Use Afone network as triggers

.ansible-lint

@@ -1,10 +1,7 @@
 skip_list:
-  - no-changed-when
-  - load-failure
-  - document-start
-  - meta-no-info
-  - ignore-errors
+  - '301'
 
-exclude_paths:
-  - group_vars/all/vault.yml
-  - utils/
+warn_list:
+  - '305'  # Use shell only when shell functionality is required
+  - '503'  # Tasks that run when changed should likely be handlers
+  - experimental  # all rules tagged as experimental

.drone.yml

@@ -4,8 +4,16 @@ type: docker
 name: check
 
 steps:
-  - name: ansible and yaml linting
-    image: quay.io/ansible/toolset:3.5.0
+  - name: yamllint
+    image: python:3.9-alpine
     commands:
-      - ansible-lint
+      - pip install yamllint==1.25.0
+      - yamllint -c .yamllint.yml .
+
+  - name: ansible-lint
+    image: python:3.9-alpine
+    commands:
+      - apk add --no-cache gcc libc-dev libffi-dev openssl-dev
+      - pip install ansible-lint==4.3.7
+      - ansible-lint *.yml
 ...

.gitignore

@@ -1,4 +1,3 @@
 *.retry
 tmp
 ldap-password.txt
-__pycache__/

.gitlab-ci.yml

@@ -0,0 +1,19 @@
+---
+image: python:3.9-alpine
+
+stages:
+  - lint
+
+yamllint:
+  stage: lint
+  script:
+    - pip install yamllint==1.25.0
+    - yamllint -c .yamllint.yml .
+
+ansible-lint:
+  stage: lint
+  script:
+    - apk add gcc libc-dev libffi-dev openssl-dev
+    - pip install ansible-lint==4.3.7
+    - ansible-lint *.yml
+...

.yamllint.yml

@@ -6,5 +6,6 @@ rules:
     max: 120
     level: warning
   document-start:
-    ignore: group_vars/all/vault.yml
+    ignore: |
+      /groups_var/all/vault.yml
 ...

README.md

@@ -1,8 +1,7 @@
 # Recettes Ansible d'Aurore
 
-Dépendances requises :
-
-* Ansible 2.9 ou plus récent.
+Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
+Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
 
 ## Ansible 101
 
@@ -13,9 +12,8 @@ Il contient la définition de chaque machine et le regroupement.
 
 Quand on regroupe avec un `:children` en réalité on groupe des groupes.
 
-Chaque machine est annoncée avec son hostname. Il faut pouvoir SSH sur cette
-machine avec ce hostname, car c'est ce qu'Ansible fera (sauf pour les switchs,
-voir plus bas).
+Chaque machine est annoncée avec son hostname. Il faut pouvoir SSH sur cette machine
+avec ce hostname, car c'est ce qu'Ansible fera.
 
 **Playbook** : c'est une politique de déploiement.
 Il contient les associations des rôles avec les machines.
@@ -36,42 +34,31 @@ déployer un serveur prometheus, déployer une node prometheus…
 **Tâche** : un rôle est composé de tâches. Une tâche effectue une et une seule
 action. Elle est associée à un module Ansible.
 
-*Exemples de tâche* : installer un paquet avec le module `apt`, ajouter une
-ligne dans un fichier avec le module `lineinfile`, copier une template avec le
-module `template`…
+*Exemples de tâche* : installer un paquet avec le module `apt`, ajouter une ligne dans
+un fichier avec le module `lineinfile`, copier une template avec le module `template`…
 
-Une tâche peut avoir des paramètres supplémentaires pour la réessayer quand
-elle plante, récupérer son résultat dans une variable, mettre une boucle
-dessus, mettre des conditions…
+Une tâche peut avoir des paramètres supplémentaires pour la réessayer quand elle plante,
+récupérer son résultat dans une varible, mettre une boucle dessus, mettre des conditions…
 
-N'oubliez pas d'aller lire l'excellente documentation de RedHat sur tous les modules
+N'oubliez pas d'aller lire l'excellent documentation de RedHat sur tous les modules
 d'Ansible !
 
 ### Gestion des groupes de machines
 
 Pour la liste complète, je vous invite à lire le fichier `hosts`.
 
-Exemple :
+  * pour tester les versions de Debian,
 
-```yaml
-[fleming_vm]
-dhcp-fleming.adm.auro.re
-dns-fleming.adm.auro.re
-prometheus-fleming.adm.auro.re
-routeur-fleming.adm.auro.re
+    ```YAML
+    ansible_lsb.codename == 'stretch'
+    ```
 
-[fleming_pve]
-pve1.adm.auro.re
+  * pour tester si c'est un CPU Intel x86_64,
 
-[fleming:children]
-fleming_pve
-fleming_vm
-```
-
-> NB :
->
-> L'exemple a été adapté de la configuration d'Aurore pour des raisons
-> pédagogiques.
+    ```YAML
+    ansible_processor[0].find('Intel') != -1
+    and ansible_architecture == 'x86_64'
+    ```
 
 Pour les fonctions (`proxy-server`, `dhcp-dynamique`…) il a été choisi
 de ne pas faire de groupe particulier mais plutôt de sélectionner/enlever
@@ -84,46 +71,27 @@ qui peuvent ensuite être utilisés dans des variables.
 Pour lister tous les faits qu'Ansible collecte nativement d'un serveur
 on peut exécuter le module `setup` manuellement.
 
-```bash
+```
 ansible proxy.adm.auro.re -m setup --ask-vault-pass
 ```
 
-Il est notamment possible de :
-
-* tester les versions de Debian,
-
-  ```YAML
-  ansible_lsb.codename == 'stretch'
-  ```
-
-* tester si c'est un CPU Intel x86_64,
-
-  ```YAML
-  ansible_processor[0].find('Intel') != -1
-  and ansible_architecture == 'x86_64'
-  ```
-
 ## Exécution d'Ansible
 
 ### Configurer la connexion au vlan adm
 
 Envoyer son agent SSH peut être dangereux
-([source](https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).
+([source](https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).
 
 On va utiliser plutôt `ProxyJump`.
 Dans la configuration SSH :
 
-```text
-Host *.adm.auro.re *.pve.auro.re
-    # Accept new host keys
-    StrictHostKeyChecking accept-new
-
-    # Use passerelle to connect to administration VLANs
+```
+# Use a proxy jump server to log on all Aurore inventory
+Host 10.128.0.* *.adm.auro.re
     ProxyJump passerelle.auro.re
 ```
 
-Il faut sa clé SSH configurée sur le serveur que l'on déploie.
-
+Il faut sa clé SSH configurée sur le serveur que l'on déploit.
 ```bash
 ssh-copy-id proxy.adm.auro.re
 ```
@@ -133,7 +101,6 @@ ssh-copy-id proxy.adm.auro.re
 Il faut `python3-netaddr` sur sa machine.
 
 Pour tester le playbook `base.yml` :
-
 ```bash
 ansible-playbook --ask-vault-pass base.yml --check
 ```
@@ -143,7 +110,7 @@ Vous pouvez ensuite enlever `--check` si vous voulez appliquer les changements !
 Si vous avez des soucis de fingerprint ECDSA, vous pouvez ignorer une
 première fois (dangereux !) : `ANSIBLE_HOST_KEY_CHECKING=0 ansible-playbook...`.
 
-### Ajouter toutes les empreintes de serveur
+### Ajouter tous les empruntes de serveur
 
 ```bash
 #!/bin/bash
@@ -152,10 +119,6 @@ for ip in `cat hosts|grep .adm.auro.re`; do
 done
 ```
 
-> Remarque :
->
-> L'utilisation d'un certificat permet d'éviter d'avoir à ajouter sa clé ssh
-> sur les serveurs.
 
 ### Passage à Ansible 2.10 (release: 30 juillet)
 
@@ -167,141 +130,11 @@ ansible-galaxy collection install community.general
 ansible-galaxy collection install ansible.posix
 ```
 
-Si vous n'arrivez pas à entrer votre *become password* (bug dans ansible?), un
+
+Si vous n'arrivez pas à entrer votre _become password_ (bug dans ansible?), un
 workaround est le suivant :
 
 `$  export ANSIBLE_BECOME_PASS='<votre mot de passe LDAP>'`
 
 Notez l'espace au début pour ne pas log la commande dans votre historique
 shell.
-
-## Configuration des switchs depuis Ansible
-
-Afin d'acquérir de l'indépendance vis-à-vis de re2o, un module permettant de
-configurer les switchs depuis Ansible a été créé. Il utilise l'api rest des
-switchs afin de récupérer et appliquer la configuration voulue.
-
-### Prérequis
-
-Pour utiliser le module, il faut d'abord annoncer à Ansible qu'il ne faut pas
-effectuer de connexion ssh et de ne pas récupérer les faits. Cela se fait à
-l'aide des variables `connection: httpapi` et `gather_facts: false` à placer
-dans le playbook (pour une configuration locale) ou dans ansible.cfg (pour une
-configuration globale). Ensuite, l'infrastructure actuelle de Aurore nécessite
-l'utilisation d'un proxy. Pour cela, il suffit d'exécuter la commande :
-
-```bash
-ssh -D 3000 switchs-manager.adm.auro.re
-```
-
-et d'annoncer l'utilisation du proxy dans la configuration en exportant la
-variable d'environnement `HTTP_PROXY=socks5://localhost:3000` et en
-configurant la variable du module `use_proxy: true`.
-
-Exemple :
-
-```yaml
-environment:
-  HTTP_PROXY: "socks5://localhost:3000"
-tasks:
-  - name: vlans
-    switch_config:
-      username: ****
-      password: ****
-      port: 80
-      host: 192.168.1.42
-      use_proxy: true
-      config:
-        path: vlans/42
-        data:
-          name: VLAN42
-          vlan_id: 42
-          status: VS_PORT_BASED
-          type: VT_STATIC
-```
-
-Le module est alors utilisable, il ne reste plus qu'à le configurer.
-
-### Écrire la configuration
-
-Le module se veut assez libre. Ainsi, l'ensemble de la requête doit être écrite
-dans les `tasks`. Voici un exemple pour configurer un vlan :
-
-```yaml
-tasks:
-  - name: vlans
-    switch_config:
-      username: ****
-      password: ****
-      port: 80
-      host: 192.168.1.42
-      config:
-        path: vlans/42
-        data:
-          name: VLAN42
-          vlan_id: 42
-          status: VS_PORT_BASED
-          type: VT_STATIC
-```
-
-Le `path` correspond à l'url de l'objet que l'on souhaite éditer et `data`
-correspond aux données qui seront envoyées dans une requête `PUT` (au format
-`json`). Cependant, la configuration d'un vlan peut nécessiter de le créer.
-Pour remédier à ce problème, il est possible d'utiliser la syntaxe suivante :
-
-```yaml
-
-tasks:
-  - name: vlans
-    switch_config:
-      username: ****
-      password: ****
-      port: 80
-      host: 192.168.1.42
-      config:
-        path: vlans
-        create_method: POST
-        subpath:
-          - path: 42
-            data:
-              name: VLAN42
-              vlan_id: 42
-              status: VS_PORT_BASED
-              type: VT_STATIC
-```
-
-Le variable `create_method` correspond au type de la requête pour effectuer une
-action de création de l'objet. Il s'agit généralement de `POST`. Dans le cas
-où la variable n'est pas définit, la création sera désactivée et ainsi, si
-l'url indiquée dans les `subpath` n'existe pas, alors la configuration échouera.
-Par conséquent, si le vlan 42 a besoin d'être créé, une requête `POST` sera
-effectué sur l'url `vlans` avec les données dans `data`.
-
-Il est également possible d'éxecuter une action de suppression d'un vlan à l'aide
-de la variable `delete` :
-
-```yaml
-  tasks:
-    - name: vlans
-      switch_config:
-        username: ****
-        password: ****
-        port: 80
-        host: 192.168.1.42
-        config:
-          path: vlans/42
-          delete: true
-```
-
-Si la variable `delete` est activée, alors une requête `DELETE` sera envoyée
-sur l'url indiquée. Pour vérifier si la suppression est déjà effective avant
-l'éxecution, le module vérifiera si un `GET` sur l'url retourne une 404.
-
-> Remarque :
->
-> Si les variables `delete` et `data` sont définies (dont `delete` à `true`),
-> alors il en résultera une action de suppression malgré tout.
-
-Puisque `subpath` est une liste, il est possible de configurer plusieurs requête
-en même temps. Cela à l'avantage d'effectuer toutes les modifications à la suite
-(sans avoir à se connecter plusieurs sur l'api).

all.yml

@@ -1,18 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- import_playbook: playbooks/base.yml
-- import_playbook: playbooks/root.yml
-- import_playbook: playbooks/ssh.yml
-- import_playbook: playbooks/chronyd.yml
-- import_playbook: playbooks/kresd.yml
-- import_playbook: playbooks/knotd.yml
-- import_playbook: playbooks/resolvconf.yml
-- import_playbook: playbooks/ifupdown2.yml
-- import_playbook: playbooks/systemd_link.yml
-- import_playbook: playbooks/keepalived.yml
-- import_playbook: playbooks/ip_forward.yml
-- import_playbook: playbooks/dhcpd.yml
-- import_playbook: playbooks/bird.yml
-- import_playbook: playbooks/pve.yml
-- import_playbook: playbooks/prometheus.yml
-...

ansible.cfg

@@ -1,22 +1,38 @@
-[defaults]
-jinja2_native = true
+# Ansible configuration
 
-ask_vault_pass = True
-roles_path = ./roles
+[defaults]
+
+# Do not create .retry files
 retry_files_enabled = False
+
+# Use inventory
 inventory = ./hosts
-stdout_callback = debug
-library = ./library
-filter_plugins = ./filter_plugins
-ansible_managed = Ansible managed
+
+# Custom header in templates
+ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
+
+# Do not use cows (with cowsay)
 nocows = 1
+
+# Do more parallelism
 forks = 15
+
+# Some SSH connection will take time
 timeout = 60
-remote_user = root
+
+[privilege_escalation]
+
+# Use sudo to get priviledge access
+become = True
+
+# Ask for password
+become_ask_pass = True
 
 [diff]
+
+# TO know what changed
 always = yes
 
+
 [ssh_connection]
 pipelining = True
-retries = 3

base.yml

@@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+# Put a common configuration on all servers
+- hosts: all,!unifi
+  roles:
+    - baseconfig
+    - basesecurity
+
+# Plug LDAP on all servers
+- hosts: all,!unifi
+  roles:
+    - ldap_client
+
+# Install logrotate
+- hosts: all,!unifi,!pve
+  roles:
+    - logrotate

copy-keys.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+# Grab valid unique hostnames from the Ansible inventory.
+HOSTS=$(grep -ve '^[#\[]' hosts \
+| grep -F adm.auro.re \
+| sort -u)
+
+# Ask password
+read -s -p "Hello adventurer, what is your LDAP password? " passwd
+echo
+
+for host in $HOSTS; do
+  echo "[+] Handling host $host"
+
+  # sshpass can be used for non-interactive password authentication.
+  # place your password in ldap-password.txt.
+  SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
+done
+

filter_plugins/enquote.py

@@ -1,16 +0,0 @@
-class FilterModule:
-    def filters(self):
-        return {
-            "enquote": enquote,
-        }
-
-
-def enquote(string, delimiter='"', escape="\\"):
-    translation = str.maketrans(
-        {
-            delimiter: f"{escape}{delimiter}",
-            escape: f"{escape}{escape}",
-        }
-    )
-    escaped = string.translate(translation)
-    return f"{delimiter}{escaped}{delimiter}"

filter_plugins/format_rev.py

@@ -1,9 +0,0 @@
-class FilterModule:
-    def filters(self):
-        return {
-            "format_rev": format_rev,
-        }
-
-
-def format_rev(text, fmt, *args, **kwargs):
-    return fmt.format(text, *args, **kwargs)

filter_plugins/net_utils.py

@@ -1,68 +0,0 @@
-import ipaddress
-from operator import attrgetter
-
-import dns.name
-
-
-class FilterModule:
-    def filters(self):
-        return {
-            "add_origin": add_origin,
-            "add_origin_keys": add_origin_keys,
-            "ip_filter": ip_filter,
-            "remove_domain_suffix": remove_domain_suffix,
-            "ipaddr_sort": ipaddr_sort,
-        }
-
-
-def first_addr(addresses, ipv4 = True):
-    version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
-    for addr in addresses:
-        parsed = ipaddress.ip_address(xx)
-        if isinstance(parsed, version):
-            return parsed
-    raise ValueError("missing address")
-
-
-def ip_filter(addresses, networks):
-    if isinstance(addresses, dict):
-        return {k: ip_filter(v, networks) for k, v in addresses.items()}
-    ip_networks = [ipaddress.ip_network(n) for n in networks]
-    ip_addresses = [ipaddress.ip_address(a) for a in addresses]
-    return [str(a) for a in ip_addresses if any(a in n for n in ip_networks)]
-
-
-def add_origin(name, origin="."):
-    return dns.name.from_text(name, dns.name.from_text(origin)).to_text()
-
-
-def add_origin_keys(dct, origin="."):
-    return {add_origin(k, origin): v for k, v in dct.items()}
-
-
-def remove_domain_suffix(name):
-    parent = dns.name.from_text(name).parent()
-    return parent.to_text()
-
-
-def ipaddr_sort(addrs, types, unknown_after=True):
-    check_types = {
-        "global": attrgetter("is_global"),
-        "link-local": attrgetter("is_link_local"),
-        "loopback": attrgetter("is_loopback"),
-        "multicast": attrgetter("is_multicast"),
-        "private": attrgetter("is_private"),
-        "reserved": attrgetter("is_reserved"),
-        "site_local": attrgetter("is_site_local"),
-        "unspecified": attrgetter("is_unspecified"),
-    }
-
-    def addr_weight(addr):
-        if isinstance(addr, str):
-            addr = ipaddress.ip_address(addr.split("/")[0])
-        for index, ty in enumerate(types):
-            if check_types[ty](ipaddress.ip_address(addr)):
-                return index
-        return len(types) if unknown_after else -1
-
-    return sorted(addrs, key=addr_weight)

filter_plugins/suffix.py

@@ -1,9 +0,0 @@
-class FilterModule:
-    def filters(self):
-        return {
-            "suffix": suffix,
-        }
-
-
-def suffix(value, suffix):
-    return value + suffix

filter_plugins/switch_range.py

@@ -1,38 +0,0 @@
-#!/usr/bin/python
-class FilterModule(object):
-    def filters(self):
-        return {
-            'range2list': self.range2list,
-        }
-
-    def range2list(self, port_range):
-        """
-            Convert a range into list
-
-            Exemple:
-            ```
-            >>> FilterModule.range2list("1-10,42")
-            [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 42]
-            ````
-        """
-        port_range = port_range.replace(" ", "").split(",")
-        ports = []
-        for r in port_range:
-            if "-" in r:
-                try:
-                    a, b = r.split("-")
-                except:
-                    raise Exception("A range must contain 2 values")
-                try:
-                    a = int(a)
-                    b = int(b)
-                except:
-                    raise TypeError("A range must contain integer")
-                for n in range(a, b+1):
-                    ports.append(n)
-            else:
-                try:
-                    ports.append(int(r))
-                except:
-                    raise TypeError("Value must be integer")
-        return list(set(ports))

flake.lock

@@ -1,61 +0,0 @@
-{
-  "nodes": {
-    "flake-parts": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
-      },
-      "locked": {
-        "lastModified": 1756770412,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1757020766,
-        "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1754788789,
-        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

flake.nix

@@ -1,27 +0,0 @@
-{
-  description = "Ansible Aurore";
-
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
-    flake-parts.url = "github:hercules-ci/flake-parts";
-  };
-
-  outputs =
-    inputs@{
-      self,
-      nixpkgs,
-      flake-parts,
-      ...
-    }:
-    flake-parts.lib.mkFlake { inherit inputs; } {
-      systems = [ "x86_64-linux" ];
-
-      perSystem =
-        { config, pkgs, ... }:
-        {
-          devShells = {
-            default = pkgs.callPackage ./shell.nix {};
-          };
-        };
-    };
-}

group_vars/all/bird.yml

@@ -1,4 +0,0 @@
----
-bird__as:
-  aurore: 43619
-...

group_vars/all/chronyd.yml

@@ -1,5 +0,0 @@
----
-chronyd__pools:
-  - ntp-1.int.infra.auro.re
-  - ntp-2.int.infra.auro.re
-...

group_vars/all/ifupdown2.yml

@@ -1,24 +0,0 @@
----
-ifupdown2__wireguard_proto: wireguard
-ifupdown2__gateways:
-  adm:
-    - 2a09:6840:128::254
-    - 10.128.0.254
-  int:
-    - 2a09:6840:206::1
-    - 10.206.0.1
-  ext:
-    - 2a09:6840:211::1
-    - 10.211.0.1
-  monit:
-    - 2a09:6840:204::1
-    - 10.204.0.1
-  isp:
-    - 2a09:6840:210::1
-    - 10.210.0.1
-  pub:
-    - 2a09:6840:215::1
-    - 45.66.111.204
-  ovh:
-    - 92.222.211.254
-...

group_vars/all/openssh.yml

@@ -1,10 +0,0 @@
----
-openssh__users_ca_public_key:
-  "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
-  hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
-  F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
-
-openssh__authorized_principals:
-  - any
-  - "{{ inventory_hostname }}"
-...

group_vars/all/prometheus.yml

@@ -1,3 +0,0 @@
----
-prometheus_node__text_dir: /var/run/prometheus-node-exporter
-...

group_vars/all/resolvconf.yml

@@ -1,13 +0,0 @@
----
-resolvconf__nameservers:
-  - 2a09:6840:206::1:1
-  - 2a09:6840:206::1:2
-  - 10.206.1.1
-  - 10.206.1.2
-
-resolvconf__domain: auro.re.
-
-resolvconf__search:
-  - "{{ inventory_hostname | remove_domain_suffix }}"
-  - auro.re.
-...

group_vars/all/root.yml

@@ -1,5 +0,0 @@
----
-root__shell: /bin/bash
-
-root__password: "{{ vault_root_password }}"
-...

group_vars/all/vars.yml

@@ -17,7 +17,9 @@ ldap_admin_password: "{{ vault_ldap_admin_password }}"
 ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
 
 # Databases
-postgresql_services_url: 'bdd-ovh.adm.auro.re'
+postgresql_services_url: 'services-bdd.adm.auro.re'
+postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
+postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
 
 # Scripts will tell users to go there to manage their account
 intranet_url: 'https://re2o.auro.re/'
@@ -88,23 +90,85 @@ ipv6_base_prefix: "2a09:6840"
 
 is_aurore_host: "{{ 'aurore_vm' in group_names }}"
 
-# Borgbackup
-borg_keep_daily: 7
-borg_keep_weekly: 4
-borg_keep_monthly: 12
-borg_backup_directories:
-  - /etc
-  - /var
-borg_backup_exclude:
-  - /var/log
-  - /var/lib/docker
-  - /var/lib/lxcfs
-borg_encryption_passphrase: "{{ vault_borg_encryption_passphrase }}"
+nftables_interco_v4:
+  - 10.129.0.0/16
+  - 192.168.0.0/31
+  - 192.168.0.2/31
 
-borg_server_host: 10.128.0.4
+nftables_interco_v6:
+  - 2a09:6840:129::0/48
 
-rsyslog_outputs:
-  - proto: relp
-    address: 10.128.0.241
-    port: 20514
+nftables_adm_v4:
+  - 10.133.0.0/16
+
+nftables_adm_v6:
+  - 2a09:6840:133::0/48
+
+nftables_bastions_v4:
+  - 10.133.0.250
+
+nftables_bastions_v6:
+  - 2a09:6840:133::250
+
+nftables_svc_v4:
+  - 10.128.0.0/16
+  - 10.132.0.0/16
+
+nftables_svc_v6:
+  - 2a09:6840:128::0/48
+  - 2a09:6840:132::0/48
+
+nftables_members_v4:
+  - 10.10.0.0/16
+  - 10.11.0.0/16
+  - 10.20.0.0/16
+  - 10.21.0.0/16
+  - 10.30.0.0/16
+  - 10.31.0.0/16
+  - 10.40.0.0/16
+  - 10.41.0.0/16
+  - 10.50.0.0/16
+  - 10.51.0.0/16
+
+nftables_members_v6:
+  - 2a09:6840:10::0/48
+  - 2a09:6840:11::0/48
+  - 2a09:6840:12::0/48
+  - 2a09:6840:20::0/48
+  - 2a09:6840:21::0/48
+  - 2a09:6840:22::0/48
+  - 2a09:6840:30::0/48
+  - 2a09:6840:31::0/48
+  - 2a09:6840:32::0/48
+  - 2a09:6840:40::0/48
+  - 2a09:6840:41::0/48
+  - 2a09:6840:42::0/48
+  - 2a09:6840:50::0/48
+  - 2a09:6840:51::0/48
+  - 2a09:6840:52::0/48
+
+nftables_signup_v4:
+  - 10.13.0.0/16
+  - 10.23.0.0/16
+  - 10.33.0.0/16
+  - 10.43.0.0/16
+  - 10.53.0.0/16
+
+nftables_signup_v6:
+  - 2a09:6840:13::0/48
+  - 2a09:6840:23::0/48
+  - 2a09:6840:33::0/48
+  - 2a09:6840:43::0/48
+  - 2a09:6840:53::0/48
+
+# Afone network
+nftables_signup_triggers_v4:
+  - 217.112.64.0/20
+  - 46.255.48.0/21
+  - 77.74.240.0/21
+  - 93.191.184.0/21
+
+# Afone network
+nftables_signup_triggers_v6:
+  - 2a02:20f8::/32
 ...

group_vars/all/vault.yml

@@ -1,297 +1,199 @@
 $ANSIBLE_VAULT;1.1;AES256
-35353866373931343963333639323431636465303562306166333735383462353032323461613232
-3666653438393936356535633661363838613233323932370a656439316234356339613532663237
-39373439366432363533303961396466623366323339383735316531653538633264393264353337
-3937323861616530640a666361323164353338306336616564663466616630393839613833373933
-65613161323164613334656631333336343262363835323962343662333133366561306139636261
-61656532666563333063356231636565626631633436623531313938663930396362343031356534
-34303565623832366664303561643137626433333164623730623639656439346639616164623865
-31613462316439613937313138313830323334373337366630323331393537633437303063353363
-66383930353930616137303436383864363439326139643361356231373939306439633332666232
-38363061636139346430373263613932336361356262656138663233386464373839366630303765
-35343064336533373238396430393536366438653534366565373733313962616364313061626133
-37666538313038643865346461626537353930366264643162376530353536623863656236303433
-31336561336131383635393238366464653934613130363831306335643935373033303162353534
-38353832653664633061646331653634393963333038306635313464636136616366313962333431
-39363934643266646131653236303138636163326663373765373761663062656463643162373038
-34656163633964626235366539663132396666623363303632363236303831613532393931373761
-65613435353162346233323533383537316231363437653239343233636533333966613066343932
-30626636306531333736613965396432373130356238313136336434356133353435643065626261
-32633732613361376261363831363866333332393132643439626639383438663438366330386534
-31303532323461303862346364386532663839323163653366356136666131363839663635343166
-38353962326430383561333630623030623536353838633231393763393238316530363939343536
-66323562336334376234613436373237303562363831323038366232393161356262653864663037
-34363436356332633363363963613635346337613438326436333836386534353738646166643333
-65356637366431326132363432663662346638383439383766646531363662356266313961356239
-31323236393538363662643662643535623633663738343266636163363835383030646661363966
-36366466386666613364313166353366333131343061353135306135656663323461303338346666
-32626231613738316233636361633337343635656334336536663865633465326639373966303137
-39383731303862353637386438306136303765333136653465663963663930383037343130316466
-33343932383033643530323136316632386230366338373362366462666233336530393561353933
-36356330386361303562666339306265663539616434336264373832636139313365633065343763
-31323633346536366635646562356266373964616338366165376331306561663938396661396164
-31363438326439343964666439356339326661666136303461343436303533363630353735633038
-38383365363739333034373031326530353962646661343039616230396132323833626162643964
-65363165333233643738373638353537343162366265316661353563353862623134663362633261
-32343364333236363738333130316538666536306664363661616536336264363438396464666533
-37616533363936356335663562366563303564623530303762363034343435326666356162316535
-61363133326263653937373037643930343565336166643939663466316232313535333965303737
-35313566353963616632313763366561633039626239353236323438383261663066323334333632
-62393265396235636461653862383830613634393431396131323439613362366463633239383761
-39343361663463633332666666346339363334366330393936373433353034653765323130383335
-63336338653333356438323264356162316638336338343033326639303237656663633233383735
-34646535633831636238316564373035353635383738356133326664626566623766366535333439
-30326437613539373163323464323635316632633930353931303466376661396135623031623133
-33653735336230666665616638353561623235343439666135386165313436306666643837616166
-37613964663837373137383736393063333037366433643632333963623038623636653639343936
-32383532613430623563623565633665663030616530643735653563303035616530313463643431
-31663361383835613631336638343338373639613532313561313231353765316237653431663462
-65366162326630656566663731316262336536303032386336666263326265316564336339316430
-31643066633438663562343730393534663338613165633635356333323635653161346136336261
-30313332383065633335396131656136613932346331343632386235643764363235376531376437
-61303130316537633830366662366237303934306561333134366463646464386530623631346264
-30356536613932613264643835356637356364653038383130366237656232333031313163643332
-34393865323162613936613264313864613734373032386266653432616535636464363463633564
-37343661623935353365333831623631386439343237383933313337393065653934303065313634
-61396163323937643837643636343337343231616265643765313932346462373735323737326663
-66316135646663376537613663373432393865623038363239356265303362326161366462356138
-65336536626634366363623865656234363335343662333134613835393635623434393036316638
-35366431653463626665663861303333363038666131643861646465663761623364333162343761
-64396131643136323634643461656339616361323030626166303930623838343438393465653364
-66633037616633316534386639306438363863363530376131363332353536656533393161313931
-34386636643737353738323265363435636239353261373466383430346461383932323634346466
-33666436343130643032626562613165396334323937353663376162643266646539353932313137
-62336162646535346631623332376334336538326530356233646239306337633365373562653166
-32383639353431666137396631663237313436393434626531316365666335306466363639626663
-63643861656537306133343138633535323737346538643063363330383366313362653933383365
-34313230663163303730326361303337373136346161353132626362623461343661663964333765
-37353165333762346539333730333731366532623531343962333037336464666530396437353666
-62313035323234643236343534663434356264643830636433323831313364663762646130306362
-32316530643230313230376662383439343639343336633431623135626134353134383030396264
-38623933356332336231343434663563653332633237653966663964646232623637313231366638
-30363966373362363432376562656436356338356561303133643432303736376234643632663137
-34336630356362303132343737376637303939623133363663306133383465613263356632383030
-61346138316538353638343833366261366534353963326162303866393430333964653333346539
-64386161663435646331613834363336373738396338653263323937623163663236366636343239
-36383135343763636139393331663139323431376562353165353662396165653235633464363035
-31393233636561366639373566623738636537363235666234633534376238323163363238393237
-64316132666530336135353434623866363739643830646463656536336136646334393064303630
-65343964613265333934306432313739633134663131666433386630303132663866343532363835
-38353237343630653561636365656561313636623065363836333663363934643162656534623864
-62373763353961646235613465646630306562386531396364386164633065643763396437316466
-32376564616562656136346563383266303963666136663863626137653462373430363363336364
-35333133303463363663356365626365613036633835323334653264626637353634373665643036
-65663736323235353964326466376163313630323265333631323866663137313665626238396130
-64653832626639626633376231326534303530373937396235366239626639356234363238633336
-34343064393334613732356332633361613633643039366537623465303739663635626365656631
-64343936613536636438313232376564376539623261623539346564303036303131366561643564
-61623630393032666636366338336266656264353631393061383162323766616530323734326134
-31623962373435323730323830373239363738663164653338623836386636626337623739366566
-61663835623038626266653062666264663639363763623139393862633061356164323530666665
-31623538333264633735643839376433653934383663333130336133653235313631336163343134
-33653533613430323834653730326661323462316338636338393063653866316335626633323137
-32653262353964653131343430383661643231383135643332616462343231323266333430373061
-62623136393239356166393964323830623239613434636361633365353862646130373865643136
-66346336363866393762353633353638663433363332356131626639326166393234313765346138
-64613431333139376139343234666664313236633031393938663431376336643133323964303938
-64616536613462306363613639613132383361393535333362363630393230636532316634373231
-63313839323263663237373937323361373533616465643830396666376661616631646561663130
-66376266363338666133313263653733646365653034653538333332623861323833633033393234
-39633834343231663166376333633635366261616561643363393137383736303436383339633734
-30623939343939373038656461333464353033313632643138393334373565383331326430653263
-66343630396135633636366337353061363730333364376664623234333434356661323935626633
-63336465343661393636333663306361386432373235313337353361333735373436633832633439
-30653766373230383364396638366237643932633364663639643661393438653339393031616338
-62396632353063376566333261356662356265373733323631363263396337383631383733393034
-65616434356530306661636633363333353138303631626565636637313738353338343334633533
-39313232356166623939383864346665626333363132663033326430366565336339306465343337
-34613736356534653534363034366431653861613534663261633739366361373134323566376335
-31313263313262353162353039623634653534346363323131633362323035633337366536366561
-64323432353236383839643662383138373938373834323262386364376162663839366232313433
-38643662613065663863636664636162333830353131636238383439323439316363383935623731
-62393964636137653935313338343465396633333461643032383730313139396462393936383630
-63353166633735623364653264643934666438383739663461373332623631323932333162303630
-39353637353437636537613935306539633163613334303833393832616338323061633532303361
-63656635333331376561363962386135303963303030396564356534333037623635613963313666
-65303664316164613835343930623338326235363933623533343961666664323836316231613465
-65373931666331326634316463663134613031363636363434643839386239333164333538393831
-65653935623431373238326231343439666635623730393639636131386162373466316164356263
-37316539656230316336303265646339303139306262396536633533366261346238393335393765
-39376630306639353862323834343830646330643737653631633361326134613666613430323433
-64363965653063316432353431386533386661386239636332323139393933653063643865646338
-34626433393731343535313766303237313866613166663333616535323661666362613439376166
-62626430363661303630346265383863613162356535306165633537383038613131346561306330
-61623435626363623762313832313031363665623933656238623131303362326137313266316630
-32366664633963626463613562643666383637383831343234666435373564306635343730373665
-36643436633066373962303965373663376266323133343233323563393065633162383237323162
-38656336306432623330616234373936306163646330313734653864386464646535666331616335
-32623163356337326665333731656438393633326638363635353733663861323934333536393338
-33656231373166313761643030363437373638366461653038363565623633623035393564643161
-38663064356239393034323761386435396437386534633734353938653239323533333531363965
-36316636353864626461303936313632663261353437396238363930626239336139323561373133
-61366330386135363039303166326231656331653632343261306531653731313465396131643330
-35616432613631636264333263363239616435303436653936386165343335356337343032386239
-37373230623366653834663031343738643063616661363138316262643635343439333838363632
-34353236393730363262303439313132663735336463323432303036366361666338363237313664
-39366434303839356163616136336237643061373633343737333036653362643635643536386436
-30336636333464626464326332343333656535666431353338336438346335346433313934346231
-32326231636262346232636366393361623830316238303537666164626339383061633765333039
-30633539666535366539383061396461313437383537656239393131326538636536356536643735
-66653336343364346635383761613731666263366465643336636661323263386364653035333062
-33616364393664613363383937653530356138316363633335386232336531373835303732383962
-65643264656134393663653333346531316365323730383363373564323133333032373330643232
-63373239366435643738353130353333646136303530643065383066313035366239326664363830
-36626366646264643130326261363536313835356638636139636434333362366363313133316130
-61383734636433313433303466323265386132363862643131613666306162396437643166393630
-32613464313530316262353938383735336262663939323730626662663235303638303065663939
-33636234383033393237303865633961333462663232363562386637333335373565663261363933
-31356436613138653765663162646566326134313736316130356336663536643466623331653039
-38616465306532666434333534356464666663613263383430336465376133393032623762323237
-63343462373834383566393466366332303235323865343730373062343739363265343164623262
-38346539343533636435626133306662623865653934666665363063356162326461316561383261
-33666362656635323262353066356330616263326134613635336261343438393838326438613435
-64343336393034303330323563346233653135633439386465653065633339643032636662313531
-38356234326632336161666666353030366238626262353831393532306166363432633939383166
-66316136333838653433383439623366333062313833616366656566393965393665613738303833
-38326139366330393863623365383963306361613665643962376664636134353533623836643362
-39626166353138646666633136363662393565336333393638626534636330313632326333353366
-39353133666532306531343137353834353133633165613566323135313362333962303637663965
-63383730663562646563333763356135613537666332393537663062653662623938353434323136
-39663965616437653232623333363762616233316530303833376332396165616635336532653035
-36306331643232336664363733376632323630616139353030343930343166623433616234616539
-34393131303363626166383037336262323662393431356463616665343463363432356132313531
-37653331336165626435343162663662386662613164336439636465363335386233383065393535
-31396466636465336164383563326236356463393831363534656536616664613361346463613837
-35366562623432353166303836353261313233663864626665663837336233653237373031393636
-64343763386361626232633032316466373161666536313363633765653365656538343130326566
-38396534323433343634333139333063633531343631316163346135643037323034633835363963
-32343963653263663438666537653963376133633661393562623131636465386266616166366566
-36343963623262656162303337366365616263376363366161373236323166353834616262393061
-39393239303335623332346236356335393836636533386432653164656334613738393533623764
-36363136353034633934323066323335626138353763333537353761303930623930353062373932
-30656339663333373431633763366433366266316563393332613334633966633339633230303166
-61346264386134623962316532343664386637303738333835343036633038323137323961323837
-33376431316465373165663338623538636136343538666235333334373664323463326336336334
-32303361393134653338646563643636356361366133633634393731343332313437643731366634
-30386466333965356135303732663433316363376438623764653464343564353835626435333230
-30646238393266643137373037326136306337306130343739633933626134643364326534386464
-65303531623335663766623037663630376366333631363165633762616564396538643866313465
-35343265663336303537663962643536653937373839313435383337353036313239653263323061
-63653865656461363334646466396135663338383065646464656631636666643030376363633333
-30333331636438656238326534656165396233633131306562336263653330396366343964313434
-66653862386531306236336339353935653335616638643831393430613533643533626135313835
-64313065373564323132663531626436623465663766663566643964353361303336386464386463
-38373036613536386436373535323664333231663437643962373339653236393339653064363530
-61393835343230356234376630613230326637636534336564383139366663663136306665363363
-66373237373530303062333935633634313766316461666439666433616236346434623535343531
-30383264303536653236363533383561613636303662663935303761353065336631353735376365
-63343162646663623736336638306465666233343031656137393037623035613236373930633131
-36366633656131633563336561323835343766356131343038643761663966656364376430366636
-36316633633736353436666539303039383231333437653666313435616536626434653833376532
-66376130653339643564646139633238643266316633363137313038363061386163613863313733
-66633665613537303834393233376463343965343664343564343832376238383064373262336162
-61313163303632373261383563363964353731363739306337333161333130656235363631343761
-61353265633338336466623830396466646233333039323065333636303035363563373366396334
-37366637306430396262376539653134396536643931643563386666623364346635363138373937
-61613232386666343033383031363439373335396362643130656235653066376537373062333363
-39373737316136303835616639363162363839376635666237353064323433373961326338393263
-34343162336336623530653531663136366136353139343561623532633139366533386263316364
-36306134356666343230643639303766343466353562643130363063343330393232663161306266
-66336435356265396330366566373137323265623431386535396665313335666332616233383664
-63656663363366613431366632306230633265306663336439306263646132626631363663643861
-30373330653637623733653165336132643965623232383839623535326336643239333133313030
-32326634643238333163383562393134623532363561393364616430366532633862396438306433
-33653235303639383333633035656533633165653137326130643961393965346266383861616333
-37306266393231336666343333643530353230383239343931303838623335303262313130616162
-65383962613965646438323065303962663965333231323139303438343631396363666330653330
-61323839333863343034356363366433313039383963303063346237366261363861643839396362
-31346637303032356463303564303562313639643563396261326538353834363737323235646430
-64343230336539663237306235623662333062396238383135616231383837366339376633663938
-65313739333065383335323437396232323564363733333437363133613766653334396431333036
-38333038656339363132346362333863643261376335666536306231316630303437306231646565
-61666334623736373832613366376438323664653531393938353234303030633532653561313665
-63613064663564646235373234326661303562646139323330343330343139633462646131353038
-62663535393738626432633564663564653663393937656634666137646363643365353930373266
-66373162373165653533383862363835346133313234326162393331666566316439633133316633
-66393733373333653630363334353833363565336338613361396335326166643630623133303466
-31663037663766356531663039386232316138393266333035613364316539353837653763616666
-32376431383965633138666536386532663761343537646266643566373132343762383966326233
-38373766353962323362366330383564636236363961333535313064313039343933346439396237
-66616631633539623537633164363665393239643633663338393765336434653930356662656164
-65366533633336313832633166376265376634613635363563643866323730343139306537323863
-61373461363237653634666331366436356335306265643639373034666131626238336632346632
-34613062346532656530626364343938636162383862653538353563363035346339623839663261
-39663438396362383866663336643035653833336466663037313764326434373061626232646333
-63336336383366333538613331303863356430373764363930363061383036343836386561663362
-63663232373563343461306131333263376437623534346562626536376138393939373064333231
-31303464656332383036616661656565313063346231623634356638326239343536316162613335
-34663232326438333966313663336465373833646634353934323361343833373661633265313239
-62656533656338376562323861396665353166623732623139353431336439386263363235316132
-35373933613236616362396363323031633166633837383634313638656430373634383563616463
-38353738636631626639636135363561623935646365316161376166653461356430326362623738
-64386537373230303239356334313663616336393439623431616639643233353662306265373232
-39343066353564316433653361333766363535636533626338386434646531653432313034393134
-62653733313636653331356363396531313136346136303661656466333138363366616530306536
-66373532626230313739306432363433313736316261383837393737356333326236323261613965
-36373064636138373134373530363533613031376362386334393464383062663663313234643432
-64363232376137613231313862386561313131376133376466393630383737306666393738613265
-66646236646632313832633366333335313239363763326464326361326263346636326332376336
-31306230373963636135643235306537623930636164346366623862303838653238373030653035
-35653634393532653566323063323761643738616532376262623163393461346334393034643862
-62653835363236303732386365626464346131363231336431316233643132383566356531346237
-66333933386539396366333565653938396564643464663165323535386262623532666237393630
-65336262636630386633626335636231616332353965356335666362313562643738306263376230
-63323938633237363431386639613830633765353232313236336233363736363566346237616637
-61656234376562323162656432393665393930313736313439316261363264333865356139343233
-63636638646332626365383839373765383864346532383236386266656635653333343032313231
-65626233313634333533653436626134373632363565653230656161613963323334613262646530
-66636331396130613934363939653238343463396639363731393363643830663362373439646337
-63396435376637666563333165623338386337613638366339656561366538366635363037366531
-32306235666231303762356665613738323336306465613531313964626631313731373963353964
-32616632376534316532643531386635386330313866326265393736376538616431323238333562
-36373238656361323336383466363563623333306634373164366134376635373262353533653330
-38643233363737356564653834316435336439663562343366353866336662356138323566363061
-63313336323435343861393164313130346438343862366530363233643266393964316265663535
-65323739306536373331326338326132383265343939663336303534633537393637353639636561
-64656432313636366434313465626562626638613232653230373530363234306537363665646633
-33326163663830353166643662386637323438366334386533303664356631653561323032666265
-61333165363636363634353461613039313362373863663739323231663230643635663466323430
-37393431333733313134326231313234353930663365646637386639643535316362626232323430
-32363631353565323663393235343336663930373439663861613661636433356366633065343935
-61356636323039656230353264646166626633316430653162383638336265653865373536643036
-35653166333765366231636163666638383262613432646334663430323565333538626665343763
-32646663356565646362646261343436383039623635666439643762616463656361386631313637
-61616164383734353634306633636338623837356230626263653161616664613266356432653335
-30646434346436383565343138623264386630333832386134666463313936383364333364383232
-39393066333666653734616463343530643537613437623766313237353033623662336137356534
-35303635623232333230363362353137656235373539316163653863326666383237303235316164
-34623138346261366238303037653764366537333561623135656236663435316565303931353939
-34663932303239393836363663343735313632333639633733323564343039346436343935373430
-66313863643361306161373634373738383462313831643161333230646435313261383534396464
-39663466643864666433366531323866333935373833663661323833623734646265393035613966
-62393165653135643737343333346232356638646437326664396466333063666135653338623266
-34663133636164386164636434666231643163343930353863306538333337643762616661366366
-63646336613433623862356365633563633235396337356535376335636633636563333738383061
-33326136393530353964666639633638643433653736376637386638336561643061323635373565
-65393836613638313165313262376166643561623131363836363531616232663333333063393039
-35643938626132383439393761623165303730396365323665613663643961663466393937333731
-30643662663034616631343336343236613437376362366234343436376563303466633030323465
-64626536333465626430333336353038336539313531303933633466333633336364363961353861
-31636135303332343733313637326461643264636236313331643438613365393733383764653432
-65346533616130396233613863633331613638316462366364346465353234373531393137336165
-36666336333036396262663661343962663763316531393765346536646236613331626139383230
-32623665353463326633646466376232343333666465616633333033663031643262663732323230
-36363439613934643037393562333237636262306330356638666235333361376136623462313736
-33373163336134316563353031616339336234623738373230323335623130376265386130333235
-64616261633232316131633062623163333135323737376462383539663137366539656261396238
-31363232356361376264373863663362346535346136313834623761333037343435326339633735
-33656465376264326334356365346437343062343631663430346561656531653662646530316133
-64396563376263306533306565623163316238326264306330393465333737303062363030343662
-65333633643635643737323231343664613735336230393835346132613331366266336434623937
-65616366633734373434333837326465613862633930626435623165633964313732373936346434
-30643161633238343435623538316134616161313461616538653161383032313038666638376432
-64646564626231656664306235633031356564373432626561386135653136313062383861323130
-34393331316439613363636631666262343334393739303631633936623964343938373334623230
-39343031663565333431333731363966623730666335346164623662373265643732306662393663
-39336137326533643533623865313934336464633634613436616438373531636562313762383666
-37386365333361626362
+61303436333132666364303233623130666161303631316436336533656130366363356436626331
+6362656232663832643837303964636330393239386531650a383635343032633566393536653439
+66326133633561323362643730356461366633306363333265663964393962646534656463333865
+3962653036363361390a303538383036383733643231363936653161306635396365323339643261
+30373263656337613535643137616634633737363264396230336631643366643130623835383233
+65616632666135636261303665323537626230656537326538363332653565353031643739366237
+37336666376133383136353062666435373738353333386130633265333333663463396236393565
+62366332323939353335613535306235316530316339643537363538633432373532323833373162
+35666261363862623433636266303236663439303737313136343632623661623837616136643438
+33336237306136376165653236303261643563393134313636376237313436373830366531643261
+39633364333633343835333763663230373862326431383130353237353662346362343330383264
+63333137626464363638643762383162616437373366316565313131636635636665653937636565
+36356236643364616262343837393631646363373432626534633064393930316330653930656465
+66306335313164306134636664623331393766373337373438306130363137666366383737643634
+65336130616431626331393330313263366132663766663662376461313431373838303562656361
+65626161653164663730353562383833313334343761313533636437373061376634303662646633
+34666666333461353437353564633939393731336664393238376566306234653834323431663666
+62386665306437643735326133366131366132613438366662383530666632353964636634363236
+61333261323731633236353161616130653566333432313631633766343937653532616165626133
+65376635336434336263333362383864313831616362373535306265303330336436363865343234
+63393461303739316536353466666665316135373333336363333661353761376363313963613165
+63666137376333643165346134613164373065646334306537663765346538343439663337373938
+31313334333561626631613332353234303139363033663362616236386536326466303662643861
+36376261636332323264336136633634663330353562373731626133646163323965373161306631
+35653136323133323733656439643732366564633437346334613337356461393563343063626337
+30633030653133616239616332356661373265616139383234613933653462626563623166656632
+62643739313436343162656339656231363534646363646437613839383935336436306230613534
+64353436373134336435643062306163636231636466386662616138376535633536323766333566
+39343135643263356439663030643364613264363766643663353131343538343361383166353232
+61343261613234326565323334626266373362656335323638613661363236386463353232646563
+37383339333338653165663665366165366436386439313032643864333863646634323439613861
+33353032663466623962313033393139336562666331656162313938643439643762626666653662
+35313436646231313131623631326438343166376339656431356235613436316130626631323130
+31336131396237623339663866646531663737366532396138343261653564376562383664343636
+34656236646665346663366231643831346237646338343063376266336363366462333932373162
+37333665326438663539623233356565636133656566323761386139313032386330366166623235
+65653964616262666233396338633233333037356562623236636233313666343266353162366136
+64656330306263636362646163366165333937366230646132636431343034343430643336623638
+34333862303133313336303163343031376535346235343164383535633666373332343365386634
+38363937343061376435313330323566366539323733363266653665623064356532323464633531
+31646539626339643263333166636565666362373564643332376436636238633837376436356335
+39366561366537386130613737643036303034333137373234393133393439656563343463626564
+64353666373834356336336131613438623263663731343462623539623830343538393336643961
+38633962393932363737653564353935666136623063333131663335646263383365616262386337
+61353537636330333166383364386234626264373366633233313733636539633733646363376562
+36356537393832313465626230356332393634393138623063623438356235633761643465383565
+66623262616433383032396465633161663663623761643039343066326464353832353165623736
+64393830643936323131326635366239383239643864313264333430353863663634626366663236
+61653630356465346239363338323131346263373262646331653561663635343739653930373332
+63643930356533643066313132623235623066393231653834363032303632663862346637366638
+64646339373466333630343936306531656438323539303334346665306534303063383963376161
+33313532656133386232663432386631643335666562613635623938636564393065643737373138
+63336264373363663132616136636231323464353134663233363135663061333562333135633630
+66313137353362613534383832393432333531333730386633633631666139646332343261383635
+33623334386131353265396532353330346231666430343632323633373331376330643538646636
+65366164663033303766663965633764633366336434613031386534353735336634343733613537
+33303932336434306564363233646333393863356139656664393330653564633930646233663038
+66363030666331333662343662623262343434613062333732663361346164633135343539313531
+32383237323239663431623937383439323433393032383061623030363963373339643930323435
+38343339343332633139306335633566373831346231643633363461623766313632373832343436
+30653433643133303733613866303063316661346564336436643630663936643430393231643237
+62636131643832613862653464383237643035313039333430656439623231363465333762613061
+66313766633032353239653235633532616235633562333431353037643435343763663565316536
+36333833636237393639386362656365653639396139386462323435613136373137373331383231
+61653139653233373962393835656139313833656433363764366161663964346562343763313666
+32643331363931303665333262333761303262393939316639373132666430626264366265373733
+66316138383033636431366664393238633433653238373266323137643933366539343563623564
+34616233336435656265353235643962663937646234336435653765366462316434666431383266
+30626638383233623833356434333164333365633962303131306364653133313236333861323839
+37313634633838303232343465333737613733653933323930646237333431666232383235613563
+32653866653533616164306435346336396363626633303932363331356362656461313130623331
+37333064356236303265626637393462303366363938633361646231326539363666616135666661
+36626264373532356633393465363730383565306636626565373265316436356434363833363766
+31653462333661313432343634376530333230343535393133323033663132393436303238356166
+35353332613433376337343936303066666639306432343730333665383331373234353562613764
+62313865303161393864656233383832386138366133373736326530646632316162626432636534
+34623232306364333031616637343036323835336532616432393238653665613766356434313161
+37666230303066333662653339353064663766373761656463613363623234653534313132383365
+65376430623734613735663866613837396232633462366563666463333533383932356462386165
+65323134333838323534643237366133326234323039373263663032653035363133653664616266
+33353966623939333962633366383163613630373537326562303638303064333736353831383634
+34646663643034323035356131333537613966396232323363366262366535373632663931306237
+31313461653430343461356164326466383165333833633266333536326537663964613832326435
+62633061666165383966633264376439633333663766323864313564373962373664346238353432
+38663430386665336533303066353130336334336532643866623036373437303064643234353539
+34356664383464303361326336633839313634626365333137626164623261646561646137326537
+63376330373432356661383133343230366338386164386630623266376461663463346136366666
+32663633313462643831396365373464663365663737323432626563643633393064386338376465
+38636538373834373761393331353837356165303562633563636538656135653763646236396162
+62343137323036363532643836326364313137363162633663353532383732363634626632343430
+65393436623337326430323630636263363239396361656663656631386431663230363631613465
+39343733333033383134343139636633333034366532353737663565326334323338326363393236
+31396231623361323866396139623331616438646361393362616630313563393537353031643935
+31356464353035366361656566346632383061376138386662313736376338363331373530336332
+37346664623461356635656566363936613339313135303764383636373938373932623632303435
+33383838303639343730626433333337313135306463663839323735376132353838306162313864
+65313939343466623039373462306533336532616365343639623765316532396236393239303265
+30316133616364653638386635303964366161303161396562373835656339666439313231386530
+65656438623536393032633064363631613265383239613563613533396263393131623161373662
+65306564666235376561643462613434653839373237663964343333366231306166623661663639
+33316465666431636439316661646337643763306466323165643735353162333361376534343362
+30326336643537643932336362313635373865323531663730663436333461633536323561623763
+35353137633265353930626535306234636338326335346664383735356132643363366362643864
+66323734313839653330396266346537633035363538663964643839366533333438643239306561
+62656639366565323739373164653536316664326664393530633236396334363731313237643636
+65643737666134653331383737633531643463356162306231326261653162316264383961396333
+34303335336465613230343133626364633935393139366263613533343230646561363736323536
+64313661343061623864326331653032303661393834643435396162363830353933653038613965
+66383039316165656130316363356533653065303866616630636135666265643639376336336235
+32666539383638623534356539653236366265326634396335663166313461353931653634313434
+35353461613139626463346362363636623363313965376437643865343132346530396333326234
+33636237326565643766343437663330646632393538643865373664353435663530376333386233
+38666266386336313234303435326138346330653763326462333331323233653462353264346163
+38666462633066333136343233663137313439663138663037663537633434643561316362643439
+30383637366237383937373161623131356136623230386131623166363365326139373235636538
+37343861656363656662373262336663653233663639313031613962653562323739616336656539
+38636333343562663165623537376366343863653764363361383161663361363531326335313633
+39333162626462613935383534373566336665303631396135333463663432616437356532356465
+37316334613365333037316365373731386239323363643231653839306539376664623366653934
+31373065646362366562306130346366653366333039633237646539326665646262393231636137
+61376439306630623930306332356566363833373635646562386232306431306466363139386430
+64383439366138316130636234663263343930316639383738303937363732316366303332643837
+64336364633336366562303131383831613331346334353064386161363366623565653236313337
+37656362396231616333646334306232343030366139626339386464326564636632666138313132
+62613439316231336635623537303234333139366431663965386637653237376463636136613465
+32633666383863643266663536353064663231663033373637616564376230636261383532383837
+31623062616466313031306630373839623431376239653237623863666331316130346661316230
+36333164323033343162653464633461363632383634323431616332366461303166316361383937
+64313662613362613339346339323038363166666461663861613062393765666664396431363735
+32373366373964653432323536343163626361393935376330303563386465356238353231653636
+65663839323432663561306464356165326331656231656662616562303661316238626136303439
+65353439633865656630313761353665363231346262633134393638646661643231663134343066
+62666335323563353863623638343663633565653466376335396238366531313165366331656430
+65643862653265313136353661623633316132353638373763313036346362616262363763306539
+64623563393435626636396132616137313962363636326533393662373537636137373637356666
+30373862353966616333393861323130306366636432363661613639636137316430613032613666
+34333635356136313337343730393839373237363334333466373231396530326438353339363464
+34663038613165333335376630346535336138383238306339636563613964363665643334613836
+66616234336634653237623766343466613632383836623630633763613265323638653437333665
+65623733376631303261623363306139626539393631393435623164316137313835653138376137
+62643737616564333562326434383336393563386266383065616361643563616439666536363563
+65373933343438376233626564376131396130323335333965666134646132646230396639623638
+39646437383537633362653966623832303535313435393064616266646335663136613061613631
+31633639383437616635633066386163343733666439353565336237366334373838333730336434
+36393830616431656136396465663132343530333735323138653835333730393135393738353865
+32376664323961646361653639353439316164623962393737333634383266323661626539383464
+62366439636236373732666661393739616239333135393732623739636632386136656638393032
+64623261633237333936353466633836343866643661343334313064386432323061316164346565
+38653734316538653832313432323434666639346666396630363336363231333561303861363536
+66343465323936383533353733333431313261336332363964366461656239356230366533646635
+34363565383137393662613263343732656437363739323339643038646439316139613565613331
+35666635316639623932633765303131613132346637643263633664326637633433623137383831
+35666235653466396432323031353162393035373235343661333664633866323936373034306163
+34396232316232663762323138643334363362343538343335653333386433386632653262393235
+36323430316166363330363861386339623631373062646339396231356566336632363639616531
+65333237376564363936336132323733323237396331306264643239363633666439363432313236
+38663138623531666337346332633366633234636230343066363437623561393662636432343965
+65616132363733393262643137653238396364323637623033643564333533363032633834633563
+64313061303063346636633734353338396333613933313632323935636131623364643066303632
+37366464323964336231653233313261353336636138376461636434373933353166323937386662
+66333037633038396333663661626266643032346331333966363763643464306535653231373436
+32623064633235393265653865613431626535616439646165646631653430663630306634626232
+39393661376164353934323934643137613239303864313465326264376265623437326663303035
+65616463633161656334646664613339646633623361363737663639333361613062396665656132
+32633838313633653465633163323531376438626661653966393462316666313538666362303561
+64396563386137333538373137633065303732373039366533336230393561316330666633383433
+36333932333133313637663733653031623266666566346464393530653035656437616266373230
+32373736636464356333613438353437323636363962386464393838626564636434663063613334
+62326565353239343031633466303963366362653061366432636662326664316334623036626165
+30346365313137663234323930633064303335643464633737316164373266623031313839333034
+39336231666630616232346363396332363663396335386534373235663032376166613763393465
+36323261316465623336366434653737323236313739623438616338666536633431616265313032
+33663335623366616231366436363037353464626233343438653061386539343830633139343865
+62613134333762386436303966353830313761396331623262656630616565363239333766626331
+39313937316238363866366365633434333233643664356533643839373063323436626435643937
+30303363346334663765336566373865356361623935623736313331396133313637313765386366
+65343863633865316332663463663937623762316138346462653435613466323264663730656433
+37373662383436386233393539303536613031633537326465333030646136666532363935393634
+33343735376634363763616639626339643431303863663964653132336236636538613035396464
+66383437346664633536303162353430666638636439366539356263303934373933313131393162
+35353837633232323330643736376162636232303830313037336263323536356531363338636661
+30653162663931626636343036306236393063326338373466633330343363616666366261626638
+37376539613564386339373434616139623237623461383434613738626433323065333766306431
+33343638396263376537396163613962636334646631346363393366353665356132306263663831
+34353665356563636462333738383936343539316435646361623633316365643935393538653738
+34376530623837313330353035633761336336666132623334323839626666366362653836643632
+38383637343431633235656337353331313863373930623636333235656137633461303739396563
+39396433343262383136663636343231643739316664363839656233623633323638363236343435
+32323739353138306530616531376636323336356664656533313961356535333061353732643337
+37313432323231333066396362326335613935356235366265646563623232353866336565323237
+30643766303738363039383566656535343864373837353861666265623963623436376664663966
+61363532393262666636616538626434366338303832646631626134336134313131616166616136
+33663734336336613738333833653130613561366633343561643839323266393038356539383230
+63623834316363313232366638306262623633363366303136336536336663353865303435383333
+63316434616666656466343737626233326161386462363631643531356131376161633466303736
+38383833663965663835356635323537626536306437323861366635386562353063373132326465
+63343234303633393138343862336662663361653930636461326435303635623562373634363032
+6661396564633461353336313466366163393535646238326639

group_vars/bdd.yml

@@ -1,5 +0,0 @@
----
-borg_keep_hourly: 6
-borg_backup_exclude:
-  - "/var/lib/postgresql/"
-...

group_vars/certbot.yml

@@ -1,8 +0,0 @@
----
-glob_certbot:
-  - dns_rfc2136_server: '10.128.0.30'
-    dns_rfc2136_name: certbot_challenge.
-    dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
-    mail: tech.aurore@lists.crans.org
-    certname: auro.re
-    domains: "*.auro.re"

group_vars/dhcp/dhcpd.yml

@@ -1,69 +0,0 @@
----
-dhcpd__omapi_key:
-  algorithm: hmac-sha512
-  secret: 99XuJO0ofX3VAnWWlyixWbQ5YTagPfgxyh14IbLNBb3/JzEklkWopvQdj/PXVYbfb/sRyFJBhLexPag4dLh7PA==
-
-dhcpd__interfaces:
-  - client0
-  - client1
-  - client2
-  - client3
-  - client4
-
-dhcpd__dns_servers:
-  - 10.128.10.3
-  - 10.128.10.103
-
-dhcpd__domain_search:
-  - isp.auro.re.
-  - auro.re.
-
-dhcpd__subnets:
-  - network: 100.64.0.0/27
-    routers:
-      - 100.64.0.1
-    start: 100.64.0.4
-    end: 100.64.0.30
-    domain_name: client0.isp.auro.re
-    failover: true
-  - network: 100.64.0.32/27
-    routers:
-      - 100.64.0.31
-    start: 100.64.0.33
-    end: 100.64.0.63
-    domain_name: client1.isp.auro.re
-    failover: true
-  - network: 100.64.0.64/27
-    routers:
-      - 100.64.0.65
-    start: 100.64.0.67
-    end: 100.64.0.95
-    domain_name: client2.isp.auro.re
-    failover: true
-  - network: 100.64.0.96/27
-    routers:
-      - 100.64.0.97
-    start: 100.64.0.99
-    end: 100.64.0.127
-    domain_name: client3.isp.auro.re
-    failover: true
-  - network: 100.64.0.128/27
-    routers:
-      - 100.64.0.129
-    start: 100.64.0.131
-    end: 100.64.0.159
-    domain_name: client4.isp.auro.re
-
-dhcpd__failover:
-  dhcp-1.isp.infra.auro.re: 10.210.1.1
-  dhcp-2.isp.infra.auro.re: 10.210.1.2
-
-dhcpd__failover_address: "{{ dhcpd__failover[inventory_hostname] }}"
-
-dhcpd__failover_peer_address: "{{ dhcpd__failover
-                                  | dict2items
-                                  | selectattr('key', '!=',
-                                               inventory_hostname)
-                                  | map(attribute='value')
-                                  | first }}"
-...

group_vars/dns/kresd.yml

@@ -1,24 +0,0 @@
----
-kresd__listen:
-  - address: 0.0.0.0
-    port: 53
-    kind: dns
-  - address: "::"
-    port: 53
-    kind: dns
-  - address: 0.0.0.0
-    port: 853
-    kind: tls
-  - address: "::"
-    port: 853
-    kind: tls
-  - address: 0.0.0.0
-    port: 8453
-    kind: webmgmt
-  - address: "::"
-    port: 8453
-    kind: webmgmt
-    tls: false
-
-kresd__cache_size: 512
-...

group_vars/edge/keepalived.yml

@@ -1,21 +0,0 @@
----
-keepalived__virtual_router_id: 81
-
-keepalived__interface: back0
-
-keepalived__virtual_addresses:
-  crans0:
-    - 185.230.79.254/29
-    - 2a0c:700:28::2/64
-    - fe80::1/10
-  zayo0:
-    - 2001:1b48:2:103::d7:2/126
-    - 83.167.52.69/31
-    - fe80::1/10
-  oti0:
-    - 2a00:a4c0:100c:1::b/127
-    - 77.95.70.11/31
-    - fe80::1/10
-
-keepalived__main: "{{ inventory_hostname_short == 'edge-1' }}"
-...

group_vars/infra/bird.yml

@@ -1,86 +0,0 @@
----
-bird__kernel:
-  kernel:
-    learn: true
-    import: accept
-    export: accept
-
-bird__ospf:
-  limits:
-    import: 4000
-    export: 4000
-  import: accept
-  export:
-    protos: kernel
-  areas:
-    0:
-      broadcast:
-        - back0
-      stub:
-        - monit0
-        - wifi0
-        - int0
-        - sw0
-        - bmc0
-        - pve0
-        - isp0
-        - ext0
-        - pub0
-        - th30
-        - ups0
-    1:
-      broadcast:
-        - vpn0
-
-bird__bgp:
-  edge1:
-    local:
-      address: "{{ bird__bgp_addr.back }}"
-      as: "{{ bird__as.aurore }}"
-    neighbor:
-      address:
-        - 2a09:6840:203::1:1
-        - 10.203.1.1
-      as: "{{ bird__as.aurore }}"
-    import:
-      - pref_src: "{{ bird__pref_src_addr }}"
-      - accept
-    export: reject
-  edge2:
-    local:
-      address: "{{ bird__bgp_addr.back }}"
-      as: "{{ bird__as.aurore }}"
-    neighbor:
-      address:
-        - 2a09:6840:203::1:2
-        - 10.203.1.2
-      as: "{{ bird__as.aurore }}"
-    import:
-      - pref_src: "{{ bird__pref_src_addr }}"
-      - accept
-    export: reject
-      #wg1:
-      #local:
-      #address: "{{ bird__bgp_addr.vpn }}"
-      #as: "{{ bird__as.aurore }}"
-      #neighbor:
-      #address:
-      #  - 2a09:6840:213::1:3
-      #  - 10.213.1.3
-      #as: "{{ bird__as.aurore }}"
-      #rr_cluster_client: 10.203.1.1
-      #import: reject
-      #export: accept
-      #wg2:
-      #local:
-      #address: "{{ bird__bgp_addr.vpn }}"
-      #as: "{{ bird__as.aurore }}"
-      #neighbor:
-      #address:
-      #  - 2a09:6840:213::1:4
-      #  - 10.203.1.4
-      #as: "{{ bird__as.aurore }}"
-      #rr_cluster_client: 10.203.1.1
-      #import: reject
-      #export: accept
-...

group_vars/infra/firewall.yml

@@ -1,457 +0,0 @@
----
-firewall__zones:
-  adm-legacy:
-    addrs:
-      - 2a09:6840:128::/64
-      - 10.128.0.0/16
-  ups:
-    addrs:
-      - 2a09:6840:201::/64
-      - 10.201.0.0/16
-  back:
-    addrs:
-      - 2a09:6840:203::/64
-      - 10.203.0.0/16
-  monit:
-    addrs:
-      - 2a09:6840:204::/64
-      - 10.204.0.0/16
-  wifi:
-    addrs:
-      - 2a09:6840:205::/64
-      - 10.205.0.0/16
-  int:
-    addrs:
-      - 2a09:6840:206::/64
-      - 10.206.0.0/16
-  sw:
-    addrs:
-      - 2a09:6840:207::/64
-      - 10.207.0.0/16
-  bmc:
-    addrs:
-      - 2a09:6840:208::/64
-      - 10.208.0.0/16
-  pve:
-    addrs:
-      - 2a09:6840:209::/64
-      - 10.209.0.0/16
-  isp:
-    addrs:
-      - 2a09:6840:210::/64
-      - 10.210.0.0/16
-  ext:
-    addrs:
-      - 2a09:6840:211::/64
-      - 10.211.0.0/16
-  pub:
-    addrs:
-      - 2a09:6840:215::/64
-      - 45.66.111.192/27
-  vpn-clients:
-    addrs:
-      - 2a09:6840:212::/64
-      - 10.212.0.0/16
-  vpn:
-    addrs:
-      - 2a09:6840:213::/64
-      - 10.213.0.0/16
-  infra:
-    zones:
-      - adm-legacy
-      - ups
-      - back
-      - monit
-      - wifi
-      - int
-      - sw
-      - bmc
-      - pve
-      - isp
-      - ext
-      - pub
-      - vpn
-  internet:
-    negate: true
-    addrs:
-      - 2a09:6840::/32
-      - 2a09:6841::/32
-      - 2a09:6842::/32
-      - 45.66.108.0/22
-      - 10.0.0.0/8
-      - 100.64.0.0/10
-  prometheus.int:
-    addrs:
-      - 2a09:6840:204::1:1
-      - 10.204.1.1
-      - 2a09:6840:204::1:2
-      - 10.204.1.2
-  grafana.adm:
-    addrs:
-      - 2a09:6840:128::98
-      - 10.128.0.98
-  re2o-ldap.adm:
-    addrs:
-      - 2a09:6840:128::21
-      - 10.128.0.21
-  ldap-replica-edc.adm:
-    addrs:
-      - 2a09:6840:128::4:249
-      - 10.128.4.249
-  nextcloud.adm:
-    addrs:
-      - 2a09:6840:128::58
-      - 10.128.0.58
-  dns.int:
-    addrs:
-      - 2a09:6840:206::1:1
-      - 10.206.1.1
-      - 2a09:6840:206::1:2
-      - 10.206.1.2
-  ntp.int:
-    addrs:
-      - 2a09:6840:206::1:5
-      - 10.206.1.5
-      - 2a09:6840:206::1:6
-      - 10.206.1.6
-  docker-ovh.adm:
-    addrs:
-      - 2a09:6840:128::150
-      - 10.128.0.150
-  mx.test:
-    addrs:
-      - 2a09:6840:211::1:5
-      - 45.66.111.208
-      - 10.128.1.5
-  proxy.pub:
-    addrs:
-      - 2a09:6840:215::1:1
-      - 45.66.111.206
-  collabora.ext:
-    addrs:
-      - 2a09:6840:211::1:1
-      - 10.211.1.1
-  grafana.ext:
-    addrs:
-      - 2a09:6840:211::1:7
-      - 10.211.1.7
-  ns-1.pub:
-    addrs:
-      - 2a09:6840:215::1:2
-      - 45.66.111.205
-  ns-2.pub:
-    addrs:
-      - 2a09:6840:215::1:3
-      - 45.66.111.207
-  ns-master.int:
-    addrs:
-      - 2a09:6840:206::1:7
-      - 10.206.1.7
-  tor.pub:
-    addrs:
-      - 45.66.111.215
-      - 2a09:6840:215::1:215
-  jitsi.pub:
-    addrs:
-      - 45.66.111.216
-      - 2a09:6840:215::1:216
-  log-1.int:
-    addrs:
-      - 10.206.1.9
-      - 2a09:6840:206::1:9
-  log-2.int:
-    addrs:
-      - 10.206.1.10
-      - 2a09:6840:206::1:10
-
-firewall__input:
-  - iif:
-      - back0 # FIXME link-local
-      - vpn0
-    verdict: accept
-  - src:
-      - back
-      - vpn
-    verdict: accept
-  - src: monit
-    protocols:
-      tcp:
-        dport:
-          - 9100
-          - 9700
-    verdict: accept
-  - src: monit
-    protocols:
-      tcp:
-        dport: 9324
-    verdict: accept
-  - protocols:
-      icmp: true
-    verdict: accept
-  - protocols:
-      tcp:
-        dport: 22
-    verdict: accept
-  - verdict: drop
-
-firewall__output:
-  - verdict: accept
-
-firewall__forward:
-  - src: back
-    dst: infra
-    verdict: accept
-  - src: infra # FIXME: temporary
-    dst: internet
-    verdict: accept
-  - src: monit
-    dst: bmc
-    protocols:
-      icmp: true
-    verdict: accept
-  - dst: mx.test
-    protocols:
-      icmp: true
-    verdict: accept
-  - dst: mx.test
-    protocols:
-      tcp:
-        dport:
-          - 25
-          - 465
-          - 993
-    verdict: accept
-  # NS
-  - dst:
-      - ns-1.pub
-      - ns-2.pub
-    protocols:
-      tcp:
-        dport: 53
-    verdict: accept
-  - dst:
-      - ns-1.pub
-      - ns-2.pub
-    protocols:
-      udp:
-        dport: 53
-    verdict: accept
-  - src:
-      - ns-1.pub
-      - ns-2.pub
-    dst: ns-master.int
-    protocols:
-      udp:
-        dport: 53
-    verdict: accept
-  - src:
-      - ns-1.pub
-      - ns-2.pub
-    dst: ns-master.int
-    protocols:
-      tcp:
-        dport: 53
-    verdict: accept
-  # SNMP
-  - src: monit
-    dst:
-      - sw
-      - ups
-      - bmc
-    protocols:
-      udp:
-        dport: 161
-    verdict: accept
-  - src: monit
-    dst:
-      - sw
-      - ups
-      - bmc
-    protocols:
-      tcp:
-        dport: 161
-    verdict: accept
-  # Alertmanager
-  - src: monit
-    dst: docker-ovh.adm
-    protocols:
-      tcp:
-        dport: 9093
-    verdict: accept
-  - src: adm-legacy
-    dst: bmc
-    verdict: accept
-  # Prometheus for Grafana
-  - src: grafana.adm
-    dst: prometheus.int
-    protocols:
-      tcp:
-        dport: 9090
-    verdict: accept
-  # Prometheus for Grafana nixos
-  - src: grafana.ext
-    dst: prometheus.int
-    protocols:
-      tcp:
-        dport: 9090
-    verdict: accept
-  - src: grafana.ext
-    dst: re2o-ldap.adm
-    protocols:
-      tcp:
-        dport: 389
-    verdict: accept
-  - src: grafana.ext
-    dst: ldap-replica-edc.adm
-    protocols:
-      tcp:
-        dport: 389
-    verdict: accept
-  # Admin VPN clients
-  - src: vpn-clients
-    dst: infra
-    verdict: accept
-  # Prometheus node
-  - src: monit
-    dst: infra
-    protocols:
-      tcp:
-        dport:
-          - 9100
-          - 9700
-    verdict: accept
-  # Prometheus bird
-  - src: monit
-    dst: back
-    protocols:
-      tcp:
-        dport: 9324
-    verdict: accept
-  # Prometheus kresd
-  - src: monit
-    dst: dns.int
-    protocols:
-      tcp:
-        dport: 8453
-    verdict: accept
-  # Allow DNS from infra to dns-{1,2}
-  - src: infra
-    dst: dns.int
-    protocols:
-      udp:
-        dport: 53
-    verdict: accept
-  - src: infra
-    dst: dns.int
-    protocols:
-      tcp:
-        dport: 53
-    verdict: accept
-  # Allow NTP from infra to ntp-{1,2} 
-  - src: 
-      - infra
-      - pub
-    dst: ntp.int
-    protocols:
-      udp:
-        dport: 123
-    verdict: accept
-  # Admin Wireguard
-  - dst:
-      - 2a09:6840:211::1:1
-      - 45.66.111.204
-      - 10.211.1.1
-    protocols:
-      udp:
-        dport: 5121
-    verdict: accept
-  # Proxy web
-  - dst: 
-      - jitsi.pub
-      - proxy.pub
-    protocols:
-      tcp:
-        dport:
-          - 80
-          - 443
-    verdict: accept
-  - src: proxy.pub
-    dst: grafana.adm
-    protocols:
-      tcp:
-        dport: 3000
-    verdict: accept
-  - src: proxy.pub
-    dst: grafana.ext
-    protocols:
-      tcp:
-        dport: 80
-    verdict: accept
-  - src: proxy.pub
-    dst: nextcloud.adm
-    protocols:
-      tcp:
-        dport: 8080
-  - src: proxy.pub
-    dst: adm-legacy
-    protocols:
-      tcp:
-        dport:
-          - 80
-          - 443
-    verdict: accept
-  # ICMP to public vlan
-  - dst: pub
-    protocols:
-      icmp: true
-    verdict: accept
-  # Proxy -> Collabora
-  - src: proxy.pub
-    dst: collabora.ext
-    protocols:
-      tcp:
-        dport: 9980
-    verdict: accept
-  # Collabora -> Proxy
-  - src: collabora.ext
-    dst: proxy.pub
-    protocols:
-      tcp:
-        dport:
-          - 80
-          - 443
-    verdict: accept
-  # Tor: SSH
-  - dst: tor.pub
-    protocols:
-      tcp:
-        dport: 
-          - 22
-          - 4444
-    verdict: accept
-  # Jitsi UDP
-  - dst: jitsi.pub
-    protocols:
-      udp:
-        dport:
-          - 3478
-          - 10000
-  # Jitsi TCP
-  - dst: jitsi.pub
-    protocols:
-      tcp:
-        dport:
-          - 5349
-
-firewall__nat:
-  - src: 10.0.0.0/8
-    dst: internet
-    protocols: null
-    snat:
-      addr: 45.66.111.200/30
-  #- src: monit
-  #  dst: adm-legacy
-  #  protocols: null
-  #  snat:
-  #    addr: 10.203.1.3/32
-...

group_vars/infra/keepalived.yml

@@ -1,59 +0,0 @@
----
-keepalived__virtual_router_id: 82
-
-keepalived__interface: back0
-
-keepalived__virtual_addresses:
-  ups0:
-    - 10.201.0.1/16
-    - 2a09:6840:201::1/64
-    - fe80::1/10
-  monit0:
-    - 10.204.0.1/16
-    - 2a09:6840:204::1/64
-    - fe80::1/10
-  wifi0:
-    - 10.205.0.1/16
-    - 2a09:6840:205::1/64
-    - fe80::1/10
-  int0:
-    - 10.206.0.1/16
-    - 2a09:6840:206::1/64
-    - fe80::1/10
-  sw0:
-    - 10.207.0.1/16
-    - 2a09:6840:207::1/64
-    - fe80::1/10
-  bmc0:
-    - 10.208.0.1/16
-    - 2a09:6840:208::1/64
-    - fe80::1/10
-  pve0:
-    - 10.209.0.1/16
-    - 2a09:6840:209::1/64
-    - fe80::1/10
-  isp0:
-    - 10.210.0.1/16
-    - 2a09:6840:210::1/64
-    - fe80::1/10
-  ext0:
-    - 10.211.0.1/16
-    - 2a09:6840:211::1/64
-    - fe80::1/10
-  th30:
-    - 10.126.0.6/24
-    - fe80::1/10
-  pub0:
-    - 2a09:6840:215::1/64
-    - 45.66.111.204/27
-    - fe80::1/10
-
-#keepalived__virtual_routes:
-#  ext0:
-#    - 45.66.111.204/30
-
-keepalived__virtual_blackholes:
-  - 45.66.111.200/30 # NAT
-
-keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
-...

group_vars/isp/bird.yml

@@ -1,53 +0,0 @@
----
-bird__kernel:
-  kernel:
-    learn: true
-    import: accept
-    export: accept
-
-bird__ospf:
-  limits:
-    import: 4000
-    export: 4000
-  import: accept
-  export:
-    protos: kernel
-  areas:
-    0:
-      broadcast:
-        - back0
-      stub:
-        - client0
-        - client1
-        - client2
-        - client3
-        - client4
-
-bird__bgp:
-  edge1:
-    local:
-      address: "{{ bird__bgp_addr.back }}"
-      as: "{{ bird__as.aurore }}"
-    neighbor:
-      address:
-        - 2a09:6840:203::1:1
-        - 10.203.1.1
-      as: "{{ bird__as.aurore }}"
-    import:
-      - pref_src: "{{ bird__pref_src_addr }}"
-      - accept
-    export: reject
-
-bird__radv:
-  rdnss:
-    - 2a09:6840:206::1:1
-    - 2a09:6840:206::1:2
-  interfaces:
-    client0:
-      max_interval: 5
-      prefixes:
-        - 2a09:6841::/64
-      dnssl: client0.isp.auro.re
-      domain_search:
-        - auro.re
-...

group_vars/isp/firewall.yml

@@ -1,40 +0,0 @@
----
-firewall__zones:
-  internet:
-    negate: true
-    addrs:
-      - 2a09:6840::/32
-      - 2a09:6841::/32
-      - 2a09:6842::/32
-      - 45.66.108.0/22
-      - 10.0.0.0/8
-      - 100.64.0.0/10
-  clients:
-    addrs:
-      - 100.64.0.0/10
-  non_clients:
-    negate: true
-    zones: clients
-  allowed_clients:
-    file:
-      path: /var/run/firewall/allowed_clients.yml
-      default: []
-
-firewall__input:
-  - verdict: accept
-
-firewall__output:
-  - verdict: accept
-
-firewall__forward:
-  - src: allowed_clients
-    dst: non_clients
-    verdict: accept
-
-firewall__nat:
-  - src: clients
-    dst: internet
-    protocols: null
-    snat:
-      addr: 45.66.111.220
-...

group_vars/isp/keepalived.yml

@@ -1,32 +0,0 @@
----
-keepalived__virtual_router_id: 80
-
-keepalived__interface: back0
-
-keepalived__virtual_addresses:
-  client0:
-    - 100.64.0.1/27
-    - 2a09:6841::1/56
-    - fe80::1/10
-  client1:
-    - 100.64.0.33/27
-    - 2a09:6841:0:1::1/64
-    - fe80::1/10
-  client2:
-    - 100.64.0.65/27
-    - 2a09:6841:0:2::1/64
-    - fe80::1/10
-  client3:
-    - 100.64.0.97/27
-    - 2a09:6841:0:3::1/64
-    - fe80::1/10
-  client4:
-    - 100.64.0.129/27
-    - 2a09:6841:0:4::1/64
-    - fe80::1/10
-
-keepalived__virtual_blackholes:
-  - 45.66.111.220/32
-
-keepalived__main: "{{ inventory_hostname_short == 'isp-1' }}"
-...

group_vars/nginx.yml

@@ -1,32 +0,0 @@
----
-glob_nginx:
-  contact: tech.aurore@lists.crans.org
-  who: "L'équipe technique d'Aurore"
-  service_name: service
-  ssl:
-    # Add adm.auro.re if necessary
-    - name: auro.re
-      cert: /etc/letsencrypt/live/auro.re/fullchain.pem
-      cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
-      trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
-  servers:
-    - ssl: false  # Replace by auro.re or adm.auro.re
-      default: true
-      server_name:
-        - "default"
-        - "_"
-      root: "/var/www/html"
-      locations:
-        - filter: "/"
-          params: []
-      additional_params: []
-  upstreams: []
-
-  auth_passwd: []
-  default_server:
-  default_ssl_server:
-  default_ssl_domain: auro.re
-  real_ip_from:
-    - "10.128.0.0/16"
-    - "2a09:6840:128::/64"
-  deploy_robots_file: false

group_vars/ns/knotd.yml

@@ -1,71 +0,0 @@
----
-knotd__listen:
-  - address: 0.0.0.0
-  - address: "::"
-
-knotd__keys:
-  xfr:
-    algorithm: hmac-sha512
-    secret: "{{ vault_knotd_xfr_key }}"
-
-knotd__remotes:
-  xfr-master:
-    address: 2a09:6840:206::1:7
-    key: xfr
-
-knotd__acl:
-  notify-master:
-    address:
-      - 2a09:6840:206::1:7
-      - 10.206.1.7
-    key: xfr
-    action: notify
-
-knotd__queryacl:
-  local:
-    addresses:
-      - 10.0.0.0/8
-
-knotd__zones:
-  auro.re:
-    dnssec_validation: true
-    acl:
-      - notify-master
-    master: xfr-master
-  test.auro.re:
-    dnssec_validation: true
-    acl:
-      - notify-master
-    master: xfr-master
-  infra.auro.re:
-    dnssec_validation: true
-    acl:
-      - notify-master
-    #queryacl: local
-    master: xfr-master
-  108.66.45.in-addr.arpa:
-    dnssec_validation: false
-    acl:
-      - notify-master
-    master: xfr-master
-  109.66.45.in-addr.arpa:
-    dnssec_validation: false
-    acl:
-      - notify-master
-    master: xfr-master
-  110.66.45.in-addr.arpa:
-    dnssec_validation: false
-    acl:
-      - notify-master
-    master: xfr-master
-  111.66.45.in-addr.arpa:
-    dnssec_validation: false
-    acl:
-      - notify-master
-    master: xfr-master
-  0.4.8.6.9.0.a.2.ip6.arpa:
-    dnssec_validation: false
-    acl:
-      - notify-master
-    master: xfr-master
-...

group_vars/ntp/chronyd.yml

@@ -1,13 +0,0 @@
----
-chronyd__allow_networks:
-  - 2a09:6840::/32
-  - 10.0.0.0/8
-
-chronyd__pools:
-  - 0.pool.ntp.org
-  - 1.pool.ntp.org
-  - 2.pool.ntp.org
-  - 3.pool.ntp.org
-
-chronyd__local_stratum: 10
-...

group_vars/prom/prometheus/bird.yml

@@ -1,144 +0,0 @@
----
-prometheus__scraping_bird:
-  targets: "{{ groups.router }}"
-  address:
-    port: 9324
-
-prometheus__rules_bird:
-  - record: bird:protocol_up:bgp_all
-    expr:
-      label_replace(
-        bird_protocol_up{proto="BGP"},
-        "group", "$1",
-        "instance", "^([^0-9\\.]+)-[0-9]+.*"
-      )
-  # FIXME: sessions en cours d'installation, pas encore monitorées
-  - record: bird:protocol_up:bgp
-    expr:
-      bird:protocol_up:bgp_all
-      unless bird:protocol_up:bgp_all{
-        group="edge",
-        name=~"^(viarezo|isp[12]|rezel)[46]$"
-      }
-  # Sessions qui ne sont volontairement pas redondées
-  # au sein d'un groupe
-  - record: bird:protocol_up:bgp:non_redundant
-    expr:
-      bird:protocol_up:bgp{
-        group="edge",
-        name=~"^(oti|crans|legacy|edge)[46]$"
-      }
-  # Sessions qui le sont
-  - record: bird:protocol_up:bgp:redundant
-    expr:
-      bird:protocol_up:bgp
-      unless
-      bird:protocol_up:bgp:non_redundant
-  - alert: BirdBGPRedundancyDegraded
-    expr:
-      (
-        count by (group, name) (
-          bird:protocol_up:bgp:redundant{state="Established"}
-        ) + (
-          count by (group, name) (
-            bird:protocol_up:bgp:redundant{state!="Established"} * 0
-          )
-        )
-      ) < 2
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      Session: !unsafe "{{ $labels.name }}"
-      Count: !unsafe "{{ $value }}"
-      Group: !unsafe "{{ $labels.group }}"
-  - alert: BirdBGPDown
-    expr:
-      (
-        count by (group, name) (
-          bird:protocol_up:bgp{state="Established"}
-        ) + (
-          count by (group, name) (
-            bird:protocol_up:bgp{state!="Established"} * 0
-          )
-        )
-      ) == 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Session: !unsafe "{{ $labels.name }}"
-      Group: !unsafe "{{ $labels.group }}"
-  # TODO: warning pour redondant ?
-  - alert: BirdBGPNoExportedPrefixRedundant
-    expr:
-      bird_protocol_prefix_export_count{
-        export_filter!="REJECT",
-      } * on (instance, name) group_left (group) (
-        bird:protocol_up:bgp:redundant{state="Established"}
-      ) == 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Session: !unsafe "{{ $labels.name }}"
-      Group: !unsafe "{{ $labels.group }}"
-  - alert: BirdBGPNoImportedPrefixRedundant
-    expr:
-      bird_protocol_prefix_import_count{
-        import_filter!="REJECT",
-      } * on (instance, name) group_left (group) (
-        bird:protocol_up:bgp:redundant{state="Established"}
-      ) == 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Session: !unsafe "{{ $labels.name }}"
-      Group: !unsafe "{{ $labels.group }}"
-  - alert: BirdBGPNoExportedPrefixNonRedundant
-    expr:
-      sum by (group) (
-        bird_protocol_prefix_export_count{
-          export_filter!="REJECT",
-        } * on (instance, name) group_left (group) (
-          bird:protocol_up:bgp:non_redundant{state="Established"}
-        )
-      ) == 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Session: !unsafe "{{ $labels.name }}"
-      Group: !unsafe "{{ $labels.group }}"
-  - alert: BirdBGPNoImportedPrefixNonRedundant
-    expr:
-      sum by (group) (
-        bird_protocol_prefix_import_count{
-          import_filter!="REJECT",
-        } * on (instance, name) group_left (group) (
-          bird:protocol_up:bgp:non_redundant{state="Established"}
-        )
-      ) == 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Session: !unsafe "{{ $labels.name }}"
-      Group: !unsafe "{{ $labels.group }}"
-  - alert: BirdOSPFNeighboursChange
-    expr:
-      changes(bird_ospf_neighbor_count[5m]) > 0
-      or changes(bird_ospfv3_neighbor_count[5m]) > 0
-    for: 0m
-    labels:
-      severity: warning
-  - alert: BirdOSPFDown
-    expr:
-      bird_ospf_running == 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Instance: !unsafe "{{ $labels.name }}"
-...

group_vars/prom/prometheus/common.yml

@@ -1,11 +0,0 @@
----
-prometheus__rules_common:
-  - alert: CollectorDown
-    expr:
-      up == 0
-    for: 3m
-    labels:
-      severity: critical
-    annotations:
-      Job: !unsafe "{{ $labels.job }}"
-...

group_vars/prom/prometheus/eaton.yml

@@ -1,11 +0,0 @@
----
-prometheus__scraping_eaton:
-  targets: "{{ groups.eaton_ups }}"
-  address: 127.0.0.1:9116
-  path: /snmp
-  params:
-    module:
-      - eaton
-
-prometheus__rules_eaton: {}
-...

group_vars/prom/prometheus/ilo.yml

@@ -1,13 +0,0 @@
----
-prometheus__scraping_ilo:
-  targets: "{{ groups.ilo }}"
-  address: 127.0.0.1:9116
-  path: /snmp
-  timeout: 180s
-  interval: 180s
-  params:
-    module:
-      - ilo
-
-prometheus__rules_ilo: {}
-...

group_vars/prom/prometheus/jitsi.yml

@@ -1,6 +0,0 @@
----
-prometheus__scraping_jitsi:
-  targets: ["jitsi.pub.infra.auro.re"]
-  address:
-    port: 9700
-...

group_vars/prom/prometheus/keepalived.yml

@@ -1,23 +0,0 @@
----
-prometheus__rules_keepalived:
-  - alert: KeepalivedVrrpFault
-    expr:
-      keepalived_vrrp_state{state="fault"} > 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Instance: !unsafe "{{ $labels.instance }}"
-  - alert: KeepalivedMasterChange
-    expr:
-      changes(
-        keepalived_vrrp_state{
-          keepalived_vvrp_state="master"
-        }[1m]
-      ) > 0
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      Instance: !unsafe "{{ $labels.instance }}"
-...

group_vars/prom/prometheus/kresd.yml

@@ -1,6 +0,0 @@
----
-prometheus__scraping_kresd:
-  targets: "{{ groups.dns }}"
-  address:
-    port: 8453
-...

group_vars/prom/prometheus/main.yml

@@ -1,28 +0,0 @@
----
-prometheus__alertmanager_targets:
-  - docker-ovh.adm.auro.re:9093
-
-prometheus__tsdb_retention_time: 90d
-
-prometheus__scraping:
-  node: "{{ prometheus__scraping_node }}"
-  prometheus: "{{ prometheus__scraping_prometheus }}"
-  kresd: "{{ prometheus__scraping_kresd }}"
-  bird: "{{ prometheus__scraping_bird }}"
-  quanta: "{{ prometheus__scraping_quanta }}"
-  ilo: "{{ prometheus__scraping_ilo }}"
-  snmp: "{{ prometheus__scraping_snmp }}"
-  eaton: "{{ prometheus__scraping_eaton }}"
-  jitsi: "{{ prometheus__scraping_jitsi }}"
-
-prometheus__rules:
-  common: "{{ prometheus__rules_common }}"
-  switch: "{{ prometheus__rules_switch }}"
-  prometheus: "{{ prometheus__rules_prometheus }}"
-  node: "{{ prometheus__rules_node }}"
-  keepalived: "{{ prometheus__rules_keepalived }}"
-  quanta: "{{ prometheus__rules_quanta }}"
-  #ilo: "{{ prometheus__rules_ilo }}"
-  bird: "{{ prometheus__rules_bird }}"
-  #eaton: "{{ prometheus__rules_eaton }}"
-...

group_vars/prom/prometheus/node.yml

@@ -1,200 +0,0 @@
----
-prometheus__scraping_node:
-  targets: "{{ groups.vm + groups.pve }}"
-  address:
-    port: 9100
-
-prometheus__rules_node:
-  - alert: OutOfMemory
-    expr:
-      (
-        node_memory_MemFree_bytes
-        + node_memory_Cached_bytes
-        + node_memory_Buffers_bytes
-      ) / node_memory_MemTotal_bytes < 0.1
-    for: 5m
-    labels:
-      severity: warning
-    annotations:
-      FreeMemory: !unsafe "{{ $value | humanizePercentage }}"
-  - alert: HostSwapIsFillingUp
-    expr:
-      (
-        1 - (
-          node_memory_SwapFree_bytes
-          / node_memory_SwapTotal_bytes
-        )
-      ) >= 0.5
-    for: 3m
-    labels:
-      severity: critical
-    annotations:
-      UsedSwap: !unsafe "{{ $value | humanizePercentage }}"
-  - alert: HostPhysicalComponentTooHot
-    expr:
-      node_hwmon_temp_celsius > 79
-    for: 3m
-    labels:
-      severity: critical
-    annotations:
-      Temperature: !unsafe "{{ $value | humanize }} °C"
-      Chip: !unsafe "{{ $labels.chip }}"
-      Sensor: !unsafe "{{ $labels.sensor }}"
-  - alert: HostNodeOvertemperatureAlarm
-    expr:
-      node_hwmon_temp_crit_alarm_celsius == 1
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Chip: !unsafe "{{ $labels.chip }}"
-      Sensor: !unsafe "{{ $labels.sensor }}"
-  - alert: HostRaidArrayGotInactive
-    expr:
-      node_md_state{state="inactive"} > 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Device: !unsafe "{{ $labels.device }}"
-  - alert: HostRaidDiskFailure
-    expr:
-      node_md_disks{state="failed"} > 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      severity: !unsafe "{{ $labels.md_device }}"
-  - alert: HostOomKillDetected
-    expr:
-      increase(node_vmstat_oom_kill[1m]) > 0
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      PID: !unsafe "{{ $value }}"
-  - alert: HostEdacCorrectableErrorsDetected
-    expr:
-      increase(node_edac_correctable_errors_total[1m]) > 0
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      CorrectedErrors: !unsafe "{{ $value }}"
-  - alert: HostEdacUncorrectableErrorsDetected
-    expr:
-      increase(node_edac_uncorrectable_errors_total[1m]) > 0
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      DetectedErrors: !unsafe "{{ $value }}"
-  - alert: OutOfDiskSpace
-    expr:
-      (
-        node_filesystem_free_bytes
-        / node_filesystem_size_bytes < 0.1
-      )
-      and on (instance, device, mountpoint) (
-        node_filesystem_readonly
-      ) == 0
-    for: 5m
-    labels:
-      severity: critical
-    annotations:
-      Mountpoint: !unsafe "{{ $labels.mountpoint }}"
-      FreeSpace: !unsafe "{{ $value | humanizePercentage }}"
-  - alert: HostConntrackLimit
-    expr:
-      (
-        node_nf_conntrack_entries
-        / node_nf_conntrack_entries_limit
-      ) > 0.8
-    for: 5m
-    labels:
-      severity: warning
-    annotations:
-      Filled: !unsafe "{{ $value | humanizePercentage }}"
-  - alert: HostClockSkew
-    expr:
-      (
-        node_timex_offset_seconds > 0.05
-        and deriv(node_timex_offset_seconds[5m]) >= 0
-      ) or (
-        node_timex_offset_seconds < -0.05
-        and deriv(node_timex_offset_seconds[5m]) <= 0
-      )
-    for: 2m
-    labels:
-      severity: warning
-  - alert: HostClockNotSynchronising
-    expr:
-      min_over_time(node_timex_sync_status[1m]) == 0
-      and node_timex_maxerror_seconds >= 16
-    for: 2m
-    labels:
-      severity: warning
-  - alert: HostRequiresReboot
-    expr:
-      node_reboot_required > 0
-    for: 5m
-    labels:
-      severity: warning
-  - alert: OutOfInodes
-    expr:
-      node_filesystem_files_free
-      / node_filesystem_files < 0.1
-    for: 3m
-    labels:
-      severity: warning
-    annotations:
-      Mountpoint: !unsafe "{{ $labels.mountpoint }}"
-      FreeInodes: !unsafe "{{ $value | humanizePercentage }}"
-  - alert: CpuUsage
-    expr:
-      (
-        1 - avg by (instance) (
-          irate(node_cpu_seconds_total{mode="idle"}[5m])
-        )
-      ) > 0.75
-    for: 10m
-    labels:
-      severity: warning
-    annotations:
-      Usage: !unsafe "{{ $value | humanizePercentage }}"
-  - alert: SystemdServiceFailed
-    expr:
-      node_systemd_unit_state{state="failed"} == 1
-    for: 10m
-    labels:
-      severity: warning
-    annotations:
-      Service: !unsafe "{{ $labels.name }}"
-  - alert: LoadUsage
-    expr:
-      node_load1 > 5
-    for: 2m
-    labels:
-      severity: warning
-    annotations:
-      Load1: !unsafe "{{ $value | humanize }}"
-  - alert: UnhealthyDisk
-    expr:
-      smartmon_device_smart_healthy < 1
-    for: 10m
-    labels:
-      severity: critical
-    annotations:
-      Disk: !unsafe "{{ $labels.disk }}"
-  - alert: HostCpuStealNoisyNeighbor
-    expr:
-      avg by (instance) (
-        rate(node_cpu_seconds_total{mode="steal"}[5m])
-      ) > 0.1
-    for: 5m
-    labels:
-      severity: warning
-    annotations:
-      Disk: !unsafe "{{ $labels.disk }}"
-      Steal: !unsafe "{{ $value | humanizePercentage }}"
-...

group_vars/prom/prometheus/prometheus.yml

@@ -1,14 +0,0 @@
----
-prometheus__scraping_prometheus:
-  targets: "{{ groups.prom }}"
-  address:
-    port: 9090
-
-prometheus__rules_prometheus:
-  - alert: PrometheusTsdbCompactionFailed
-    expr:
-      increase(prometheus_tsdb_compactions_failed_total[1m]) > 0
-    for: 0m
-    labels:
-      severity: critical
-...

group_vars/prom/prometheus/quanta.yml

@@ -1,98 +0,0 @@
----
-prometheus__scraping_quanta:
-  targets: "{{ groups.quanta }}"
-  address: 127.0.0.1:9116
-  path: /snmp
-  timeout: 180s
-  interval: 180s
-  params:
-    module:
-      - quanta
-
-prometheus__rules_quanta:
-  - alert: QuantaQueueOverflow
-    expr:
-      snAgGblQueueOverflow == 1
-    for: 0m
-    labels:
-      severity: critical
-  - alert: QuantaCpuUsage
-    expr:
-      snAgGblCpuUtil1MinAvg > 50
-    for: 5m
-    labels:
-      severity: warning
-    annotations:
-      Usage: !unsafe "{{ $value }} %"
-  - alert: QuantaCpuUsage
-    expr:
-      snAgGblCpuUtil1MinAvg > 80
-    for: 5m
-    labels:
-      severity: critical
-    annotations:
-      Usage: !unsafe "{{ $value }} %"
-  - alert: QuantaMemoryUsage
-    expr:
-      100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 50
-    for: 5m
-    labels:
-      severity: warning
-    annotations:
-      UsedMemory: !unsafe "{{ $value }} %"
-  - alert: QuantaMemoryUsage
-    expr:
-      100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 80
-    for: 5m
-    labels:
-      severity: alert
-    annotations:
-      UsedMemory: !unsafe "{{ $value }} %"
-  - alert: QuantaFanHealth
-    expr:
-      snChasFanOperStatus{snChasFanOperStatus="normal"} == 0
-    for: 0m
-    labels:
-      severity: critical
-    annotations:
-      Description: !unsafe "{{ $labels.shChasFanDescription }}"
-      Status: !unsafe "{{ $labels.snChasFanOperStatus }}"
-  - alert: QuantaMissingIntakeTemp
-    expr:
-      count by (instance) (
-        snAgentTempValue
-      ) - count by (instance) (
-        snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"}
-      ) == 0
-    for: 0m
-    labels:
-      severity: critical
-  - alert: QuantaIntakeTemp
-    expr:
-      0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 60
-    for: 10m
-    keep_firing_for: 30m
-    labels:
-      severity: warning
-    annotations:
-      Temperature: !unsafe "{{ $value }} °C"
-      Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
-  - alert: QuantaIntakeTemp
-    expr:
-      0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 70
-    for: 10m
-    keep_firing_for: 30m
-    labels:
-      severity: critical
-    annotations:
-      Temperature: !unsafe "{{ $value }} °C"
-      Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
-  - alert: QuantaPowerRedundancyFailure
-    expr:
-      count by (instance) (
-        snChasPwrSupplyOperStatus{snChasPwrSupplyOperStatus="normal"}
-      ) < 2
-    for: 0m
-    labels:
-      severity: warning
-...

group_vars/prom/prometheus/snmp.yml

@@ -1,6 +0,0 @@
----
-prometheus__scraping_snmp:
-  targets: "{{ groups.prom }}"
-  address:
-    port: 9116
-...

group_vars/prom/prometheus/switch.yml

@@ -1,91 +0,0 @@
----
-prometheus__rules_switch:
-  - alert: SwitchPromiscuousChange
-    expr:
-      changes(ifPromiscuousMode[5m]) > 0
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-  - alert: SwitchInterfaceUpChange
-    expr:
-      changes(ifOperStatus{ifOperStatus="up"}[5m]) > 0
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-  - alert: SwitchInErrors
-    expr:
-      irate(ifInErrors[5m]) / (
-        irate(ifInUcastPkts[5m])
-        + irate(ifInNUcastPkts[5m])
-      ) > 0.0001
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-  - alert: SwitchOutErrors
-    expr:
-      irate(ifOutErrors[5m]) / (
-        irate(ifOutUcastPkts[5m])
-        + irate(ifOutNUcastPkts[5m])
-      ) > 0.0001
-    for: 0m
-    labels:
-      severity: warning
-    annotations:
-      ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-  - alert: SwitchInLinkUsage
-    expr:
-      rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
-    for: 5m
-    keep_firing_for: 10m
-    labels:
-      severity: warning
-    annotations:
-      Usage: !unsafe "{{ $value | humanizePercentage }}"
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-  - alert: SwitchInLinkUsage
-    expr:
-      rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
-    for: 5m
-    keep_firing_for: 10m
-    labels:
-      severity: critical
-    annotations:
-      Usage: !unsafe "{{ $value | humanizePercentage }}"
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-  - alert: SwitchOutLinkUsage
-    expr:
-      rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
-    for: 5m
-    keep_firing_for: 10m
-    labels:
-      severity: warning
-    annotations:
-      Usage: !unsafe "{{ $value | humanizePercentage }}"
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-  - alert: SwitchOutLinkUsage
-    expr:
-      rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
-    for: 5m
-    keep_firing_for: 10m
-    labels:
-      severity: warning
-    annotations:
-      Usage: !unsafe "{{ $value | humanizePercentage }}"
-      Interface: !unsafe "{{ $labels.ifName }}
-        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
-...

group_vars/prom/prometheus_snmp/eaton.yml

@@ -1,40 +0,0 @@
----
-prometheus_snmp__modules_eaton:
-  version: 1
-  auth:
-    community: "{{ vault_snmp_eaton_community }}"
-  walk:
-    - sysUpTime
-    #- upsBattery
-    - xupsInput
-    - xupsOutput
-    - xupsBypass
-    - xupsEnvironment
-    - xupsBattery
-    - xupsConfig
-  lookups:
-    - source_indexes:
-        - xupsInputPhase
-      lookup: xupsInputName
-    - source_indexes:
-        - xupsOutputPhase
-      lookup: xupsOutputName
-    - source_indexes:
-        - xupsBypassPhase
-      lookup: xupsBypassName
-  overrides:
-    upsBatteryStatus:
-      type: EnumAsStateSet
-    xupsInputId:
-      type: EnumAsStateSet
-    xupsOutputId:
-      type: EnumAsStateSet
-    xupsBypassId:
-      type: EnumAsStateSet
-    xupsOutputSource:
-      type: EnumAsStateSet
-    xupsBatteryAbmStatus:
-      type: EnumAsStateSet
-    xupsContactType:
-      type: EnumAsStateSet
-...

group_vars/prom/prometheus_snmp/ilo.yml

@@ -1,19 +0,0 @@
----
-prometheus_snmp__modules_ilo:
-  version: 3
-  timeout: 10s
-  retries: 10
-  auth:
-    security_level: authPriv
-    auth_protocol: SHA
-    username: aurore
-    password: "{{ vault_snmp_ilo_auth }}"
-    priv_protocol: AES
-    priv_password: "{{ vault_snmp_ilo_priv }}"
-  walk:
-    - sysUpTime
-    - cpqHeTemperatureTable
-  overrides:
-    cpqHeTemperatureThresholdType:
-      type: EnumAsStateSet
-...

group_vars/prom/prometheus_snmp/main.yml

@@ -1,6 +0,0 @@
----
-prometheus_snmp__modules:
-  quanta: "{{ prometheus_snmp__modules_quanta }}"
-  ilo: "{{ prometheus_snmp__modules_ilo }}"
-  eaton: "{{ prometheus_snmp__modules_eaton }}"
-...

group_vars/prom/prometheus_snmp/quanta.yml

@@ -1,125 +0,0 @@
----
-prometheus_snmp__modules_quanta:
-  auth:
-    community: "{{ vault_snmp_quanta_community }}"
-  timeout: 60s
-  retries: 3
-  walk:
-    - interfaces
-    - ifXTable
-    - snAgGblQueueOverflow
-    - snAgGblDynMemTotal
-    - snAgGblDynMemFree
-    - snAgGblCpuUtil1SecAvg
-    - snAgGblCpuUtil5SecAvg
-    - snAgGblCpuUtil1MinAvg
-    - sysUpTime
-    - snAgentCpuUtilPercent
-    - snAgent
-    - snChasFan
-    - snChasPwr
-    - snAgentTemp
-    - snAgentCpu
-    - snSwInfo
-    - snSwIfInfoTable
-    - dot3StatsTable
-    - dot3HCStatsTable
-    - dot3Errors
-    - dot3Tests
-    - dot3CollTable
-    - lldpLocChassisId
-    - lldpRemTable
-    - lldpLocPortTable
-    - dot1dBasePort
-  lookups:
-    - source_indexes:
-        - ifIndex
-      lookup: ifAlias
-    - source_indexes:
-        - ifIndex
-      lookup: ifDescr
-    - source_indexes:
-        - ifIndex
-      lookup: ifName
-    - source_indexes:
-        - snChasFanIndex
-      lookup: snChasFanDescription
-    - source_indexes:
-        - snAgentTempSlotNum
-        - snAgentTempSensorId
-      lookup: snAgentTempSensorDescr
-    - source_indexes:
-        - snSwIfInfoPortNum
-      lookup: snSwIfName
-    - source_indexes:
-        - snSwIfInfoPortNum
-      lookup: snSwIfDescr
-    - source_indexes:
-        - dot3StatsIndex
-      lookup: ifAlias
-    - source_indexes:
-        - dot3StatsIndex
-      lookup: ifDescr
-    - source_indexes:
-        - dot3StatsIndex
-      lookup: ifName
-    - source_indexes:
-        - lldpRemTimeMark
-        - lldpRemLocalPortNum
-        - lldpRemIndex
-      lookup: lldpRemChassisId
-    #- source_indexes:
-    #    - lldpLocPortNum
-    #  lookup: lldpLocPortIdSubtype
-  overrides:
-    ifIndex:
-      ignore: true
-    ifAlias:
-      ignore: true
-    ifDescr:
-      ignore: true
-    ifName:
-      ignore: true
-    ifOperStatus:
-      type: EnumAsStateSet
-    ifAdminStatus:
-      type: EnumAsStateSet
-    snChasFanIndex:
-      ignore: true
-    snChasFanDescription:
-      ignore: true
-    snChasPwrSupplyIndex:
-      ignore: true
-    snAgentTempSensorDescr:
-      ignore: true
-    snChasFanOperStatus:
-      type: EnumAsStateSet
-    snChasPwrSupplyOperStatus:
-      type: EnumAsStateSet
-    snSwIfName:
-      ignore: true
-    snSwIfDescr:
-      ignore: true
-    snSwIfVlanId:
-      ignore: true
-    snSwIfInfoPortNum:
-      ignore: true
-    snSwIfInfoMonitorMode:
-      type: EnumAsStateSet
-    snSwIfInfoMirrorPorts:
-      ignore: true
-    snSwIfInfoMediaType:
-      type: EnumAsInfo
-    ifType:
-      type: EnumAsInfo
-    dot3StatsIndex:
-      ignore: true
-    dot3StatsEtherChipSet:
-      ignore: true
-    dot3StatsDuplexStatus:
-      type: EnumAsStateSet
-    lldpLocPortIdSubtype:
-      type: EnumAsInfo
-    lldpRemPortIdSubtype:
-      type: EnumAsInfo
-...

group_vars/pve/pve_auth.yml

@@ -1,31 +0,0 @@
----
-pve_auth__groups:
-  admin:
-    - Administrator
-
-pve_auth__pam_users:
-  root:
-    enabled: false
-
-pve_auth__users:
-  elkmaennchen:
-    password: "{{ vault_pve_passwords.elkmaennchen }}"
-    groups:
-      - admin
-  jeltz:
-    password: "{{ vault_pve_passwords.jeltz }}"
-    groups:
-      - admin
-  korenstin:
-    password: "{{ vault_pve_passwords.korenstin }}"
-    groups:
-      - admin
-  otthorn:
-    password: "{{ vault_pve_passwords.otthorn }}"
-    groups:
-      - admin
-  v-lafeychine:
-    password: "{{ vault_pve_passwords['v-lafeychine'] }}"
-    groups:
-      - admin
-...

group_vars/radius/freeradius.yml

@@ -1,17 +0,0 @@
----
-radiusd__guest_vlan: 1000
-
-radiusd__clients:
-  localhost:
-    addr: 127.0.0.1
-    secret: abcdef
-    type: aurore
-  wifi-ap-v4:
-    addr: 10.102.0.0/16
-    secret: abcdef
-    type: aurore
-  wifi-ap-v6:
-    addr: 2a09:6840:102::/56
-    secret: abcdef
-    type: aurore
-...

group_vars/reverseproxy.yml

@@ -1,12 +0,0 @@
----
-loc_nginx:
-  servers: []
-
-glob_reverseproxy:
-  redirect_dnames:
-    - aurores.net
-    - fede-aurore.net
-
-  reverseproxy_sites: []
-
-  redirect_sites: []

group_vars/router/prometheus.yml

@@ -1,3 +0,0 @@
----
-prometheus_keepalived__dest: /var/run/prometheus-node-exporter/keepalived.prom
-... 

group_vars/routeur.yml

@@ -1,3 +0,0 @@
----
-rsyslog_high_density: true
-...

group_vars/switch.yml

@@ -1,12 +0,0 @@
----
-glob_switch:
-  loop_protect:
-    port_disable_timer_in_seconds: 30
-    transmit_interval_in_seconds: 3
-  sntp:
-    operation_mode: SNTP_UNICAST_MODE
-    poll_interval: 720
-    servers:
-      - ip: 10.206.1.5
-        priority: 1
-...

group_vars/vpn/bird.yml

@@ -1,60 +0,0 @@
----
-bird__tables:
-  - wg
-
-bird__kernel:
-  kernel:
-    learn: true
-    import: accept
-    export: accept
-  vrf:
-    learn: true
-    import:
-      sources:
-        - "{{ iproute2__custom_protos.wireguard }}"
-    export: accept
-    table: wg
-    kernel: "{{ iproute2__custom_tables.wireguard }}"
-
-bird__ospf:
-  limits:
-    import: 4000
-    export: 4000
-  table: wg
-  import: accept
-  export:
-    sources:
-      - "{{ iproute2__custom_protos.wireguard }}"
-  areas:
-    1:
-      broadcast:
-        - vpn0
-
-bird__bgp:
-  infra1:
-    local:
-      address: "{{ bird__bgp_addr.vpn }}"
-      as: "{{ bird__as.aurore }}"
-    neighbor:
-      address:
-        - 2a09:6840:213::1:1
-        - 10.213.1.1
-      as: "{{ bird__as.aurore }}"
-    table: wg
-    import: accept
-    export: reject
-    next_hop_self: true
-  infra2:
-    local:
-      address: "{{ bird__bgp_addr.vpn }}"
-      as: "{{ bird__as.aurore }}"
-    neighbor:
-      address:
-        - 2a09:6840:213::1:2
-        - 10.213.1.2
-      as: "{{ bird__as.aurore }}"
-    table: wg
-    import: accept
-    export: reject
-    next_hop_self: true
-...

group_vars/vpn/ifupdown2.yml

@@ -1,16 +0,0 @@
----
-ifupdown2__vrf:
-  wg-vrf:
-    table: "{{ iproute2__custom_tables.wireguard }}"
-
-ifupdown2__wireguard:
-  wg0:
-    private_key: "{{ vault_wireguard_wg0_private }}"
-    listen_port: 5121
-    vrf: wg-vrf
-    table: "{{ iproute2__custom_tables.wireguard }}"
-    peer_allowed_addresses:
-      - 2a09:6840:212::1:1/128
-      - 10.212.1.1/32
-    peer_public_key: 0kP/XjaGOpu4p9KHTAoAhkLwXzC8wJUdPIdhdpgeKhY=
-...

group_vars/vpn/iproute2.yml

@@ -1,7 +0,0 @@
----
-iproute2__custom_tables:
-  wireguard: 2000
-
-iproute2__custom_protos:
-  wireguard: 200
-...

host_vars/caradoc.adm.auro.re.yml

@@ -1,12 +0,0 @@
----
-borg_keep_hourly: 6
-borg_keep_daily: 7
-borg_keep_weekly: 4
-borg_keep_monthly: 12
-borg_backup_directories:
-  - "/etc"
-  - "/var"
-  - "/data_nextcloud"
-  - "/data_gitea"
-  - "/data_mail"
-...

host_vars/collabora.ext.infra.auro.re.yml

@@ -1,22 +0,0 @@
----
-systemd_link__links:
-  pub0: ae:ae:ae:2C:60:35
-
-ifupdown2__interfaces:
-  pub0:
-    addresses:
-      - 2a09:6840:128::220/64
-      - 10.128.0.220/16
-    gateways: "{{ ifupdown2__gateways.adm }}"
-
-collabora__server_name: office.auro.re
-
-collabora__post_allow_addrs:
-  - 2a09:6840:215::1:1
-  - 45.66.111.206
-
-collabora__wopi_groups:
-  - host: https://cloud.auro.re:443
-    aliases:
-      - https://nextcloud.auro.re:443
-...

host_vars/dhcp-1.isp.infra.auro.re.yml

@@ -1,47 +0,0 @@
----
-systemd_link__links:
-  isp0: 02:00:00:c6:3f:6f
-  trunk0: 02:00:00:b1:8d:d6
-
-ifupdown2__interfaces:
-  isp0:
-    addresses:
-      - 2a09:6840:210::1:1/64
-      - 10.210.1.1/16
-    gateways: "{{ ifupdown2__gateways.isp }}"
-  trunk0:
-    ipv6_addrgen: false
-  clients0:
-    bridge_vlan_aware: true
-    bridge_ports:
-      - trunk0
-    bridge_vids:
-      - 1000-1004
-    bridge_disable_pvid: true
-    ipv6_addrgen: false
-  client0:
-    addresses:
-      - 100.64.0.2/27
-    vlan_id: 1000
-    vlan_raw_device: clients0
-  client1:
-    addresses:
-      - 100.64.0.34/27
-    vlan_id: 1001
-    vlan_raw_device: clients0
-  client2:
-    addresses:
-      - 100.64.0.66/27
-    vlan_id: 1002
-    vlan_raw_device: clients0
-  client3:
-    addresses:
-      - 100.64.0.98/27
-    vlan_id: 1003
-    vlan_raw_device: clients0
-  client4:
-    addresses:
-      - 100.64.0.130/27
-    vlan_id: 1004
-    vlan_raw_device: clients0
-...

host_vars/dhcp-2.isp.infra.auro.re.yml

@@ -1,47 +0,0 @@
----
-systemd_link__links:
-  isp0: 04:00:00:8c:d1:36
-  trunk0: 04:00:00:33:2c:3c
-
-ifupdown2__interfaces:
-  isp0:
-    addresses:
-      - 2a09:6840:210::1:2/64
-      - 10.210.1.2/16
-    gateways: "{{ ifupdown2__gateways.isp }}"
-  trunk0:
-    ipv6_addrgen: false
-  clients0:
-    bridge_vlan_aware: true
-    bridge_ports:
-      - trunk0
-    bridge_vids:
-      - 1000-1004
-    bridge_disable_pvid: true
-    ipv6_addrgen: false
-  client0:
-    addresses:
-      - 100.64.0.3/27
-    vlan_id: 1000
-    vlan_raw_device: clients0
-  client1:
-    addresses:
-      - 100.64.0.35/27
-    vlan_id: 1001
-    vlan_raw_device: clients0
-  client2:
-    addresses:
-      - 100.64.0.67/27
-    vlan_id: 1002
-    vlan_raw_device: clients0
-  client3:
-    addresses:
-      - 100.64.0.99/27
-    vlan_id: 1003
-    vlan_raw_device: clients0
-  client4:
-    addresses:
-      - 100.64.0.131/27
-    vlan_id: 1004
-    vlan_raw_device: clients0
-...

host_vars/dns-1.int.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  int0: 02:00:00:9f:d9:f9
-
-ifupdown2__interfaces:
-  int0:
-    addresses:
-      - 2a09:6840:206::1:1/64
-      - 10.206.1.1/16
-    gateways: "{{ ifupdown2__gateways.int }}"
-...

host_vars/dns-2.int.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  int0: 04:00:00:3c:c0:5a
-
-ifupdown2__interfaces:
-  int0:
-    addresses:
-      - 2a09:6840:206::1:2/64
-      - 10.206.1.2/16
-    gateways: "{{ ifupdown2__gateways.int }}"
-...

host_vars/edge-1.back.infra.auro.re.yml

@@ -1,39 +0,0 @@
----
-systemd_link__links:
-  adm0: 02:00:00:9E:3E:21
-  crans0: 02:00:00:A2:7C:68
-  zayo0: 02:00:00:35:89:82
-  rezel0: 02:00:00:8F:4A:AD
-  back0: 02:00:00:1C:3A:2E
-  viarezo0: 02:00:00:ED:70:64
-  router0: 02:00:00:5A:17:7C
-  oti0: 02:00:00:05:0E:A6
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::10:2/64
-      - 10.128.10.2/16
-  crans0:
-    ipv6_addrgen: false
-  zayo0:
-    ipv6_addrgen: false
-  rezel0:
-    addresses:
-      - 2a09:6842:19:9116::1/64
-      - 45.66.111.1/29
-  back0:
-    addresses:
-      - 2a09:6840:203::1:1/64
-      - 10.203.1.1/16
-  viarezo0:
-    addresses:
-      - 2a0c:b641:2ff::6/125
-      - 192.159.121.133/29
-  router0:
-    addresses:
-      - 2a09:6840:129::10:2/56
-      - 10.129.10.2/16
-  oti0:
-    ipv6_addrgen: false
-...

host_vars/edge-2.back.infra.auro.re.yml

@@ -1,39 +0,0 @@
----
-systemd_link__links:
-  adm0: 04:00:00:F5:69:B9
-  crans0: 04:00:00:CF:E1:D0
-  zayo0: 04:00:00:67:7B:12
-  rezel0: 04:00:00:C6:05:B7
-  back0: 04:00:00:DE:22:E6
-  viarezo0: 04:00:00:45:FA:E6
-  router0: 04:00:00:AD:D7:71
-  oti0: 02:00:00:05:0E:A6
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::10:102/64
-      - 10.128.10.102/16
-  crans0:
-    ipv6_addrgen: false
-  zayo0:
-    ipv6_addrgen: false
-  rezel0:
-    addresses:
-      - 2a09:6842:19:9116::3/64
-      - 45.66.111.3/29
-  back0:
-    addresses:
-      - 2a09:6840:203::1:2/64
-      - 10.203.1.2/16
-  viarezo0:
-    addresses:
-      - 2a0c:b641:2ff::7/125
-      - 192.159.121.134/29
-  router0:
-    addresses:
-      - 2a09:6840:129::10:102/56
-      - 10.129.10.102/16
-  oti0:
-    ipv6_addrgen: false
-...

host_vars/infra-1.back.infra.auro.re.yml

@@ -1,63 +0,0 @@
----
-systemd_link__links:
-  ups0: 02:00:00:fe:6f:0e
-  back0: 02:00:00:f8:93:22
-  monit0: 02:00:00:da:97:7f
-  wifi0: 02:00:00:8c:c5:bf
-  int0: 02:00:00:75:40:3e
-  sw0: 02:00:00:ca:e8:d1
-  bmc0: 02:00:00:47:d1:b9
-  pve0: 02:00:00:b3:35:e7
-  isp0: 02:00:00:6b:53:14
-  ext0: 02:00:00:32:86:60
-  vpn0: 02:00:00:52:5f:85
-  th30: 02:00:00:23:a7:d3
-  pub0: 02:00:00:7d:34:06
-
-ifupdown2__interfaces:
-  back0:
-    addresses:
-      - 2a09:6840:203::1:3/64
-      - 10.203.1.3/16
-      - 45.66.111.210/32 # secondary
-  ups0:
-    ipv6_addrgen: false
-  monit0:
-    ipv6_addrgen: false
-  wifi0:
-    ipv6_addrgen: false
-  int0:
-    ipv6_addrgen: false
-  sw0:
-    ipv6_addrgen: false
-  bmc0:
-    ipv6_addrgen: false
-  pve0:
-    ipv6_addrgen: false
-  isp0:
-    ipv6_addrgen: false
-  ext0:
-    ipv6_addrgen: false
-  pub0:
-    ipv6_addrgen: false
-  vpn0:
-    addresses:
-      - 2a09:6840:213::1:1/64
-      - 10.213.1.1/16
-  th30:
-    ipv6_addrgen: false
-
-bird__router_id: 10.203.1.3
-
-bird__bgp_addr:
-  back:
-    - 2a09:6840:203::1:3
-    - 10.203.1.3
-  vpn:
-    - 2a09:6840:213::1:1
-    - 10.213.1.1
-
-bird__pref_src_addr:
-  - 2a09:6840:203::1:3
-  - 45.66.111.210
-...

host_vars/infra-2.back.infra.auro.re.yml

@@ -1,63 +0,0 @@
----
-systemd_link__links:
-  ups0: 04:00:00:6d:97:83
-  back0: 04:00:00:46:ba:f9
-  monit0: 04:00:00:72:0b:2d
-  wifi0: 04:00:00:ee:42:0f
-  int0: 04:00:00:21:fd:d0
-  sw0: 04:00:00:2e:5b:16
-  bmc0: 04:00:00:bb:5a:a6
-  pve0: 04:00:00:0b:2b:82
-  isp0: 04:00:00:f4:4c:5d
-  ext0: 04:00:00:1d:0e:83
-  vpn0: 04:00:00:02:ba:dd
-  th30: 04:00:00:9e:8d:4f
-  pub0: 04:00:00:f8:3b:9b
-
-ifupdown2__interfaces:
-  back0:
-    addresses:
-      - 2a09:6840:203::1:4/64
-      - 10.203.1.4/16
-      - 45.66.111.211/32 # secondary
-  ups0:
-    ipv6_addrgen: false
-  monit0:
-    ipv6_addrgen: false
-  wifi0:
-    ipv6_addrgen: false
-  int0:
-    ipv6_addrgen: false
-  sw0:
-    ipv6_addrgen: false
-  bmc0:
-    ipv6_addrgen: false
-  pve0:
-    ipv6_addrgen: false
-  isp0:
-    ipv6_addrgen: false
-  ext0:
-    ipv6_addrgen: false
-  vpn0:
-    addresses:
-      - 2a09:6840:213::1:2/64
-      - 10.213.1.2/16
-  th30:
-    ipv6_addrgen: false
-  pub0:
-    ipv6_addrgen: false
-
-bird__router_id: 10.203.1.4
-
-bird__bgp_addr:
-  back:
-    - 2a09:6840:203::1:4
-    - 10.203.1.4
-  vpn:
-    - 2a09:6840:213:1:2
-    - 10.213.1.2
-
-bird__pref_src_addr:
-  - 2a09:6840:203::1:4
-  - 45.66.111.211
-...

host_vars/isp-1.back.infra.auro.re.yml

@@ -1,59 +0,0 @@
----
-systemd_link__links:
-  adm0: 02:00:00:D8:37:45
-  back0: 02:00:00:BF:10:4C
-  trunk0: 02:00:00:E9:BA:15
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::10:5/64
-      - 10.128.10.5/16
-    gateways: "{{ ifupdown2__gateways.adm }}"
-  back0:
-    addresses:
-      - 2a09:6840:203::1:5/64
-      - 45.66.111.211/32
-      - 10.203.1.5/16
-  trunk0:
-    ipv6_addrgen: false
-  clients0:
-    bridge_vlan_aware: true
-    bridge_ports:
-      - trunk0
-    bridge_vids:
-      - 1000-1004
-    bridge_disable_pvid: true
-    ipv6_addrgen: false
-  client0:
-    vlan_id: 1000
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client1:
-    vlan_id: 1001
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client2:
-    vlan_id: 1002
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client3:
-    vlan_id: 1003
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client4:
-    vlan_id: 1004
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-
-bird__router_id: 10.203.1.5
-
-bird__bgp_addr:
-  back:
-    - 2a09:6840:203::1:5
-    - 10.203.1.5
-
-bird__pref_src_addr:
-  - 2a09:6840:203::1:5
-  - 45.66.111.211
-...

host_vars/isp-2.back.infra.auro.re.yml

@@ -1,47 +0,0 @@
----
-systemd_link__links:
-  adm0: 04:00:00:85:C3:5D
-  back0: 04:00:00:FE:2D:67
-  trunk0: 04:00:00:D8:F5:4D
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::10:105/64
-      - 10.128.10.105/16
-    gateways: "{{ ifupdown2__gateways.adm }}"
-  back0:
-    addresses:
-      - 2a09:6840:203::1:6/64
-      - 10.203.1.6/16
-  trunk0:
-    ipv6_addrgen: false
-  clients0:
-    bridge_vlan_aware: true
-    bridge_ports:
-      - trunk0
-    bridge_vids:
-      - 1000-1004
-    bridge_disable_pvid: true
-    ipv6_addrgen: false
-  client0:
-    vlan_id: 1000
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client1:
-    vlan_id: 1001
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client2:
-    vlan_id: 1002
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client3:
-    vlan_id: 1003
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-  client4:
-    vlan_id: 1004
-    vlan_raw_device: clients0
-    ipv6_addrgen: false
-...

host_vars/ldap-1.int.infra.auro.re.yml

@@ -1,16 +0,0 @@
----
-systemd_link__links:
-  adm0: 02:00:00:38:c2:52
-  int0: 02:00:00:fe:a8:54
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::10:8/64
-      - 10.128.10.8/16
-  int0:
-    addresses:
-      - 2a09:6840:206::1:3/64
-      - 10.206.1.7/16
-    gateways: "{{ ifupdown2__gateways.int }}"
-...

host_vars/ldap-2.int.infra.auro.re.yml

@@ -1,16 +0,0 @@
----
-systemd_link__links:
-  adm0: 04:00:00:f7:1c:47
-  int0: 04:00:00:e4:83:d2
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::10:108/64
-      - 10.128.10.108/16
-  int0:
-    addresses:
-      - 2a09:6840:206::1:4/64
-      - 10.206.1.8/16
-    gateways: "{{ ifupdown2__gateways.int }}"
-...

host_vars/log.adm.auro.re.yml

@@ -1,16 +0,0 @@
----
-borg_backup_directories:
-  - "/etc/"
-  - "/var/"
-borg_backup_exclude: []
-
-rsyslog_collector_base_dir: /var/log/remote
-rsyslog_inputs:
-  - proto: relp
-    port: 20514
-  - proto: udp
-    port: 514
-  - proto: tcp
-    port: 6514
-rsyslog_outputs: []
-...

host_vars/mx.test.infra.auro.re.yml

@@ -1,38 +0,0 @@
----
-dovecot__auth_default_realm: test.auro.re
-dovecot__auth_users:
-  jeltz@test.auro.re: "{plain}password"
-  lafeych@test.auro.re: "{plain}password"
-  toto@test.auro.re: "{plain}password"
-  root@test.auro.re: "{plain}L9yXSrCbbafMlMls5q7WWMKC612XNbXL"
-dovecot__lmtp_postmaster_address: postmaster@test.auro.re
-
-ifupdown2__interfaces:
-  ext0:
-    addresses:
-      - 2a09:6840:211::1:5/64
-      - 10.211.1.5/16
-      - 45.66.111.208/30
-    gateways: "{{ ifupdown2__gateways.ext }}"
-
-postfix__hostname: mx.test.auro.re
-
-postfix__sasl_local_domain: test.auro.re
-
-postfix__virtual_aliases:
-  postmaster@test.auro.re: root@test.auro.re
-  dmarc@test.auro.re: root@test.auro.re
-
-postfix__virtual_mailbox_domains:
- - infra.test.auro.re
- - test.auro.re
-
-postfix__virtual_mailboxes:
-  jeltz@test.auro.re: jeltz@test.auro.re
-  root@test.auro.re: root@test.auro.re
-  toto@test.auro.re: toto@test.auro.re
-  vincent.lafeychine@test.auro.re: lafeych@test.auro.re
-
-systemd_link__links:
-  ext0: ae:ae:ae:1d:c8:b2
-...

host_vars/ns-1.pub.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  pub0: 02:00:00:ad:62:64
-
-ifupdown2__interfaces:
-  pub0:
-    addresses:
-      - 2a09:6840:215::1:2/64
-      - 45.66.111.205/27
-    gateways: "{{ ifupdown2__gateways.pub }}"
-...

host_vars/ns-2.pub.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  pub0: 04:00:00:1b:0a:3a
-
-ifupdown2__interfaces:
-  pub0:
-    addresses:
-      - 2a09:6840:215::1:3/64
-      - 45.66.111.207/27
-    gateways: "{{ ifupdown2__gateways.pub }}"
-...

host_vars/ns-3.ovh.infra.auro.re.yml

@@ -1,29 +0,0 @@
----
-systemd_link__links:
-  adm0: 96:77:96:91:e3:6c
-  ovh0: 02:00:00:97:78:6d
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::109/64
-      - 10.128.0.109/16
-  ovh0:
-    addresses:
-      - 92.222.211.194/24
-    gateways: "{{ ifupdown2__gateways.ovh }}"
-
-# TODO: remove as soon as the VPN works
-knotd__remotes:
-  xfr-master:
-    address: 2a09:6840:128::110
-    key: xfr
-
-knotd__acl:
-  notify-master:
-    address:
-      - 2a09:6840:128::110
-      - 10.128.0.110
-    key: xfr
-    action: notify
-...

host_vars/ns-master.int.infra.auro.re/knotd.yml

@@ -1,617 +0,0 @@
----
-knotd__listen:
-  - address: 0.0.0.0
-  - address: "::"
-
-knotd__keys:
-  xfr:
-    algorithm: hmac-sha512
-    secret: "{{ vault_knotd_xfr_key }}"
-  ksk-infra:
-    algorithm: hmac-sha512
-    secret: "{{ vault_knotd_ksk_infra_key }}"
-  update-acme-challenge:
-    algorithm: hmac-sha512
-    secret: "{{ vault_certbot_dns_secret }}"
-
-knotd__remotes:
-  xfr-ns-1:
-    address: 2a09:6840:215::1:2
-    key: xfr
-  xfr-ns-2:
-    address: 2a09:6840:215::1:3
-    key: xfr
-  xfr-ns-3:
-    address: 10.128.0.109
-    key: xfr
-  ksk-infra:
-    address: ::1
-    key: ksk-infra
-
-knotd__policies:
-  public:
-    algorithm: ECDSAP256SHA256
-    reproducible_signing: true
-    # Je n'ai pas trouvé de façon de pousser les records automatiquement
-    # sur .re, donc pour éviter d'oublier de le faire manuellement, la
-    # KSK n'expire pas
-    ksk_lifetime: 0
-    zsk_lifetime: 30d
-    nsec3: true
-  infra:
-    algorithm: ECDSAP256SHA256
-    ksk_lifetime: 365d
-    zsk_lifetime: 30d
-    nsec3: on
-    ds-push: ksk-infra
-    cds-cdnskey-publish: rollover
-    ksk-submission: infra
-  ripe:
-    algorithm: ECDSAP256SHA256
-    ksk_lifetime: 365d
-    zsk_lifetime: 30d
-    nsec3: on
-    ds-push: ksk-ripe
-    cds-cdnskey-publish: rollover
-    ksk-submission: ripe
-
-knotd__acl:
-  xfr:
-    addresses:
-      - 2a09:6840:128::109
-      - 10.128.0.109
-      - 2a09:6840:215::1:2
-      - 45.66.111.205
-      - 2a09:6840:215::1:3
-      - 45.66.111.207
-    action: transfer
-    key: xfr
-  ksk-infra:
-    addresses:
-      - 127.0.0.1
-      - ::1
-    key: ksk-infra
-    action: update
-    update_types:
-      - DS
-    update_owner: name
-    update_owner_match: equal
-    update_owner_name:
-      - infra
-  update-acme-challenge:
-    addresses:
-      - 10.128.0.0/16
-      - 2a09:6840:128::/48
-    key: update-acme-challenge
-    action: update
-    update_types:
-      - TXT
-    update_owner: name
-    update_owner_match: equal
-    update_owner_name:
-      - _acme-challenge.auro.re.
-
-knotd__queryacl:
-  local:
-    addresses:
-      - 10.0.0.0/8
-
-knotd__soa_rname: root@auro.re.
-
-knotd__hosts:
-  auro.re:
-    proxy-ovh:
-      - 92.222.211.195
-    horus:
-      - 92.23.218.136
-    ns-1:
-      - 45.66.111.205
-      - 2a09:6840:215::1:2
-    ns-2:
-      - 92.222.211.194
-    serge:
-      - 92.222.211.196
-    lama:
-      - 185.230.78.220
-      - 2a0c:700:12:0:67:e5ff:fee9:108
-    vpn-ovh:
-      - 92.222.211.197
-    passerelle:
-      - 45.66.111.254
-      - 2a09:6840:111::254
-    proxy:
-      - 45.66.111.61
-      - 2a09:6840:111::61
-    camelot:
-      - 45.66.111.59
-      - 2a09:6840:111::59
-    mail:
-      - 45.66.111.62
-      - 2a09:6840:111::62
-    galene:
-      - 45.66.111.65
-      - 2a09:6840:111::65
-    aclyas:
-      - 45.66.111.231
-      - 2a09:6840:111::231
-    jitsi:
-      - 45.66.111.55
-      - 2a09:6840:111::55
-    jitsi-ng:
-      - 45.66.111.216
-      - 2a09:6840:215::1:216
-    portail-fleming:
-      - 10.13.0.247
-      - 2a09:6840:13::247
-    portail-pacaterie:
-      - 10.23.0.247
-      - 2a09:6840:23::247
-    portail-rives:
-      - 10.33.0.247
-      - 2a09:6840:33::247
-    portail-edc:
-      - 10.43.0.247
-      - 2a09:6840:43::247
-    portail-gs:
-      - 10.53.0.247
-      - 2a09:6840:53::247
-
-  adh.auro.re:
-    paon:
-      - 45.66.110.10
-      - 2a09:6840:110:0:231:92ff:fe1b:ae22
-    lyshyga0:
-      - 45.66.110.113
-      - 2a09:6840:110:0:6af7:28ff:fe91:e8d9
-    pz28910:
-      - 45.66.110.114
-    vinsing0:
-      - 45.66.110.123
-      - 2a09:6840:110:0:1e1b:dff:fe90:7d81
-    osc-routeur:
-      - 45.66.110.125
-      - 2a09:6840:110:0:ba27:ebff:fe2d:c1a1
-    odroid:
-      - 45.66.110.154
-      - 2a09:6840:110:0:21e:6ff:fe49:e00
-    amau0:
-      - 45.66.110.164
-      - 2a09:6840:110:0:3e7c:3fff:fec3:27d1
-    regulus:
-      - 45.66.110.180
-      - 2a09:6840:110:0:2ef0:5dff:fe2a:1530
-    toaster:
-      - 45.66.110.188
-      - 2a09:6840:110:0:5246:5dff:fe9a:f70
-    rpijutax:
-      - 45.66.110.190
-      - 2a09:6840:110:0:ba27:ebff:fe76:a9bc
-    polaris:
-      - 45.66.110.245
-      - 2a09:6840:110:0:dea6:32ff:feb4:d033
-    lafeychine:
-      - 92.91.154.45
-
-  infra.auro.re:
-    services-1.ceph:
-      - 2a09:6840:214::1:1
-      - 10.214.1.1
-    services-2.ceph:
-      - 2a09:6840:214::1:2
-      - 10.214.1.2
-    services-3.ceph:
-      - 2a09:6840:209::1:3
-      - 10.214.1.3
-    services-1.pve:
-      - 2a09:6840:209::2:1
-      - 10.209.2.1
-    services-2.pve:
-      - 2a09:6840:209::2:2
-      - 10.209.2.2
-    network-1.pve:
-      - 2a09:6840:209::1:1
-      - 10.209.1.1
-    network-2.pve:
-      - 2a09:6840:209::1:2
-      - 10.209.1.2
-    services-3.pve:
-      - 2a09:6840:209::2:3
-      - 10.209.2.3
-    caradoc.bmc:
-      - 2a09:6840:208::1:1
-      - 10.208.1.1
-    services-1.bmc:
-      - 2a09:6840:208::1:2
-      - 10.208.1.2
-    services-2.bmc:
-      - 2a09:6840:208::1:3
-      - 10.208.1.3
-    services-3.bmc:
-      - 2a09:6840:208::1:4
-      - 10.208.1.4
-    perceval.bmc:
-      - 2a09:6840:208::1:5
-      - 10.208.1.5
-    chapalux.bmc:
-      - 2a09:6840:208::1:6
-      - 10.208.1.6
-    loki.bmc:
-      - 2a09:6840:208::1:7
-      - 10.208.1.7
-    network-1.bmc:
-      - 2a09:6840:208::1:8
-      - 10.208.1.8
-    network-2.bmc:
-      - 2a09:6840:208::1:9
-      - 10.208.1.9
-    escalope.bmc:
-      - 2a09:6840:208::1:10
-      - 10.208.1.10
-    edge-1.back:
-      - 2a09:6840:203::1:1
-      - 10.203.1.1
-    edge-2.back:
-      - 2a09:6840:203::1:2
-      - 10.203.1.2
-    isp-1.back:
-      - 2a09:6840:203::1:5
-      - 10.203.1.5
-    isp-2.back:
-      - 2a09:6840:203::1:6
-      - 10.203.1.6
-    infra-1.back:
-      - 2a09:6840:203::1:3
-      - 10.203.1.3
-    infra-2.back:
-      - 2a09:6840:203::1:4
-      - 10.203.1.4
-    ns-master.int:
-      - 2a09:6840:128:0::110
-      - 10.128.0.110
-    log-1.int:
-      - 2a09:6840:206::1:9
-      - 10.206.1.9
-    log-2.int:
-      - 2a09:6840:206::1:10
-      - 10.206.1.10
-    dns-1.int:
-      - 2a09:6840:206::1:1
-      - 10.206.1.1
-    dns-2.int:
-      - 2a09:6840:206::1:2
-      - 10.206.1.2
-    nis2.int:
-      - 2a09:6840:206::2:1
-      - 10.206.2.1
-    ldap-1.int:
-      - 10.128.10.8
-      - 2a09:6840:128::10:8
-    ldap-2.int:
-      - 10.128.10.108
-      - 2a09:6840:128::10:108
-    ntp-1.int:
-      - 2a09:6840:206::1:5
-      - 10.206.1.5
-    ntp-2.int:
-      - 2a09:6840:206::1:6
-      - 10.206.1.6
-    wg-1.vpn:
-      - 2a09:6840:213::1:3
-      - 10.213.1.3
-    wg-2.vpn:
-      - 2a09:6840:213::1:4
-      - 10.213.1.4
-    dhcp-1.isp:
-      - 2a09:6840:210::1:1
-      - 10.210.1.1
-    dhcp-2.isp:
-      - 2a09:6840:210::1:2
-      - 10.210.1.2
-    radius-1.isp:
-      - 2a09:6840:210::1:3
-      - 10.210.1.3
-    radius-2.isp:
-      - 2a09:6840:210::1:4
-      - 10.210.1.4
-    prometheus-1.monit:
-      - 2a09:6840:204::1:1
-      - 10.204.1.1
-    prometheus-2.monit:
-      - 2a09:6840:204::1:2
-      - 10.204.1.2
-    ff-1.core.sw:
-      - 10.207.1.1
-    ff-2.core.sw:
-      - 10.207.1.2
-    fl-1.core.sw:
-      - 10.207.1.3
-    fl-2.core.sw:
-      - 10.207.1.4
-    fd-1.core.sw:
-      - 10.207.1.5
-    ff-3.core.sw:
-      - 10.207.1.6
-    gk-1.core.sw:
-      - 10.207.2.1
-    eb-1.core.sw:
-      - 10.207.3.1
-    r3-1.core.sw:
-      - 10.207.4.1
-    eb-1.ups:
-      - 2a09:6840:201::3:1
-      - 10.201.3.1
-    ec-1.ups:
-      - 2a09:6840:201::3:2
-      - 10.201.3.2
-    mx.test:
-      - 2a09:6840:211::1:5
-      - 10.211.1.5
-    collabora.ext:
-      - 2a09:6840:211::1:1
-      - 10.211.1.1
-    grafana.ext:
-      - 2a09:6840:211::1:7
-      - 10.211.1.7
-    proxy.pub:
-      - 2a09:6840:215::1:1
-      - 45.66.111.206
-    ns-1.pub:
-      - 2a09:6840:215::1:2
-      - 45.66.111.205
-    ns-2.pub:
-      - 2a09:6840:215::1:3
-      - 45.66.111.207
-    ns-3.ovh:
-      - 92.222.211.194
-    tor.pub:
-      - 45.66.111.215
-      - 2a09:6840:215::1:215
-    jitsi.pub:
-      - 45.66.111.216
-      - 2a09:6840:215::1:216
-
-knotd__zones:
-  auro.re:
-    dnssec_policy: public
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - update-acme-challenge
-      - ksk-infra
-      - xfr
-    soa:
-      mname: ns-master.int.infra
-    ns:
-      - target:
-          - ns-1.pub.infra
-          - ns-2.pub.infra
-      - name: infra
-        target:
-          - ns-1.pub.infra
-          - ns-2.pub.infra
-      - name: test
-        target:
-          - ns-1.pub.infra
-          - ns-2.pub.infra
-      - name: adm
-        target:
-          - serge
-          - lama
-      - name: ups
-        target:
-          - serge
-          - lama
-      - name: switch
-        target:
-          - serge
-          - lama
-      - name: borne
-        target:
-          - serge
-          - lama
-    mx:
-      - exchange: mail
-        preference: 5
-      - exchange: proxy-ovh
-        preference: 10
-    txt:
-      - data: v=spf1 mx -all
-    a:
-      - address: 92.222.211.195
-    cname:
-      - name:
-          - gisti
-          - gistiti
-        target: jitsi
-      - name:
-          - element
-          - riot
-          - auth
-          - rss
-          - codimd
-          - hedgedoc
-          - grist
-          - kanboard
-          - www
-          - pad
-          - privatebin
-          - zero
-          - paste
-        target: proxy-ovh
-      - name:
-          - grafana
-          - grafana-ng
-          - nextcloud
-          - cloud
-          - office
-        target: proxy.pub.infra
-      - name:
-          - netbox
-          - wiki
-          - matrix
-          - drone
-          - gitea
-          - re2o
-          - vote
-        target: proxy
-      - name: intranet
-        target: re2o
-      - name:
-          - smtp
-          - imap
-        target: mail
-      - name:
-          - prometheus-paul.adh
-          - pma-paul.adh
-          - nextcloud-paul.adh
-          - grafana-paul.adh
-          - jellyfin.adh
-          - monitoring.adh
-          - beta-mpp.adh
-          - pz28.adh
-        target: lucepaul.myvnc.com.
-      - name:
-          - services-1.pve
-        target: services-1.pve.infra
-      - name:
-          - services-2.pve
-        target: services-2.pve.infra
-      - name:
-          - services-3.pve
-        target: services-3.pve.infra
-    hosts: "{{ knotd__hosts['auro.re']
-               | combine(knotd__hosts['adh.auro.re']
-                         | add_origin_keys('adh.auro.re.')) }}"
-  test.auro.re:
-    dnssec_policy: public
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - xfr
-    soa:
-      mname: ns-master.int.infra.auro.re.
-    txt:
-      - data: v=spf1 mx -all
-      - name: _dmarc
-        data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
-    ns:
-      - target:
-          - ns-1.pub.infra.auro.re.
-          - ns-2.pub.infra.auro.re.
-    mx:
-      - exchange: mx
-        preference: 5
-    cname:
-      - name:
-          - www1
-          - www2
-          - www3
-        target: proxy.pub.infra.auro.re.
-    hosts:
-      mx:
-        - 2a09:6840:211::1:5
-        - 45.66.111.205
-  infra.auro.re:
-    dnssec_policy: infra
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - xfr
-    #queryacl: local
-    soa:
-      mname: ns-master.int
-    ns:
-      - target:
-          - ns-1.pub.infra.auro.re.
-          - ns-2.pub.infra.auro.re.
-    hosts: "{{ knotd__hosts['infra.auro.re'] }}"
-
-  108.66.45.in-addr.arpa:
-    dnssec_policy: ripe
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - xfr
-    soa:
-      mname: ns-master.int.infra.auro.re.
-    ns:
-      - target:
-          - ns-1.pub.infra.auro.re.
-          - ns-2.pub.infra.auro.re.
-  109.66.45.in-addr.arpa:
-    dnssec_policy: ripe
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - xfr
-    soa:
-      mname: ns-master.int.infra.auro.re.
-    ns:
-      - target:
-          - ns-1.pub.infra.auro.re.
-          - ns-2.pub.infra.auro.re.
-  110.66.45.in-addr.arpa:
-    dnssec_policy: ripe
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - xfr
-    soa:
-      mname: ns-master.int.infra.auro.re.
-    ns:
-      - target:
-          - ns-1.pub.infra.auro.re.
-          - ns-2.pub.infra.auro.re.
-    reverse_hosts: "{{ knotd__hosts['adh.auro.re']
-                       | ip_filter(['45.66.110.0/24'])
-                       | add_origin_keys('adh.auro.re.') }}"
-  111.66.45.in-addr.arpa:
-    dnssec_policy: ripe
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - xfr
-    soa:
-      mname: ns-master.int.infra.auro.re.
-    ns:
-      - target:
-          - ns-1.pub.infra.auro.re.
-          - ns-2.pub.infra.auro.re.
-    reverse_hosts: "{{ knotd__hosts['auro.re']
-                       | ip_filter(['45.66.111.0/24'])
-                       | add_origin_keys('auro.re.') }}"
-  0.4.8.6.9.0.a.2.ip6.arpa:
-    dnssec_policy: ripe
-    notify:
-      - xfr-ns-1
-      - xfr-ns-2
-      - xfr-ns-3
-    acl:
-      - xfr
-    soa:
-      mname: ns-master.int.infra.auro.re.
-    ns:
-      - target:
-          - ns-1.pub.infra.auro.re.
-          - ns-2.pub.infra.auro.re.
-    reverse_hosts: "{{ knotd__hosts['auro.re']
-                       | ip_filter(['2a09:6840::/32'])
-                       | add_origin_keys('auro.re.')
-                       | combine(knotd__hosts['adh.auro.re']
-                                 | ip_filter(['2a09:6840::/32'])
-                                 | add_origin_keys('adh.auro.re.')) }}"
-...

host_vars/ns-master.int.infra.auro.re/main.yml

@@ -1,16 +0,0 @@
----
-systemd_link__links:
-  int0: 02:00:00:e3:36:c8
-  adm0: 42:17:a7:d1:bd:6a
-
-ifupdown2__interfaces:
-  adm0:
-    addresses:
-      - 2a09:6840:128::110/64
-      - 10.128.0.110/16
-  int0:
-    addresses:
-      - 2a09:6840:206::1:7/64
-      - 10.206.1.7/16
-    gateways: "{{ ifupdown2__gateways.int }}"
-...

host_vars/ntp-1.int.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  int0: 02:00:00:74:71:83
-
-ifupdown2__interfaces:
-  int0:
-    addresses:
-      - 2a09:6840:206::1:5/64
-      - 10.206.1.5/16
-    gateways: "{{ ifupdown2__gateways.int }}"
-...

host_vars/ntp-2.int.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  int0: 04:00:00:31:be:50
-
-ifupdown2__interfaces:
-  int0:
-    addresses:
-      - 2a09:6840:206::1:6/64
-      - 10.206.1.6/16
-    gateways: "{{ ifupdown2__gateways.int }}"
-...

host_vars/perceval.adm.auro.re.yml

@@ -1,3 +0,0 @@
----
-borg_server_backups_dir: /borg
-...

host_vars/portail.adm.auro.re.yml

@@ -1,105 +0,0 @@
----
-loc_nginx:
-  service_name: captive_portal
-  default_server: '$server_addr'
-  default_ssl_server: '$server_addr'
-
-  servers:
-    - server_name:
-        - "10.13.0.247"
-      locations:
-        - filter: "/"
-          params:
-            - "return 302 https://portail-fleming.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - portail-fleming.auro.re
-      locations:
-        - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
-          params:
-            - "proxy_pass http://10.128.0.20"
-            - "include /etc/nginx/snippets/options-proxypass.conf"
-        - filter: "/"
-          params:
-            - "return 302 https://portail-fleming.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - 10.23.0.247
-      locations:
-        - filter: "/"
-          params:
-            - "return 302 https://portail-pacaterie.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - portail-pacaterie.auro.re
-      locations:
-        - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
-          params:
-            - "proxy_pass http://10.128.0.20"
-            - "include /etc/nginx/snippets/options-proxypass.conf"
-        - filter: "/"
-          params:
-            - "return 302 https://portail-pacaterie.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - "10.33.0.247"
-      locations:
-        - filter: "/"
-          params:
-            - "return 302 https://portail-rives.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - portail-rives.auro.re
-      locations:
-        - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
-          params:
-            - "proxy_pass http://10.128.0.20"
-            - "include /etc/nginx/snippets/options-proxypass.conf"
-        - filter: "/"
-          params:
-            - "return 302 https://portail-rives.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - "10.43.0.247"
-      locations:
-        - filter: "/"
-          params:
-            - "return 302 https://portail-edc.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - portail-edc.auro.re
-      locations:
-        - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
-          params:
-            - "proxy_pass http://10.128.0.20"
-            - "include /etc/nginx/snippets/options-proxypass.conf"
-        - filter: "/"
-          params:
-            - "return 302 https://portail-edc.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - "10.53.0.247"
-      locations:
-        - filter: "/"
-          params:
-            - "return 302 https://portail-gs.auro.re/portail/"
-
-    - ssl: auro.re
-      server_name:
-        - portail-gs.auro.re
-      locations:
-        - filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
-          params:
-            - "proxy_pass http://10.128.0.20"
-            - "include /etc/nginx/snippets/options-proxypass.conf"
-        - filter: "/"
-          params:
-            - "return 302 https://portail-gs.auro.re/portail/"

host_vars/prometheus-1.monit.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  monit0: 02:00:00:a8:6b:51
-
-ifupdown2__interfaces:
-  monit0:
-    addresses:
-      - 2a09:6840:204::1:1/64
-      - 10.204.1.1/16
-    gateways: "{{ ifupdown2__gateways.monit }}"
-...

host_vars/prometheus-2.monit.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  monit0: 04:00:00:a6:93:5a
-
-ifupdown2__interfaces:
-  monit0:
-    addresses:
-      - 2a09:6840:204::1:2/64
-      - 10.204.1.2/16
-    gateways: "{{ ifupdown2__gateways.monit }}"
-...

host_vars/proxy-ovh.adm.auro.re.yml

@@ -1,20 +1,44 @@
 ---
-loc_certbot:
-  - dns_rfc2136_server: '10.128.0.30'
-    dns_rfc2136_name: certbot_challenge.
-    dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
-    mail: tech.aurore@lists.crans.org
-    certname: auro.re
-    domains: "auro.re, *.auro.re"
+certbot:
+  domains:
+    - auro.re
+    - chat.auro.re  # cname to riot.auro.re
+    - codimd.auro.re
+    - element.auro.re  # cname to riot.auro.re
+    - ehterpad.auro.re  # cname to pad.auro.re
+    - grafana.auro.re
+    - hedgedoc.auro.re  # cname to codimd.auro.re
+    - pad.auro.re
+    - passbolt.auro.re
+    - paste.auro.re  # cname to privatebin.auro.re
+    - phabricator.auro.re
+    - privatebin.auro.re
+    - riot.auro.re
+    - sharelatex.auro.re
+    - status.auro.re
+    - wiki.auro.re
+    - www.auro.re
+    - zero.auro.re  # cname to privatebin.auro.re
+  mail: tech.aurore@lists.crans.org
+  certname: auro.re
+
+nginx:
+  ssl:
+    cert: /etc/letsencrypt/live/auro.re/fullchain.pem
+    cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
+    trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
+
+  redirect_dnames:
+    - aurores.net
+    - fede-aurore.net
+
+  redirect_tcp: {}
 
-loc_reverseproxy:
   redirect_sites:
     - from: www.auro.re
       to: auro.re
     - from: 92.222.211.195
       to: auro.re
-    - from: codimd.auro.re
-      to: hedgedoc.auro.re
 
   reverseproxy_sites:
     - from: phabricator.auro.re
@@ -29,9 +53,6 @@ loc_reverseproxy:
     - from: passbolt.auro.re
       to: 10.128.0.53
 
-    - from: auth.auro.re
-      to: 10.128.0.150:8089
-
     - from: riot.auro.re
       to: "10.128.0.150:8080"
     - from: element.auro.re
@@ -39,6 +60,8 @@ loc_reverseproxy:
     - from: chat.auro.re
       to: "10.128.0.150:8080"
 
+    - from: codimd.auro.re
+      to: "10.128.0.150:8081"
     - from: hedgedoc.auro.re
       to: "10.128.0.150:8081"
 
@@ -59,10 +82,5 @@ loc_reverseproxy:
 
     - from: cas.auro.re
       to: "10.128.0.150:8085"
-    - from: rss.auro.re
-      to: 10.128.0.150:8090
     - from: status.auro.re
       to: "10.128.0.150:8086"
-    - from: "kanboard.auro.re"
-      to: "10.128.0.150:8088"
-...

host_vars/proxy.adm.auro.re.yml

@@ -1,31 +1,31 @@
 ---
-loc_certbot:
-  - dns_rfc2136_server: '10.128.0.30'
-    dns_rfc2136_name: certbot_adm_challenge.
-    dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
-    mail: tech.aurore@lists.crans.org
-    certname: adm.auro.re
-    domains: "*.adm.auro.re"
-  - dns_rfc2136_server: '10.128.0.30'
-    dns_rfc2136_name: certbot_challenge.
-    dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
-    mail: tech.aurore@lists.crans.org
-    certname: auro.re
-    domains: "*.auro.re"
+certbot:
+  domains:
+    - bbb.auro.re
+    - drone.auro.re
+    - gitea.auro.re
+    - intranet.auro.re
+    - litl.auro.re
+    - nextcloud.auro.re
+    - re2o.auro.re
+    - vote.auro.re
+    - re2o-server.auro.re
+    - re2o-test.auro.re
+    - wikijs.auro.re
 
-loc_nginx:
-  servers: []
+  mail: tech.aurore@lists.crans.org
+  certname: auro.re
+
+nginx:
   ssl:
-    - name: adm.auro.re
-      cert: /etc/letsencrypt/live/adm.auro.re/fullchain.pem
-      cert_key: /etc/letsencrypt/live/adm.auro.re/privkey.pem
-      trusted_cert: /etc/letsencrypt/live/adm.auro.re/chain.pem
-    - name: auro.re
-      cert: /etc/letsencrypt/live/auro.re/fullchain.pem
-      cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
-      trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
+    cert: /etc/letsencrypt/live/auro.re/fullchain.pem
+    cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
+    trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
+
+  redirect_dnames:
+    - aurores.net
+    - fede-aurore.net
 
-loc_reverseproxy:
   redirect_tcp:
     - name: Gitea
       port: 2222
@@ -33,7 +33,7 @@ loc_reverseproxy:
 
   redirect_sites:
     - from: 45.66.111.61
-      to: intranet.auro.re
+      to: auro.re
 
   reverseproxy_sites:
     - from: re2o.auro.re
@@ -41,14 +41,14 @@ loc_reverseproxy:
     - from: intranet.auro.re
       to: 10.128.0.20
 
+    - from: bbb.auro.re
+      to: 10.128.0.54
+
     - from: nextcloud.auro.re
       to: "10.128.0.58:8080"
 
     - from: gitea.auro.re
       to: "10.128.0.60:3000"
-    - from: git.adm.auro.re
-      to: "10.128.0.60:3000"
-      ssl: adm.auro.re
 
     - from: drone.auro.re
       to: "10.128.0.64:8000"
@@ -61,15 +61,3 @@ loc_reverseproxy:
 
     - from: wikijs.auro.re
       to: "10.128.0.66:3000"
-
-    - from: wiki.auro.re
-      to: "10.128.0.66:3000"
-
-    - from: netbox.auro.re
-      to: 10.128.0.97
-
-    - from: grafana.auro.re
-      to: "10.128.0.98:3000"
-
-    - from: office.auro.re
-      to: "10.128.0.220"

host_vars/proxy.pub.infra.auro.re.yml

@@ -1,103 +0,0 @@
----
-systemd_link__links:
-  pub0: ae:ae:ae:3a:71:0b
-
-ifupdown2__interfaces:
-  pub0:
-    addresses:
-      - 2a09:6840:215::1:1/64
-      - 45.66.111.206/27
-    gateways: "{{ ifupdown2__gateways.pub }}"
-
-caddy__matrix_headers:
-  access-control-allow-headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
-  access-control-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
-  access-control-allow-origin: "*"
-
-caddy__routes_https:
-  www1.test.auro.re:
-    - root: /var/www/auro.re
-    - path: /.well-known/matrix/server
-      headers: "{{ caddy__matrix_headers }}"
-      body: '{"m.server": "matrix.auro.re:8448"}'
-      status: 200
-    - path: /.well-known/matrix/client
-      headers: "{{ caddy__matrix_headers }}"
-      body: '{"m.homeserver": {"base_url": "https://matrix.auro.re"}}'
-      status: 200
-  www2.test.auro.re:
-    headers:
-      location: "https://auro.re{http.request.uri}"
-    status: 301
-  www3.test.auro.re:
-    reverse:
-      - "[2a09:6840:128::198]:3000"
-      - 10.128.0.198:3000
-  grafana.auro.re:
-    reverse:
-      - "[2a09:6840:128::98]:3000"
-      - 10.128.0.98:3000
-  grafana-ng.auro.re:
-    reverse:
-      - "[2a09:6840:211::1:7]:80"
-      - 10.211.1.7:80
-  office.auro.re:
-    reverse:
-      - "[2a09:6840:211::1:1]:9980"
-      - 10.211.1.1:9980
-  nextcloud.auro.re:
-    headers:
-      location: "https://cloud.auro.re{http.request.uri}"
-    status: 301
-  cloud.auro.re:
-    - path: /.well-known/carddav
-      headers:
-        location: /remote.php/dav/
-      status: 301
-    - path: /.well-known/caldav
-      headers:
-        location: /remote.php/dav/
-      status: 301
-    - path: /.well-known/webfinger
-      headers:
-        location: /index.php/.well-known/webfinger
-      status: 301
-    - path: /.well-known/nodeinfo
-      headers:
-        location: /index.php/.well-known/nodeinfo
-      status: 301
-    - path: /remote/*
-      rewrite: /remote.php
-    - path: /ocm-provider/*
-      rewrite: /index.php
-    - path: "*.mjs"
-      headers:
-        content-type: text/javascript
-    - reverse:
-        - "[2a09:6840:128::58]:8080"
-        - 10.128.0.58:8080
-      headers:
-        x-robots-tag: noindex, nofollow
-        referrer-policy: no-referrer
-        x-content-type-options: nosniff
-        x-frame-options: SAMEORIGIN
-        x-permitted-cross-domain-policies: none
-        x-xss-protection: "1; mode=block"
-
-caddy__contact_email: tech.aurore@lists.crans.org
-
-caddy__errors:
-  - root: "{{ caddy__error_dir }}"
-  - rewrite: /error.html
-  - file_server: true
-    templates: true
-
-caddy__servers:
-  https:
-    listen: ":443"
-    routes: "{{ caddy__routes_https }}"
-    errors: "{{ caddy__errors }}"
-  http:
-    listen: ":80"
-
-...

host_vars/radius-1.isp.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  isp0: 02:00:00:6a:3e:f4
-
-ifupdown2__interfaces:
-  isp0:
-    addresses:
-      - 2a09:6840:210::1:3/64
-      - 10.210.1.3/16
-    gateways: "{{ ifupdown2__gateways.isp }}"
-...

host_vars/radius-2.isp.infra.auro.re.yml

@@ -1,11 +0,0 @@
----
-systemd_link__links:
-  isp0: 04:00:00:29:6d:c9
-
-ifupdown2__interfaces:
-  isp0:
-    addresses:
-      - 2a09:6840:210::1:4/64
-      - 10.210.1.4/16
-    gateways: "{{ ifupdown2__gateways.isp }}"
-...

host_vars/sw-ec-1.yml

@@ -1,93 +0,0 @@
----
-switch_vars:
-  name: sw-ec-1
-  location: "Local_de_Brassage_EdC"
-  host: 10.130.4.11
-  port: 80
-  username: "{{ vault_switch.username }}"
-  password: "{{ vault_switch.password }}"
-  delete_vlans: []
-  vlans:
-    - id: 40
-      name: "Filaire_EDC"
-      tagged: "{{ '9-10,12,14,16,18,20,22-25' | range2list }}"
-    - id: 41
-      name: "Wifi_EDC"
-      tagged: "{{ '5-10,12,14,16,18,20,22-25' | range2list }}"
-    - id: 42
-      name: "Banni_EDC"
-      tagged: "{{ '5-10,12,14,16,18,20,22-25' | range2list }}"
-    - id: 43
-      name: "Accueil_EDC"
-      tagged: "{{ '5-10,12,14,16,18,20,22-25' | range2list }}"
-    - id: 110
-      name: "Adherents_IP_Publiques"
-      tagged: "{{ '9-10,12,14,16,18,20,22-25' | range2list }}"
-    - id: 111
-      name: "Serveurs_IP_Publiques"
-      tagged: "{{ '25' | range2list }}"
-    - id: 131
-      name: "Onduleurs"
-      tagged: [25]
-    - id: 144
-      name: "Bornes_Wifi_EDC"
-      tagged: [25]
-      untagged: "{{ '5-8,12,14,16,18,20,22-24' | range2list }}"
-  ports:
-    - id: 1
-      name: "Room_Ouest_363"
-    - id: 2
-      name: "Room_Ouest_364"
-    - id: 3
-      name: "Room_Principale_Foyer_1"
-    - id: 4
-      name: "Room_Principale_Foyer_2"
-    - id: 5
-      name: "Borne_Principale_0_1"
-    - id: 6
-      name: "Borne_Principale_1_1"
-    - id: 7
-      name: "Borne_Principale_1_2"
-    - id: 8
-      name: "Borne_Principale_1_3"
-    - id: 9
-      name: "Room_Ouest_352"
-    - id: 10
-      name: "Borne_Adh_Ouest_252"
-    - id: 11
-      name: "Room_Ouest_273"
-    - id: 12
-      name: "Borne_Adh_Est_231"
-    - id: 13
-      name: "Room_Ouest_261"
-    - id: 14
-      name: "Borne_Adh_Ouest_272"
-    - id: 15
-      name: "Room_Ouest_262"
-    - id: 16
-      name: "Room_Est_225"
-    - id: 17
-      name: "Room_Ouest_263"
-    - id: 18
-      name: "Room_Ouest_76"
-    - id: 19
-      name: "Room_Ouest_264"
-    - id: 20
-      name: "Borne_Adh_Ouest_58"
-    - id: 21
-      name: "Room_Ouest_265"
-    - id: 22
-      name: "Not_used"
-    - id: 23
-      name: "Room_Ouest_158"
-    - id: 24
-      name: "Borne_Adh_Ouest_267"
-    # id: 25
-    # name: "Uplink_sw-ec-core"
-    - id: 26
-      name: "Not_used"
-    - id: 27
-      name: "Not_used"
-    - id: 28
-      name: "Not_used"
-...

host_vars/sw-ec-2.yml

@@ -1,228 +0,0 @@
----
-switch_vars:
-  name: sw-ec-2
-  location: Local de Brassage EdC
-  host: 10.130.4.12
-  port: 80
-  username: "{{ vault_switch.username }}"
-  password: "{{ vault_switch.password }}"
-  delete_vlans: []
-  vlans:
-    - id: 40
-      name: "Filaire_edc"
-      tagged: [49]
-    - id: 41
-      name: "Wifi_edc"
-      tagged: [49]
-    - id: 42
-      name: "Banni_edc"
-      tagged: [49]
-    - id: 43
-      name: "Accueil_edc"
-      tagged: [49]
-    - id: 110
-      name: "Adherents_ip_publiques"
-      tagged: [49]
-    - id: 111
-      name: "Serveurs_ip_publiques"
-      tagged: [49]
-    - id: 131
-      name: "Onduleurs"
-      tagged: [49]
-    - id: 144
-      name: "Bornes_wifi_edc"
-      tagged: [49]
-  ports:
-    - id: 1
-      name: "Room_edc_Aile_Principale_115"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 2
-      name: "Room_edc_Aile_Principale_103"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 3
-      name: "Room_edc_Aile_Principale_114"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 4
-      name: "Room_edc_Aile_Principale_102"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 5
-      name: "Room_edc_Aile_Principale_113"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 6
-      name: "Room_edc_Aile_Principale_101"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 7
-      name: "Room_edc_Aile_Principale_112"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 8
-      name: "Room_edc_Aile_Principale_100"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 9
-      name: "Room_edc_Aile_Principale_111"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 10
-      name: "Room_edc_Aile_Principale_215"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 11
-      name: "Room_edc_Aile_Principale_110"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 12
-      name: "Room_edc_Aile_Principale_214"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 13
-      name: "Room_edc_Aile_Principale_207"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 14
-      name: "Room_edc_Aile_Est_24"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 15
-      name: "Room_edc_Aile_Principale_206"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 16
-      name: "Room_edc_Aile_Est_25"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 17
-      name: "Room_edc_Aile_Principale_205"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 18
-      name: "Room_edc_Aile_Est_26"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 19
-      name: "Room_edc_Aile_Principale_204"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 20
-      name: "Room_edc_Aile_Est_27"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 21
-      name: "Room_edc_Aile_Principale_203"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 22
-      name: "Room_edc_Aile_Est_28"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 23
-      name: "Room_edc_Aile_Principale_202"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 24
-      name: "Room_edc_Aile_Est_29"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 25
-      name: "Room_edc_Aile_Principale_201"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 26
-      name: "Room_edc_Aile_Est_30"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 27
-      name: "Room_edc_Aile_Principale_200"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 28
-      name: "Room_edc_Aile_Est_31"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 29
-      name: "Room_edc_Aile_Est_20"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 30
-      name: "Room_edc_Aile_Est_32"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 31
-      name: "Room_edc_Aile_Est_21"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 32
-      name: "Room_edc_Aile_Est_33"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 33
-      name: "Room_edc_Aile_Est_22"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 34
-      name: "Room_edc_Aile_Est_34"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 35
-      name: "Room_edc_Aile_Est_23"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 36
-      name: "Room_edc_Aile_Est_120"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 37
-      name: "Room_edc_Aile_Principale_109"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 38
-      name: "Room_edc_Aile_Principale_213"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 39
-      name: "Room_edc_Aile_Principale_108"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 40
-      name: "Room_edc_Aile_Principale_212"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 41
-      name: "Room_edc_Aile_Principale_107"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 42
-      name: "Room_edc_Aile_Principale_211"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 43
-      name: "Room_edc_Aile_Principale_106"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 44
-      name: "Room_edc_Aile_Principale_210"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 45
-      name: "Room_edc_Aile_Principale_105"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 46
-      name: "Room_edc_Aile_Principale_209"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 47
-      name: "Room_edc_Aile_Principale_104"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-    - id: 48
-      name: "Room_edc_Aile_Principale_208"
-      lldp: "LPAS_TX_AND_RX"
-      loop_protect: true
-...