aurore/ansible
aurore/ansible
10
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

Compare commits

base: aurore:new-infra
Branches Tags
aurore:new-infra
aurore:connection_aruba
aurore:switch_rest
aurore:zfs-backup
aurore:bird
aurore:dns
aurore:aruba
aurore:radius
aurore:on-en-a-litteralement-rien-a-foutre
aurore:radvd
aurore:keepalived
aurore:ifupdown2
aurore:master
aurore:dhcp
aurore:cleanup_no_ldap_for_servers
aurore:infra_router
aurore:ask_vault_pass
aurore:borgfix
aurore:auditd
aurore:prometheus_apt_pending_and_reboot
aurore:move_host_vars
aurore:prometheus-ipmi-exporter
aurore:fix-portail
aurore:crans
aurore:apt
aurore:remove_old_db_servers
aurore:rspamd
aurore:wireguard-ovh
aurore:pass
aurore:nullmailer
aurore:logs
aurore:mailserver
aurore:re2o-master
aurore:mail_server
..
compare: aurore:logs
Branches Tags
aurore:new-infra
aurore:connection_aruba
aurore:switch_rest
aurore:zfs-backup
aurore:bird
aurore:dns
aurore:aruba
aurore:radius
aurore:on-en-a-litteralement-rien-a-foutre
aurore:radvd
aurore:keepalived
aurore:ifupdown2
aurore:master
aurore:dhcp
aurore:cleanup_no_ldap_for_servers
aurore:infra_router
aurore:ask_vault_pass
aurore:borgfix
aurore:auditd
aurore:prometheus_apt_pending_and_reboot
aurore:move_host_vars
aurore:prometheus-ipmi-exporter
aurore:fix-portail
aurore:crans
aurore:apt
aurore:remove_old_db_servers
aurore:rspamd
aurore:wireguard-ovh
aurore:pass
aurore:nullmailer
aurore:logs
aurore:mailserver
aurore:re2o-master
aurore:mail_server

5 commits
new-infra ... logs

Author SHA1 Message Date
Jeltz
761df9d0b3 Add opendistro_common for OpenDistro repository
Some checks failed
continuous-integration/drone/push Build is failing
Details
2021-03-03 21:45:56 +01:00
Jeltz
d9fe57481a Add elastic_common role for Elastic repository 2021-03-03 21:45:17 +01:00
Jeltz
bd5b2e1fbe Add apt_common role for third party repositories 2021-03-03 21:44:37 +01:00
Jeltz
84b3407b34 Add elastic.adm.auro.re 2021-03-03 21:43:23 +01:00
Jeltz
7ada2fe769 WIP: add a role for ulogd2
Some checks failed
continuous-integration/drone/push Build is failing
Details
2021-03-03 03:02:53 +01:00
468 changed files with 4734 additions and 99686 deletions
Show stats Expand all files Collapse all files

8
.ansible-lint
View file

@ -2,9 +2,9 @@ skip_list:
- no-changed-when
- load-failure
- document-start
- meta-no-info
- ignore-errors
warn_list:
- experimental # all rules tagged as experimental
exclude_paths:
- group_vars/all/vault.yml
- utils/
- group_vars/all/vault.yml

3
.drone.yml
View file

@ -5,7 +5,8 @@ name: check
steps:
- name: ansible and yaml linting
image: quay.io/ansible/toolset:3.5.0
pull: never
image: aurore-ansible-lint-image
commands:
- ansible-lint
...

1
.gitignore vendored
View file

@ -1,4 +1,3 @@
*.retry
tmp
ldap-password.txt
__pycache__/

223
README.md
View file

@ -1,8 +1,9 @@
[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible)
# Recettes Ansible d'Aurore
Dépendances requises :
* Ansible 2.9 ou plus récent.
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
## Ansible 101
@ -13,9 +14,8 @@ Il contient la définition de chaque machine et le regroupement.
Quand on regroupe avec un `:children` en réalité on groupe des groupes.
Chaque machine est annoncée avec son hostname. Il faut pouvoir SSH sur cette
machine avec ce hostname, car c'est ce qu'Ansible fera (sauf pour les switchs,
voir plus bas).
Chaque machine est annoncée avec son hostname. Il faut pouvoir SSH sur cette machine
avec ce hostname, car c'est ce qu'Ansible fera.
**Playbook** : c'est une politique de déploiement.
Il contient les associations des rôles avec les machines.
@ -36,42 +36,31 @@ déployer un serveur prometheus, déployer une node prometheus…
**Tâche** : un rôle est composé de tâches. Une tâche effectue une et une seule
action. Elle est associée à un module Ansible.
*Exemples de tâche* : installer un paquet avec le module `apt`, ajouter une
ligne dans un fichier avec le module `lineinfile`, copier une template avec le
module `template`
*Exemples de tâche* : installer un paquet avec le module `apt`, ajouter une ligne dans
un fichier avec le module `lineinfile`, copier une template avec le module `template`
Une tâche peut avoir des paramètres supplémentaires pour la réessayer quand
elle plante, récupérer son résultat dans une variable, mettre une boucle
dessus, mettre des conditions…
Une tâche peut avoir des paramètres supplémentaires pour la réessayer quand elle plante,
récupérer son résultat dans une varible, mettre une boucle dessus, mettre des conditions…
N'oubliez pas d'aller lire l'excellente documentation de RedHat sur tous les modules
N'oubliez pas d'aller lire l'excellent documentation de RedHat sur tous les modules
d'Ansible !
### Gestion des groupes de machines
Pour la liste complète, je vous invite à lire le fichier `hosts`.
Exemple :
* pour tester les versions de Debian,
```yaml
[fleming_vm]
dhcp-fleming.adm.auro.re
dns-fleming.adm.auro.re
prometheus-fleming.adm.auro.re
routeur-fleming.adm.auro.re
```YAML
ansible_lsb.codename == 'stretch'
```
[fleming_pve]
pve1.adm.auro.re
* pour tester si c'est un CPU Intel x86_64,
[fleming:children]
fleming_pve
fleming_vm
```
> NB :
>
> L'exemple a été adapté de la configuration d'Aurore pour des raisons
> pédagogiques.
```YAML
ansible_processor[0].find('Intel') != -1
and ansible_architecture == 'x86_64'
```
Pour les fonctions (`proxy-server`, `dhcp-dynamique`…) il a été choisi
de ne pas faire de groupe particulier mais plutôt de sélectionner/enlever
@ -84,46 +73,27 @@ qui peuvent ensuite être utilisés dans des variables.
Pour lister tous les faits qu'Ansible collecte nativement d'un serveur
on peut exécuter le module `setup` manuellement.
```bash
```
ansible proxy.adm.auro.re -m setup --ask-vault-pass
```
Il est notamment possible de :
* tester les versions de Debian,
```YAML
ansible_lsb.codename == 'stretch'
```
* tester si c'est un CPU Intel x86_64,
```YAML
ansible_processor[0].find('Intel') != -1
and ansible_architecture == 'x86_64'
```
## Exécution d'Ansible
### Configurer la connexion au vlan adm
Envoyer son agent SSH peut être dangereux
([source](https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).
([source](https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).
On va utiliser plutôt `ProxyJump`.
Dans la configuration SSH :
```text
Host *.adm.auro.re *.pve.auro.re
# Accept new host keys
StrictHostKeyChecking accept-new
# Use passerelle to connect to administration VLANs
```
# Use a proxy jump server to log on all Aurore inventory
Host 10.128.0.* *.adm.auro.re
ProxyJump passerelle.auro.re
```
Il faut sa clé SSH configurée sur le serveur que l'on déploie.
Il faut sa clé SSH configurée sur le serveur que l'on déploit.
```bash
ssh-copy-id proxy.adm.auro.re
```
@ -133,7 +103,6 @@ ssh-copy-id proxy.adm.auro.re
Il faut `python3-netaddr` sur sa machine.
Pour tester le playbook `base.yml` :
```bash
ansible-playbook --ask-vault-pass base.yml --check
```
@ -143,7 +112,7 @@ Vous pouvez ensuite enlever `--check` si vous voulez appliquer les changements !
Si vous avez des soucis de fingerprint ECDSA, vous pouvez ignorer une
première fois (dangereux !) : `ANSIBLE_HOST_KEY_CHECKING=0 ansible-playbook...`.
### Ajouter toutes les empreintes de serveur
### Ajouter tous les empruntes de serveur
```bash
#!/bin/bash
@ -152,10 +121,6 @@ for ip in `cat hosts|grep .adm.auro.re`; do
done
```
> Remarque :
>
> L'utilisation d'un certificat permet d'éviter d'avoir à ajouter sa clé ssh
> sur les serveurs.
### Passage à Ansible 2.10 (release: 30 juillet)
@ -167,141 +132,11 @@ ansible-galaxy collection install community.general
ansible-galaxy collection install ansible.posix
```
Si vous n'arrivez pas à entrer votre *become password* (bug dans ansible?), un
Si vous n'arrivez pas à entrer votre _become password_ (bug dans ansible?), un
workaround est le suivant :
`$ export ANSIBLE_BECOME_PASS='<votre mot de passe LDAP>'`
Notez l'espace au début pour ne pas log la commande dans votre historique
shell.
## Configuration des switchs depuis Ansible
Afin d'acquérir de l'indépendance vis-à-vis de re2o, un module permettant de
configurer les switchs depuis Ansible a été créé. Il utilise l'api rest des
switchs afin de récupérer et appliquer la configuration voulue.
### Prérequis
Pour utiliser le module, il faut d'abord annoncer à Ansible qu'il ne faut pas
effectuer de connexion ssh et de ne pas récupérer les faits. Cela se fait à
l'aide des variables `connection: httpapi` et `gather_facts: false` à placer
dans le playbook (pour une configuration locale) ou dans ansible.cfg (pour une
configuration globale). Ensuite, l'infrastructure actuelle de Aurore nécessite
l'utilisation d'un proxy. Pour cela, il suffit d'exécuter la commande :
```bash
ssh -D 3000 switchs-manager.adm.auro.re
```
et d'annoncer l'utilisation du proxy dans la configuration en exportant la
variable d'environnement `HTTP_PROXY=socks5://localhost:3000` et en
configurant la variable du module `use_proxy: true`.
Exemple :
```yaml
environment:
HTTP_PROXY: "socks5://localhost:3000"
tasks:
- name: vlans
switch_config:
username: ****
password: ****
port: 80
host: 192.168.1.42
use_proxy: true
config:
path: vlans/42
data:
name: VLAN42
vlan_id: 42
status: VS_PORT_BASED
type: VT_STATIC
```
Le module est alors utilisable, il ne reste plus qu'à le configurer.
### Écrire la configuration
Le module se veut assez libre. Ainsi, l'ensemble de la requête doit être écrite
dans les `tasks`. Voici un exemple pour configurer un vlan :
```yaml
tasks:
- name: vlans
switch_config:
username: ****
password: ****
port: 80
host: 192.168.1.42
config:
path: vlans/42
data:
name: VLAN42
vlan_id: 42
status: VS_PORT_BASED
type: VT_STATIC
```
Le `path` correspond à l'url de l'objet que l'on souhaite éditer et `data`
correspond aux données qui seront envoyées dans une requête `PUT` (au format
`json`). Cependant, la configuration d'un vlan peut nécessiter de le créer.
Pour remédier à ce problème, il est possible d'utiliser la syntaxe suivante :
```yaml
tasks:
- name: vlans
switch_config:
username: ****
password: ****
port: 80
host: 192.168.1.42
config:
path: vlans
create_method: POST
subpath:
- path: 42
data:
name: VLAN42
vlan_id: 42
status: VS_PORT_BASED
type: VT_STATIC
```
Le variable `create_method` correspond au type de la requête pour effectuer une
action de création de l'objet. Il s'agit généralement de `POST`. Dans le cas
où la variable n'est pas définit, la création sera désactivée et ainsi, si
l'url indiquée dans les `subpath` n'existe pas, alors la configuration échouera.
Par conséquent, si le vlan 42 a besoin d'être créé, une requête `POST` sera
effectué sur l'url `vlans` avec les données dans `data`.
Il est également possible d'éxecuter une action de suppression d'un vlan à l'aide
de la variable `delete` :
```yaml
tasks:
- name: vlans
switch_config:
username: ****
password: ****
port: 80
host: 192.168.1.42
config:
path: vlans/42
delete: true
```
Si la variable `delete` est activée, alors une requête `DELETE` sera envoyée
sur l'url indiquée. Pour vérifier si la suppression est déjà effective avant
l'éxecution, le module vérifiera si un `GET` sur l'url retourne une 404.
> Remarque :
>
> Si les variables `delete` et `data` sont définies (dont `delete` à `true`),
> alors il en résultera une action de suppression malgré tout.
Puisque `subpath` est une liste, il est possible de configurer plusieurs requête
en même temps. Cela à l'avantage d'effectuer toutes les modifications à la suite
(sans avoir à se connecter plusieurs sur l'api).

18
all.yml
View file

@ -1,18 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- import_playbook: playbooks/base.yml
- import_playbook: playbooks/root.yml
- import_playbook: playbooks/ssh.yml
- import_playbook: playbooks/chronyd.yml
- import_playbook: playbooks/kresd.yml
- import_playbook: playbooks/knotd.yml
- import_playbook: playbooks/resolvconf.yml
- import_playbook: playbooks/ifupdown2.yml
- import_playbook: playbooks/systemd_link.yml
- import_playbook: playbooks/keepalived.yml
- import_playbook: playbooks/ip_forward.yml
- import_playbook: playbooks/dhcpd.yml
- import_playbook: playbooks/bird.yml
- import_playbook: playbooks/pve.yml
- import_playbook: playbooks/prometheus.yml
...

36
ansible.cfg
View file

@ -1,22 +1,38 @@
[defaults]
jinja2_native = true
# Ansible configuration
ask_vault_pass = True
roles_path = ./roles
[defaults]
# Do not create .retry files
retry_files_enabled = False
# Use inventory
inventory = ./hosts
stdout_callback = debug
library = ./library
filter_plugins = ./filter_plugins
ansible_managed = Ansible managed
# Custom header in templates
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
# Do not use cows (with cowsay)
nocows = 1
# Do more parallelism
forks = 15
# Some SSH connection will take time
timeout = 60
remote_user = root
[privilege_escalation]
# Use sudo to get priviledge access
become = True
# Ask for password
become_ask_pass = True
[diff]
# TO know what changed
always = yes
[ssh_connection]
pipelining = True
retries = 3

17
base.yml Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
# Put a common configuration on all servers
- hosts: all,!unifi
roles:
- baseconfig
- basesecurity
# Plug LDAP on all servers
- hosts: all,!unifi
roles:
- ldap_client
# Install logrotate
- hosts: all,!unifi,!pve
roles:
- logrotate

20
copy-keys.sh Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
set -e
# Grab valid unique hostnames from the Ansible inventory.
HOSTS=$(grep -ve '^[#\[]' hosts \
| grep -F adm.auro.re \
| sort -u)
# Ask password
read -s -p "Hello adventurer, what is your LDAP password? " passwd
echo
for host in $HOSTS; do
echo "[+] Handling host $host"
# sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
done

8
deploy_postfix_non_mailhost.yml Normal file
View file

@ -0,0 +1,8 @@
---
# Deploy a correclty configured postfix on non mailhost servers
- hosts: all,!unifi
vars:
local_network: 10.128.0.0/16
relay_host: proxy.adm.auro.re
roles:
- postfix_non_mailhost

7
docker-ansible-lint/Dockerfile Normal file
View file

@ -0,0 +1,7 @@
FROM python:3.9-alpine
LABEL description="Aurore's docker image for ansible-lint"
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
RUN pip install "yamllint>=1.26.0,<2.0"
RUN pip install "ansible-lint==5.0.0"
RUN pip install "ansible>=2.10,<2.11"

18
docker-ansible-lint/README.md Normal file
View file

@ -0,0 +1,18 @@
# Ansible-lint image
In order to build this image when a new version comes out, you need to
1. ssh into the `drone.adm.auro.re` server
2. git pull this repo to the lastest version
3. optionally make the changes if it has not been done yet
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
5. ???
6. enjoy
You can verify that the image was correclty built by running
```
# list the images present
sudo docker image ls
# run your image with an interactive shell
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
```

16
filter_plugins/enquote.py
View file

@ -1,16 +0,0 @@
class FilterModule:
def filters(self):
return {
"enquote": enquote,
}
def enquote(string, delimiter='"', escape="\\"):
translation = str.maketrans(
{
delimiter: f"{escape}{delimiter}",
escape: f"{escape}{escape}",
}
)
escaped = string.translate(translation)
return f"{delimiter}{escaped}{delimiter}"

9
filter_plugins/format_rev.py
View file

@ -1,9 +0,0 @@
class FilterModule:
def filters(self):
return {
"format_rev": format_rev,
}
def format_rev(text, fmt, *args, **kwargs):
return fmt.format(text, *args, **kwargs)

68
filter_plugins/net_utils.py
View file

@ -1,68 +0,0 @@
import ipaddress
from operator import attrgetter
import dns.name
class FilterModule:
def filters(self):
return {
"add_origin": add_origin,
"add_origin_keys": add_origin_keys,
"ip_filter": ip_filter,
"remove_domain_suffix": remove_domain_suffix,
"ipaddr_sort": ipaddr_sort,
}
def first_addr(addresses, ipv4 = True):
version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
for addr in addresses:
parsed = ipaddress.ip_address(xx)
if isinstance(parsed, version):
return parsed
raise ValueError("missing address")
def ip_filter(addresses, networks):
if isinstance(addresses, dict):
return {k: ip_filter(v, networks) for k, v in addresses.items()}
ip_networks = [ipaddress.ip_network(n) for n in networks]
ip_addresses = [ipaddress.ip_address(a) for a in addresses]
return [str(a) for a in ip_addresses if any(a in n for n in ip_networks)]
def add_origin(name, origin="."):
return dns.name.from_text(name, dns.name.from_text(origin)).to_text()
def add_origin_keys(dct, origin="."):
return {add_origin(k, origin): v for k, v in dct.items()}
def remove_domain_suffix(name):
parent = dns.name.from_text(name).parent()
return parent.to_text()
def ipaddr_sort(addrs, types, unknown_after=True):
check_types = {
"global": attrgetter("is_global"),
"link-local": attrgetter("is_link_local"),
"loopback": attrgetter("is_loopback"),
"multicast": attrgetter("is_multicast"),
"private": attrgetter("is_private"),
"reserved": attrgetter("is_reserved"),
"site_local": attrgetter("is_site_local"),
"unspecified": attrgetter("is_unspecified"),
}
def addr_weight(addr):
if isinstance(addr, str):
addr = ipaddress.ip_address(addr.split("/")[0])
for index, ty in enumerate(types):
if check_types[ty](ipaddress.ip_address(addr)):
return index
return len(types) if unknown_after else -1
return sorted(addrs, key=addr_weight)

9
filter_plugins/suffix.py
View file

@ -1,9 +0,0 @@
class FilterModule:
def filters(self):
return {
"suffix": suffix,
}
def suffix(value, suffix):
return value + suffix

38
filter_plugins/switch_range.py
View file

@ -1,38 +0,0 @@
#!/usr/bin/python
class FilterModule(object):
def filters(self):
return {
'range2list': self.range2list,
}
def range2list(self, port_range):
"""
Convert a range into list
Exemple:
```
>>> FilterModule.range2list("1-10,42")
[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 42]
````
"""
port_range = port_range.replace(" ", "").split(",")
ports = []
for r in port_range:
if "-" in r:
try:
a, b = r.split("-")
except:
raise Exception("A range must contain 2 values")
try:
a = int(a)
b = int(b)
except:
raise TypeError("A range must contain integer")
for n in range(a, b+1):
ports.append(n)
else:
try:
ports.append(int(r))
except:
raise TypeError("Value must be integer")
return list(set(ports))

61
flake.lock
View file

@ -1,61 +0,0 @@
{
"nodes": {
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1757020766,
"narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"root": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

27
flake.nix
View file

@ -1,27 +0,0 @@
{
description = "Ansible Aurore";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
flake-parts.url = "github:hercules-ci/flake-parts";
};
outputs =
inputs@{
self,
nixpkgs,
flake-parts,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" ];
perSystem =
{ config, pkgs, ... }:
{
devShells = {
default = pkgs.callPackage ./shell.nix {};
};
};
};
}

4
group_vars/all/bird.yml
View file

@ -1,4 +0,0 @@
---
bird__as:
aurore: 43619
...

5
group_vars/all/chronyd.yml
View file

@ -1,5 +0,0 @@
---
chronyd__pools:
- ntp-1.int.infra.auro.re
- ntp-2.int.infra.auro.re
...

24
group_vars/all/ifupdown2.yml
View file

@ -1,24 +0,0 @@
---
ifupdown2__wireguard_proto: wireguard
ifupdown2__gateways:
adm:
- 2a09:6840:128::254
- 10.128.0.254
int:
- 2a09:6840:206::1
- 10.206.0.1
ext:
- 2a09:6840:211::1
- 10.211.0.1
monit:
- 2a09:6840:204::1
- 10.204.0.1
isp:
- 2a09:6840:210::1
- 10.210.0.1
pub:
- 2a09:6840:215::1
- 45.66.111.204
ovh:
- 92.222.211.254
...

10
group_vars/all/openssh.yml
View file

@ -1,10 +0,0 @@
---
openssh__users_ca_public_key:
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
openssh__authorized_principals:
- any
- "{{ inventory_hostname }}"
...

3
group_vars/all/prometheus.yml
View file

@ -1,3 +0,0 @@
---
prometheus_node__text_dir: /var/run/prometheus-node-exporter
...

13
group_vars/all/resolvconf.yml
View file

@ -1,13 +0,0 @@
---
resolvconf__nameservers:
- 2a09:6840:206::1:1
- 2a09:6840:206::1:2
- 10.206.1.1
- 10.206.1.2
resolvconf__domain: auro.re.
resolvconf__search:
- "{{ inventory_hostname | remove_domain_suffix }}"
- auro.re.
...

5
group_vars/all/root.yml
View file

@ -1,5 +0,0 @@
---
root__shell: /bin/bash
root__password: "{{ vault_root_password }}"
...

19
group_vars/all/vars.yml
View file

@ -17,7 +17,9 @@ ldap_admin_password: "{{ vault_ldap_admin_password }}"
ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
# Databases
postgresql_services_url: 'bdd-ovh.adm.auro.re'
postgresql_services_url: 'services-bdd.adm.auro.re'
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
# Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/'
@ -88,21 +90,6 @@ ipv6_base_prefix: "2a09:6840"
is_aurore_host: "{{ 'aurore_vm' in group_names }}"
# Borgbackup
borg_keep_daily: 7
borg_keep_weekly: 4
borg_keep_monthly: 12
borg_backup_directories:
- /etc
- /var
borg_backup_exclude:
- /var/log
- /var/lib/docker
- /var/lib/lxcfs
borg_encryption_passphrase: "{{ vault_borg_encryption_passphrase }}"
borg_server_host: 10.128.0.4
rsyslog_outputs:
- proto: relp
address: 10.128.0.241

474
group_vars/all/vault.yml
View file

@ -1,297 +1,179 @@
$ANSIBLE_VAULT;1.1;AES256
35353866373931343963333639323431636465303562306166333735383462353032323461613232
3666653438393936356535633661363838613233323932370a656439316234356339613532663237
39373439366432363533303961396466623366323339383735316531653538633264393264353337
3937323861616530640a666361323164353338306336616564663466616630393839613833373933
65613161323164613334656631333336343262363835323962343662333133366561306139636261
61656532666563333063356231636565626631633436623531313938663930396362343031356534
34303565623832366664303561643137626433333164623730623639656439346639616164623865
31613462316439613937313138313830323334373337366630323331393537633437303063353363
66383930353930616137303436383864363439326139643361356231373939306439633332666232
38363061636139346430373263613932336361356262656138663233386464373839366630303765
35343064336533373238396430393536366438653534366565373733313962616364313061626133
37666538313038643865346461626537353930366264643162376530353536623863656236303433
31336561336131383635393238366464653934613130363831306335643935373033303162353534
38353832653664633061646331653634393963333038306635313464636136616366313962333431
39363934643266646131653236303138636163326663373765373761663062656463643162373038
34656163633964626235366539663132396666623363303632363236303831613532393931373761
65613435353162346233323533383537316231363437653239343233636533333966613066343932
30626636306531333736613965396432373130356238313136336434356133353435643065626261
32633732613361376261363831363866333332393132643439626639383438663438366330386534
31303532323461303862346364386532663839323163653366356136666131363839663635343166
38353962326430383561333630623030623536353838633231393763393238316530363939343536
66323562336334376234613436373237303562363831323038366232393161356262653864663037
34363436356332633363363963613635346337613438326436333836386534353738646166643333
65356637366431326132363432663662346638383439383766646531363662356266313961356239
31323236393538363662643662643535623633663738343266636163363835383030646661363966
36366466386666613364313166353366333131343061353135306135656663323461303338346666
32626231613738316233636361633337343635656334336536663865633465326639373966303137
39383731303862353637386438306136303765333136653465663963663930383037343130316466
33343932383033643530323136316632386230366338373362366462666233336530393561353933
36356330386361303562666339306265663539616434336264373832636139313365633065343763
31323633346536366635646562356266373964616338366165376331306561663938396661396164
31363438326439343964666439356339326661666136303461343436303533363630353735633038
38383365363739333034373031326530353962646661343039616230396132323833626162643964
65363165333233643738373638353537343162366265316661353563353862623134663362633261
32343364333236363738333130316538666536306664363661616536336264363438396464666533
37616533363936356335663562366563303564623530303762363034343435326666356162316535
61363133326263653937373037643930343565336166643939663466316232313535333965303737
35313566353963616632313763366561633039626239353236323438383261663066323334333632
62393265396235636461653862383830613634393431396131323439613362366463633239383761
39343361663463633332666666346339363334366330393936373433353034653765323130383335
63336338653333356438323264356162316638336338343033326639303237656663633233383735
34646535633831636238316564373035353635383738356133326664626566623766366535333439
30326437613539373163323464323635316632633930353931303466376661396135623031623133
33653735336230666665616638353561623235343439666135386165313436306666643837616166
37613964663837373137383736393063333037366433643632333963623038623636653639343936
32383532613430623563623565633665663030616530643735653563303035616530313463643431
31663361383835613631336638343338373639613532313561313231353765316237653431663462
65366162326630656566663731316262336536303032386336666263326265316564336339316430
31643066633438663562343730393534663338613165633635356333323635653161346136336261
30313332383065633335396131656136613932346331343632386235643764363235376531376437
61303130316537633830366662366237303934306561333134366463646464386530623631346264
30356536613932613264643835356637356364653038383130366237656232333031313163643332
34393865323162613936613264313864613734373032386266653432616535636464363463633564
37343661623935353365333831623631386439343237383933313337393065653934303065313634
61396163323937643837643636343337343231616265643765313932346462373735323737326663
66316135646663376537613663373432393865623038363239356265303362326161366462356138
65336536626634366363623865656234363335343662333134613835393635623434393036316638
35366431653463626665663861303333363038666131643861646465663761623364333162343761
64396131643136323634643461656339616361323030626166303930623838343438393465653364
66633037616633316534386639306438363863363530376131363332353536656533393161313931
34386636643737353738323265363435636239353261373466383430346461383932323634346466
33666436343130643032626562613165396334323937353663376162643266646539353932313137
62336162646535346631623332376334336538326530356233646239306337633365373562653166
32383639353431666137396631663237313436393434626531316365666335306466363639626663
63643861656537306133343138633535323737346538643063363330383366313362653933383365
34313230663163303730326361303337373136346161353132626362623461343661663964333765
37353165333762346539333730333731366532623531343962333037336464666530396437353666
62313035323234643236343534663434356264643830636433323831313364663762646130306362
32316530643230313230376662383439343639343336633431623135626134353134383030396264
38623933356332336231343434663563653332633237653966663964646232623637313231366638
30363966373362363432376562656436356338356561303133643432303736376234643632663137
34336630356362303132343737376637303939623133363663306133383465613263356632383030
61346138316538353638343833366261366534353963326162303866393430333964653333346539
64386161663435646331613834363336373738396338653263323937623163663236366636343239
36383135343763636139393331663139323431376562353165353662396165653235633464363035
31393233636561366639373566623738636537363235666234633534376238323163363238393237
64316132666530336135353434623866363739643830646463656536336136646334393064303630
65343964613265333934306432313739633134663131666433386630303132663866343532363835
38353237343630653561636365656561313636623065363836333663363934643162656534623864
62373763353961646235613465646630306562386531396364386164633065643763396437316466
32376564616562656136346563383266303963666136663863626137653462373430363363336364
35333133303463363663356365626365613036633835323334653264626637353634373665643036
65663736323235353964326466376163313630323265333631323866663137313665626238396130
64653832626639626633376231326534303530373937396235366239626639356234363238633336
34343064393334613732356332633361613633643039366537623465303739663635626365656631
64343936613536636438313232376564376539623261623539346564303036303131366561643564
61623630393032666636366338336266656264353631393061383162323766616530323734326134
31623962373435323730323830373239363738663164653338623836386636626337623739366566
61663835623038626266653062666264663639363763623139393862633061356164323530666665
31623538333264633735643839376433653934383663333130336133653235313631336163343134
33653533613430323834653730326661323462316338636338393063653866316335626633323137
32653262353964653131343430383661643231383135643332616462343231323266333430373061
62623136393239356166393964323830623239613434636361633365353862646130373865643136
66346336363866393762353633353638663433363332356131626639326166393234313765346138
64613431333139376139343234666664313236633031393938663431376336643133323964303938
64616536613462306363613639613132383361393535333362363630393230636532316634373231
63313839323263663237373937323361373533616465643830396666376661616631646561663130
66376266363338666133313263653733646365653034653538333332623861323833633033393234
39633834343231663166376333633635366261616561643363393137383736303436383339633734
30623939343939373038656461333464353033313632643138393334373565383331326430653263
66343630396135633636366337353061363730333364376664623234333434356661323935626633
63336465343661393636333663306361386432373235313337353361333735373436633832633439
30653766373230383364396638366237643932633364663639643661393438653339393031616338
62396632353063376566333261356662356265373733323631363263396337383631383733393034
65616434356530306661636633363333353138303631626565636637313738353338343334633533
39313232356166623939383864346665626333363132663033326430366565336339306465343337
34613736356534653534363034366431653861613534663261633739366361373134323566376335
31313263313262353162353039623634653534346363323131633362323035633337366536366561
64323432353236383839643662383138373938373834323262386364376162663839366232313433
38643662613065663863636664636162333830353131636238383439323439316363383935623731
62393964636137653935313338343465396633333461643032383730313139396462393936383630
63353166633735623364653264643934666438383739663461373332623631323932333162303630
39353637353437636537613935306539633163613334303833393832616338323061633532303361
63656635333331376561363962386135303963303030396564356534333037623635613963313666
65303664316164613835343930623338326235363933623533343961666664323836316231613465
65373931666331326634316463663134613031363636363434643839386239333164333538393831
65653935623431373238326231343439666635623730393639636131386162373466316164356263
37316539656230316336303265646339303139306262396536633533366261346238393335393765
39376630306639353862323834343830646330643737653631633361326134613666613430323433
64363965653063316432353431386533386661386239636332323139393933653063643865646338
34626433393731343535313766303237313866613166663333616535323661666362613439376166
62626430363661303630346265383863613162356535306165633537383038613131346561306330
61623435626363623762313832313031363665623933656238623131303362326137313266316630
32366664633963626463613562643666383637383831343234666435373564306635343730373665
36643436633066373962303965373663376266323133343233323563393065633162383237323162
38656336306432623330616234373936306163646330313734653864386464646535666331616335
32623163356337326665333731656438393633326638363635353733663861323934333536393338
33656231373166313761643030363437373638366461653038363565623633623035393564643161
38663064356239393034323761386435396437386534633734353938653239323533333531363965
36316636353864626461303936313632663261353437396238363930626239336139323561373133
61366330386135363039303166326231656331653632343261306531653731313465396131643330
35616432613631636264333263363239616435303436653936386165343335356337343032386239
37373230623366653834663031343738643063616661363138316262643635343439333838363632
34353236393730363262303439313132663735336463323432303036366361666338363237313664
39366434303839356163616136336237643061373633343737333036653362643635643536386436
30336636333464626464326332343333656535666431353338336438346335346433313934346231
32326231636262346232636366393361623830316238303537666164626339383061633765333039
30633539666535366539383061396461313437383537656239393131326538636536356536643735
66653336343364346635383761613731666263366465643336636661323263386364653035333062
33616364393664613363383937653530356138316363633335386232336531373835303732383962
65643264656134393663653333346531316365323730383363373564323133333032373330643232
63373239366435643738353130353333646136303530643065383066313035366239326664363830
36626366646264643130326261363536313835356638636139636434333362366363313133316130
61383734636433313433303466323265386132363862643131613666306162396437643166393630
32613464313530316262353938383735336262663939323730626662663235303638303065663939
33636234383033393237303865633961333462663232363562386637333335373565663261363933
31356436613138653765663162646566326134313736316130356336663536643466623331653039
38616465306532666434333534356464666663613263383430336465376133393032623762323237
63343462373834383566393466366332303235323865343730373062343739363265343164623262
38346539343533636435626133306662623865653934666665363063356162326461316561383261
33666362656635323262353066356330616263326134613635336261343438393838326438613435
64343336393034303330323563346233653135633439386465653065633339643032636662313531
38356234326632336161666666353030366238626262353831393532306166363432633939383166
66316136333838653433383439623366333062313833616366656566393965393665613738303833
38326139366330393863623365383963306361613665643962376664636134353533623836643362
39626166353138646666633136363662393565336333393638626534636330313632326333353366
39353133666532306531343137353834353133633165613566323135313362333962303637663965
63383730663562646563333763356135613537666332393537663062653662623938353434323136
39663965616437653232623333363762616233316530303833376332396165616635336532653035
36306331643232336664363733376632323630616139353030343930343166623433616234616539
34393131303363626166383037336262323662393431356463616665343463363432356132313531
37653331336165626435343162663662386662613164336439636465363335386233383065393535
31396466636465336164383563326236356463393831363534656536616664613361346463613837
35366562623432353166303836353261313233663864626665663837336233653237373031393636
64343763386361626232633032316466373161666536313363633765653365656538343130326566
38396534323433343634333139333063633531343631316163346135643037323034633835363963
32343963653263663438666537653963376133633661393562623131636465386266616166366566
36343963623262656162303337366365616263376363366161373236323166353834616262393061
39393239303335623332346236356335393836636533386432653164656334613738393533623764
36363136353034633934323066323335626138353763333537353761303930623930353062373932
30656339663333373431633763366433366266316563393332613334633966633339633230303166
61346264386134623962316532343664386637303738333835343036633038323137323961323837
33376431316465373165663338623538636136343538666235333334373664323463326336336334
32303361393134653338646563643636356361366133633634393731343332313437643731366634
30386466333965356135303732663433316363376438623764653464343564353835626435333230
30646238393266643137373037326136306337306130343739633933626134643364326534386464
65303531623335663766623037663630376366333631363165633762616564396538643866313465
35343265663336303537663962643536653937373839313435383337353036313239653263323061
63653865656461363334646466396135663338383065646464656631636666643030376363633333
30333331636438656238326534656165396233633131306562336263653330396366343964313434
66653862386531306236336339353935653335616638643831393430613533643533626135313835
64313065373564323132663531626436623465663766663566643964353361303336386464386463
38373036613536386436373535323664333231663437643962373339653236393339653064363530
61393835343230356234376630613230326637636534336564383139366663663136306665363363
66373237373530303062333935633634313766316461666439666433616236346434623535343531
30383264303536653236363533383561613636303662663935303761353065336631353735376365
63343162646663623736336638306465666233343031656137393037623035613236373930633131
36366633656131633563336561323835343766356131343038643761663966656364376430366636
36316633633736353436666539303039383231333437653666313435616536626434653833376532
66376130653339643564646139633238643266316633363137313038363061386163613863313733
66633665613537303834393233376463343965343664343564343832376238383064373262336162
61313163303632373261383563363964353731363739306337333161333130656235363631343761
61353265633338336466623830396466646233333039323065333636303035363563373366396334
37366637306430396262376539653134396536643931643563386666623364346635363138373937
61613232386666343033383031363439373335396362643130656235653066376537373062333363
39373737316136303835616639363162363839376635666237353064323433373961326338393263
34343162336336623530653531663136366136353139343561623532633139366533386263316364
36306134356666343230643639303766343466353562643130363063343330393232663161306266
66336435356265396330366566373137323265623431386535396665313335666332616233383664
63656663363366613431366632306230633265306663336439306263646132626631363663643861
30373330653637623733653165336132643965623232383839623535326336643239333133313030
32326634643238333163383562393134623532363561393364616430366532633862396438306433
33653235303639383333633035656533633165653137326130643961393965346266383861616333
37306266393231336666343333643530353230383239343931303838623335303262313130616162
65383962613965646438323065303962663965333231323139303438343631396363666330653330
61323839333863343034356363366433313039383963303063346237366261363861643839396362
31346637303032356463303564303562313639643563396261326538353834363737323235646430
64343230336539663237306235623662333062396238383135616231383837366339376633663938
65313739333065383335323437396232323564363733333437363133613766653334396431333036
38333038656339363132346362333863643261376335666536306231316630303437306231646565
61666334623736373832613366376438323664653531393938353234303030633532653561313665
63613064663564646235373234326661303562646139323330343330343139633462646131353038
62663535393738626432633564663564653663393937656634666137646363643365353930373266
66373162373165653533383862363835346133313234326162393331666566316439633133316633
66393733373333653630363334353833363565336338613361396335326166643630623133303466
31663037663766356531663039386232316138393266333035613364316539353837653763616666
32376431383965633138666536386532663761343537646266643566373132343762383966326233
38373766353962323362366330383564636236363961333535313064313039343933346439396237
66616631633539623537633164363665393239643633663338393765336434653930356662656164
65366533633336313832633166376265376634613635363563643866323730343139306537323863
61373461363237653634666331366436356335306265643639373034666131626238336632346632
34613062346532656530626364343938636162383862653538353563363035346339623839663261
39663438396362383866663336643035653833336466663037313764326434373061626232646333
63336336383366333538613331303863356430373764363930363061383036343836386561663362
63663232373563343461306131333263376437623534346562626536376138393939373064333231
31303464656332383036616661656565313063346231623634356638326239343536316162613335
34663232326438333966313663336465373833646634353934323361343833373661633265313239
62656533656338376562323861396665353166623732623139353431336439386263363235316132
35373933613236616362396363323031633166633837383634313638656430373634383563616463
38353738636631626639636135363561623935646365316161376166653461356430326362623738
64386537373230303239356334313663616336393439623431616639643233353662306265373232
39343066353564316433653361333766363535636533626338386434646531653432313034393134
62653733313636653331356363396531313136346136303661656466333138363366616530306536
66373532626230313739306432363433313736316261383837393737356333326236323261613965
36373064636138373134373530363533613031376362386334393464383062663663313234643432
64363232376137613231313862386561313131376133376466393630383737306666393738613265
66646236646632313832633366333335313239363763326464326361326263346636326332376336
31306230373963636135643235306537623930636164346366623862303838653238373030653035
35653634393532653566323063323761643738616532376262623163393461346334393034643862
62653835363236303732386365626464346131363231336431316233643132383566356531346237
66333933386539396366333565653938396564643464663165323535386262623532666237393630
65336262636630386633626335636231616332353965356335666362313562643738306263376230
63323938633237363431386639613830633765353232313236336233363736363566346237616637
61656234376562323162656432393665393930313736313439316261363264333865356139343233
63636638646332626365383839373765383864346532383236386266656635653333343032313231
65626233313634333533653436626134373632363565653230656161613963323334613262646530
66636331396130613934363939653238343463396639363731393363643830663362373439646337
63396435376637666563333165623338386337613638366339656561366538366635363037366531
32306235666231303762356665613738323336306465613531313964626631313731373963353964
32616632376534316532643531386635386330313866326265393736376538616431323238333562
36373238656361323336383466363563623333306634373164366134376635373262353533653330
38643233363737356564653834316435336439663562343366353866336662356138323566363061
63313336323435343861393164313130346438343862366530363233643266393964316265663535
65323739306536373331326338326132383265343939663336303534633537393637353639636561
64656432313636366434313465626562626638613232653230373530363234306537363665646633
33326163663830353166643662386637323438366334386533303664356631653561323032666265
61333165363636363634353461613039313362373863663739323231663230643635663466323430
37393431333733313134326231313234353930663365646637386639643535316362626232323430
32363631353565323663393235343336663930373439663861613661636433356366633065343935
61356636323039656230353264646166626633316430653162383638336265653865373536643036
35653166333765366231636163666638383262613432646334663430323565333538626665343763
32646663356565646362646261343436383039623635666439643762616463656361386631313637
61616164383734353634306633636338623837356230626263653161616664613266356432653335
30646434346436383565343138623264386630333832386134666463313936383364333364383232
39393066333666653734616463343530643537613437623766313237353033623662336137356534
35303635623232333230363362353137656235373539316163653863326666383237303235316164
34623138346261366238303037653764366537333561623135656236663435316565303931353939
34663932303239393836363663343735313632333639633733323564343039346436343935373430
66313863643361306161373634373738383462313831643161333230646435313261383534396464
39663466643864666433366531323866333935373833663661323833623734646265393035613966
62393165653135643737343333346232356638646437326664396466333063666135653338623266
34663133636164386164636434666231643163343930353863306538333337643762616661366366
63646336613433623862356365633563633235396337356535376335636633636563333738383061
33326136393530353964666639633638643433653736376637386638336561643061323635373565
65393836613638313165313262376166643561623131363836363531616232663333333063393039
35643938626132383439393761623165303730396365323665613663643961663466393937333731
30643662663034616631343336343236613437376362366234343436376563303466633030323465
64626536333465626430333336353038336539313531303933633466333633336364363961353861
31636135303332343733313637326461643264636236313331643438613365393733383764653432
65346533616130396233613863633331613638316462366364346465353234373531393137336165
36666336333036396262663661343962663763316531393765346536646236613331626139383230
32623665353463326633646466376232343333666465616633333033663031643262663732323230
36363439613934643037393562333237636262306330356638666235333361376136623462313736
33373163336134316563353031616339336234623738373230323335623130376265386130333235
64616261633232316131633062623163333135323737376462383539663137366539656261396238
31363232356361376264373863663362346535346136313834623761333037343435326339633735
33656465376264326334356365346437343062343631663430346561656531653662646530316133
64396563376263306533306565623163316238326264306330393465333737303062363030343662
65333633643635643737323231343664613735336230393835346132613331366266336434623937
65616366633734373434333837326465613862633930626435623165633964313732373936346434
30643161633238343435623538316134616161313461616538653161383032313038666638376432
64646564626231656664306235633031356564373432626561386135653136313062383861323130
34393331316439613363636631666262343334393739303631633936623964343938373334623230
39343031663565333431333731363966623730666335346164623662373265643732306662393663
39336137326533643533623865313934336464633634613436616438373531636562313762383666
37386365333361626362
32313562646230353138303964366135656361616532343933353732313961323339653964353130
3938346666633565356134343835633964626261363365370a663664663938383731343733386136
33356531323762313463326339333963336636353933326537333665313334616563626632336663
6537363033663935660a613366613962626563643035663330343061353836646561623031323236
65313633383063373064613930623530656365396335663363643330636239643937373163623932
61373136303737333739316565323934376433316362353935363637373264616238373831666438
35343135383233653963333237393232353631636566373766366664656666313436323535393736
62323731343261373331393062633030356235313834373861323138663930613332643432386436
38383038616536316465343561643639353434396631643033633537393265646532613161343732
32363265643963386538326639353233363438643833306637336431303533396562613863633537
30303334643137313136633039393463346562306236353566333563633238313865313534326137
33623036376439653532313833633135326631643361333463633162303065623633636331666661
62303636653233666164383463356530633464306564383236373832616263653165373937303030
31323865656436366265303537306438303434613135396166313635656566373539303463393830
65383636363064333730623161316162373734626433346564333835393030616437636665316566
37353937626465383439633534316336313931663561336335653761396230393031393839336264
37623037663032646631656637386366333131356562376665333964393264643133626532653564
32353235633434656334663233303664613865343039613330663833396162646430623735653434
66633466306338373061326636366330643639383632353564353865623637303832306332653131
37343566393965326635613135613134316264616336303233616162313839626235386137343435
33633336636434343531633362633834376135303337363637303039323038313937646236366265
34303434373566313730623664653263653466366133363562333736393836393363326665353434
30333263323366326436623238353335323936346637646130623265366535653737343665373165
63336166633831623464343862353065653162613934646539396364353162633063303332313266
65656163396463363737663931353765376337643065646131303264363961366336343432653537
65306437623535393132343962333666366665316362366536663431646435633166333731303232
63313337353334623330623862386661306333366638306433373437623835636631376231373636
66666539363561313166396438343730656230663532633031353336636565343964366136663466
38316364663936303231633633613832313163646262313238346666336661613236343966353130
62656237663865306632333130653933633332623061633062363964643130383430613864663935
63663765356434626661346165653163626565336437613539653536306432376332616430393737
34366139336363383761366338623236383135373634613239616665343061396633383231663230
63653331336366666234626662356461663263626465663036326162343239373734346661626665
61666231613565356633343030343935393135653261376239303037373634386138393463363239
30356365663133646634333863616230646235656135336330393836353462323630376537366334
31306330363232326661616666623131383837353139643838326430653561346565393762323936
31623136656361383039653763613162356530653933376539336130376237396661663664393733
36396433303339613965316230613237303331646331383239356638333366653961303138343663
33393664303637333863313364356666383836633063643539333262633565623534323866316537
38623630363139643837396330353463303932383231663831363763656537386531383531303165
37366338343063346230656461393832383736636662656666636434363731623437303862636366
33613333393139613637623963373262323637653531336265333033333135613330313166633738
36353935383931363535656539333130653164613431616438613432313532373063353738656162
36616563383133623336396633343762376537663432356238653766666636323232623065313537
39636632326166323130646633626431323831373963313837613465356436326430616433303662
65343834663937306539663330366538643265626665613631323036616463313266303237613938
30613565306636306561643238326138623366343365303934306561623234313332636462383363
30623432326336396364636164366463326533613665333830656564626663383331323661663934
35353135323930656138373830623932396138626335343265623738383532333861306561323430
66333532333961636463656535636132323535313730333762633139306235373031363831363266
33646635316137616663653461393566303432386330623936633330373461333762356532663062
39666437363931313861356331653932303132353364623664656364316430653933653935616230
38376631316463646663626562366233626334323235633235653364623936643131356130343261
36396535393335366532313930623363663032386635396262363430303466373737633739626435
30636136396562336561393936353763383732653166353266376165663233626266353638363131
65323462633039323334613566373434343363633532656534663635363763396265663137636331
38613736353635613437663133616431396666316230393066343431336535626335373437393039
63666135353937313765316134326338376161353862373161653039333631306264343464353035
65353639313134346239646362663836643734373465353866373238613162303336306438376237
35363934333536376136666561333636653136316435316530366461306636333063313739626630
37633333333766613663636466373364663132613266343136376138663461383832356631303132
30363434336161393962363636313364663839383734373533356663343733333731613535646433
64396361643736653931336365313338313633383038306131333863306437386362633263646364
36656566326333333136636566613066623362363263373435356162396431396334386237383231
30326465646334613235666435613462633230353434653666336364646466613066346366376262
66633863333461626631383961663930383663666538613162643730323565653732386330613538
38666164353130386530376332643637333931313661633634303636643639613561643338373331
63333932306634313933366533623837613934366334396637396361623439383964333665383435
62316265356537616137643537366666336634393935613034393737313930333364323031653234
37366561356332666439623462396266623961653039626562393065393336643962373064343563
36346665666338623931343739386531343833386135356164303532643463346565316163656633
32616365623065626139383362613466633332666133313263393062373338653834363830333039
62626230343362393533633061663432363836616539643065643839623065633363393134643534
63343935376537393739333063333333386239663763383435633234376434366362616433363162
34363539633661633333306133363433313761303138363864373266333461303139613362663937
39626332356139396330393361613364643363366164376234316266316164393035386334366362
36373065626530333237636139336163623766623561656234333239646263626164323134633434
63326635393665333533383562633438303036616262366435373739386430353964333265393732
66643838303566626131323834646564613830333937616264383864316666343333396636303836
38633335656536653334626530303835623531666665326533303535313164323836373365636265
65393061363933373931396134623264643065633534313566346336343862346537343437363765
62663264376266326538616330376633353832353234653661613964373231666562326466663934
38393931643736626332623461613737383463663935656263656233306437653331343838343865
64343239636166343134336261656162393938396633376663366466653634373566336165323237
34386137313961653739393231616532346664366138356631353030623236343535363435636462
32323564306339396437633763613535393230386631616166656539373861386633363464653439
34323134626334356631623764356232366337646236313031336138333636633834353463363961
32316664383038633330383765356563353062303133333133336365346561643234386161383461
39323964303061313461386333613961396533646161663230666466616231386239386666306233
39343239323739323738373263313662336237346663663432343861343034633463386163303366
38333537626232663438383230623032623765336164653438653434396362633063333437366338
34373431323539306531323536363238333037643337626131336631356537626237656630393964
38393736633433306632323334613232303162313962616334376130353931336337303462363266
39643137643034396564303531346361336134353461653535336165323032323238663631653935
38366339366436376166333335663230306663633634336434323532316664666134313365323834
31363964346561373262393632366637396633323332393162666166326631383164643265353135
34303664353434373131653530346634386333663732373966613761616261323032336266646163
32663966656464633565356337653534623962663939333033613933633965666339653764663134
38363965393730633638653561393432303835303164396462366435353030643966316665333061
39643634646137626338323537393031356532616637666634333139396630663930636235333735
66336465666439356636623037653564393161393432346534656132346631396462356463336566
30303833386638333866396462633330306439613139636331636331333663386438623461343133
30643164366434353765633738356536643861303232393362343131353730376364623463326361
37363061623333653466636438666465616133396233616430393265626362663736613031383764
63353065306166646461623763643062383738376266353765643134376538393233383663346237
37643639663063383266373536323533343936633134386263616163343637613636303134343037
34626232303335393532643134646132323463396333386664333731646331343937363661323539
65663936366464643162633432666537393439313664643638343237653566613235353165663336
32373037346239356337633036306138343366666463363538373836616530313565613562383433
64616263626165343938363230613039356137643665653734366533393033316363663036363738
66323663663366666162623734363465663939383830396533383665393139633530616263663136
64333132633031623835373831636366643831626235303831313761653734666365386462393534
66303332656561653162636636313439663633396638353638363465663138353866376636326634
63613865613466326230323564323439393061653664393261373531306235333663373434636262
62353132653333313635653633346461323165373862343839316539653038633664353830643234
36633763653738323732386263643461333761306532303534663763323735636563366266653464
66636236393033613736656562663661346162316164616663306465623431613133633130383136
35313434346164653163396137383064656538353766653237646237663639663039663665666236
62346139633234343735303762653030326333333764356562656435623330663066353333326239
39646465393362323537343766366432323765363139643361643037373739643636623437386636
32353233303337623136343062623633306361383737303431613663633163643832343434656335
39633434393466646366376534333865633361333861653366316238626637363537303335363662
61353830303733623665643864333134623062356334616331363565333235666261653732633264
62663238663461343738303764303636366638393830623264613730303635623635626364646464
35623239356235316136343532616638663930313565383264663936633733386663326161623830
62626634313963323866653432343561303233343035353433613731353538356438613033346638
33613466656633626261326465336437613630376335663933303061393731313065636131393762
65613037653363636235613838613535316635613066393436356537633662313539323163613361
36356632323634363335366665376663346565393439313031636331633235333664663830636135
64653266616262336437623731383161383437613461323837653066656233643230663064616432
65383337323333633465316533623465303735396430326334643634626436303263396534356335
34373134653232303866386433643864363536643138353965323130616338353731633434326361
66303133353264343664323435653133383431626263373237613631616235666465616333343937
37323333653565363665376236396232393132336137346461613831623063326631636335333365
65376538396265313732323932383061633464393630393563386163393230623238633938396535
34333330386131353336646361313634353862663762653234373235366565343232306432653731
61383863306632626463653831383735636233623966353130626634366638626236383864316531
37353062336539626531356133313132663330663135393930356565323364353761393439373533
61366465313462313033306631333432646163653832363564313838643362316263353562373262
33343664666230303065373836306663643135303439356362336634346637353438633364306365
30623332363436353865633738663464636132306134386465306164363333386338323433643163
37626235303062393933393363656339636139323464373439363765316266646536316336666163
34306262326238343937623432643262646263666266623933623565363535326235623637396237
64623961663037653033383933333062393932613933303962326538333739303731363137623365
30363030353433646133666166383938356232396331656165343531343232613934663834633464
36353331373233393861636131393238363031383135613633373665613364373466356663376431
66303331383837663261313838363266656164633836623661326331356566653938306266376632
63613238356135373938663030343634393566653963306237303138626461613931356565663835
64386433613937643730396130663333646334386336613864333533626661626166346232333964
66316664346231376639393132613936323261383131633737386331343966363961633237666334
38353363383761333439373437623937393534626435386262383732363833346166656233666332
62636130323536663432633434646666303664393130626437636132316264613535306463623964
30633030613665343631373366363737313130666337326230633631646461356362363963306361
64393639353339303436346438313833333432356666666339613666623132636235383866343838
36666263343538633537303665616366656363373736306235333264336466313939356131303561
33363030653966316232313933323665663330303338366333656536623861623537313266383565
65633866663665393635646531353539623362646663356664333866623432333465333335333333
31616262356537646261373166343665633238633235373335343134393366663462393465643135
35326336613835663132343233386564373462353561333066323631313664373865323233653336
65333731336565633664636562326365343263373263373162653239633964396138616335616230
63376562383064663330363562306338346465666563306365306639353632396633323830353337
65666233376239333436633566623535383065646235353832363030303565623531333539613864
63393339656238323466343564333134636164383062613138656138373936636531636166393062
32613431636233316533353937326234663336343231313630393037313663383034383238346562
36383264626366383835623261643562323037303661383832323939363939623038626664393530
65353061313266633764353331313532383766613735333131373365366336306139343265306634
66313435313965633362356563313763653634643362616138633832633136333362343731346166
34613431653134363732353833643962636431623036393935666237663833373934373438666434
36633538306632383439323465636665303863646532653165666638316137633738363736386633
33303234306531356136316463353232303737323661333430333137636633306131316434376665
64323633383735313536373534626331356631316464643530363866633730353239346633396364
36323437306165363465613365383666353037313333653230316234626439623964343336343762
66343831343133343330336536613134303836626434663731343636613835623364633236653962
63356635363239663533336265306261393337313136313937356662616231636461373230376232
64313738333966633265626166653266313932666134356235373238376530303437646464333364
31613631386335356561363938323831313061373566323638663864393266656361366463353736
63386361373737383837336435633562626566656666373737313464323466313364626466633537
6661656232313066363235616364646663623039386561636332

5
group_vars/bdd.yml
View file

@ -1,5 +0,0 @@
---
borg_keep_hourly: 6
borg_backup_exclude:
- "/var/lib/postgresql/"
...

69
group_vars/dhcp/dhcpd.yml
View file

@ -1,69 +0,0 @@
---
dhcpd__omapi_key:
algorithm: hmac-sha512
secret: 99XuJO0ofX3VAnWWlyixWbQ5YTagPfgxyh14IbLNBb3/JzEklkWopvQdj/PXVYbfb/sRyFJBhLexPag4dLh7PA==
dhcpd__interfaces:
- client0
- client1
- client2
- client3
- client4
dhcpd__dns_servers:
- 10.128.10.3
- 10.128.10.103
dhcpd__domain_search:
- isp.auro.re.
- auro.re.
dhcpd__subnets:
- network: 100.64.0.0/27
routers:
- 100.64.0.1
start: 100.64.0.4
end: 100.64.0.30
domain_name: client0.isp.auro.re
failover: true
- network: 100.64.0.32/27
routers:
- 100.64.0.31
start: 100.64.0.33
end: 100.64.0.63
domain_name: client1.isp.auro.re
failover: true
- network: 100.64.0.64/27
routers:
- 100.64.0.65
start: 100.64.0.67
end: 100.64.0.95
domain_name: client2.isp.auro.re
failover: true
- network: 100.64.0.96/27
routers:
- 100.64.0.97
start: 100.64.0.99
end: 100.64.0.127
domain_name: client3.isp.auro.re
failover: true
- network: 100.64.0.128/27
routers:
- 100.64.0.129
start: 100.64.0.131
end: 100.64.0.159
domain_name: client4.isp.auro.re
dhcpd__failover:
dhcp-1.isp.infra.auro.re: 10.210.1.1
dhcp-2.isp.infra.auro.re: 10.210.1.2
dhcpd__failover_address: "{{ dhcpd__failover[inventory_hostname] }}"
dhcpd__failover_peer_address: "{{ dhcpd__failover
| dict2items
| selectattr('key', '!=',
inventory_hostname)
| map(attribute='value')
| first }}"
...

24
group_vars/dns/kresd.yml
View file

@ -1,24 +0,0 @@
---
kresd__listen:
- address: 0.0.0.0
port: 53
kind: dns
- address: "::"
port: 53
kind: dns
- address: 0.0.0.0
port: 853
kind: tls
- address: "::"
port: 853
kind: tls
- address: 0.0.0.0
port: 8453
kind: webmgmt
- address: "::"
port: 8453
kind: webmgmt
tls: false
kresd__cache_size: 512
...

21
group_vars/edge/keepalived.yml
View file

@ -1,21 +0,0 @@
---
keepalived__virtual_router_id: 81
keepalived__interface: back0
keepalived__virtual_addresses:
crans0:
- 185.230.79.254/29
- 2a0c:700:28::2/64
- fe80::1/10
zayo0:
- 2001:1b48:2:103::d7:2/126
- 83.167.52.69/31
- fe80::1/10
oti0:
- 2a00:a4c0:100c:1::b/127
- 77.95.70.11/31
- fe80::1/10
keepalived__main: "{{ inventory_hostname_short == 'edge-1' }}"
...

86
group_vars/infra/bird.yml
View file

@ -1,86 +0,0 @@
---
bird__kernel:
kernel:
learn: true
import: accept
export: accept
bird__ospf:
limits:
import: 4000
export: 4000
import: accept
export:
protos: kernel
areas:
0:
broadcast:
- back0
stub:
- monit0
- wifi0
- int0
- sw0
- bmc0
- pve0
- isp0
- ext0
- pub0
- th30
- ups0
1:
broadcast:
- vpn0
bird__bgp:
edge1:
local:
address: "{{ bird__bgp_addr.back }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:203::1:1
- 10.203.1.1
as: "{{ bird__as.aurore }}"
import:
- pref_src: "{{ bird__pref_src_addr }}"
- accept
export: reject
edge2:
local:
address: "{{ bird__bgp_addr.back }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:203::1:2
- 10.203.1.2
as: "{{ bird__as.aurore }}"
import:
- pref_src: "{{ bird__pref_src_addr }}"
- accept
export: reject
#wg1:
#local:
#address: "{{ bird__bgp_addr.vpn }}"
#as: "{{ bird__as.aurore }}"
#neighbor:
#address:
# - 2a09:6840:213::1:3
# - 10.213.1.3
#as: "{{ bird__as.aurore }}"
#rr_cluster_client: 10.203.1.1
#import: reject
#export: accept
#wg2:
#local:
#address: "{{ bird__bgp_addr.vpn }}"
#as: "{{ bird__as.aurore }}"
#neighbor:
#address:
# - 2a09:6840:213::1:4
# - 10.203.1.4
#as: "{{ bird__as.aurore }}"
#rr_cluster_client: 10.203.1.1
#import: reject
#export: accept
...

457
group_vars/infra/firewall.yml
View file

@ -1,457 +0,0 @@
---
firewall__zones:
adm-legacy:
addrs:
- 2a09:6840:128::/64
- 10.128.0.0/16
ups:
addrs:
- 2a09:6840:201::/64
- 10.201.0.0/16
back:
addrs:
- 2a09:6840:203::/64
- 10.203.0.0/16
monit:
addrs:
- 2a09:6840:204::/64
- 10.204.0.0/16
wifi:
addrs:
- 2a09:6840:205::/64
- 10.205.0.0/16
int:
addrs:
- 2a09:6840:206::/64
- 10.206.0.0/16
sw:
addrs:
- 2a09:6840:207::/64
- 10.207.0.0/16
bmc:
addrs:
- 2a09:6840:208::/64
- 10.208.0.0/16
pve:
addrs:
- 2a09:6840:209::/64
- 10.209.0.0/16
isp:
addrs:
- 2a09:6840:210::/64
- 10.210.0.0/16
ext:
addrs:
- 2a09:6840:211::/64
- 10.211.0.0/16
pub:
addrs:
- 2a09:6840:215::/64
- 45.66.111.192/27
vpn-clients:
addrs:
- 2a09:6840:212::/64
- 10.212.0.0/16
vpn:
addrs:
- 2a09:6840:213::/64
- 10.213.0.0/16
infra:
zones:
- adm-legacy
- ups
- back
- monit
- wifi
- int
- sw
- bmc
- pve
- isp
- ext
- pub
- vpn
internet:
negate: true
addrs:
- 2a09:6840::/32
- 2a09:6841::/32
- 2a09:6842::/32
- 45.66.108.0/22
- 10.0.0.0/8
- 100.64.0.0/10
prometheus.int:
addrs:
- 2a09:6840:204::1:1
- 10.204.1.1
- 2a09:6840:204::1:2
- 10.204.1.2
grafana.adm:
addrs:
- 2a09:6840:128::98
- 10.128.0.98
re2o-ldap.adm:
addrs:
- 2a09:6840:128::21
- 10.128.0.21
ldap-replica-edc.adm:
addrs:
- 2a09:6840:128::4:249
- 10.128.4.249
nextcloud.adm:
addrs:
- 2a09:6840:128::58
- 10.128.0.58
dns.int:
addrs:
- 2a09:6840:206::1:1
- 10.206.1.1
- 2a09:6840:206::1:2
- 10.206.1.2
ntp.int:
addrs:
- 2a09:6840:206::1:5
- 10.206.1.5
- 2a09:6840:206::1:6
- 10.206.1.6
docker-ovh.adm:
addrs:
- 2a09:6840:128::150
- 10.128.0.150
mx.test:
addrs:
- 2a09:6840:211::1:5
- 45.66.111.208
- 10.128.1.5
proxy.pub:
addrs:
- 2a09:6840:215::1:1
- 45.66.111.206
collabora.ext:
addrs:
- 2a09:6840:211::1:1
- 10.211.1.1
grafana.ext:
addrs:
- 2a09:6840:211::1:7
- 10.211.1.7
ns-1.pub:
addrs:
- 2a09:6840:215::1:2
- 45.66.111.205
ns-2.pub:
addrs:
- 2a09:6840:215::1:3
- 45.66.111.207
ns-master.int:
addrs:
- 2a09:6840:206::1:7
- 10.206.1.7
tor.pub:
addrs:
- 45.66.111.215
- 2a09:6840:215::1:215
jitsi.pub:
addrs:
- 45.66.111.216
- 2a09:6840:215::1:216
log-1.int:
addrs:
- 10.206.1.9
- 2a09:6840:206::1:9
log-2.int:
addrs:
- 10.206.1.10
- 2a09:6840:206::1:10
firewall__input:
- iif:
- back0 # FIXME link-local
- vpn0
verdict: accept
- src:
- back
- vpn
verdict: accept
- src: monit
protocols:
tcp:
dport:
- 9100
- 9700
verdict: accept
- src: monit
protocols:
tcp:
dport: 9324
verdict: accept
- protocols:
icmp: true
verdict: accept
- protocols:
tcp:
dport: 22
verdict: accept
- verdict: drop
firewall__output:
- verdict: accept
firewall__forward:
- src: back
dst: infra
verdict: accept
- src: infra # FIXME: temporary
dst: internet
verdict: accept
- src: monit
dst: bmc
protocols:
icmp: true
verdict: accept
- dst: mx.test
protocols:
icmp: true
verdict: accept
- dst: mx.test
protocols:
tcp:
dport:
- 25
- 465
- 993
verdict: accept
# NS
- dst:
- ns-1.pub
- ns-2.pub
protocols:
tcp:
dport: 53
verdict: accept
- dst:
- ns-1.pub
- ns-2.pub
protocols:
udp:
dport: 53
verdict: accept
- src:
- ns-1.pub
- ns-2.pub
dst: ns-master.int
protocols:
udp:
dport: 53
verdict: accept
- src:
- ns-1.pub
- ns-2.pub
dst: ns-master.int
protocols:
tcp:
dport: 53
verdict: accept
# SNMP
- src: monit
dst:
- sw
- ups
- bmc
protocols:
udp:
dport: 161
verdict: accept
- src: monit
dst:
- sw
- ups
- bmc
protocols:
tcp:
dport: 161
verdict: accept
# Alertmanager
- src: monit
dst: docker-ovh.adm
protocols:
tcp:
dport: 9093
verdict: accept
- src: adm-legacy
dst: bmc
verdict: accept
# Prometheus for Grafana
- src: grafana.adm
dst: prometheus.int
protocols:
tcp:
dport: 9090
verdict: accept
# Prometheus for Grafana nixos
- src: grafana.ext
dst: prometheus.int
protocols:
tcp:
dport: 9090
verdict: accept
- src: grafana.ext
dst: re2o-ldap.adm
protocols:
tcp:
dport: 389
verdict: accept
- src: grafana.ext
dst: ldap-replica-edc.adm
protocols:
tcp:
dport: 389
verdict: accept
# Admin VPN clients
- src: vpn-clients
dst: infra
verdict: accept
# Prometheus node
- src: monit
dst: infra
protocols:
tcp:
dport:
- 9100
- 9700
verdict: accept
# Prometheus bird
- src: monit
dst: back
protocols:
tcp:
dport: 9324
verdict: accept
# Prometheus kresd
- src: monit
dst: dns.int
protocols:
tcp:
dport: 8453
verdict: accept
# Allow DNS from infra to dns-{1,2}
- src: infra
dst: dns.int
protocols:
udp:
dport: 53
verdict: accept
- src: infra
dst: dns.int
protocols:
tcp:
dport: 53
verdict: accept
# Allow NTP from infra to ntp-{1,2}
- src:
- infra
- pub
dst: ntp.int
protocols:
udp:
dport: 123
verdict: accept
# Admin Wireguard
- dst:
- 2a09:6840:211::1:1
- 45.66.111.204
- 10.211.1.1
protocols:
udp:
dport: 5121
verdict: accept
# Proxy web
- dst:
- jitsi.pub
- proxy.pub
protocols:
tcp:
dport:
- 80
- 443
verdict: accept
- src: proxy.pub
dst: grafana.adm
protocols:
tcp:
dport: 3000
verdict: accept
- src: proxy.pub
dst: grafana.ext
protocols:
tcp:
dport: 80
verdict: accept
- src: proxy.pub
dst: nextcloud.adm
protocols:
tcp:
dport: 8080
- src: proxy.pub
dst: adm-legacy
protocols:
tcp:
dport:
- 80
- 443
verdict: accept
# ICMP to public vlan
- dst: pub
protocols:
icmp: true
verdict: accept
# Proxy -> Collabora
- src: proxy.pub
dst: collabora.ext
protocols:
tcp:
dport: 9980
verdict: accept
# Collabora -> Proxy
- src: collabora.ext
dst: proxy.pub
protocols:
tcp:
dport:
- 80
- 443
verdict: accept
# Tor: SSH
- dst: tor.pub
protocols:
tcp:
dport:
- 22
- 4444
verdict: accept
# Jitsi UDP
- dst: jitsi.pub
protocols:
udp:
dport:
- 3478
- 10000
# Jitsi TCP
- dst: jitsi.pub
protocols:
tcp:
dport:
- 5349
firewall__nat:
- src: 10.0.0.0/8
dst: internet
protocols: null
snat:
addr: 45.66.111.200/30
#- src: monit
# dst: adm-legacy
# protocols: null
# snat:
# addr: 10.203.1.3/32
...

59
group_vars/infra/keepalived.yml
View file

@ -1,59 +0,0 @@
---
keepalived__virtual_router_id: 82
keepalived__interface: back0
keepalived__virtual_addresses:
ups0:
- 10.201.0.1/16
- 2a09:6840:201::1/64
- fe80::1/10
monit0:
- 10.204.0.1/16
- 2a09:6840:204::1/64
- fe80::1/10
wifi0:
- 10.205.0.1/16
- 2a09:6840:205::1/64
- fe80::1/10
int0:
- 10.206.0.1/16
- 2a09:6840:206::1/64
- fe80::1/10
sw0:
- 10.207.0.1/16
- 2a09:6840:207::1/64
- fe80::1/10
bmc0:
- 10.208.0.1/16
- 2a09:6840:208::1/64
- fe80::1/10
pve0:
- 10.209.0.1/16
- 2a09:6840:209::1/64
- fe80::1/10
isp0:
- 10.210.0.1/16
- 2a09:6840:210::1/64
- fe80::1/10
ext0:
- 10.211.0.1/16
- 2a09:6840:211::1/64
- fe80::1/10
th30:
- 10.126.0.6/24
- fe80::1/10
pub0:
- 2a09:6840:215::1/64
- 45.66.111.204/27
- fe80::1/10
#keepalived__virtual_routes:
# ext0:
# - 45.66.111.204/30
keepalived__virtual_blackholes:
- 45.66.111.200/30 # NAT
keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
...

53
group_vars/isp/bird.yml
View file

@ -1,53 +0,0 @@
---
bird__kernel:
kernel:
learn: true
import: accept
export: accept
bird__ospf:
limits:
import: 4000
export: 4000
import: accept
export:
protos: kernel
areas:
0:
broadcast:
- back0
stub:
- client0
- client1
- client2
- client3
- client4
bird__bgp:
edge1:
local:
address: "{{ bird__bgp_addr.back }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:203::1:1
- 10.203.1.1
as: "{{ bird__as.aurore }}"
import:
- pref_src: "{{ bird__pref_src_addr }}"
- accept
export: reject
bird__radv:
rdnss:
- 2a09:6840:206::1:1
- 2a09:6840:206::1:2
interfaces:
client0:
max_interval: 5
prefixes:
- 2a09:6841::/64
dnssl: client0.isp.auro.re
domain_search:
- auro.re
...

40
group_vars/isp/firewall.yml
View file

@ -1,40 +0,0 @@
---
firewall__zones:
internet:
negate: true
addrs:
- 2a09:6840::/32
- 2a09:6841::/32
- 2a09:6842::/32
- 45.66.108.0/22
- 10.0.0.0/8
- 100.64.0.0/10
clients:
addrs:
- 100.64.0.0/10
non_clients:
negate: true
zones: clients
allowed_clients:
file:
path: /var/run/firewall/allowed_clients.yml
default: []
firewall__input:
- verdict: accept
firewall__output:
- verdict: accept
firewall__forward:
- src: allowed_clients
dst: non_clients
verdict: accept
firewall__nat:
- src: clients
dst: internet
protocols: null
snat:
addr: 45.66.111.220
...

32
group_vars/isp/keepalived.yml
View file

@ -1,32 +0,0 @@
---
keepalived__virtual_router_id: 80
keepalived__interface: back0
keepalived__virtual_addresses:
client0:
- 100.64.0.1/27
- 2a09:6841::1/56
- fe80::1/10
client1:
- 100.64.0.33/27
- 2a09:6841:0:1::1/64
- fe80::1/10
client2:
- 100.64.0.65/27
- 2a09:6841:0:2::1/64
- fe80::1/10
client3:
- 100.64.0.97/27
- 2a09:6841:0:3::1/64
- fe80::1/10
client4:
- 100.64.0.129/27
- 2a09:6841:0:4::1/64
- fe80::1/10
keepalived__virtual_blackholes:
- 45.66.111.220/32
keepalived__main: "{{ inventory_hostname_short == 'isp-1' }}"
...

71
group_vars/ns/knotd.yml
View file

@ -1,71 +0,0 @@
---
knotd__listen:
- address: 0.0.0.0
- address: "::"
knotd__keys:
xfr:
algorithm: hmac-sha512
secret: "{{ vault_knotd_xfr_key }}"
knotd__remotes:
xfr-master:
address: 2a09:6840:206::1:7
key: xfr
knotd__acl:
notify-master:
address:
- 2a09:6840:206::1:7
- 10.206.1.7
key: xfr
action: notify
knotd__queryacl:
local:
addresses:
- 10.0.0.0/8
knotd__zones:
auro.re:
dnssec_validation: true
acl:
- notify-master
master: xfr-master
test.auro.re:
dnssec_validation: true
acl:
- notify-master
master: xfr-master
infra.auro.re:
dnssec_validation: true
acl:
- notify-master
#queryacl: local
master: xfr-master
108.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
109.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
110.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
111.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
0.4.8.6.9.0.a.2.ip6.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
...

13
group_vars/ntp/chronyd.yml
View file

@ -1,13 +0,0 @@
---
chronyd__allow_networks:
- 2a09:6840::/32
- 10.0.0.0/8
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
chronyd__local_stratum: 10
...

144
group_vars/prom/prometheus/bird.yml
View file

@ -1,144 +0,0 @@
---
prometheus__scraping_bird:
targets: "{{ groups.router }}"
address:
port: 9324
prometheus__rules_bird:
- record: bird:protocol_up:bgp_all
expr:
label_replace(
bird_protocol_up{proto="BGP"},
"group", "$1",
"instance", "^([^0-9\\.]+)-[0-9]+.*"
)
# FIXME: sessions en cours d'installation, pas encore monitorées
- record: bird:protocol_up:bgp
expr:
bird:protocol_up:bgp_all
unless bird:protocol_up:bgp_all{
group="edge",
name=~"^(viarezo|isp[12]|rezel)[46]$"
}
# Sessions qui ne sont volontairement pas redondées
# au sein d'un groupe
- record: bird:protocol_up:bgp:non_redundant
expr:
bird:protocol_up:bgp{
group="edge",
name=~"^(oti|crans|legacy|edge)[46]$"
}
# Sessions qui le sont
- record: bird:protocol_up:bgp:redundant
expr:
bird:protocol_up:bgp
unless
bird:protocol_up:bgp:non_redundant
- alert: BirdBGPRedundancyDegraded
expr:
(
count by (group, name) (
bird:protocol_up:bgp:redundant{state="Established"}
) + (
count by (group, name) (
bird:protocol_up:bgp:redundant{state!="Established"} * 0
)
)
) < 2
for: 0m
labels:
severity: warning
annotations:
Session: !unsafe "{{ $labels.name }}"
Count: !unsafe "{{ $value }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPDown
expr:
(
count by (group, name) (
bird:protocol_up:bgp{state="Established"}
) + (
count by (group, name) (
bird:protocol_up:bgp{state!="Established"} * 0
)
)
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
# TODO: warning pour redondant ?
- alert: BirdBGPNoExportedPrefixRedundant
expr:
bird_protocol_prefix_export_count{
export_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:redundant{state="Established"}
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPNoImportedPrefixRedundant
expr:
bird_protocol_prefix_import_count{
import_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:redundant{state="Established"}
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPNoExportedPrefixNonRedundant
expr:
sum by (group) (
bird_protocol_prefix_export_count{
export_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:non_redundant{state="Established"}
)
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdBGPNoImportedPrefixNonRedundant
expr:
sum by (group) (
bird_protocol_prefix_import_count{
import_filter!="REJECT",
} * on (instance, name) group_left (group) (
bird:protocol_up:bgp:non_redundant{state="Established"}
)
) == 0
for: 0m
labels:
severity: critical
annotations:
Session: !unsafe "{{ $labels.name }}"
Group: !unsafe "{{ $labels.group }}"
- alert: BirdOSPFNeighboursChange
expr:
changes(bird_ospf_neighbor_count[5m]) > 0
or changes(bird_ospfv3_neighbor_count[5m]) > 0
for: 0m
labels:
severity: warning
- alert: BirdOSPFDown
expr:
bird_ospf_running == 0
for: 0m
labels:
severity: critical
annotations:
Instance: !unsafe "{{ $labels.name }}"
...

11
group_vars/prom/prometheus/common.yml
View file

@ -1,11 +0,0 @@
---
prometheus__rules_common:
- alert: CollectorDown
expr:
up == 0
for: 3m
labels:
severity: critical
annotations:
Job: !unsafe "{{ $labels.job }}"
...

11
group_vars/prom/prometheus/eaton.yml
View file

@ -1,11 +0,0 @@
---
prometheus__scraping_eaton:
targets: "{{ groups.eaton_ups }}"
address: 127.0.0.1:9116
path: /snmp
params:
module:
- eaton
prometheus__rules_eaton: {}
...

13
group_vars/prom/prometheus/ilo.yml
View file

@ -1,13 +0,0 @@
---
prometheus__scraping_ilo:
targets: "{{ groups.ilo }}"
address: 127.0.0.1:9116
path: /snmp
timeout: 180s
interval: 180s
params:
module:
- ilo
prometheus__rules_ilo: {}
...

6
group_vars/prom/prometheus/jitsi.yml
View file

@ -1,6 +0,0 @@
---
prometheus__scraping_jitsi:
targets: ["jitsi.pub.infra.auro.re"]
address:
port: 9700
...

23
group_vars/prom/prometheus/keepalived.yml
View file

@ -1,23 +0,0 @@
---
prometheus__rules_keepalived:
- alert: KeepalivedVrrpFault
expr:
keepalived_vrrp_state{state="fault"} > 0
for: 0m
labels:
severity: critical
annotations:
Instance: !unsafe "{{ $labels.instance }}"
- alert: KeepalivedMasterChange
expr:
changes(
keepalived_vrrp_state{
keepalived_vvrp_state="master"
}[1m]
) > 0
for: 0m
labels:
severity: warning
annotations:
Instance: !unsafe "{{ $labels.instance }}"
...

6
group_vars/prom/prometheus/kresd.yml
View file

@ -1,6 +0,0 @@
---
prometheus__scraping_kresd:
targets: "{{ groups.dns }}"
address:
port: 8453
...

28
group_vars/prom/prometheus/main.yml
View file

@ -1,28 +0,0 @@
---
prometheus__alertmanager_targets:
- docker-ovh.adm.auro.re:9093
prometheus__tsdb_retention_time: 90d
prometheus__scraping:
node: "{{ prometheus__scraping_node }}"
prometheus: "{{ prometheus__scraping_prometheus }}"
kresd: "{{ prometheus__scraping_kresd }}"
bird: "{{ prometheus__scraping_bird }}"
quanta: "{{ prometheus__scraping_quanta }}"
ilo: "{{ prometheus__scraping_ilo }}"
snmp: "{{ prometheus__scraping_snmp }}"
eaton: "{{ prometheus__scraping_eaton }}"
jitsi: "{{ prometheus__scraping_jitsi }}"
prometheus__rules:
common: "{{ prometheus__rules_common }}"
switch: "{{ prometheus__rules_switch }}"
prometheus: "{{ prometheus__rules_prometheus }}"
node: "{{ prometheus__rules_node }}"
keepalived: "{{ prometheus__rules_keepalived }}"
quanta: "{{ prometheus__rules_quanta }}"
#ilo: "{{ prometheus__rules_ilo }}"
bird: "{{ prometheus__rules_bird }}"
#eaton: "{{ prometheus__rules_eaton }}"
...

200
group_vars/prom/prometheus/node.yml
View file

@ -1,200 +0,0 @@
---
prometheus__scraping_node:
targets: "{{ groups.vm + groups.pve }}"
address:
port: 9100
prometheus__rules_node:
- alert: OutOfMemory
expr:
(
node_memory_MemFree_bytes
+ node_memory_Cached_bytes
+ node_memory_Buffers_bytes
) / node_memory_MemTotal_bytes < 0.1
for: 5m
labels:
severity: warning
annotations:
FreeMemory: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostSwapIsFillingUp
expr:
(
1 - (
node_memory_SwapFree_bytes
/ node_memory_SwapTotal_bytes
)
) >= 0.5
for: 3m
labels:
severity: critical
annotations:
UsedSwap: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostPhysicalComponentTooHot
expr:
node_hwmon_temp_celsius > 79
for: 3m
labels:
severity: critical
annotations:
Temperature: !unsafe "{{ $value | humanize }} °C"
Chip: !unsafe "{{ $labels.chip }}"
Sensor: !unsafe "{{ $labels.sensor }}"
- alert: HostNodeOvertemperatureAlarm
expr:
node_hwmon_temp_crit_alarm_celsius == 1
for: 0m
labels:
severity: critical
annotations:
Chip: !unsafe "{{ $labels.chip }}"
Sensor: !unsafe "{{ $labels.sensor }}"
- alert: HostRaidArrayGotInactive
expr:
node_md_state{state="inactive"} > 0
for: 0m
labels:
severity: critical
annotations:
Device: !unsafe "{{ $labels.device }}"
- alert: HostRaidDiskFailure
expr:
node_md_disks{state="failed"} > 0
for: 0m
labels:
severity: critical
annotations:
severity: !unsafe "{{ $labels.md_device }}"
- alert: HostOomKillDetected
expr:
increase(node_vmstat_oom_kill[1m]) > 0
for: 0m
labels:
severity: warning
annotations:
PID: !unsafe "{{ $value }}"
- alert: HostEdacCorrectableErrorsDetected
expr:
increase(node_edac_correctable_errors_total[1m]) > 0
for: 0m
labels:
severity: warning
annotations:
CorrectedErrors: !unsafe "{{ $value }}"
- alert: HostEdacUncorrectableErrorsDetected
expr:
increase(node_edac_uncorrectable_errors_total[1m]) > 0
for: 0m
labels:
severity: warning
annotations:
DetectedErrors: !unsafe "{{ $value }}"
- alert: OutOfDiskSpace
expr:
(
node_filesystem_free_bytes
/ node_filesystem_size_bytes < 0.1
)
and on (instance, device, mountpoint) (
node_filesystem_readonly
) == 0
for: 5m
labels:
severity: critical
annotations:
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
FreeSpace: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostConntrackLimit
expr:
(
node_nf_conntrack_entries
/ node_nf_conntrack_entries_limit
) > 0.8
for: 5m
labels:
severity: warning
annotations:
Filled: !unsafe "{{ $value | humanizePercentage }}"
- alert: HostClockSkew
expr:
(
node_timex_offset_seconds > 0.05
and deriv(node_timex_offset_seconds[5m]) >= 0
) or (
node_timex_offset_seconds < -0.05
and deriv(node_timex_offset_seconds[5m]) <= 0
)
for: 2m
labels:
severity: warning
- alert: HostClockNotSynchronising
expr:
min_over_time(node_timex_sync_status[1m]) == 0
and node_timex_maxerror_seconds >= 16
for: 2m
labels:
severity: warning
- alert: HostRequiresReboot
expr:
node_reboot_required > 0
for: 5m
labels:
severity: warning
- alert: OutOfInodes
expr:
node_filesystem_files_free
/ node_filesystem_files < 0.1
for: 3m
labels:
severity: warning
annotations:
Mountpoint: !unsafe "{{ $labels.mountpoint }}"
FreeInodes: !unsafe "{{ $value | humanizePercentage }}"
- alert: CpuUsage
expr:
(
1 - avg by (instance) (
irate(node_cpu_seconds_total{mode="idle"}[5m])
)
) > 0.75
for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
- alert: SystemdServiceFailed
expr:
node_systemd_unit_state{state="failed"} == 1
for: 10m
labels:
severity: warning
annotations:
Service: !unsafe "{{ $labels.name }}"
- alert: LoadUsage
expr:
node_load1 > 5
for: 2m
labels:
severity: warning
annotations:
Load1: !unsafe "{{ $value | humanize }}"
- alert: UnhealthyDisk
expr:
smartmon_device_smart_healthy < 1
for: 10m
labels:
severity: critical
annotations:
Disk: !unsafe "{{ $labels.disk }}"
- alert: HostCpuStealNoisyNeighbor
expr:
avg by (instance) (
rate(node_cpu_seconds_total{mode="steal"}[5m])
) > 0.1
for: 5m
labels:
severity: warning
annotations:
Disk: !unsafe "{{ $labels.disk }}"
Steal: !unsafe "{{ $value | humanizePercentage }}"
...

14
group_vars/prom/prometheus/prometheus.yml
View file

@ -1,14 +0,0 @@
---
prometheus__scraping_prometheus:
targets: "{{ groups.prom }}"
address:
port: 9090
prometheus__rules_prometheus:
- alert: PrometheusTsdbCompactionFailed
expr:
increase(prometheus_tsdb_compactions_failed_total[1m]) > 0
for: 0m
labels:
severity: critical
...

98
group_vars/prom/prometheus/quanta.yml
View file

@ -1,98 +0,0 @@
---
prometheus__scraping_quanta:
targets: "{{ groups.quanta }}"
address: 127.0.0.1:9116
path: /snmp
timeout: 180s
interval: 180s
params:
module:
- quanta
prometheus__rules_quanta:
- alert: QuantaQueueOverflow
expr:
snAgGblQueueOverflow == 1
for: 0m
labels:
severity: critical
- alert: QuantaCpuUsage
expr:
snAgGblCpuUtil1MinAvg > 50
for: 5m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value }} %"
- alert: QuantaCpuUsage
expr:
snAgGblCpuUtil1MinAvg > 80
for: 5m
labels:
severity: critical
annotations:
Usage: !unsafe "{{ $value }} %"
- alert: QuantaMemoryUsage
expr:
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 50
for: 5m
labels:
severity: warning
annotations:
UsedMemory: !unsafe "{{ $value }} %"
- alert: QuantaMemoryUsage
expr:
100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 80
for: 5m
labels:
severity: alert
annotations:
UsedMemory: !unsafe "{{ $value }} %"
- alert: QuantaFanHealth
expr:
snChasFanOperStatus{snChasFanOperStatus="normal"} == 0
for: 0m
labels:
severity: critical
annotations:
Description: !unsafe "{{ $labels.shChasFanDescription }}"
Status: !unsafe "{{ $labels.snChasFanOperStatus }}"
- alert: QuantaMissingIntakeTemp
expr:
count by (instance) (
snAgentTempValue
) - count by (instance) (
snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"}
) == 0
for: 0m
labels:
severity: critical
- alert: QuantaIntakeTemp
expr:
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 60
for: 10m
keep_firing_for: 30m
labels:
severity: warning
annotations:
Temperature: !unsafe "{{ $value }} °C"
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
- alert: QuantaIntakeTemp
expr:
0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 70
for: 10m
keep_firing_for: 30m
labels:
severity: critical
annotations:
Temperature: !unsafe "{{ $value }} °C"
Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
- alert: QuantaPowerRedundancyFailure
expr:
count by (instance) (
snChasPwrSupplyOperStatus{snChasPwrSupplyOperStatus="normal"}
) < 2
for: 0m
labels:
severity: warning
...

6
group_vars/prom/prometheus/snmp.yml
View file

@ -1,6 +0,0 @@
---
prometheus__scraping_snmp:
targets: "{{ groups.prom }}"
address:
port: 9116
...

91
group_vars/prom/prometheus/switch.yml
View file

@ -1,91 +0,0 @@
---
prometheus__rules_switch:
- alert: SwitchPromiscuousChange
expr:
changes(ifPromiscuousMode[5m]) > 0
for: 0m
labels:
severity: warning
annotations:
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInterfaceUpChange
expr:
changes(ifOperStatus{ifOperStatus="up"}[5m]) > 0
for: 0m
labels:
severity: warning
annotations:
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInErrors
expr:
irate(ifInErrors[5m]) / (
irate(ifInUcastPkts[5m])
+ irate(ifInNUcastPkts[5m])
) > 0.0001
for: 0m
labels:
severity: warning
annotations:
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchOutErrors
expr:
irate(ifOutErrors[5m]) / (
irate(ifOutUcastPkts[5m])
+ irate(ifOutNUcastPkts[5m])
) > 0.0001
for: 0m
labels:
severity: warning
annotations:
ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInLinkUsage
expr:
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
for: 5m
keep_firing_for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchInLinkUsage
expr:
rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
for: 5m
keep_firing_for: 10m
labels:
severity: critical
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchOutLinkUsage
expr:
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
for: 5m
keep_firing_for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
- alert: SwitchOutLinkUsage
expr:
rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
for: 5m
keep_firing_for: 10m
labels:
severity: warning
annotations:
Usage: !unsafe "{{ $value | humanizePercentage }}"
Interface: !unsafe "{{ $labels.ifName }}
{{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
...

40
group_vars/prom/prometheus_snmp/eaton.yml
View file

@ -1,40 +0,0 @@
---
prometheus_snmp__modules_eaton:
version: 1
auth:
community: "{{ vault_snmp_eaton_community }}"
walk:
- sysUpTime
#- upsBattery
- xupsInput
- xupsOutput
- xupsBypass
- xupsEnvironment
- xupsBattery
- xupsConfig
lookups:
- source_indexes:
- xupsInputPhase
lookup: xupsInputName
- source_indexes:
- xupsOutputPhase
lookup: xupsOutputName
- source_indexes:
- xupsBypassPhase
lookup: xupsBypassName
overrides:
upsBatteryStatus:
type: EnumAsStateSet
xupsInputId:
type: EnumAsStateSet
xupsOutputId:
type: EnumAsStateSet
xupsBypassId:
type: EnumAsStateSet
xupsOutputSource:
type: EnumAsStateSet
xupsBatteryAbmStatus:
type: EnumAsStateSet
xupsContactType:
type: EnumAsStateSet
...

19
group_vars/prom/prometheus_snmp/ilo.yml
View file

@ -1,19 +0,0 @@
---
prometheus_snmp__modules_ilo:
version: 3
timeout: 10s
retries: 10
auth:
security_level: authPriv
auth_protocol: SHA
username: aurore
password: "{{ vault_snmp_ilo_auth }}"
priv_protocol: AES
priv_password: "{{ vault_snmp_ilo_priv }}"
walk:
- sysUpTime
- cpqHeTemperatureTable
overrides:
cpqHeTemperatureThresholdType:
type: EnumAsStateSet
...

6
group_vars/prom/prometheus_snmp/main.yml
View file

@ -1,6 +0,0 @@
---
prometheus_snmp__modules:
quanta: "{{ prometheus_snmp__modules_quanta }}"
ilo: "{{ prometheus_snmp__modules_ilo }}"
eaton: "{{ prometheus_snmp__modules_eaton }}"
...

125
group_vars/prom/prometheus_snmp/quanta.yml
View file

@ -1,125 +0,0 @@
---
prometheus_snmp__modules_quanta:
auth:
community: "{{ vault_snmp_quanta_community }}"
timeout: 60s
retries: 3
walk:
- interfaces
- ifXTable
- snAgGblQueueOverflow
- snAgGblDynMemTotal
- snAgGblDynMemFree
- snAgGblCpuUtil1SecAvg
- snAgGblCpuUtil5SecAvg
- snAgGblCpuUtil1MinAvg
- sysUpTime
- snAgentCpuUtilPercent
- snAgent
- snChasFan
- snChasPwr
- snAgentTemp
- snAgentCpu
- snSwInfo
- snSwIfInfoTable
- dot3StatsTable
- dot3HCStatsTable
- dot3Errors
- dot3Tests
- dot3CollTable
- lldpLocChassisId
- lldpRemTable
- lldpLocPortTable
- dot1dBasePort
lookups:
- source_indexes:
- ifIndex
lookup: ifAlias
- source_indexes:
- ifIndex
lookup: ifDescr
- source_indexes:
- ifIndex
lookup: ifName
- source_indexes:
- snChasFanIndex
lookup: snChasFanDescription
- source_indexes:
- snAgentTempSlotNum
- snAgentTempSensorId
lookup: snAgentTempSensorDescr
- source_indexes:
- snSwIfInfoPortNum
lookup: snSwIfName
- source_indexes:
- snSwIfInfoPortNum
lookup: snSwIfDescr
- source_indexes:
- dot3StatsIndex
lookup: ifAlias
- source_indexes:
- dot3StatsIndex
lookup: ifDescr
- source_indexes:
- dot3StatsIndex
lookup: ifName
- source_indexes:
- lldpRemTimeMark
- lldpRemLocalPortNum
- lldpRemIndex
lookup: lldpRemChassisId
#- source_indexes:
# - lldpLocPortNum
# lookup: lldpLocPortIdSubtype
overrides:
ifIndex:
ignore: true
ifAlias:
ignore: true
ifDescr:
ignore: true
ifName:
ignore: true
ifOperStatus:
type: EnumAsStateSet
ifAdminStatus:
type: EnumAsStateSet
snChasFanIndex:
ignore: true
snChasFanDescription:
ignore: true
snChasPwrSupplyIndex:
ignore: true
snAgentTempSensorDescr:
ignore: true
snChasFanOperStatus:
type: EnumAsStateSet
snChasPwrSupplyOperStatus:
type: EnumAsStateSet
snSwIfName:
ignore: true
snSwIfDescr:
ignore: true
snSwIfVlanId:
ignore: true
snSwIfInfoPortNum:
ignore: true
snSwIfInfoMonitorMode:
type: EnumAsStateSet
snSwIfInfoMirrorPorts:
ignore: true
snSwIfInfoMediaType:
type: EnumAsInfo
ifType:
type: EnumAsInfo
dot3StatsIndex:
ignore: true
dot3StatsEtherChipSet:
ignore: true
dot3StatsDuplexStatus:
type: EnumAsStateSet
lldpLocPortIdSubtype:
type: EnumAsInfo
lldpRemPortIdSubtype:
type: EnumAsInfo
...

31
group_vars/pve/pve_auth.yml
View file

@ -1,31 +0,0 @@
---
pve_auth__groups:
admin:
- Administrator
pve_auth__pam_users:
root:
enabled: false
pve_auth__users:
elkmaennchen:
password: "{{ vault_pve_passwords.elkmaennchen }}"
groups:
- admin
jeltz:
password: "{{ vault_pve_passwords.jeltz }}"
groups:
- admin
korenstin:
password: "{{ vault_pve_passwords.korenstin }}"
groups:
- admin
otthorn:
password: "{{ vault_pve_passwords.otthorn }}"
groups:
- admin
v-lafeychine:
password: "{{ vault_pve_passwords['v-lafeychine'] }}"
groups:
- admin
...

17
group_vars/radius/freeradius.yml
View file

@ -1,17 +0,0 @@
---
radiusd__guest_vlan: 1000
radiusd__clients:
localhost:
addr: 127.0.0.1
secret: abcdef
type: aurore
wifi-ap-v4:
addr: 10.102.0.0/16
secret: abcdef
type: aurore
wifi-ap-v6:
addr: 2a09:6840:102::/56
secret: abcdef
type: aurore
...

1
group_vars/reverseproxy.yml
View file

@ -1,4 +1,3 @@
---
loc_nginx:
servers: []

3
group_vars/router/prometheus.yml
View file

@ -1,3 +0,0 @@
---
prometheus_keepalived__dest: /var/run/prometheus-node-exporter/keepalived.prom
...

3
group_vars/routeur.yml
View file

@ -1,3 +0,0 @@
---
rsyslog_high_density: true
...

12
group_vars/switch.yml
View file

@ -1,12 +0,0 @@
---
glob_switch:
loop_protect:
port_disable_timer_in_seconds: 30
transmit_interval_in_seconds: 3
sntp:
operation_mode: SNTP_UNICAST_MODE
poll_interval: 720
servers:
- ip: 10.206.1.5
priority: 1
...

60
group_vars/vpn/bird.yml
View file

@ -1,60 +0,0 @@
---
bird__tables:
- wg
bird__kernel:
kernel:
learn: true
import: accept
export: accept
vrf:
learn: true
import:
sources:
- "{{ iproute2__custom_protos.wireguard }}"
export: accept
table: wg
kernel: "{{ iproute2__custom_tables.wireguard }}"
bird__ospf:
limits:
import: 4000
export: 4000
table: wg
import: accept
export:
sources:
- "{{ iproute2__custom_protos.wireguard }}"
areas:
1:
broadcast:
- vpn0
bird__bgp:
infra1:
local:
address: "{{ bird__bgp_addr.vpn }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:213::1:1
- 10.213.1.1
as: "{{ bird__as.aurore }}"
table: wg
import: accept
export: reject
next_hop_self: true
infra2:
local:
address: "{{ bird__bgp_addr.vpn }}"
as: "{{ bird__as.aurore }}"
neighbor:
address:
- 2a09:6840:213::1:2
- 10.213.1.2
as: "{{ bird__as.aurore }}"
table: wg
import: accept
export: reject
next_hop_self: true
...

16
group_vars/vpn/ifupdown2.yml
View file

@ -1,16 +0,0 @@
---
ifupdown2__vrf:
wg-vrf:
table: "{{ iproute2__custom_tables.wireguard }}"
ifupdown2__wireguard:
wg0:
private_key: "{{ vault_wireguard_wg0_private }}"
listen_port: 5121
vrf: wg-vrf
table: "{{ iproute2__custom_tables.wireguard }}"
peer_allowed_addresses:
- 2a09:6840:212::1:1/128
- 10.212.1.1/32
peer_public_key: 0kP/XjaGOpu4p9KHTAoAhkLwXzC8wJUdPIdhdpgeKhY=
...

7
group_vars/vpn/iproute2.yml
View file

@ -1,7 +0,0 @@
---
iproute2__custom_tables:
wireguard: 2000
iproute2__custom_protos:
wireguard: 200
...

12
host_vars/caradoc.adm.auro.re.yml
View file

@ -1,12 +0,0 @@
---
borg_keep_hourly: 6
borg_keep_daily: 7
borg_keep_weekly: 4
borg_keep_monthly: 12
borg_backup_directories:
- "/etc"
- "/var"
- "/data_nextcloud"
- "/data_gitea"
- "/data_mail"
...

22
host_vars/collabora.ext.infra.auro.re.yml
View file

@ -1,22 +0,0 @@
---
systemd_link__links:
pub0: ae:ae:ae:2C:60:35
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:128::220/64
- 10.128.0.220/16
gateways: "{{ ifupdown2__gateways.adm }}"
collabora__server_name: office.auro.re
collabora__post_allow_addrs:
- 2a09:6840:215::1:1
- 45.66.111.206
collabora__wopi_groups:
- host: https://cloud.auro.re:443
aliases:
- https://nextcloud.auro.re:443
...

47
host_vars/dhcp-1.isp.infra.auro.re.yml
View file

@ -1,47 +0,0 @@
---
systemd_link__links:
isp0: 02:00:00:c6:3f:6f
trunk0: 02:00:00:b1:8d:d6
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:1/64
- 10.210.1.1/16
gateways: "{{ ifupdown2__gateways.isp }}"
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
addresses:
- 100.64.0.2/27
vlan_id: 1000
vlan_raw_device: clients0
client1:
addresses:
- 100.64.0.34/27
vlan_id: 1001
vlan_raw_device: clients0
client2:
addresses:
- 100.64.0.66/27
vlan_id: 1002
vlan_raw_device: clients0
client3:
addresses:
- 100.64.0.98/27
vlan_id: 1003
vlan_raw_device: clients0
client4:
addresses:
- 100.64.0.130/27
vlan_id: 1004
vlan_raw_device: clients0
...

47
host_vars/dhcp-2.isp.infra.auro.re.yml
View file

@ -1,47 +0,0 @@
---
systemd_link__links:
isp0: 04:00:00:8c:d1:36
trunk0: 04:00:00:33:2c:3c
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:2/64
- 10.210.1.2/16
gateways: "{{ ifupdown2__gateways.isp }}"
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
addresses:
- 100.64.0.3/27
vlan_id: 1000
vlan_raw_device: clients0
client1:
addresses:
- 100.64.0.35/27
vlan_id: 1001
vlan_raw_device: clients0
client2:
addresses:
- 100.64.0.67/27
vlan_id: 1002
vlan_raw_device: clients0
client3:
addresses:
- 100.64.0.99/27
vlan_id: 1003
vlan_raw_device: clients0
client4:
addresses:
- 100.64.0.131/27
vlan_id: 1004
vlan_raw_device: clients0
...

11
host_vars/dns-1.int.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
int0: 02:00:00:9f:d9:f9
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:1/64
- 10.206.1.1/16
gateways: "{{ ifupdown2__gateways.int }}"
...

11
host_vars/dns-2.int.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
int0: 04:00:00:3c:c0:5a
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:2/64
- 10.206.1.2/16
gateways: "{{ ifupdown2__gateways.int }}"
...

39
host_vars/edge-1.back.infra.auro.re.yml
View file

@ -1,39 +0,0 @@
---
systemd_link__links:
adm0: 02:00:00:9E:3E:21
crans0: 02:00:00:A2:7C:68
zayo0: 02:00:00:35:89:82
rezel0: 02:00:00:8F:4A:AD
back0: 02:00:00:1C:3A:2E
viarezo0: 02:00:00:ED:70:64
router0: 02:00:00:5A:17:7C
oti0: 02:00:00:05:0E:A6
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:2/64
- 10.128.10.2/16
crans0:
ipv6_addrgen: false
zayo0:
ipv6_addrgen: false
rezel0:
addresses:
- 2a09:6842:19:9116::1/64
- 45.66.111.1/29
back0:
addresses:
- 2a09:6840:203::1:1/64
- 10.203.1.1/16
viarezo0:
addresses:
- 2a0c:b641:2ff::6/125
- 192.159.121.133/29
router0:
addresses:
- 2a09:6840:129::10:2/56
- 10.129.10.2/16
oti0:
ipv6_addrgen: false
...

39
host_vars/edge-2.back.infra.auro.re.yml
View file

@ -1,39 +0,0 @@
---
systemd_link__links:
adm0: 04:00:00:F5:69:B9
crans0: 04:00:00:CF:E1:D0
zayo0: 04:00:00:67:7B:12
rezel0: 04:00:00:C6:05:B7
back0: 04:00:00:DE:22:E6
viarezo0: 04:00:00:45:FA:E6
router0: 04:00:00:AD:D7:71
oti0: 02:00:00:05:0E:A6
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:102/64
- 10.128.10.102/16
crans0:
ipv6_addrgen: false
zayo0:
ipv6_addrgen: false
rezel0:
addresses:
- 2a09:6842:19:9116::3/64
- 45.66.111.3/29
back0:
addresses:
- 2a09:6840:203::1:2/64
- 10.203.1.2/16
viarezo0:
addresses:
- 2a0c:b641:2ff::7/125
- 192.159.121.134/29
router0:
addresses:
- 2a09:6840:129::10:102/56
- 10.129.10.102/16
oti0:
ipv6_addrgen: false
...

63
host_vars/infra-1.back.infra.auro.re.yml
View file

@ -1,63 +0,0 @@
---
systemd_link__links:
ups0: 02:00:00:fe:6f:0e
back0: 02:00:00:f8:93:22
monit0: 02:00:00:da:97:7f
wifi0: 02:00:00:8c:c5:bf
int0: 02:00:00:75:40:3e
sw0: 02:00:00:ca:e8:d1
bmc0: 02:00:00:47:d1:b9
pve0: 02:00:00:b3:35:e7
isp0: 02:00:00:6b:53:14
ext0: 02:00:00:32:86:60
vpn0: 02:00:00:52:5f:85
th30: 02:00:00:23:a7:d3
pub0: 02:00:00:7d:34:06
ifupdown2__interfaces:
back0:
addresses:
- 2a09:6840:203::1:3/64
- 10.203.1.3/16
- 45.66.111.210/32 # secondary
ups0:
ipv6_addrgen: false
monit0:
ipv6_addrgen: false
wifi0:
ipv6_addrgen: false
int0:
ipv6_addrgen: false
sw0:
ipv6_addrgen: false
bmc0:
ipv6_addrgen: false
pve0:
ipv6_addrgen: false
isp0:
ipv6_addrgen: false
ext0:
ipv6_addrgen: false
pub0:
ipv6_addrgen: false
vpn0:
addresses:
- 2a09:6840:213::1:1/64
- 10.213.1.1/16
th30:
ipv6_addrgen: false
bird__router_id: 10.203.1.3
bird__bgp_addr:
back:
- 2a09:6840:203::1:3
- 10.203.1.3
vpn:
- 2a09:6840:213::1:1
- 10.213.1.1
bird__pref_src_addr:
- 2a09:6840:203::1:3
- 45.66.111.210
...

63
host_vars/infra-2.back.infra.auro.re.yml
View file

@ -1,63 +0,0 @@
---
systemd_link__links:
ups0: 04:00:00:6d:97:83
back0: 04:00:00:46:ba:f9
monit0: 04:00:00:72:0b:2d
wifi0: 04:00:00:ee:42:0f
int0: 04:00:00:21:fd:d0
sw0: 04:00:00:2e:5b:16
bmc0: 04:00:00:bb:5a:a6
pve0: 04:00:00:0b:2b:82
isp0: 04:00:00:f4:4c:5d
ext0: 04:00:00:1d:0e:83
vpn0: 04:00:00:02:ba:dd
th30: 04:00:00:9e:8d:4f
pub0: 04:00:00:f8:3b:9b
ifupdown2__interfaces:
back0:
addresses:
- 2a09:6840:203::1:4/64
- 10.203.1.4/16
- 45.66.111.211/32 # secondary
ups0:
ipv6_addrgen: false
monit0:
ipv6_addrgen: false
wifi0:
ipv6_addrgen: false
int0:
ipv6_addrgen: false
sw0:
ipv6_addrgen: false
bmc0:
ipv6_addrgen: false
pve0:
ipv6_addrgen: false
isp0:
ipv6_addrgen: false
ext0:
ipv6_addrgen: false
vpn0:
addresses:
- 2a09:6840:213::1:2/64
- 10.213.1.2/16
th30:
ipv6_addrgen: false
pub0:
ipv6_addrgen: false
bird__router_id: 10.203.1.4
bird__bgp_addr:
back:
- 2a09:6840:203::1:4
- 10.203.1.4
vpn:
- 2a09:6840:213:1:2
- 10.213.1.2
bird__pref_src_addr:
- 2a09:6840:203::1:4
- 45.66.111.211
...

59
host_vars/isp-1.back.infra.auro.re.yml
View file

@ -1,59 +0,0 @@
---
systemd_link__links:
adm0: 02:00:00:D8:37:45
back0: 02:00:00:BF:10:4C
trunk0: 02:00:00:E9:BA:15
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:5/64
- 10.128.10.5/16
gateways: "{{ ifupdown2__gateways.adm }}"
back0:
addresses:
- 2a09:6840:203::1:5/64
- 45.66.111.211/32
- 10.203.1.5/16
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
vlan_id: 1000
vlan_raw_device: clients0
ipv6_addrgen: false
client1:
vlan_id: 1001
vlan_raw_device: clients0
ipv6_addrgen: false
client2:
vlan_id: 1002
vlan_raw_device: clients0
ipv6_addrgen: false
client3:
vlan_id: 1003
vlan_raw_device: clients0
ipv6_addrgen: false
client4:
vlan_id: 1004
vlan_raw_device: clients0
ipv6_addrgen: false
bird__router_id: 10.203.1.5
bird__bgp_addr:
back:
- 2a09:6840:203::1:5
- 10.203.1.5
bird__pref_src_addr:
- 2a09:6840:203::1:5
- 45.66.111.211
...

47
host_vars/isp-2.back.infra.auro.re.yml
View file

@ -1,47 +0,0 @@
---
systemd_link__links:
adm0: 04:00:00:85:C3:5D
back0: 04:00:00:FE:2D:67
trunk0: 04:00:00:D8:F5:4D
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:105/64
- 10.128.10.105/16
gateways: "{{ ifupdown2__gateways.adm }}"
back0:
addresses:
- 2a09:6840:203::1:6/64
- 10.203.1.6/16
trunk0:
ipv6_addrgen: false
clients0:
bridge_vlan_aware: true
bridge_ports:
- trunk0
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
ipv6_addrgen: false
client0:
vlan_id: 1000
vlan_raw_device: clients0
ipv6_addrgen: false
client1:
vlan_id: 1001
vlan_raw_device: clients0
ipv6_addrgen: false
client2:
vlan_id: 1002
vlan_raw_device: clients0
ipv6_addrgen: false
client3:
vlan_id: 1003
vlan_raw_device: clients0
ipv6_addrgen: false
client4:
vlan_id: 1004
vlan_raw_device: clients0
ipv6_addrgen: false
...

16
host_vars/ldap-1.int.infra.auro.re.yml
View file

@ -1,16 +0,0 @@
---
systemd_link__links:
adm0: 02:00:00:38:c2:52
int0: 02:00:00:fe:a8:54
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:8/64
- 10.128.10.8/16
int0:
addresses:
- 2a09:6840:206::1:3/64
- 10.206.1.7/16
gateways: "{{ ifupdown2__gateways.int }}"
...

16
host_vars/ldap-2.int.infra.auro.re.yml
View file

@ -1,16 +0,0 @@
---
systemd_link__links:
adm0: 04:00:00:f7:1c:47
int0: 04:00:00:e4:83:d2
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::10:108/64
- 10.128.10.108/16
int0:
addresses:
- 2a09:6840:206::1:4/64
- 10.206.1.8/16
gateways: "{{ ifupdown2__gateways.int }}"
...

7
host_vars/log.adm.auro.re.yml
View file

@ -1,16 +1,9 @@
---
borg_backup_directories:
- "/etc/"
- "/var/"
borg_backup_exclude: []
rsyslog_collector_base_dir: /var/log/remote
rsyslog_inputs:
- proto: relp
port: 20514
- proto: udp
port: 514
- proto: tcp
port: 6514
rsyslog_outputs: []
...

38
host_vars/mx.test.infra.auro.re.yml
View file

@ -1,38 +0,0 @@
---
dovecot__auth_default_realm: test.auro.re
dovecot__auth_users:
jeltz@test.auro.re: "{plain}password"
lafeych@test.auro.re: "{plain}password"
toto@test.auro.re: "{plain}password"
root@test.auro.re: "{plain}L9yXSrCbbafMlMls5q7WWMKC612XNbXL"
dovecot__lmtp_postmaster_address: postmaster@test.auro.re
ifupdown2__interfaces:
ext0:
addresses:
- 2a09:6840:211::1:5/64
- 10.211.1.5/16
- 45.66.111.208/30
gateways: "{{ ifupdown2__gateways.ext }}"
postfix__hostname: mx.test.auro.re
postfix__sasl_local_domain: test.auro.re
postfix__virtual_aliases:
postmaster@test.auro.re: root@test.auro.re
dmarc@test.auro.re: root@test.auro.re
postfix__virtual_mailbox_domains:
- infra.test.auro.re
- test.auro.re
postfix__virtual_mailboxes:
jeltz@test.auro.re: jeltz@test.auro.re
root@test.auro.re: root@test.auro.re
toto@test.auro.re: toto@test.auro.re
vincent.lafeychine@test.auro.re: lafeych@test.auro.re
systemd_link__links:
ext0: ae:ae:ae:1d:c8:b2
...

11
host_vars/ns-1.pub.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
pub0: 02:00:00:ad:62:64
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:215::1:2/64
- 45.66.111.205/27
gateways: "{{ ifupdown2__gateways.pub }}"
...

11
host_vars/ns-2.pub.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
pub0: 04:00:00:1b:0a:3a
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:215::1:3/64
- 45.66.111.207/27
gateways: "{{ ifupdown2__gateways.pub }}"
...

29
host_vars/ns-3.ovh.infra.auro.re.yml
View file

@ -1,29 +0,0 @@
---
systemd_link__links:
adm0: 96:77:96:91:e3:6c
ovh0: 02:00:00:97:78:6d
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::109/64
- 10.128.0.109/16
ovh0:
addresses:
- 92.222.211.194/24
gateways: "{{ ifupdown2__gateways.ovh }}"
# TODO: remove as soon as the VPN works
knotd__remotes:
xfr-master:
address: 2a09:6840:128::110
key: xfr
knotd__acl:
notify-master:
address:
- 2a09:6840:128::110
- 10.128.0.110
key: xfr
action: notify
...

617
host_vars/ns-master.int.infra.auro.re/knotd.yml
View file

@ -1,617 +0,0 @@
---
knotd__listen:
- address: 0.0.0.0
- address: "::"
knotd__keys:
xfr:
algorithm: hmac-sha512
secret: "{{ vault_knotd_xfr_key }}"
ksk-infra:
algorithm: hmac-sha512
secret: "{{ vault_knotd_ksk_infra_key }}"
update-acme-challenge:
algorithm: hmac-sha512
secret: "{{ vault_certbot_dns_secret }}"
knotd__remotes:
xfr-ns-1:
address: 2a09:6840:215::1:2
key: xfr
xfr-ns-2:
address: 2a09:6840:215::1:3
key: xfr
xfr-ns-3:
address: 10.128.0.109
key: xfr
ksk-infra:
address: ::1
key: ksk-infra
knotd__policies:
public:
algorithm: ECDSAP256SHA256
reproducible_signing: true
# Je n'ai pas trouvé de façon de pousser les records automatiquement
# sur .re, donc pour éviter d'oublier de le faire manuellement, la
# KSK n'expire pas
ksk_lifetime: 0
zsk_lifetime: 30d
nsec3: true
infra:
algorithm: ECDSAP256SHA256
ksk_lifetime: 365d
zsk_lifetime: 30d
nsec3: on
ds-push: ksk-infra
cds-cdnskey-publish: rollover
ksk-submission: infra
ripe:
algorithm: ECDSAP256SHA256
ksk_lifetime: 365d
zsk_lifetime: 30d
nsec3: on
ds-push: ksk-ripe
cds-cdnskey-publish: rollover
ksk-submission: ripe
knotd__acl:
xfr:
addresses:
- 2a09:6840:128::109
- 10.128.0.109
- 2a09:6840:215::1:2
- 45.66.111.205
- 2a09:6840:215::1:3
- 45.66.111.207
action: transfer
key: xfr
ksk-infra:
addresses:
- 127.0.0.1
- ::1
key: ksk-infra
action: update
update_types:
- DS
update_owner: name
update_owner_match: equal
update_owner_name:
- infra
update-acme-challenge:
addresses:
- 10.128.0.0/16
- 2a09:6840:128::/48
key: update-acme-challenge
action: update
update_types:
- TXT
update_owner: name
update_owner_match: equal
update_owner_name:
- _acme-challenge.auro.re.
knotd__queryacl:
local:
addresses:
- 10.0.0.0/8
knotd__soa_rname: root@auro.re.
knotd__hosts:
auro.re:
proxy-ovh:
- 92.222.211.195
horus:
- 92.23.218.136
ns-1:
- 45.66.111.205
- 2a09:6840:215::1:2
ns-2:
- 92.222.211.194
serge:
- 92.222.211.196
lama:
- 185.230.78.220
- 2a0c:700:12:0:67:e5ff:fee9:108
vpn-ovh:
- 92.222.211.197
passerelle:
- 45.66.111.254
- 2a09:6840:111::254
proxy:
- 45.66.111.61
- 2a09:6840:111::61
camelot:
- 45.66.111.59
- 2a09:6840:111::59
mail:
- 45.66.111.62
- 2a09:6840:111::62
galene:
- 45.66.111.65
- 2a09:6840:111::65
aclyas:
- 45.66.111.231
- 2a09:6840:111::231
jitsi:
- 45.66.111.55
- 2a09:6840:111::55
jitsi-ng:
- 45.66.111.216
- 2a09:6840:215::1:216
portail-fleming:
- 10.13.0.247
- 2a09:6840:13::247
portail-pacaterie:
- 10.23.0.247
- 2a09:6840:23::247
portail-rives:
- 10.33.0.247
- 2a09:6840:33::247
portail-edc:
- 10.43.0.247
- 2a09:6840:43::247
portail-gs:
- 10.53.0.247
- 2a09:6840:53::247
adh.auro.re:
paon:
- 45.66.110.10
- 2a09:6840:110:0:231:92ff:fe1b:ae22
lyshyga0:
- 45.66.110.113
- 2a09:6840:110:0:6af7:28ff:fe91:e8d9
pz28910:
- 45.66.110.114
vinsing0:
- 45.66.110.123
- 2a09:6840:110:0:1e1b:dff:fe90:7d81
osc-routeur:
- 45.66.110.125
- 2a09:6840:110:0:ba27:ebff:fe2d:c1a1
odroid:
- 45.66.110.154
- 2a09:6840:110:0:21e:6ff:fe49:e00
amau0:
- 45.66.110.164
- 2a09:6840:110:0:3e7c:3fff:fec3:27d1
regulus:
- 45.66.110.180
- 2a09:6840:110:0:2ef0:5dff:fe2a:1530
toaster:
- 45.66.110.188
- 2a09:6840:110:0:5246:5dff:fe9a:f70
rpijutax:
- 45.66.110.190
- 2a09:6840:110:0:ba27:ebff:fe76:a9bc
polaris:
- 45.66.110.245
- 2a09:6840:110:0:dea6:32ff:feb4:d033
lafeychine:
- 92.91.154.45
infra.auro.re:
services-1.ceph:
- 2a09:6840:214::1:1
- 10.214.1.1
services-2.ceph:
- 2a09:6840:214::1:2
- 10.214.1.2
services-3.ceph:
- 2a09:6840:209::1:3
- 10.214.1.3
services-1.pve:
- 2a09:6840:209::2:1
- 10.209.2.1
services-2.pve:
- 2a09:6840:209::2:2
- 10.209.2.2
network-1.pve:
- 2a09:6840:209::1:1
- 10.209.1.1
network-2.pve:
- 2a09:6840:209::1:2
- 10.209.1.2
services-3.pve:
- 2a09:6840:209::2:3
- 10.209.2.3
caradoc.bmc:
- 2a09:6840:208::1:1
- 10.208.1.1
services-1.bmc:
- 2a09:6840:208::1:2
- 10.208.1.2
services-2.bmc:
- 2a09:6840:208::1:3
- 10.208.1.3
services-3.bmc:
- 2a09:6840:208::1:4
- 10.208.1.4
perceval.bmc:
- 2a09:6840:208::1:5
- 10.208.1.5
chapalux.bmc:
- 2a09:6840:208::1:6
- 10.208.1.6
loki.bmc:
- 2a09:6840:208::1:7
- 10.208.1.7
network-1.bmc:
- 2a09:6840:208::1:8
- 10.208.1.8
network-2.bmc:
- 2a09:6840:208::1:9
- 10.208.1.9
escalope.bmc:
- 2a09:6840:208::1:10
- 10.208.1.10
edge-1.back:
- 2a09:6840:203::1:1
- 10.203.1.1
edge-2.back:
- 2a09:6840:203::1:2
- 10.203.1.2
isp-1.back:
- 2a09:6840:203::1:5
- 10.203.1.5
isp-2.back:
- 2a09:6840:203::1:6
- 10.203.1.6
infra-1.back:
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2.back:
- 2a09:6840:203::1:4
- 10.203.1.4
ns-master.int:
- 2a09:6840:128:0::110
- 10.128.0.110
log-1.int:
- 2a09:6840:206::1:9
- 10.206.1.9
log-2.int:
- 2a09:6840:206::1:10
- 10.206.1.10
dns-1.int:
- 2a09:6840:206::1:1
- 10.206.1.1
dns-2.int:
- 2a09:6840:206::1:2
- 10.206.1.2
nis2.int:
- 2a09:6840:206::2:1
- 10.206.2.1
ldap-1.int:
- 10.128.10.8
- 2a09:6840:128::10:8
ldap-2.int:
- 10.128.10.108
- 2a09:6840:128::10:108
ntp-1.int:
- 2a09:6840:206::1:5
- 10.206.1.5
ntp-2.int:
- 2a09:6840:206::1:6
- 10.206.1.6
wg-1.vpn:
- 2a09:6840:213::1:3
- 10.213.1.3
wg-2.vpn:
- 2a09:6840:213::1:4
- 10.213.1.4
dhcp-1.isp:
- 2a09:6840:210::1:1
- 10.210.1.1
dhcp-2.isp:
- 2a09:6840:210::1:2
- 10.210.1.2
radius-1.isp:
- 2a09:6840:210::1:3
- 10.210.1.3
radius-2.isp:
- 2a09:6840:210::1:4
- 10.210.1.4
prometheus-1.monit:
- 2a09:6840:204::1:1
- 10.204.1.1
prometheus-2.monit:
- 2a09:6840:204::1:2
- 10.204.1.2
ff-1.core.sw:
- 10.207.1.1
ff-2.core.sw:
- 10.207.1.2
fl-1.core.sw:
- 10.207.1.3
fl-2.core.sw:
- 10.207.1.4
fd-1.core.sw:
- 10.207.1.5
ff-3.core.sw:
- 10.207.1.6
gk-1.core.sw:
- 10.207.2.1
eb-1.core.sw:
- 10.207.3.1
r3-1.core.sw:
- 10.207.4.1
eb-1.ups:
- 2a09:6840:201::3:1
- 10.201.3.1
ec-1.ups:
- 2a09:6840:201::3:2
- 10.201.3.2
mx.test:
- 2a09:6840:211::1:5
- 10.211.1.5
collabora.ext:
- 2a09:6840:211::1:1
- 10.211.1.1
grafana.ext:
- 2a09:6840:211::1:7
- 10.211.1.7
proxy.pub:
- 2a09:6840:215::1:1
- 45.66.111.206
ns-1.pub:
- 2a09:6840:215::1:2
- 45.66.111.205
ns-2.pub:
- 2a09:6840:215::1:3
- 45.66.111.207
ns-3.ovh:
- 92.222.211.194
tor.pub:
- 45.66.111.215
- 2a09:6840:215::1:215
jitsi.pub:
- 45.66.111.216
- 2a09:6840:215::1:216
knotd__zones:
auro.re:
dnssec_policy: public
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- update-acme-challenge
- ksk-infra
- xfr
soa:
mname: ns-master.int.infra
ns:
- target:
- ns-1.pub.infra
- ns-2.pub.infra
- name: infra
target:
- ns-1.pub.infra
- ns-2.pub.infra
- name: test
target:
- ns-1.pub.infra
- ns-2.pub.infra
- name: adm
target:
- serge
- lama
- name: ups
target:
- serge
- lama
- name: switch
target:
- serge
- lama
- name: borne
target:
- serge
- lama
mx:
- exchange: mail
preference: 5
- exchange: proxy-ovh
preference: 10
txt:
- data: v=spf1 mx -all
a:
- address: 92.222.211.195
cname:
- name:
- gisti
- gistiti
target: jitsi
- name:
- element
- riot
- auth
- rss
- codimd
- hedgedoc
- grist
- kanboard
- www
- pad
- privatebin
- zero
- paste
target: proxy-ovh
- name:
- grafana
- grafana-ng
- nextcloud
- cloud
- office
target: proxy.pub.infra
- name:
- netbox
- wiki
- matrix
- drone
- gitea
- re2o
- vote
target: proxy
- name: intranet
target: re2o
- name:
- smtp
- imap
target: mail
- name:
- prometheus-paul.adh
- pma-paul.adh
- nextcloud-paul.adh
- grafana-paul.adh
- jellyfin.adh
- monitoring.adh
- beta-mpp.adh
- pz28.adh
target: lucepaul.myvnc.com.
- name:
- services-1.pve
target: services-1.pve.infra
- name:
- services-2.pve
target: services-2.pve.infra
- name:
- services-3.pve
target: services-3.pve.infra
hosts: "{{ knotd__hosts['auro.re']
| combine(knotd__hosts['adh.auro.re']
| add_origin_keys('adh.auro.re.')) }}"
test.auro.re:
dnssec_policy: public
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
txt:
- data: v=spf1 mx -all
- name: _dmarc
data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
mx:
- exchange: mx
preference: 5
cname:
- name:
- www1
- www2
- www3
target: proxy.pub.infra.auro.re.
hosts:
mx:
- 2a09:6840:211::1:5
- 45.66.111.205
infra.auro.re:
dnssec_policy: infra
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
#queryacl: local
soa:
mname: ns-master.int
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
hosts: "{{ knotd__hosts['infra.auro.re'] }}"
108.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
109.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
110.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
reverse_hosts: "{{ knotd__hosts['adh.auro.re']
| ip_filter(['45.66.110.0/24'])
| add_origin_keys('adh.auro.re.') }}"
111.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
reverse_hosts: "{{ knotd__hosts['auro.re']
| ip_filter(['45.66.111.0/24'])
| add_origin_keys('auro.re.') }}"
0.4.8.6.9.0.a.2.ip6.arpa:
dnssec_policy: ripe
notify:
- xfr-ns-1
- xfr-ns-2
- xfr-ns-3
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
ns:
- target:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
reverse_hosts: "{{ knotd__hosts['auro.re']
| ip_filter(['2a09:6840::/32'])
| add_origin_keys('auro.re.')
| combine(knotd__hosts['adh.auro.re']
| ip_filter(['2a09:6840::/32'])
| add_origin_keys('adh.auro.re.')) }}"
...

16
host_vars/ns-master.int.infra.auro.re/main.yml
View file

@ -1,16 +0,0 @@
---
systemd_link__links:
int0: 02:00:00:e3:36:c8
adm0: 42:17:a7:d1:bd:6a
ifupdown2__interfaces:
adm0:
addresses:
- 2a09:6840:128::110/64
- 10.128.0.110/16
int0:
addresses:
- 2a09:6840:206::1:7/64
- 10.206.1.7/16
gateways: "{{ ifupdown2__gateways.int }}"
...

11
host_vars/ntp-1.int.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
int0: 02:00:00:74:71:83
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:5/64
- 10.206.1.5/16
gateways: "{{ ifupdown2__gateways.int }}"
...

11
host_vars/ntp-2.int.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
int0: 04:00:00:31:be:50
ifupdown2__interfaces:
int0:
addresses:
- 2a09:6840:206::1:6/64
- 10.206.1.6/16
gateways: "{{ ifupdown2__gateways.int }}"
...

3
host_vars/perceval.adm.auro.re.yml
View file

@ -1,3 +0,0 @@
---
borg_server_backups_dir: /borg
...

11
host_vars/prometheus-1.monit.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
monit0: 02:00:00:a8:6b:51
ifupdown2__interfaces:
monit0:
addresses:
- 2a09:6840:204::1:1/64
- 10.204.1.1/16
gateways: "{{ ifupdown2__gateways.monit }}"
...

11
host_vars/prometheus-2.monit.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
monit0: 04:00:00:a6:93:5a
ifupdown2__interfaces:
monit0:
addresses:
- 2a09:6840:204::1:2/64
- 10.204.1.2/16
gateways: "{{ ifupdown2__gateways.monit }}"
...

12
host_vars/proxy-ovh.adm.auro.re.yml
View file

@ -13,8 +13,6 @@ loc_reverseproxy:
to: auro.re
- from: 92.222.211.195
to: auro.re
- from: codimd.auro.re
to: hedgedoc.auro.re
reverseproxy_sites:
- from: phabricator.auro.re
@ -29,9 +27,6 @@ loc_reverseproxy:
- from: passbolt.auro.re
to: 10.128.0.53
- from: auth.auro.re
to: 10.128.0.150:8089
- from: riot.auro.re
to: "10.128.0.150:8080"
- from: element.auro.re
@ -39,6 +34,8 @@ loc_reverseproxy:
- from: chat.auro.re
to: "10.128.0.150:8080"
- from: codimd.auro.re
to: "10.128.0.150:8081"
- from: hedgedoc.auro.re
to: "10.128.0.150:8081"
@ -59,10 +56,5 @@ loc_reverseproxy:
- from: cas.auro.re
to: "10.128.0.150:8085"
- from: rss.auro.re
to: 10.128.0.150:8090
- from: status.auro.re
to: "10.128.0.150:8086"
- from: "kanboard.auro.re"
to: "10.128.0.150:8088"
...

15
host_vars/proxy.adm.auro.re.yml
View file

@ -41,6 +41,9 @@ loc_reverseproxy:
- from: intranet.auro.re
to: 10.128.0.20
- from: bbb.auro.re
to: 10.128.0.54
- from: nextcloud.auro.re
to: "10.128.0.58:8080"
@ -61,15 +64,3 @@ loc_reverseproxy:
- from: wikijs.auro.re
to: "10.128.0.66:3000"
- from: wiki.auro.re
to: "10.128.0.66:3000"
- from: netbox.auro.re
to: 10.128.0.97
- from: grafana.auro.re
to: "10.128.0.98:3000"
- from: office.auro.re
to: "10.128.0.220"

103
host_vars/proxy.pub.infra.auro.re.yml
View file

@ -1,103 +0,0 @@
---
systemd_link__links:
pub0: ae:ae:ae:3a:71:0b
ifupdown2__interfaces:
pub0:
addresses:
- 2a09:6840:215::1:1/64
- 45.66.111.206/27
gateways: "{{ ifupdown2__gateways.pub }}"
caddy__matrix_headers:
access-control-allow-headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
access-control-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
access-control-allow-origin: "*"
caddy__routes_https:
www1.test.auro.re:
- root: /var/www/auro.re
- path: /.well-known/matrix/server
headers: "{{ caddy__matrix_headers }}"
body: '{"m.server": "matrix.auro.re:8448"}'
status: 200
- path: /.well-known/matrix/client
headers: "{{ caddy__matrix_headers }}"
body: '{"m.homeserver": {"base_url": "https://matrix.auro.re"}}'
status: 200
www2.test.auro.re:
headers:
location: "https://auro.re{http.request.uri}"
status: 301
www3.test.auro.re:
reverse:
- "[2a09:6840:128::198]:3000"
- 10.128.0.198:3000
grafana.auro.re:
reverse:
- "[2a09:6840:128::98]:3000"
- 10.128.0.98:3000
grafana-ng.auro.re:
reverse:
- "[2a09:6840:211::1:7]:80"
- 10.211.1.7:80
office.auro.re:
reverse:
- "[2a09:6840:211::1:1]:9980"
- 10.211.1.1:9980
nextcloud.auro.re:
headers:
location: "https://cloud.auro.re{http.request.uri}"
status: 301
cloud.auro.re:
- path: /.well-known/carddav
headers:
location: /remote.php/dav/
status: 301
- path: /.well-known/caldav
headers:
location: /remote.php/dav/
status: 301
- path: /.well-known/webfinger
headers:
location: /index.php/.well-known/webfinger
status: 301
- path: /.well-known/nodeinfo
headers:
location: /index.php/.well-known/nodeinfo
status: 301
- path: /remote/*
rewrite: /remote.php
- path: /ocm-provider/*
rewrite: /index.php
- path: "*.mjs"
headers:
content-type: text/javascript
- reverse:
- "[2a09:6840:128::58]:8080"
- 10.128.0.58:8080
headers:
x-robots-tag: noindex, nofollow
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: "1; mode=block"
caddy__contact_email: tech.aurore@lists.crans.org
caddy__errors:
- root: "{{ caddy__error_dir }}"
- rewrite: /error.html
- file_server: true
templates: true
caddy__servers:
https:
listen: ":443"
routes: "{{ caddy__routes_https }}"
errors: "{{ caddy__errors }}"
http:
listen: ":80"
...

11
host_vars/radius-1.isp.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
isp0: 02:00:00:6a:3e:f4
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:3/64
- 10.210.1.3/16
gateways: "{{ ifupdown2__gateways.isp }}"
...

11
host_vars/radius-2.isp.infra.auro.re.yml
View file

@ -1,11 +0,0 @@
---
systemd_link__links:
isp0: 04:00:00:29:6d:c9
ifupdown2__interfaces:
isp0:
addresses:
- 2a09:6840:210::1:4/64
- 10.210.1.4/16
gateways: "{{ ifupdown2__gateways.isp }}"
...

93
host_vars/sw-ec-1.yml
View file

@ -1,93 +0,0 @@
---
switch_vars:
name: sw-ec-1
location: "Local_de_Brassage_EdC"
host: 10.130.4.11
port: 80
username: "{{ vault_switch.username }}"
password: "{{ vault_switch.password }}"
delete_vlans: []
vlans:
- id: 40
name: "Filaire_EDC"
tagged: "{{ '9-10,12,14,16,18,20,22-25' | range2list }}"
- id: 41
name: "Wifi_EDC"
tagged: "{{ '5-10,12,14,16,18,20,22-25' | range2list }}"
- id: 42
name: "Banni_EDC"
tagged: "{{ '5-10,12,14,16,18,20,22-25' | range2list }}"
- id: 43
name: "Accueil_EDC"
tagged: "{{ '5-10,12,14,16,18,20,22-25' | range2list }}"
- id: 110
name: "Adherents_IP_Publiques"
tagged: "{{ '9-10,12,14,16,18,20,22-25' | range2list }}"
- id: 111
name: "Serveurs_IP_Publiques"
tagged: "{{ '25' | range2list }}"
- id: 131
name: "Onduleurs"
tagged: [25]
- id: 144
name: "Bornes_Wifi_EDC"
tagged: [25]
untagged: "{{ '5-8,12,14,16,18,20,22-24' | range2list }}"
ports:
- id: 1
name: "Room_Ouest_363"
- id: 2
name: "Room_Ouest_364"
- id: 3
name: "Room_Principale_Foyer_1"
- id: 4
name: "Room_Principale_Foyer_2"
- id: 5
name: "Borne_Principale_0_1"
- id: 6
name: "Borne_Principale_1_1"
- id: 7
name: "Borne_Principale_1_2"
- id: 8
name: "Borne_Principale_1_3"
- id: 9
name: "Room_Ouest_352"
- id: 10
name: "Borne_Adh_Ouest_252"
- id: 11
name: "Room_Ouest_273"
- id: 12
name: "Borne_Adh_Est_231"
- id: 13
name: "Room_Ouest_261"
- id: 14
name: "Borne_Adh_Ouest_272"
- id: 15
name: "Room_Ouest_262"
- id: 16
name: "Room_Est_225"
- id: 17
name: "Room_Ouest_263"
- id: 18
name: "Room_Ouest_76"
- id: 19
name: "Room_Ouest_264"
- id: 20
name: "Borne_Adh_Ouest_58"
- id: 21
name: "Room_Ouest_265"
- id: 22
name: "Not_used"
- id: 23
name: "Room_Ouest_158"
- id: 24
name: "Borne_Adh_Ouest_267"
# id: 25
# name: "Uplink_sw-ec-core"
- id: 26
name: "Not_used"
- id: 27
name: "Not_used"
- id: 28
name: "Not_used"
...

228
host_vars/sw-ec-2.yml
View file

@ -1,228 +0,0 @@
---
switch_vars:
name: sw-ec-2
location: Local de Brassage EdC
host: 10.130.4.12
port: 80
username: "{{ vault_switch.username }}"
password: "{{ vault_switch.password }}"
delete_vlans: []
vlans:
- id: 40
name: "Filaire_edc"
tagged: [49]
- id: 41
name: "Wifi_edc"
tagged: [49]
- id: 42
name: "Banni_edc"
tagged: [49]
- id: 43
name: "Accueil_edc"
tagged: [49]
- id: 110
name: "Adherents_ip_publiques"
tagged: [49]
- id: 111
name: "Serveurs_ip_publiques"
tagged: [49]
- id: 131
name: "Onduleurs"
tagged: [49]
- id: 144
name: "Bornes_wifi_edc"
tagged: [49]
ports:
- id: 1
name: "Room_edc_Aile_Principale_115"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 2
name: "Room_edc_Aile_Principale_103"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 3
name: "Room_edc_Aile_Principale_114"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 4
name: "Room_edc_Aile_Principale_102"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 5
name: "Room_edc_Aile_Principale_113"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 6
name: "Room_edc_Aile_Principale_101"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 7
name: "Room_edc_Aile_Principale_112"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 8
name: "Room_edc_Aile_Principale_100"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 9
name: "Room_edc_Aile_Principale_111"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 10
name: "Room_edc_Aile_Principale_215"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 11
name: "Room_edc_Aile_Principale_110"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 12
name: "Room_edc_Aile_Principale_214"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 13
name: "Room_edc_Aile_Principale_207"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 14
name: "Room_edc_Aile_Est_24"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 15
name: "Room_edc_Aile_Principale_206"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 16
name: "Room_edc_Aile_Est_25"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 17
name: "Room_edc_Aile_Principale_205"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 18
name: "Room_edc_Aile_Est_26"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 19
name: "Room_edc_Aile_Principale_204"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 20
name: "Room_edc_Aile_Est_27"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 21
name: "Room_edc_Aile_Principale_203"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 22
name: "Room_edc_Aile_Est_28"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 23
name: "Room_edc_Aile_Principale_202"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 24
name: "Room_edc_Aile_Est_29"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 25
name: "Room_edc_Aile_Principale_201"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 26
name: "Room_edc_Aile_Est_30"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 27
name: "Room_edc_Aile_Principale_200"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 28
name: "Room_edc_Aile_Est_31"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 29
name: "Room_edc_Aile_Est_20"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 30
name: "Room_edc_Aile_Est_32"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 31
name: "Room_edc_Aile_Est_21"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 32
name: "Room_edc_Aile_Est_33"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 33
name: "Room_edc_Aile_Est_22"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 34
name: "Room_edc_Aile_Est_34"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 35
name: "Room_edc_Aile_Est_23"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 36
name: "Room_edc_Aile_Est_120"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 37
name: "Room_edc_Aile_Principale_109"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 38
name: "Room_edc_Aile_Principale_213"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 39
name: "Room_edc_Aile_Principale_108"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 40
name: "Room_edc_Aile_Principale_212"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 41
name: "Room_edc_Aile_Principale_107"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 42
name: "Room_edc_Aile_Principale_211"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 43
name: "Room_edc_Aile_Principale_106"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 44
name: "Room_edc_Aile_Principale_210"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 45
name: "Room_edc_Aile_Principale_105"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 46
name: "Room_edc_Aile_Principale_209"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 47
name: "Room_edc_Aile_Principale_104"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 48
name: "Room_edc_Aile_Principale_208"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
...

220
host_vars/sw-ec-3.yml
View file

@ -1,220 +0,0 @@
---
switch_vars:
name: sw-ec-3
location: Local de Brassage EdC
host: 10.130.4.13
port: 80
username: "{{ vault_switch.username }}"
password: "{{ vault_switch.password }}"
delete_vlans: []
vlans:
- id: 40
name: "Filaire_edc"
tagged: [49]
- id: 41
name: "Wifi_edc"
tagged: [49]
- id: 42
name: "Banni_edc"
tagged: [49]
- id: 43
name: "Accueil_edc"
tagged: [49]
- id: 110
name: "Adherents_ip_publiques"
tagged: [49]
- id: 111
name: "Serveurs_ip_publiques"
tagged: [49]
- id: 131
name: "Onduleurs"
tagged: [49]
- id: 144
name: "Bornes_wifi_edc"
tagged: [49]
ports:
- id: 1
name: "Room_edc_Aile_Est_121"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 2
name: "Room_edc_Aile_Est_133"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 3
name: "Room_edc_Aile_Est_122"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 4
name: "Room_edc_Aile_Est_134"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 5
name: "Room_edc_Aile_Est_123"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 6
name: "Room_edc_Aile_Est_135"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 7
name: "Room_edc_Aile_Est_124"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 8
name: "Room_edc_Aile_Est_136"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 9
name: "Room_edc_Aile_Est_125"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 10
name: "Room_edc_Aile_Est_137"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 11
name: "Room_edc_Aile_Est_126"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 12
name: "Room_edc_Aile_Est_138"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 14
name: "Room_edc_Aile_Est_237"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 15
name: "Room_edc_Aile_Est_226"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 16
name: "Room_edc_Aile_Est_238"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 17
name: "Room_edc_Aile_Est_227"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 18
name: "Room_edc_Aile_Est_239"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 19
name: "Room_edc_Aile_Est_228"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 20
name: "Room_edc_Aile_Est_333"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 21
name: "Room_edc_Aile_Est_229"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 22
name: "Room_edc_Aile_Est_332"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 24
name: "Room_edc_Aile_Est_331"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 25
name: "Room_edc_Aile_Est_231"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 26
name: "Room_edc_Aile_Est_330"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 27
name: "Room_edc_Aile_Est_232"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 28
name: "Room_edc_Aile_Est_329"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 29
name: "Room_edc_Aile_Est_233"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 30
name: "Room_edc_Aile_Est_328"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 31
name: "Room_edc_Aile_Est_234"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 32
name: "Room_edc_Aile_Est_327"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 33
name: "Room_edc_Aile_Est_235"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 34
name: "Room_edc_Aile_Est_326"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 35
name: "Room_edc_Aile_Est_236"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 36
name: "Room_edc_Aile_Est_325"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 37
name: "Room_edc_Aile_Est_127"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 38
name: "Room_edc_Aile_Est_139"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 39
name: "Room_edc_Aile_Est_128"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 40
name: "Room_edc_Aile_Est_220"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 41
name: "Room_edc_Aile_Est_129"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 42
name: "Room_edc_Aile_Est_221"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 43
name: "Room_edc_Aile_Est_130"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 44
name: "Room_edc_Aile_Est_222"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 45
name: "Room_edc_Aile_Est_131"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 46
name: "Room_edc_Aile_Est_223"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 47
name: "Room_edc_Aile_Est_132"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 48
name: "Room_edc_Aile_Est_224"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
...

224
host_vars/sw-ec-4.yml
View file

@ -1,224 +0,0 @@
---
switch_vars:
name: sw-ec-4
location: Local de Brassage EdC
host: 10.130.4.14
port: 80
username: "{{ vault_switch.username }}"
password: "{{ vault_switch.password }}"
delete_vlans: []
vlans:
- id: 40
name: "Filaire_edc"
tagged: [49]
- id: 41
name: "Wifi_edc"
tagged: [49]
- id: 42
name: "Banni_edc"
tagged: [49]
- id: 43
name: "Accueil_edc"
tagged: [49]
- id: 110
name: "Adherents_ip_publiques"
tagged: [49]
- id: 111
name: "Serveurs_ip_publiques"
tagged: [49]
- id: 131
name: "Onduleurs"
tagged: [49]
- id: 144
name: "Bornes_wifi_edc"
tagged: [49]
ports:
- id: 1
name: "Room_edc_Aile_Est_324"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 2
name: "Room_edc_Aile_Ouest_57"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 3
name: "Room_edc_Aile_Est_323"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 4
name: "Not_used"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 5
name: "Room_edc_Aile_Est_322"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 6
name: "Room_edc_Aile_Ouest_59"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 7
name: "Room_edc_Aile_Est_321"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 8
name: "Room_edc_Aile_Ouest_60"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 9
name: "Room_edc_Aile_Est_320"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 10
name: "Room_edc_Aile_Ouest_61"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 11
name: "Room_edc_Aile_Ouest_50"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 12
name: "Room_edc_Aile_Ouest_62"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 13
name: "Room_edc_Aile_Ouest_69"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 14
name: "Room_edc_Aile_Ouest_153"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 15
name: "Room_edc_Aile_Ouest_70"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 16
name: "Room_edc_Aile_Ouest_154"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 17
name: "Room_edc_Aile_Ouest_71"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 18
name: "Room_edc_Aile_Ouest_155"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 19
name: "Room_edc_Aile_Ouest_72"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 20
name: "Room_edc_Aile_Ouest_156"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 21
name: "Room_edc_Aile_Ouest_73"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 22
name: "Room_edc_Aile_Ouest_157"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 23
name: "Room_edc_Aile_Ouest_74"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 25
name: "Room_edc_Aile_Ouest_75"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 26
name: "Room_edc_Aile_Ouest_159"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 27
name: "Room_edc_Aile_Ouest_76"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 28
name: "Room_edc_Aile_Ouest_160"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 29
name: "Room_edc_Aile_Ouest_77"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 30
name: "Room_edc_Aile_Ouest_161"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 31
name: "Room_edc_Aile_Ouest_150"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 32
name: "Room_edc_Aile_Ouest_162"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 33
name: "Room_edc_Aile_Ouest_151"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 34
name: "Room_edc_Aile_Ouest_163"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 35
name: "Room_edc_Aile_Ouest_152"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 36
name: "Room_edc_Aile_Ouest_164"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 37
name: "Room_edc_Aile_Ouest_51"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 38
name: "Room_edc_Aile_Ouest_63"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 39
name: "Room_edc_Aile_Ouest_52"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 40
name: "Room_edc_Aile_Ouest_64"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 41
name: "Room_edc_Aile_Ouest_53"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 42
name: "Room_edc_Aile_Ouest_65"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 43
name: "Room_edc_Aile_Ouest_54"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 44
name: "Room_edc_Aile_Ouest_66"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 45
name: "Room_edc_Aile_Ouest_55"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 46
name: "Room_edc_Aile_Ouest_67"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 47
name: "Room_edc_Aile_Ouest_56"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
- id: 48
name: "Room_edc_Aile_Ouest_68"
lldp: "LPAS_TX_AND_RX"
loop_protect: true
...

Some files were not shown because too many files have changed in this diff Show more