Compare commits

..

1 commit

Author SHA1 Message Date
50364fa989 Remove services-bdd(-local)? from inventory 2021-03-25 18:00:11 +01:00
140 changed files with 1974 additions and 3634 deletions

View file

@ -3,7 +3,9 @@ skip_list:
- load-failure
- document-start
- meta-no-info
- ignore-errors
warn_list:
- experimental # all rules tagged as experimental
exclude_paths:
- group_vars/all/vault.yml

View file

@ -5,7 +5,8 @@ name: check
steps:
- name: ansible and yaml linting
image: quay.io/ansible/toolset:3.5.0
pull: never
image: aurore-ansible-lint-image
commands:
- ansible-lint
...

View file

@ -2,9 +2,8 @@
# Recettes Ansible d'Aurore
Dépendances requises :
* Ansible 2.9 ou plus récent.
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
## Ansible 101
@ -89,11 +88,8 @@ On va utiliser plutôt `ProxyJump`.
Dans la configuration SSH :
```
Host *.adm.auro.re *.pve.auro.re
# Accept new host keys
StrictHostKeyChecking accept-new
# Use passerelle to connect to administration VLANs
# Use a proxy jump server to log on all Aurore inventory
Host 10.128.0.* *.adm.auro.re
ProxyJump passerelle.auro.re
```

View file

@ -1,17 +1,38 @@
# Ansible configuration
[defaults]
ask_vault_pass = True
roles_path = ./roles
# Do not create .retry files
retry_files_enabled = False
# Use inventory
inventory = ./hosts
filter_plugins = ./filter_plugins
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
# Custom header in templates
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
# Do not use cows (with cowsay)
nocows = 1
# Do more parallelism
forks = 15
# Some SSH connection will take time
timeout = 60
remote_user = root
[privilege_escalation]
# Use sudo to get priviledge access
become = True
# Ask for password
become_ask_pass = True
[diff]
# TO know what changed
always = yes
[ssh_connection]
pipelining = True

9
backups.yml Normal file
View file

@ -0,0 +1,9 @@
---
- hosts: perceval.adm.auro.re
roles:
- borgbackup_server
- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
roles:
- borgbackup_client
...

View file

@ -5,6 +5,13 @@
roles:
- baseconfig
- basesecurity
# Plug LDAP on all servers
- hosts: all,!unifi
roles:
- ldap_client
# Install logrotate
- hosts: all,!unifi,!pve
roles:
- logrotate
- update_motd

7
bdd.yml Normal file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
# Install and configure bdd servers at Saclay and at OVH
- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
roles:
- postgresql_server
...

20
copy-keys.sh Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
set -e
# Grab valid unique hostnames from the Ansible inventory.
HOSTS=$(grep -ve '^[#\[]' hosts \
| grep -F adm.auro.re \
| sort -u)
# Ask password
read -s -p "Hello adventurer, what is your LDAP password? " passwd
echo
for host in $HOSTS; do
echo "[+] Handling host $host"
# sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
done

View file

@ -1,3 +0,0 @@
#!/usr/bin/env bash
# Deploy all playbooks
ansible-playbook playbooks/*.yml $@

View file

@ -0,0 +1,8 @@
---
# Deploy a correclty configured postfix on non mailhost servers
- hosts: all,!unifi
vars:
local_network: 10.128.0.0/16
relay_host: proxy.adm.auro.re
roles:
- postfix_non_mailhost

View file

@ -0,0 +1,7 @@
FROM python:3.9-alpine
LABEL description="Aurore's docker image for ansible-lint"
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
RUN pip install --no-cache-dir "ansible-lint==5.0.0"
RUN pip install --no-cache-dir "ansible>=2.10,<2.11"

View file

@ -0,0 +1,18 @@
# Ansible-lint image
In order to build this image when a new version comes out, you need to
1. ssh into the `drone.adm.auro.re` server
2. git pull this repo to the lastest version
3. optionally make the changes if it has not been done yet
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
5. ???
6. enjoy
You can verify that the image was correclty built by running
```
# list the images present
sudo docker image ls
# run your image with an interactive shell
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
```

View file

@ -1,40 +0,0 @@
import ipaddress
from operator import attrgetter
import dns.name
class FilterModule:
def filters(self):
return {
"remove_domain_suffix": remove_domain_suffix,
"ipaddr_sort": ipaddr_sort,
}
def remove_domain_suffix(name):
parent = dns.name.from_text(name).parent()
return parent.to_text()
def ipaddr_sort(addrs, types, unknown_after=True):
check_types = {
"global": attrgetter("is_global"),
"link-local": attrgetter("is_link_local"),
"loopback": attrgetter("is_loopback"),
"multicast": attrgetter("is_multicast"),
"private": attrgetter("is_private"),
"reserved": attrgetter("is_reserved"),
"site_local": attrgetter("is_site_local"),
"unspecified": attrgetter("is_unspecified"),
}
def addr_weight(addr):
if isinstance(addr, str):
addr = ipaddress.ip_address(addr.split("/")[0])
for index, ty in enumerate(types):
if check_types[ty](ipaddress.ip_address(addr)):
return index
return len(types) if unknown_after else -1
return sorted(addrs, key=addr_weight)

View file

@ -18,6 +18,16 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
# Databases
postgresql_services_url: 'bdd-ovh.adm.auro.re'
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
# Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/'

View file

@ -1,246 +1,214 @@
$ANSIBLE_VAULT;1.1;AES256
64313161633263303464663933363265373935633862653634643862343232643432343966376438
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
39346463396563626166333362306464343836386365303836356461323663633831636562393039
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
61666365663963643437386530363261306438376665386463376366363662656161316263303831
61393136363934316462616131326463333736656136643038623061313363386538393833663637
36373565333566306632313865646538633532393731313430633462666334323762653337383338
63313433333835653366363061343839326131666139346563306366656365316663333438363837
33323165353936343165646464306434303161313139653561346461653537616164623434376534
33666662343734633766356230383761353239333632613031396365346536373432363433633564
61633762393033343336373864653438336436613630366539333731383336346665313732396265
32356138666135383562656366353131366436363464643630656130303437623131333239386363
66373866393064306565306565386230373638633733326661333065633136633130323963323765
30353262323835313365383562326363343965636634376133613331363133313030346561653931
39363636636235646131353034663861336362383263613165323230366439383561653165363764
65366130623362623539393461363832353435616266393036386439303834316635366438393936
33383933366262636232383066663130383965306137356363363539633661373664613738336539
31363131616135623039346465623530376533386263343836376662316562386530336266303062
64386531303938623939653635313163633261336339366139666135323130653862346132646636
30363065303235346331333434653331646333616337623562643564366435613938643235333664
30626164373030303237656366623631396138333265383566333664663061613536666363623630
61623362383439636239336234333161366635306432363230366630383836326330343932303863
39393232373831363863333332636362396639663831656266336430313837666463336439353332
63303036633433323439613535326663633332346565646338353761363733643766363132666365
34303865656262303563323665363730663062626537363461646363636461633762663237366366
64393133656464643065633634313261336662646435313735306266316132636530393631353830
61303939373363323131316463333136326365333430626266376636356130396239323464353937
64616232373532396334343433636332353530386662633164353235626361623164313039336666
31636434666437393839393133633961373139313663616366373239386163623064373836376164
62316638366366376134386231306435616138656461373633393339653532363434393834393430
37363335623934306661333135343266663464623438353665613330356236323036363139643064
62383934363465316338393065383935646134353230376131613935613431656333383565353134
34643866353131653061623236306536363163373639396564336434653839346263303930633663
39393935636235313431303032336361313730373238333732626465346662363038636361383631
65393433346363366337383233646166306339653533646632623262376630383265393438326135
31643039333835666338383762336163336337343532393063323165636531353361613731363065
65303637396332613432663636326334646635346237396461636366356133303333306239393739
34353966653662346230383865643231313239626533643761366162613164333132373636623237
32356335643766646266646266633366363165373861306433316561363166363865303133633939
34633132343438363034323638376666313061383965323566646463653163313235373364386666
62393865373137343237306637363536383939303833663532396333313931336162333837613935
66383266343735396337663936333162323738383264376533316536376563396333343263643931
65646535363337373865353265306434356432353066656665366638353331366334366339613538
32373637633564613861626538373365336362313434633137613966353861393462623862663330
64386431373066306334383863366133333564373163386433313231363366393830343230323734
61633962356637326538336663386330653563353763663236623539363630626363323237333237
30656139626561313064323330373032323031343137366638303966313832646365666238326337
63306363613361653933306234386163383837666430616663383664386563323839326232383761
35373539626438356539393266653864353066633365383437623437356464383335383039343137
61373539343631373932373033656233323964353666626162386537616333366562346265656238
35396130356166303564303036383664656435626534303064653363316464616335303965376330
61646638383138323265313631613037396561626162306661653231646230343139656135333236
63303838316266333665636335663361656262353066666430656162323236633564313337353665
35363565303736633564356632346632343832363934343962313030646132663566346664313632
38393061613163356265643434626166393366366634343032626637333332316361663639623534
62323239373639393337373537646232663531653835356165313264663561623633633830373734
31336234613633666538373961626430316530346462343061323661353564323938353338373961
64616637303734303333626166306330613238646265636136653939363936356165356232396436
65353731633836363433616534636330663565643561363233396538386430393964353433616437
36343936313936303165396236393463646363383338366238363961666530623335653234656139
65346337663437623134376137326166323933613861663032623965643538343638376234316232
36333065323234663263343630353739313661373536316162366532336438373263303730626464
38613136393166626663636631363064303736666235333036616435373063363762666565363136
38333966303831313333613831313132633062616235353365313533386236613338373130303836
61326262313833306437366364316433393931353265326131653563656131333436376338613266
39326632613366666136643137303635336631353230396435313537656366326239626362313833
62653039343261613265306362323234623264366664306561663839306631663465303962386462
39353934643562383762623937643034383534393962333466613636346637323235346438666636
31613838313535666166663063373333653439313035346266666463623666613837313933623837
63343565663739393764353761316432626237346234663032316131306262356233333439323961
38646664383030303832646563393836643135303731306435383338623633626638306165386637
65393238653464623032336437643838333932366131656332333165376261383539386466343139
65613733383837323832303738363664653138613830376333363038383839623463623631666237
63363263396533353763373934373034643763376665316638353435663635346135333265363235
62663432343935343964626432353563313036303761393039386231343530663737633466643035
65343835353037643539316439666666633866356530363237373230373439373133313337653237
66613631373637313534353862653437393234363365323032393035376438616264336661616262
37336435326135373065353564383637626637343532396331623334643139386364316431376435
36356566363033636539363430356565373039363863396565643730656531346364626334393436
33343839303538383530363231366166623233333730323163323432373831313639626337346230
30333930333064393337616564386163623436613933623466353933393733346339383534633239
30633365313364666566643533326163336330323232353533316633313739343035383465376330
65356139386463633565366132383832643032333234633964373437633836343435393631396166
34633439643764623936366536353931646132373539326238303761383339643661616266646130
30393166393465326365393130636136336433623262346435353936306133616135653734383635
65393530633836613937346430366337626365363361663533313837363063396538663766646566
63373639653732353135343562353266316164303863336365303635653464393232613939396131
30636361343932663233663566656131363938656161623966316366656561343166336532613666
65613534663762353662353262623634616264373964316336626166353330303539356130646166
63643435353765633766626165643465386331333637366562393861613834323464363932306430
32643836646266643031396262626136313363623663366430376432373036643835653863323631
30613164326430633664306630333632363931656135643465363439376263386561383534633666
64323763656466343064396639313264386239356664663461333166626332326536623132333434
62303261643164643330333662623935383037353338306135613737306563326336336162633138
33623066373265663362303133363032343933306336396466383034636131333837313333326531
39336163313633623639303462313763656632633030336236643030343262653366633939643536
31636535393864663363353930363761623264343630396336396431663330323436613462633136
37336464353730643566393432343762333336653932333366636265343663323462626232623635
34346136333630363539633666316561376266373032373961313437653564636537656630303261
37313639333233333365383763333061373730623939303530303832646365323739356564626137
35633366393636376463393961333830343232363266633931613332643134643234303733373466
35323831623931633436626636346431303965663639666566623433383736633834626330303265
37353337656233663938663839373931623137666662623266336537383631626631306235363064
33313564316438633139336261623736336336326239376630316335313631376132646563333430
33656432643130643832343065353834633366363339353964623762666564633835633636313731
63353637636165663136623736343234393038313235333363643237643566623766393838386635
33646233623032653233336266636335666233353032303837663162303939383262373761623261
35366661363966346233633739663635353361303264356534366235616164316138623730623632
62316362623736396264366632373661373835393434343364353431316362666235616635633566
64353530633334393737346663653562346335323065356665643132353738363132623031353664
66666639326238386634363664356664343161386435323736316636343536326435303066353035
37363731613138393333636562386363333932386362303139643262386237353863363764643139
64616561373239346464623165616332623434303433626638376232333733646136376431626438
66613134343639656331626630303030366133356636663735353466353834613430356265386162
66613332663232623438636661306332613162666561353537313336643134663664306630636639
61613363353264373831393962333631383236666130646333336431303735333165656438363432
38396530333631636135653534393531326434306362396237366430383166323832336434376364
38393431646338316232373431613930326532646333386435303034356564336665346133393866
61643533643361646265313334633463616437393437653935613261366635616430313064346532
32363831613565313836376338646466323130373032613863323037323566643164653132633735
65636562653535626461396666643330386333663137613333643165656336633038323036373162
31376338613862333334643561313332326237646565633934323032626662633631633033623063
63306664656437663732323339383735306132616531373865323835633264333639336163366466
33373433653839393638323034623835643531393266306331313563613265616633353763653438
65363532653163303861383531356639316331343531666666636336373634636134633331366364
62366230366435323435613964636533353236373935626632623536396664313264653031623062
33366166343630313839366262313234346262343336386538336335393835646138666330656361
61313936323838653832633130346539636363613838343363663431623063333933383466353938
65383361333561383631643938613862343236346233363466333237316339616362366565306639
39356563656132303463346138356435303038303165363935343266396462326365363262393336
37396235366639623761366239386165613065626431633733306234343866663266633631656237
63643430383433393835663635356265636635363137613064353066313338346436356632346265
38393730336465396263373137383238653337396364643061303234666266663064663265383434
36636138643432373633313038393737663735363838396164366234643533633762383062353831
66326231363337323666386263373438656630346336663239643030386434636264666634393631
39313364333761343532346165396365306463393037643935666363323630326664616638313338
39396336653738353333343835363861643166376565346463303135376439336134666235623230
32363031303732666133386164313437366164326539373564623236356432303132633436323563
36323634373538376133613736633133356638323861636434646465643432636366376138636232
63633830613462613831313938326339343632393038376639623131366364623536353338363439
32613331623863336165636364616634303264356630303665383638663737343836663831363263
63366562393734323030306436346534626530656465396535323835316139633562363830373437
63626530326530383538623165356532303862353763326432373966626436303465373431373762
38613539623164353732623636376630643465343839666531306438326633343362306665366132
39396537366266353864656232616334336130333337306463313932393832653661343036396261
64613461633433356334623631643861303133383963336635623138326139613564343838366565
36343130353462333162313736636139306233366466626231306561626335396262663531333839
61336437343137356335633764373730306466326133356331333530353537616661373062656438
35356235666464656466323937353837623535643937383866666133383633396563333338633034
38366531613164363966323137646237393135383164643230663331306335636432656565633636
34343031633632346533353666353034666266666561346464306665386634313263323333653330
66323033393531343633356466613837346164393332613037636465343230623731616361336338
61373332373636646435353734386366613334323161626437396232613534613330613532323534
65653065386432313733663165616333663666363733623162306536303833663136353334656466
64353931363838613761663561666639373865393438396565626661343934353662363834636535
65363664393433313036383438643864663339626331343230343337316437336634636363303563
35373539383535353235633730386232363539616632336566376264393832383637663330613133
37643261363966633138373935333438393536373938383265373261363232343030373539366335
61633162663137643061363366653135323639363838626266386262666133306461333432313738
30313332626166303630363839396663396564633961383863326663356230343938643833303933
34333032353935323565346633363537656639613663356130383264373739636231363364613066
36653664346434393933383337313630623131396461343930383537633536643365306564396665
31353861643335353538623838393335326364393738376239623431306231363739656438626265
37666532336661306262303761616238666239623265663231386165353437366631376234343035
33393037316563373534373765616238616639303031346430623561663430393536303163613338
65353062336164626335376235656235343637366438353334356436653266333062663838316263
32623732306462356162623437393035626433336631643833626463656634366332613936346465
34653331363133373635633330363564333264623566613432383439396537343963653239336265
33326132663434363065646265646130333935303662623037363938313464366564323734333437
36336335303738643634653164306332636130316161393335656536386131396662616366383139
36663863343736666665363337663537326330323437346565346465326231366563643136366365
37636361343961326261336437616266373962643765346438333766306537303137353764396330
39626635373631353635313935363834363730386132376363663462653330623130663266373432
65343237326535613535386363396236336536366165306463643162346638623638373433646163
62613935363636353639623839396231393838303135346536383037353636613563323234626131
64373666303436393861373164376564646235366131343433623733663832653039393738343537
65323534343464613230346532623966616462353532373064623566626563336464326336393364
39626237646431313135323036303065343138616632343237396136366332636132303037376132
33623031623635653162616265316366663262373666636638386130643336383130643232643662
34326663343562613962343033396332303261636230353331313730336630633461333736626333
66636430643330383032646634396133626339623036333963396662313234623466366634636334
33373762386662613966353664346239666133656435353365653536356331613632666132376264
62613433366633663065306166396166633836306139376533396165393966323465303638373563
63326330323161303065643365343363313338326238363137663139613463613434643834613662
64663365633965653363633165653038333335333232633434323037643936646561376431626230
66356138373136366134373533386634373061666330663364376336383433306331386162393633
33636330643531396464313736363061303466393861613730323563626363643731333633366532
64646130636234653566346533323962353332653335336239353630633535623935396638663366
37383661343636613261623833653032373764653164346634663431653664636233323734666166
36373664306566663930353338366431623563396166356638626166333165623263636336613138
34343936393964666564306637346561393538383137663162663630336462656663316338376236
63633666333263663734353861633164653132663334306664643133663736663766626639393236
32653430333163313363343731666135656662363838366132383732346130313130363365656263
32643533393163376264653632663262353966306630333064313932616262323134326361633764
63383837303936616434616630653833653833623263623532306363373836323431393335623530
34316562343035326265333164643163356230643639373431326431303538346363376332373434
31313666313663343363353130306561646136393732663164393232636330663635346434343134
33663138663336636430373763396435323138373633666438623234363631336232366635366532
62616239663934653462656163326134303261376635323864633435383666363065656665303538
62626538343638366236646136363232373437336630383739656438636465326531646664366462
36353663626634386538336239623734323234393463313034303837363164363263623065613061
38333162646232366339333662313965663336613238386530393162346266636532353433656136
66326436323836376432313238613165373565643233333435393361636637653361616435393438
32383763393561343734643438346635613663393736613839623263663866336165343235663933
66623137616561313462653631613830363666653635336534643935373739353138363934656134
35663063396162623432373534333463376231666466393963336231653939326663396336383735
34633763336163313432616163313638623963306666643432306661393632346339373963633265
32303862643661376433356661383335313365306534663534396638313531373538326236636363
37626138333437393363323261336663653163643565303063313231346131376261653763356631
62306262336337366134626632333663363139393131306666303235303761623665356431646234
33666461663035303066353137623762653565353533613435663839396238336337333463636465
38353135356634626137376232613330393235383432356436393030313564306537616363383136
66356463373138313661373565326565343066643133633630313031303132313031663739316631
66666631386163313034306532393862393930653931363235396662366262636466363464396466
61303962303066633764393831396632626233343633313061323838623134373036393164633139
30303861636335636131376334376239636235653233323435623262366132663934613661333135
61386136326435363337316363666330363431613135663661303438383664663930656564373730
32373731393666333364633835646431646662313232383136616238303264383438663766356462
32346664376430663934626661663039656461383738626265346162393861346163656161323333
39323666643031376530303230626166613233383731363766373634623430633635303963313466
34646331363539636133373134353535356265393265393635323532323134643034343663636362
38633261613433393634396234396265623063346138363133646532366638306632396464646432
61373961383438386535336131393633303430346162613738343839653038303035303033626535
37343030623530333332306265373539633735616634663666356437303862636338363866613861
38346130336338373865343866306665616530313938616366346131376262346135323537663137
39383366313766666234323234363937623264353532323033363966313135653163343036666262
34393832613034383239393930383063336131356364303231323966303633333331633666373764
65383137333965663234663933303231356165376233326233303035316536666563656363343933
36633039666432643135636331353932633164633964623661373739633665313433306561303637
62373534346562363132643063643732343462653838393635343266626535353864656437313434
34376538303965616539626534613431623834376337643936613137323031323139393762636463
66346664666361623636666533663037613434353135393862376633636233656330366136646434
30653735323961383130393763333630306131376430363436623238646632363462383739653636
37346566663039383866323639633565366338353438386461616239313639343766333661346435
33316538366463383733346663316564656566656165396465393461363061613239666165346661
62346639623163363762366431313831663135643062336363323336303737393437653863303665
36643466336566336236353166333063633830646461626262333937316162353365353130353535
30383164363532363532306364393236303537383139643431393962333063633162313033613561
32323434336364343061386666616639336566373461633462393130336461303531353436623065
65663430623066336533373662306566396263376562343936666166626666323964373334613835
64633535303365643564626562643562636363363834353865353765356665643965663861366436
63333736613232353130616466316637613966646139323565356537666331666564623832333439
36376131663431616430616265323039646432393166613631313762613264313765323231663961
65616636306362386534626130636261636566626365643630616135323634343935653033653433
3061
65616665376265626636393064366339323264623332323337356438303634646361303530626536
3134646236376339666130646239626333613866383766340a366465373839396639623862636436
34336636326332313432373162356565383034636366613135353037393138363466626235353261
3634306231333966350a323133396531626565633433313761343433303964316163643365626466
33376632643937663566386232383161303231326638356338383536626531313462636335363166
35353138393964663063613331386138363030356661633530313533336138336362306437626431
34613435383966333538363734613730386634393532653334393766613262666434303666386537
33643832653236313136663761613762656334356466623431383533333563646135336332653331
39376164363533383930343237366638323534313232613561643936336330353538393136363534
37353536623939386131616638623531326531316233656166383133316564393731623366353833
31613665303532303435363765373434653933386530356433653061623232306239316534653432
39663938616637363238623866303439326666303438613066633866343830303762633233383333
65343332616430613839636337396238666466666430383031663939323239383964346638356538
65306463303330373534316438313932373864626637643935636165333835373662623737613734
36373161386163383831623065323763356637313364303539343763653065383139623934353638
34373861616336363861363761373665393465623566393063346331333861326337316363373163
31633532373966656565303866653335356364633063313665386335663863363163303431656165
61383231666665346162303635393838323462613261663231356531393734313063663231616632
30343562366433363261393037313062343036663139353431663330383263316662313330636534
33666463393664636538376365663236613536633663303738373034303136383939343039316463
38363731333435333262383064336138303062303836303735383836626430623738666635383637
36383031646561666632666339616632366138383534393030636331323037643564306363303864
33616664326330656136336538363539623039376565383166373032386230383639326564343961
39623465366233383663383433313862306366643432623130363037643033366531376163386165
64353930386233373561356530316361623665643531333632376266633963303262346532386633
34363938363765313366636134636364616634393061333264386262386261383236386532393966
62636332633165383730313365366631303032336339346138633231656165646465643039666362
39613534303532616433646433616261653739663366383566303862386666383363633736306265
65366434626634303033616463316433393730373034666463663333376633656630386665313934
36626337383236373533623830326134303931653434613837353961366130623665623336303139
63616265366638393064666166343331306530313438636436306264636235643762623564653762
65393435363564366266313161393631383836396464643635643361363034306134626535353962
63393530313438383731303666343637303666616239643334626338393864613635363330653062
31633030396362666237376232306238373065616238373934313930313234353433343934363432
35633636656632643964613431333435656532653038373532343036396136636231306436326639
36376163656634303236396133316664613164346661346565646165303664343735303233636164
38393361343561396336333133326539346561373038613265666364316630363339336565363265
64623063346232346334373836346231353336383931393663373365623838363036643232646330
37303139663166653634336363626637653666363965383632313261326530323236303961343130
39663165303836346339396536313137636462373765313135303039386339393536303263636236
31333534323735373638666364643365396435636533393932643432386630663135633839643965
34346330613132383533393361626333636132616130343266663835616534616562646366366336
38303337373331303638643639373535633331626461613862333562653165306663383237383232
63303331656338656137613162323138333661613834323863633265353737633666336263636665
34393064376330306562343930376337626165373562336630633938316566343434633734613561
39363531383233666437373562663136303834373838383632356436643638306633346434316362
63343866353465396630383562306230313737353863363935346630396134393534353531336535
65366634316230323264366662376133303565626638386635616536303839363737663538353338
32663834636363643034316165303164386430346663303635323634373465326537653132366230
38376361663233646266663330363236666533663861303365303833386465653864656331616162
66323532643737643539643562653335393338643465373838656464326133393466373733343666
39613331376538653934333061376664323230636663336232333361623136393836326262336430
35663930336364376230356537326131323666343330373030303765653763323863646631666136
39623936613762393332303763633966303966396536643236366534316539386136633230653433
65326634323062313730376338343965386338306135393033333161313839333963326134653966
66363365353537323034646537633331336134363239393465363164663263313731666335613032
61643935623064626464346430353033313961326164316637316664363830633137383335316538
31646133623461386434343663313365376230613237326638393464366166633635646462373939
31313165616363373730393733386430633065373433643935643931363965393465323264626164
65333431653566646134646132626136323035323362313163303463393962306631363631383762
63333063633934646332303966666461663566626564643365643232323732646530303834616639
63616262316563636636613764663563323063636331643063373364373337373664333763363464
31346663633866653162323934613532333934626430643138613631653164343063323661383163
36633431376463633334306663346462373166613531663064323238323434346439333936313539
33663036663234383934626661383530666566323336363734336265346235306135336136373864
38313937663965313334653139366430316632313737303639636135666235346633303861626430
34373938633331666535336438313363626636363063333265316166333562616330306563386335
65366366303937376438313032643037656465393263393434623462336430393031373433383532
66306566656437323530323434353835303838303438613662356134343136386630643338333264
30643039666535323736303930336239643730653233393538633235303938623161343437616136
34613337383363656536373737396261396261653264373362313161336435623466366436623736
61313036383063656537613664633437336361396665633764313062396265323766346363656666
33656130316566633563353631323438343532393563633830343131653063353331323961343636
38303239623566383337356262313538316437323731326166366139623665356132313563663734
34353065316164653638313439303466316338373565323435343937653632313566656438333730
62373366333335643366356438613838373963363436393035623132626233373830666238323464
33356562636261376665303262633665323830316137306239626432323330393863613938313539
33613438373733633661633266353866373834346436383466636138393736373638623136383639
38653439373230353265386166663562633738306232623132636333396135343461646136303162
36343636306333376564383764356433653362356434306566376565653736643035336433303331
38626430623633313336653261633834323430323137313533333166393966633662613561643863
65653237636436373739633862313132623831623461643063626361613231343537383032346132
61383666383134373061643061656164366364656231343434616366356237303766343166613964
36376461366663373132326263616263316663323039626239643361363362306334633636343064
66336533626562323832633133653366323137616431363566653561363233626239616262346165
30396466343639383665383762383765396638323761653065356339343965373032306136656563
31353033343532366339303331366235373838356461353564623430333561356635336163396466
38303438616436383763386538663039393862636333326630623862353732343961646162653933
35633235303530353065343434333164306530363839663366316235333563663965623934383634
32616565313232373964366163323739353261643432363037666639663664303861383033333462
62333633626263393637306365353565306636386238613365643537353861396638643065616236
63303130313363326333663936393765623930636331663837313835333862386263303238386262
35646634663163626438356536346239666461306462326465613339653337326436356638323666
38323134396238356532623430303233303636343839646436363066383136366436336536313766
33373036386465623737316435643430616434336165343832386539666432613365326664663237
61333166343438313131643635663234626638623139363034616263643463356632353932383938
61383065343231633438313536633039633266323563336531663365326137666535623230336134
34646661306330653631383364343566386531313137643233376265313461396538373132396366
66313534386133346161373130386465383139623831653566326434646461306139633433656630
64623164376361643062396139356464373131653036336361623738633263326234323066613661
31306163313038333861656561356661383436363534366665376362346661616464633065303234
61616237313434363761636261313630356639346434636465363763373235636462666338343265
34336533376366393339306539633238326663656266373965623962623665626238366333393734
35646636666535396638373134376362396134353035633566336461326630323833383734356161
62303738343662633735663965336435316630653061373736643035653337363635623863626533
31306138313839616131363333326439323863646236613133333163366162353063366561656631
61623237633361313631633463666335643935616237656134383830393335346632393066666632
66326331653430633165333037316637303138353133313264643739626566353137383265366264
38353533613863353431656665363339633265303463613565636565393836616230643932333762
30353437343761613236613431626536666538336234633166623961363031393235333763626337
65623836323538653730393533383532626133393834376339303630626533613339623666353839
38613833623830306566333035336334383733626166363239356661353965353462393161626136
37336365663863393963653031303337396666653262646635386337386230383562616564653966
34393831383639303562333464653736363330326462623266383038326561323264363563623065
30366435323961613463653636666238383632353661326439346430356134643866396531623039
66663830353732663863393762626161383263663535333032393632633066363836363939316262
30373766363637316535306538663235656137363038623936366465376636393535326437666334
30343437326362613761376262383265313264383464383838386638653065313864353235373331
62646366333137643931316339373761663731633766363864633461323266663236613231656633
31653132343031313535656538663761386266333062646439383633336531373764366166646165
64343439386336323064616634363532353166353531633332663862653666666436666564356236
62336332386437626137386566333934393636313933386466366361633232383135383066396263
38343432323865353563363631646535633438336333316134343862336666313063643036343030
62323732353837363639376564336665343265663861303938316564646533346337306338623834
62353835356465303561346337366136396664383961663237653538643462666263346638303363
32663564646333343532613861336132396530363435626361643631666464383364613336383235
64376465636238633765643234383665663637643565626663393066316538313563393730396430
36373037396264613731353337393261346534343263393862376464393565353739393431313031
61353538366439383234316530326338633635393035376335616565356630633964636639386639
63356666653532666435663564393332303234363465636335316365326365633837663930616233
61343933653232666138613866666430376439396336353535663361373564366262646663653064
31353765386537656235613131323763323930363162646236333632663034356237363231313762
39323531333264633863363163333735303636333866653763373362626265396265356564303533
31353838333337393732633961353561633430616637396235626261316433366339356239633737
64333636333566366237303231376337613539643464663839303438313532323538643738353866
38626438303033346531323836336534633732366631376665663139323037643161326561363635
34633237623537383466316433336636633962623161383338656339613139346138366132356365
38363635666234616532316333366236396639353130646234626533666133363661393038353666
38343530306239336234336463646332356462356565376463383930656561336239656465303231
61323862333032343137636434643335383163366236373161653366323139646235306564366637
31313335653732633434616436636532343037383861393931323734383964346437323933653737
39653633663064313933346231663931343163336166663662333239376634386135666230393563
34333163653935326532386662613537373161366331633737653539333161386461313638643034
62323433613164383731653534383662316364333538613433623731376234306538663766363965
64376432396361636637343539393330323835353562393031616137393363333662346332616464
32643939663266343038356539656464393665616637383030666630333834613830373837353738
63623130653465386135636635643637366231383765623761356563323061343337306538633031
66326334303539623763636362333534643431383962383539613964613531353135663463373266
37326632353861383964653430656362613930353138316566636531323733396231333361663431
66356561366634323832386437336130363535343132333436633761613731636561333039303965
33336532373764303334636461646464633866656237656466613361613131613764366339336233
38373030366130613230636365303233393631383538316230366434326137336532333261383236
64306566343964643139646438633066373261363836386361316138326362373361316536313839
39663633343330663732376230633638626533313963306266363030306431373862633833383532
36623537323532373934613962613761376463363337393666316434383463393962616366643436
34326566383666663266396165613534633464656130313535383963353238623238393837353133
66396661626432313038306362393136616166653962363736363133303835376264616561343736
38383531623733326366333661393262613335653238343235353165613339393535316236353563
35663037363935386634623064636333666135313361303837383630643665613863373931626333
36316138343462636538616466383461353639613264653831323133333262626633353766643730
63343030346536616539643832303238393539383362316137386437356630313438623436636465
35363436306634393764386362616330373732623763373064306562326337303732333733346563
63356231343165653132303338343439356666646162626639646232623064656664336133666233
36366366363264663033333731616632383438306435663631613439646466663434343931663764
36623437666232323336366363333333373430303639393761636463333135626263333066656538
35336431623265663239633963353162366534653864653530623935333137653761336234616133
61643231663033393535383063373236363538623964303435623337383031653734626461623731
62306565303739313166333663363935313362356362303066323635626638393961623138613864
33626639323030306461326232323533303131633630316437333936653839626362613162336339
39373339626238303238306363356166646532623963306438626264633961643765353434326430
65323535306566343537663632393866616239613732643032356536303764636564306630383633
66356435616237376538653539366636636533343866623764316462346634313032333636336166
33653231336563363336303936336430343137653966393530393532323563393532353434393231
38363662613161626132383266323635613165363433623630653663396562366262376634326561
66643938306331663931386535613833613761313639363038616139343966656662646432663666
63393931373738373536323631353361303366343330306565393230396332373932303866333034
35396166633165396537373638333730303730613939386663653032626439363466623231303833
63656338656435383531613734643165613536353632393535646132303034663731396631303237
64376438373538373362353766303963396639333732373266343766363534623063313138616139
39313861616164613031643934313466633431316230656566306666303932343039383737313565
66356432336663636631666138636538323238303462376330663134616365323536386234666136
63343032383465616437303437303063626335363333656166393435343834646634313435653334
31366465386238393133366364376565656639656230343161613463393931373537383564353866
31313464663531353165646665356231646634383936643539323866376631666635306334616261
39383439366664386563386133356239333133306162316466343334356631616434623363643535
38663530623063373965666530386632323034623139303839323761376638313362316430373536
62363265366537656237633663663266653631653561303965616635363438613061306362336430
35303461633864353735613330643966396230623434323132383135623331353361633134663931
33333435306635313161613930656239346461623931356430306364383937353433626435633832
64613437313464323861356338643733386432656233663333343437353935353236346561366330
32396465333833343732653136616636663736623434363765336161383433356333313135313161
33373764393265376661613465626638353636653931323162363031666262653062626166363930
39613931356338393862356537343332633635366134343037633765616634316362386335663036
32666465323538356634346662383238326663333339623430376362306534363630613337626266
39326361383435623939663163373835626439643433393839383730666166666266356361633731
33336265613531303735613239316362633538386632343836613230326164366165616265313066
35333361303734343231633930346230343432336665383337343431303031383962383366343433
63363364333063313632663765633831323863626636643862323865356461366361343563383363
33363138646366333136326435376537356338633862623531393938373935353466376266333664
31633039336362363237376266346561313064393537613832663130653761636633313562316639
36633432613931663263343861396632356136366636336163343333323661666663346365626564
32613734313663656164333537653666313033643262336239623961313638306634343666303938
62636236353161336134323430336263643038623663353965656236623465326661633766363765
35653261663335313065383266383833393431333631653363363030363939323862653262316637
62343263623037643435656165623466326365363532353434643665336632383765313937666535
37663463303034363531386465383663393534393435633764646138313962373735393334326137
61653933316435363130333335323066386532626234626534396435383061333961363739333033
61656364313963303132623837666463633066653165316633373166373161343539393132316665
37646631643265333665643262666265653339616530336361333333633939373839323264613761
62643363356431306330313761623933623333383066333364663439646536333232386232623238
62356533636632396330353430653935613965383938643638353632643865323832623737646635
32636464343734653765396236653538343463373662653733326362363330643038663766383861
34316338343064393862353364613037393231343366633364393535343965623431

View file

@ -1,4 +1,3 @@
---
loc_nginx:
servers: []

View file

@ -1,3 +0,0 @@
---
rsyslog_high_density: true
...

View file

@ -0,0 +1,70 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: etherpad
user: etherpad
net: 10.128.0.150/32
method: md5
- database: codimd
user: codimd
net: 10.128.0.150/32
method: md5
- database: synapse
user: synapse
net: 10.128.0.56/32
method: md5
- database: kanboard
user: kanboard
net: 10.128.0.150/32
method: md5
- database: grafana
user: grafana
net: 10.128.0.150/32
method: md5
- database: cas
user: cas
net: 10.128.0.150/32
method: md5
postgresql_databases:
- synapse
- codimd
- etherpad
- kanboard
- grafana
- cas
postgresql_users:
- name: synapse
database: synapse
password: "{{ postgresql_synapse_passwd }}"
privs:
- ALL
- name: codimd
database: codimd
password: "{{ postgresql_codimd_passwd }}"
privs:
- ALL
- name: etherpad
database: etherpad
password: "{{ postgresql_etherpad_passwd }}"
privs:
- ALL
- name: kanboard
database: kanboard
password: "{{ postgresql_kanboard_passwd }}"
privs:
- ALL
- name: grafana
database: grafana
password: "{{ postgresql_grafana_passwd }}"
privs:
- ALL
- name: cas
database: cas
password: "{{ postgresql_cas_passwd }}"
privs:
- ALL
...

View file

@ -0,0 +1,50 @@
---
postgresql:
version: 13
postgresql_hosts:
- database: nextcloud
user: nextcloud
net: 10.128.0.58/32
method: md5
- database: gitea
user: gitea
net: 10.128.0.60/32
method: md5
- database: wikijs
user: wikijs
net: 10.128.0.66/32
method: md5
- database: drone
user: drone
net: 10.128.0.64/32
method: md5
postgresql_databases:
- nextcloud
- gitea
- wikijs
- drone
postgresql_users:
- name: nextcloud
database: nextcloud
password: "{{ postgresql_nextcloud_passwd }}"
privs:
- ALL
- name: gitea
database: gitea
password: "{{ postgresql_gitea_passwd }}"
privs:
- ALL
- name: wikijs
database: wikijs
password: "{{ postgresql_wikijs_passwd }}"
privs:
- ALL
- name: drone
database: drone
password: "{{ postgresql_drone_passwd }}"
privs:
- ALL
...

View file

@ -10,7 +10,5 @@ rsyslog_inputs:
port: 20514
- proto: udp
port: 514
- proto: tcp
port: 6514
rsyslog_outputs: []
...

View file

@ -13,8 +13,6 @@ loc_reverseproxy:
to: auro.re
- from: 92.222.211.195
to: auro.re
- from: codimd.auro.re
to: hedgedoc.auro.re
reverseproxy_sites:
- from: phabricator.auro.re
@ -29,9 +27,6 @@ loc_reverseproxy:
- from: passbolt.auro.re
to: 10.128.0.53
- from: auth.auro.re
to: 10.128.0.150:8089
- from: riot.auro.re
to: "10.128.0.150:8080"
- from: element.auro.re
@ -39,6 +34,8 @@ loc_reverseproxy:
- from: chat.auro.re
to: "10.128.0.150:8080"
- from: codimd.auro.re
to: "10.128.0.150:8081"
- from: hedgedoc.auro.re
to: "10.128.0.150:8081"
@ -59,8 +56,6 @@ loc_reverseproxy:
- from: cas.auro.re
to: "10.128.0.150:8085"
- from: rss.auro.re
to: 10.128.0.150:8090
- from: status.auro.re
to: "10.128.0.150:8086"
- from: "kanboard.auro.re"

View file

@ -41,6 +41,9 @@ loc_reverseproxy:
- from: intranet.auro.re
to: 10.128.0.20
- from: bbb.auro.re
to: 10.128.0.54
- from: nextcloud.auro.re
to: "10.128.0.58:8080"
@ -61,12 +64,3 @@ loc_reverseproxy:
- from: wikijs.auro.re
to: "10.128.0.66:3000"
- from: wiki.auro.re
to: "10.128.0.66:3000"
- from: netbox.auro.re
to: 10.128.0.97
- from: grafana.auro.re
to: "10.128.0.98:3000"

View file

@ -0,0 +1 @@
postgresql_databases: true

348
hosts
View file

@ -8,11 +8,10 @@
###############################################################################
# Aurore : main services
viviane.adm.auro.re
[aurore_pve]
escalope.adm.auro.re
services-1.pve.auro.re
services-2.pve.auro.re
services-3.pve.auro.re
merlin.adm.auro.re
[aurore_vm]
routeur-aurore.adm.auro.re
@ -26,10 +25,11 @@ camelot.adm.auro.re
gitea.adm.auro.re
drone.adm.auro.re
nextcloud.adm.auro.re
galene.adm.auro.re
stream.adm.auro.re
re2o-server.adm.auro.re
re2o-ldap.adm.auro.re
re2o-db.adm.auro.re
backup.adm.auro.re
mail.adm.auro.re
wikijs.adm.auro.re
prometheus-aurore.adm.auro.re
@ -40,16 +40,9 @@ bdd.adm.auro.re
bdd-ovh.adm.auro.re
litl.adm.auro.re
log.adm.auro.re
netbox.adm.auro.re
grafana.adm.auro.re
dolibarr.adm.auro.re
infra-1.router.auro.re ansible_host=10.129.0.245
infra-2.router.auro.re ansible_host=10.129.0.246
[aurore_testing_vm]
[aurore_ilo]
escalope-ilo.adm.auro.re
pendragon.adm.auro.re
###############################################################################
# OVH
@ -59,11 +52,16 @@ horus.adm.auro.re
[ovh_container]
synapse.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re
proxy-ovh.adm.auro.re
matrix-services.adm.auro.re
[ovh_vm]
serge.adm.auro.re
passbolt.adm.auro.re
vpn-ovh.adm.auro.re
docker-ovh.adm.auro.re
switchs-manager.adm.auro.re
ldap-replica-ovh.adm.auro.re
@ -77,10 +75,8 @@ prometheus-federate.adm.auro.re
###############################################################################
# Les Jardins de Fleming
[fleming_server]
perceval.adm.auro.re
[fleming_pve]
freya.adm.auro.re
marki.adm.auro.re
[fleming_vm]
@ -89,30 +85,37 @@ dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re
ntp-1.int.infra.auro.re
prometheus-fleming.adm.auro.re
#prometheus-fleming-fo.adm.auro.re
radius-fleming.adm.auro.re
dns-1.int.infra.auro.re
isp-1.rtr.infra.auro.re
isp-2.rtr.infra.auro.re
dhcp-1.isp.auro.re
dhcp-2.isp.auro.re
radius-fleming-backup.adm.auro.re
unifi-fleming.adm.auro.re
routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re
[fleming_ilo]
marki-ilo.adm.auro.re
[fleming_unifi]
fa-0-1.borne.auro.re
ff-1-2.borne.auro.re
fe-1-2.borne.auro.re
ff-2-2.borne.auro.re
ff-3-2.borne.auro.re
ff-4-2.borne.auro.re
fh-1-2.borne.auro.re
fh-2-2.borne.auro.re
fe-3-2.borne.auro.re
fe-2-2.borne.auro.re
fe-4-2.borne.auro.re
fh-3-2.borne.auro.re
fh-4-2.borne.auro.re
fg-3-2.borne.auro.re
fg-2-2.borne.auro.re
fi-1-2.borne.auro.re
fi-2-2.borne.auro.re
fi-3-2.borne.auro.re
fi-4-2.borne.auro.re
fa-1-1.borne.auro.re
fa-2-1.borne.auro.re
fa-3-1.borne.auro.re
fa-4-1.borne.auro.re
fa-j-1.borne.auro.re
fb-0-1.borne.auro.re
fb-1-1.borne.auro.re
fb-2-1.borne.auro.re
@ -123,83 +126,67 @@ fc-1-1.borne.auro.re
fc-2-1.borne.auro.re
fc-3-1.borne.auro.re
fc-4-1.borne.auro.re
fd-2-1.borne.auro.re
fd-0-1.borne.auro.re
fd-1-1.borne.auro.re
fd-2-1.borne.auro.re
fa-0-1.borne.auro.re
fd-3-1.borne.auro.re
fe-0-1.borne.auro.re
fe-1-1.borne.auro.re
fe-1-2.borne.auro.re
fe-2-1.borne.auro.re
fe-2-2.borne.auro.re
fe-3-1.borne.auro.re
fe-3-2.borne.auro.re
fe-4-1.borne.auro.re
fe-4-2.borne.auro.re
ff-0-1.borne.auro.re
ff-0-f.borne.auro.re
ff-1-1.borne.auro.re
ff-1-2.borne.auro.re
ff-2-1.borne.auro.re
ff-2-2.borne.auro.re
ff-3-1.borne.auro.re
ff-3-2.borne.auro.re
ff-4-1.borne.auro.re
ff-4-2.borne.auro.re
fg-0-1.borne.auro.re
fg-1-1.borne.auro.re
fg-1-2.borne.auro.re
fg-2-1.borne.auro.re
fg-2-2.borne.auro.re
fg-3-1.borne.auro.re
fg-3-2.borne.auro.re
fg-4-1.borne.auro.re
fh-0-1.borne.auro.re
fh-1-1.borne.auro.re
fh-1-2.borne.auro.re
fh-2-1.borne.auro.re
fh-2-2.borne.auro.re
fh-3-1.borne.auro.re
fh-3-2.borne.auro.re
fe-2-1.borne.auro.re
fh-4-1.borne.auro.re
fh-4-2.borne.auro.re
fi-0-1.borne.auro.re
fi-0-2.borne.auro.re
fi-1-1.borne.auro.re
fi-1-2.borne.auro.re
fi-2-1.borne.auro.re
fi-2-2.borne.auro.re
fi-3-1.borne.auro.re
fi-3-2.borne.auro.re
fi-4-1.borne.auro.re
fi-4-2.borne.auro.re
fj-0-1.borne.auro.re
fj-1-1.borne.auro.re
fj-1-2.borne.auro.re
fj-2-1.borne.auro.re
fj-2-2.borne.auro.re
fj-3-1.borne.auro.re
fj-3-2.borne.auro.re
fj-4-1.borne.auro.re
fj-4-2.borne.auro.re
fk-0-1.borne.auro.re
fk-1-1.borne.auro.re
fk-1-2.borne.auro.re
fk-2-1.borne.auro.re
fk-2-2.borne.auro.re
fk-3-1.borne.auro.re
fk-3-2.borne.auro.re
fk-4-1.borne.auro.re
fk-4-2.borne.auro.re
fl-0-1.borne.auro.re
fl-1-1.borne.auro.re
fl-1-2.borne.auro.re
fl-2-1.borne.auro.re
fl-2-2.borne.auro.re
fl-3-1.borne.auro.re
fl-3-2.borne.auro.re
fl-4-1.borne.auro.re
fe-1-1.borne.auro.re
ff-0-f.borne.auro.re
fj-4-2.borne.auro.re
fj-3-2.borne.auro.re
fj-2-2.borne.auro.re
fj-1-2.borne.auro.re
fk-4-2.borne.auro.re
fk-3-2.borne.auro.re
fk-2-2.borne.auro.re
fk-1-2.borne.auro.re
fl-4-2.borne.auro.re
fl-3-2.borne.auro.re
fl-2-2.borne.auro.re
fl-1-2.borne.auro.re
fa-j-1.borne.auro.re
fg-1-2.borne.auro.re
fi-0-2.borne.auro.re
###############################################################################
# Pacaterie
@ -222,51 +209,48 @@ unifi-pacaterie.adm.auro.re
routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re
[pacaterie_ilo]
mordred-ilo.adm.auro.re
titan-ilo.adm.auro.re
[pacaterie_unifi]
pc-1-1.borne.auro.re
pn-0-1.borne.auro.re
pn-1-1.borne.auro.re
pn-0-2.borne.auro.re
pn-0-3.borne.auro.re
pn-1-1.borne.auro.re
pn-1-2.borne.auro.re
pn-1-3.borne.auro.re
pn-2-1.borne.auro.re
pn-3-1.borne.auro.re
pn-2-2.borne.auro.re
pn-2-3.borne.auro.re
pn-3-1.borne.auro.re
pn-3-2.borne.auro.re
pn-3-3.borne.auro.re
pn-4-1.borne.auro.re
pn-4-2.borne.auro.re
pn-4-3.borne.auro.re
ps-0-1.borne.auro.re
ps-0-2.borne.auro.re
pn-2-1.borne.auro.re
pn-3-2.borne.auro.re
pn-0-1.borne.auro.re
pn-1-2.borne.auro.re
pc-1-1.borne.auro.re
pn-4-2.borne.auro.re
pn-4-1.borne.auro.re
ps-0-3.borne.auro.re
ps-1-1.borne.auro.re
ps-1-2.borne.auro.re
ps-0-1.borne.auro.re
ps-1-3.borne.auro.re
ps-2-1.borne.auro.re
ps-2-2.borne.auro.re
ps-2-3.borne.auro.re
ps-3-1.borne.auro.re
ps-1-2.borne.auro.re
ps-3-2.borne.auro.re
ps-3-3.borne.auro.re
ps-4-1.borne.auro.re
ps-4-2.borne.auro.re
ps-2-1.borne.auro.re
ps-3-1.borne.auro.re
ps-4-3.borne.auro.re
ps-2-2.borne.auro.re
ps-1-1.borne.auro.re
ps-4-2.borne.auro.re
ps-0-2.borne.auro.re
ps-3-3.borne.auro.re
###############################################################################
# Emilie du Chatelet
[edc_server]
caradoc.adm.auro.re
perceval.adm.auro.re
[edc_pve]
chapalux.adm.auro.re
escalope.adm.auro.re
[edc_vm]
routeur-edc.adm.auro.re
@ -281,20 +265,13 @@ radius-edc-backup.adm.auro.re
ldap-replica-edc.adm.auro.re
prometheus-edc.adm.auro.re
[edc_ilo]
caradoc-ilo.adm.auro.re
chapalux-ilo.adm.auro.re
[edc_unifi]
ee-2-1.borne.auro.re
ee-2-2.borne.auro.re
eo-0-1.borne.auro.re
eo-2-1.borne.auro.re
ep-0-1.borne.auro.re
ep-1-1.borne.auro.re
ep-1-2.borne.auro.re
ep-1-3.borne.auro.re
ep-1-2.borne.auro.re
ep-0-1.borne.auro.re
eo-2-1.borne.auro.re
ee-2-1.borne.auro.re
###############################################################################
# George Sand
@ -316,64 +293,59 @@ radius-gs-backup.adm.auro.re
prometheus-gs.adm.auro.re
ldap-replica-gs.adm.auro.re
[gs_ilo]
lancelot-ilo.adm.auro.re
odin-ilo.adm.auro.re
[gs_unifi]
ga-1-2.borne.auro.re
ge-3-2.borne.auro.re
gb-4-2.borne.auro.re
gg-5-2.borne.auro.re
gd-5-2.borne.auro.re
gc-5-2.borne.auro.re
gc-3-1.borne.auro.re
gc-4-1.borne.auro.re
gg-5-1.borne.auro.re
ge-1-2.borne.auro.re
gh-1-2.borne.auro.re
gd-1-2.borne.auro.re
gf-3-2.borne.auro.re
gd-4-2.borne.auro.re
ga-0-1.borne.auro.re
ga-1-1.borne.auro.re
ga-1-2.borne.auro.re
ga-2-1.borne.auro.re
ga-2-2.borne.auro.re
ga-3-1.borne.auro.re
ga-4-1.borne.auro.re
ga-5-1.borne.auro.re
ga-5-2.borne.auro.re
gb-1-1.borne.auro.re
gc-1-1.borne.auro.re
gc-2-1.borne.auro.re
gc-5-1.borne.auro.re
gb-2-1.borne.auro.re
gb-3-1.borne.auro.re
gb-4-1.borne.auro.re
gb-4-2.borne.auro.re
gb-5-1.borne.auro.re
gc-1-1.borne.auro.re
gc-2-1.borne.auro.re
gc-3-1.borne.auro.re
gc-4-1.borne.auro.re
gc-5-1.borne.auro.re
gc-5-2.borne.auro.re
gd-1-1.borne.auro.re
gd-1-2.borne.auro.re
gd-2-1.borne.auro.re
gd-3-1.borne.auro.re
gd-4-1.borne.auro.re
gd-4-2.borne.auro.re
gd-5-1.borne.auro.re
gd-5-2.borne.auro.re
gd-garage-1.borne.auro.re
ge-0-1.borne.auro.re
ge-1-1.borne.auro.re
ge-1-2.borne.auro.re
ge-2-1.borne.auro.re
ge-2-2.borne.auro.re
ge-3-1.borne.auro.re
ge-3-2.borne.auro.re
ge-4-1.borne.auro.re
ge-5-1.borne.auro.re
gf-0-1.borne.auro.re
gf-1-1.borne.auro.re
gf-2-1.borne.auro.re
gf-3-1.borne.auro.re
gf-3-2.borne.auro.re
gf-4-1.borne.auro.re
gf-1-1.borne.auro.re
gd-garage-1.borne.auro.re
gf-5-1.borne.auro.re
gg-5-1.borne.auro.re
gg-5-2.borne.auro.re
gh-1-2.borne.auro.re
###############################################################################
# Les Rives
[rives_pve]
thor.adm.auro.re
loki.adm.auro.re
[rives_vm]
@ -384,75 +356,41 @@ radius-rives-backup.adm.auro.re
routeur-rives-backup.adm.auro.re
ldap-replica-rives.adm.auro.re
prometheus-rives.adm.auro.re
dhcp-rives.adm.auro.re
dns-rives.adm.auro.re
radius-rives.adm.auro.re
routeur-rives.adm.auro.re
[rives_ilo]
loki-ilo.adm.auro.re
[rives_unifi]
r1-1-1.borne.auro.re
r1-1-2.borne.auro.re
r1-1-3.borne.auro.re
r1-1-4.borne.auro.re
r1-1-5.borne.auro.re
r1-1-6.borne.auro.re
r1-2-1.borne.auro.re
r1-2-2.borne.auro.re
r1-2-3.borne.auro.re
r1-2-4.borne.auro.re
r1-3-1.borne.auro.re
r1-3-2.borne.auro.re
r1-3-3.borne.auro.re
r1-3-4.borne.auro.re
r1-3-5.borne.auro.re
r1-3-6.borne.auro.re
r2-1-1.borne.auro.re
r2-1-2.borne.auro.re
r2-1-3.borne.auro.re
r2-1-4.borne.auro.re
r2-2-1.borne.auro.re
r2-2-2.borne.auro.re
r2-2-3.borne.auro.re
r2-3-1.borne.auro.re
r2-3-2.borne.auro.re
r2-3-3.borne.auro.re
r2-3-4.borne.auro.re
r3-0-1.borne.auro.re
r3-0-2.borne.auro.re
r3-0-3.borne.auro.re
r3-0-4.borne.auro.re
r3-1-1.borne.auro.re
r3-1-2.borne.auro.re
r3-4-4.borne.auro.re
r3-4-3.borne.auro.re
r3-2-1.borne.auro.re
r3-4-1.borne.auro.re
r3-2-8.borne.auro.re
r3-3-4.borne.auro.re
r3-1-3.borne.auro.re
r3-1-4.borne.auro.re
r3-1-5.borne.auro.re
r3-3-5.borne.auro.re
r3-2-4.borne.auro.re
r3-3-6.borne.auro.re
r3-1-2.borne.auro.re
r3-4-5.borne.auro.re
r3-2-2.borne.auro.re
r3-4-6.borne.auro.re
r3-1-1.borne.auro.re
r3-4-7.borne.auro.re
r3-4-2.borne.auro.re
r3-4-8.borne.auro.re
r3-2-3.borne.auro.re
r3-1-6.borne.auro.re
r3-1-7.borne.auro.re
r3-2-1.borne.auro.re
r3-2-2.borne.auro.re
r3-2-3.borne.auro.re
r3-2-4.borne.auro.re
r3-2-5.borne.auro.re
r3-2-6.borne.auro.re
r3-2-7.borne.auro.re
r3-2-8.borne.auro.re
r3-3-1.borne.auro.re
r3-3-2.borne.auro.re
r3-3-3.borne.auro.re
r3-3-4.borne.auro.re
r3-3-5.borne.auro.re
r3-3-6.borne.auro.re
r3-4-1.borne.auro.re
r3-4-2.borne.auro.re
r3-4-3.borne.auro.re
r3-4-4.borne.auro.re
r3-4-5.borne.auro.re
r3-4-6.borne.auro.re
r3-4-7.borne.auro.re
r3-4-8.borne.auro.re
r3-0-1.borne.auro.re
r3-3-2.borne.auro.re
r3-0-2.borne.auro.re
r3-3-1.borne.auro.re
r3-0-3.borne.auro.re
r3-1-5.borne.auro.re
r3-0-4.borne.auro.re
r3-1-4.borne.auro.re
# -aurore services
[aurore:children]
@ -467,7 +405,6 @@ ovh_vm
# everything at fleming
[fleming:children]
fleming_server
fleming_pve
fleming_vm
fleming_unifi
@ -480,7 +417,6 @@ pacaterie_unifi
# everything at edc
[edc:children]
edc_server
edc_pve
edc_vm
edc_unifi
@ -513,11 +449,6 @@ edc_vm
gs_vm
rives_vm
# every server
[server:children]
fleming_server
edc_server
# every PVE
[pve:children]
ovh_pve
@ -538,20 +469,6 @@ pacaterie_unifi
###############################################################################
# Groups by service
[routeur]
routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re
routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re
routeur-edc.adm.auro.re
routeur-edc-backup.adm.auro.re
routeur-gs.adm.auro.re
routeur-gs-backup.adm.auro.re
routeur-rives.adm.auro.re
routeur-rives-backup.adm.auro.re
routeur-aurore.adm.auro.re
routeur-aurore-backup.adm.auro.re
[ldap_replica:children]
ldap_replica_fleming
ldap_replica_pacaterie
@ -597,27 +514,4 @@ proxy.adm.auro.re
[bdd]
bdd.adm.auro.re
bdd-ovh.adm.auro.re
re2o-db.adm.auro.re
[radius]
radius-aurore.adm.auro.re
radius-fleming.adm.auro.re
radius-fleming-backup.adm.auro.re
radius-edc.adm.auro.re
radius-edc-backup.adm.auro.re
radius-gs.adm.auro.re
radius-gs-backup.adm.auro.re
radius-pacaterie.adm.auro.re
radius-pacaterie-backup.adm.auro.re
radius-rives.adm.auro.re
radius-rives-backup.adm.auro.re
[prometheus]
prometheus-ovh.adm.auro.re
prometheus-aurore.adm.auro.re
prometheus-rives.adm.auro.re
prometheus-gs.adm.auro.re
prometheus-edc.adm.auro.re
prometheus-pacaterie.adm.auro.re
prometheus-fleming.adm.auro.re
prometheus-federate.adm.auro.re
re2o-bdd.adm.auro.re

View file

@ -1,10 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Clone LDAP on local geographic location
# DON'T DO THIS AS IT RECREATES THE REPLICA
# - hosts: ldap_replica
# roles:
# - ldap_replica
- hosts: ldap_replica
roles:
- ldap_replica

5
log.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: log.adm.auro.re
roles:
- rsyslog_collector
...

View file

@ -1,18 +1,18 @@
#!/usr/bin/env ansible-playbook
---
# Install Matrix Synapse
# Install Matrix Synapse on corresponding containers
- hosts: synapse.adm.auro.re
vars:
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
update_motd:
matrix-synapse: matrix-synapse est déployé.
matrix-appservice-irc: matrix-appservice-irc est déployé.
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
roles:
- debian_backports
- nodejs
- matrix_synapse
- matrix_appservice_irc
- matrix_appservice_webhooks
- update_motd
# Install Matrix services
- hosts: matrix-services.adm.auro.re
roles:
- debian_backports

156
monitoring.yml Executable file
View file

@ -0,0 +1,156 @@
#!/usr/bin/env ansible-playbook
---
- hosts: prometheus-fleming.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-pacaterie.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
roles:
- prometheus
- hosts: prometheus-edc.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re
- ups-ec-2.ups.auro.re
prometheus_targets:
- targets: |
{{ groups['edc_pve'] + groups['edc_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['edc_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-gs.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['gs_unifi'] | list | sort }}"
prometheus_ups_snmp_targets:
- ups-gk-1.ups.auro.re
roles:
- prometheus
- hosts: prometheus-rives.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_ups_snmp_targets:
- ups-r3-1.ups.auro.re
prometheus_targets:
- targets: |
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['rives_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-aurore.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_switch_snmp_targets:
- targets:
- yggdrasil.switch.auro.re
- sw-pn-serveurs.switch.auro.re
- sw-ec-serveurs.switch.auro.re
- sw-gk-serveurs.switch.auro.re
- sw-fl-serveurs.switch.auro.re
- sw-ff-uplink.switch.auro.re
- sw-fl-core.switch.auro.re
- sw-fd-vcore.switch.auro.re
- sw-fl-vcore.switch.auro.re
- sw-ff-vcore.switch.auro.re
- sw-pn-core.switch.auro.re
- sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re
roles:
- prometheus
- hosts: prometheus-ovh.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
prometheus_docker_targets:
- docker-ovh.adm.auro.re:8087
roles:
- prometheus
- hosts: prometheus-federate.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# Prometheus targets.json
prometheus_targets:
- prometheus-edc.adm.auro.re
- prometheus-gs.adm.auro.re
- prometheus-fleming.adm.auro.re
- prometheus-pacaterie.adm.auro.re
- prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re
roles:
- prometheus_federate
# Monitor all hosts
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
roles:
- prometheus_node

65
network.yml Executable file
View file

@ -0,0 +1,65 @@
#!/usr/bin/env ansible-playbook
---
# Set up DHCP servers.
- hosts: dhcp-*.adm.auro.re
roles:
- isc_dhcp_server
# Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
roles:
- unbound
# Déploiement du service re2o aurore-firewall et keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
roles:
- router
- radvd
# No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re
roles:
- router
- ipv6_edge_router
# Radius (backup only for now)
- hosts: radius-*.adm.auro.re
roles:
- radius
# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
# vars:
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
# service_name: dns
# service_version: crans
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service
# Deploy Unifi Controller
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
# roles:
# - unifi-controller
# Deploy Re2o switch service
# - hosts: switchs-manager.adm.auro.re
# vars:
# service_repo: https://gitlab.federez.net/re2o/switchs.git
# service_name: switchs
# service_version: master
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

View file

@ -1,32 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: perceval.adm.auro.re
vars:
update_motd:
borgbackup_server: >-
Les sauvegardes (borg) sont stockées dans
{{ borg_server_backups_dir }}.
roles:
- borgbackup_server
- update_motd
- hosts: all,!unifi,!unifi-*,!bdd
vars:
update_motd:
borgbackup_client: >-
BorgBackup est déployé (/etc/borgmatic/config.yaml)
roles:
- borgbackup_client
- update_motd
# On databases server, also backup databases
- hosts: bdd
vars:
borg_postgresql_databases: true
update_motd:
borgbackup_client: >-
BorgBackup est déployé (/etc/borgmatic/config.yaml)
roles:
- borgbackup_client
- update_motd
...

View file

@ -1,27 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
vars:
chronyd__allow_networks:
- 10.128.0.0/16
- 2a09:6840:128::/48
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
chronyd__local_stratum: 10
roles:
- chronyd
- hosts:
- all
- "!ntp-1.int.infra.auro.re"
- "!unifi"
vars:
chronyd__pools:
- ntp-1.int.infra.auro.re
roles:
- chronyd
...

View file

@ -1,10 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Docker hosts
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
vars:
update_motd:
docker: Docker est déployé.
roles:
- docker
- update_motd

View file

@ -1,27 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Grafana
- hosts: grafana.adm.auro.re
vars:
grafana:
root_url: https://grafana.auro.re
database:
type: postgres
host: 10.128.0.95
name: grafana
user: grafana
password: "{{ vault_postgresql_grafana_passwd }}"
ldap:
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
bind_password: "{{ vault_ldap_grafana_password }}"
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
editors_group_dn:
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
update_motd:
grafana: Grafana est déployé (/etc/grafana).
roles:
- grafana
- update_motd

View file

@ -1,213 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
# TODO: netbox
ifupdown2__hosts:
ntp-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::203/56
- 10.128.0.203/16
dns-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::127/56
- 10.128.0.127/16
dhcp-1.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::204/56
- 10.128.0.204/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.2/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.34/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.66/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.98/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.130/27
vlan_id: 1004
vlan_raw_device: clients
dhcp-2.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::91/56
- 10.128.0.91/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.3/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.35/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.67/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.99/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.131/27
vlan_id: 1004
vlan_raw_device: clients
isp-1.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::255/56
- 10.128.0.255/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
forward: true
ipv6_addrgen: false
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
isp-2.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::158/56
- 10.128.0.158/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
roles:
- ifupdown2
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
resolvconf__nameservers:
- 2a09:6840:128::127
- 10.128.0.127
resolvconf__domain: auro.re
resolvconf__search:
- "{{ inventory_hostname | remove_domain_suffix }}"
- auro.re
roles:
- resolvconf
...

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: dhcp-*.adm.auro.re
vars:
update_motd:
unbound: isc-dhcp-server est déployé.
roles:
- isc_dhcp_server
- update_motd

View file

@ -1,32 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
keepalived__virtual_router_id: 80
keepalived__interface: ens18
keepalived__virtual_addresses:
client-0:
- 100.64.0.1/27
- 2a09:6841::/56
- fe80::1/10
client-1:
- 100.64.0.33/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-2:
- 100.64.0.65/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-3:
- 100.64.0.97/27
- 2a09:6841:0:200::/56
- fe80::1/10
client-4:
- 100.64.0.129/27
- 2a09:6841:0:300::/56
- fe80::1/10
roles:
- keepalived
...

View file

@ -1,17 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
# vars:
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
# service_name: dns
# service_version: crans
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

View file

@ -1,170 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Install and configure database servers at Saclay
- hosts: bdd.adm.auro.re
vars:
postgresql:
version: 13
hosts:
- database: nextcloud
user: nextcloud
net: 10.128.0.58/32
method: md5
- database: gitea
user: gitea
net: 10.128.0.60/32
method: md5
- database: wikijs
user: wikijs
net: 10.128.0.66/32
method: md5
- database: drone
user: drone
net: 10.128.0.64/32
method: md5
- database: netbox
user: netbox
net: 10.128.0.97/32
method: md5
- database: grafana
user: grafana
net: 10.128.0.98/32
method: md5
- database: dolibarr
user: dolibarr
net: 10.128.0.236/32
method: md5
- database: rt5
user: rt5
net: 10.128.0.123/32
method: md5
databases:
- nextcloud
- gitea
- wikijs
- drone
- netbox
- grafana
- dolibarr
- rt5
users:
- name: nextcloud
database: nextcloud
password: "{{ vault_postgresql_nextcloud_passwd }}"
privs:
- ALL
- name: gitea
database: gitea
password: "{{ vault_postgresql_gitea_passwd }}"
privs:
- ALL
- name: wikijs
database: wikijs
password: "{{ vault_postgresql_wikijs_passwd }}"
privs:
- ALL
- name: drone
database: drone
password: "{{ vault_postgresql_drone_passwd }}"
privs:
- ALL
- name: netbox
database: netbox
password: "{{ vault_postgresql_netbox_passwd }}"
privs:
- ALL
- name: grafana
database: grafana
password: "{{ vault_postgresql_grafana_passwd }}"
privs:
- ALL
- name: dolibarr
database: dolibarr
password: "{{ vault_postgresql_dolibarr_passwd }}"
privs:
- ALL
- name: rt5
database: rt5
password: "{{ vault_postgresql_rt5_passwd }}"
privs:
- ALL
update_motd:
postgresql: PostgreSQL est déployé.
roles:
- postgresql
- update_motd
# Install and configure database servers at OVH
- hosts: bdd-ovh.adm.auro.re
vars:
postgresql:
version: 13
hosts:
- database: etherpad
user: etherpad
net: 10.128.0.150/32
method: md5
- database: codimd
user: codimd
net: 10.128.0.150/32
method: md5
- database: synapse
user: synapse
net: 10.128.0.56/32
method: md5
- database: kanboard
user: kanboard
net: 10.128.0.150/32
method: md5
- database: cas
user: cas
net: 10.128.0.150/32
method: md5
- database: appservice-discord
user: appservice-discord
net: 10.128.0.150/32
method: md5
databases:
- synapse
- codimd
- etherpad
- kanboard
- cas
- appservice-discord
users:
- name: synapse
database: synapse
password: "{{ vault_postgresql_synapse_passwd }}"
privs:
- ALL
- name: codimd
database: codimd
password: "{{ vault_postgresql_codimd_passwd }}"
privs:
- ALL
- name: etherpad
database: etherpad
password: "{{ vault_postgresql_etherpad_passwd }}"
privs:
- ALL
- name: kanboard
database: kanboard
password: "{{ vault_postgresql_kanboard_passwd }}"
privs:
- ALL
- name: cas
database: cas
password: "{{ vault_postgresql_cas_passwd }}"
privs:
- ALL
- name: appservice-discord
database: appservice-discord
password: "{{ vault_postgresql_appservice_discord_passwd }}"
privs:
- ALL
update_motd:
postgresql: PostgreSQL est déployé.
roles:
- postgresql
- update_motd
...

View file

@ -1,241 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: prometheus-fleming.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['fleming_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['fleming_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-pacaterie.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['pacaterie_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['pacaterie_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-edc.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re
# - ups-ec-2.ups.auro.re
- ups-ec-3.ups.auro.re
prometheus_servers_targets: |
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['edc_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['edc_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration edc) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-gs.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['gs_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-gk-1.ups.auro.re
prometheus_apc_pdu_snmp_targets:
- pdu-ga-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['gs_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration gs) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-rives.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-r3-1.ups.auro.re
- ups-r1-1.ups.auro.re
prometheus_servers_targets: |
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['rives_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['rives_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration rives) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-aurore.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_postgresql_targets: |
{{ groups['bdd'] + groups['radius'] | list | sort }}
prometheus_switch_snmp_targets:
- yggdrasil.switch.auro.re
- sw-pn-serveurs.switch.auro.re
- sw-ec-serveurs.switch.auro.re
- sw-gk-serveurs.switch.auro.re
- sw-fl-serveurs.switch.auro.re
- sw-ff-uplink.switch.auro.re
- sw-fl-core.switch.auro.re
- sw-fd-vcore.switch.auro.re
- sw-fl-vcore.switch.auro.re
- sw-ff-vcore.switch.auro.re
- sw-pn-core.switch.auro.re
- sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['aurore_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-ovh.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
prometheus_postgresql_targets:
- bdd-ovh.adm.auro.re
prometheus_docker_targets:
- docker-ovh.adm.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-federate.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets:
- prometheus-edc.adm.auro.re
- prometheus-gs.adm.auro.re
- prometheus-fleming.adm.auro.re
- prometheus-pacaterie.adm.auro.re
- prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re
update_motd:
prometheus_federate: >-
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
roles:
- prometheus_federate
- update_motd
# Postgres Exporters
- hosts: bdd,radius
roles:
- prometheus_postgres
# Monitor all hosts
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
roles:
- prometheus_node

View file

@ -1,10 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Radius
- hosts: radius-*.adm.auro.re
vars:
update_motd:
unbound: FreeRADIUS est déployé.
roles:
- radius
- update_motd

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
root_shell: /bin/bash
root_password: "{{ vault_root_password }}"
roles:
- root_account
...

View file

@ -1,23 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy firewall and keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
vars:
update_motd:
unbound: Le routage (avec radvd) est déployé.
roles:
- router
- radvd
- update_motd
# No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re
vars:
update_motd:
unbound: Le routage (avec DHCPv6) est déployé.
roles:
- router
- ipv6_edge_router
- update_motd

View file

@ -1,10 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: log.adm.auro.re
roles:
- rsyslog_collector
- hosts: all,!unifi
roles:
- rsyslog_common
...

View file

@ -1,14 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
openssh_users_ca_public_key:
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
openssh_authorized_principals:
- any
- "{{ inventory_hostname }}"
roles:
- openssh_server
...

View file

@ -1,17 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Deploy Re2o switch service
# - hosts: switchs-manager.adm.auro.re
# vars:
# service_repo: https://gitlab.federez.net/re2o/switchs.git
# service_name: switchs
# service_version: master
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

View file

@ -1,10 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
vars:
update_motd:
unbound: Unbound est déployé.
roles:
- unbound
- update_motd

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Deploy Unifi Controller
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
# roles:
# - unifi-controller

432
proxmox.yml Executable file
View file

@ -0,0 +1,432 @@
#!/usr/bin/env ansible-playbook
---
# This is a special playbook to create a new VM !
- hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests
become: false # We do not need root as we use Proxmox API
vars:
vm_definitions:
# Réseau Pacaterie
- name: ldap-replica-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau Fleming
- name: ldap-replica-fleming1
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau EdC
- name: ldap-replica-edc1
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau George Sand
- name: ldap-replica-gs1
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
vars_prompt:
- name: "password"
prompt: "Enter LDAP password for your user"
private: true
tasks:
- name: Define a virtual machine in Proxmox
proxmox_kvm:
api_user: "{{ ansible_user_id }}@pam"
api_password: "{{ password }}"
api_host: "{{ item.virtu }}.adm.auro.re"
name: "{{ item.name }}"
node: "{{ item.virtu }}"
scsihw: virtio-scsi-pci
scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default
cores: "{{ item.cores }}"
memory: "{{ item.memory }}"
balloon: "{{ item.memory // 2 }}"
bios: seabios # Ansible module doesn't support UEFI boot disk
loop:
# Réseau Fleming
- name: ldap-replica-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: ldap-replica-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: routeur-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau Pacaterie
- name: ldap-replica-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: ldap-replica-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: routeur-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau EDC
- name: ldap-replica-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau George Sand
- name: ldap-replica-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso

View file

@ -29,6 +29,14 @@
retries: 3
until: apt_result is succeeded
- include_role:
name: update_motd
- name: Remove Debian warranty motd
file:
path: /etc/motd
state: absent
# Configure APT mirrors on Debian Stretch
- name: Configure APT mirrors
when:

View file

@ -1,4 +1,7 @@
---
- debug:
msg: "{{ ansible_distribution_major_version }}"
- name: Pin borgmatic
template:
src: "{{ item.src }}"
@ -13,7 +16,7 @@
dest: /etc/apt/preferences.d/borgmatic-bullseye
when:
- "ansible_distribution == 'Debian'"
- "ansible_distribution_major_version in ('stretch', 'buster', '9', '10')"
- "ansible_distribution_major_version in ('9', '10', 'stretch', 'buster')"
- name: Install borgmatic
apt:
@ -107,4 +110,10 @@
name: borgmatic.timer
state: started
enabled: true
- include_role:
name: update_motd
vars:
key: 10-borgmatic
message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
...

View file

@ -4,13 +4,8 @@
Description=Timer for borgmatic backup
[Timer]
{% if borg_keep_hourly > 0 %}
OnCalendar=hourly
RandomizedDelaySec=60m
{% else %}
OnCalendar=daily
RandomizedDelaySec=24h
{% endif %}
FixedRandomDelay=true
[Install]

View file

@ -42,7 +42,7 @@ consistency:
- repository
- archives
{% if borg_postgresql_databases is defined %}
{% if postgresql_databases is defined %}
hooks:
postgresql_databases:
- name: all

View file

@ -35,4 +35,13 @@
owner: "{{ borg_server_user }}"
group: "{{ borg_server_group }}"
mode: u=rwx,g=,o=
- include_role:
name: update_motd
vars:
motd_messages:
- key: 10-borg-server
message: >-
Les sauvegardes (borg) sont stockées dans
{{ borg_server_backups_dir }}.
...

View file

@ -1,11 +0,0 @@
---
chronyd__pools: []
chronyd__key_file: /etc/chrony/chrony.keys
chronyd__drift_file: /var/lib/chrony/chrony.drift
chronyd__nts_dump_dir: /var/lib/chrony
chronyd__log_dir: /var/log/chrony
chronyd__max_update_skew: 100.0
chronyd__rtcsync: true
chronyd__allow_networks: []
chronyd__log_change_seconds: 0.5
...

View file

@ -1,6 +0,0 @@
---
- name: Restart chronyd
systemd:
name: chrony.service
state: restarted
...

View file

@ -1,32 +0,0 @@
---
- name: Uninstall ntp and sntp
apt:
name:
- sntp
- ntp
- systemd-timesyncd
state: absent
- name: Install chronyd
apt:
name: chrony
- name: Configure chronyd
template:
src: "{{ item }}.j2"
dest: "/etc/chrony/{{ item }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop:
- chrony.conf
- chrony.keys
notify:
- Restart chronyd
- name: Enable and start chronyd
systemd:
name: chrony.service
enabled: true
state: started
...

View file

@ -1,30 +0,0 @@
{{ ansible_managed | comment }}
{% for pool in chronyd__pools %}
pool {{ pool }} iburst
{% endfor %}
keyfile {{ chronyd__key_file }}
driftfile {{ chronyd__drift_file }}
ntsdumpdir {{ chronyd__nts_dump_dir }}
logdir {{ chronyd__log_dir }}
log tracking measurements statistics
maxupdateskew {{ chronyd__max_update_skew | float }}
{% if chronyd__rtcsync %}
rtcsync
{% endif %}
{% if chronyd__local_stratum is defined %}
local stratum {{ chronyd__local_stratum | int }}
{% endif %}
logchange {{ chronyd__log_change_seconds | float }}
leapsectz right/UTC
{% for network in chronyd__allow_networks %}
allow {{ network | ipaddr }}
{% endfor %}

View file

@ -1 +0,0 @@
{{ ansible_managed | comment }}

View file

@ -50,4 +50,9 @@
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
dest: /usr/local/bin/docker-compose
mode: "0755"
...
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
dest: /etc/update-motd.d/05-docker
mode: 0755

View file

@ -0,0 +1,3 @@
#!/bin/sh
# {{ ansible_managed }}
echo "> Les recettes Docker-compose se trouvent dans /var/local/ansible-docker"

View file

@ -0,0 +1,30 @@
---
# For DokuWiki package
- name: Configure Debian Buster mirrors
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/buster.list.j2
dest: /etc/apt/sources.list.d/buster.list
mode: 0644
# For DokuWiki package
- name: Configure DokuWiki pin
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/dokuwiki.j2
dest: /etc/apt/preferences.d/dokuwiki
mode: 0644
# Install
- name: Install DokuWiki
apt:
update_cache: true
name: dokuwiki
state: present
register: apt_result
retries: 3
until: apt_result is succeeded

View file

@ -0,0 +1,9 @@
# {{ ansible_managed }}
{# #}
{# Default mirror #}
{% if debian_mirror is not defined %}
{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
{% endif %}
deb {{ debian_mirror }} buster main
deb-src {{ debian_mirror }} buster main

View file

@ -0,0 +1,9 @@
# {{ ansible_managed }}
Package: *
Pin: release n=stretch*
Pin-Priority: 990
Package: dokuwiki
Pin: release n=buster
Pin-Priority: 990

View file

@ -1,5 +0,0 @@
---
- name: Restart grafana
service:
name: grafana-server
state: restarted

View file

@ -1,111 +0,0 @@
---
- name: Install gpg (to import Grafana key)
apt:
name: gpg
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Import Grafana GPG signing key
apt_key:
url: https://packages.grafana.com/gpg.key
state: present
register: apt_key_result
retries: 3
until: apt_key_result is succeeded
- name: Add Grafana repository
apt_repository:
repo: deb https://packages.grafana.com/oss/deb stable main
state: present
update_cache: true
- name: Install Grafana
apt:
name: grafana
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Configure Grafana
ini_file:
path: /etc/grafana/grafana.ini
section: "{{ item.section }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: 0640
loop:
- section: server
option: root_url
value: "{{ grafana.root_url }}"
- section: analytics
option: reporting_enabled
value: "false"
- section: analytics
option: check_for_updates
value: "false"
- section: security
option: disable_initial_admin_creation
value: "true"
- section: security
option: cookie_secure
value: "true"
- section: security
option: disable_gravatar
value: "true"
- section: snapshots
option: external_enabled
value: "false"
- section: users
option: allow_sign_up
value: "false"
- section: users
option: allow_org_create
value: "false"
- section: auth.anonymous
option: enabled
value: "false" # no public access
- section: auth.anonymous
option: hide_version
value: "true"
- section: auth.basic # only LDAP auth
option: enabled
value: "false"
- section: auth.ldap
option: enabled
value: "true"
- section: alerting
option: enabled
value: "false"
- section: database
option: type
value: "{{ grafana.database.type }}"
- section: database
option: host
value: "{{ grafana.database.host }}"
- section: database
option: name
value: "{{ grafana.database.name }}"
- section: database
option: user
value: "{{ grafana.database.user }}"
- section: database
option: password
value: "{{ grafana.database.password }}"
notify: Restart grafana
- name: Configure Grafana LDAP
template:
src: ldap.toml.j2
dest: /etc/grafana/ldap.toml
mode: 0640
notify: Restart grafana
- name: Enable and start Grafana
systemd:
name: grafana-server
enabled: true
state: started
daemon_reload: true

View file

@ -1,61 +0,0 @@
{{ ansible_managed | comment }}
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
# [log]
# filters = ldap:debug
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "{{ grafana.ldap.host }}"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "{{ grafana.ldap.bind_dn }}"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = '{{ grafana.ldap.bind_password }}'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(cn=%s)"
# An array of base dns to search through
search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "sn"
surname = ""
username = "cn"
member_of = "dn"
email = "mail"
# Editors
{% for group_dn in grafana.ldap.editors_group_dn %}
[[servers.group_mappings]]
group_dn = "{{ group_dn }}"
org_role = "Editor"
{% endfor %}
# Viewers
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"

View file

@ -1,3 +0,0 @@
---
ifupdown2__interfaces: {}
...

View file

@ -1,9 +0,0 @@
---
- name: Restart networking
systemd:
name: networking.service
state: restarted
- name: Bring all interfaces up
shell: /usr/sbin/ifup -a
...

View file

@ -1,42 +0,0 @@
---
- name: Gather package facts
package_facts:
manager: apt
- name: Check if ifupdown2 is installed
set_fact:
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
- name: Mask networking before installing ifupdown2
systemd:
name: networking.service
masked: true
when: must_mask
- name: Install ifupdown2
apt:
name: ifupdown2
- name: Unmask networking now that ifupdown2 is installed
systemd:
name: networking.service
masked: false
when: must_mask
- name: Configure ifupdown2
template:
src: interfaces.j2
dest: /etc/network/interfaces
owner: root
group: root
mode: u=rw,g=r,o=
notify:
- Restart networking
- Bring all interfaces up
- name: Enable and start networking
systemd:
name: networking.service
state: started
enabled: true
...

View file

@ -1,41 +0,0 @@
{{ ansible_managed | comment }}
{% for name, iface in ifupdown2__interfaces.items() %}
auto {{ name }}
iface {{ name }}
{% for address in iface.addresses | default([]) %}
address {{ address | ipaddr }}
{% endfor %}
{% for gateway in iface.gateways | default([]) %}
gateway {{ gateway | ipaddr }}
{% endfor %}
{% if iface.bridge_ports is defined %}
bridge-ports {{ iface.bridge_ports | join(" ") }}
{% endif %}
{% if iface.bridge_vlan_aware is defined %}
bridge-vlan-aware {{ iface.bridge_vlan_aware
| ternary("yes", "no") }}
{% endif %}
{% if iface.bridge_vids is defined %}
bridge-vids {{ iface.bridge_vids | join(",") }}
{% endif %}
{% if iface.vlan_id is defined %}
vlan-id {{ iface.vlan_id | int }}
{% endif %}
{% if iface.vlan_raw_device is defined %}
vlan-raw-device {{ iface.vlan_raw_device }}
{% endif %}
{% if iface.bridge_disable_pvid | default(false) %}
bridge-pvid 0
post-up bridge vlan del dev {{ name }} vid 1 self
{% endif %}
{% if iface.forward | default(false) %}
ip-forward yes
ip6-forward yes
{% endif %}
{% if iface.ipv6_addrgen is defined %}
ipv6-addrgen {{ iface.ipv6_addrgen
| ternary("yes", "no") }}
{% endif %}
{% endfor %}

View file

@ -1,7 +0,0 @@
---
keepalived__virtual_addresses: {}
keepalived__notify_master: []
keepalived__notify_backup: []
keepalived__notify_fault: []
keepalived__max_auto_priority: -1
...

View file

@ -1,6 +0,0 @@
---
- name: Reload keepalived
systemd:
name: keepalived.service
state: reloaded
...

View file

@ -1,28 +0,0 @@
---
- name: Install keepalived
apt:
name: keepalived
- name: Configure keepalived
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
mode: u=rw,g=,o=
- src: notify.sh.j2
dest: /etc/keepalived/notify.sh
mode: u=rwx,g=,o=
notify:
- Reload keepalived
- name: Enable and start keepalived
systemd:
name: keepalived
enabled: true
state: started
...

View file

@ -1,92 +0,0 @@
{{ ansible_managed | comment }}
global_defs {
dynamic_interfaces
script_user root
enable_script_security
vrrp_version 3
{% if keepalived__max_auto_priority is defined %}
max_auto_priority {{ keepalived__max_auto_priority | int }}
{% endif %}
}
{%
set ipv4_enabled =
keepalived__ipv4_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv4)
%}
{%
set ipv6_enabled =
keepalived__ipv6_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv6)
%}
{% if ipv4_enabled and ipv6_enabled %}
vrrp_sync_group group {
group {
{% if ipv4_enabled %}
instance_v4
{% endif %}
{% if ipv6_enabled %}
instance_v6
{% endif %}
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
{% endif %}
{% if ipv4_enabled %}
vrrp_instance instance_v4 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses %}
{% if address | ansible.utils.ipv4 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}
{% if ipv6_enabled %}
vrrp_instance instance_v6 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses | ipaddr_sort(["link-local"]) %}
{% if address | ansible.utils.ipv6 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}

View file

@ -1,33 +0,0 @@
#!/bin/bash
master=(
{% for notify in keepalived__notify_master %}
{{ notify | quote }}
{% endfor %}
)
backup=(
{% for notify in keepalived__notify_backup %}
{{ notify | quote }}
{% endfor %}
)
fault=(
{% for notify in keepalived__notify_fault %}
{{ notify | quote }}
{% endfor %}
)
case "$1" in
master | backup | fault)
scripts="$1[@]"
;;
*)
echo "Usage: $0 (master|backup|fault)" >&2
exit 1
esac
for script in "${!scripts}"
do
eval "${script}"
done

View file

@ -60,4 +60,3 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub

View file

@ -1,6 +1,5 @@
---
- name: Reload logrotate
systemd:
name: logrotate.service
- name: reload logrotate
service:
name: logrotate
state: reloaded
...

View file

@ -1,28 +1,29 @@
---
# Install and configure logrotate
# Install the apt package
- name: Install logrotate
apt:
name: logrotate
state: present
- name: Create rsyslog configuration directory
file:
path: /etc/rsyslog.d
owner: root
group: root
mode: u=rwx,g=rx,o=rx
name:
- logrotate
# Copy the configuration and reload the service if it has changed
- name: Configure logrotate
template:
src: logrotate.conf
dest: /etc/logrotate.conf
src: logrotate.d/rsyslog.j2
dest: /etc/logrotate.d/rsyslog
owner: root
group: root
mode: u=rwx,g=r,o=r
notify: Reload logrotate
mode: "0644"
notify: reload logrotate
# Make sure the service is enabled and started
- name: Enable logrotate service
systemd:
name: logrotate.service
service:
name: logrotate
enabled: true
state: started
...
# Enforce new logrotate rules now
- name: Run logrotate now
command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog

View file

@ -1,24 +0,0 @@
# see "man logrotate" for details
{{ ansible_managed | comment }}
# global options do not affect preceding include directives
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here.

View file

@ -0,0 +1,39 @@
# {{ ansible_managed }}
/var/log/syslog
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 90
daily
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}

View file

@ -148,6 +148,12 @@
group: www-data
mode: 0644
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
dest: /etc/update-motd.d/05-nginx
mode: 0755
- name: Clean old files
file:
path: "{{ item }}"
@ -156,4 +162,3 @@
- "/etc/nginx/snippets/options-ssl.conf"
- "/var/www/custom_401.html"
- "/var/www/robots.txt"
...

View file

@ -0,0 +1,3 @@
#!/usr/bin/tail +14
{{ ansible_managed | comment }}
> NGINX a été déployé sur cette machine. Voir /etc/nginx/.

View file

@ -1,4 +0,0 @@
---
openssh_authorized_principals:
- any
...

View file

@ -1,6 +0,0 @@
---
- name: Restart sshd
systemd:
name: ssh.service
state: restarted
...

View file

@ -1,39 +0,0 @@
---
- name: Install OpenSSH server
apt:
name: openssh-server
- name: Enable OpenSSH Server
systemd:
name: ssh.service
enabled: true
state: started
- name: Install sshd configuration file
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: u=r,g=,o=
validate: "/usr/sbin/sshd -tf %s"
notify: Restart sshd
- name: Install Users CA public key
copy:
content: "{{ openssh_users_ca_public_key }}"
dest: /etc/ssh/users_ca.pub
owner: root
group: root
mode: u=r,g=,o=
notify: Restart sshd
- name: Install authorized principals file
copy:
content: "{{ openssh_authorized_principals | join('\n') }}"
dest: /etc/ssh/authorized_principals
owner: root
group: root
mode: u=r,g=,o=
notify: Restart sshd
...

View file

@ -1,45 +0,0 @@
{{ ansible_managed | comment }}
SyslogFacility AUTH
LogLevel VERBOSE
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
Port 22
MaxStartups 10:30:100
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
# https://infosec.mozilla.org/guidelines/openssh.html
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
AuthenticationMethods publickey
TrustedUserCAKeys /etc/ssh/users_ca.pub
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
StrictModes yes
UsePAM no
PermitRootLogin yes
PermitUserRC no
PermitUserEnvironment no
AllowAgentForwarding no
AllowTcpForwarding yes
X11Forwarding no
PermitTTY yes
PermitTunnel no
VersionAddendum none
PrintLastLog yes
PrintMotd yes
TCPKeepAlive yes
UseDNS no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

View file

@ -0,0 +1,10 @@
---
# URL to clone
passbolt_repo: https://github.com/passbolt/passbolt_api.git
passbolt_version: v2.10.0
# Install target
passbolt_path: /var/www/passbolt
# User used to run passbolt
passbolt_user: www-data

View file

@ -0,0 +1,39 @@
---
# See https://help.passbolt.com/hosting/install/ce/from-source.html
- name: Clone passbolt project
git:
repo: "{{ passbolt_repo }}"
dest: "{{ passbolt_path }}"
version: "{{ passbolt_version }}"
become: true
become_user: "{{ passbolt_user }}"
- name: Install passbolt dependencies
apt:
name:
- composer
- php-fpm
- php-intl
- php-gnupg
- php-gd
- php-mysql
- nginx
- mariadb-server
state: present
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
# Setup dependencies
- name: Install passbolt PHP dependencies
composer:
command: install
working_dir: "{{ passbolt_path }}"
no_dev: true
become: true
become_user: "{{ passbolt_user }}"
register: composer_result
retries: 3
until: composer_result is succeeded

View file

@ -1,7 +0,0 @@
{{ ansible_managed | comment }}
# TYPE DATABASE USER ADDRESS METHOD
local all postgres peer map=map_local
{% for host in postgresql.hosts | default([]) %}
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
{% endfor %}

View file

@ -1,5 +0,0 @@
{{ ansible_managed | comment }}
# MAPNAME SYSTEM-USERNAME PG-USERNAME
map_local root postgres
map_local postgres postgres

View file

@ -0,0 +1,5 @@
---
postgresql_hosts: []
postgresql_databases: []
postgresql_users: []
...

View file

@ -55,7 +55,7 @@
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
template: template0
loop: "{{ postgresql.databases | default([]) }}"
loop: "{{ postgresql_databases }}"
- name: Create users
become: true
@ -65,7 +65,7 @@
name: "{{ item.name }}"
password: "{{ item.password }}"
no_log: true
loop: "{{ postgresql.users | default([]) }}"
loop: "{{ postgresql_users }}"
- name: Grant privileges to users
become: true
@ -77,5 +77,5 @@
privs: "{{ item.privs | join(',') }}"
obj: "{{ item.database }}"
no_log: true
loop: "{{ postgresql.users | default([]) }}"
loop: "{{ postgresql_users }}"
...

View file

@ -0,0 +1,19 @@
{{ ansible_managed | comment }}
# TYPE DATABASE USER ADDRESS METHOD
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer map=map_root
# "local" is for Unix domain socket connections only
local all all peer
{% for host in postgresql_hosts %}
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
{% endfor %}

View file

@ -0,0 +1,4 @@
{{ ansible_managed | comment }}
# MAPNAME SYSTEM-USERNAME PG-USERNAME
map_root root postgress

View file

@ -8,4 +8,3 @@
service:
name: prometheus-snmp-exporter
state: restarted
...

View file

@ -11,38 +11,20 @@
- name: Configure Prometheus
template:
src: "{{ item }}.j2"
dest: "/etc/prometheus/{{ item }}"
owner: prometheus
group: prometheus
mode: u=r,g=r,o=
loop:
- prometheus.yml
src: prometheus/prometheus.yml.j2
dest: /etc/prometheus/prometheus.yml
mode: 0644
notify: Restart Prometheus
- name: Creates directory for alerts
file:
path: /etc/prometheus/alerts
state: directory
owner: prometheus
group: prometheus
mode: 0755
- name: Configure Prometheus alerts
- name: Configure Prometheus alert rules
template:
src: "{{ item }}.j2"
dest: "/etc/prometheus/alerts/{{ item }}"
owner: prometheus
group: prometheus
mode: u=r,g=r,o=
loop:
- server.rules.yml
- docker.rules.yml
- ups.rules.yml
- postgres.rules.yml
- environmental.rules.yml
- ilo.rules.yml
src: "prometheus/{{ item }}.j2"
dest: "/etc/prometheus/{{ item }}"
mode: 0644
notify: Restart Prometheus
loop:
- alert.rules.yml
- django.rules.yml
- name: Make Prometheus snmp-exporter listen on localhost only
lineinfile:
@ -51,21 +33,62 @@
line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
notify: Restart prometheus-snmp-exporter
# These files store SNMP OIDs
# This file store SNMP OIDs
- name: Configure Prometheus snmp-exporter
template:
src: "{{ item }}.j2"
dest: "/etc/prometheus/{{ item }}"
src: "prometheus/snmp.yml.j2"
dest: "/etc/prometheus/snmp.yml"
mode: 0600
owner: prometheus
group: prometheus
mode: u=r,g=r,o=
loop:
- snmp.yml
notify: Restart prometheus-snmp-exporter
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus nodes
copy:
content: "{{ prometheus_targets | to_nice_json }}"
dest: /etc/prometheus/targets.json
mode: 0644
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus Ubiquity Unifi SNMP devices
copy:
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_unifi_snmp.json
mode: 0644
when: prometheus_unifi_snmp_targets is defined
- name: Configure Prometheus Switchs
copy:
content: "{{ prometheus_switch_snmp_targets | to_nice_json }}"
dest: /etc/prometheus/targets_switch_snmp.json
mode: 0644
when: prometheus_switch_snmp_targets is defined
- name: Configure Prometheus UPS SNMP devices
copy:
content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_ups_snmp.json
mode: 0644
when: prometheus_ups_snmp_targets is defined
- name: Configure Prometheus docker monitoring
copy:
content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
dest: /etc/prometheus/targets_docker.json
mode: 0644
when: prometheus_docker_targets is defined
- name: Activate prometheus service
systemd:
name: prometheus
enabled: true
state: started
- include_role:
name: update_motd
vars:
motd_messages:
- key: 05-prometheus
message: >-
Prometheus est déployé sur cette machine (voir /etc/prometheus)
...

View file

@ -1,50 +0,0 @@
---
{{ ansible_managed | comment }}
{% macro raw(string) -%}
{{ "{{" }} {{ string }} {{ "}}" }}
{%- endmacro %}
groups:
- name: docker.rules
rules:
- alert: ContainerDown
expr: docker_container_running_state != 1
for: 0m
labels:
severity: critical
annotations:
summary: >-
Le container Docker est éteint / tombé
(container {{ raw('$labels.name') }})
- alert: ContainerFailed
expr: sum(increase(docker_container_restart_count[5m])) > 2
for: 0m
labels:
severity: critical
annotations:
summary: >-
Le container Docker redémarre souvent
(container {{ raw('$labels.name') }})
- alert: ContainerFailed
expr:
(
docker_container_cpu_used_total
/
docker_container_cpu_capacity_total
) * 100
> 30
for: 0m
labels:
severity: critical
annotations:
summary: >-
Le container Docker utilise beaucoup de CPU
(container {{ raw('$labels.name') }},
valeur {{ raw('$value | printf "%.1f"') }})
...

View file

@ -1,52 +0,0 @@
---
{{ ansible_managed | comment }}
{% macro raw(string) -%}
{{ "{{" }} {{ string }} {{ "}}" }}
{%- endmacro %}
groups:
- name: environmental.rules
rules:
- alert: EnvironmentalTemperature
expr: rPDU2SensorTempHumidityStatusTempC / 10 > 30
for: 10m
labels:
severity: warning
annotations:
summary: >-
Température environnementale à {{ raw('$value') }}°
- alert: EnvironmentalTemperature
expr: rPDU2SensorTempHumidityStatusTempC / 10 > 40
for: 10m
labels:
severity: critical
annotations:
summary: >-
Température environnementale à {{ raw('$value') }}°
- alert: EnvironmentalTemperature
expr: xupsEnvRemoteTemp > 30
for: 10m
labels:
severity: warning
annotations:
summary: >-
Température environnementale à {{ raw('$value') }}°
- alert: EnvironmentalTemperature
expr: xupsEnvRemoteTemp > 40
for: 10m
labels:
severity: critical
annotations:
summary: >-
Température environnementale à {{ raw('$value') }}°
...

Some files were not shown because too many files have changed in this diff Show more