Compare commits
574 commits
re2o-maste
...
master
Author | SHA1 | Date | |
---|---|---|---|
2e10714a79 | |||
9b5e1d78fa | |||
e86b17094b | |||
1d40950604 | |||
9820ae62e8 | |||
c6ac61aa53 | |||
7daa55ef98 | |||
8cc6e916b7 | |||
34b0ed5478 | |||
5485254c47 | |||
d5b0fd85c8 | |||
f6b12fd696 | |||
76f76a0ca4 | |||
8bcc0af539 | |||
f723c3e1a4 | |||
1281a6a51a | |||
15e2db49f3 | |||
5ae7126ce2 | |||
a5a4d28ccc | |||
e26d5dfc27 | |||
3d2ce8f79f | |||
a29a205576 | |||
f5f570f635 | |||
b00d5bc09e | |||
4b2868783f | |||
3830022279 | |||
d2c1b1c07a | |||
69dc3052ab | |||
dbe9dbdc27 | |||
5c780ffa62 | |||
765d24685e | |||
c291e836a9 | |||
89d0a682cf | |||
2a2702c6ca | |||
4a3ba6f366 | |||
|
a320907047 | ||
|
9e4b8c2509 | ||
|
a24b473566 | ||
|
70c8e0ebe0 | ||
|
5ab3dcdac2 | ||
|
9b53daf42a | ||
|
40d9108b37 | ||
|
2830558545 | ||
|
16a2d36472 | ||
|
733e9f555d | ||
|
7d9ff449a7 | ||
|
bcded46ed6 | ||
|
860a26a8dc | ||
|
fdeaa355ad | ||
|
456c6b47b8 | ||
b81af51ccf | |||
|
8c7031d059 | ||
|
67064484d5 | ||
|
50d9282316 | ||
|
265bd5fbb7 | ||
|
944e200394 | ||
|
f50778ca96 | ||
|
bc4dc03029 | ||
|
cc2ba9ff7b | ||
ba0be43845 | |||
|
d2331c18d0 | ||
1b9fc70649 | |||
8dca876bbc | |||
515222f404 | |||
2f3612fd8e | |||
475715c5f9 | |||
7db282fffb | |||
1ecffc2742 | |||
11937776c8 | |||
79c44554a3 | |||
7212154fbb | |||
e6363e9668 | |||
b3f25e2c8b | |||
|
e0328d0294 | ||
|
eb2abcfebe | ||
|
dd0d5dd4be | ||
3217e33eff | |||
a56cea369c | |||
2c238d17c3 | |||
|
3c85a2bfb2 | ||
|
cc3d5d9b7f | ||
a55efa8e24 | |||
|
fd0cb811a7 | ||
6986588fc1 | |||
|
45802cf65d | ||
|
4bd431f9c3 | ||
|
f0b8075ca6 | ||
|
a818fd8ed9 | ||
3c25e64516 | |||
|
40a91da78b | ||
|
f0631e341b | ||
|
3ccdacde13 | ||
|
b6d5f4206a | ||
|
511091c808 | ||
|
b827195c32 | ||
|
4cf4ed0964 | ||
|
c49dfb24b0 | ||
|
747c93139b | ||
|
2a9e1f4def | ||
|
9bb2d3f324 | ||
|
1133f614e4 | ||
|
446c02da5e | ||
|
7bdf66f73a | ||
|
278928550c | ||
|
9481af3201 | ||
|
daac91f3af | ||
|
a0dd5ef4b7 | ||
de22345d79 | |||
|
03a9281b88 | ||
de0022e3f6 | |||
|
cdaf3dc77a | ||
|
5bc84dbdd2 | ||
|
0979370418 | ||
|
14b6a68040 | ||
|
cc6f96bbc8 | ||
|
07a0429ae0 | ||
|
ce04f937db | ||
|
1009298023 | ||
|
ea394a01db | ||
|
82fdcd026e | ||
|
b82afd13d9 | ||
00d63cf082 | |||
|
a791cda652 | ||
|
fdfed1a05a | ||
|
e2acfd4031 | ||
|
c7f94b54c8 | ||
|
aba0370c5b | ||
6bb02815e7 | |||
|
a523b29ac7 | ||
|
7b82a3f7ea | ||
b3838ee2a0 | |||
|
7f53120966 | ||
d23dbe2d49 | |||
|
eed6ec558c | ||
|
2ac9c40579 | ||
|
3efc8179bc | ||
|
3a56439fac | ||
|
94b8f37302 | ||
|
1392e3fe64 | ||
|
cfb891d10c | ||
|
11b3738fcd | ||
|
b2a17e20f2 | ||
|
311cfb223b | ||
|
6e77b4cb3c | ||
4ccd33eec1 | |||
f60795beaa | |||
bae87c809e | |||
8b54121a87 | |||
4a594bf1cc | |||
5d3d965112 | |||
73e522f0c6 | |||
94a470b7f2 | |||
b31f9bd952 | |||
cc3b4294ae | |||
f17e7f7524 | |||
0bfc631465 | |||
c5e6fbcfdf | |||
91fe213e02 | |||
7ca7c27fec | |||
db969625cd | |||
54b073bd02 | |||
ab697bafce | |||
e6b6790f63 | |||
cca10e7cc9 | |||
ab11e6cd65 | |||
bd1343cf03 | |||
b7ead19d50 | |||
bb97bca456 | |||
4f66702f15 | |||
9296a2ed91 | |||
4f2f0ffe64 | |||
c8a877282f | |||
d89d88813f | |||
c6b768e1bb | |||
926790844b | |||
ceaf75f0ad | |||
2c82653383 | |||
05f76c7586 | |||
604373db03 | |||
b29e9c0e45 | |||
cc681e4fac | |||
f50586c476 | |||
9c47067f93 | |||
3a600d9061 | |||
dada40e005 | |||
1520ad92c8 | |||
f409fb53cb | |||
11d0b46ef0 | |||
013743f910 | |||
1b0bff4c51 | |||
fde52f2e42 | |||
e4d2416722 | |||
226b55b0d1 | |||
5c08fed9de | |||
2d9d66c16d | |||
fd5ad8d5ac | |||
5d9a6599e8 | |||
3320e3e0c6 | |||
676cc716cf | |||
954e3e0892 | |||
|
8c666151d6 | ||
d891559e28 | |||
1908deee9c | |||
|
4c8550bfe1 | ||
e2b1f8eae5 | |||
6e376a72e3 | |||
6c64bb214c | |||
764f0f106d | |||
bdcdb8ceae | |||
7d99cef57c | |||
ca3d89e671 | |||
749188e297 | |||
c48fe1ae17 | |||
304437da97 | |||
9d18ebb7f1 | |||
6775d9ecde | |||
9ebdf15bb9 | |||
dd48302585 | |||
45041be2ab | |||
|
3d1d787063 | ||
9ed7441e34 | |||
|
28714ecf95 | ||
|
a33ea29637 | ||
efa428fba0 | |||
|
e3c56e7d46 | ||
82f05482d0 | |||
73749e9e6b | |||
|
6afd0cb4ac | ||
|
f7529be904 | ||
d2787479cf | |||
|
aac4c05cd3 | ||
|
6b2bc60589 | ||
|
e2f5529498 | ||
91817b324c | |||
1c3127dbbe | |||
f80435cb31 | |||
06f101527d | |||
|
2388bfdc3d | ||
83f5b35e59 | |||
35286a661a | |||
11335a6077 | |||
083fc4da9a | |||
f69dfd8799 | |||
5d681a95ea | |||
a743ce09fb | |||
bc35cd8e90 | |||
5bcc428895 | |||
eeaf0f8486 | |||
e247aa3f70 | |||
|
424aa80d8f | ||
|
e17f58111f | ||
ac05da7173 | |||
8ab4159d38 | |||
dff0d9922c | |||
dd274891a5 | |||
cec907af48 | |||
2952c39f70 | |||
3de76b0ac7 | |||
cccd9ac598 | |||
|
6104782a37 | ||
85e691a0a2 | |||
606df65535 | |||
3030d3bfab | |||
f59d9ee6f0 | |||
|
9f671e71d6 | ||
d567ded046 | |||
|
6d74f04db4 | ||
21eaeb2d42 | |||
|
789c11c3e3 | ||
465ab398c0 | |||
a1533b7efd | |||
ffbedf6d35 | |||
f662e4bd47 | |||
3000f46c46 | |||
6f927e30f3 | |||
8524b9fa99 | |||
37582abfe1 | |||
96a498c6de | |||
|
d902b71e04 | ||
1be92bad62 | |||
01bca6597d | |||
|
eabd709ec7 | ||
|
2d8897e9f9 | ||
21a3d5af2a | |||
|
4305a60639 | ||
3f3f688da4 | |||
6713b550b6 | |||
cb3ec07121 | |||
243ec1fe9d | |||
e12f67c920 | |||
f8e5f0cc76 | |||
|
45220cdebd | ||
f15b222cdc | |||
a54006c9d4 | |||
6f36506a98 | |||
41eb446114 | |||
7480a7c565 | |||
59f2c94a61 | |||
e570ce67b3 | |||
b14b359027 | |||
33a1ec02f3 | |||
ebfc4f2a26 | |||
0b5562f3f4 | |||
86f8b31159 | |||
d9f1104309 | |||
c6cae75031 | |||
46d10022ea | |||
ff750c5b63 | |||
2651432582 | |||
c5afbdbde4 | |||
d928c7f7f0 | |||
021a5ef1e8 | |||
c99b611b8f | |||
8112788396 | |||
2f2f71422f | |||
|
25e05069de | ||
ac42401d6d | |||
a43a9839f8 | |||
|
11578494ec | ||
637b74a2ad | |||
f45cd77510 | |||
|
715d332d25 | ||
65c94d8e84 | |||
4150a77649 | |||
a01a2095d6 | |||
98171e449d | |||
8ec838962d | |||
bdc59049ae | |||
f6e1949c21 | |||
1611f4a93c | |||
904678d1ac | |||
965bbe62a4 | |||
d7a4995496 | |||
d16676bfb6 | |||
cdcfad7ac2 | |||
29f2823960 | |||
454bc66ae0 | |||
3f8ffbe164 | |||
4123af6c01 | |||
531f7593d2 | |||
313314a674 | |||
4642395330 | |||
f0f56ecd3f | |||
7cf616f6c7 | |||
2ea7f6f9f7 | |||
db8dbb6c7a | |||
|
2a6c2b30de | ||
|
7a691882f3 | ||
69516012a2 | |||
bcc492339f | |||
|
e5299d8087 | ||
|
f6dfd792d3 | ||
|
40cd5c71ad | ||
|
472feb2dc0 | ||
077858724a | |||
38386fa1a0 | |||
|
7c7de51903 | ||
|
a31f57e844 | ||
|
974fcff1d3 | ||
6125856c60 | |||
a64864150f | |||
d233fc2759 | |||
14532d88db | |||
|
ebb3c894da | ||
df4bee2980 | |||
6095d9cef9 | |||
630377edad | |||
b3fa8a455d | |||
5871e1cfb8 | |||
d16f444130 | |||
4f6eda8329 | |||
628e11488d | |||
bd05b702bb | |||
06b54d5f89 | |||
40eadf802c | |||
8e855d7009 | |||
7a07155237 | |||
36b04239fd | |||
f919ec689a | |||
9ef6202fdf | |||
879e033857 | |||
ba4db4a835 | |||
bbf4ac323c | |||
d815434360 | |||
76361de3f1 | |||
69c6d5b55d | |||
0656dacbe8 | |||
6951e017b7 | |||
1105ea88c1 | |||
8b9bef865e | |||
dbbaf0d26d | |||
a4c393d3fb | |||
d14306a86c | |||
a625a58ddd | |||
64ae2a8521 | |||
|
452b605fc2 | ||
2c0727a419 | |||
|
41779fb172 | ||
deb4372588 | |||
2e912fc47a | |||
929baa300f | |||
71ee06c9c0 | |||
bc2701d8ba | |||
2353589da6 | |||
1d0200a1f0 | |||
b81600aef8 | |||
7e92fdfab7 | |||
|
e6a86640de | ||
cf07de4ec4 | |||
|
7cc478b1ad | ||
b9269f3967 | |||
e5be09656b | |||
8abca7916f | |||
763cc2eb51 | |||
eaa0d2e0fc | |||
8ae94fa8f8 | |||
21fed6ae3f | |||
52124d2cad | |||
7d527be1c0 | |||
32669e1fb1 | |||
4ca7ebd144 | |||
802bfcc698 | |||
958eaa1bcb | |||
6525508401 | |||
77a5fdac6f | |||
5d319cf167 | |||
529550f594 | |||
ee041b9ead | |||
1f6bfeee23 | |||
0f55b90de9 | |||
b13b22da05 | |||
8f815a30c5 | |||
acd5721a5b | |||
9547868c7d | |||
cdb9f88614 | |||
9eeb8ccd73 | |||
1fe8d1d28b | |||
9252249d18 | |||
e4b58c0bf4 | |||
c65b3f090b | |||
f7183095c1 | |||
ba8b4e8c29 | |||
02a8cb84df | |||
4a43bf8a16 | |||
7fd1b5ff5d | |||
6263c31785 | |||
89181c6cd6 | |||
c3d24c1cd0 | |||
|
52f73288b4 | ||
ba6da939ab | |||
|
ce821cbb1a | ||
ae151321db | |||
|
f49194b423 | ||
d7d0676f5e | |||
a35488efdd | |||
74c30b81df | |||
b278b02bc2 | |||
0b90c9944b | |||
61001e09f5 | |||
a5b4deacee | |||
|
3eb9536c7b | ||
c45d12cd6a | |||
83fd1b03e7 | |||
4dd75d1180 | |||
06d0bd56ae | |||
|
bb026921e1 | ||
f39ade227a | |||
d5b77f83d3 | |||
54aec3638f | |||
902d219de3 | |||
1fe440aabe | |||
008fb803d9 | |||
def64380e6 | |||
|
5e784ff569 | ||
5b2580056d | |||
|
85d1acc0b1 | ||
d650e77b23 | |||
414e80a7c4 | |||
42074b31c5 | |||
58068e9cd8 | |||
15ae83566c | |||
3840fdd44e | |||
da1fa70e55 | |||
a02afd20b7 | |||
f1ce3290c9 | |||
|
a761d0ea38 | ||
f607a76ec8 | |||
|
96be03ca22 | ||
ab69d15404 | |||
e9f0b884ec | |||
6f80cf0fd9 | |||
bd541691d9 | |||
f4fc3567ee | |||
5503a54be4 | |||
abcdf59824 | |||
37124b20cb | |||
|
a689de5f8f | ||
3fceeff74f | |||
3925e32188 | |||
456e025ca4 | |||
69d732e612 | |||
ab3659adc2 | |||
1ca75ccfb0 | |||
f08b11445d | |||
a9b03aed82 | |||
e151c1c3fd | |||
|
a8a226a4f9 | ||
ebefe4d13e | |||
02b28f45a2 | |||
2f0d6be4e9 | |||
6963d9fc16 | |||
6ec449c3b3 | |||
d8924abe66 | |||
45d8ca80a4 | |||
4308bedf8f | |||
b5dbe2c5c9 | |||
5dfadc0b52 | |||
|
992f580984 | ||
63f0ebec7d | |||
08891be5a3 | |||
df8bae6df7 | |||
bd5b88c4fc | |||
d7cf61dd94 | |||
428b6f5733 | |||
8bfe83f73c | |||
|
c2d33d594b | ||
faf5fc7362 | |||
e6b853a552 | |||
679daa633f | |||
83cdd60e27 | |||
1e136e3736 | |||
|
06fab325fb | ||
5330718945 | |||
|
71d7358bd7 | ||
4ecb6ed7be | |||
|
f9e83e514e | ||
0e224df41f | |||
ce00d5e50f | |||
c527ce16b0 | |||
3f62644927 | |||
a82edc3e24 | |||
bbac76023c | |||
a808e3c793 | |||
7e4a2d20c0 | |||
889cb764c1 | |||
154cbedec2 | |||
ba9e60dba8 | |||
9bd06520fb | |||
6df41d16b5 | |||
e02670afb0 | |||
a7b073e1cc | |||
89ebbd423e | |||
9af9a7bab8 | |||
5a09b77070 | |||
5fc2d0a3f9 | |||
7cdef7ee96 | |||
|
9d66bba3b0 | ||
3eb48edccd | |||
|
f6c9208a41 | ||
|
c9352fb9ab | ||
|
3da5dde917 | ||
|
a8af3c9c72 | ||
eecf807b53 | |||
a12bcbc97f | |||
6ec89b88d8 | |||
d59cb41d5e | |||
3050a95699 | |||
3d05acbd03 | |||
e3ae912f44 | |||
bac377f634 | |||
85d0dc9621 | |||
705fe953ae | |||
c7a3495ae5 | |||
40d3c22276 |
208 changed files with 6736 additions and 1991 deletions
|
@ -1,7 +1,10 @@
|
||||||
skip_list:
|
skip_list:
|
||||||
- '301'
|
- no-changed-when
|
||||||
|
- load-failure
|
||||||
|
- document-start
|
||||||
|
- meta-no-info
|
||||||
|
- ignore-errors
|
||||||
|
|
||||||
warn_list:
|
exclude_paths:
|
||||||
- '305' # Use shell only when shell functionality is required
|
- group_vars/all/vault.yml
|
||||||
- '503' # Tasks that run when changed should likely be handlers
|
- utils/
|
||||||
- experimental # all rules tagged as experimental
|
|
||||||
|
|
14
.drone.yml
14
.drone.yml
|
@ -4,16 +4,8 @@ type: docker
|
||||||
name: check
|
name: check
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: yamllint
|
- name: ansible and yaml linting
|
||||||
image: python:3.9-alpine
|
image: quay.io/ansible/toolset:3.5.0
|
||||||
commands:
|
commands:
|
||||||
- pip install yamllint==1.25.0
|
- ansible-lint
|
||||||
- yamllint -c .yamllint.yml .
|
|
||||||
|
|
||||||
- name: ansible-lint
|
|
||||||
image: python:3.9-alpine
|
|
||||||
commands:
|
|
||||||
- apk add --no-cache gcc libc-dev libffi-dev openssl-dev
|
|
||||||
- pip install ansible-lint==4.3.7
|
|
||||||
- ansible-lint *.yml
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
image: python:3.9-alpine
|
|
||||||
|
|
||||||
stages:
|
|
||||||
- lint
|
|
||||||
|
|
||||||
yamllint:
|
|
||||||
stage: lint
|
|
||||||
script:
|
|
||||||
- pip install yamllint==1.25.0
|
|
||||||
- yamllint -c .yamllint.yml .
|
|
||||||
|
|
||||||
ansible-lint:
|
|
||||||
stage: lint
|
|
||||||
script:
|
|
||||||
- apk add gcc libc-dev libffi-dev openssl-dev
|
|
||||||
- pip install ansible-lint==4.3.7
|
|
||||||
- ansible-lint *.yml
|
|
||||||
...
|
|
|
@ -6,6 +6,5 @@ rules:
|
||||||
max: 120
|
max: 120
|
||||||
level: warning
|
level: warning
|
||||||
document-start:
|
document-start:
|
||||||
ignore: |
|
ignore: group_vars/all/vault.yml
|
||||||
/groups_var/all/vault.yml
|
|
||||||
...
|
...
|
||||||
|
|
14
README.md
14
README.md
|
@ -1,7 +1,10 @@
|
||||||
|
[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible)
|
||||||
|
|
||||||
# Recettes Ansible d'Aurore
|
# Recettes Ansible d'Aurore
|
||||||
|
|
||||||
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
Dépendances requises :
|
||||||
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
|
|
||||||
|
* Ansible 2.9 ou plus récent.
|
||||||
|
|
||||||
## Ansible 101
|
## Ansible 101
|
||||||
|
|
||||||
|
@ -86,8 +89,11 @@ On va utiliser plutôt `ProxyJump`.
|
||||||
Dans la configuration SSH :
|
Dans la configuration SSH :
|
||||||
|
|
||||||
```
|
```
|
||||||
# Use a proxy jump server to log on all Aurore inventory
|
Host *.adm.auro.re *.pve.auro.re
|
||||||
Host 10.128.0.* *.adm.auro.re
|
# Accept new host keys
|
||||||
|
StrictHostKeyChecking accept-new
|
||||||
|
|
||||||
|
# Use passerelle to connect to administration VLANs
|
||||||
ProxyJump passerelle.auro.re
|
ProxyJump passerelle.auro.re
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
31
ansible.cfg
31
ansible.cfg
|
@ -1,38 +1,17 @@
|
||||||
# Ansible configuration
|
|
||||||
|
|
||||||
[defaults]
|
[defaults]
|
||||||
|
ask_vault_pass = True
|
||||||
# Do not create .retry files
|
roles_path = ./roles
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
|
|
||||||
# Use inventory
|
|
||||||
inventory = ./hosts
|
inventory = ./hosts
|
||||||
|
filter_plugins = ./filter_plugins
|
||||||
# Custom header in templates
|
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
||||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
|
|
||||||
|
|
||||||
# Do not use cows (with cowsay)
|
|
||||||
nocows = 1
|
nocows = 1
|
||||||
|
|
||||||
# Do more parallelism
|
|
||||||
forks = 15
|
forks = 15
|
||||||
|
|
||||||
# Some SSH connection will take time
|
|
||||||
timeout = 60
|
timeout = 60
|
||||||
|
remote_user = root
|
||||||
[privilege_escalation]
|
|
||||||
|
|
||||||
# Use sudo to get priviledge access
|
|
||||||
become = True
|
|
||||||
|
|
||||||
# Ask for password
|
|
||||||
become_ask_pass = True
|
|
||||||
|
|
||||||
[diff]
|
[diff]
|
||||||
|
|
||||||
# TO know what changed
|
|
||||||
always = yes
|
always = yes
|
||||||
|
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
|
20
copy-keys.sh
20
copy-keys.sh
|
@ -1,20 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Grab valid unique hostnames from the Ansible inventory.
|
|
||||||
HOSTS=$(grep -ve '^[#\[]' hosts \
|
|
||||||
| grep -F adm.auro.re \
|
|
||||||
| sort -u)
|
|
||||||
|
|
||||||
# Ask password
|
|
||||||
read -s -p "Hello adventurer, what is your LDAP password? " passwd
|
|
||||||
echo
|
|
||||||
|
|
||||||
for host in $HOSTS; do
|
|
||||||
echo "[+] Handling host $host"
|
|
||||||
|
|
||||||
# sshpass can be used for non-interactive password authentication.
|
|
||||||
# place your password in ldap-password.txt.
|
|
||||||
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
|
|
||||||
done
|
|
||||||
|
|
3
deploy_all.sh
Executable file
3
deploy_all.sh
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Deploy all playbooks
|
||||||
|
ansible-playbook playbooks/*.yml $@
|
40
filter_plugins/net_utils.py
Normal file
40
filter_plugins/net_utils.py
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
import ipaddress
|
||||||
|
from operator import attrgetter
|
||||||
|
|
||||||
|
import dns.name
|
||||||
|
|
||||||
|
|
||||||
|
class FilterModule:
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
"remove_domain_suffix": remove_domain_suffix,
|
||||||
|
"ipaddr_sort": ipaddr_sort,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def remove_domain_suffix(name):
|
||||||
|
parent = dns.name.from_text(name).parent()
|
||||||
|
return parent.to_text()
|
||||||
|
|
||||||
|
|
||||||
|
def ipaddr_sort(addrs, types, unknown_after=True):
|
||||||
|
check_types = {
|
||||||
|
"global": attrgetter("is_global"),
|
||||||
|
"link-local": attrgetter("is_link_local"),
|
||||||
|
"loopback": attrgetter("is_loopback"),
|
||||||
|
"multicast": attrgetter("is_multicast"),
|
||||||
|
"private": attrgetter("is_private"),
|
||||||
|
"reserved": attrgetter("is_reserved"),
|
||||||
|
"site_local": attrgetter("is_site_local"),
|
||||||
|
"unspecified": attrgetter("is_unspecified"),
|
||||||
|
}
|
||||||
|
|
||||||
|
def addr_weight(addr):
|
||||||
|
if isinstance(addr, str):
|
||||||
|
addr = ipaddress.ip_address(addr.split("/")[0])
|
||||||
|
for index, ty in enumerate(types):
|
||||||
|
if check_types[ty](ipaddress.ip_address(addr)):
|
||||||
|
return index
|
||||||
|
return len(types) if unknown_after else -1
|
||||||
|
|
||||||
|
return sorted(addrs, key=addr_weight)
|
|
@ -17,9 +17,7 @@ ldap_admin_password: "{{ vault_ldap_admin_password }}"
|
||||||
ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
|
ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
|
||||||
|
|
||||||
# Databases
|
# Databases
|
||||||
postgresql_services_url: 'services-bdd.adm.auro.re'
|
postgresql_services_url: 'bdd-ovh.adm.auro.re'
|
||||||
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
|
|
||||||
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
|
|
||||||
|
|
||||||
# Scripts will tell users to go there to manage their account
|
# Scripts will tell users to go there to manage their account
|
||||||
intranet_url: 'https://re2o.auro.re/'
|
intranet_url: 'https://re2o.auro.re/'
|
||||||
|
@ -89,3 +87,24 @@ apartment_block_dhcp: "{{ apartment_block }}"
|
||||||
ipv6_base_prefix: "2a09:6840"
|
ipv6_base_prefix: "2a09:6840"
|
||||||
|
|
||||||
is_aurore_host: "{{ 'aurore_vm' in group_names }}"
|
is_aurore_host: "{{ 'aurore_vm' in group_names }}"
|
||||||
|
|
||||||
|
# Borgbackup
|
||||||
|
borg_keep_daily: 7
|
||||||
|
borg_keep_weekly: 4
|
||||||
|
borg_keep_monthly: 12
|
||||||
|
borg_backup_directories:
|
||||||
|
- /etc
|
||||||
|
- /var
|
||||||
|
borg_backup_exclude:
|
||||||
|
- /var/log
|
||||||
|
- /var/lib/docker
|
||||||
|
- /var/lib/lxcfs
|
||||||
|
borg_encryption_passphrase: "{{ vault_borg_encryption_passphrase }}"
|
||||||
|
|
||||||
|
borg_server_host: 10.128.0.4
|
||||||
|
|
||||||
|
rsyslog_outputs:
|
||||||
|
- proto: relp
|
||||||
|
address: 10.128.0.241
|
||||||
|
port: 20514
|
||||||
|
...
|
||||||
|
|
|
@ -1,174 +1,246 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
34336231623938346631313932323131336439623837626366646338396137633436646365386639
|
64313161633263303464663933363265373935633862653634643862343232643432343966376438
|
||||||
6332383765386235396331373836366230663563376665380a616436373136633933376435653230
|
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
|
||||||
64333963663436393265666434653164643164616134353665306462326666623530383838343135
|
39346463396563626166333362306464343836386365303836356461323663633831636562393039
|
||||||
3531343533656332350a343432336636316131386132306238653736633966363235623833343638
|
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
|
||||||
38643061383963396466346536343061653034333037393664356661376565643765306462626231
|
61666365663963643437386530363261306438376665386463376366363662656161316263303831
|
||||||
39326233363962373839303464333833306532343834306232653731326135653934643836323639
|
61393136363934316462616131326463333736656136643038623061313363386538393833663637
|
||||||
36343937626536346331613263663865346634666534646266623061303639626636393230616261
|
36373565333566306632313865646538633532393731313430633462666334323762653337383338
|
||||||
32336366356439353738633234326138656464656630303362623664616634306230623538373965
|
63313433333835653366363061343839326131666139346563306366656365316663333438363837
|
||||||
32346439306337623737616666353830626630373562366436653131393532313035303836326430
|
33323165353936343165646464306434303161313139653561346461653537616164623434376534
|
||||||
64613235646366616533313065396663366434363832333535336631323366336437396664303834
|
33666662343734633766356230383761353239333632613031396365346536373432363433633564
|
||||||
30336466313064636565326564356435306136396363373464326534303366323262303732626661
|
61633762393033343336373864653438336436613630366539333731383336346665313732396265
|
||||||
38326663313332633530353739346538343434316133343066313530366637376135323564306537
|
32356138666135383562656366353131366436363464643630656130303437623131333239386363
|
||||||
65626261303231656432333364333965663065346436626631666466643934623064333163626339
|
66373866393064306565306565386230373638633733326661333065633136633130323963323765
|
||||||
32633565303734303862326365336339346133393431636266303530626564326361653230626536
|
30353262323835313365383562326363343965636634376133613331363133313030346561653931
|
||||||
32313231373037633134623761663832393666353732613965613436323939343233613433343538
|
39363636636235646131353034663861336362383263613165323230366439383561653165363764
|
||||||
37326438383130303861316663396333376662386337353964633930353536653437653061356635
|
65366130623362623539393461363832353435616266393036386439303834316635366438393936
|
||||||
35646232343535313130646237643835376162623639333961323964353830653366626438346237
|
33383933366262636232383066663130383965306137356363363539633661373664613738336539
|
||||||
36343663346332656537363434396633336161373730663364306239306432343930643230656465
|
31363131616135623039346465623530376533386263343836376662316562386530336266303062
|
||||||
37633537616232656661313764626232303535383563353861396431643735326162383866626231
|
64386531303938623939653635313163633261336339366139666135323130653862346132646636
|
||||||
61383165613332666537656137636430323332326335323763303537386662646263353539613964
|
30363065303235346331333434653331646333616337623562643564366435613938643235333664
|
||||||
37323966306364306436653033393931663239383435613836356164633135306233356364313036
|
30626164373030303237656366623631396138333265383566333664663061613536666363623630
|
||||||
39356661613434633930633066646437636535313565356366303732613731333062643231313035
|
61623362383439636239336234333161366635306432363230366630383836326330343932303863
|
||||||
65333461396131663764626665393562623030343561313136363964393664376136303839333664
|
39393232373831363863333332636362396639663831656266336430313837666463336439353332
|
||||||
65313465623331333538393734373264313562643232666130303930333662616465656432363039
|
63303036633433323439613535326663633332346565646338353761363733643766363132666365
|
||||||
66616530336666343861336434633063343561323931323931346132376263376565313366306639
|
34303865656262303563323665363730663062626537363461646363636461633762663237366366
|
||||||
64646465303432333136353661323936633965666364356633653861363139616562653834313861
|
64393133656464643065633634313261336662646435313735306266316132636530393631353830
|
||||||
63306133613066373462383236613939316130623937643939323134343936356638376335323836
|
61303939373363323131316463333136326365333430626266376636356130396239323464353937
|
||||||
39383334656236633037633230313138326238303863623231353465346661663162623138353461
|
64616232373532396334343433636332353530386662633164353235626361623164313039336666
|
||||||
33343738613137366364633730346261366564646161373837613865393233663431636361663962
|
31636434666437393839393133633961373139313663616366373239386163623064373836376164
|
||||||
38313230363737306265636435353533666262333666383639343364633464396566333433333538
|
62316638366366376134386231306435616138656461373633393339653532363434393834393430
|
||||||
39643934646537653234336361613664333434623739353831316531313666396638333136343638
|
37363335623934306661333135343266663464623438353665613330356236323036363139643064
|
||||||
33653034366362363562633462303165626333306664326366353334363964663936616430643662
|
62383934363465316338393065383935646134353230376131613935613431656333383565353134
|
||||||
30616334326638323133366632663237356238353934323361376237613632396134663536336364
|
34643866353131653061623236306536363163373639396564336434653839346263303930633663
|
||||||
39363439326335363437373939353564646663616464663763353931323233316135656634343137
|
39393935636235313431303032336361313730373238333732626465346662363038636361383631
|
||||||
34396130386134386331643534353461663963323435656337653032376565313635623231343135
|
65393433346363366337383233646166306339653533646632623262376630383265393438326135
|
||||||
34303130316239303065386134663332393938636332363665643832326439653733633231346537
|
31643039333835666338383762336163336337343532393063323165636531353361613731363065
|
||||||
63383634333034323434376237663932613638363835393837613632663265616363303233653539
|
65303637396332613432663636326334646635346237396461636366356133303333306239393739
|
||||||
61333765313463616665613136303533343230303735626437343635303934613365326166333966
|
34353966653662346230383865643231313239626533643761366162613164333132373636623237
|
||||||
66613538393466666630363333643730653239393435616634303430396635383631613439623433
|
32356335643766646266646266633366363165373861306433316561363166363865303133633939
|
||||||
36646431393865666162373232343335356366366633633264326639643434396234313863333163
|
34633132343438363034323638376666313061383965323566646463653163313235373364386666
|
||||||
63396534623931633833656565396635333133376165613031663831633564663061656131303564
|
62393865373137343237306637363536383939303833663532396333313931336162333837613935
|
||||||
61303132666264636139313738643161313134643733633366376538366135663135333333333564
|
66383266343735396337663936333162323738383264376533316536376563396333343263643931
|
||||||
64366262353837363061653663616265393264373230346330636465336439623063636639356136
|
65646535363337373865353265306434356432353066656665366638353331366334366339613538
|
||||||
65383638643961326661396336373163643832366561363764626461623662333436373136616437
|
32373637633564613861626538373365336362313434633137613966353861393462623862663330
|
||||||
30316537653432356133616338353165633462643634323563306366343965326635363863316232
|
64386431373066306334383863366133333564373163386433313231363366393830343230323734
|
||||||
61633135643861333635383464383937306236626632366235363433313335663431366531356337
|
61633962356637326538336663386330653563353763663236623539363630626363323237333237
|
||||||
37303465323638383930336138356665343966336137356137656564303733373565366162343330
|
30656139626561313064323330373032323031343137366638303966313832646365666238326337
|
||||||
38326366653733376138356339313564616165626235356363343430353239616339656239323964
|
63306363613361653933306234386163383837666430616663383664386563323839326232383761
|
||||||
31643734653263653461333135386261646265323134633334376262323330396634643764323635
|
35373539626438356539393266653864353066633365383437623437356464383335383039343137
|
||||||
30336262323035613338333166353364333836623865393132613338393237363734616330366463
|
61373539343631373932373033656233323964353666626162386537616333366562346265656238
|
||||||
64646163303337323531636532383438356237306337656439663565643032633462316366663164
|
35396130356166303564303036383664656435626534303064653363316464616335303965376330
|
||||||
33613039326337353531303831313136653539353261373930613030383134653261363833653439
|
61646638383138323265313631613037396561626162306661653231646230343139656135333236
|
||||||
31343662623035393238646263633066653362323434306137633339393330376462356139333362
|
63303838316266333665636335663361656262353066666430656162323236633564313337353665
|
||||||
35363436356530363134663064653031376561343732346262383333353733363136396262643135
|
35363565303736633564356632346632343832363934343962313030646132663566346664313632
|
||||||
31326566303535343833326562376464643632363434323839366366626134303830323563633237
|
38393061613163356265643434626166393366366634343032626637333332316361663639623534
|
||||||
37313964353033316163303738636632346137353437333463303135323631383132623133663130
|
62323239373639393337373537646232663531653835356165313264663561623633633830373734
|
||||||
32373163393861366137303138363134653534613236636439623731393837306130626638343134
|
31336234613633666538373961626430316530346462343061323661353564323938353338373961
|
||||||
39313532386338343662333134353761653162663665396664366239633536613132313735373334
|
64616637303734303333626166306330613238646265636136653939363936356165356232396436
|
||||||
37613161383633653861376433633632333163653439633938386137313632396137616337373465
|
65353731633836363433616534636330663565643561363233396538386430393964353433616437
|
||||||
65383238396439666537313833663364333731613434333739393161363437306665363834653761
|
36343936313936303165396236393463646363383338366238363961666530623335653234656139
|
||||||
34303464386633633163353636643964393233383232623765373239376633393139326630653765
|
65346337663437623134376137326166323933613861663032623965643538343638376234316232
|
||||||
62646439646534376234323661383063656463313437323231333165626163626262626562376338
|
36333065323234663263343630353739313661373536316162366532336438373263303730626464
|
||||||
62646362346261313738323830613037663035666361386139666432613230346334323063326239
|
38613136393166626663636631363064303736666235333036616435373063363762666565363136
|
||||||
65303065343061613736343663363630336333623439383032313137616131623933323636306331
|
38333966303831313333613831313132633062616235353365313533386236613338373130303836
|
||||||
34636130626338303039356137353532346562363531623936316162336663306437386532363236
|
61326262313833306437366364316433393931353265326131653563656131333436376338613266
|
||||||
36333661316161613237343032623764396435346632363963643438316430666539393566353939
|
39326632613366666136643137303635336631353230396435313537656366326239626362313833
|
||||||
33333234313839636537366465356364303438313830663261373563346538626432313139303030
|
62653039343261613265306362323234623264366664306561663839306631663465303962386462
|
||||||
33333066626463663663643833323764643737386162663766356665643064313263376434353038
|
39353934643562383762623937643034383534393962333466613636346637323235346438666636
|
||||||
37643630643737663566653562353261333734636262626437393239383063613661643166626630
|
31613838313535666166663063373333653439313035346266666463623666613837313933623837
|
||||||
31313564346239396561326162333534376264616435313762623032636432363832383630343964
|
63343565663739393764353761316432626237346234663032316131306262356233333439323961
|
||||||
30343663643935633465393465626131633931623930653962303830333065363435383237653566
|
38646664383030303832646563393836643135303731306435383338623633626638306165386637
|
||||||
65646632376330306437663334313932653230653562356338663366616463303466366263366137
|
65393238653464623032336437643838333932366131656332333165376261383539386466343139
|
||||||
64633934626339633235386630396561376130373763313137386531356637633863393035306634
|
65613733383837323832303738363664653138613830376333363038383839623463623631666237
|
||||||
65353432323235363135633832373032623837376333346131303162303464616234313062316563
|
63363263396533353763373934373034643763376665316638353435663635346135333265363235
|
||||||
64646634633963663032613533636665333335656539323238623362306363313835626632306236
|
62663432343935343964626432353563313036303761393039386231343530663737633466643035
|
||||||
30663637356463363530316434316639326639633539333335633330333834643035353932313638
|
65343835353037643539316439666666633866356530363237373230373439373133313337653237
|
||||||
64356565653065666131373538356462306633343161376537323762313666373235353236313963
|
66613631373637313534353862653437393234363365323032393035376438616264336661616262
|
||||||
65613561633266306632616538616461626532666435663038646138386430376164663766363138
|
37336435326135373065353564383637626637343532396331623334643139386364316431376435
|
||||||
35316262393065653739323035666531333330326235386133383834383865356635666537333533
|
36356566363033636539363430356565373039363863396565643730656531346364626334393436
|
||||||
31376138353231313262646334386566376264323066373934666363313431643738383064666437
|
33343839303538383530363231366166623233333730323163323432373831313639626337346230
|
||||||
36656437313039656666373530346534393735353163646635663839326366643333393665626464
|
30333930333064393337616564386163623436613933623466353933393733346339383534633239
|
||||||
36616637303631653661373433653865323634363065303433386534363064356564636465366265
|
30633365313364666566643533326163336330323232353533316633313739343035383465376330
|
||||||
31333064383233636538393032376234663663353162343530376631356533653231303730396465
|
65356139386463633565366132383832643032333234633964373437633836343435393631396166
|
||||||
33366162376464633633313664303939306330613865663431653037303061633130626635653638
|
34633439643764623936366536353931646132373539326238303761383339643661616266646130
|
||||||
66626264363333376463386666313663333964333137333231303361616533393236373861656534
|
30393166393465326365393130636136336433623262346435353936306133616135653734383635
|
||||||
32326335306566623332396638383133353434363565316432353963353062313662326361336537
|
65393530633836613937346430366337626365363361663533313837363063396538663766646566
|
||||||
34396632656234333263663831326566353434316234613365316132363730643665373761666562
|
63373639653732353135343562353266316164303863336365303635653464393232613939396131
|
||||||
31393565653663653731633333633730326265376135666162656132623238333765333363653130
|
30636361343932663233663566656131363938656161623966316366656561343166336532613666
|
||||||
61353632313532616266363139336162336565356365316531336364623930636430353831623233
|
65613534663762353662353262623634616264373964316336626166353330303539356130646166
|
||||||
61616131313438306633333066613764313161333934316139633738623164623564646365663566
|
63643435353765633766626165643465386331333637366562393861613834323464363932306430
|
||||||
66356464376133363137313036623930373362306166623838373131313330393837396261656561
|
32643836646266643031396262626136313363623663366430376432373036643835653863323631
|
||||||
66396233313530643164353264656563383632363139333262626532376562613630643437666266
|
30613164326430633664306630333632363931656135643465363439376263386561383534633666
|
||||||
66656335656634613138316138643666623430363833663035616138336461303035633731636262
|
64323763656466343064396639313264386239356664663461333166626332326536623132333434
|
||||||
36393939333765346239666433323032323361343934656463396365333366623337316663396263
|
62303261643164643330333662623935383037353338306135613737306563326336336162633138
|
||||||
36616431626633663963636135643833666234613830366434636532373031343263316436306162
|
33623066373265663362303133363032343933306336396466383034636131333837313333326531
|
||||||
39356365376561643665323866656465313434623138326238353662653735613565623264333336
|
39336163313633623639303462313763656632633030336236643030343262653366633939643536
|
||||||
61393763363862613766653064636130323732663466366133666361636339356464313037353462
|
31636535393864663363353930363761623264343630396336396431663330323436613462633136
|
||||||
63633936653235656538383433393065393162643034393538666433616131343462346235393164
|
37336464353730643566393432343762333336653932333366636265343663323462626232623635
|
||||||
39353663373338626665663563663162633430343330373430376336326432346233663365376533
|
34346136333630363539633666316561376266373032373961313437653564636537656630303261
|
||||||
32656465343538643137326366653232343530363834383831386634366262303333636261353863
|
37313639333233333365383763333061373730623939303530303832646365323739356564626137
|
||||||
32633437343432653936643766363338636535613532323362656435613363393238626466303861
|
35633366393636376463393961333830343232363266633931613332643134643234303733373466
|
||||||
38633861333638613466306338613932353964393365356637306261626535323732316362623731
|
35323831623931633436626636346431303965663639666566623433383736633834626330303265
|
||||||
33313963623439613939333639346461663338373334396165636231666266613065323731373964
|
37353337656233663938663839373931623137666662623266336537383631626631306235363064
|
||||||
64313133383435333935376531313432663766633133633863356563663535333263636237386136
|
33313564316438633139336261623736336336326239376630316335313631376132646563333430
|
||||||
61653963633166383135333436646465383536373039383538326366636634313061613730653962
|
33656432643130643832343065353834633366363339353964623762666564633835633636313731
|
||||||
37623962643866396637336231363038373465393637356463656566666661313130313863383233
|
63353637636165663136623736343234393038313235333363643237643566623766393838386635
|
||||||
37343636346535363832626365396262303862393535336565393635663637323730373564336634
|
33646233623032653233336266636335666233353032303837663162303939383262373761623261
|
||||||
37363036323733306535336366373630356531353737303165376530656433626634343365626239
|
35366661363966346233633739663635353361303264356534366235616164316138623730623632
|
||||||
64346136363030663862313431653761666432393933366665346361626361623039326434633835
|
62316362623736396264366632373661373835393434343364353431316362666235616635633566
|
||||||
32666538653037613361343536383634643762356234366433663639653461303933306434333864
|
64353530633334393737346663653562346335323065356665643132353738363132623031353664
|
||||||
37386436393465323139306161333738383265323436376536656264356230303163326134323864
|
66666639326238386634363664356664343161386435323736316636343536326435303066353035
|
||||||
63396331666431666464656161633466333764653631623131646566303366333030653834333335
|
37363731613138393333636562386363333932386362303139643262386237353863363764643139
|
||||||
31323365353239366232643863386365633861376235643034303563613363663661616564363663
|
64616561373239346464623165616332623434303433626638376232333733646136376431626438
|
||||||
63326562613365653539383336383339646164623864323830653434623365393432666466323134
|
66613134343639656331626630303030366133356636663735353466353834613430356265386162
|
||||||
33626330373361393734656632393232363866613863373135636537613934343065306265623964
|
66613332663232623438636661306332613162666561353537313336643134663664306630636639
|
||||||
34643765636165393336356630353663343065333431656164363638646233663762346536343362
|
61613363353264373831393962333631383236666130646333336431303735333165656438363432
|
||||||
65653364343537383336373933313464663464653465383830363631316336303464313731356230
|
38396530333631636135653534393531326434306362396237366430383166323832336434376364
|
||||||
34336130323766386465373162346535396565346630353734303937396130656132376331326563
|
38393431646338316232373431613930326532646333386435303034356564336665346133393866
|
||||||
36386339383338346533646331666262396432336434646333653664326635386238333763626637
|
61643533643361646265313334633463616437393437653935613261366635616430313064346532
|
||||||
31363464306465666339316436323265623437636533643431363161323139653065323534636533
|
32363831613565313836376338646466323130373032613863323037323566643164653132633735
|
||||||
64386334353439373133313937343234373963353331646233346432646430636530663336316134
|
65636562653535626461396666643330386333663137613333643165656336633038323036373162
|
||||||
66303337313034396232643531643262343036313762633165353665653938313665386363353865
|
31376338613862333334643561313332326237646565633934323032626662633631633033623063
|
||||||
66333166303636626565613136653365313763303263313239333033353638616566656134396131
|
63306664656437663732323339383735306132616531373865323835633264333639336163366466
|
||||||
38356434343931303134303362313363343634613361353538636634336332373132356165326163
|
33373433653839393638323034623835643531393266306331313563613265616633353763653438
|
||||||
30386130326239366532363962316435663862393836326439623862366166376234343439306465
|
65363532653163303861383531356639316331343531666666636336373634636134633331366364
|
||||||
36346639623939353232366333643963646336383833386565643435393734653936313638663930
|
62366230366435323435613964636533353236373935626632623536396664313264653031623062
|
||||||
32323065343737663564333961373034393261613862333431663562353964666561643831316432
|
33366166343630313839366262313234346262343336386538336335393835646138666330656361
|
||||||
35313832356639333937333266306166656538643065386639346337306134613536356137316331
|
61313936323838653832633130346539636363613838343363663431623063333933383466353938
|
||||||
38376434666332366531393639303561663934353130333161636530383932653236313530616531
|
65383361333561383631643938613862343236346233363466333237316339616362366565306639
|
||||||
61656664626663373164343863333039356362343034326131376666623264663732303734366363
|
39356563656132303463346138356435303038303165363935343266396462326365363262393336
|
||||||
30306430353732616131346637626332656434393163313661356465393263393235396662623962
|
37396235366639623761366239386165613065626431633733306234343866663266633631656237
|
||||||
62643538623331646265643561623366383937313136383939366164613235666234663137653432
|
63643430383433393835663635356265636635363137613064353066313338346436356632346265
|
||||||
34316138643139336331356663333632656539653632626136613431393736613630353237356164
|
38393730336465396263373137383238653337396364643061303234666266663064663265383434
|
||||||
33623632643335663163656236633134343464353837346237316162346634633336663564656531
|
36636138643432373633313038393737663735363838396164366234643533633762383062353831
|
||||||
39373730346130363963376463326238366235613539613466653139306237343164336462353236
|
66326231363337323666386263373438656630346336663239643030386434636264666634393631
|
||||||
39323361636333353661633863663162633563343937366461346338363061623730633537626562
|
39313364333761343532346165396365306463393037643935666363323630326664616638313338
|
||||||
30353938383664333861366431343033313961376436363065373430353736343563313531386663
|
39396336653738353333343835363861643166376565346463303135376439336134666235623230
|
||||||
37313534303564333237616331396437376436383833373936376664666366373235613533663239
|
32363031303732666133386164313437366164326539373564623236356432303132633436323563
|
||||||
64653863613531356666646233393533646131333961343730663461346235633961306263343831
|
36323634373538376133613736633133356638323861636434646465643432636366376138636232
|
||||||
64386332653330323937643266373437633465363933653833343930616134626566363339366362
|
63633830613462613831313938326339343632393038376639623131366364623536353338363439
|
||||||
36356163333730656233653431326430326566386264343330666131393166323537623137396237
|
32613331623863336165636364616634303264356630303665383638663737343836663831363263
|
||||||
65386234653231666631366533383762643830333261363532666138386263643662633932626335
|
63366562393734323030306436346534626530656465396535323835316139633562363830373437
|
||||||
66303363613035643931393933303035323566373634663037313338616132373162366334373962
|
63626530326530383538623165356532303862353763326432373966626436303465373431373762
|
||||||
33666463613435396331326565353433336361303562326562663035313639333232333430373266
|
38613539623164353732623636376630643465343839666531306438326633343362306665366132
|
||||||
65383235356132353838636565636436356361653831356430663935613766613237366564316566
|
39396537366266353864656232616334336130333337306463313932393832653661343036396261
|
||||||
37396130393363386566306162346466326165353863636633306335383265306139396339383866
|
64613461633433356334623631643861303133383963336635623138326139613564343838366565
|
||||||
34326335323962633032386162623033353036643437313832323166363764653339343638343964
|
36343130353462333162313736636139306233366466626231306561626335396262663531333839
|
||||||
66626662326234306362656162336538353131366337643761643930306163333661653062663832
|
61336437343137356335633764373730306466326133356331333530353537616661373062656438
|
||||||
61303963623433313565633235306132366663336662616232613339366363373934613631623431
|
35356235666464656466323937353837623535643937383866666133383633396563333338633034
|
||||||
34323736383366333032343364373533363761323338346163323836653235653136646162306166
|
38366531613164363966323137646237393135383164643230663331306335636432656565633636
|
||||||
65333734623663346233343961396566313838653036396430396134393839326535363237363638
|
34343031633632346533353666353034666266666561346464306665386634313263323333653330
|
||||||
38333232333863396334366561303136333863356666656335633630616531363766343535616533
|
66323033393531343633356466613837346164393332613037636465343230623731616361336338
|
||||||
35656166303837653365303436623431613931336331356531666665346562613263363666626238
|
61373332373636646435353734386366613334323161626437396232613534613330613532323534
|
||||||
62626236323863383366643162356462306163653032626130333863656337623136646439316337
|
65653065386432313733663165616333663666363733623162306536303833663136353334656466
|
||||||
33306432663134383038646133346131333732633932383239643733643138303434646565663266
|
64353931363838613761663561666639373865393438396565626661343934353662363834636535
|
||||||
34616265383733343963323538656138656331396438616133393063356638633965323363653066
|
65363664393433313036383438643864663339626331343230343337316437336634636363303563
|
||||||
65353837333363613762333839313631373137363064383830353565333832356162323862393030
|
35373539383535353235633730386232363539616632336566376264393832383637663330613133
|
||||||
35373038613133643466636537626437393837633865363566343565626633376262373766613738
|
37643261363966633138373935333438393536373938383265373261363232343030373539366335
|
||||||
39343334336238363131373762646564653839623531323066356430326263376534373664363331
|
61633162663137643061363366653135323639363838626266386262666133306461333432313738
|
||||||
64373735383933303638303661333964333464306338613363326261623438336530636262373766
|
30313332626166303630363839396663396564633961383863326663356230343938643833303933
|
||||||
35346339643939666162386232666236326131366366303432393838326239313730323431376231
|
34333032353935323565346633363537656639613663356130383264373739636231363364613066
|
||||||
39363032616666393431326533643865643937363937356431623763363037373333653266376561
|
36653664346434393933383337313630623131396461343930383537633536643365306564396665
|
||||||
63323462363063343234373534663063353865363037383932386231313338343239653131633561
|
31353861643335353538623838393335326364393738376239623431306231363739656438626265
|
||||||
34623439396232633265616438623562666333303932396366663330326565363736633461333463
|
37666532336661306262303761616238666239623265663231386165353437366631376234343035
|
||||||
66346537323061306662323062393061353565393165363532306439343262343632616465363364
|
33393037316563373534373765616238616639303031346430623561663430393536303163613338
|
||||||
30376331346430313536313963333136663833323064633631653935326366633862336163316538
|
65353062336164626335376235656235343637366438353334356436653266333062663838316263
|
||||||
33383434336666303434363236396662366664393637656462363331356631613332353766636663
|
32623732306462356162623437393035626433336631643833626463656634366332613936346465
|
||||||
62323264336235306532343065323834313730353237616463373766303439663533336366363565
|
34653331363133373635633330363564333264623566613432383439396537343963653239336265
|
||||||
35646461636263646633343634323735383235376330616334373937646165623639363663353361
|
33326132663434363065646265646130333935303662623037363938313464366564323734333437
|
||||||
65613034353736633332663333616564356265323731613537393430633137333337643663323137
|
36336335303738643634653164306332636130316161393335656536386131396662616366383139
|
||||||
31623732663331653935316337306433333633353565343265666333363864346562363961333439
|
36663863343736666665363337663537326330323437346565346465326231366563643136366365
|
||||||
30656136636661396335623566386362333861616663393738626632633537613564636261383138
|
37636361343961326261336437616266373962643765346438333766306537303137353764396330
|
||||||
3233
|
39626635373631353635313935363834363730386132376363663462653330623130663266373432
|
||||||
|
65343237326535613535386363396236336536366165306463643162346638623638373433646163
|
||||||
|
62613935363636353639623839396231393838303135346536383037353636613563323234626131
|
||||||
|
64373666303436393861373164376564646235366131343433623733663832653039393738343537
|
||||||
|
65323534343464613230346532623966616462353532373064623566626563336464326336393364
|
||||||
|
39626237646431313135323036303065343138616632343237396136366332636132303037376132
|
||||||
|
33623031623635653162616265316366663262373666636638386130643336383130643232643662
|
||||||
|
34326663343562613962343033396332303261636230353331313730336630633461333736626333
|
||||||
|
66636430643330383032646634396133626339623036333963396662313234623466366634636334
|
||||||
|
33373762386662613966353664346239666133656435353365653536356331613632666132376264
|
||||||
|
62613433366633663065306166396166633836306139376533396165393966323465303638373563
|
||||||
|
63326330323161303065643365343363313338326238363137663139613463613434643834613662
|
||||||
|
64663365633965653363633165653038333335333232633434323037643936646561376431626230
|
||||||
|
66356138373136366134373533386634373061666330663364376336383433306331386162393633
|
||||||
|
33636330643531396464313736363061303466393861613730323563626363643731333633366532
|
||||||
|
64646130636234653566346533323962353332653335336239353630633535623935396638663366
|
||||||
|
37383661343636613261623833653032373764653164346634663431653664636233323734666166
|
||||||
|
36373664306566663930353338366431623563396166356638626166333165623263636336613138
|
||||||
|
34343936393964666564306637346561393538383137663162663630336462656663316338376236
|
||||||
|
63633666333263663734353861633164653132663334306664643133663736663766626639393236
|
||||||
|
32653430333163313363343731666135656662363838366132383732346130313130363365656263
|
||||||
|
32643533393163376264653632663262353966306630333064313932616262323134326361633764
|
||||||
|
63383837303936616434616630653833653833623263623532306363373836323431393335623530
|
||||||
|
34316562343035326265333164643163356230643639373431326431303538346363376332373434
|
||||||
|
31313666313663343363353130306561646136393732663164393232636330663635346434343134
|
||||||
|
33663138663336636430373763396435323138373633666438623234363631336232366635366532
|
||||||
|
62616239663934653462656163326134303261376635323864633435383666363065656665303538
|
||||||
|
62626538343638366236646136363232373437336630383739656438636465326531646664366462
|
||||||
|
36353663626634386538336239623734323234393463313034303837363164363263623065613061
|
||||||
|
38333162646232366339333662313965663336613238386530393162346266636532353433656136
|
||||||
|
66326436323836376432313238613165373565643233333435393361636637653361616435393438
|
||||||
|
32383763393561343734643438346635613663393736613839623263663866336165343235663933
|
||||||
|
66623137616561313462653631613830363666653635336534643935373739353138363934656134
|
||||||
|
35663063396162623432373534333463376231666466393963336231653939326663396336383735
|
||||||
|
34633763336163313432616163313638623963306666643432306661393632346339373963633265
|
||||||
|
32303862643661376433356661383335313365306534663534396638313531373538326236636363
|
||||||
|
37626138333437393363323261336663653163643565303063313231346131376261653763356631
|
||||||
|
62306262336337366134626632333663363139393131306666303235303761623665356431646234
|
||||||
|
33666461663035303066353137623762653565353533613435663839396238336337333463636465
|
||||||
|
38353135356634626137376232613330393235383432356436393030313564306537616363383136
|
||||||
|
66356463373138313661373565326565343066643133633630313031303132313031663739316631
|
||||||
|
66666631386163313034306532393862393930653931363235396662366262636466363464396466
|
||||||
|
61303962303066633764393831396632626233343633313061323838623134373036393164633139
|
||||||
|
30303861636335636131376334376239636235653233323435623262366132663934613661333135
|
||||||
|
61386136326435363337316363666330363431613135663661303438383664663930656564373730
|
||||||
|
32373731393666333364633835646431646662313232383136616238303264383438663766356462
|
||||||
|
32346664376430663934626661663039656461383738626265346162393861346163656161323333
|
||||||
|
39323666643031376530303230626166613233383731363766373634623430633635303963313466
|
||||||
|
34646331363539636133373134353535356265393265393635323532323134643034343663636362
|
||||||
|
38633261613433393634396234396265623063346138363133646532366638306632396464646432
|
||||||
|
61373961383438386535336131393633303430346162613738343839653038303035303033626535
|
||||||
|
37343030623530333332306265373539633735616634663666356437303862636338363866613861
|
||||||
|
38346130336338373865343866306665616530313938616366346131376262346135323537663137
|
||||||
|
39383366313766666234323234363937623264353532323033363966313135653163343036666262
|
||||||
|
34393832613034383239393930383063336131356364303231323966303633333331633666373764
|
||||||
|
65383137333965663234663933303231356165376233326233303035316536666563656363343933
|
||||||
|
36633039666432643135636331353932633164633964623661373739633665313433306561303637
|
||||||
|
62373534346562363132643063643732343462653838393635343266626535353864656437313434
|
||||||
|
34376538303965616539626534613431623834376337643936613137323031323139393762636463
|
||||||
|
66346664666361623636666533663037613434353135393862376633636233656330366136646434
|
||||||
|
30653735323961383130393763333630306131376430363436623238646632363462383739653636
|
||||||
|
37346566663039383866323639633565366338353438386461616239313639343766333661346435
|
||||||
|
33316538366463383733346663316564656566656165396465393461363061613239666165346661
|
||||||
|
62346639623163363762366431313831663135643062336363323336303737393437653863303665
|
||||||
|
36643466336566336236353166333063633830646461626262333937316162353365353130353535
|
||||||
|
30383164363532363532306364393236303537383139643431393962333063633162313033613561
|
||||||
|
32323434336364343061386666616639336566373461633462393130336461303531353436623065
|
||||||
|
65663430623066336533373662306566396263376562343936666166626666323964373334613835
|
||||||
|
64633535303365643564626562643562636363363834353865353765356665643965663861366436
|
||||||
|
63333736613232353130616466316637613966646139323565356537666331666564623832333439
|
||||||
|
36376131663431616430616265323039646432393166613631313762613264313765323231663961
|
||||||
|
65616636306362386534626130636261636566626365643630616135323634343935653033653433
|
||||||
|
3061
|
||||||
|
|
5
group_vars/bdd.yml
Normal file
5
group_vars/bdd.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
borg_keep_hourly: 6
|
||||||
|
borg_backup_exclude:
|
||||||
|
- "/var/lib/postgresql/"
|
||||||
|
...
|
8
group_vars/certbot.yml
Normal file
8
group_vars/certbot.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
glob_certbot:
|
||||||
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
|
dns_rfc2136_name: certbot_challenge.
|
||||||
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
|
mail: tech.aurore@lists.crans.org
|
||||||
|
certname: auro.re
|
||||||
|
domains: "*.auro.re"
|
32
group_vars/nginx.yml
Normal file
32
group_vars/nginx.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
glob_nginx:
|
||||||
|
contact: tech.aurore@lists.crans.org
|
||||||
|
who: "L'équipe technique d'Aurore"
|
||||||
|
service_name: service
|
||||||
|
ssl:
|
||||||
|
# Add adm.auro.re if necessary
|
||||||
|
- name: auro.re
|
||||||
|
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
||||||
|
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
||||||
|
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
||||||
|
servers:
|
||||||
|
- ssl: false # Replace by auro.re or adm.auro.re
|
||||||
|
default: true
|
||||||
|
server_name:
|
||||||
|
- "default"
|
||||||
|
- "_"
|
||||||
|
root: "/var/www/html"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params: []
|
||||||
|
additional_params: []
|
||||||
|
upstreams: []
|
||||||
|
|
||||||
|
auth_passwd: []
|
||||||
|
default_server:
|
||||||
|
default_ssl_server:
|
||||||
|
default_ssl_domain: auro.re
|
||||||
|
real_ip_from:
|
||||||
|
- "10.128.0.0/16"
|
||||||
|
- "2a09:6840:128::/64"
|
||||||
|
deploy_robots_file: false
|
12
group_vars/reverseproxy.yml
Normal file
12
group_vars/reverseproxy.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
loc_nginx:
|
||||||
|
servers: []
|
||||||
|
|
||||||
|
glob_reverseproxy:
|
||||||
|
redirect_dnames:
|
||||||
|
- aurores.net
|
||||||
|
- fede-aurore.net
|
||||||
|
|
||||||
|
reverseproxy_sites: []
|
||||||
|
|
||||||
|
redirect_sites: []
|
3
group_vars/routeur.yml
Normal file
3
group_vars/routeur.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
rsyslog_high_density: true
|
||||||
|
...
|
12
host_vars/caradoc.adm.auro.re.yml
Normal file
12
host_vars/caradoc.adm.auro.re.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
borg_keep_hourly: 6
|
||||||
|
borg_keep_daily: 7
|
||||||
|
borg_keep_weekly: 4
|
||||||
|
borg_keep_monthly: 12
|
||||||
|
borg_backup_directories:
|
||||||
|
- "/etc"
|
||||||
|
- "/var"
|
||||||
|
- "/data_nextcloud"
|
||||||
|
- "/data_gitea"
|
||||||
|
- "/data_mail"
|
||||||
|
...
|
16
host_vars/log.adm.auro.re.yml
Normal file
16
host_vars/log.adm.auro.re.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
borg_backup_directories:
|
||||||
|
- "/etc/"
|
||||||
|
- "/var/"
|
||||||
|
borg_backup_exclude: []
|
||||||
|
|
||||||
|
rsyslog_collector_base_dir: /var/log/remote
|
||||||
|
rsyslog_inputs:
|
||||||
|
- proto: relp
|
||||||
|
port: 20514
|
||||||
|
- proto: udp
|
||||||
|
port: 514
|
||||||
|
- proto: tcp
|
||||||
|
port: 6514
|
||||||
|
rsyslog_outputs: []
|
||||||
|
...
|
3
host_vars/perceval.adm.auro.re.yml
Normal file
3
host_vars/perceval.adm.auro.re.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
borg_server_backups_dir: /borg
|
||||||
|
...
|
105
host_vars/portail.adm.auro.re.yml
Normal file
105
host_vars/portail.adm.auro.re.yml
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
---
|
||||||
|
loc_nginx:
|
||||||
|
service_name: captive_portal
|
||||||
|
default_server: '$server_addr'
|
||||||
|
default_ssl_server: '$server_addr'
|
||||||
|
|
||||||
|
servers:
|
||||||
|
- server_name:
|
||||||
|
- "10.13.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-fleming.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-fleming.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-fleming.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- 10.23.0.247
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-pacaterie.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-pacaterie.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-pacaterie.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- "10.33.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-rives.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-rives.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-rives.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- "10.43.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-edc.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-edc.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-edc.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- "10.53.0.247"
|
||||||
|
locations:
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-gs.auro.re/portail/"
|
||||||
|
|
||||||
|
- ssl: auro.re
|
||||||
|
server_name:
|
||||||
|
- portail-gs.auro.re
|
||||||
|
locations:
|
||||||
|
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
|
||||||
|
params:
|
||||||
|
- "proxy_pass http://10.128.0.20"
|
||||||
|
- "include /etc/nginx/snippets/options-proxypass.conf"
|
||||||
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "return 302 https://portail-gs.auro.re/portail/"
|
|
@ -1,44 +1,20 @@
|
||||||
---
|
---
|
||||||
certbot:
|
loc_certbot:
|
||||||
domains:
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
- auro.re
|
dns_rfc2136_name: certbot_challenge.
|
||||||
- chat.auro.re # cname to riot.auro.re
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
- codimd.auro.re
|
mail: tech.aurore@lists.crans.org
|
||||||
- element.auro.re # cname to riot.auro.re
|
certname: auro.re
|
||||||
- ehterpad.auro.re # cname to pad.auro.re
|
domains: "auro.re, *.auro.re"
|
||||||
- grafana.auro.re
|
|
||||||
- hedgedoc.auro.re # cname to codimd.auro.re
|
|
||||||
- pad.auro.re
|
|
||||||
- passbolt.auro.re
|
|
||||||
- paste.auro.re # cname to privatebin.auro.re
|
|
||||||
- phabricator.auro.re
|
|
||||||
- privatebin.auro.re
|
|
||||||
- riot.auro.re
|
|
||||||
- sharelatex.auro.re
|
|
||||||
- status.auro.re
|
|
||||||
- wiki.auro.re
|
|
||||||
- www.auro.re
|
|
||||||
- zero.auro.re # cname to privatebin.auro.re
|
|
||||||
mail: tech.aurore@lists.crans.org
|
|
||||||
certname: auro.re
|
|
||||||
|
|
||||||
nginx:
|
|
||||||
ssl:
|
|
||||||
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
|
||||||
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
|
||||||
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
|
||||||
|
|
||||||
redirect_dnames:
|
|
||||||
- aurores.net
|
|
||||||
- fede-aurore.net
|
|
||||||
|
|
||||||
redirect_tcp: {}
|
|
||||||
|
|
||||||
|
loc_reverseproxy:
|
||||||
redirect_sites:
|
redirect_sites:
|
||||||
- from: www.auro.re
|
- from: www.auro.re
|
||||||
to: auro.re
|
to: auro.re
|
||||||
- from: 92.222.211.195
|
- from: 92.222.211.195
|
||||||
to: auro.re
|
to: auro.re
|
||||||
|
- from: codimd.auro.re
|
||||||
|
to: hedgedoc.auro.re
|
||||||
|
|
||||||
reverseproxy_sites:
|
reverseproxy_sites:
|
||||||
- from: phabricator.auro.re
|
- from: phabricator.auro.re
|
||||||
|
@ -53,6 +29,9 @@ nginx:
|
||||||
- from: passbolt.auro.re
|
- from: passbolt.auro.re
|
||||||
to: 10.128.0.53
|
to: 10.128.0.53
|
||||||
|
|
||||||
|
- from: auth.auro.re
|
||||||
|
to: 10.128.0.150:8089
|
||||||
|
|
||||||
- from: riot.auro.re
|
- from: riot.auro.re
|
||||||
to: "10.128.0.150:8080"
|
to: "10.128.0.150:8080"
|
||||||
- from: element.auro.re
|
- from: element.auro.re
|
||||||
|
@ -60,8 +39,6 @@ nginx:
|
||||||
- from: chat.auro.re
|
- from: chat.auro.re
|
||||||
to: "10.128.0.150:8080"
|
to: "10.128.0.150:8080"
|
||||||
|
|
||||||
- from: codimd.auro.re
|
|
||||||
to: "10.128.0.150:8081"
|
|
||||||
- from: hedgedoc.auro.re
|
- from: hedgedoc.auro.re
|
||||||
to: "10.128.0.150:8081"
|
to: "10.128.0.150:8081"
|
||||||
|
|
||||||
|
@ -82,5 +59,10 @@ nginx:
|
||||||
|
|
||||||
- from: cas.auro.re
|
- from: cas.auro.re
|
||||||
to: "10.128.0.150:8085"
|
to: "10.128.0.150:8085"
|
||||||
|
- from: rss.auro.re
|
||||||
|
to: 10.128.0.150:8090
|
||||||
- from: status.auro.re
|
- from: status.auro.re
|
||||||
to: "10.128.0.150:8086"
|
to: "10.128.0.150:8086"
|
||||||
|
- from: "kanboard.auro.re"
|
||||||
|
to: "10.128.0.150:8088"
|
||||||
|
...
|
||||||
|
|
|
@ -1,31 +1,31 @@
|
||||||
---
|
---
|
||||||
certbot:
|
loc_certbot:
|
||||||
domains:
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
- bbb.auro.re
|
dns_rfc2136_name: certbot_adm_challenge.
|
||||||
- drone.auro.re
|
dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
|
||||||
- gitea.auro.re
|
mail: tech.aurore@lists.crans.org
|
||||||
- intranet.auro.re
|
certname: adm.auro.re
|
||||||
- litl.auro.re
|
domains: "*.adm.auro.re"
|
||||||
- nextcloud.auro.re
|
- dns_rfc2136_server: '10.128.0.30'
|
||||||
- re2o.auro.re
|
dns_rfc2136_name: certbot_challenge.
|
||||||
- vote.auro.re
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
- re2o-server.auro.re
|
mail: tech.aurore@lists.crans.org
|
||||||
- re2o-test.auro.re
|
certname: auro.re
|
||||||
- wikijs.auro.re
|
domains: "*.auro.re"
|
||||||
|
|
||||||
mail: tech.aurore@lists.crans.org
|
loc_nginx:
|
||||||
certname: auro.re
|
servers: []
|
||||||
|
|
||||||
nginx:
|
|
||||||
ssl:
|
ssl:
|
||||||
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
- name: adm.auro.re
|
||||||
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
cert: /etc/letsencrypt/live/adm.auro.re/fullchain.pem
|
||||||
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
cert_key: /etc/letsencrypt/live/adm.auro.re/privkey.pem
|
||||||
|
trusted_cert: /etc/letsencrypt/live/adm.auro.re/chain.pem
|
||||||
redirect_dnames:
|
- name: auro.re
|
||||||
- aurores.net
|
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
||||||
- fede-aurore.net
|
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
||||||
|
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
||||||
|
|
||||||
|
loc_reverseproxy:
|
||||||
redirect_tcp:
|
redirect_tcp:
|
||||||
- name: Gitea
|
- name: Gitea
|
||||||
port: 2222
|
port: 2222
|
||||||
|
@ -33,7 +33,7 @@ nginx:
|
||||||
|
|
||||||
redirect_sites:
|
redirect_sites:
|
||||||
- from: 45.66.111.61
|
- from: 45.66.111.61
|
||||||
to: auro.re
|
to: intranet.auro.re
|
||||||
|
|
||||||
reverseproxy_sites:
|
reverseproxy_sites:
|
||||||
- from: re2o.auro.re
|
- from: re2o.auro.re
|
||||||
|
@ -41,14 +41,14 @@ nginx:
|
||||||
- from: intranet.auro.re
|
- from: intranet.auro.re
|
||||||
to: 10.128.0.20
|
to: 10.128.0.20
|
||||||
|
|
||||||
- from: bbb.auro.re
|
|
||||||
to: 10.128.0.54
|
|
||||||
|
|
||||||
- from: nextcloud.auro.re
|
- from: nextcloud.auro.re
|
||||||
to: "10.128.0.58:8080"
|
to: "10.128.0.58:8080"
|
||||||
|
|
||||||
- from: gitea.auro.re
|
- from: gitea.auro.re
|
||||||
to: "10.128.0.60:3000"
|
to: "10.128.0.60:3000"
|
||||||
|
- from: git.adm.auro.re
|
||||||
|
to: "10.128.0.60:3000"
|
||||||
|
ssl: adm.auro.re
|
||||||
|
|
||||||
- from: drone.auro.re
|
- from: drone.auro.re
|
||||||
to: "10.128.0.64:8000"
|
to: "10.128.0.64:8000"
|
||||||
|
@ -61,3 +61,12 @@ nginx:
|
||||||
|
|
||||||
- from: wikijs.auro.re
|
- from: wikijs.auro.re
|
||||||
to: "10.128.0.66:3000"
|
to: "10.128.0.66:3000"
|
||||||
|
|
||||||
|
- from: wiki.auro.re
|
||||||
|
to: "10.128.0.66:3000"
|
||||||
|
|
||||||
|
- from: netbox.auro.re
|
||||||
|
to: 10.128.0.97
|
||||||
|
|
||||||
|
- from: grafana.auro.re
|
||||||
|
to: "10.128.0.98:3000"
|
||||||
|
|
403
hosts
403
hosts
|
@ -8,10 +8,11 @@
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Aurore : main services
|
# Aurore : main services
|
||||||
|
|
||||||
viviane.adm.auro.re
|
|
||||||
|
|
||||||
[aurore_pve]
|
[aurore_pve]
|
||||||
merlin.adm.auro.re
|
escalope.adm.auro.re
|
||||||
|
services-1.pve.auro.re
|
||||||
|
services-2.pve.auro.re
|
||||||
|
services-3.pve.auro.re
|
||||||
|
|
||||||
[aurore_vm]
|
[aurore_vm]
|
||||||
routeur-aurore.adm.auro.re
|
routeur-aurore.adm.auro.re
|
||||||
|
@ -25,17 +26,30 @@ camelot.adm.auro.re
|
||||||
gitea.adm.auro.re
|
gitea.adm.auro.re
|
||||||
drone.adm.auro.re
|
drone.adm.auro.re
|
||||||
nextcloud.adm.auro.re
|
nextcloud.adm.auro.re
|
||||||
stream.adm.auro.re
|
galene.adm.auro.re
|
||||||
re2o-server.adm.auro.re
|
re2o-server.adm.auro.re
|
||||||
re2o-ldap.adm.auro.re
|
re2o-ldap.adm.auro.re
|
||||||
re2o-db.adm.auro.re
|
re2o-db.adm.auro.re
|
||||||
pendragon.adm.auro.re
|
|
||||||
services-bdd-local.adm.auro.re
|
|
||||||
backup.adm.auro.re
|
|
||||||
services-web.adm.auro.re
|
|
||||||
mail.adm.auro.re
|
mail.adm.auro.re
|
||||||
wikijs.adm.auro.re
|
wikijs.adm.auro.re
|
||||||
|
prometheus-aurore.adm.auro.re
|
||||||
|
portail.adm.auro.re
|
||||||
|
jitsi-aurore.adm.auro.re
|
||||||
|
log.adm.auro.re
|
||||||
|
bdd.adm.auro.re
|
||||||
|
bdd-ovh.adm.auro.re
|
||||||
|
litl.adm.auro.re
|
||||||
|
log.adm.auro.re
|
||||||
|
netbox.adm.auro.re
|
||||||
|
grafana.adm.auro.re
|
||||||
|
dolibarr.adm.auro.re
|
||||||
|
infra-1.router.auro.re ansible_host=10.129.0.245
|
||||||
|
infra-2.router.auro.re ansible_host=10.129.0.246
|
||||||
|
|
||||||
|
[aurore_testing_vm]
|
||||||
|
|
||||||
|
[aurore_ilo]
|
||||||
|
escalope-ilo.adm.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# OVH
|
# OVH
|
||||||
|
@ -45,20 +59,16 @@ horus.adm.auro.re
|
||||||
|
|
||||||
[ovh_container]
|
[ovh_container]
|
||||||
synapse.adm.auro.re
|
synapse.adm.auro.re
|
||||||
services-bdd.adm.auro.re
|
|
||||||
phabricator.adm.auro.re
|
|
||||||
wiki.adm.auro.re
|
|
||||||
www.adm.auro.re
|
www.adm.auro.re
|
||||||
proxy-ovh.adm.auro.re
|
proxy-ovh.adm.auro.re
|
||||||
matrix-services.adm.auro.re
|
|
||||||
|
|
||||||
[ovh_vm]
|
[ovh_vm]
|
||||||
serge.adm.auro.re
|
serge.adm.auro.re
|
||||||
passbolt.adm.auro.re
|
|
||||||
vpn-ovh.adm.auro.re
|
|
||||||
docker-ovh.adm.auro.re
|
docker-ovh.adm.auro.re
|
||||||
switchs-manager.adm.auro.re
|
switchs-manager.adm.auro.re
|
||||||
ldap-replica-ovh.adm.auro.re
|
ldap-replica-ovh.adm.auro.re
|
||||||
|
prometheus-ovh.adm.auro.re
|
||||||
|
prometheus-federate.adm.auro.re
|
||||||
|
|
||||||
[ovh_testing_vm]
|
[ovh_testing_vm]
|
||||||
#re2o-test.adm.auro.re
|
#re2o-test.adm.auro.re
|
||||||
|
@ -67,8 +77,10 @@ ldap-replica-ovh.adm.auro.re
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Jardins de Fleming
|
# Les Jardins de Fleming
|
||||||
|
|
||||||
|
[fleming_server]
|
||||||
|
perceval.adm.auro.re
|
||||||
|
|
||||||
[fleming_pve]
|
[fleming_pve]
|
||||||
freya.adm.auro.re
|
|
||||||
marki.adm.auro.re
|
marki.adm.auro.re
|
||||||
|
|
||||||
[fleming_vm]
|
[fleming_vm]
|
||||||
|
@ -77,37 +89,30 @@ dhcp-fleming.adm.auro.re
|
||||||
dhcp-fleming-backup.adm.auro.re
|
dhcp-fleming-backup.adm.auro.re
|
||||||
dns-fleming.adm.auro.re
|
dns-fleming.adm.auro.re
|
||||||
dns-fleming-backup.adm.auro.re
|
dns-fleming-backup.adm.auro.re
|
||||||
|
ntp-1.int.infra.auro.re
|
||||||
prometheus-fleming.adm.auro.re
|
prometheus-fleming.adm.auro.re
|
||||||
#prometheus-fleming-fo.adm.auro.re
|
#prometheus-fleming-fo.adm.auro.re
|
||||||
radius-fleming.adm.auro.re
|
radius-fleming.adm.auro.re
|
||||||
|
dns-1.int.infra.auro.re
|
||||||
|
isp-1.rtr.infra.auro.re
|
||||||
|
isp-2.rtr.infra.auro.re
|
||||||
|
dhcp-1.isp.auro.re
|
||||||
|
dhcp-2.isp.auro.re
|
||||||
radius-fleming-backup.adm.auro.re
|
radius-fleming-backup.adm.auro.re
|
||||||
unifi-fleming.adm.auro.re
|
unifi-fleming.adm.auro.re
|
||||||
routeur-fleming.adm.auro.re
|
routeur-fleming.adm.auro.re
|
||||||
routeur-fleming-backup.adm.auro.re
|
routeur-fleming-backup.adm.auro.re
|
||||||
|
|
||||||
|
[fleming_ilo]
|
||||||
|
marki-ilo.adm.auro.re
|
||||||
|
|
||||||
[fleming_unifi]
|
[fleming_unifi]
|
||||||
ff-1-2.borne.auro.re
|
fa-0-1.borne.auro.re
|
||||||
fe-1-2.borne.auro.re
|
|
||||||
ff-2-2.borne.auro.re
|
|
||||||
ff-3-2.borne.auro.re
|
|
||||||
ff-4-2.borne.auro.re
|
|
||||||
fh-1-2.borne.auro.re
|
|
||||||
fh-2-2.borne.auro.re
|
|
||||||
fe-3-2.borne.auro.re
|
|
||||||
fe-2-2.borne.auro.re
|
|
||||||
fe-4-2.borne.auro.re
|
|
||||||
fh-3-2.borne.auro.re
|
|
||||||
fh-4-2.borne.auro.re
|
|
||||||
fg-3-2.borne.auro.re
|
|
||||||
fg-2-2.borne.auro.re
|
|
||||||
fi-1-2.borne.auro.re
|
|
||||||
fi-2-2.borne.auro.re
|
|
||||||
fi-3-2.borne.auro.re
|
|
||||||
fi-4-2.borne.auro.re
|
|
||||||
fa-1-1.borne.auro.re
|
fa-1-1.borne.auro.re
|
||||||
fa-2-1.borne.auro.re
|
fa-2-1.borne.auro.re
|
||||||
fa-3-1.borne.auro.re
|
fa-3-1.borne.auro.re
|
||||||
fa-4-1.borne.auro.re
|
fa-4-1.borne.auro.re
|
||||||
|
fa-j-1.borne.auro.re
|
||||||
fb-0-1.borne.auro.re
|
fb-0-1.borne.auro.re
|
||||||
fb-1-1.borne.auro.re
|
fb-1-1.borne.auro.re
|
||||||
fb-2-1.borne.auro.re
|
fb-2-1.borne.auro.re
|
||||||
|
@ -118,67 +123,83 @@ fc-1-1.borne.auro.re
|
||||||
fc-2-1.borne.auro.re
|
fc-2-1.borne.auro.re
|
||||||
fc-3-1.borne.auro.re
|
fc-3-1.borne.auro.re
|
||||||
fc-4-1.borne.auro.re
|
fc-4-1.borne.auro.re
|
||||||
fd-2-1.borne.auro.re
|
|
||||||
fd-0-1.borne.auro.re
|
fd-0-1.borne.auro.re
|
||||||
fd-1-1.borne.auro.re
|
fd-1-1.borne.auro.re
|
||||||
fa-0-1.borne.auro.re
|
fd-2-1.borne.auro.re
|
||||||
fd-3-1.borne.auro.re
|
fd-3-1.borne.auro.re
|
||||||
fe-0-1.borne.auro.re
|
fe-0-1.borne.auro.re
|
||||||
|
fe-1-1.borne.auro.re
|
||||||
|
fe-1-2.borne.auro.re
|
||||||
|
fe-2-1.borne.auro.re
|
||||||
|
fe-2-2.borne.auro.re
|
||||||
fe-3-1.borne.auro.re
|
fe-3-1.borne.auro.re
|
||||||
|
fe-3-2.borne.auro.re
|
||||||
fe-4-1.borne.auro.re
|
fe-4-1.borne.auro.re
|
||||||
|
fe-4-2.borne.auro.re
|
||||||
ff-0-1.borne.auro.re
|
ff-0-1.borne.auro.re
|
||||||
|
ff-0-f.borne.auro.re
|
||||||
ff-1-1.borne.auro.re
|
ff-1-1.borne.auro.re
|
||||||
|
ff-1-2.borne.auro.re
|
||||||
ff-2-1.borne.auro.re
|
ff-2-1.borne.auro.re
|
||||||
|
ff-2-2.borne.auro.re
|
||||||
ff-3-1.borne.auro.re
|
ff-3-1.borne.auro.re
|
||||||
|
ff-3-2.borne.auro.re
|
||||||
ff-4-1.borne.auro.re
|
ff-4-1.borne.auro.re
|
||||||
|
ff-4-2.borne.auro.re
|
||||||
fg-0-1.borne.auro.re
|
fg-0-1.borne.auro.re
|
||||||
fg-1-1.borne.auro.re
|
fg-1-1.borne.auro.re
|
||||||
|
fg-1-2.borne.auro.re
|
||||||
fg-2-1.borne.auro.re
|
fg-2-1.borne.auro.re
|
||||||
|
fg-2-2.borne.auro.re
|
||||||
fg-3-1.borne.auro.re
|
fg-3-1.borne.auro.re
|
||||||
|
fg-3-2.borne.auro.re
|
||||||
fg-4-1.borne.auro.re
|
fg-4-1.borne.auro.re
|
||||||
fh-0-1.borne.auro.re
|
fh-0-1.borne.auro.re
|
||||||
fh-1-1.borne.auro.re
|
fh-1-1.borne.auro.re
|
||||||
|
fh-1-2.borne.auro.re
|
||||||
fh-2-1.borne.auro.re
|
fh-2-1.borne.auro.re
|
||||||
|
fh-2-2.borne.auro.re
|
||||||
fh-3-1.borne.auro.re
|
fh-3-1.borne.auro.re
|
||||||
fe-2-1.borne.auro.re
|
fh-3-2.borne.auro.re
|
||||||
fh-4-1.borne.auro.re
|
fh-4-1.borne.auro.re
|
||||||
|
fh-4-2.borne.auro.re
|
||||||
fi-0-1.borne.auro.re
|
fi-0-1.borne.auro.re
|
||||||
|
fi-0-2.borne.auro.re
|
||||||
fi-1-1.borne.auro.re
|
fi-1-1.borne.auro.re
|
||||||
|
fi-1-2.borne.auro.re
|
||||||
fi-2-1.borne.auro.re
|
fi-2-1.borne.auro.re
|
||||||
|
fi-2-2.borne.auro.re
|
||||||
fi-3-1.borne.auro.re
|
fi-3-1.borne.auro.re
|
||||||
|
fi-3-2.borne.auro.re
|
||||||
fi-4-1.borne.auro.re
|
fi-4-1.borne.auro.re
|
||||||
|
fi-4-2.borne.auro.re
|
||||||
fj-0-1.borne.auro.re
|
fj-0-1.borne.auro.re
|
||||||
fj-1-1.borne.auro.re
|
fj-1-1.borne.auro.re
|
||||||
|
fj-1-2.borne.auro.re
|
||||||
fj-2-1.borne.auro.re
|
fj-2-1.borne.auro.re
|
||||||
|
fj-2-2.borne.auro.re
|
||||||
fj-3-1.borne.auro.re
|
fj-3-1.borne.auro.re
|
||||||
|
fj-3-2.borne.auro.re
|
||||||
fj-4-1.borne.auro.re
|
fj-4-1.borne.auro.re
|
||||||
|
fj-4-2.borne.auro.re
|
||||||
fk-0-1.borne.auro.re
|
fk-0-1.borne.auro.re
|
||||||
fk-1-1.borne.auro.re
|
fk-1-1.borne.auro.re
|
||||||
|
fk-1-2.borne.auro.re
|
||||||
fk-2-1.borne.auro.re
|
fk-2-1.borne.auro.re
|
||||||
|
fk-2-2.borne.auro.re
|
||||||
fk-3-1.borne.auro.re
|
fk-3-1.borne.auro.re
|
||||||
|
fk-3-2.borne.auro.re
|
||||||
fk-4-1.borne.auro.re
|
fk-4-1.borne.auro.re
|
||||||
|
fk-4-2.borne.auro.re
|
||||||
fl-0-1.borne.auro.re
|
fl-0-1.borne.auro.re
|
||||||
fl-1-1.borne.auro.re
|
fl-1-1.borne.auro.re
|
||||||
fl-2-1.borne.auro.re
|
|
||||||
fl-3-1.borne.auro.re
|
|
||||||
fl-4-1.borne.auro.re
|
|
||||||
fe-1-1.borne.auro.re
|
|
||||||
ff-0-f.borne.auro.re
|
|
||||||
fj-4-2.borne.auro.re
|
|
||||||
fj-3-2.borne.auro.re
|
|
||||||
fj-2-2.borne.auro.re
|
|
||||||
fj-1-2.borne.auro.re
|
|
||||||
fk-4-2.borne.auro.re
|
|
||||||
fk-3-2.borne.auro.re
|
|
||||||
fk-2-2.borne.auro.re
|
|
||||||
fk-1-2.borne.auro.re
|
|
||||||
fl-4-2.borne.auro.re
|
|
||||||
fl-3-2.borne.auro.re
|
|
||||||
fl-2-2.borne.auro.re
|
|
||||||
fl-1-2.borne.auro.re
|
fl-1-2.borne.auro.re
|
||||||
fa-j-1.borne.auro.re
|
fl-2-1.borne.auro.re
|
||||||
fg-1-2.borne.auro.re
|
fl-2-2.borne.auro.re
|
||||||
fi-0-2.borne.auro.re
|
fl-3-1.borne.auro.re
|
||||||
|
fl-3-2.borne.auro.re
|
||||||
|
fl-4-1.borne.auro.re
|
||||||
|
fl-4-2.borne.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Pacaterie
|
# Pacaterie
|
||||||
|
@ -201,48 +222,51 @@ unifi-pacaterie.adm.auro.re
|
||||||
routeur-pacaterie.adm.auro.re
|
routeur-pacaterie.adm.auro.re
|
||||||
routeur-pacaterie-backup.adm.auro.re
|
routeur-pacaterie-backup.adm.auro.re
|
||||||
|
|
||||||
|
[pacaterie_ilo]
|
||||||
|
mordred-ilo.adm.auro.re
|
||||||
|
titan-ilo.adm.auro.re
|
||||||
|
|
||||||
[pacaterie_unifi]
|
[pacaterie_unifi]
|
||||||
pn-1-1.borne.auro.re
|
pc-1-1.borne.auro.re
|
||||||
|
pn-0-1.borne.auro.re
|
||||||
pn-0-2.borne.auro.re
|
pn-0-2.borne.auro.re
|
||||||
pn-0-3.borne.auro.re
|
pn-0-3.borne.auro.re
|
||||||
|
pn-1-1.borne.auro.re
|
||||||
|
pn-1-2.borne.auro.re
|
||||||
pn-1-3.borne.auro.re
|
pn-1-3.borne.auro.re
|
||||||
pn-3-1.borne.auro.re
|
pn-2-1.borne.auro.re
|
||||||
pn-2-2.borne.auro.re
|
pn-2-2.borne.auro.re
|
||||||
pn-2-3.borne.auro.re
|
pn-2-3.borne.auro.re
|
||||||
pn-3-3.borne.auro.re
|
pn-3-1.borne.auro.re
|
||||||
pn-4-3.borne.auro.re
|
|
||||||
pn-2-1.borne.auro.re
|
|
||||||
pn-3-2.borne.auro.re
|
pn-3-2.borne.auro.re
|
||||||
pn-0-1.borne.auro.re
|
pn-3-3.borne.auro.re
|
||||||
pn-1-2.borne.auro.re
|
|
||||||
pc-1-1.borne.auro.re
|
|
||||||
pn-4-2.borne.auro.re
|
|
||||||
pn-4-1.borne.auro.re
|
pn-4-1.borne.auro.re
|
||||||
ps-0-3.borne.auro.re
|
pn-4-2.borne.auro.re
|
||||||
|
pn-4-3.borne.auro.re
|
||||||
ps-0-1.borne.auro.re
|
ps-0-1.borne.auro.re
|
||||||
ps-1-3.borne.auro.re
|
|
||||||
ps-2-3.borne.auro.re
|
|
||||||
ps-1-2.borne.auro.re
|
|
||||||
ps-3-2.borne.auro.re
|
|
||||||
ps-4-1.borne.auro.re
|
|
||||||
ps-2-1.borne.auro.re
|
|
||||||
ps-3-1.borne.auro.re
|
|
||||||
ps-4-3.borne.auro.re
|
|
||||||
ps-2-2.borne.auro.re
|
|
||||||
ps-1-1.borne.auro.re
|
|
||||||
ps-4-2.borne.auro.re
|
|
||||||
ps-0-2.borne.auro.re
|
ps-0-2.borne.auro.re
|
||||||
|
ps-0-3.borne.auro.re
|
||||||
|
ps-1-1.borne.auro.re
|
||||||
|
ps-1-2.borne.auro.re
|
||||||
|
ps-1-3.borne.auro.re
|
||||||
|
ps-2-1.borne.auro.re
|
||||||
|
ps-2-2.borne.auro.re
|
||||||
|
ps-2-3.borne.auro.re
|
||||||
|
ps-3-1.borne.auro.re
|
||||||
|
ps-3-2.borne.auro.re
|
||||||
ps-3-3.borne.auro.re
|
ps-3-3.borne.auro.re
|
||||||
|
ps-4-1.borne.auro.re
|
||||||
|
ps-4-2.borne.auro.re
|
||||||
|
ps-4-3.borne.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Emilie du Chatelet
|
# Emilie du Chatelet
|
||||||
|
|
||||||
[edc_server]
|
[edc_server]
|
||||||
perceval.adm.auro.re
|
caradoc.adm.auro.re
|
||||||
|
|
||||||
[edc_pve]
|
[edc_pve]
|
||||||
chapalux.adm.auro.re
|
chapalux.adm.auro.re
|
||||||
escalope.adm.auro.re
|
|
||||||
|
|
||||||
[edc_vm]
|
[edc_vm]
|
||||||
routeur-edc.adm.auro.re
|
routeur-edc.adm.auro.re
|
||||||
|
@ -257,12 +281,20 @@ radius-edc-backup.adm.auro.re
|
||||||
ldap-replica-edc.adm.auro.re
|
ldap-replica-edc.adm.auro.re
|
||||||
prometheus-edc.adm.auro.re
|
prometheus-edc.adm.auro.re
|
||||||
|
|
||||||
|
[edc_ilo]
|
||||||
|
caradoc-ilo.adm.auro.re
|
||||||
|
chapalux-ilo.adm.auro.re
|
||||||
|
|
||||||
[edc_unifi]
|
[edc_unifi]
|
||||||
ep-1-1.borne.auro.re
|
ee-2-1.borne.auro.re
|
||||||
ep-1-3.borne.auro.re
|
ee-2-2.borne.auro.re
|
||||||
ep-1-2.borne.auro.re
|
eo-0-1.borne.auro.re
|
||||||
ep-0-1.borne.auro.re
|
|
||||||
eo-2-1.borne.auro.re
|
eo-2-1.borne.auro.re
|
||||||
|
ep-0-1.borne.auro.re
|
||||||
|
ep-1-1.borne.auro.re
|
||||||
|
ep-1-2.borne.auro.re
|
||||||
|
ep-1-3.borne.auro.re
|
||||||
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# George Sand
|
# George Sand
|
||||||
|
@ -284,59 +316,65 @@ radius-gs-backup.adm.auro.re
|
||||||
prometheus-gs.adm.auro.re
|
prometheus-gs.adm.auro.re
|
||||||
ldap-replica-gs.adm.auro.re
|
ldap-replica-gs.adm.auro.re
|
||||||
|
|
||||||
|
[gs_ilo]
|
||||||
|
lancelot-ilo.adm.auro.re
|
||||||
|
odin-ilo.adm.auro.re
|
||||||
|
|
||||||
[gs_unifi]
|
[gs_unifi]
|
||||||
ga-1-2.borne.auro.re
|
|
||||||
ge-3-2.borne.auro.re
|
|
||||||
gb-4-2.borne.auro.re
|
|
||||||
gg-5-2.borne.auro.re
|
|
||||||
gd-5-2.borne.auro.re
|
|
||||||
gc-5-2.borne.auro.re
|
|
||||||
gc-3-1.borne.auro.re
|
|
||||||
gc-4-1.borne.auro.re
|
|
||||||
gg-5-1.borne.auro.re
|
|
||||||
ge-1-2.borne.auro.re
|
|
||||||
gh-1-2.borne.auro.re
|
|
||||||
gd-1-2.borne.auro.re
|
|
||||||
gf-3-2.borne.auro.re
|
|
||||||
gd-4-2.borne.auro.re
|
|
||||||
ga-0-1.borne.auro.re
|
ga-0-1.borne.auro.re
|
||||||
ga-1-1.borne.auro.re
|
ga-1-1.borne.auro.re
|
||||||
|
ga-1-2.borne.auro.re
|
||||||
ga-2-1.borne.auro.re
|
ga-2-1.borne.auro.re
|
||||||
|
ga-2-2.borne.auro.re
|
||||||
ga-3-1.borne.auro.re
|
ga-3-1.borne.auro.re
|
||||||
ga-4-1.borne.auro.re
|
ga-4-1.borne.auro.re
|
||||||
ga-5-1.borne.auro.re
|
ga-5-1.borne.auro.re
|
||||||
|
ga-5-2.borne.auro.re
|
||||||
gb-1-1.borne.auro.re
|
gb-1-1.borne.auro.re
|
||||||
gc-1-1.borne.auro.re
|
|
||||||
gc-2-1.borne.auro.re
|
|
||||||
gc-5-1.borne.auro.re
|
|
||||||
gb-2-1.borne.auro.re
|
gb-2-1.borne.auro.re
|
||||||
gb-3-1.borne.auro.re
|
gb-3-1.borne.auro.re
|
||||||
gb-4-1.borne.auro.re
|
gb-4-1.borne.auro.re
|
||||||
|
gb-4-2.borne.auro.re
|
||||||
gb-5-1.borne.auro.re
|
gb-5-1.borne.auro.re
|
||||||
|
gc-1-1.borne.auro.re
|
||||||
|
gc-2-1.borne.auro.re
|
||||||
|
gc-3-1.borne.auro.re
|
||||||
|
gc-4-1.borne.auro.re
|
||||||
|
gc-5-1.borne.auro.re
|
||||||
|
gc-5-2.borne.auro.re
|
||||||
gd-1-1.borne.auro.re
|
gd-1-1.borne.auro.re
|
||||||
|
gd-1-2.borne.auro.re
|
||||||
gd-2-1.borne.auro.re
|
gd-2-1.borne.auro.re
|
||||||
gd-3-1.borne.auro.re
|
gd-3-1.borne.auro.re
|
||||||
gd-4-1.borne.auro.re
|
gd-4-1.borne.auro.re
|
||||||
|
gd-4-2.borne.auro.re
|
||||||
gd-5-1.borne.auro.re
|
gd-5-1.borne.auro.re
|
||||||
|
gd-5-2.borne.auro.re
|
||||||
|
gd-garage-1.borne.auro.re
|
||||||
ge-0-1.borne.auro.re
|
ge-0-1.borne.auro.re
|
||||||
ge-1-1.borne.auro.re
|
ge-1-1.borne.auro.re
|
||||||
|
ge-1-2.borne.auro.re
|
||||||
ge-2-1.borne.auro.re
|
ge-2-1.borne.auro.re
|
||||||
|
ge-2-2.borne.auro.re
|
||||||
ge-3-1.borne.auro.re
|
ge-3-1.borne.auro.re
|
||||||
|
ge-3-2.borne.auro.re
|
||||||
ge-4-1.borne.auro.re
|
ge-4-1.borne.auro.re
|
||||||
ge-5-1.borne.auro.re
|
ge-5-1.borne.auro.re
|
||||||
gf-0-1.borne.auro.re
|
gf-0-1.borne.auro.re
|
||||||
|
gf-1-1.borne.auro.re
|
||||||
gf-2-1.borne.auro.re
|
gf-2-1.borne.auro.re
|
||||||
gf-3-1.borne.auro.re
|
gf-3-1.borne.auro.re
|
||||||
|
gf-3-2.borne.auro.re
|
||||||
gf-4-1.borne.auro.re
|
gf-4-1.borne.auro.re
|
||||||
gf-1-1.borne.auro.re
|
|
||||||
gd-garage-1.borne.auro.re
|
|
||||||
gf-5-1.borne.auro.re
|
gf-5-1.borne.auro.re
|
||||||
|
gg-5-1.borne.auro.re
|
||||||
|
gg-5-2.borne.auro.re
|
||||||
|
gh-1-2.borne.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Rives
|
# Les Rives
|
||||||
[rives_pve]
|
[rives_pve]
|
||||||
thor.adm.auro.re
|
loki.adm.auro.re
|
||||||
|
|
||||||
[rives_vm]
|
[rives_vm]
|
||||||
dhcp-rives-backup.adm.auro.re
|
dhcp-rives-backup.adm.auro.re
|
||||||
|
@ -345,41 +383,76 @@ dns-rives-backup.adm.auro.re
|
||||||
radius-rives-backup.adm.auro.re
|
radius-rives-backup.adm.auro.re
|
||||||
routeur-rives-backup.adm.auro.re
|
routeur-rives-backup.adm.auro.re
|
||||||
ldap-replica-rives.adm.auro.re
|
ldap-replica-rives.adm.auro.re
|
||||||
|
prometheus-rives.adm.auro.re
|
||||||
|
dhcp-rives.adm.auro.re
|
||||||
|
dns-rives.adm.auro.re
|
||||||
|
radius-rives.adm.auro.re
|
||||||
|
routeur-rives.adm.auro.re
|
||||||
|
|
||||||
|
[rives_ilo]
|
||||||
|
loki-ilo.adm.auro.re
|
||||||
|
|
||||||
[rives_unifi]
|
[rives_unifi]
|
||||||
r3-4-4.borne.auro.re
|
r1-1-1.borne.auro.re
|
||||||
r3-4-3.borne.auro.re
|
r1-1-2.borne.auro.re
|
||||||
r3-2-1.borne.auro.re
|
r1-1-3.borne.auro.re
|
||||||
r3-4-1.borne.auro.re
|
r1-1-4.borne.auro.re
|
||||||
r3-2-8.borne.auro.re
|
r1-1-5.borne.auro.re
|
||||||
r3-3-4.borne.auro.re
|
r1-1-6.borne.auro.re
|
||||||
r3-1-3.borne.auro.re
|
r1-2-1.borne.auro.re
|
||||||
r3-3-5.borne.auro.re
|
r1-2-2.borne.auro.re
|
||||||
r3-2-4.borne.auro.re
|
r1-2-3.borne.auro.re
|
||||||
r3-3-6.borne.auro.re
|
r1-2-4.borne.auro.re
|
||||||
r3-1-2.borne.auro.re
|
r1-3-1.borne.auro.re
|
||||||
r3-4-5.borne.auro.re
|
r1-3-2.borne.auro.re
|
||||||
r3-2-2.borne.auro.re
|
r1-3-3.borne.auro.re
|
||||||
r3-4-6.borne.auro.re
|
r1-3-4.borne.auro.re
|
||||||
|
r1-3-5.borne.auro.re
|
||||||
|
r1-3-6.borne.auro.re
|
||||||
|
r2-1-1.borne.auro.re
|
||||||
|
r2-1-2.borne.auro.re
|
||||||
|
r2-1-3.borne.auro.re
|
||||||
|
r2-1-4.borne.auro.re
|
||||||
|
r2-2-1.borne.auro.re
|
||||||
|
r2-2-2.borne.auro.re
|
||||||
|
r2-2-3.borne.auro.re
|
||||||
|
r2-3-1.borne.auro.re
|
||||||
|
r2-3-2.borne.auro.re
|
||||||
|
r2-3-3.borne.auro.re
|
||||||
|
r2-3-4.borne.auro.re
|
||||||
|
r3-0-1.borne.auro.re
|
||||||
|
r3-0-2.borne.auro.re
|
||||||
|
r3-0-3.borne.auro.re
|
||||||
|
r3-0-4.borne.auro.re
|
||||||
r3-1-1.borne.auro.re
|
r3-1-1.borne.auro.re
|
||||||
r3-4-7.borne.auro.re
|
r3-1-2.borne.auro.re
|
||||||
r3-4-2.borne.auro.re
|
r3-1-3.borne.auro.re
|
||||||
r3-4-8.borne.auro.re
|
r3-1-4.borne.auro.re
|
||||||
r3-2-3.borne.auro.re
|
r3-1-5.borne.auro.re
|
||||||
r3-1-6.borne.auro.re
|
r3-1-6.borne.auro.re
|
||||||
r3-1-7.borne.auro.re
|
r3-1-7.borne.auro.re
|
||||||
|
r3-2-1.borne.auro.re
|
||||||
|
r3-2-2.borne.auro.re
|
||||||
|
r3-2-3.borne.auro.re
|
||||||
|
r3-2-4.borne.auro.re
|
||||||
r3-2-5.borne.auro.re
|
r3-2-5.borne.auro.re
|
||||||
r3-2-6.borne.auro.re
|
r3-2-6.borne.auro.re
|
||||||
r3-2-7.borne.auro.re
|
r3-2-7.borne.auro.re
|
||||||
r3-3-3.borne.auro.re
|
r3-2-8.borne.auro.re
|
||||||
r3-0-1.borne.auro.re
|
|
||||||
r3-3-2.borne.auro.re
|
|
||||||
r3-0-2.borne.auro.re
|
|
||||||
r3-3-1.borne.auro.re
|
r3-3-1.borne.auro.re
|
||||||
r3-0-3.borne.auro.re
|
r3-3-2.borne.auro.re
|
||||||
r3-1-5.borne.auro.re
|
r3-3-3.borne.auro.re
|
||||||
r3-0-4.borne.auro.re
|
r3-3-4.borne.auro.re
|
||||||
r3-1-4.borne.auro.re
|
r3-3-5.borne.auro.re
|
||||||
|
r3-3-6.borne.auro.re
|
||||||
|
r3-4-1.borne.auro.re
|
||||||
|
r3-4-2.borne.auro.re
|
||||||
|
r3-4-3.borne.auro.re
|
||||||
|
r3-4-4.borne.auro.re
|
||||||
|
r3-4-5.borne.auro.re
|
||||||
|
r3-4-6.borne.auro.re
|
||||||
|
r3-4-7.borne.auro.re
|
||||||
|
r3-4-8.borne.auro.re
|
||||||
|
|
||||||
# -aurore services
|
# -aurore services
|
||||||
[aurore:children]
|
[aurore:children]
|
||||||
|
@ -394,31 +467,35 @@ ovh_vm
|
||||||
|
|
||||||
# everything at fleming
|
# everything at fleming
|
||||||
[fleming:children]
|
[fleming:children]
|
||||||
|
fleming_server
|
||||||
fleming_pve
|
fleming_pve
|
||||||
fleming_vm
|
fleming_vm
|
||||||
#fleming_unifi
|
fleming_unifi
|
||||||
|
|
||||||
# everything at pacaterie
|
# everything at pacaterie
|
||||||
[pacaterie:children]
|
[pacaterie:children]
|
||||||
pacaterie_pve
|
pacaterie_pve
|
||||||
pacaterie_vm
|
pacaterie_vm
|
||||||
#pacaterie_unifi
|
pacaterie_unifi
|
||||||
|
|
||||||
# everything at edc
|
# everything at edc
|
||||||
[edc:children]
|
[edc:children]
|
||||||
|
edc_server
|
||||||
edc_pve
|
edc_pve
|
||||||
edc_vm
|
edc_vm
|
||||||
|
edc_unifi
|
||||||
|
|
||||||
# everything at georgesand
|
# everything at georgesand
|
||||||
[gs:children]
|
[gs:children]
|
||||||
gs_pve
|
gs_pve
|
||||||
gs_vm
|
gs_vm
|
||||||
|
gs_unifi
|
||||||
|
|
||||||
# everything at Les Rives
|
# everything at Les Rives
|
||||||
[rives:children]
|
[rives:children]
|
||||||
rives_pve
|
rives_pve
|
||||||
rives_vm
|
rives_vm
|
||||||
|
rives_unifi
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Groups by type
|
# Groups by type
|
||||||
|
@ -436,6 +513,11 @@ edc_vm
|
||||||
gs_vm
|
gs_vm
|
||||||
rives_vm
|
rives_vm
|
||||||
|
|
||||||
|
# every server
|
||||||
|
[server:children]
|
||||||
|
fleming_server
|
||||||
|
edc_server
|
||||||
|
|
||||||
# every PVE
|
# every PVE
|
||||||
[pve:children]
|
[pve:children]
|
||||||
ovh_pve
|
ovh_pve
|
||||||
|
@ -456,6 +538,20 @@ pacaterie_unifi
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Groups by service
|
# Groups by service
|
||||||
|
|
||||||
|
[routeur]
|
||||||
|
routeur-fleming.adm.auro.re
|
||||||
|
routeur-fleming-backup.adm.auro.re
|
||||||
|
routeur-pacaterie.adm.auro.re
|
||||||
|
routeur-pacaterie-backup.adm.auro.re
|
||||||
|
routeur-edc.adm.auro.re
|
||||||
|
routeur-edc-backup.adm.auro.re
|
||||||
|
routeur-gs.adm.auro.re
|
||||||
|
routeur-gs-backup.adm.auro.re
|
||||||
|
routeur-rives.adm.auro.re
|
||||||
|
routeur-rives-backup.adm.auro.re
|
||||||
|
routeur-aurore.adm.auro.re
|
||||||
|
routeur-aurore-backup.adm.auro.re
|
||||||
|
|
||||||
[ldap_replica:children]
|
[ldap_replica:children]
|
||||||
ldap_replica_fleming
|
ldap_replica_fleming
|
||||||
ldap_replica_pacaterie
|
ldap_replica_pacaterie
|
||||||
|
@ -482,3 +578,46 @@ ldap-replica-ovh.adm.auro.re
|
||||||
[ldap_replica_rives]
|
[ldap_replica_rives]
|
||||||
ldap-replica-rives.adm.auro.re
|
ldap-replica-rives.adm.auro.re
|
||||||
|
|
||||||
|
[certbot]
|
||||||
|
portail.adm.auro.re
|
||||||
|
|
||||||
|
[certbot:children]
|
||||||
|
reverseproxy
|
||||||
|
|
||||||
|
[nginx]
|
||||||
|
portail.adm.auro.re
|
||||||
|
|
||||||
|
[nginx:children]
|
||||||
|
reverseproxy
|
||||||
|
|
||||||
|
[reverseproxy]
|
||||||
|
proxy-ovh.adm.auro.re
|
||||||
|
proxy.adm.auro.re
|
||||||
|
|
||||||
|
[bdd]
|
||||||
|
bdd.adm.auro.re
|
||||||
|
bdd-ovh.adm.auro.re
|
||||||
|
re2o-db.adm.auro.re
|
||||||
|
|
||||||
|
[radius]
|
||||||
|
radius-aurore.adm.auro.re
|
||||||
|
radius-fleming.adm.auro.re
|
||||||
|
radius-fleming-backup.adm.auro.re
|
||||||
|
radius-edc.adm.auro.re
|
||||||
|
radius-edc-backup.adm.auro.re
|
||||||
|
radius-gs.adm.auro.re
|
||||||
|
radius-gs-backup.adm.auro.re
|
||||||
|
radius-pacaterie.adm.auro.re
|
||||||
|
radius-pacaterie-backup.adm.auro.re
|
||||||
|
radius-rives.adm.auro.re
|
||||||
|
radius-rives-backup.adm.auro.re
|
||||||
|
|
||||||
|
[prometheus]
|
||||||
|
prometheus-ovh.adm.auro.re
|
||||||
|
prometheus-aurore.adm.auro.re
|
||||||
|
prometheus-rives.adm.auro.re
|
||||||
|
prometheus-gs.adm.auro.re
|
||||||
|
prometheus-edc.adm.auro.re
|
||||||
|
prometheus-pacaterie.adm.auro.re
|
||||||
|
prometheus-fleming.adm.auro.re
|
||||||
|
prometheus-federate.adm.auro.re
|
||||||
|
|
|
@ -1,62 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
|
|
||||||
# Prometheus targets.json
|
|
||||||
prometheus_targets:
|
|
||||||
- targets: |
|
|
||||||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets:
|
|
||||||
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
|
|
||||||
- hosts: prometheus-pacaterie.adm.auro.re,prometheus-pacaterie-fo.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
|
|
||||||
# Prometheus targets.json
|
|
||||||
prometheus_targets:
|
|
||||||
- targets: |
|
|
||||||
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets:
|
|
||||||
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
|
|
||||||
- hosts: prometheus-edc.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
|
|
||||||
# Prometheus targets.json
|
|
||||||
prometheus_targets:
|
|
||||||
- targets: |
|
|
||||||
{{ groups['edc_pve'] + groups['edc_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets:
|
|
||||||
- targets: "{{ groups['edc_unifi'] | list | sort }}"
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
|
|
||||||
- hosts: prometheus-gs.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
|
|
||||||
# Prometheus targets.json
|
|
||||||
prometheus_targets:
|
|
||||||
- targets: |
|
|
||||||
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets:
|
|
||||||
- targets: "{{ groups['gs_unifi'] | list | sort }}"
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
|
|
||||||
# Monitor all hosts
|
|
||||||
- hosts: all,!unifi,!ovh
|
|
||||||
roles:
|
|
||||||
- prometheus_node
|
|
65
network.yml
65
network.yml
|
@ -1,65 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Set up DHCP servers.
|
|
||||||
- hosts: dhcp-*.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- isc_dhcp_server
|
|
||||||
|
|
||||||
|
|
||||||
# Deploy unbound DNS server (recursive).
|
|
||||||
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- unbound
|
|
||||||
|
|
||||||
|
|
||||||
# Déploiement du service re2o aurore-firewall et keepalived
|
|
||||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
|
||||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
|
||||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- radvd
|
|
||||||
|
|
||||||
# No radvd here
|
|
||||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- ipv6_edge_router
|
|
||||||
|
|
||||||
# Radius (backup only for now)
|
|
||||||
- hosts: radius-*.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- radius
|
|
||||||
|
|
||||||
|
|
||||||
# WIP: Deploy authoritative DNS servers
|
|
||||||
# - hosts: authoritative_dns
|
|
||||||
# vars:
|
|
||||||
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
|
||||||
# service_name: dns
|
|
||||||
# service_version: crans
|
|
||||||
# service_config:
|
|
||||||
# hostname: re2o-server.adm.auro.re
|
|
||||||
# username: service-user
|
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
|
||||||
# roles:
|
|
||||||
# - re2o-service
|
|
||||||
|
|
||||||
|
|
||||||
# Deploy Unifi Controller
|
|
||||||
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
|
||||||
# roles:
|
|
||||||
# - unifi-controller
|
|
||||||
|
|
||||||
# Deploy Re2o switch service
|
|
||||||
# - hosts: switchs-manager.adm.auro.re
|
|
||||||
# vars:
|
|
||||||
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
|
||||||
# service_name: switchs
|
|
||||||
# service_version: master
|
|
||||||
# service_config:
|
|
||||||
# hostname: re2o-server.adm.auro.re
|
|
||||||
# username: service-user
|
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
|
||||||
# roles:
|
|
||||||
# - re2o-service
|
|
|
@ -5,13 +5,6 @@
|
||||||
roles:
|
roles:
|
||||||
- baseconfig
|
- baseconfig
|
||||||
- basesecurity
|
- basesecurity
|
||||||
|
|
||||||
# Plug LDAP on all servers
|
|
||||||
- hosts: all,!unifi
|
|
||||||
roles:
|
|
||||||
- ldap_client
|
- ldap_client
|
||||||
|
|
||||||
# Install logrotate
|
|
||||||
- hosts: all,!unifi,!pve
|
|
||||||
roles:
|
|
||||||
- logrotate
|
- logrotate
|
||||||
|
- update_motd
|
32
playbooks/borgbackup.yml
Executable file
32
playbooks/borgbackup.yml
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: perceval.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
borgbackup_server: >-
|
||||||
|
Les sauvegardes (borg) sont stockées dans
|
||||||
|
{{ borg_server_backups_dir }}.
|
||||||
|
roles:
|
||||||
|
- borgbackup_server
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: all,!unifi,!unifi-*,!bdd
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
borgbackup_client: >-
|
||||||
|
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
||||||
|
roles:
|
||||||
|
- borgbackup_client
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# On databases server, also backup databases
|
||||||
|
- hosts: bdd
|
||||||
|
vars:
|
||||||
|
borg_postgresql_databases: true
|
||||||
|
update_motd:
|
||||||
|
borgbackup_client: >-
|
||||||
|
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
||||||
|
roles:
|
||||||
|
- borgbackup_client
|
||||||
|
- update_motd
|
||||||
|
...
|
27
playbooks/chronyd.yml
Executable file
27
playbooks/chronyd.yml
Executable file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
vars:
|
||||||
|
chronyd__allow_networks:
|
||||||
|
- 10.128.0.0/16
|
||||||
|
- 2a09:6840:128::/48
|
||||||
|
chronyd__pools:
|
||||||
|
- 0.pool.ntp.org
|
||||||
|
- 1.pool.ntp.org
|
||||||
|
- 2.pool.ntp.org
|
||||||
|
- 3.pool.ntp.org
|
||||||
|
chronyd__local_stratum: 10
|
||||||
|
roles:
|
||||||
|
- chronyd
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- all
|
||||||
|
- "!ntp-1.int.infra.auro.re"
|
||||||
|
- "!unifi"
|
||||||
|
vars:
|
||||||
|
chronyd__pools:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
roles:
|
||||||
|
- chronyd
|
||||||
|
...
|
10
playbooks/docker.yml
Executable file
10
playbooks/docker.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy Docker hosts
|
||||||
|
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
docker: Docker est déployé.
|
||||||
|
roles:
|
||||||
|
- docker
|
||||||
|
- update_motd
|
27
playbooks/grafana.yml
Executable file
27
playbooks/grafana.yml
Executable file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy Grafana
|
||||||
|
- hosts: grafana.adm.auro.re
|
||||||
|
vars:
|
||||||
|
grafana:
|
||||||
|
root_url: https://grafana.auro.re
|
||||||
|
database:
|
||||||
|
type: postgres
|
||||||
|
host: 10.128.0.95
|
||||||
|
name: grafana
|
||||||
|
user: grafana
|
||||||
|
password: "{{ vault_postgresql_grafana_passwd }}"
|
||||||
|
ldap:
|
||||||
|
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
|
||||||
|
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
|
||||||
|
bind_password: "{{ vault_ldap_grafana_password }}"
|
||||||
|
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
|
||||||
|
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
|
||||||
|
editors_group_dn:
|
||||||
|
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
||||||
|
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
||||||
|
update_motd:
|
||||||
|
grafana: Grafana est déployé (/etc/grafana).
|
||||||
|
roles:
|
||||||
|
- grafana
|
||||||
|
- update_motd
|
213
playbooks/ifupdown2.yml
Executable file
213
playbooks/ifupdown2.yml
Executable file
|
@ -0,0 +1,213 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
- dns-1.int.infra.auro.re
|
||||||
|
- dhcp-1.isp.auro.re
|
||||||
|
- dhcp-2.isp.auro.re
|
||||||
|
- isp-1.rtr.infra.auro.re
|
||||||
|
- isp-2.rtr.infra.auro.re
|
||||||
|
vars:
|
||||||
|
# TODO: netbox
|
||||||
|
ifupdown2__hosts:
|
||||||
|
ntp-1.int.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
gateways:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::203/56
|
||||||
|
- 10.128.0.203/16
|
||||||
|
dns-1.int.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
gateways:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::127/56
|
||||||
|
- 10.128.0.127/16
|
||||||
|
dhcp-1.isp.auro.re:
|
||||||
|
ens18:
|
||||||
|
gateways:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::204/56
|
||||||
|
- 10.128.0.204/16
|
||||||
|
ens19: null
|
||||||
|
clients:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- ens19
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
client-0:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.2/27
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-1:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.34/27
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-2:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.66/27
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-3:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.98/27
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-4:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.130/27
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients
|
||||||
|
dhcp-2.isp.auro.re:
|
||||||
|
ens18:
|
||||||
|
gateways:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::91/56
|
||||||
|
- 10.128.0.91/16
|
||||||
|
ens19: null
|
||||||
|
clients:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- ens19
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
client-0:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.3/27
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-1:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.35/27
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-2:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.67/27
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-3:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.99/27
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients
|
||||||
|
client-4:
|
||||||
|
addresses:
|
||||||
|
- 100.64.0.131/27
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients
|
||||||
|
isp-1.rtr.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
gateways:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::255/56
|
||||||
|
- 10.128.0.255/16
|
||||||
|
ens19: null
|
||||||
|
clients:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- ens19
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
bridge_disable_pvid: true
|
||||||
|
forward: true
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-0:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-1:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-2:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-3:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-4:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
isp-2.rtr.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
gateways:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::158/56
|
||||||
|
- 10.128.0.158/16
|
||||||
|
ens19: null
|
||||||
|
clients:
|
||||||
|
bridge_vlan_aware: true
|
||||||
|
bridge_ports:
|
||||||
|
- ens19
|
||||||
|
bridge_vids:
|
||||||
|
- 1000-1004
|
||||||
|
client-0:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1000
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-1:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1001
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-2:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1002
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-3:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1003
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
client-4:
|
||||||
|
forward: true
|
||||||
|
vlan_id: 1004
|
||||||
|
vlan_raw_device: clients
|
||||||
|
ipv6_addrgen: false
|
||||||
|
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
||||||
|
roles:
|
||||||
|
- ifupdown2
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
- dns-1.int.infra.auro.re
|
||||||
|
- dhcp-1.isp.auro.re
|
||||||
|
- dhcp-2.isp.auro.re
|
||||||
|
- isp-1.rtr.infra.auro.re
|
||||||
|
- isp-2.rtr.infra.auro.re
|
||||||
|
vars:
|
||||||
|
resolvconf__nameservers:
|
||||||
|
- 2a09:6840:128::127
|
||||||
|
- 10.128.0.127
|
||||||
|
resolvconf__domain: auro.re
|
||||||
|
resolvconf__search:
|
||||||
|
- "{{ inventory_hostname | remove_domain_suffix }}"
|
||||||
|
- auro.re
|
||||||
|
roles:
|
||||||
|
- resolvconf
|
||||||
|
...
|
9
playbooks/isc-dhcp-server.yml
Executable file
9
playbooks/isc-dhcp-server.yml
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: dhcp-*.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: isc-dhcp-server est déployé.
|
||||||
|
roles:
|
||||||
|
- isc_dhcp_server
|
||||||
|
- update_motd
|
32
playbooks/keepalived.yml
Executable file
32
playbooks/keepalived.yml
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- isp-1.rtr.infra.auro.re
|
||||||
|
- isp-2.rtr.infra.auro.re
|
||||||
|
vars:
|
||||||
|
keepalived__virtual_router_id: 80
|
||||||
|
keepalived__interface: ens18
|
||||||
|
keepalived__virtual_addresses:
|
||||||
|
client-0:
|
||||||
|
- 100.64.0.1/27
|
||||||
|
- 2a09:6841::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-1:
|
||||||
|
- 100.64.0.33/27
|
||||||
|
- 2a09:6841:0:100::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-2:
|
||||||
|
- 100.64.0.65/27
|
||||||
|
- 2a09:6841:0:100::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-3:
|
||||||
|
- 100.64.0.97/27
|
||||||
|
- 2a09:6841:0:200::/56
|
||||||
|
- fe80::1/10
|
||||||
|
client-4:
|
||||||
|
- 100.64.0.129/27
|
||||||
|
- 2a09:6841:0:300::/56
|
||||||
|
- fe80::1/10
|
||||||
|
roles:
|
||||||
|
- keepalived
|
||||||
|
...
|
17
playbooks/knot.yml
Executable file
17
playbooks/knot.yml
Executable file
|
@ -0,0 +1,17 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
|
# WIP: Deploy authoritative DNS servers
|
||||||
|
# - hosts: authoritative_dns
|
||||||
|
# vars:
|
||||||
|
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
||||||
|
# service_name: dns
|
||||||
|
# service_version: crans
|
||||||
|
# service_config:
|
||||||
|
# hostname: re2o-server.adm.auro.re
|
||||||
|
# username: service-user
|
||||||
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
# roles:
|
||||||
|
# - re2o_service
|
|
@ -1,7 +1,10 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
# Clone LDAP on local geographic location
|
# Clone LDAP on local geographic location
|
||||||
# DON'T DO THIS AS IT RECREATES THE REPLICA
|
# DON'T DO THIS AS IT RECREATES THE REPLICA
|
||||||
- hosts: ldap_replica
|
# - hosts: ldap_replica
|
||||||
roles:
|
# roles:
|
||||||
- ldap_replica
|
# - ldap_replica
|
|
@ -1,18 +1,18 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Install Matrix Synapse on corresponding containers
|
# Install Matrix Synapse
|
||||||
- hosts: synapse.adm.auro.re
|
- hosts: synapse.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
||||||
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
||||||
|
update_motd:
|
||||||
|
matrix-synapse: matrix-synapse est déployé.
|
||||||
|
matrix-appservice-irc: matrix-appservice-irc est déployé.
|
||||||
|
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
|
||||||
roles:
|
roles:
|
||||||
- debian_backports
|
- debian_backports
|
||||||
- nodejs
|
- nodejs
|
||||||
- matrix_synapse
|
- matrix_synapse
|
||||||
- matrix_appservice_irc
|
- matrix_appservice_irc
|
||||||
- matrix_appservice_webhooks
|
- matrix_appservice_webhooks
|
||||||
|
- update_motd
|
||||||
# Install Matrix services
|
|
||||||
- hosts: matrix-services.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- debian_backports
|
|
26
playbooks/nginx.yml
Executable file
26
playbooks/nginx.yml
Executable file
|
@ -0,0 +1,26 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: reverseproxy
|
||||||
|
vars:
|
||||||
|
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||||
|
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||||
|
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
|
||||||
|
update_motd:
|
||||||
|
nginx: >-
|
||||||
|
Le reverse-proxy NGINX est déployé (/etc/nginx).
|
||||||
|
roles:
|
||||||
|
- certbot
|
||||||
|
- nginx
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: nginx,!reverseproxy
|
||||||
|
vars:
|
||||||
|
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||||
|
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||||
|
update_motd:
|
||||||
|
nginx: >-
|
||||||
|
NGINX avec certbot est déployé (/etc/nginx).
|
||||||
|
roles:
|
||||||
|
- certbot
|
||||||
|
- nginx
|
||||||
|
- update_motd
|
22
playbooks/postfix.yml
Executable file
22
playbooks/postfix.yml
Executable file
|
@ -0,0 +1,22 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy Postfix on non mailhost servers
|
||||||
|
- hosts: all,!unifi
|
||||||
|
vars:
|
||||||
|
local_network: 10.128.0.0/16
|
||||||
|
relay_host: proxy.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- postfix_non_mailhost
|
||||||
|
|
||||||
|
# Deploy Re2o mail service
|
||||||
|
- hosts: mail.auro.re
|
||||||
|
vars:
|
||||||
|
service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
|
||||||
|
service_name: mail-server
|
||||||
|
service_version: aurore
|
||||||
|
service_config:
|
||||||
|
hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod!
|
||||||
|
username: service-user
|
||||||
|
password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
roles:
|
||||||
|
- re2o_service
|
170
playbooks/postgresql.yml
Executable file
170
playbooks/postgresql.yml
Executable file
|
@ -0,0 +1,170 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Install and configure database servers at Saclay
|
||||||
|
- hosts: bdd.adm.auro.re
|
||||||
|
vars:
|
||||||
|
postgresql:
|
||||||
|
version: 13
|
||||||
|
hosts:
|
||||||
|
- database: nextcloud
|
||||||
|
user: nextcloud
|
||||||
|
net: 10.128.0.58/32
|
||||||
|
method: md5
|
||||||
|
- database: gitea
|
||||||
|
user: gitea
|
||||||
|
net: 10.128.0.60/32
|
||||||
|
method: md5
|
||||||
|
- database: wikijs
|
||||||
|
user: wikijs
|
||||||
|
net: 10.128.0.66/32
|
||||||
|
method: md5
|
||||||
|
- database: drone
|
||||||
|
user: drone
|
||||||
|
net: 10.128.0.64/32
|
||||||
|
method: md5
|
||||||
|
- database: netbox
|
||||||
|
user: netbox
|
||||||
|
net: 10.128.0.97/32
|
||||||
|
method: md5
|
||||||
|
- database: grafana
|
||||||
|
user: grafana
|
||||||
|
net: 10.128.0.98/32
|
||||||
|
method: md5
|
||||||
|
- database: dolibarr
|
||||||
|
user: dolibarr
|
||||||
|
net: 10.128.0.236/32
|
||||||
|
method: md5
|
||||||
|
- database: rt5
|
||||||
|
user: rt5
|
||||||
|
net: 10.128.0.123/32
|
||||||
|
method: md5
|
||||||
|
databases:
|
||||||
|
- nextcloud
|
||||||
|
- gitea
|
||||||
|
- wikijs
|
||||||
|
- drone
|
||||||
|
- netbox
|
||||||
|
- grafana
|
||||||
|
- dolibarr
|
||||||
|
- rt5
|
||||||
|
users:
|
||||||
|
- name: nextcloud
|
||||||
|
database: nextcloud
|
||||||
|
password: "{{ vault_postgresql_nextcloud_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: gitea
|
||||||
|
database: gitea
|
||||||
|
password: "{{ vault_postgresql_gitea_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: wikijs
|
||||||
|
database: wikijs
|
||||||
|
password: "{{ vault_postgresql_wikijs_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: drone
|
||||||
|
database: drone
|
||||||
|
password: "{{ vault_postgresql_drone_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: netbox
|
||||||
|
database: netbox
|
||||||
|
password: "{{ vault_postgresql_netbox_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: grafana
|
||||||
|
database: grafana
|
||||||
|
password: "{{ vault_postgresql_grafana_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: dolibarr
|
||||||
|
database: dolibarr
|
||||||
|
password: "{{ vault_postgresql_dolibarr_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: rt5
|
||||||
|
database: rt5
|
||||||
|
password: "{{ vault_postgresql_rt5_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
update_motd:
|
||||||
|
postgresql: PostgreSQL est déployé.
|
||||||
|
roles:
|
||||||
|
- postgresql
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# Install and configure database servers at OVH
|
||||||
|
- hosts: bdd-ovh.adm.auro.re
|
||||||
|
vars:
|
||||||
|
postgresql:
|
||||||
|
version: 13
|
||||||
|
hosts:
|
||||||
|
- database: etherpad
|
||||||
|
user: etherpad
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: codimd
|
||||||
|
user: codimd
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: synapse
|
||||||
|
user: synapse
|
||||||
|
net: 10.128.0.56/32
|
||||||
|
method: md5
|
||||||
|
- database: kanboard
|
||||||
|
user: kanboard
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: cas
|
||||||
|
user: cas
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: appservice-discord
|
||||||
|
user: appservice-discord
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
databases:
|
||||||
|
- synapse
|
||||||
|
- codimd
|
||||||
|
- etherpad
|
||||||
|
- kanboard
|
||||||
|
- cas
|
||||||
|
- appservice-discord
|
||||||
|
users:
|
||||||
|
- name: synapse
|
||||||
|
database: synapse
|
||||||
|
password: "{{ vault_postgresql_synapse_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: codimd
|
||||||
|
database: codimd
|
||||||
|
password: "{{ vault_postgresql_codimd_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: etherpad
|
||||||
|
database: etherpad
|
||||||
|
password: "{{ vault_postgresql_etherpad_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: kanboard
|
||||||
|
database: kanboard
|
||||||
|
password: "{{ vault_postgresql_kanboard_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: cas
|
||||||
|
database: cas
|
||||||
|
password: "{{ vault_postgresql_cas_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: appservice-discord
|
||||||
|
database: appservice-discord
|
||||||
|
password: "{{ vault_postgresql_appservice_discord_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
update_motd:
|
||||||
|
postgresql: PostgreSQL est déployé.
|
||||||
|
roles:
|
||||||
|
- postgresql
|
||||||
|
- update_motd
|
||||||
|
...
|
241
playbooks/prometheus.yml
Executable file
241
playbooks/prometheus.yml
Executable file
|
@ -0,0 +1,241 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: prometheus-fleming.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_servers_targets: |
|
||||||
|
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets: |
|
||||||
|
{{ groups['fleming_unifi'] | list | sort }}
|
||||||
|
prometheus_ilo_snmp_targets: |
|
||||||
|
{{ groups['fleming_ilo'] | list | sort }}
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: prometheus-pacaterie.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_servers_targets: |
|
||||||
|
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets: |
|
||||||
|
{{ groups['pacaterie_unifi'] | list | sort }}
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-pn-1.ups.auro.re
|
||||||
|
- ups-ps-1.ups.auro.re
|
||||||
|
prometheus_ilo_snmp_targets: |
|
||||||
|
{{ groups['pacaterie_ilo'] | list | sort }}
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: prometheus-edc.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-ec-1.ups.auro.re
|
||||||
|
# - ups-ec-2.ups.auro.re
|
||||||
|
- ups-ec-3.ups.auro.re
|
||||||
|
prometheus_servers_targets: |
|
||||||
|
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets: |
|
||||||
|
{{ groups['edc_unifi'] | list | sort }}
|
||||||
|
prometheus_ilo_snmp_targets: |
|
||||||
|
{{ groups['edc_ilo'] | list | sort }}
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: prometheus-gs.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_servers_targets: |
|
||||||
|
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets: |
|
||||||
|
{{ groups['gs_unifi'] | list | sort }}
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-gk-1.ups.auro.re
|
||||||
|
prometheus_apc_pdu_snmp_targets:
|
||||||
|
- pdu-ga-1.ups.auro.re
|
||||||
|
prometheus_ilo_snmp_targets: |
|
||||||
|
{{ groups['gs_ilo'] | list | sort }}
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: prometheus-rives.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-r3-1.ups.auro.re
|
||||||
|
- ups-r1-1.ups.auro.re
|
||||||
|
prometheus_servers_targets: |
|
||||||
|
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets: |
|
||||||
|
{{ groups['rives_unifi'] | list | sort }}
|
||||||
|
prometheus_ilo_snmp_targets: |
|
||||||
|
{{ groups['rives_ilo'] | list | sort }}
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: prometheus-aurore.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_servers_targets: |
|
||||||
|
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||||
|
prometheus_postgresql_targets: |
|
||||||
|
{{ groups['bdd'] + groups['radius'] | list | sort }}
|
||||||
|
prometheus_switch_snmp_targets:
|
||||||
|
- yggdrasil.switch.auro.re
|
||||||
|
- sw-pn-serveurs.switch.auro.re
|
||||||
|
- sw-ec-serveurs.switch.auro.re
|
||||||
|
- sw-gk-serveurs.switch.auro.re
|
||||||
|
- sw-fl-serveurs.switch.auro.re
|
||||||
|
- sw-ff-uplink.switch.auro.re
|
||||||
|
- sw-fl-core.switch.auro.re
|
||||||
|
- sw-fd-vcore.switch.auro.re
|
||||||
|
- sw-fl-vcore.switch.auro.re
|
||||||
|
- sw-ff-vcore.switch.auro.re
|
||||||
|
- sw-pn-core.switch.auro.re
|
||||||
|
- sw-ec-core.switch.auro.re
|
||||||
|
- sw-gk-core.switch.auro.re
|
||||||
|
- sw-r3-core.switch.auro.re
|
||||||
|
prometheus_ilo_snmp_targets: |
|
||||||
|
{{ groups['aurore_ilo'] | list | sort }}
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: prometheus-ovh.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_servers_targets: |
|
||||||
|
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||||
|
prometheus_postgresql_targets:
|
||||||
|
- bdd-ovh.adm.auro.re
|
||||||
|
prometheus_docker_targets:
|
||||||
|
- docker-ovh.adm.auro.re
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: prometheus-federate.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
snmp_ilo_user: aurore
|
||||||
|
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
||||||
|
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
||||||
|
|
||||||
|
prometheus_servers_targets:
|
||||||
|
- prometheus-edc.adm.auro.re
|
||||||
|
- prometheus-gs.adm.auro.re
|
||||||
|
- prometheus-fleming.adm.auro.re
|
||||||
|
- prometheus-pacaterie.adm.auro.re
|
||||||
|
- prometheus-rives.adm.auro.re
|
||||||
|
- prometheus-aurore.adm.auro.re
|
||||||
|
- prometheus-ovh.adm.auro.re
|
||||||
|
|
||||||
|
update_motd:
|
||||||
|
prometheus_federate: >-
|
||||||
|
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
|
||||||
|
roles:
|
||||||
|
- prometheus_federate
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# Postgres Exporters
|
||||||
|
- hosts: bdd,radius
|
||||||
|
roles:
|
||||||
|
- prometheus_postgres
|
||||||
|
|
||||||
|
# Monitor all hosts
|
||||||
|
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
||||||
|
roles:
|
||||||
|
- prometheus_node
|
10
playbooks/radius.yml
Executable file
10
playbooks/radius.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy Radius
|
||||||
|
- hosts: radius-*.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: FreeRADIUS est déployé.
|
||||||
|
roles:
|
||||||
|
- radius
|
||||||
|
- update_motd
|
9
playbooks/root.yml
Executable file
9
playbooks/root.yml
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all,!unifi
|
||||||
|
vars:
|
||||||
|
root_shell: /bin/bash
|
||||||
|
root_password: "{{ vault_root_password }}"
|
||||||
|
roles:
|
||||||
|
- root_account
|
||||||
|
...
|
23
playbooks/router.yml
Executable file
23
playbooks/router.yml
Executable file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy firewall and keepalived
|
||||||
|
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
||||||
|
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
||||||
|
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Le routage (avec radvd) est déployé.
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- radvd
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# No radvd here
|
||||||
|
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Le routage (avec DHCPv6) est déployé.
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- ipv6_edge_router
|
||||||
|
- update_motd
|
10
playbooks/rsyslog.yml
Executable file
10
playbooks/rsyslog.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: log.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- rsyslog_collector
|
||||||
|
|
||||||
|
- hosts: all,!unifi
|
||||||
|
roles:
|
||||||
|
- rsyslog_common
|
||||||
|
...
|
14
playbooks/ssh.yml
Executable file
14
playbooks/ssh.yml
Executable file
|
@ -0,0 +1,14 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all,!unifi
|
||||||
|
vars:
|
||||||
|
openssh_users_ca_public_key:
|
||||||
|
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
||||||
|
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
|
||||||
|
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
|
||||||
|
openssh_authorized_principals:
|
||||||
|
- any
|
||||||
|
- "{{ inventory_hostname }}"
|
||||||
|
roles:
|
||||||
|
- openssh_server
|
||||||
|
...
|
17
playbooks/switchs-manager.yml
Executable file
17
playbooks/switchs-manager.yml
Executable file
|
@ -0,0 +1,17 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
|
# Deploy Re2o switch service
|
||||||
|
# - hosts: switchs-manager.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
||||||
|
# service_name: switchs
|
||||||
|
# service_version: master
|
||||||
|
# service_config:
|
||||||
|
# hostname: re2o-server.adm.auro.re
|
||||||
|
# username: service-user
|
||||||
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
# roles:
|
||||||
|
# - re2o_service
|
10
playbooks/unbound.yml
Executable file
10
playbooks/unbound.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy unbound DNS server (recursive).
|
||||||
|
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Unbound est déployé.
|
||||||
|
roles:
|
||||||
|
- unbound
|
||||||
|
- update_motd
|
9
playbooks/unifi.yml
Executable file
9
playbooks/unifi.yml
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
|
# Deploy Unifi Controller
|
||||||
|
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
||||||
|
# roles:
|
||||||
|
# - unifi-controller
|
432
proxmox.yml
432
proxmox.yml
|
@ -1,432 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# This is a special playbook to create a new VM !
|
|
||||||
- hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests
|
|
||||||
become: false # We do not need root as we use Proxmox API
|
|
||||||
|
|
||||||
vars:
|
|
||||||
vm_definitions:
|
|
||||||
|
|
||||||
# Réseau Pacaterie
|
|
||||||
- name: ldap-replica-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau Fleming
|
|
||||||
- name: ldap-replica-fleming1
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau EdC
|
|
||||||
- name: ldap-replica-edc1
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau George Sand
|
|
||||||
- name: ldap-replica-gs1
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
vars_prompt:
|
|
||||||
- name: "password"
|
|
||||||
prompt: "Enter LDAP password for your user"
|
|
||||||
private: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Define a virtual machine in Proxmox
|
|
||||||
proxmox_kvm:
|
|
||||||
api_user: "{{ ansible_user_id }}@pam"
|
|
||||||
api_password: "{{ password }}"
|
|
||||||
api_host: "{{ item.virtu }}.adm.auro.re"
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
node: "{{ item.virtu }}"
|
|
||||||
scsihw: virtio-scsi-pci
|
|
||||||
scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
|
|
||||||
sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
|
|
||||||
net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default
|
|
||||||
cores: "{{ item.cores }}"
|
|
||||||
memory: "{{ item.memory }}"
|
|
||||||
balloon: "{{ item.memory // 2 }}"
|
|
||||||
bios: seabios # Ansible module doesn't support UEFI boot disk
|
|
||||||
loop:
|
|
||||||
# Réseau Fleming
|
|
||||||
- name: ldap-replica-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
- name: ldap-replica-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: routeur-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau Pacaterie
|
|
||||||
- name: ldap-replica-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
- name: ldap-replica-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: routeur-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau EDC
|
|
||||||
- name: ldap-replica-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau George Sand
|
|
||||||
- name: ldap-replica-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
uname -snrvm
|
|
21
roles/baseconfig/tasks/apt-unattended.yml
Normal file
21
roles/baseconfig/tasks/apt-unattended.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Install unattended-upgrades
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
apt:
|
||||||
|
name: unattended-upgrades
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Configure unattended-upgrades
|
||||||
|
template:
|
||||||
|
src: "apt/{{ item }}.j2"
|
||||||
|
dest: "/etc/apt/apt.conf.d/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
loop:
|
||||||
|
- 50unattended-upgrades
|
||||||
|
- 20auto-upgrades
|
||||||
|
...
|
|
@ -9,8 +9,6 @@
|
||||||
- aptitude # nice to have for Ansible
|
- aptitude # nice to have for Ansible
|
||||||
- bash-completion # because bash
|
- bash-completion # because bash
|
||||||
- curl # better than wget
|
- curl # better than wget
|
||||||
- emacs-nox # for maman
|
|
||||||
- fish # to motivate @edpibu
|
|
||||||
- git # code versioning
|
- git # code versioning
|
||||||
- htop # better than top
|
- htop # better than top
|
||||||
- iotop # monitor i/o
|
- iotop # monitor i/o
|
||||||
|
@ -18,34 +16,19 @@
|
||||||
- lsb-release
|
- lsb-release
|
||||||
- molly-guard # prevent reboot
|
- molly-guard # prevent reboot
|
||||||
- nano # for vulcain
|
- nano # for vulcain
|
||||||
- net-tools
|
|
||||||
- ntp # network time sync
|
- ntp # network time sync
|
||||||
- oidentd # postgresql identification
|
|
||||||
- screen # Vulcain asked for this
|
- screen # Vulcain asked for this
|
||||||
- sudo
|
- sudo
|
||||||
|
- tmux # For shirenn
|
||||||
- tree # create a graphical tree of files
|
- tree # create a graphical tree of files
|
||||||
- vim # better than nano
|
- vim # better than nano
|
||||||
- zsh # to be able to ssh @erdnaxe
|
- zsh # to be able to ssh @erdnaxe
|
||||||
|
- dnsutils # dig
|
||||||
update_cache: true
|
update_cache: true
|
||||||
register: apt_result
|
register: apt_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
# Pimp my server
|
|
||||||
- name: Customize motd
|
|
||||||
copy:
|
|
||||||
src: "update-motd.d/{{ item }}"
|
|
||||||
dest: "/etc/update-motd.d/{{ item }}"
|
|
||||||
mode: 0755
|
|
||||||
loop:
|
|
||||||
- 00-logo
|
|
||||||
- 10-uname
|
|
||||||
|
|
||||||
- name: Remove Debian warranty motd
|
|
||||||
file:
|
|
||||||
path: /etc/motd
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
# Configure APT mirrors on Debian Stretch
|
# Configure APT mirrors on Debian Stretch
|
||||||
- name: Configure APT mirrors
|
- name: Configure APT mirrors
|
||||||
when:
|
when:
|
||||||
|
@ -74,6 +57,9 @@
|
||||||
# APT-List Changes : send email with changelog
|
# APT-List Changes : send email with changelog
|
||||||
- include_tasks: apt-listchanges.yml
|
- include_tasks: apt-listchanges.yml
|
||||||
|
|
||||||
|
# APT Unattended upgrades
|
||||||
|
- include_tasks: apt-unattended.yml
|
||||||
|
|
||||||
# User skeleton
|
# User skeleton
|
||||||
- name: Configure user skeleton
|
- name: Configure user skeleton
|
||||||
copy:
|
copy:
|
||||||
|
|
4
roles/baseconfig/templates/apt/20auto-upgrades.j2
Normal file
4
roles/baseconfig/templates/apt/20auto-upgrades.j2
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
// {{ ansible_managed }}
|
||||||
|
|
||||||
|
APT::Periodic::Update-Package-Lists "1";
|
||||||
|
APT::Periodic::Unattended-Upgrade "1";
|
22
roles/baseconfig/templates/apt/50unattended-upgrades.j2
Normal file
22
roles/baseconfig/templates/apt/50unattended-upgrades.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
// {{ ansible_managed }}
|
||||||
|
|
||||||
|
Unattended-Upgrade::Origins-Pattern {
|
||||||
|
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
||||||
|
};
|
||||||
|
|
||||||
|
Unattended-Upgrade::Package-Blacklist {};
|
||||||
|
|
||||||
|
Unattended-Upgrade::MinimalSteps "true";
|
||||||
|
Unattended-Upgrade::InstallOnShutdown "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::Mail "{{ monitoring_mail }}";
|
||||||
|
// Unattended-Upgrade::MailOnlyOnError "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::Remove-Unused-Kernel-Packages "false";
|
||||||
|
Unattended-Upgrade::Remove-New-Unused-Dependencies "false";
|
||||||
|
Unattended-Upgrade::Remove-Unused-Dependencies "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::Automatic-Reboot "false";
|
||||||
|
|
||||||
|
Unattended-Upgrade::SyslogEnable "true";
|
||||||
|
Unattended-Upgrade::SyslogFacility "daemon";
|
8
roles/borgbackup_client/defaults/main.yml
Normal file
8
roles/borgbackup_client/defaults/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
borg_keep_hourly: 0
|
||||||
|
borg_keep_daily: 0
|
||||||
|
borg_keep_weekly: 0
|
||||||
|
borg_keep_monthly: 0
|
||||||
|
borg_server_user: borgbackup
|
||||||
|
borg_server_group: borgbackup
|
||||||
|
...
|
5
roles/borgbackup_client/handlers/main.yml
Normal file
5
roles/borgbackup_client/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Run systemd daemon-reload
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
...
|
110
roles/borgbackup_client/tasks/main.yml
Normal file
110
roles/borgbackup_client/tasks/main.yml
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
---
|
||||||
|
- name: Pin borgmatic
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
loop:
|
||||||
|
- src: apt/list.j2
|
||||||
|
dest: /etc/apt/sources.list.d/bullseye.list
|
||||||
|
- src: apt/preferences.j2
|
||||||
|
dest: /etc/apt/preferences.d/borgmatic-bullseye
|
||||||
|
when:
|
||||||
|
- "ansible_distribution == 'Debian'"
|
||||||
|
- "ansible_distribution_major_version in ('stretch', 'buster', '9', '10')"
|
||||||
|
|
||||||
|
- name: Install borgmatic
|
||||||
|
apt:
|
||||||
|
name: borgmatic
|
||||||
|
update_cache: true
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Create configuration directory for borgmatic
|
||||||
|
file:
|
||||||
|
path: /etc/borgmatic
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rwx,g=rx,o=
|
||||||
|
|
||||||
|
- name: Add borgmatic configuration file
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: config.yaml.j2
|
||||||
|
dest: /etc/borgmatic/config.yaml
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
vars:
|
||||||
|
borg_host_dir: "/borg/{{ inventory_hostname }}"
|
||||||
|
|
||||||
|
- name: Create SSH key
|
||||||
|
openssh_keypair:
|
||||||
|
path: "/etc/borgmatic/id_remote"
|
||||||
|
type: ed25519
|
||||||
|
regenerate: full_idempotence
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
register: ssh_key
|
||||||
|
|
||||||
|
- name: Gather SSH host keys
|
||||||
|
delegate_to: "{{ borg_server_host }}"
|
||||||
|
command: "ssh-keyscan {{ borg_server_host }}"
|
||||||
|
register: keys
|
||||||
|
|
||||||
|
- name: Add server key to known hosts
|
||||||
|
known_hosts:
|
||||||
|
hash_host: true
|
||||||
|
host: "{{ borg_server_host }}"
|
||||||
|
key: "{{ item }}"
|
||||||
|
loop: "{{ keys.stdout_lines }}"
|
||||||
|
|
||||||
|
- name: Add public key to remote
|
||||||
|
delegate_to: "{{ borg_server_host }}"
|
||||||
|
become: true
|
||||||
|
authorized_key:
|
||||||
|
exclusive: false
|
||||||
|
user: "{{ borg_server_user }}"
|
||||||
|
key: "{{ ssh_key.public_key }}"
|
||||||
|
key_options: "{{ options | join(',') }}"
|
||||||
|
vars:
|
||||||
|
borg_host_dir: "/borg/{{ inventory_hostname }}"
|
||||||
|
options:
|
||||||
|
- 'command="borg serve --restrict-to-path {{ borg_host_dir }}"'
|
||||||
|
- no-agent-forwarding
|
||||||
|
- no-port-forwarding
|
||||||
|
- no-pty
|
||||||
|
- no-user-rc
|
||||||
|
- no-X11-forwarding
|
||||||
|
|
||||||
|
- name: Init repository
|
||||||
|
command: borgmatic init --encryption repokey
|
||||||
|
|
||||||
|
- name: Install timer and service for borgmatic
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: "/etc/systemd/system/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
loop:
|
||||||
|
- borgmatic.timer
|
||||||
|
- borgmatic.service
|
||||||
|
notify:
|
||||||
|
- Run systemd daemon-reload
|
||||||
|
|
||||||
|
- name: Run systemd deamon-reload
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: Start and enable borgmatic timer
|
||||||
|
systemd:
|
||||||
|
name: borgmatic.timer
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
...
|
3
roles/borgbackup_client/templates/apt/list.j2
Normal file
3
roles/borgbackup_client/templates/apt/list.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
deb https://deb.debian.org/debian/ bullseye main
|
9
roles/borgbackup_client/templates/apt/preferences.j2
Normal file
9
roles/borgbackup_client/templates/apt/preferences.j2
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
Package: *
|
||||||
|
Pin: release n=bullseye
|
||||||
|
Pin-Priority: 1
|
||||||
|
|
||||||
|
Package: borgmatic
|
||||||
|
Pin: release n=bullseye
|
||||||
|
Pin-Priority: 900
|
32
roles/borgbackup_client/templates/borgmatic.service.j2
Normal file
32
roles/borgbackup_client/templates/borgmatic.service.j2
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=Service for borgmatic backup
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
ConditionACPower=true
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ProtectSystem=full
|
||||||
|
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
||||||
|
|
||||||
|
# Lower CPU and I/O priority.
|
||||||
|
Nice=19
|
||||||
|
CPUSchedulingPolicy=batch
|
||||||
|
IOSchedulingClass=best-effort
|
||||||
|
IOSchedulingPriority=7
|
||||||
|
IOWeight=100
|
||||||
|
|
||||||
|
Restart=no
|
||||||
|
# Prevent rate limiting of borgmatic log events. If you are using an older
|
||||||
|
# version of systemd that doesn't support this (pre-240 or so), you may have
|
||||||
|
# to remove this option.
|
||||||
|
LogRateLimitIntervalSec=0
|
||||||
|
|
||||||
|
# Delay start to prevent backups running during boot. Note that
|
||||||
|
# systemd-inhibit requires dbus and dbus-user-session to be installed.
|
||||||
|
# ExecStartPre=sleep 1m
|
||||||
|
ExecStart=systemd-inhibit --who="borgmatic" \
|
||||||
|
--why="Prevent interrupting scheduled backup" \
|
||||||
|
/usr/bin/borgmatic -v 2
|
17
roles/borgbackup_client/templates/borgmatic.timer.j2
Normal file
17
roles/borgbackup_client/templates/borgmatic.timer.j2
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=Timer for borgmatic backup
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
{% if borg_keep_hourly > 0 %}
|
||||||
|
OnCalendar=hourly
|
||||||
|
RandomizedDelaySec=60m
|
||||||
|
{% else %}
|
||||||
|
OnCalendar=daily
|
||||||
|
RandomizedDelaySec=24h
|
||||||
|
{% endif %}
|
||||||
|
FixedRandomDelay=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
51
roles/borgbackup_client/templates/config.yaml.j2
Normal file
51
roles/borgbackup_client/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
---
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
location:
|
||||||
|
source_directories:
|
||||||
|
{% for source in borg_backup_directories %}
|
||||||
|
- {{ source }}
|
||||||
|
{% endfor %}
|
||||||
|
exclude_patterns:
|
||||||
|
{% for exclude in borg_backup_exclude %}
|
||||||
|
- {{ exclude }}
|
||||||
|
{% endfor %}
|
||||||
|
repositories:
|
||||||
|
- {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }}
|
||||||
|
borgmatic_source_directory: /var/backups
|
||||||
|
|
||||||
|
storage:
|
||||||
|
encryption_passphrase: "{{ borg_encryption_passphrase }}"
|
||||||
|
ssh_command: ssh -i /etc/borgmatic/id_remote
|
||||||
|
# compression: 'lz4'
|
||||||
|
# umask: 0077
|
||||||
|
# lock_wait: 5
|
||||||
|
# archive_name_format: '{hostname}-{now}'
|
||||||
|
|
||||||
|
|
||||||
|
retention:
|
||||||
|
{% if borg_keep_hourly > 0 %}
|
||||||
|
keep_hourly: {{ borg_keep_hourly }}
|
||||||
|
{% endif %}
|
||||||
|
{% if borg_keep_daily > 0 %}
|
||||||
|
keep_daily: {{ borg_keep_daily }}
|
||||||
|
{% endif %}
|
||||||
|
{% if borg_keep_weekly > 0 %}
|
||||||
|
keep_weekly: {{ borg_keep_weekly }}
|
||||||
|
{% endif %}
|
||||||
|
{% if borg_keep_monthly > 0 %}
|
||||||
|
keep_monthly: {{ borg_keep_monthly }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
consistency:
|
||||||
|
checks:
|
||||||
|
- repository
|
||||||
|
- archives
|
||||||
|
|
||||||
|
{% if borg_postgresql_databases is defined %}
|
||||||
|
hooks:
|
||||||
|
postgresql_databases:
|
||||||
|
- name: all
|
||||||
|
username: postgres
|
||||||
|
{% endif %}
|
||||||
|
...
|
5
roles/borgbackup_server/defaults/main.yml
Normal file
5
roles/borgbackup_server/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
borg_server_user: borgbackup
|
||||||
|
borg_server_group: borgbackup
|
||||||
|
borg_home_dir: /var/lib/borgbackup
|
||||||
|
...
|
38
roles/borgbackup_server/tasks/main.yml
Normal file
38
roles/borgbackup_server/tasks/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: Install borg
|
||||||
|
apt:
|
||||||
|
name: borgbackup
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Create a local group for borg
|
||||||
|
become: true
|
||||||
|
group:
|
||||||
|
name: "{{ borg_server_group }}"
|
||||||
|
system: true
|
||||||
|
|
||||||
|
- name: Create a local user for borg
|
||||||
|
become: true
|
||||||
|
user:
|
||||||
|
home: "{{ borg_home_dir }}"
|
||||||
|
create_home: true
|
||||||
|
comment: Local user for borgbackup server
|
||||||
|
name: "{{ borg_server_user }}"
|
||||||
|
group: "{{ borg_server_group }}"
|
||||||
|
system: true
|
||||||
|
# Does not constitute a valid hash, preventing from login via password
|
||||||
|
password: "*"
|
||||||
|
update_password: always
|
||||||
|
|
||||||
|
- name: Create backup directory
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: "{{ borg_server_backups_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ borg_server_user }}"
|
||||||
|
group: "{{ borg_server_group }}"
|
||||||
|
mode: u=rwx,g=,o=
|
||||||
|
...
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
- name: Reload nginx
|
|
||||||
service:
|
|
||||||
name: nginx
|
|
||||||
state: reloaded
|
|
||||||
|
|
||||||
- name: Generate certificates
|
|
||||||
command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
|
|
@ -1,13 +1,28 @@
|
||||||
---
|
---
|
||||||
- name: Install certbot and nginx plugin
|
- name: Install certbot and RFC2136 plugin
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
name:
|
name:
|
||||||
- certbot
|
- certbot
|
||||||
- python3-certbot-nginx
|
- python3-certbot-dns-rfc2136
|
||||||
register: pkg_result
|
state: present
|
||||||
|
register: apt_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: pkg_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Add DNS credentials
|
||||||
|
template:
|
||||||
|
src: letsencrypt/rfc2136.ini.j2
|
||||||
|
dest: "/etc/letsencrypt/rfc2136.{{ item.certname }}.ini"
|
||||||
|
mode: 0600
|
||||||
|
owner: root
|
||||||
|
loop: "{{ certbot }}"
|
||||||
|
|
||||||
|
- name: Add dhparam
|
||||||
|
template:
|
||||||
|
src: "letsencrypt/dhparam.j2"
|
||||||
|
dest: "/etc/letsencrypt/dhparam"
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
- name: Create /etc/letsencrypt/conf.d
|
- name: Create /etc/letsencrypt/conf.d
|
||||||
file:
|
file:
|
||||||
|
@ -18,8 +33,19 @@
|
||||||
- name: Add Certbot configuration
|
- name: Add Certbot configuration
|
||||||
template:
|
template:
|
||||||
src: "letsencrypt/conf.d/certname.ini.j2"
|
src: "letsencrypt/conf.d/certname.ini.j2"
|
||||||
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify:
|
loop: "{{ certbot }}"
|
||||||
- Generate certificates
|
|
||||||
- Reload nginx
|
- name: Run certbot
|
||||||
|
command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
||||||
|
loop: "{{ certbot }}"
|
||||||
|
|
||||||
|
- name: Clean old files
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- "/etc/letsencrypt/options-ssl-nginx.conf"
|
||||||
|
- "/etc/letsencrypt/ssl-dhparams.pem"
|
||||||
|
- "/etc/letsencrypt/rfc2136.ini"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# {{ ansible_managed }}
|
{{ ansible_managed | comment(decoration='# ') }}
|
||||||
|
|
||||||
# Pour appliquer cette conf et générer la conf de renewal :
|
# To generate the certificate, please use the following command
|
||||||
# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly
|
# certbot --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
||||||
|
|
||||||
# Use a 4096 bit RSA key instead of 2048
|
# Use a 4096 bit RSA key instead of 2048
|
||||||
rsa-key-size = 4096
|
rsa-key-size = 4096
|
||||||
|
@ -10,14 +10,19 @@ rsa-key-size = 4096
|
||||||
# server = https://acme-staging.api.letsencrypt.org/directory
|
# server = https://acme-staging.api.letsencrypt.org/directory
|
||||||
|
|
||||||
# Uncomment and update to register with the specified e-mail address
|
# Uncomment and update to register with the specified e-mail address
|
||||||
email = {{ certbot.mail }}
|
email = {{ item.mail }}
|
||||||
|
|
||||||
# Uncomment to use a text interface instead of ncurses
|
# Uncomment to use a text interface instead of ncurses
|
||||||
text = True
|
text = True
|
||||||
|
|
||||||
# Use nginx challenge
|
# Yes I want to sell my soul and my guinea pig.
|
||||||
authenticator = nginx
|
agree-tos = True
|
||||||
|
|
||||||
|
# Use DNS-01 challenge
|
||||||
|
authenticator = dns-rfc2136
|
||||||
|
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.{{ item.certname }}.ini
|
||||||
|
dns-rfc2136-propagation-seconds = 30
|
||||||
|
|
||||||
# Wildcard the domain
|
# Wildcard the domain
|
||||||
cert-name = {{ certbot.certname }}
|
cert-name = {{ item.certname }}
|
||||||
domains = {{ ", ".join(certbot.domains) }}
|
domains = {{ item.domains }}
|
||||||
|
|
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{{ ansible_managed | comment(decoration='# ') }}
|
||||||
|
|
||||||
|
dns_rfc2136_server = {{ item.dns_rfc2136_server }}
|
||||||
|
dns_rfc2136_port = 53
|
||||||
|
dns_rfc2136_name = {{ item.dns_rfc2136_name }}
|
||||||
|
dns_rfc2136_secret = {{ item.dns_rfc2136_secret }}
|
||||||
|
dns_rfc2136_algorithm = HMAC-SHA512
|
11
roles/chronyd/defaults/main.yml
Normal file
11
roles/chronyd/defaults/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
chronyd__pools: []
|
||||||
|
chronyd__key_file: /etc/chrony/chrony.keys
|
||||||
|
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
||||||
|
chronyd__nts_dump_dir: /var/lib/chrony
|
||||||
|
chronyd__log_dir: /var/log/chrony
|
||||||
|
chronyd__max_update_skew: 100.0
|
||||||
|
chronyd__rtcsync: true
|
||||||
|
chronyd__allow_networks: []
|
||||||
|
chronyd__log_change_seconds: 0.5
|
||||||
|
...
|
6
roles/chronyd/handlers/main.yml
Normal file
6
roles/chronyd/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Restart chronyd
|
||||||
|
systemd:
|
||||||
|
name: chrony.service
|
||||||
|
state: restarted
|
||||||
|
...
|
32
roles/chronyd/tasks/main.yml
Normal file
32
roles/chronyd/tasks/main.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
- name: Uninstall ntp and sntp
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- sntp
|
||||||
|
- ntp
|
||||||
|
- systemd-timesyncd
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Install chronyd
|
||||||
|
apt:
|
||||||
|
name: chrony
|
||||||
|
|
||||||
|
- name: Configure chronyd
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: "/etc/chrony/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
loop:
|
||||||
|
- chrony.conf
|
||||||
|
- chrony.keys
|
||||||
|
notify:
|
||||||
|
- Restart chronyd
|
||||||
|
|
||||||
|
- name: Enable and start chronyd
|
||||||
|
systemd:
|
||||||
|
name: chrony.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
30
roles/chronyd/templates/chrony.conf.j2
Normal file
30
roles/chronyd/templates/chrony.conf.j2
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for pool in chronyd__pools %}
|
||||||
|
pool {{ pool }} iburst
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
keyfile {{ chronyd__key_file }}
|
||||||
|
driftfile {{ chronyd__drift_file }}
|
||||||
|
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
||||||
|
logdir {{ chronyd__log_dir }}
|
||||||
|
|
||||||
|
log tracking measurements statistics
|
||||||
|
|
||||||
|
maxupdateskew {{ chronyd__max_update_skew | float }}
|
||||||
|
|
||||||
|
{% if chronyd__rtcsync %}
|
||||||
|
rtcsync
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if chronyd__local_stratum is defined %}
|
||||||
|
local stratum {{ chronyd__local_stratum | int }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
logchange {{ chronyd__log_change_seconds | float }}
|
||||||
|
|
||||||
|
leapsectz right/UTC
|
||||||
|
|
||||||
|
{% for network in chronyd__allow_networks %}
|
||||||
|
allow {{ network | ipaddr }}
|
||||||
|
{% endfor %}
|
1
roles/chronyd/templates/chrony.keys.j2
Normal file
1
roles/chronyd/templates/chrony.keys.j2
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{{ ansible_managed | comment }}
|
|
@ -50,9 +50,4 @@
|
||||||
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
||||||
dest: /usr/local/bin/docker-compose
|
dest: /usr/local/bin/docker-compose
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
...
|
||||||
- name: Indicate role in motd
|
|
||||||
template:
|
|
||||||
src: update-motd.d/05-service.j2
|
|
||||||
dest: /etc/update-motd.d/05-docker
|
|
||||||
mode: 0755
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
echo "> Les recettes Docker-compose se trouvent dans /var/local/ansible-docker"
|
|
|
@ -1,30 +0,0 @@
|
||||||
---
|
|
||||||
# For DokuWiki package
|
|
||||||
- name: Configure Debian Buster mirrors
|
|
||||||
when:
|
|
||||||
- ansible_distribution == 'Debian'
|
|
||||||
- ansible_distribution_release == 'stretch'
|
|
||||||
template:
|
|
||||||
src: apt/buster.list.j2
|
|
||||||
dest: /etc/apt/sources.list.d/buster.list
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
# For DokuWiki package
|
|
||||||
- name: Configure DokuWiki pin
|
|
||||||
when:
|
|
||||||
- ansible_distribution == 'Debian'
|
|
||||||
- ansible_distribution_release == 'stretch'
|
|
||||||
template:
|
|
||||||
src: apt/dokuwiki.j2
|
|
||||||
dest: /etc/apt/preferences.d/dokuwiki
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
# Install
|
|
||||||
- name: Install DokuWiki
|
|
||||||
apt:
|
|
||||||
update_cache: true
|
|
||||||
name: dokuwiki
|
|
||||||
state: present
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
|
@ -1,9 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
{# #}
|
|
||||||
{# Default mirror #}
|
|
||||||
{% if debian_mirror is not defined %}
|
|
||||||
{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
deb {{ debian_mirror }} buster main
|
|
||||||
deb-src {{ debian_mirror }} buster main
|
|
|
@ -1,9 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
Package: *
|
|
||||||
Pin: release n=stretch*
|
|
||||||
Pin-Priority: 990
|
|
||||||
|
|
||||||
Package: dokuwiki
|
|
||||||
Pin: release n=buster
|
|
||||||
Pin-Priority: 990
|
|
5
roles/grafana/handlers/main.yml
Normal file
5
roles/grafana/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Restart grafana
|
||||||
|
service:
|
||||||
|
name: grafana-server
|
||||||
|
state: restarted
|
111
roles/grafana/tasks/main.yml
Normal file
111
roles/grafana/tasks/main.yml
Normal file
|
@ -0,0 +1,111 @@
|
||||||
|
---
|
||||||
|
- name: Install gpg (to import Grafana key)
|
||||||
|
apt:
|
||||||
|
name: gpg
|
||||||
|
state: present
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Import Grafana GPG signing key
|
||||||
|
apt_key:
|
||||||
|
url: https://packages.grafana.com/gpg.key
|
||||||
|
state: present
|
||||||
|
register: apt_key_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_key_result is succeeded
|
||||||
|
|
||||||
|
- name: Add Grafana repository
|
||||||
|
apt_repository:
|
||||||
|
repo: deb https://packages.grafana.com/oss/deb stable main
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Install Grafana
|
||||||
|
apt:
|
||||||
|
name: grafana
|
||||||
|
state: present
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Configure Grafana
|
||||||
|
ini_file:
|
||||||
|
path: /etc/grafana/grafana.ini
|
||||||
|
section: "{{ item.section }}"
|
||||||
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
mode: 0640
|
||||||
|
loop:
|
||||||
|
- section: server
|
||||||
|
option: root_url
|
||||||
|
value: "{{ grafana.root_url }}"
|
||||||
|
- section: analytics
|
||||||
|
option: reporting_enabled
|
||||||
|
value: "false"
|
||||||
|
- section: analytics
|
||||||
|
option: check_for_updates
|
||||||
|
value: "false"
|
||||||
|
- section: security
|
||||||
|
option: disable_initial_admin_creation
|
||||||
|
value: "true"
|
||||||
|
- section: security
|
||||||
|
option: cookie_secure
|
||||||
|
value: "true"
|
||||||
|
- section: security
|
||||||
|
option: disable_gravatar
|
||||||
|
value: "true"
|
||||||
|
- section: snapshots
|
||||||
|
option: external_enabled
|
||||||
|
value: "false"
|
||||||
|
- section: users
|
||||||
|
option: allow_sign_up
|
||||||
|
value: "false"
|
||||||
|
- section: users
|
||||||
|
option: allow_org_create
|
||||||
|
value: "false"
|
||||||
|
- section: auth.anonymous
|
||||||
|
option: enabled
|
||||||
|
value: "false" # no public access
|
||||||
|
- section: auth.anonymous
|
||||||
|
option: hide_version
|
||||||
|
value: "true"
|
||||||
|
- section: auth.basic # only LDAP auth
|
||||||
|
option: enabled
|
||||||
|
value: "false"
|
||||||
|
- section: auth.ldap
|
||||||
|
option: enabled
|
||||||
|
value: "true"
|
||||||
|
- section: alerting
|
||||||
|
option: enabled
|
||||||
|
value: "false"
|
||||||
|
- section: database
|
||||||
|
option: type
|
||||||
|
value: "{{ grafana.database.type }}"
|
||||||
|
- section: database
|
||||||
|
option: host
|
||||||
|
value: "{{ grafana.database.host }}"
|
||||||
|
- section: database
|
||||||
|
option: name
|
||||||
|
value: "{{ grafana.database.name }}"
|
||||||
|
- section: database
|
||||||
|
option: user
|
||||||
|
value: "{{ grafana.database.user }}"
|
||||||
|
- section: database
|
||||||
|
option: password
|
||||||
|
value: "{{ grafana.database.password }}"
|
||||||
|
notify: Restart grafana
|
||||||
|
|
||||||
|
- name: Configure Grafana LDAP
|
||||||
|
template:
|
||||||
|
src: ldap.toml.j2
|
||||||
|
dest: /etc/grafana/ldap.toml
|
||||||
|
mode: 0640
|
||||||
|
notify: Restart grafana
|
||||||
|
|
||||||
|
- name: Enable and start Grafana
|
||||||
|
systemd:
|
||||||
|
name: grafana-server
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
daemon_reload: true
|
61
roles/grafana/templates/ldap.toml.j2
Normal file
61
roles/grafana/templates/ldap.toml.j2
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
|
||||||
|
# [log]
|
||||||
|
# filters = ldap:debug
|
||||||
|
|
||||||
|
[[servers]]
|
||||||
|
# Ldap server host (specify multiple hosts space separated)
|
||||||
|
host = "{{ grafana.ldap.host }}"
|
||||||
|
# Default port is 389 or 636 if use_ssl = true
|
||||||
|
port = 389
|
||||||
|
# Set to true if ldap server supports TLS
|
||||||
|
use_ssl = false
|
||||||
|
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
|
||||||
|
start_tls = false
|
||||||
|
# set to true if you want to skip ssl cert validation
|
||||||
|
ssl_skip_verify = false
|
||||||
|
# set to the path to your root CA certificate or leave unset to use system defaults
|
||||||
|
# root_ca_cert = "/path/to/certificate.crt"
|
||||||
|
# Authentication against LDAP servers requiring client certificates
|
||||||
|
# client_cert = "/path/to/client.crt"
|
||||||
|
# client_key = "/path/to/client.key"
|
||||||
|
|
||||||
|
# Search user bind dn
|
||||||
|
bind_dn = "{{ grafana.ldap.bind_dn }}"
|
||||||
|
# Search user bind password
|
||||||
|
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||||
|
bind_password = '{{ grafana.ldap.bind_password }}'
|
||||||
|
|
||||||
|
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
||||||
|
search_filter = "(cn=%s)"
|
||||||
|
|
||||||
|
# An array of base dns to search through
|
||||||
|
search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
|
||||||
|
|
||||||
|
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
|
||||||
|
## Please check grafana LDAP docs for examples
|
||||||
|
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
|
||||||
|
group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
|
||||||
|
group_search_filter_user_attribute = "cn"
|
||||||
|
|
||||||
|
# Specify names of the ldap attributes your ldap uses
|
||||||
|
[servers.attributes]
|
||||||
|
name = "sn"
|
||||||
|
surname = ""
|
||||||
|
username = "cn"
|
||||||
|
member_of = "dn"
|
||||||
|
email = "mail"
|
||||||
|
|
||||||
|
# Editors
|
||||||
|
{% for group_dn in grafana.ldap.editors_group_dn %}
|
||||||
|
[[servers.group_mappings]]
|
||||||
|
group_dn = "{{ group_dn }}"
|
||||||
|
org_role = "Editor"
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
# Viewers
|
||||||
|
[[servers.group_mappings]]
|
||||||
|
# If you want to match all (or no ldap groups) then you can use wildcard
|
||||||
|
group_dn = "*"
|
||||||
|
org_role = "Viewer"
|
||||||
|
|
3
roles/ifupdown2/defaults/main.yml
Normal file
3
roles/ifupdown2/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
ifupdown2__interfaces: {}
|
||||||
|
...
|
9
roles/ifupdown2/handlers/main.yml
Normal file
9
roles/ifupdown2/handlers/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Restart networking
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Bring all interfaces up
|
||||||
|
shell: /usr/sbin/ifup -a
|
||||||
|
...
|
42
roles/ifupdown2/tasks/main.yml
Normal file
42
roles/ifupdown2/tasks/main.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: Gather package facts
|
||||||
|
package_facts:
|
||||||
|
manager: apt
|
||||||
|
|
||||||
|
- name: Check if ifupdown2 is installed
|
||||||
|
set_fact:
|
||||||
|
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
|
||||||
|
|
||||||
|
- name: Mask networking before installing ifupdown2
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
masked: true
|
||||||
|
when: must_mask
|
||||||
|
|
||||||
|
- name: Install ifupdown2
|
||||||
|
apt:
|
||||||
|
name: ifupdown2
|
||||||
|
|
||||||
|
- name: Unmask networking now that ifupdown2 is installed
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
masked: false
|
||||||
|
when: must_mask
|
||||||
|
|
||||||
|
- name: Configure ifupdown2
|
||||||
|
template:
|
||||||
|
src: interfaces.j2
|
||||||
|
dest: /etc/network/interfaces
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
notify:
|
||||||
|
- Restart networking
|
||||||
|
- Bring all interfaces up
|
||||||
|
|
||||||
|
- name: Enable and start networking
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
...
|
41
roles/ifupdown2/templates/interfaces.j2
Normal file
41
roles/ifupdown2/templates/interfaces.j2
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for name, iface in ifupdown2__interfaces.items() %}
|
||||||
|
auto {{ name }}
|
||||||
|
iface {{ name }}
|
||||||
|
{% for address in iface.addresses | default([]) %}
|
||||||
|
address {{ address | ipaddr }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for gateway in iface.gateways | default([]) %}
|
||||||
|
gateway {{ gateway | ipaddr }}
|
||||||
|
{% endfor %}
|
||||||
|
{% if iface.bridge_ports is defined %}
|
||||||
|
bridge-ports {{ iface.bridge_ports | join(" ") }}
|
||||||
|
{% endif %}
|
||||||
|
{% if iface.bridge_vlan_aware is defined %}
|
||||||
|
bridge-vlan-aware {{ iface.bridge_vlan_aware
|
||||||
|
| ternary("yes", "no") }}
|
||||||
|
{% endif %}
|
||||||
|
{% if iface.bridge_vids is defined %}
|
||||||
|
bridge-vids {{ iface.bridge_vids | join(",") }}
|
||||||
|
{% endif %}
|
||||||
|
{% if iface.vlan_id is defined %}
|
||||||
|
vlan-id {{ iface.vlan_id | int }}
|
||||||
|
{% endif %}
|
||||||
|
{% if iface.vlan_raw_device is defined %}
|
||||||
|
vlan-raw-device {{ iface.vlan_raw_device }}
|
||||||
|
{% endif %}
|
||||||
|
{% if iface.bridge_disable_pvid | default(false) %}
|
||||||
|
bridge-pvid 0
|
||||||
|
post-up bridge vlan del dev {{ name }} vid 1 self
|
||||||
|
{% endif %}
|
||||||
|
{% if iface.forward | default(false) %}
|
||||||
|
ip-forward yes
|
||||||
|
ip6-forward yes
|
||||||
|
{% endif %}
|
||||||
|
{% if iface.ipv6_addrgen is defined %}
|
||||||
|
ipv6-addrgen {{ iface.ipv6_addrgen
|
||||||
|
| ternary("yes", "no") }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% endfor %}
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: force run dhcp re2o-service
|
- name: force run dhcp re2o-service
|
||||||
shell: /var/local/re2o-services/dhcp/main.py --force
|
command: /var/local/re2o-services/dhcp/main.py --force
|
||||||
become_user: re2o-services
|
become_user: re2o-services
|
||||||
|
|
||||||
- name: restart dhcpd
|
- name: restart dhcpd
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Install dhcp (re2o-service)
|
- name: Install dhcp (re2o-service)
|
||||||
import_role:
|
import_role:
|
||||||
name: re2o-service
|
name: re2o_service
|
||||||
vars:
|
vars:
|
||||||
service_repo: https://gitlab.federez.net/re2o/dhcp.git
|
service_repo: https://gitlab.federez.net/re2o/dhcp.git
|
||||||
service_name: dhcp
|
service_name: dhcp
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
owner: re2o-services
|
owner: re2o-services
|
||||||
group: nogroup
|
group: nogroup
|
||||||
recurse: true
|
recurse: true
|
||||||
mode: 755
|
mode: 0755
|
||||||
|
|
||||||
- name: Install isc-dhcp-server
|
- name: Install isc-dhcp-server
|
||||||
apt:
|
apt:
|
||||||
|
|
7
roles/keepalived/defaults/main.yml
Normal file
7
roles/keepalived/defaults/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
keepalived__virtual_addresses: {}
|
||||||
|
keepalived__notify_master: []
|
||||||
|
keepalived__notify_backup: []
|
||||||
|
keepalived__notify_fault: []
|
||||||
|
keepalived__max_auto_priority: -1
|
||||||
|
...
|
6
roles/keepalived/handlers/main.yml
Normal file
6
roles/keepalived/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Reload keepalived
|
||||||
|
systemd:
|
||||||
|
name: keepalived.service
|
||||||
|
state: reloaded
|
||||||
|
...
|
28
roles/keepalived/tasks/main.yml
Normal file
28
roles/keepalived/tasks/main.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
- name: Install keepalived
|
||||||
|
apt:
|
||||||
|
name: keepalived
|
||||||
|
|
||||||
|
- name: Configure keepalived
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
loop:
|
||||||
|
- src: keepalived.conf.j2
|
||||||
|
dest: /etc/keepalived/keepalived.conf
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
- src: notify.sh.j2
|
||||||
|
dest: /etc/keepalived/notify.sh
|
||||||
|
mode: u=rwx,g=,o=
|
||||||
|
notify:
|
||||||
|
- Reload keepalived
|
||||||
|
|
||||||
|
- name: Enable and start keepalived
|
||||||
|
systemd:
|
||||||
|
name: keepalived
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
92
roles/keepalived/templates/keepalived.conf.j2
Normal file
92
roles/keepalived/templates/keepalived.conf.j2
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
global_defs {
|
||||||
|
dynamic_interfaces
|
||||||
|
script_user root
|
||||||
|
enable_script_security
|
||||||
|
vrrp_version 3
|
||||||
|
{% if keepalived__max_auto_priority is defined %}
|
||||||
|
max_auto_priority {{ keepalived__max_auto_priority | int }}
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
{%
|
||||||
|
set ipv4_enabled =
|
||||||
|
keepalived__ipv4_enabled
|
||||||
|
| default(keepalived__virtual_addresses.values()
|
||||||
|
| flatten | ansible.utils.ipv4)
|
||||||
|
%}
|
||||||
|
{%
|
||||||
|
set ipv6_enabled =
|
||||||
|
keepalived__ipv6_enabled
|
||||||
|
| default(keepalived__virtual_addresses.values()
|
||||||
|
| flatten | ansible.utils.ipv6)
|
||||||
|
%}
|
||||||
|
|
||||||
|
{% if ipv4_enabled and ipv6_enabled %}
|
||||||
|
vrrp_sync_group group {
|
||||||
|
group {
|
||||||
|
{% if ipv4_enabled %}
|
||||||
|
instance_v4
|
||||||
|
{% endif %}
|
||||||
|
{% if ipv6_enabled %}
|
||||||
|
instance_v6
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
notify_master "/etc/keepalived/notify.sh master"
|
||||||
|
notify_backup "/etc/keepalived/notify.sh backup"
|
||||||
|
notify_fault "/etc/keepalived/notify.sh fault"
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if ipv4_enabled %}
|
||||||
|
vrrp_instance instance_v4 {
|
||||||
|
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||||
|
interface {{ keepalived__interface }}
|
||||||
|
state BACKUP
|
||||||
|
priority 250
|
||||||
|
nopreempt
|
||||||
|
advert_int 1
|
||||||
|
accept
|
||||||
|
virtual_ipaddress {
|
||||||
|
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||||
|
{% for address in addresses %}
|
||||||
|
{% if address | ansible.utils.ipv4 %}
|
||||||
|
{{ address }} dev {{ dev }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||||
|
notify_master "/etc/keepalived/notify.sh master"
|
||||||
|
notify_backup "/etc/keepalived/notify.sh backup"
|
||||||
|
notify_fault "/etc/keepalived/notify.sh fault"
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if ipv6_enabled %}
|
||||||
|
vrrp_instance instance_v6 {
|
||||||
|
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
||||||
|
interface {{ keepalived__interface }}
|
||||||
|
state BACKUP
|
||||||
|
priority 250
|
||||||
|
nopreempt
|
||||||
|
advert_int 1
|
||||||
|
accept
|
||||||
|
virtual_ipaddress {
|
||||||
|
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
||||||
|
{% for address in addresses | ipaddr_sort(["link-local"]) %}
|
||||||
|
{% if address | ansible.utils.ipv6 %}
|
||||||
|
{{ address }} dev {{ dev }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% if not (ipv4_enabled and ipv6_enabled) %}
|
||||||
|
notify_master "/etc/keepalived/notify.sh master"
|
||||||
|
notify_backup "/etc/keepalived/notify.sh backup"
|
||||||
|
notify_fault "/etc/keepalived/notify.sh fault"
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
33
roles/keepalived/templates/notify.sh.j2
Normal file
33
roles/keepalived/templates/notify.sh.j2
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
master=(
|
||||||
|
{% for notify in keepalived__notify_master %}
|
||||||
|
{{ notify | quote }}
|
||||||
|
{% endfor %}
|
||||||
|
)
|
||||||
|
|
||||||
|
backup=(
|
||||||
|
{% for notify in keepalived__notify_backup %}
|
||||||
|
{{ notify | quote }}
|
||||||
|
{% endfor %}
|
||||||
|
)
|
||||||
|
|
||||||
|
fault=(
|
||||||
|
{% for notify in keepalived__notify_fault %}
|
||||||
|
{{ notify | quote }}
|
||||||
|
{% endfor %}
|
||||||
|
)
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
master | backup | fault)
|
||||||
|
scripts="$1[@]"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 (master|backup|fault)" >&2
|
||||||
|
exit 1
|
||||||
|
esac
|
||||||
|
|
||||||
|
for script in "${!scripts}"
|
||||||
|
do
|
||||||
|
eval "${script}"
|
||||||
|
done
|
|
@ -21,4 +21,4 @@
|
||||||
user: root
|
user: root
|
||||||
key: "{{ ssh_pub_keys }}"
|
key: "{{ ssh_pub_keys }}"
|
||||||
state: present
|
state: present
|
||||||
# exclusive: True
|
exclusive: true
|
||||||
|
|
|
@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
# The search scope.
|
# The search scope.
|
||||||
#scope sub
|
#scope sub
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: reload logrotate
|
- name: Reload logrotate
|
||||||
service:
|
systemd:
|
||||||
name: logrotate
|
name: logrotate.service
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
...
|
||||||
|
|
|
@ -1,29 +1,28 @@
|
||||||
---
|
---
|
||||||
# Install and configure logrotate
|
|
||||||
|
|
||||||
# Install the apt package
|
|
||||||
- name: Install logrotate
|
- name: Install logrotate
|
||||||
apt:
|
apt:
|
||||||
name:
|
name: logrotate
|
||||||
- logrotate
|
state: present
|
||||||
|
|
||||||
# Copy the configuration and reload the service if it has changed
|
- name: Create rsyslog configuration directory
|
||||||
- name: Configure logrotate
|
file:
|
||||||
template:
|
path: /etc/rsyslog.d
|
||||||
src: logrotate.d/rsyslog.j2
|
|
||||||
dest: /etc/logrotate.d/rsyslog
|
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: u=rwx,g=rx,o=rx
|
||||||
notify: reload logrotate
|
|
||||||
|
- name: Configure logrotate
|
||||||
|
template:
|
||||||
|
src: logrotate.conf
|
||||||
|
dest: /etc/logrotate.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rwx,g=r,o=r
|
||||||
|
notify: Reload logrotate
|
||||||
|
|
||||||
# Make sure the service is enabled and started
|
|
||||||
- name: Enable logrotate service
|
- name: Enable logrotate service
|
||||||
service:
|
systemd:
|
||||||
name: logrotate
|
name: logrotate.service
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
...
|
||||||
# Enforce new logrotate rules now
|
|
||||||
- name: Run logrotate now
|
|
||||||
command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog
|
|
||||||
|
|
24
roles/logrotate/templates/logrotate.conf
Normal file
24
roles/logrotate/templates/logrotate.conf
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# see "man logrotate" for details
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# global options do not affect preceding include directives
|
||||||
|
|
||||||
|
# rotate log files weekly
|
||||||
|
weekly
|
||||||
|
|
||||||
|
# keep 4 weeks worth of backlogs
|
||||||
|
rotate 4
|
||||||
|
|
||||||
|
# create new (empty) log files after rotating old ones
|
||||||
|
create
|
||||||
|
|
||||||
|
# use date as a suffix of the rotated file
|
||||||
|
#dateext
|
||||||
|
|
||||||
|
# uncomment this if you want your log files compressed
|
||||||
|
#compress
|
||||||
|
|
||||||
|
# packages drop log rotation information into this directory
|
||||||
|
include /etc/logrotate.d
|
||||||
|
|
||||||
|
# system-specific logs may also be configured here.
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue