:
ipv6_addrgen: false
wifi0:
ipv6_addrgen: false
int0:
ipv6_addrgen: false
sw0:
ipv6_addrgen: false
bmc0:
ipv6_addrgen: false
pve0:
ipv6_addrgen: false
isp0:
ipv6_addrgen: false
ext0:
ipv6_addrgen: false
vpn0:
addresses:
- 2a09:6840:213::1:2/64
- 10.213.1.2/16
th30:
ipv6_addrgen: false
pub0:
ipv6_addrgen: false
bird__router_id: 10.203.1.4
bird__bgp_addr:
back:
- 2a09:6840:203::1:4
- 10.203.1.4
vpn:
- 2a09:6840:213:1:2
- 10.213.1.2
bird__pref_src_addr:
- 2a09:6840:203::1:4
- 45.66.111.211
...

View file

@ -0,0 +1,59 @@
---
systemd_link__links:
adm0: 02:00:00:D8:37:45
back0: 02:00:00:BF:10:4C
trunk0: 02:00:00:E9:BA:15
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:5/64
- 10.128.10.5/16
gateways: "{{ ifupdown2__gateways.adm }}"
back0:
addresses:
- 2a09:6840:203::1:5/64
- 45.66.111.211/32
- 10.203.1.5/16
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
vlan_id: 1000
vlan_raw_device: clients0
ipv6_addrgen: false
client1:
vlan_id: 1001
vlan_raw_device: clients0
ipv6_addrgen: false
client2:
vlan_id: 1002
vlan_raw_device: clients0
ipv6_addrgen: false
client3:
vlan_id: 1003
vlan_raw_device: clients0
ipv6_addrgen: false
client4:
vlan_id: 1004
vlan_raw_device: clients0
ipv6_addrgen: false
bird__router_id: 10.203.1.5
bird__bgp_addr:
back:
- 2a09:6840:203::1:5
- 10.203.1.5
bird__pref_src_addr:
- 2a09:6840:203::1:5
- 45.66.111.211
...

View file

@ -0,0 +1,47 @@
---
systemd_link__links:
adm0: 04:00:00:85:C3:5D
back0: 04:00:00:FE:2D:67
trunk0: 04:00:00:D8:F5:4D
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:105/64
- 10.128.10.105/16
gateways: "{{ ifupdown2__gateways.adm }}"
back0:
addresses:
- 2a09:6840:203::1:6/64
- 10.203.1.6/16
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
vlan_id: 1000
vlan_raw_device: clients0
ipv6_addrgen: false
client1:
vlan_id: 1001
vlan_raw_device: clients0
ipv6_addrgen: false
client2:
vlan_id: 1002
vlan_raw_device: clients0
ipv6_addrgen: false
client3:
vlan_id: 1003
vlan_raw_device: clients0
ipv6_addrgen: false
client4:
vlan_id: 1004
vlan_raw_device: clients0
ipv6_addrgen: false
...

View file

@ -0,0 +1,16 @@
---
systemd_link__links:
adm0: 02:00:00:38:c2:52
int0: 02:00:00:fe:a8:54
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:8/64
- 10.128.10.8/16
int0:
addresses:
- 2a09:6840:206::1:3/64
- 10.206.1.7/16
gateways: "{{ ifupdown2__gateways.int }}"
...

View file

@ -0,0 +1,16 @@
---
systemd_link__links:
adm0: 04:00:00:f7:1c:47
int0: 04:00:00:e4:83:d2
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:108/64
- 10.128.10.108/16
int0:
addresses:
- 2a09:6840:206::1:4/64
- 10.206.1.8/16
gateways: "{{ ifupdown2__gateways.int }}"
...

View file

@ -0,0 +1,38 @@
---
dovecot__auth_default_realm: test.auro.re
dovecot__auth_users:
jeltz@test.auro.re: "{plain}password"
lafeych@test.auro.re: "{plain}password"
toto@test.auro.re: "{plain}password"
root@test.auro.re: "{plain}L9yXSrCbbafMlMls5q7WWMKC612XNbXL"
dovecot__lmtp_postmaster_address: postmaster@test.auro.re
ifupdown2__interfaces:
ext0:
addresses:
- 2a09:6840:211::1:5/64
- 10.211.1.5/16
- 45.66.111.208/30
gateways: "{{ ifupdown2__gateways.ext }}"
postfix__hostname: mx.test.auro.re
postfix__sasl_local_domain: test.auro.re
postfix__virtual_aliases:
postmaster@test.auro.re: root@test.auro.re
dmarc@test.auro.re: root@test.auro.re
postfix__virtual_mailbox_domains:
- infra.test.auro.re
- test.auro.re
postfix__virtual_mailboxes:
jeltz@test.auro.re: jeltz@test.auro.re
root@test.auro.re: root@test.auro.re
toto@test.auro.re: toto@test.auro.re
vincent.lafeychine@test.auro.re: lafeych@test.auro.re
systemd_link__links:
ext0: ae:ae:ae:1d:c8:b2
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
pub0: 02:00:00:ad:62:64
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:215::1:2/64
- 45.66.111.205/27
gateways: "{{ ifupdown2__gateways.pub }}"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
pub0: 04:00:00:1b:0a:3a
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:215::1:3/64
- 45.66.111.207/27
gateways: "{{ ifupdown2__gateways.pub }}"
...

View file

@ -0,0 +1,29 @@
---
systemd_link__links:
adm0: 96:77:96:91:e3:6c
ovh0: 00:50:56:00:fd:c0
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::109/64
- 10.128.0.109/16
ovh0:
addresses:
- 92.222.211.194/24
gateways: "{{ ifupdown2__gateways.ovh }}"
# TODO: remove as soon as the VPN works
knotd__remotes:
xfr-master:
address: 2a09:6840:128::110
key: xfr
knotd__acl:
notify-master:
address:
- 2a09:6840:128::110
- 10.128.0.110
key: xfr
action: notify
...

View file

@ -0,0 +1,615 @@
---
knotd__listen:
- address: 0.0.0.0
- address: "::"
knotd__keys:
xfr:
algorithm: hmac-sha512
secret: "{{ vault_knotd_xfr_key }}"
ksk-infra:
algorithm: hmac-sha512
secret: "{{ vault_knotd_ksk_infra_key }}"
update-acme-challenge:
algorithm: hmac-sha512
secret: "{{ vault_certbot_dns_secret }}"
knotd__remotes:
xfr-ns-1:
address: 2a09:6840:215::1:2
key: xfr
xfr-ns-2:
address: 2a09:6840:215::1:3
key: xfr
xfr-ns-3:
address: 10.128.0.109
key: xfr
ksk-infra:
address: ::1
key: ksk-infra
knotd__policies:
public:
algorithm: ECDSAP256SHA256
reproducible_signing: true
# Je n'ai pas trouvé de façon de pousser les records automatiquement
# sur .re, donc pour éviter d'oublier de le faire manuellement, la
# KSK n'expire pas
ksk_lifetime: 0
zsk_lifetime: 30d
nsec3: true
infra:
algorithm: ECDSAP256SHA256
ksk_lifetime: 365d
zsk_lifetime: 30d
nsec3: on
ds-push: ksk-infra
cds-cdnskey-publish: rollover
ksk-submission: infra
ripe:
algorithm: ECDSAP256SHA256
ksk_lifetime: 365d
zsk_lifetime: 30d
nsec3: on
ds-push: ksk-ripe
cds-cdnskey-publish: rollover
ksk-submission: ripe
knotd__acl:
xfr:
addresses:
- 2a09:6840:128::109
- 10.128.0.109
- 2a09:6840:215::1:2
- 45.66.111.205
- 2a09:6840:215::1:3
- 45.66.111.207
action: transfer
key: xfr
ksk-infra:
addresses:
- 127.0.0.1
- ::1
key: ksk-infra
action: update
update_types:
- DS
update_owner: name
update_owner_match: equal
update_owner_name:
- infra
update-acme-challenge:
addresses:
- 10.128.0.0/16
- 2a09:6840:128::/48
key: update-acme-challenge
action: update
update_types:
- TXT
update_owner: name
update_owner_match: equal
update_owner_name:
- _acme-challenge.auro.re.
knotd__queryacl:
local:
addresses:
- 10.0.0.0/8
knotd__soa_rname: root@auro.re.
knotd__hosts:
auro.re:
proxy-ovh:
- 92.222.211.195
horus:
- 92.23.218.136
ns-1:
- 45.66.111.205
- 2a09:6840:215::1:2
ns-2:
- 92.222.211.194
serge:
- 92.222.211.196
lama:
- 185.230.78.220
- 2a0c:700:12:0:67:e5ff:fee9:108
vpn-ovh:
- 92.222.211.197
passerelle:
- 45.66.111.254
- 2a09:6840:111::254
proxy:
- 45.66.111.61
- 2a09:6840:111::61
camelot:
- 45.66.111.59
- 2a09:6840:111::59
mail:
- 45.66.111.62
- 2a09:6840:111::62
galene:
- 45.66.111.65
- 2a09:6840:111::65
aclyas:
- 45.66.111.231
- 2a09:6840:111::231
jitsi:
- 45.66.111.55
- 2a09:6840:111::55
portail-fleming:
- 10.13.0.247
- 2a09:6840:13::247
portail-pacaterie:
- 10.23.0.247
- 2a09:6840:23::247
portail-rives:
- 10.33.0.247
- 2a09:6840:33::247
portail-edc:
- 10.43.0.247
- 2a09:6840:43::247
portail-gs:
- 10.53.0.247
- 2a09:6840:53::247
grocy.bric:
- 45.66.111.133
- 2a09:6840:111::133
adh.auro.re:
hoffman:
- 45.66.110.1
- 2a09:6840:110:0:2d8:61ff:fe56:d7eb
hindley:
- 45.66.110.3
- 2a09:6840:110:0:a6ba:dbff:fe03:1f36
yberreby:
- 45.66.110.5
- 2a09:6840:110:0:d896:1dff:fe59:8381
paon:
- 45.66.110.10
- 2a09:6840:110:0:231:92ff:fe1b:ae22
lovelace:
- 45.66.110.45
- 2a09:6840:110:0:c634:6bff:feb5:7bcc
switch-leo:
- 45.66.110.103
- 2a09:6840:110:0:82cc:9cff:fe82:ca3e
haskell:
- 45.66.110.112
- 2a09:6840:110:0:f4ac:cbff:fe81:7f48
lyshyga0:
- 45.66.110.113
- 2a09:6840:110:0:6af7:28ff:fe91:e8d9
pz28910:
- 45.66.110.114
vinsing0:
- 45.66.110.123
- 2a09:6840:110:0:1e1b:dff:fe90:7d81
osc-routeur:
- 45.66.110.125
- 2a09:6840:110:0:ba27:ebff:fe2d:c1a1
odroid:
- 45.66.110.154
- 2a09:6840:110:0:21e:6ff:fe49:e00
amau0:
- 45.66.110.164
- 2a09:6840:110:0:3e7c:3fff:fec3:27d1
regulus:
- 45.66.110.180
- 2a09:6840:110:0:2ef0:5dff:fe2a:1530
toaster:
- 45.66.110.188
- 2a09:6840:110:0:5246:5dff:fe9a:f70
rpijutax:
- 45.66.110.190
- 2a09:6840:110:0:ba27:ebff:fe76:a9bc
lafeychine:
- 45.66.110.200
- 2a09:6840:110:0:46a5:6eff:fe71:1
polaris:
- 45.66.110.245
- 2a09:6840:110:0:dea6:32ff:feb4:d033
knotd__zones:
auro.re:
dnssec_policy: public
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- update-acme-challenge
- ksk-infra
- xfr
soa:
mname: ns-master.int.infra
ns:
- target:
- ns-1.pub.infra
- ns-2.pub.infra
- ns-3.ovh.infra
- name: infra
target:
- ns-1.pub.infra
- ns-2.pub.infra
- ns-3.ovh.infra
- name: test
target:
- ns-1.pub.infra
- ns-2.pub.infra
- ns-3.ovh.infra
- name: adm
target:
- serge
- lama
- name: ups
target:
- serge
- lama
- name: switch
target:
- serge
- lama
- name: borne
target:
- serge
- lama
mx:
- exchange: mail
preference: 5
- exchange: proxy-ovh
preference: 10
txt:
- data: v=spf1 mx -all
a:
- address: 92.222.211.195
cname:
- name:
- gisti
- gistiti
target: jitsi
- name:
- element
- riot
- auth
- rss
- codimd
- hedgedoc
- grist
- kanboard
- www
- pad
- privatebin
- zero
- paste
target: proxy-ovh
- name:
- grafana
- nextcloud
- cloud
- office
target: proxy.pub.infra
- name:
- netbox
- wiki
- matrix
- drone
- gitea
- re2o
- vote
target: proxy
- name: intranet
target: re2o
- name:
- smtp
- imap
target: mail
- name:
- prometheus-paul.adh
- pma-paul.adh
- nextcloud-paul.adh
- grafana-paul.adh
- jellyfin.adh
- monitoring.adh
- beta-mpp.adh
- pz28.adh
target: lucepaul.myvnc.com.
- name:
- services-1.pve
target: services-1.pve.infra
- name:
- services-2.pve
target: services-2.pve.infra
- name:
- services-3.pve
target: services-3.pve.infra
hosts: "{{ knotd__hosts['auro.re']
| combine(knotd__hosts['adh.auro.re']
| add_origin_keys('adh.auro.re.')) }}"
test.auro.re:
dnssec_policy: public
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
txt:
- data: v=spf1 mx -all
- name: _dmarc
data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
mx:
- exchange: mx
preference: 5
cname:
- name:
- www1
- www2
- www3
target: proxy.pub.infra.auro.re.
hosts:
mx:
- 2a09:6840:211::1:5
- 45.66.111.205
infra.auro.re:
dnssec_policy: infra
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
#queryacl: local
soa:
mname: ns-master.int
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
hosts:
services-1.ceph:
- 10.214.1.1
- "2a09:6840:214::1:1"
services-2.ceph:
- 10.214.1.2
- "2a09:6840:214::1:2"
services-3.ceph:
- 10.214.1.3
- "2a09:6840:209::1:3"
services-1.pve:
- 10.209.2.1
- 2a09:6840:209::2:1
services-2.pve:
- 10.209.2.2
- 2a09:6840:209::2:2
services-3.pve:
- 10.209.2.3
- 2a09:6840:209::2:3
ns-master.int:
- 10.128.0.110
- 2a09:6840:128:0::110
network-1.pve:
- 2a09:6840:209::1:1
- 10.209.1.1
network-2.pve:
- 2a09:6840:209::1:2
- 10.209.1.2
edge-1.back:
- 2a09:6840:203::1:1
- 10.203.1.1
edge-2.back:
- 2a09:6840:203::1:2
- 10.203.1.2
dns-1.int:
- 2a09:6840:206::1:1
- 10.206.1.1
dns-2.int:
- 2a09:6840:206::1:2
- 10.206.1.2
nis2.int:
- 2a09:6840:206::2:1
- 10.206.2.1
wg-1.vpn:
- 2a09:6840:213::1:3
- 10.213.1.3
wg-2.vpn:
- 2a09:6840:213::1:4
- 10.213.1.4
infra-1.back:
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2.back:
- 2a09:6840:203::1:4
- 10.203.1.4
isp-1.back:
- 2a09:6840:203::1:5
- 10.203.1.5
isp-2.back:
- 2a09:6840:203::1:6
- 10.203.1.6
dhcp-1.isp:
- 2a09:6840:210::1:1
- 10.210.1.1
dhcp-2.isp:
- 2a09:6840:210::1:2
- 10.210.1.2
radius-1.isp:
- 2a09:6840:210::1:3
- 10.210.1.3
radius-2.isp:
- 2a09:6840:210::1:4
- 10.210.1.4
ldap-1.int:
- 10.128.10.8
- 2a09:6840:128::10:8
ldap-2.int:
- 10.128.10.108
- 2a09:6840:128::10:108
ntp-1.int:
- 2a09:6840:206::1:5
- 10.206.1.5
ntp-2.int:
- 2a09:6840:206::1:6
- 10.206.1.6
prometheus-1.monit:
- 2a09:6840:204::1:1
- 10.204.1.1
prometheus-2.monit:
- 2a09:6840:204::1:2
- 10.204.1.2
ff-1.core.sw:
#- 2a09:6840:207::1:1
- 10.207.1.1
ff-2.core.sw:
#- 2a09:6840:207::1:2
- 10.207.1.2
fl-1.core.sw:
#- 2a09:6840:207::1:3
- 10.207.1.3
fl-2.core.sw:
#- 2a09:6840:207::1:4
- 10.207.1.4
fd-1.core.sw:
#- 2a09:6840:207::1:5
- 10.207.1.5
ff-3.core.sw:
#- 2a09:6840:207::1:6
- 10.207.1.6
gk-1.core.sw:
#- 2a09:6840:207::2:1
- 10.207.2.1
eb-1.core.sw:
#- 2a09:6840:207::3:1
- 10.207.3.1
r3-1.core.sw:
#- 2a09:6840:207::4:1
- 10.207.4.1
eb-1.ups:
- 2a09:6840:201::3:1
- 10.201.3.1
ec-1.ups:
- 2a09:6840:201::3:2
- 10.201.3.2
mx.test:
- 2a09:6840:211::1:5
- 10.211.1.5
collabora.ext:
- 2a09:6840:211::1:1
- 10.211.1.1
proxy.pub:
- 2a09:6840:215::1:1
- 45.66.111.206
ns-1.pub:
- 2a09:6840:215::1:2
- 45.66.111.205
ns-2.pub:
- 2a09:6840:215::1:3
- 45.66.111.207
ns-3.ovh:
- 92.222.211.194
108.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
109.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
110.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
reverse_hosts: "{{ knotd__hosts['adh.auro.re']
| ip_filter(['45.66.110.0/24'])
| add_origin_keys('adh.auro.re.') }}"
111.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
reverse_hosts: "{{ knotd__hosts['auro.re']
| ip_filter(['45.66.111.0/24'])
| add_origin_keys('auro.re.') }}"
0.4.8.6.9.0.a.2.ip6.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
reverse_hosts: "{{ knotd__hosts['auro.re']
| ip_filter(['2a09:6840::/32'])
| add_origin_keys('auro.re.')
| combine(knotd__hosts['adh.auro.re']
| ip_filter(['2a09:6840::/32'])
| add_origin_keys('adh.auro.re.')) }}"
...

View file

@ -0,0 +1,16 @@
---
systemd_link__links:
int0: 02:00:00:e3:36:c8
adm0: 42:17:a7:d1:bd:6a
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::110/64
- 10.128.0.110/16
int0:
addresses:
- 2a09:6840:206::1:7/64
- 10.206.1.7/16
gateways: "{{ ifupdown2__gateways.int }}"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
int0: 02:00:00:74:71:83
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:5/64
- 10.206.1.5/16
gateways: "{{ ifupdown2__gateways.int }}"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
int0: 04:00:00:31:be:50
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:6/64
- 10.206.1.6/16
gateways: "{{ ifupdown2__gateways.int }}"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
monit0: 02:00:00:a8:6b:51
ifupdown2__interfaces:
monit0:
addresses:
- 2a09:6840:204::1:1/64
- 10.204.1.1/16
gateways: "{{ ifupdown2__gateways.monit }}"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
monit0: 04:00:00:a6:93:5a
ifupdown2__interfaces:
monit0:
addresses:
- 2a09:6840:204::1:2/64
- 10.204.1.2/16
gateways: "{{ ifupdown2__gateways.monit }}"
...

View file

@ -70,3 +70,6 @@ loc_reverseproxy:
- from: grafana.auro.re - from: grafana.auro.re
to: "10.128.0.98:3000" to: "10.128.0.98:3000"
- from: office.auro.re
to: "10.128.0.220"

View file

@ -0,0 +1,99 @@
---
systemd_link__links:
pub0: ae:ae:ae:3a:71:0b
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:215::1:1/64
- 45.66.111.206/27
gateways: "{{ ifupdown2__gateways.pub }}"
caddy__matrix_headers:
access-control-allow-headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
access-control-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
access-control-allow-origin: "*"
caddy__routes_https:
www1.test.auro.re:
- root: /var/www/auro.re
- path: /.well-known/matrix/server
headers: "{{ caddy__matrix_headers }}"
body: '{"m.server": "matrix.auro.re:8448"}'
status: 200
- path: /.well-known/matrix/client
headers: "{{ caddy__matrix_headers }}"
body: '{"m.homeserver": {"base_url": "https://matrix.auro.re"}}'
status: 200
www2.test.auro.re:
headers:
location: "https://auro.re{http.request.uri}"
status: 301
www3.test.auro.re:
reverse:
- "[2a09:6840:128::198]:3000"
- 10.128.0.198:3000
grafana.auro.re:
reverse:
- "[2a09:6840:128::98]:3000"
- 10.128.0.98:3000
office.auro.re:
reverse:
- "[2a09:6840:211::1:1]:9980"
- 10.211.1.1:9980
nextcloud.auro.re:
headers:
location: "https://cloud.auro.re{http.request.uri}"
status: 301
cloud.auro.re:
- path: /.well-known/carddav
headers:
location: /remote.php/dav/
status: 301
- path: /.well-known/caldav
headers:
location: /remote.php/dav/
status: 301
- path: /.well-known/webfinger
headers:
location: /index.php/.well-known/webfinger
status: 301
- path: /.well-known/nodeinfo
headers:
location: /index.php/.well-known/nodeinfo
status: 301
- path: /remote/*
rewrite: /remote.php
- path: /ocm-provider/*
rewrite: /index.php
- path: "*.mjs"
headers:
content-type: text/javascript
- reverse:
- "[2a09:6840:128::58]:8080"
- 10.128.0.58:8080
headers:
x-robots-tag: noindex, nofollow
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: "1; mode=block"
caddy__contact_email: tech.aurore@lists.crans.org
caddy__errors:
- root: "{{ caddy__error_dir }}"
- rewrite: /error.html
- file_server: true
templates: true
caddy__servers:
https:
listen: ":443"
routes: "{{ caddy__routes_https }}"
errors: "{{ caddy__errors }}"
http:
listen: ":80"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
isp0: 02:00:00:6a:3e:f4
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:3/64
- 10.210.1.3/16
gateways: "{{ ifupdown2__gateways.isp }}"
...

View file

@ -0,0 +1,11 @@
---
systemd_link__links:
isp0: 04:00:00:29:6d:c9
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:4/64
- 10.210.1.4/16
gateways: "{{ ifupdown2__gateways.isp }}"
...

View file

@ -0,0 +1,44 @@
---
systemd_link__links:
vpn0:
enabled: false
vpn: 02:00:00:b5:ca:c7
ext0:
enabled: false
ext: 02:00:00:e3:65:49
ifupdown2__interfaces:
ext0:
gateways: "{{ ifupdown2__gateways.ext }}"
addresses:
- 2a09:6840:211::1:1/64
- 10.211.1.1/16
- 45.66.111.204/30
vpn0:
addresses:
- 2a09:6840:213::1:3/64
- 10.213.1.3/16
# FIXME: move to group_vars
goto_table: "{{ iproute2__custom_tables.wireguard }}"
#vrf: wg-vrf
ext:
gateways: "{{ ifupdown2__gateways.ext }}"
addresses:
- 2a09:6840:211::1:1/64
- 10.211.1.1/16
- 45.66.111.204/30
vpn:
addresses:
- 2a09:6840:213::1:3/64
- 10.213.1.3/16
# FIXME: move to group_vars
goto_table: "{{ iproute2__custom_tables.wireguard }}"
#vrf: wg-vrf
bird__router_id: 10.213.1.3
bird__bgp_addr:
vpn:
- 2a09:6840:213::1:3
- 10.213.1.3
...

138
hosts
View file

@ -1,9 +1,104 @@
# Aurore servers inventory # Aurore servers inventory
# How to name your server ? [vm_test]
# > We name servers according to location, then type, then function. mx.test.infra.auro.re
# > Then we regroup everything in global geographic, type and function groups.
[vm_services]
collabora.ext.infra.auro.re
proxy.pub.infra.auro.re
[aruba]
eb-1.acs.sw.infra.auro.re
[quanta]
ff-1.core.sw.infra.auro.re
ff-2.core.sw.infra.auro.re
fl-1.core.sw.infra.auro.re
fl-2.core.sw.infra.auro.re
fd-1.core.sw.infra.auro.re
gk-1.core.sw.infra.auro.re
eb-1.core.sw.infra.auro.re
r3-1.core.sw.infra.auro.re
[eaton_ups]
eb-1.ups.infra.auro.re
ec-1.ups.infra.auro.re
[vpn]
wg-[1:2].vpn.infra.auro.re
[dns]
dns-[1:2].int.infra.auro.re
[dhcp]
dhcp-[1:2].isp.infra.auro.re
[edge]
edge-[1:2].back.infra.auro.re
[isp]
isp-1.back.infra.auro.re
#isp-[1:2].back.infra.auro.re
[infra]
infra-[1:2].back.infra.auro.re
[prom]
prometheus-[1:2].monit.infra.auro.re
[router:children]
isp
infra
edge
[ns]
ns-[1:2].pub.infra.auro.re
ns-3.ovh.infra.auro.re
[ldap]
#ldap-[1:2].int.infra.auro.re
[ntp]
ntp-[1:2].int.infra.auro.re
[radiusng]
radius-[1:2].isp.infra.auro.re
[vm:children]
vm_network
vm_services
vm_ovh
[vm_ovh]
ns-3.ovh.infra.auro.re
[vm_network:children]
vpn
edge
dhcp
dns
radiusng
ntp
#ldap
isp
infra
prom
ns
nsmaster
[nsmaster]
ns-master.int.infra.auro.re
[pve:children]
pve_network
pve_services
[pve_network]
network-1.pve.infra.auro.re ansible_ssh_host=10.209.1.1
network-2.pve.infra.auro.re
[pve_services]
services-[1:3].pve.infra.auro.re
############################################################################### ###############################################################################
# Aurore : main services # Aurore : main services
@ -69,6 +164,7 @@ switchs-manager.adm.auro.re
ldap-replica-ovh.adm.auro.re ldap-replica-ovh.adm.auro.re
prometheus-ovh.adm.auro.re prometheus-ovh.adm.auro.re
prometheus-federate.adm.auro.re prometheus-federate.adm.auro.re
ns-2.auro.re
[ovh_testing_vm] [ovh_testing_vm]
#re2o-test.adm.auro.re #re2o-test.adm.auro.re
@ -89,15 +185,9 @@ dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re dns-fleming-backup.adm.auro.re
ntp-1.int.infra.auro.re
prometheus-fleming.adm.auro.re prometheus-fleming.adm.auro.re
#prometheus-fleming-fo.adm.auro.re ns-1.auro.re
radius-fleming.adm.auro.re radius-fleming.adm.auro.re
dns-1.int.infra.auro.re
isp-1.rtr.infra.auro.re
isp-2.rtr.infra.auro.re
dhcp-1.isp.auro.re
dhcp-2.isp.auro.re
radius-fleming-backup.adm.auro.re radius-fleming-backup.adm.auro.re
unifi-fleming.adm.auro.re unifi-fleming.adm.auro.re
routeur-fleming.adm.auro.re routeur-fleming.adm.auro.re
@ -505,13 +595,13 @@ rives_unifi
ovh_container ovh_container
# every virtual machine # every virtual machine
[vm:children] #[vm:children]
ovh_vm #ovh_vm
fleming_vm #fleming_vm
pacaterie_vm #pacaterie_vm
edc_vm #edc_vm
gs_vm #gs_vm
rives_vm #rives_vm
# every server # every server
[server:children] [server:children]
@ -519,13 +609,13 @@ fleming_server
edc_server edc_server
# every PVE # every PVE
[pve:children] #[pve:children]
ovh_pve #ovh_pve
fleming_pve #fleming_pve
pacaterie_pve #pacaterie_pve
edc_pve #edc_pve
gs_pve #gs_pve
rives_pve #rives_pve
# every unifi # every unifi
[unifi:children] [unifi:children]

View file

@ -1,10 +1,9 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Put a common configuration on all servers - hosts:
- hosts: all,!unifi - pve
- vm
roles: roles:
- baseconfig - base_utils
- basesecurity - unattended_upgrades
- ldap_client ...
- logrotate
- update_motd

484
playbooks/bird.yml Executable file
View file

@ -0,0 +1,484 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- infra
- isp
- vpn
roles:
- bird
#- hosts:
# - isp-1.back.infra.auro.re
# - isp-2.back.infra.auro.re
# vars:
# bird__router_ids:
# isp-1.back.infra.auro.re: 10.203.1.5
# isp-2.back.infra.auro.re: 10.203.1.6
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
# bird__radv_interfaces:
# client0:
# prefix:
# - 2a09:6841::/64
# domain_search:
# - client0.isp.auro.re
# client1:
# prefix:
# - 2a09:6841:0:1::/64
# domain_search:
# - client1.isp.auro.re
# client2:
# prefix:
# - 2a09:6841:0:2::/64
# domain_search:
# - client2.isp.auro.re
# client3:
# prefix:
# - 2a09:6841:0:3::/64
# domain_search:
# - client3.isp.auro.re
# client4:
# prefix:
# - 2a09:6841:0:400::/64
# domain_search:
# - client4.isp.auro.re
# bird__radv_dns_servers:
# - 2a09:6840:128::10:103
# - 2a09:6840:128::10:3
# bird__asn:
# aurore: 43619
# bird__bgp_addresses:
# isp-1.back.infra.auro.re:
# - 2a09:6840:203::1:5
# - 10.203.1.5
# isp-2.back.infra.auro.re:
# - 2a09:6840:203::1:6
# - 10.203.1.6
# bird__bgp_sessions:
# edge1:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:1
# - 10.203.1.1
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# edge2:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:2
# - 10.203.1.2
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# bird__ospf_broadcast_interfaces:
# back0: null
# bird__ospf_stub_interfaces:
# - client0
# - client1
# - client2
# - client3
# - client4
# roles:
# - bird
#- hosts:
# - infra-1.back.infra.auro.re
# - infra-2.back.infra.auro.re
# vars:
# bird__router_ids:
# infra-1.back.infra.auro.re: 10.203.1.3
# infra-2.back.infra.auro.re: 10.203.1.4
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
# bird__ospf_broadcast_interfaces:
# back0: null
# bird__ospf_stub_interfaces:
# - monit0
# - wifi0
# - int0
# - pub0
# - bmc0
# - pve0
# - isp0
# - mgmt0
# bird__asn:
# aurore: 43619
# bird__bgp_addresses:
# infra-1.back.infra.auro.re:
# - 2a09:6840:203::1:3
# - 10.203.1.3
# infra-2.back.infra.auro.re:
# - 2a09:6840:203::1:4
# - 10.203.1.4
# bird__bgp_sessions:
# edge1:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:1
# - 10.203.1.1
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# edge2:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
## address:
# - 2a09:6840:203::1:2
# - 10.203.1.2
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# roles:
# - bird
#- hosts:
# - edge-1.back.infra.auro.re
# - edge-2.back.infra.auro.re
# vars:
# bird__router_ids:
# edge-1.back.infra.auro.re: 10.203.1.1
# edge-2.back.infra.auro.re: 10.203.1.2
# bird__asn:
# aurore: 43619
# crans: 204515
# zayo: 8218
# viarezo: 212424
# rezel: 199116
# bird__orig_prefixes:
# aurore:
# - 45.66.108.0/22
# - 2a09:6840::/32
# - 2a09:6841::/32
# - 2a09:6842::/32
# crans:
# - 185.230.76.0/22
# - 2a0c:700::/32
# viarezo:
# - 138.195.144.0/20
# - 192.159.121.0/24
# - 2a0c:b641:2f0::/44
# rezel:
# - 137.194.8.0/22
# - 2a09:6847::/32
# martians:
# - 10.0.0.0/8
# - 172.16.0.0/12
# - 192.168.0.0/16
# - 100.64.0.0/10
# - 127.0.0.0/8
# - 169.254.0.0/16
# - 192.0.0.0/24
# - 192.0.2.0/24
# - 198.18.0.0/15
# - 198.51.100.0/24
# - 203.0.113.0/24
# - 224.0.0.0/4
# - 240.0.0.0/4
# - ::/128
# - ::1/128
# - ::ffff:0:0/96
# - ::/96
# - 100::/64
# - 2001:10::/28
# - 2001:db8::/32
# - fc00::/7
# - fe80::/10
# - fec0::/10
# - ff00::/8
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
# bird__bgp_addresses:
# edge:
# edge-1.back.infra.auro.re:
# - 2a09:6840:203::1:1
# - 10.203.1.1
# edge-2.back.infra.auro.re:
# - 2a09:6840:203::1:2
# - 10.203.1.2
# legacy:
# edge-1.back.infra.auro.re:
# - 2a09:6840:129::10:2
# - 10.129.10.2
# edge-2.back.infra.auro.re:
# - 2a09:6840:129::10:102
# - 10.129.10.102
# rezel:
# edge-1.back.infra.auro.re:
# - 2a09:6842:19:9116::1
# - 45.66.111.1
# edge-2.back.infra.auro.re:
# - 2a09:6842:19:9116::3
# - 45.66.111.3
# bird__bgp_sessions:
# edge:
# local:
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address: "{{ bird__bgp_addresses.edge
# | dict2items
# | selectattr('key', '!=', inventory_hostname)
# | map(attribute='value')
# | first }}"
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - local_pref: 75
# accept: true
# vpn1:
# local:
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:7
# - 10.203.1.7
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: false
# export:
# - accept: true
# vpn2:
# local:
# address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:8
# - 10.203.1.8
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: false
# export:
# - accept: false
# legacy:
# next_hop_self: true
# local:
# address: "{{ bird__bgp_addresses.legacy[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:129::240
# - 10.129.0.240
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: false
# export:
# - bgp_proto:
# - crans
# - zayo
# - rezel1
# - rezel2
# accept: true
# - accept: false
# zayo:
# local:
# address:
# - 83.167.52.69
# - 2001:1b48:2:103::d7:2
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 83.167.52.68
# - 2001:1b48:2:103::d7:1
# as: "{{ bird__asn.zayo }}"
# import:
# - prefix: "{{ bird__orig_prefixes.martians }}"
# sub: true
# accept: false
# - accept: true
# export:
# - prefix: "{{ ['aurore', 'crans', 'viarezo', 'rezel']
# | map('extract', bird__orig_prefixes)
# | flatten }}"
# sub: true
# accept: true
## - accept: false
# crans:
# local:
# address:
# - 185.230.79.254
# - 2a0c:700:28::2
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 185.230.79.253
# - 2a0c:700:28::1
# as: "{{ bird__asn.crans }}"
# import:
# - prefix: "{{ bird__orig_prefixes.crans }}"
# sub: true
# accept: true
# - accept: false
# export:
# - bgp_proto:
# - viarezo
# - rezel1
# - rezel2
# - zayo
# accept: true
# - prefix: "{{ bird__orig_prefixes.aurore }}"
# sub: true
# accept: true
# - accept: false
# rezel1:
# local:
# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6842:19:9116::2
# - 45.66.111.2
# as: "{{ bird__asn.rezel }}"
# import:
# - prefix: "{{ bird__orig_prefixes.rezel }}"
# sub: true
# accept: true
# - accept: false
# export:
# - bgp_proto:
# - edge
# - viarezo
# - crans
# - zayo
# accept: true
# - prefix: "{{ bird__orig_prefixes.aurore }}"
# sub: true
# accept: true
# - accept: false
# rezel2:
# local:
# address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6842:19:9116::4
# - 45.66.111.4
# as: "{{ bird__asn.rezel }}"
# import:
# - local_pref: 75
# - prefix: "{{ bird__orig_prefixes.rezel }}"
# sub: true
# accept: true
# - accept: false
# export:
# - bgp_proto:
# - edge
# - viarezo
# - crans
# - zayo
# accept: true
# - prefix: "{{ bird__orig_prefixes.aurore }}"
# sub: true
# accept: true
# - accept: false
# viarezo:
# local:
# address:
# - 192.159.121.134
# - 2a0c:b641:2ff::6
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 192.159.121.133
# - 2a0c:b641:2ff::5
# as: "{{ bird__asn.viarezo }}"
# import:
# - prefix: "{{ bird__orig_prefixes.martians }}"
# accept: false
# - prefix: "{{ bird__orig_prefixes.viarezo }}"
# sub: true
# negate: true
# local_pref: 50
# - accept: true
# export:
# - prefix: "{{ bird__orig_prefixes.aurore }}"
# as_prepend:
# asn: "{{ bird__asn.aurore }}"
# size: 5
# - bgp_proto:
# - crans
# - zayo
# accept: true
# - accept: false
# bird__ospf_broadcast_interfaces:
# back0: null
# bird__ospf_stub_interfaces:
# - crans0
# - zayo0
# - rezel0
# - viarezo0
# bird__static_unreachable: "{{ bird__orig_prefixes.aurore }}"
# roles:
# - bird
#- hosts:
# - vpn-1.back.infra.auro.re
# - vpn-2.back.infra.auro.re
# vars:
# bird__asn:
# aurore: 43619
# bird__router_ids:
# vpn-1.back.infra.auro.re: 10.203.1.7
# vpn-2.back.infra.auro.re: 10.203.1.8
# bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
# bird__bgp_addresses:
# vpn-1.back.infra.auro.re:
# - 2a09:6840:203::1:7
# - 10.203.1.7
# vpn-2.back.infra.auro.re:
# - 2a09:6840:203::1:8
# - 10.203.1.8
# bird__bgp_sessions:
# edge1:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:1
# - 10.203.1.1
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# edge2:
# local:
# address: "{{ bird__bgp_addresses[inventory_hostname] }}"
# as: "{{ bird__asn.aurore }}"
# remote:
# address:
# - 2a09:6840:203::1:2
# - 10.203.1.2
# as: "{{ bird__asn.aurore }}"
# import:
# - accept: true
# export:
# - accept: false
# bird__ospf_broadcast_interfaces:
# back0: null
# bird__ospf_stub_interfaces:
## - wg0
# roles:
# - bird
...

7
playbooks/caddy.yml Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- proxy.pub.infra.auro.re
roles:
- caddy
...

View file

@ -1,27 +1,10 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: - hosts:
- ntp-1.int.infra.auro.re - pve_network
vars: - vm_network
chronyd__allow_networks: - vm_services
- 10.128.0.0/16 - ntp
- 2a09:6840:128::/48
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
chronyd__local_stratum: 10
roles:
- chronyd
- hosts:
- all
- "!ntp-1.int.infra.auro.re"
- "!unifi"
vars:
chronyd__pools:
- ntp-1.int.infra.auro.re
roles: roles:
- chronyd - chronyd
... ...

7
playbooks/collabora.yml Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- collabora.ext.infra.auro.re
roles:
- collabora
...

7
playbooks/dhcpd.yml Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- dhcp
roles:
- dhcpd
...

8
playbooks/firewall.yml Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- infra
- isp
roles:
- firewall
...

7
playbooks/freeradius.yml Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- radius
roles:
- freeradius
...

View file

@ -17,8 +17,9 @@
bind_password: "{{ vault_ldap_grafana_password }}" bind_password: "{{ vault_ldap_grafana_password }}"
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re" search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re" group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
editors_group_dn: admins_group_dn:
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
editors_group_dn:
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
update_motd: update_motd:
grafana: Grafana est déployé (/etc/grafana). grafana: Grafana est déployé (/etc/grafana).

8
playbooks/hostname.yml Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- vm
- pve
roles:
- hostname
...

View file

@ -1,213 +1,7 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: - hosts:
- ntp-1.int.infra.auro.re - vm
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
# TODO: netbox
ifupdown2__hosts:
ntp-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::203/56
- 10.128.0.203/16
dns-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::127/56
- 10.128.0.127/16
dhcp-1.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::204/56
- 10.128.0.204/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.2/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.34/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.66/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.98/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.130/27
vlan_id: 1004
vlan_raw_device: clients
dhcp-2.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::91/56
- 10.128.0.91/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.3/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.35/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.67/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.99/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.131/27
vlan_id: 1004
vlan_raw_device: clients
isp-1.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::255/56
- 10.128.0.255/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
forward: true
ipv6_addrgen: false
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
isp-2.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::158/56
- 10.128.0.158/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
roles: roles:
- ifupdown2 - ifupdown2
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
resolvconf__nameservers:
- 2a09:6840:128::127
- 10.128.0.127
resolvconf__domain: auro.re
resolvconf__search:
- "{{ inventory_hostname | remove_domain_suffix }}"
- auro.re
roles:
- resolvconf
... ...

10
playbooks/ip_forward.yml Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- edge
- infra
- isp
- vpn
roles:
- ip_forward
...

10
playbooks/iproute2.yml Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- edge
- isp
- infra
- vpn
roles:
- iproute2
...

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: dhcp-*.adm.auro.re
vars:
update_motd:
unbound: isc-dhcp-server est déployé.
roles:
- isc_dhcp_server
- update_motd

View file

@ -1,32 +1,9 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: - hosts:
- isp-1.rtr.infra.auro.re - isp
- isp-2.rtr.infra.auro.re - edge
vars: - infra
keepalived__virtual_router_id: 80
keepalived__interface: ens18
keepalived__virtual_addresses:
client-0:
- 100.64.0.1/27
- 2a09:6841::/56
- fe80::1/10
client-1:
- 100.64.0.33/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-2:
- 100.64.0.65/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-3:
- 100.64.0.97/27
- 2a09:6841:0:200::/56
- fe80::1/10
client-4:
- 100.64.0.129/27
- 2a09:6841:0:300::/56
- fe80::1/10
roles: roles:
- keepalived - keepalived
... ...

View file

@ -1,17 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
# vars:
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
# service_name: dns
# service_version: crans
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

8
playbooks/knotd.yml Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ns-master.int.infra.auro.re
- ns
roles:
- knotd
...

6
playbooks/kresd.yml Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env ansible-playbook
---
- hosts: dns
roles:
- kresd
...

8
playbooks/locales.yml Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- pve
- vm
roles:
- locales
...

8
playbooks/mail.yml Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- vm_test
roles:
- postfix
- dovecot
...

10
playbooks/openssh.yml Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- pve_network
- vm_test
- vm_services
- vm_network
roles:
- openssh_server
...

View file

@ -1,241 +1,228 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: prometheus-fleming.adm.auro.re - hosts:
vars: - pve
prometheus_alertmanager: docker-ovh.adm.auro.re:9093 - vm
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['fleming_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['fleming_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-pacaterie.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['pacaterie_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['pacaterie_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-edc.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re
# - ups-ec-2.ups.auro.re
- ups-ec-3.ups.auro.re
prometheus_servers_targets: |
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['edc_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['edc_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration edc) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-gs.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['gs_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-gk-1.ups.auro.re
prometheus_apc_pdu_snmp_targets:
- pdu-ga-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['gs_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration gs) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-rives.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-r3-1.ups.auro.re
- ups-r1-1.ups.auro.re
prometheus_servers_targets: |
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['rives_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['rives_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration rives) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-aurore.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_postgresql_targets: |
{{ groups['bdd'] + groups['radius'] | list | sort }}
prometheus_switch_snmp_targets:
- yggdrasil.switch.auro.re
- sw-pn-serveurs.switch.auro.re
- sw-ec-serveurs.switch.auro.re
- sw-gk-serveurs.switch.auro.re
- sw-fl-serveurs.switch.auro.re
- sw-ff-uplink.switch.auro.re
- sw-fl-core.switch.auro.re
- sw-fd-vcore.switch.auro.re
- sw-fl-vcore.switch.auro.re
- sw-ff-vcore.switch.auro.re
- sw-pn-core.switch.auro.re
- sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['aurore_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-ovh.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
prometheus_postgresql_targets:
- bdd-ovh.adm.auro.re
prometheus_docker_targets:
- docker-ovh.adm.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-federate.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets:
- prometheus-edc.adm.auro.re
- prometheus-gs.adm.auro.re
- prometheus-fleming.adm.auro.re
- prometheus-pacaterie.adm.auro.re
- prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re
update_motd:
prometheus_federate: >-
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
roles:
- prometheus_federate
- update_motd
# Postgres Exporters
- hosts: bdd,radius
roles:
- prometheus_postgres
# Monitor all hosts
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
roles: roles:
- prometheus_node - prometheus_node
- hosts:
- router
roles:
- prometheus_keepalived
- prometheus_bird
- hosts:
- prom
roles:
- prometheus_snmp
- prometheus
#- hosts: prometheus-fleming.adm.auro.re
# vars:
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# snmp_ilo_user: aurore
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
#
# prometheus_servers_targets: |
# {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
# prometheus_unifi_snmp_targets: |
# {{ groups['fleming_unifi'] | list | sort }}
# prometheus_ilo_snmp_targets: |
# {{ groups['fleming_ilo'] | list | sort }}
#
# update_motd:
# prometheus: >-
# Prometheus (en configuration fleming) est déployé (/etc/prometheus).
# roles:
# - prometheus
# - update_motd
#
#- hosts: prometheus-pacaterie.adm.auro.re
# vars:
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# snmp_ilo_user: aurore
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
#
# prometheus_servers_targets: |
# {{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
# prometheus_unifi_snmp_targets: |
# {{ groups['pacaterie_unifi'] | list | sort }}
# prometheus_ups_snmp_targets:
# - ups-pn-1.ups.auro.re
# - ups-ps-1.ups.auro.re
# prometheus_ilo_snmp_targets: |
# {{ groups['pacaterie_ilo'] | list | sort }}
#
# update_motd:
# prometheus: >-
# Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
# roles:
# - prometheus
# - update_motd
#
#- hosts: prometheus-edc.adm.auro.re
# vars:
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# snmp_ilo_user: aurore
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
#
# prometheus_ups_snmp_targets:
# - ups-ec-1.ups.auro.re
# # - ups-ec-2.ups.auro.re
# - ups-ec-3.ups.auro.re
# prometheus_servers_targets: |
# {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
# prometheus_unifi_snmp_targets: |
# {{ groups['edc_unifi'] | list | sort }}
# prometheus_ilo_snmp_targets: |
# {{ groups['edc_ilo'] | list | sort }}
#
# update_motd:
# prometheus: >-
# Prometheus (en configuration edc) est déployé (/etc/prometheus).
# roles:
# - prometheus
# - update_motd
#
#- hosts: prometheus-gs.adm.auro.re
# vars:
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# snmp_ilo_user: aurore
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
#
# prometheus_servers_targets: |
# {{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
# prometheus_unifi_snmp_targets: |
# {{ groups['gs_unifi'] | list | sort }}
# prometheus_ups_snmp_targets:
# - ups-gk-1.ups.auro.re
# prometheus_apc_pdu_snmp_targets:
# - pdu-ga-1.ups.auro.re
# prometheus_ilo_snmp_targets: |
# {{ groups['gs_ilo'] | list | sort }}
#
# update_motd:
# prometheus: >-
# Prometheus (en configuration gs) est déployé (/etc/prometheus).
# roles:
# - prometheus
# - update_motd
#
#- hosts: prometheus-rives.adm.auro.re
# vars:
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# snmp_ilo_user: aurore
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
#
# prometheus_ups_snmp_targets:
# - ups-r3-1.ups.auro.re
# - ups-r1-1.ups.auro.re
# prometheus_servers_targets: |
# {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
# prometheus_unifi_snmp_targets: |
# {{ groups['rives_unifi'] | list | sort }}
# prometheus_ilo_snmp_targets: |
# {{ groups['rives_ilo'] | list | sort }}
#
# update_motd:
# prometheus: >-
# Prometheus (en configuration rives) est déployé (/etc/prometheus).
# roles:
# - prometheus
# - update_motd
#
#- hosts: prometheus-aurore.adm.auro.re
# vars:
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# snmp_ilo_user: aurore
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
#
# prometheus_servers_targets: |
# {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
# prometheus_postgresql_targets: |
# {{ groups['bdd'] + groups['radius'] | list | sort }}
# prometheus_switch_snmp_targets:
# - yggdrasil.switch.auro.re
# - sw-pn-serveurs.switch.auro.re
# - sw-ec-serveurs.switch.auro.re
# - sw-gk-serveurs.switch.auro.re
# - sw-fl-serveurs.switch.auro.re
# - sw-ff-uplink.switch.auro.re
# - sw-fl-core.switch.auro.re
# - sw-fd-vcore.switch.auro.re
# - sw-fl-vcore.switch.auro.re
# - sw-ff-vcore.switch.auro.re
# - sw-pn-core.switch.auro.re
# - sw-ec-core.switch.auro.re
# - sw-gk-core.switch.auro.re
# - sw-r3-core.switch.auro.re
# prometheus_ilo_snmp_targets: |
# {{ groups['aurore_ilo'] | list | sort }}
#
# update_motd:
# prometheus: >-
# Prometheus (en configuration aurore) est déployé (/etc/prometheus).
# roles:
# - prometheus
# - update_motd
#
#- hosts: prometheus-ovh.adm.auro.re
# vars:
# prometheus_alertmanager: docker-ovh.adm.auro.re:9093
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# snmp_switch_community: "{{ vault_snmp_switch_community }}"
# snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
# snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
# snmp_ilo_user: aurore
# snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
# snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
#
# prometheus_servers_targets: |
# {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
# prometheus_postgresql_targets:
# - bdd-ovh.adm.auro.re
# prometheus_docker_targets:
# - docker-ovh.adm.auro.re
#
# update_motd:
# prometheus: >-
# Prometheus (en configuration ovh) est déployé (/etc/prometheus).
# roles:
# - prometheus
# - update_motd
#
## Postgres Exporters
#- hosts: bdd,radius
# roles:
# - prometheus_postgres

8
playbooks/pve.yml Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- pve
- vm
roles:
- locales
...

9
playbooks/qemu_guest.yml Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- vm_network
- vm_services
- vm_test
roles:
- qemu_guest
...

Some files were not shown because too many files have changed in this diff Show more