Compare commits

..

574 commits

Author SHA1 Message Date
2e10714a79 Merge pull request 'NTP: simple fixes (logdir + local stratum + logchange support)' (#101) from ntp into master
Reviewed-on: #101
2022-08-30 13:50:35 +02:00
9b5e1d78fa Merge pull request 'Configure keepalived' (#100) from keepalived into master
Reviewed-on: #100
2022-08-30 13:44:24 +02:00
e86b17094b
keepalived: print link-local VIP first + silence priority warning 2022-08-27 13:47:08 +02:00
1d40950604
keepalived: add IPv6 support in playbook 2022-08-27 13:17:35 +02:00
9820ae62e8
keepalived: better support for notify scripts 2022-08-27 12:55:53 +02:00
c6ac61aa53
keepalived: add minimal support for keepalived 2022-08-27 11:15:18 +02:00
7daa55ef98 Merge pull request 'Bridge and VLAN support for ifupdown2' (#99) from ifupdown2 into master
Reviewed-on: #99
2022-08-27 10:26:28 +02:00
8cc6e916b7
ifupdown2: add sample playbook 2022-08-27 10:21:04 +02:00
34b0ed5478
ifupdown2: add ipv6_addrgen option 2022-08-27 09:53:41 +02:00
5485254c47
ifupdown2: add forward option 2022-08-27 09:28:07 +02:00
d5b0fd85c8
ifupdown2: add bridge_disable_pvid option 2022-08-27 09:18:16 +02:00
f6b12fd696
ifupdown2: add minimal support for bridges 2022-08-27 08:31:42 +02:00
76f76a0ca4
ntp: add logdir + local + logchange support 2022-08-27 06:52:38 +02:00
8bcc0af539 Merge pull request 'Configure /etc/network/interfaces and /etc/resolv.conf using Ansible' (#98) from ifupdown2 into master
Reviewed-on: #98
2022-08-27 04:55:26 +02:00
f723c3e1a4
ifupdown2: notify ifup -a + auto instead of allow-hotplug 2022-08-27 04:46:16 +02:00
1281a6a51a
ifupdown2: add playbook 2022-08-27 04:26:14 +02:00
15e2db49f3
add remove_domain_suffix filter 2022-08-27 04:22:15 +02:00
5ae7126ce2
ifupdown2: add support for stanzas with no gateway 2022-08-27 04:10:11 +02:00
a5a4d28ccc
ifupdown2: simple interfaces file configuration 2022-08-26 20:52:23 +02:00
e26d5dfc27
resolvconf: add role 2022-08-26 19:11:40 +02:00
3d2ce8f79f
ifupdown2: add minimal role 2022-08-26 10:13:37 +02:00
a29a205576 Merge pull request 'NTP: deploy everywhere' (#97) from ntp into master
Reviewed-on: #97
2022-08-26 00:07:57 +02:00
f5f570f635
chronyd: deploy everywhere 2022-08-26 00:06:25 +02:00
b00d5bc09e
chronyd: fix unit name + remove other ntp packages 2022-08-25 23:51:57 +02:00
4b2868783f
chronyd: fix typo in chrony.conf.j2 2022-08-25 23:51:09 +02:00
3830022279 Merge pull request 'NTP server' (#96) from ntp into master
Reviewed-on: #96
2022-08-25 23:16:46 +02:00
d2c1b1c07a
chronyd: add role + playbook 2022-08-25 23:01:00 +02:00
69dc3052ab
Merge branch 'master' into ntp 2022-08-25 22:21:49 +02:00
dbe9dbdc27
Add ntp-1.int 2022-08-25 22:21:38 +02:00
5c780ffa62
Remove copy-keys.sh 2022-05-22 18:57:17 +02:00
765d24685e
Set ask_vault_pass in ansible.cfg 2022-05-22 18:56:55 +02:00
c291e836a9
Fix missing entries 2022-05-22 18:55:23 +02:00
89d0a682cf Merge pull request 'Add dolibarr' (#92) from dolibarr into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #92
2022-02-26 23:31:51 +01:00
2a2702c6ca
Add dolibarr.srv.auro.re + PostgreSQL DB
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-10 22:10:03 +01:00
4a3ba6f366 Merge pull request 'Prometheus: cleanup' (#90) from prometheus_cleanup into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #90
2022-01-01 17:58:15 +01:00
Alexandre Iooss
a320907047 prometheus: fix typo
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 17:55:32 +01:00
Alexandre Iooss
9e4b8c2509 prometheus: remove ipmi target
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 17:15:11 +01:00
Alexandre Iooss
a24b473566 prometheus: reduce iLO SNMP timeout
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 16:45:32 +01:00
Alexandre Iooss
70c8e0ebe0 prometheus: monitor iLO resilient mem and battery 2022-01-01 16:45:10 +01:00
Alexandre Iooss
5ab3dcdac2 prometheus: use enums for iLO SNMP
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2022-01-01 12:04:01 +01:00
Alexandre Iooss
9b53daf42a prometheus: ignore ups-ec-2.ups.auro.re 2022-01-01 12:03:51 +01:00
Alexandre Iooss
40d9108b37 prometheus: add iLO alert rules
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 21:26:27 +01:00
Alexandre Iooss
2830558545 prometheus_federation: add ilo_snmp and remove django
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 20:04:24 +01:00
Alexandre Iooss
16a2d36472 prometheus: add machines to ilo_snmp
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 20:03:27 +01:00
Alexandre Iooss
733e9f555d prometheus: add _snmp suffix to ilo target 2021-12-31 20:03:04 +01:00
Alexandre Iooss
7d9ff449a7 hosts: remove passbolt 2021-12-31 19:41:51 +01:00
Alexandre Iooss
bcded46ed6 prometheus: remove JSON targets cleanup
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 19:40:22 +01:00
Alexandre Iooss
860a26a8dc prometheus: federate ilo metrics
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-31 19:39:38 +01:00
Alexandre Iooss
fdeaa355ad prometheus: use longer timeout for iLO scraping 2021-12-31 19:39:23 +01:00
Alexandre Iooss
456c6b47b8 prometheus: add missing snmp_ilo variables 2021-12-31 19:38:35 +01:00
b81af51ccf Merge pull request 'Monitor iLO using SNMP' (#89) from prometheus_ilo into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #89
Reviewed-by: jeltz <jeltz@noreply@auro.re>
2021-12-31 18:40:15 +01:00
Alexandre Iooss
8c7031d059 prometheus: add iLO SNMP target
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 18:31:58 +01:00
Alexandre Iooss
67064484d5 prometheus: add iLO SNMP auth information
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 17:27:36 +01:00
Alexandre Iooss
50d9282316 prometheus: show failing job when machine is down
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 17:26:26 +01:00
Alexandre Iooss
265bd5fbb7 prometheus: use static targets
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 15:08:44 +01:00
Alexandre Iooss
944e200394 prometheus: add ipmi job
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-31 14:45:05 +01:00
Alexandre Iooss
f50778ca96 prometheus: commit production alert configuration 2021-12-31 14:44:50 +01:00
Alexandre Iooss
bc4dc03029 prometheus: add newline at the end of targets JSON 2021-12-31 14:44:19 +01:00
Alexandre Iooss
cc2ba9ff7b prometheus: deploy targets_ipmi.json 2021-12-31 14:43:47 +01:00
ba0be43845 Merge pull request 'vault: fix RFC2136 secret' (#88) from fix_rfc2136 into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #88
2021-12-29 13:20:01 +01:00
Alexandre Iooss
d2331c18d0 vault: fix RFC2136 secret
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-29 11:28:40 +01:00
1b9fc70649 Merge branch 'bashrc_root'
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-16 05:56:57 +01:00
8dca876bbc Add a very simple bashrc for root
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-16 05:48:39 +01:00
515222f404 Merge pull request 'Fix SSH CA deployment' (#86) from use_ssh_ca into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #86
2021-12-15 17:31:29 +01:00
2f3612fd8e Deploy SSH CA everywhere and set root password
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-15 17:15:57 +01:00
475715c5f9 Deploy on all Linux hosts
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-15 16:17:30 +01:00
7db282fffb Fix sshd.service → ssh.service 2021-12-15 16:17:11 +01:00
1ecffc2742 Merge pull request 'Borgmatic improvements (very old changes I forgot to merge)' (#84) from borgmatic_hourly into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #84
2021-12-14 08:01:16 +01:00
11937776c8 Merge branch 'master' into borgmatic_hourly
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-12-14 07:58:13 +01:00
79c44554a3 Merge pull request 'Deploy the SSH CA for user authentication' (#80) from use_ssh_ca into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #80
Reviewed-by: erdnaxe <erdnaxe@noreply@auro.re>
2021-12-14 07:49:35 +01:00
7212154fbb Split public SSH key into multiple lines
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Respect the 79 characters per line limit.
2021-12-12 06:08:27 +01:00
e6363e9668 Use the Users CA for authentication
Some checks failed
continuous-integration/drone/push Build is failing
2021-12-12 05:56:54 +01:00
b3f25e2c8b Merge pull request 'CI: use upstream ansible/toolset' (#78) from ci into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #78
Reviewed-by: jeltz <jeltz@noreply@auro.re>
2021-11-28 13:22:52 +01:00
Alexandre Iooss
e0328d0294 ldap_replica: add missing space
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-11-28 13:16:38 +01:00
Alexandre Iooss
eb2abcfebe CI: Update linter rules
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-11-28 13:13:25 +01:00
Alexandre Iooss
dd0d5dd4be CI: use upstream ansible/toolset
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-11-28 12:42:57 +01:00
3217e33eff Merge pull request 'Remove 'dokuwiki' role' (#77) from remove_dokuwiki into master
Some checks reported errors
continuous-integration/drone Build encountered an error
continuous-integration/drone/push Build encountered an error
Reviewed-on: #77
Reviewed-by: erdnaxe <erdnaxe@noreply@auro.re>
2021-11-28 11:20:10 +01:00
a56cea369c Remove 'dokuwiki' role 2021-11-28 11:17:47 +01:00
2c238d17c3 Merge pull request 'cleanup passbolt and bbb' (#76) from cleanup into master
Reviewed-on: #76
Reviewed-by: jeltz <jeltz@noreply@auro.re>
2021-11-28 11:15:46 +01:00
Alexandre Iooss
3c85a2bfb2 passbolt: remove role 2021-11-28 11:13:34 +01:00
Alexandre Iooss
cc3d5d9b7f nginx: remove bbb.auro.re 2021-11-28 11:12:23 +01:00
a55efa8e24 Merge pull request 'postgres: fix defaults' (#75) from postgres into master
Reviewed-on: #75
2021-11-28 11:08:00 +01:00
Alexandre Iooss
fd0cb811a7 postgres: fix defaults 2021-11-28 11:07:13 +01:00
6986588fc1 Merge pull request 'postgres cleanup' (#74) from postgres into master
Reviewed-on: #74
Reviewed-by: jeltz <jeltz@noreply@auro.re>
2021-11-28 11:02:41 +01:00
Alexandre Iooss
45802cf65d borgbackup: backup all postgresql databases 2021-11-28 11:01:33 +01:00
Alexandre Iooss
4bd431f9c3 postgresql: variables in dict 2021-11-28 11:01:29 +01:00
Alexandre Iooss
f0b8075ca6 postgresql: move variables in playbook 2021-11-28 10:33:42 +01:00
Alexandre Iooss
a818fd8ed9 Rename postgresql_server to postgresql 2021-11-28 10:20:17 +01:00
3c25e64516 Merge pull request 'Move playbooks in subfolder' (#73) from move_playbooks into master
Reviewed-on: #73
2021-11-28 10:16:26 +01:00
Alexandre Iooss
40a91da78b base: add logrotate on pve 2021-11-28 10:15:38 +01:00
Alexandre Iooss
f0631e341b Change some comments 2021-11-28 10:08:14 +01:00
Alexandre Iooss
3ccdacde13 docker: do not deploy on stream 2021-11-28 10:05:00 +01:00
Alexandre Iooss
b6d5f4206a ansible.cfg: typo 2021-11-28 10:04:43 +01:00
Alexandre Iooss
511091c808 Make empty playbooks run fine 2021-11-28 09:50:02 +01:00
Alexandre Iooss
b827195c32 README: require at least Ansible 2.9 2021-11-28 09:49:31 +01:00
Alexandre Iooss
4cf4ed0964 Remove sudo upgrade playbook 2021-11-28 09:04:00 +01:00
Alexandre Iooss
c49dfb24b0 Move re2o mail service in postfix playbook 2021-11-28 09:03:49 +01:00
Alexandre Iooss
747c93139b Rename deploy_postfix_non_mailhost.yml to postfix.yml 2021-11-28 09:00:57 +01:00
Alexandre Iooss
2a9e1f4def Rename matrix.yml to matrix-synapse.yml 2021-11-28 08:59:54 +01:00
Alexandre Iooss
9bb2d3f324 Simplify base.yml 2021-11-28 08:58:43 +01:00
Alexandre Iooss
1133f614e4 Split network.yml into each subject 2021-11-28 08:57:27 +01:00
Alexandre Iooss
446c02da5e Split services_web.yml into nginx.yml and docker.yml 2021-11-28 08:52:58 +01:00
Alexandre Iooss
7bdf66f73a Rename log.yml to rsyslog.yml 2021-11-28 08:51:15 +01:00
Alexandre Iooss
278928550c Rename monitoring.yml to prometheus.yml 2021-11-28 08:49:43 +01:00
Alexandre Iooss
9481af3201 Rename bdd.yml to postgres.yml 2021-11-28 08:48:40 +01:00
Alexandre Iooss
daac91f3af Rename backups.yml to borgbackup.yml 2021-11-28 08:46:53 +01:00
Alexandre Iooss
a0dd5ef4b7 Move playbooks in subfolder 2021-11-28 08:41:15 +01:00
de22345d79 Merge pull request 'Remove proxmox.yml' (#72) from proxmox into master
Reviewed-on: #72
2021-11-27 22:35:56 +01:00
Alexandre Iooss
03a9281b88 Remove proxmox.yml 2021-11-27 22:34:44 +01:00
de0022e3f6 Merge pull request 'update_motd: apply conventions' (#71) from update_motd into master
Reviewed-on: #71
2021-11-27 22:33:40 +01:00
Alexandre Iooss
cdaf3dc77a update_motd: Fix typo in vars 2021-11-27 22:31:42 +01:00
Alexandre Iooss
5bc84dbdd2 Add sheband to backups, bdd and postfix playbooks 2021-11-27 22:22:29 +01:00
Alexandre Iooss
0979370418 Add motd for most plays 2021-11-27 22:16:29 +01:00
Alexandre Iooss
14b6a68040 base: configure motd 2021-11-27 20:05:14 +01:00
Alexandre Iooss
cc6f96bbc8 borgbackup-client: call update_motd role in play 2021-11-27 20:04:05 +01:00
Alexandre Iooss
07a0429ae0 nginx: call update_motd role in play 2021-11-27 20:02:08 +01:00
Alexandre Iooss
ce04f937db prometheus: call update_motd role in play 2021-11-27 19:20:32 +01:00
Alexandre Iooss
1009298023 borgbackup_server: call update_motd role in play 2021-11-27 19:16:24 +01:00
Alexandre Iooss
ea394a01db prometheus-federate: call update_motd role in play 2021-11-27 19:16:11 +01:00
Alexandre Iooss
82fdcd026e grafana: update motd 2021-11-27 19:14:56 +01:00
Alexandre Iooss
b82afd13d9 update_motd: use update_motd dict 2021-11-27 19:14:39 +01:00
00d63cf082 Merge pull request 'Add grafana playbook and machine' (#69) from grafana into master
Reviewed-on: #69
2021-11-27 18:34:42 +01:00
Alexandre Iooss
a791cda652 grafana: move Aurore specific variables out of the role 2021-11-27 18:29:05 +01:00
Alexandre Iooss
fdfed1a05a grafana: remove trailing lines 2021-11-27 18:17:57 +01:00
Alexandre Iooss
e2acfd4031 grafana: single quote LDAP password 2021-11-27 18:17:57 +01:00
Alexandre Iooss
c7f94b54c8 grafana: validate gpg key 2021-11-27 18:17:57 +01:00
Alexandre Iooss
aba0370c5b Add grafana playbook and machine 2021-11-27 18:17:57 +01:00
6bb02815e7 Merge pull request 'lint' (#70) from lint into master
Reviewed-on: #70
2021-11-27 18:13:58 +01:00
Alexandre Iooss
a523b29ac7 Add escalope.adm.auro.re 2021-11-27 17:10:59 +01:00
Alexandre Iooss
7b82a3f7ea Add YAML headers 2021-11-27 17:10:51 +01:00
b3838ee2a0 Merge pull request 'proxy.adm.auro.re: reverse netbox and wiki' (#68) from reverseproxy into master
Reviewed-on: Aurore/ansible#68
2021-11-25 11:56:47 +01:00
Alexandre Iooss
7f53120966 proxy.adm.auro.re: reverse netbox and wiki 2021-11-25 11:55:01 +01:00
d23dbe2d49 Merge pull request 'pve_service' (#67) from pve_service into master
Reviewed-on: Aurore/ansible#67
2021-11-22 18:31:59 +01:00
Alexandre Iooss
eed6ec558c README: use passerelle.auro.re 2021-11-22 18:24:38 +01:00
Alexandre Iooss
2ac9c40579 make log.yml executable 2021-11-22 18:12:27 +01:00
Alexandre Iooss
3efc8179bc logrotate: restore Debian formatting 2021-11-22 18:08:25 +01:00
Alexandre Iooss
3a56439fac update_motd: remove become true 2021-11-22 18:03:09 +01:00
Alexandre Iooss
94b8f37302 rsyslog_common: remove become true 2021-11-22 18:02:53 +01:00
Alexandre Iooss
1392e3fe64 Remove cached motd 2021-11-22 18:01:21 +01:00
Alexandre Iooss
cfb891d10c Add netbox machine 2021-11-22 18:01:11 +01:00
Alexandre Iooss
11b3738fcd ldap_client: Add one extra line to follow Debian 2021-11-22 18:00:57 +01:00
Alexandre Iooss
b2a17e20f2 Rename stream to galene 2021-11-21 10:23:24 +01:00
Alexandre Iooss
311cfb223b Remove defunct servers 2021-11-21 10:06:08 +01:00
Alexandre Iooss
6e77b4cb3c Update copy-keys.sh script and SSH configuration 2021-11-21 09:40:37 +01:00
4ccd33eec1 Merge pull request 'Add syslog over TCP support' (#66) from log_add_tcp into master
Reviewed-on: Aurore/ansible#66
2021-10-28 11:00:48 +02:00
f60795beaa Add syslog over TCP support 2021-10-28 10:54:21 +02:00
bae87c809e Merge pull request 'Install prometheus-node-exporter-collectors' (#65) from node_exporter_bullseye into master
Reviewed-on: Aurore/ansible#65
2021-09-24 01:54:43 +02:00
8b54121a87 Install prometheus-node-exporter-collectors 2021-09-24 01:41:01 +02:00
4a594bf1cc Merge pull request 'add exporter on bullseye' (#64) from fix_apt_exporter_bullseye into master
Reviewed-on: Aurore/ansible#64
2021-09-23 19:54:35 +02:00
5d3d965112
the service does not need to be enabled 2021-09-23 19:02:26 +02:00
73e522f0c6
add exporter on bullseye 2021-09-23 18:54:06 +02:00
94a470b7f2 Merge pull request 'prometheus-rules' (#62) from prometheus-rules into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#62
Reviewed-by: jeltz <jeltz@noreply@auro.re>
2021-09-08 10:15:44 +02:00
b31f9bd952 Retention time is now a file that will be copied
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-08-21 11:25:39 +02:00
cc3b4294ae Kepp federated datas 4 months (120 days)
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-08-20 19:31:04 +02:00
f17e7f7524 Add snmp pdu password to generate config 2021-08-20 18:22:00 +02:00
0bfc631465 Remove unused files
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-08-20 17:00:19 +02:00
c5e6fbcfdf Configuration for monitoring APC PDU 2021-08-20 16:58:28 +02:00
91fe213e02 Merge branch 'prometheus-rules' of https://gitea.auro.re/Aurore/ansible into prometheus-rules
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-08-20 13:28:38 +02:00
7ca7c27fec Add PDU snmp credentials 2021-08-20 13:28:19 +02:00
db969625cd Add the PDU from GS
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-08-20 12:17:17 +02:00
54b073bd02 Typo in unhealthy disk rule 2021-08-18 18:53:27 +02:00
ab697bafce Perceval was moved from EDC to Fleming. Add group by server. 2021-08-16 08:32:20 +02:00
e6b6790f63 New rule for unhealthy disks 2021-08-13 15:24:12 +02:00
cca10e7cc9 Merge pull request 'Access Point EDC removed (InWall)' (#61) from remove_wireless_ap into master
All checks were successful
continuous-integration/drone Build is passing
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#61
2021-07-17 16:18:03 +02:00
ab11e6cd65 Access Point EDC removed (InWall) 2021-07-17 16:12:13 +02:00
bd1343cf03 Merge pull request 'Remove mail from re2o bug report' (#59) from remove-mail into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#59
2021-05-25 23:13:54 +02:00
b7ead19d50 Remove mail from re2o bug report
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-05-25 23:11:30 +02:00
bb97bca456 Increase RandomizedDelaySec when hourly = 0
Some checks reported errors
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build encountered an error
2021-05-23 14:09:01 +02:00
4f66702f15 Merge pull request 'Add caradoc' (#58) from add_caradoc into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#58
2021-05-23 14:07:57 +02:00
9296a2ed91 Add caradoc.adm.auro.re
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-05-23 14:02:20 +02:00
4f2f0ffe64 Increase swap alert threshold 2021-05-19 15:32:33 +02:00
c8a877282f Add 9 & 10 for Debian distribution
Some checks failed
continuous-integration/drone/push Build is failing
2021-05-19 15:29:40 +02:00
d89d88813f Merge pull request 'Add routeur-aurore* to routeur group' (#57) from rsyslog_queues into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#57
2021-05-10 13:06:07 +02:00
c6b768e1bb Don't run borgmatic every hour if not needed
Some checks failed
continuous-integration/drone/push Build is failing
2021-05-10 13:02:45 +02:00
926790844b Add routeur-aurore* to routeur group
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is passing
2021-05-10 13:00:47 +02:00
ceaf75f0ad Merge pull request 'Use a disk assisted queue for rsyslog' (#56) from rsyslog_queues into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#56
2021-05-04 00:54:40 +02:00
2c82653383 Merge pull request 'Monitor perceval' (#55) from monitoring_perceval into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#55
2021-05-04 00:53:36 +02:00
05f76c7586 Monitor perceval
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is passing
2021-05-04 00:51:25 +02:00
604373db03 Set rsyslog_high_density for routers
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is passing
2021-04-30 16:49:36 +02:00
b29e9c0e45 Configure a disk-assisted queue for output actions 2021-04-30 16:49:00 +02:00
cc681e4fac Add an inventory group for routers. 2021-04-30 16:39:52 +02:00
f50586c476 Merge pull request 'Update ansible-lint' (#54) from update_ansible_lint into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#54
2021-04-17 17:47:13 +02:00
9c47067f93 No need to only warm for unnamed task anymore
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-17 17:43:49 +02:00
3a600d9061 Give a name to unnamed tasks 2021-04-17 17:43:49 +02:00
dada40e005 Merge branch 'master' into update_ansible_lint
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-17 17:24:15 +02:00
1520ad92c8 Merge pull request 'Installation Prometheus-postgres-exporter' (#53) from prometheus_postgres_exporter into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#53
Reviewed-by: otthorn <otthorn@noreply@auro.re>
Reviewed-by: jeltz <jeltz@noreply@auro.re>
2021-04-14 20:19:39 +02:00
f409fb53cb remove port for docker
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-14 20:11:23 +02:00
11d0b46ef0 Remove port for docker instances. Remove 'remove old files' tasks 2021-04-14 20:00:16 +02:00
013743f910 typo in docker rules
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-14 19:54:37 +02:00
1b0bff4c51 Fix deployment and add prometheus groups for hosts
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-14 19:51:47 +02:00
fde52f2e42 Alerts repository owned by prometheus
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-14 19:29:12 +02:00
e4d2416722 fix typo 2021-04-14 19:27:13 +02:00
226b55b0d1 Update alerts (remove instance, translations) 2021-04-14 19:10:42 +02:00
5c08fed9de 👷 Only warn for unnamed tasks (used in include_role)
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-12 22:32:03 +02:00
2d9d66c16d ⬆️ Update CI: ansible-lint version 2021-04-12 22:30:52 +02:00
fd5ad8d5ac Merge branch 'prometheus_postgres_exporter' of https://gitea.auro.re/Aurore/ansible into prometheus_postgres_exporter
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-12 11:10:31 +02:00
5d9a6599e8 Fix some typos, in accordance to Solal's comments 2021-04-12 11:10:15 +02:00
3320e3e0c6 Update the labels for the alert (make complete tenses) 2021-04-12 11:01:43 +02:00
676cc716cf Modify label for the alert 2021-04-12 11:00:31 +02:00
954e3e0892 End of yaml file (bad copy/paste) 2021-04-12 10:58:59 +02:00
pz2891
8c666151d6 Merge branch 'master' into prometheus_postgres_exporter
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-12 10:10:17 +02:00
d891559e28 Fix CI
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-12 10:03:53 +02:00
1908deee9c fix CI
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-12 10:01:39 +02:00
jeltz
4c8550bfe1 Merge pull request 'Allow root to connect using peer authentication' (#52) from bdd_fix_auth into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#52
2021-04-11 22:14:26 +02:00
e2b1f8eae5 Allow root to connect using peer authentication
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-11 22:08:11 +02:00
6e376a72e3 fix CI
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 22:04:05 +02:00
6c64bb214c fix CI
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 22:01:21 +02:00
764f0f106d Install postgres exporter when it is bullseye or buster
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 21:38:29 +02:00
bdcdb8ceae Radius, not a radis ! Fix typo... 2021-04-11 21:32:53 +02:00
7d99cef57c Fix typo 2021-04-11 21:32:20 +02:00
ca3d89e671 Install postgresql on radius. Monitore it on prometheus-aurore
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 21:29:02 +02:00
749188e297 Add a group with all radius 2021-04-11 21:27:43 +02:00
c48fe1ae17 7% rollback for the warning 2021-04-11 20:57:53 +02:00
304437da97 Remove .save file 2021-04-11 20:56:40 +02:00
9d18ebb7f1 Fix docker rules
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-11 17:18:32 +02:00
6775d9ecde Add docker rules 2021-04-11 16:43:34 +02:00
9ebdf15bb9 Splite alerts on some files 2021-04-11 15:58:35 +02:00
dd48302585 Configure Prometheus and Prometheus federate to scrape Postgres Exporter
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-10 18:01:55 +02:00
45041be2ab Install postgres exporter 2021-04-10 17:29:50 +02:00
pz2891
3d1d787063 Merge pull request 'Add the Rives 231 UPS' (#50) from add_ups_231 into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#50
2021-04-10 17:00:57 +02:00
9ed7441e34 Add the Rives 231 UPS
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-10 16:58:48 +02:00
pz2891
28714ecf95 Merge pull request 'Update Unifi AP' (#49) from update_access_point_list into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#49
2021-04-09 16:35:43 +02:00
pz2891
a33ea29637 Merge branch 'master' into update_access_point_list
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-09 16:34:43 +02:00
efa428fba0 Update Unifi AP
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-09 15:06:55 +02:00
pz2891
e3c56e7d46 Merge pull request 'Mise à jour de la liste des bornes wifi' (#48) from update_access_point_list into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#48
2021-04-09 10:13:48 +02:00
82f05482d0 Add 3 Access Points forgotten in GS
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-09 09:54:52 +02:00
73749e9e6b Update the list of Access Point
Some checks failed
continuous-integration/drone/push Build is failing
2021-04-09 09:27:47 +02:00
pz2891
6afd0cb4ac Merge pull request 'Monitor ups-ec-3.ups.auro.re' (#47) from add_rives_vm_master into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#47
2021-04-08 16:17:07 +02:00
pz2891
f7529be904 Merge branch 'master' into add_rives_vm_master
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-08 16:15:52 +02:00
d2787479cf Monitor ups-ec-3.ups.auro.re
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-07 16:55:35 +02:00
jeltz
aac4c05cd3 Merge pull request 'WIP : add_rives_vm_master' (#42) from add_rives_vm_master into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#42
2021-04-06 19:39:01 +02:00
jeltz
6b2bc60589 Merge branch 'master' into add_rives_vm_master
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-04-06 19:37:57 +02:00
jeltz
e2f5529498 Merge pull request 'Separate AP/servers down alerts and add temperature alerts' (#46) from prometheus_alerts into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#46
2021-04-03 17:28:22 +02:00
91817b324c Increase the alert threshold for temperatures
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-03 08:04:10 +02:00
1c3127dbbe Add more node-exporter alerts
All checks were successful
continuous-integration/drone/push Build is passing
Source: https://awesome-prometheus-alerts.grep.to/rules.html
2021-04-02 22:55:51 +02:00
f80435cb31 Differentiate alerts for servers and Wi-Fi APs
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-02 21:54:38 +02:00
06f101527d Use a dynamic interval for UPS output voltage alerts
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-02 13:57:34 +02:00
jeltz
2388bfdc3d Merge pull request 'Cleanup Prometheus alerts' (#45) from prometheus_alerts into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#45
2021-04-01 19:24:05 +02:00
83f5b35e59 Fix a filename typo
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-04-01 18:24:21 +02:00
35286a661a Change an alert description 2021-04-01 18:24:03 +02:00
11335a6077 Fix typo in alert description
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 18:15:22 +02:00
083fc4da9a Fix permissions on prometheus.yml 2021-04-01 18:15:09 +02:00
f69dfd8799 Remove other unmanaged hosts
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 17:41:22 +02:00
5d681a95ea Remove unmanaged hosts from inventory
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 17:31:21 +02:00
a743ce09fb Move templates of the prometheus_federate role
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 09:42:54 +02:00
bc35cd8e90 Move templates of the prometheus role 2021-04-01 09:40:22 +02:00
5bcc428895 Remove 'instance' from description and fix typos 2021-04-01 09:36:11 +02:00
eeaf0f8486 Fix syntax errors
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 06:02:40 +02:00
e247aa3f70 Uniform labels for alerts 2021-04-01 05:21:08 +02:00
jeltz
424aa80d8f Merge pull request 'Use update_motd everywhere' (#44) from use_update_motd_everywhere into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#44
2021-03-30 10:12:14 +02:00
jeltz
e17f58111f Merge pull request 'Store local logs of log.adm.auro.re in /var/log/remote' (#43) from fix_local_logs_collector into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#43
2021-03-30 10:11:04 +02:00
ac05da7173 Use update_motd everywhere
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-30 10:08:21 +02:00
8ab4159d38 Don't try to configure rsyslog on Wi-Fi APs
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-30 10:06:36 +02:00
dff0d9922c Store log.adm.auro.re local logs in /var/log/remote 2021-03-30 10:06:25 +02:00
dd274891a5 resolve conflicts
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-30 09:30:06 +02:00
cec907af48 remove file (copied from utils) 2021-03-30 09:20:31 +02:00
2952c39f70 Fix issues for installing radius-rives (baq package for postgresql-client) 2021-03-30 09:20:31 +02:00
3de76b0ac7 Add new Bornes of EDC 2021-03-30 09:20:31 +02:00
cccd9ac598 Add master Rives VM 2021-03-30 09:20:25 +02:00
jeltz
6104782a37 Merge pull request 'Cleanup logrotate configuration' (#41) from logrotate into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#41
2021-03-30 07:51:52 +02:00
85e691a0a2 Don't store journald logs to disk
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
As they are already stored on disk by rsyslog.
2021-03-30 07:46:06 +02:00
606df65535 Cleanup logrotate role 2021-03-30 07:45:52 +02:00
3030d3bfab Fix typo: use 'Reload' instead of 'Restart' 2021-03-30 07:42:46 +02:00
f59d9ee6f0 WIP: add logrotate config for rsyslog-managed files 2021-03-30 06:01:43 +02:00
jeltz
9f671e71d6 Merge pull request 'Rename 're2o-bdd' to 're2o-db'' (#50) from fix_re2o_bdd_host into master
Reviewed-on: Aurore/ansible#50
2021-03-24 02:58:43 +01:00
d567ded046 Rename 're2o-bdd' to 're2o-db' 2021-03-24 02:57:11 +01:00
jeltz
6d74f04db4 Merge pull request 'Better distribution of backups over time' (#49) from backups into master
Reviewed-on: Aurore/ansible#49
2021-03-24 02:12:53 +01:00
21eaeb2d42 Better distribution of backups over time 2021-03-24 02:10:11 +01:00
jeltz
789c11c3e3 Merge pull request 'Cleanup borgmatic related roles' (#47) from backups into master
Reviewed-on: Aurore/ansible#47
2021-03-18 22:19:39 +01:00
465ab398c0 remove file (copied from utils) 2021-03-17 20:43:55 +01:00
a1533b7efd Fix issues for installing radius-rives (baq package for postgresql-client) 2021-03-17 20:41:46 +01:00
ffbedf6d35 Add new Bornes of EDC 2021-03-16 21:34:41 +01:00
f662e4bd47 Remove bullseye for radius role. Add the oid for temperature of ups 2021-03-16 21:13:45 +01:00
3000f46c46 Randomize borgmatic timer 2021-03-16 15:05:29 +01:00
6f927e30f3 Exclude docker and lxcfs folders from borgbackup 2021-03-16 15:05:07 +01:00
8524b9fa99 Fix typo 2021-03-16 14:13:12 +01:00
37582abfe1 Remove useless tasks from borgmatic_client 2021-03-16 13:47:14 +01:00
96a498c6de Break long lines in borgmatic.service unit 2021-03-16 13:46:46 +01:00
jeltz
d902b71e04 Merge pull request 'Log source port for NGinx' (#46) from fix_logging_src_port into master
Reviewed-on: Aurore/ansible#46
2021-03-16 13:22:58 +01:00
1be92bad62 Log source port for NGinx 2021-03-16 09:43:13 +01:00
01bca6597d Run borgmatic every hour 2021-03-16 09:38:51 +01:00
jeltz
eabd709ec7 Merge pull request 'Add kanboard.auro.re to proxy-ovh.adm.auro.re' (#45) from kanboard into master
Reviewed-on: Aurore/ansible#45
2021-03-15 13:16:36 +01:00
jeltz
2d8897e9f9 Merge pull request 'Add bullseye support in 'prometheus_node'' (#44) from fix_prometheus_bullseye into master
Reviewed-on: Aurore/ansible#44
2021-03-15 10:55:57 +01:00
21a3d5af2a Add bullseye support in 'prometheus_node' 2021-03-15 10:50:40 +01:00
jeltz
4305a60639 Merge pull request 'Backups with borg and borgmatic' (#39) from backups into master
Reviewed-on: Aurore/ansible#39
2021-03-15 07:53:33 +01:00
3f3f688da4 Use 'present' instead of 'latest' (ansible-lint) 2021-03-15 07:51:48 +01:00
6713b550b6 Merge branch 'master' into backups 2021-03-15 07:50:11 +01:00
cb3ec07121 Use 'inventory_hostname' instead of 'ansible_fqdn'
While 'ansible_fdqn' can be changed by a compromised host,
'inventory_hostname' can't (hopefully).

It should therefore no longer be possible for the said host to access
the backups of another host.
2021-03-15 07:25:09 +01:00
243ec1fe9d [borgbackup_client] VaRi0u5 f1X3s 2021-03-15 01:04:42 +01:00
e12f67c920 [borgbackup_client] ignore some Strech machines 2021-03-15 01:03:34 +01:00
f8e5f0cc76 Manually cherrypicked from 65c94d8e84 2021-03-14 23:56:07 +01:00
jeltz
45220cdebd Merge pull request 'Allow root to log as postgres' (#43) from bdd_local_root into master
Reviewed-on: Aurore/ansible#43
2021-03-14 23:55:49 +01:00
f15b222cdc Allow root to log as postgres 2021-03-14 23:45:36 +01:00
a54006c9d4 Various fixes 2021-03-14 23:39:12 +01:00
6f36506a98 rm a _bak file 2021-03-14 22:09:27 +01:00
41eb446114 small fix 2021-03-14 22:08:29 +01:00
7480a7c565 [borgbackup_client] precedence rules and sain defaults for borg config 2021-03-14 22:02:34 +01:00
59f2c94a61 Custom borgbackup configuration for the logs 2021-03-14 21:14:37 +01:00
e570ce67b3 [borgbackup_client] do not backup /var/log/ 2021-03-14 19:23:04 +01:00
b14b359027 [borgbackup_client] add exlude path to conf 2021-03-14 19:21:15 +01:00
33a1ec02f3 [borgbackup_client] update config directory to be homogeneous 2021-03-14 19:07:02 +01:00
ebfc4f2a26 [borgbackup_client] do update cache 2021-03-14 19:03:44 +01:00
0b5562f3f4 Add litl.adm.auro.re 2021-03-14 18:57:44 +01:00
86f8b31159 Delegate facts for borgbackup_client 2021-03-14 18:44:13 +01:00
d9f1104309 Move id_remote to /etc/borgmatic 2021-03-14 18:42:26 +01:00
c6cae75031 [borgbackup_server] fix /borg permissions 2021-03-14 18:29:33 +01:00
46d10022ea [borgbackup_client] fix rentention date to int and list correctly source directories 2021-03-14 18:24:36 +01:00
ff750c5b63 [borgbackup_client] remove 1 minute sleep and fix verbosity 2021-03-14 18:23:44 +01:00
2651432582 [WIP] various fixes 2021-03-14 18:22:52 +01:00
c5afbdbde4 remove borg_host_dir 2021-03-14 18:22:17 +01:00
d928c7f7f0 [borgbackup_client] rename variable correclty 2021-03-14 16:11:40 +01:00
021a5ef1e8 [borgbackup_client] various fixes for ssh keys 2021-03-14 16:11:18 +01:00
c99b611b8f Various fixes 2021-03-14 14:17:36 +01:00
8112788396 [borgbackup_client] Add 'user:' in authorized_key 2021-03-14 13:18:30 +01:00
2f2f71422f [borgbackup_client] Move some handlers to tasks 2021-03-14 13:16:08 +01:00
jeltz
25e05069de Merge pull request 'Monitor more switchs using Prometheus' (#42) from fix_exported_prometheus into master
Reviewed-on: Aurore/ansible#42
2021-03-14 11:53:45 +01:00
ac42401d6d Merge branch 'master' into fix_exported_prometheus 2021-03-14 10:20:05 +01:00
a43a9839f8 Monitor more switchs 2021-03-14 10:19:55 +01:00
jeltz
11578494ec Merge pull request 'Centralisation des journaux (pas encore Elastic)' (#40) from logs-first-phase into master
Reviewed-on: Aurore/ansible#40
2021-03-13 05:06:33 +01:00
637b74a2ad Fix some linter issues 2021-03-13 05:05:30 +01:00
f45cd77510 Merge branch 'master' into logs-first-phase 2021-03-13 05:02:30 +01:00
jeltz
715d332d25 Merge pull request 'Migration des bases de données vers bdd.adm.auro.re' (#41) from bdd-saclay into master
Reviewed-on: Aurore/ansible#41
2021-03-13 04:54:59 +01:00
65c94d8e84 Fix trailing whitespace in the linter
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-13 03:13:43 +01:00
4150a77649 Remove vote from bdd.adm.auro.re
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-13 03:09:21 +01:00
a01a2095d6 Add passwords in all and vault for postgres db for wikijs, gitea, nextcloud, drone 2021-03-13 03:07:35 +01:00
98171e449d Update postgresql variable to match the new scheme in bdd.adm.auro.re 2021-03-13 02:48:16 +01:00
8ec838962d Postgresql is version 13 on bullseye
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-13 02:35:39 +01:00
bdc59049ae Rename file for consistency 2021-03-13 02:35:03 +01:00
f6e1949c21 Adding master VM for Rives and adapt radius role for bullseye
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-12 12:29:52 +01:00
1611f4a93c [utils] move the sudo_upgrade playbook with other utils
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-12 01:59:03 +01:00
904678d1ac [borgbackup_client] Add borg encryption passphrase to vault
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-12 01:49:04 +01:00
965bbe62a4 [borgbackup_client] configure encryption passphrase and storage 2021-03-12 01:46:35 +01:00
d7a4995496 [borgbackup_client] backup the ZFS datasets
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-12 01:06:48 +01:00
d16676bfb6 [borgbackup_client] hostname should also be unique, but more legible than fqdn 2021-03-12 01:05:58 +01:00
cdcfad7ac2 [borgbackup_client] backup /var/ also (for now) 2021-03-12 01:05:19 +01:00
29f2823960 [borgbackup_client] tell borg that a postgresql database lies on re2o-bdd
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-12 00:32:08 +01:00
454bc66ae0 [borgbackup_client] backup /etc/ everywhere 2021-03-12 00:30:00 +01:00
3f8ffbe164 [borgbackup_client] Add borg username and group defaults 2021-03-12 00:01:11 +01:00
4123af6c01 [borgbackup_client] Install client on all machines (servers, vms and lxc containers) 2021-03-11 23:56:07 +01:00
531f7593d2 [borgbackup_client] fix identation
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 23:37:55 +01:00
313314a674 [borgbackup_client] fix risky file permission on apt config for pinning version 2021-03-11 23:36:27 +01:00
4642395330 [borgbackup_client] Add initial role defintion
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 23:29:57 +01:00
f0f56ecd3f Fix linter-related issues
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 20:15:35 +01:00
7cf616f6c7 Add playbook for backups
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-11 20:09:26 +01:00
2ea7f6f9f7 Add host_vars for perceval 2021-03-11 20:09:09 +01:00
db8dbb6c7a Add borgbackup_server role 2021-03-11 20:08:41 +01:00
jeltz
2a6c2b30de Merge pull request 'Rôle pour motd' (#38) from update_motd into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#38
2021-03-11 19:34:41 +01:00
jeltz
7a691882f3 Merge pull request 'Add databases for Grafana and CAS' (#37) from add_bdd_services into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#37
2021-03-11 19:33:24 +01:00
69516012a2 Add databases for Grafana and CAS
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 19:28:14 +01:00
bcc492339f Add master Rives VM 2021-03-11 15:38:49 +01:00
pz2891
e5299d8087 Merge pull request 'Merge monitoring of new ups, and adapt threesold' (#33) from monitoring_ups into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#33
Reviewed-by: otthorn <otthorn@noreply.localhost>
Reviewed-by: jeltz <jeltz@noreply.localhost>
2021-03-11 15:09:43 +01:00
pz2891
f6dfd792d3 Merge branch 'master' into monitoring_ups
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 15:06:33 +01:00
jeltz
40cd5c71ad Merge pull request 'Fix: keep the logs for 90 days' (#36) from logrotate-fix-90-jours into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#36
2021-03-11 14:38:17 +01:00
pz2891
472feb2dc0 Merge branch 'master' into monitoring_ups
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 14:32:11 +01:00
077858724a Merge branch 'master' into logrotate-fix-90-jours
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 14:30:48 +01:00
38386fa1a0 Merge branch 'master' into logrotate-fix-90-jours 2021-03-11 14:28:45 +01:00
jeltz
7c7de51903 Merge pull request '[Docker] do not cache pip' (#35) from docker_best_pratices into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#35
2021-03-11 14:25:08 +01:00
otthorn
a31f57e844 Merge branch 'master' into monitoring_ups
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-11 14:23:39 +01:00
jeltz
974fcff1d3 Merge pull request 'Add playbook to deploy sudo update on all machines' (#34) from sudo_update into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#34
2021-03-11 14:22:20 +01:00
6125856c60 Merge branch 'monitoring_ups'
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-11 14:06:38 +01:00
a64864150f Remove services-web from hosts
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is passing
2021-03-11 13:33:03 +01:00
d233fc2759 Update of threesold for warning battery 2021-03-11 13:23:15 +01:00
14532d88db Add kanboard.auro.re to proxy-ovh.adm.auro.re
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-10 20:43:45 +01:00
jeltz
ebb3c894da Merge pull request 'Ansiblesation des VMs de BDD' (#32) from service-bdd-ovh into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#32
2021-03-10 20:18:15 +01:00
df4bee2980 Add kanboard database to bdd-ovh
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 20:14:02 +01:00
6095d9cef9 Add 'no_log' for postgres passwords
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 18:18:08 +01:00
630377edad Create users and databases on bdd-ovh
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 17:21:58 +01:00
b3fa8a455d Add/Update password for postgres db codimd, etherpad and synapse
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 17:13:56 +01:00
5871e1cfb8 Add/Update password for postgres db codimd, etherpad and synapse 2021-03-10 17:13:13 +01:00
d16f444130 Use a dict for HBA hosts
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 15:59:21 +01:00
4f6eda8329 Use /run instead of /var/run to please systemd 2021-03-10 15:57:19 +01:00
628e11488d Switch postgresql to english 2021-03-10 15:22:01 +01:00
bd05b702bb Use '::' in place of '[::]' 2021-03-10 15:19:39 +01:00
06b54d5f89 Use postgresql_privs
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 14:27:14 +01:00
40eadf802c Add template and no_log for postgresql_user
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 13:58:40 +01:00
8e855d7009 Listen addresses must be quoted
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:36:10 +01:00
7a07155237 Install python3-psycopg2 (required by Ansible)
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:35:18 +01:00
36b04239fd Rename 'postgresql_db' to 'postgresql_databases' 2021-03-10 13:34:58 +01:00
f919ec689a Fix 'ansible_header' → 'ansible_managed'
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:25:36 +01:00
9ef6202fdf Add configuration for users and databases
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 13:23:52 +01:00
879e033857 Fix malformed role definition 2021-03-10 13:21:19 +01:00
ba4db4a835 Fix undefined variable
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-10 12:58:51 +01:00
bbf4ac323c Moniroting of ups environmental temperature 2021-03-10 12:55:11 +01:00
d815434360 Add new ups monitored 2021-03-10 12:53:28 +01:00
76361de3f1 Add playbook for DBs
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:52:15 +01:00
69c6d5b55d add and clean bdd hosts
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:51:07 +01:00
0656dacbe8 Add config for bdd local
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:47:15 +01:00
6951e017b7 bdd config for synapse
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:43:08 +01:00
1105ea88c1 rename VM to a simpler name (services-bdd-ovh -> bdd-ovh) 2021-03-10 12:40:17 +01:00
8b9bef865e postgresql listen on pseudo-address
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:26:18 +01:00
dbbaf0d26d remove tailling whitespaces
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-10 12:11:02 +01:00
a4c393d3fb fix yaml ci truthy value
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:10:06 +01:00
d14306a86c fix syntax for CI
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:08:05 +01:00
a625a58ddd create role postgresql_server
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-10 12:01:32 +01:00
64ae2a8521 configure postgres for services-bdd-ovh 2021-03-10 12:01:16 +01:00
jeltz
452b605fc2 Merge pull request 'Update the list of packages installed via baseconfig' (#30) from add_dnsutils into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#30
2021-03-07 23:39:55 +01:00
2c0727a419 Update the list of packages installed via baseconfig
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:41:42 +01:00
jeltz
41779fb172 Merge pull request 'Add backup root SSH keys' (#27) from add-ssh-keys into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#27
2021-03-07 21:30:38 +01:00
deb4372588 Merge branch 'master' into add-ssh-keys
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-07 21:29:57 +01:00
2e912fc47a Add recovery SSH keys for ynerant and otthorn
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-03-07 21:23:09 +01:00
929baa300f Use 'update_motd' in 'prometheus_federate' (again)
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-06 04:48:39 +01:00
71ee06c9c0 Fix typo
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-06 04:45:00 +01:00
bc2701d8ba Use 'update_motd' in 'prometheus_federate'
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-06 04:43:09 +01:00
2353589da6 Ensures /etc/update-motd.d exists 2021-03-06 04:42:21 +01:00
1d0200a1f0 Use 'update_motd' in 'prometheus' 2021-03-06 04:32:06 +01:00
b81600aef8 Use 'update_motd' in 'baseconfig' 2021-03-06 04:31:20 +01:00
7e92fdfab7 Create an 'update_motd' role 2021-03-06 04:30:32 +01:00
jeltz
e6a86640de Merge pull request 'Fetch switch_snmp jobs' (#29) from fix_exported_prometheus into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#29
2021-03-06 02:44:40 +01:00
cf07de4ec4 Fetch switch_snmp jobs
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 02:41:58 +01:00
jeltz
7cc478b1ad Merge pull request 'Use label federated_instance instead of instance' (#28) from fix_exported_prometheus into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#28
2021-03-06 02:09:09 +01:00
b9269f3967 Fix monitoring.yml indentation (yamllint warning)
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 02:00:56 +01:00
e5be09656b Monitor yggdrasil from prometheus-aurore
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-06 01:58:02 +01:00
8abca7916f Add switch_snmp job for prometheus 2021-03-06 01:57:32 +01:00
763cc2eb51 Generate targets_switch_snmp.json 2021-03-06 01:57:08 +01:00
eaa0d2e0fc Fix bad indent in snmp.yml.j2 2021-03-06 01:56:18 +01:00
8ae94fa8f8 Rename vault_snmp_switch{s,}_community 2021-03-06 01:08:51 +01:00
21fed6ae3f Add useful lookups for switchs interfaces 2021-03-06 00:58:46 +01:00
52124d2cad Cleanup prometheus_federate's prometheus.yml.j2
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-06 00:46:13 +01:00
7d527be1c0 Remove duplicate alerts from 'prometheus-federate' 2021-03-06 00:45:43 +01:00
32669e1fb1 Don't load Django rules prometheus-federate 2021-03-06 00:44:22 +01:00
4ca7ebd144 Add a unique exported label (useful for federation) 2021-03-06 00:40:44 +01:00
802bfcc698 'prometheus-federate' must not retrieve its own federated metrics 2021-03-06 00:38:36 +01:00
958eaa1bcb Use label federated_instance instead of instance
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-03-05 00:54:44 +01:00
6525508401 Forward journald logs to rsyslog
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-02 01:24:53 +01:00
77a5fdac6f Remove some duplicate logs from syslog.log 2021-03-02 00:56:28 +01:00
5d319cf167 Define rsyslog_{inputs,outputs} for all hosts 2021-03-02 00:52:38 +01:00
529550f594 Don't use 'imjournal' ('imuxsock' is already used)
I still don't understand why it increased the size of the firewall logs
by a factor of 5 to 10, but we don't really need structured logs from
systemd-journald and the author seems to discourage it's use, so I will
not investigate further.
2021-03-02 00:46:16 +01:00
ee041b9ead Use 'simple' instead of 'oneshot' (rotate service) 2021-03-02 00:14:25 +01:00
1f6bfeee23 Fix broadcast address on routeur-aurore
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 20:04:38 +01:00
0f55b90de9 Remove 10.129.0.1 gateway on routeur-aurore-* 2021-03-01 20:04:02 +01:00
b13b22da05 Add ignored destinations for firewall logs
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 19:39:11 +01:00
8f815a30c5 Remove useless date (already added by journald)
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 17:47:12 +01:00
acd5721a5b Fix typos in rotate-remote-logs.service.j2 2021-03-01 17:45:17 +01:00
9547868c7d Send nginx logs to local syslog
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 17:40:05 +01:00
cdb9f88614 Do not rate limit collection of journald logs
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 16:31:52 +01:00
9eeb8ccd73 Remove non-Ansible SSH root keys
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-03-01 16:08:08 +01:00
1fe8d1d28b Remove "Root Aurore" SSH key + add histausse key 2021-03-01 13:28:49 +01:00
9252249d18 Use 'true' instead of 'yes'
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 04:15:54 +01:00
e4b58c0bf4 Fix typo in 20-collector.conf.j2
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 04:07:17 +01:00
c65b3f090b Compress and delete old remote logs
Some checks failed
continuous-integration/drone/push Build is failing
Logrotate is not used because I didn't found an easy way to configure it
to handle the compression/deletion of log files already rotated by
rsyslog (it is probably possible, but I found the script to be easier).
2021-03-01 03:58:58 +01:00
f7183095c1 Add explicit permissions for directories
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 02:26:22 +01:00
ba8b4e8c29 Fix the ordering of rsyslog.d files
Some checks failed
continuous-integration/drone/push Build is failing
A call to sendLogsToRemote for logs received through RELP/UDP has
been added (to send them to Logstash/Redis/…), so common.conf's prefix
must be lower than collector.conf's.

Note: future "third-party" config files will also call sendLogsToRemote
and thus will also have to use a prefix higher than 10.
2021-03-01 02:15:28 +01:00
02a8cb84df Add log.yml playbook
Some checks failed
continuous-integration/drone/push Build is failing
2021-03-01 01:29:16 +01:00
4a43bf8a16 Add logging configuration for log.adm.auro.re 2021-03-01 01:28:30 +01:00
7fd1b5ff5d Add rsyslog_collector role 2021-03-01 01:27:56 +01:00
6263c31785 Add rsyslog_common role 2021-03-01 01:27:30 +01:00
89181c6cd6 Add log.adm.auro.re to inventory
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-28 22:59:36 +01:00
c3d24c1cd0 Add SSH key for Jeltz
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-28 21:47:42 +01:00
ynerant
52f73288b4 Merge pull request '[certbot] Fix certificates for auro.re' (#26) from certbot_aurore into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#26
2021-02-24 13:59:36 +01:00
ba6da939ab
[certbot] Fix certificates for auro.re
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 13:57:59 +01:00
ynerant
ce821cbb1a Merge pull request '[nginx/certbot] Clone roles from Crans' (#25) from new_nginx into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#25
2021-02-24 11:48:02 +01:00
ae151321db
[nginx/certbot] Clone roles from Crans
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-24 11:46:37 +01:00
otthorn
f49194b423 Merge pull request 'Global_monitoring' (#24) from Global_monitoring into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#24
2021-02-18 18:03:04 +01:00
d7d0676f5e Remove .save file; remove fo fleming prometheus
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-18 17:53:15 +01:00
a35488efdd [Docker] do not cache pip
Some checks failed
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is failing
2021-02-18 00:14:12 +01:00
74c30b81df Merge branch 'master' into Global_monitoring
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-17 19:41:06 +01:00
b278b02bc2 Remove percentage sign for load alert
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 19:37:33 +01:00
0b90c9944b Fix CI warning from last commit
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 18:15:31 +01:00
61001e09f5 Add alert for load usage
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 18:08:39 +01:00
a5b4deacee Rename federate role; update of alerts of federate prometheus; update of configuration of federate prometheus
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-17 17:42:24 +01:00
otthorn
3eb9536c7b Merge pull request 'Update the documention for the docker image used for ansible-lint' (#23) from fix_docker_lint_doc into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#23
2021-02-16 19:01:09 +01:00
c45d12cd6a 📝 use the full command
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-16 19:00:25 +01:00
83fd1b03e7 🚚 correctly name Dockerfile
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-16 18:44:18 +01:00
4dd75d1180 📝 Update the docker image doc for ansible-lint
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-16 18:40:48 +01:00
06d0bd56ae 📝 Update the docker image doc for ansible-lint 2021-02-16 18:34:57 +01:00
otthorn
bb026921e1 Merge pull request 'Fix linter issues and add CI badge' (#22) from fix_linter_issues into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#22
2021-02-16 18:23:29 +01:00
f39ade227a 📝 add CI badge
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-16 18:22:19 +01:00
d5b77f83d3 Merge branch 'fix_linter_issues' of ssh://gitea.auro.re:2222/Aurore/ansible into fix_linter_issues
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-16 18:19:17 +01:00
54aec3638f 🚨 fix var-spacing 2021-02-16 18:18:50 +01:00
902d219de3 🚨 fix risky-file-permission 2021-02-16 18:18:50 +01:00
1fe440aabe 🚨 fix empty-string-compare 2021-02-16 18:18:50 +01:00
008fb803d9 🚨 fix risky-file-permission 2021-02-16 18:18:50 +01:00
def64380e6 👷 do not ansible-lint the vault and fix useless rules 2021-02-16 18:18:50 +01:00
otthorn
5e784ff569 Merge pull request '🐛 Final fix, should stop sending ill-formed mail from now on' (#21) from fix_postfix_non_mail_host_again into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#21
2021-02-16 18:11:00 +01:00
5b2580056d 🐛 Final fix, should stop sending ill-formed mail from now on
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 18:10:39 +01:00
otthorn
85d1acc0b1 Merge pull request 'Use a locally built docker image for the CI' (#20) from ci_use_locally_built_image into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#20
2021-02-16 18:07:56 +01:00
d650e77b23 rename ci task
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 16:43:11 +01:00
414e80a7c4 never try to pull this image
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-16 16:42:10 +01:00
42074b31c5 simplify the drone config wiht the newly built image
Some checks reported errors
continuous-integration/drone/push Build encountered an error
2021-02-16 16:40:27 +01:00
58068e9cd8 Docker image to be built for the CI 2021-02-16 16:39:27 +01:00
15ae83566c 🚨 fix var-spacing
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-16 15:43:52 +01:00
3840fdd44e 🚨 fix risky-file-permission 2021-02-16 15:42:54 +01:00
da1fa70e55 🚨 fix empty-string-compare 2021-02-16 15:42:10 +01:00
a02afd20b7 🚨 fix risky-file-permission 2021-02-16 15:40:58 +01:00
f1ce3290c9 👷 do not ansible-lint the vault and fix useless rules 2021-02-16 15:38:42 +01:00
otthorn
a761d0ea38 Merge pull request 'Fix a small postfix non mailhost bug' (#19) from fix_postfix_non_mailhost into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#19
2021-02-16 13:17:11 +01:00
f607a76ec8 🐛 Fix a small bug. Postfix does not accept trailing comments
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 13:13:26 +01:00
otthorn
96be03ca22 Merge pull request 'Fix and update CI' (#18) from fix_and_update_ci into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#18
2021-02-16 13:10:52 +01:00
ab69d15404 👷 we need full ansible, slim version wont work for our use case
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 03:59:03 +01:00
e9f0b884ec 👷 update ansible-lint notation that were depreciated 2021-02-16 03:57:30 +01:00
6f80cf0fd9 💚 fix yamllint CI on CI itself, CIception
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-16 03:50:14 +01:00
bd541691d9 👷 fix syntax
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-16 03:47:39 +01:00
f4fc3567ee 👷 fix ansible and yaml version according to ansible-lint 5.0 upgrade guidelines. Use ansible-base for slim version. See #1150 on ansible-lint for more info.
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-16 03:43:38 +01:00
5503a54be4 👷 ansible-lint 4.7.3 -> 5.0.0 and fix dependencies
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-16 03:32:33 +01:00
abcdf59824 👷 yaml-lint 1.25.0 -> 1.26.0 2021-02-16 03:31:26 +01:00
37124b20cb Gitlab CI is not needed anymore 2021-02-16 03:27:27 +01:00
otthorn
a689de5f8f Merge pull request 'Postfix for non-mailhost' (#17) from configure_postfix_for_non_mailhost into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#17
2021-02-16 02:51:20 +01:00
3fceeff74f Fix ansible lint for rule [208] always specify mode and owner for template
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-16 02:47:04 +01:00
3925e32188 Repect ansible-lint [106] for role names 2021-02-16 02:45:35 +01:00
456e025ca4 use ansible facts instead of hardcoded vars
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-16 02:42:31 +01:00
69d732e612 Fix case 2021-02-16 02:42:08 +01:00
ab3659adc2 Also config hostname just in case 2021-02-16 02:32:46 +01:00
1ca75ccfb0 Add postfix non mailhost conf 2021-02-16 02:22:41 +01:00
f08b11445d Add postfix non mailhost task 2021-02-16 02:15:52 +01:00
a9b03aed82 Add postfix non mailhost handlers 2021-02-16 02:02:15 +01:00
e151c1c3fd add postfix non mailhost playbook 2021-02-16 01:52:28 +01:00
otthorn
a8a226a4f9 Merge pull request 'Add a utility directory' (#16) from add_utils into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#16
2021-02-11 22:39:43 +01:00
ebefe4d13e Merge branch 'add_utils' of ssh://gitea.auro.re:2222/Aurore/ansible into add_utils
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-11 22:36:57 +01:00
02b28f45a2 Fix yaml lint 2021-02-11 22:36:34 +01:00
2f0d6be4e9 fix if file is not already present 2021-02-11 22:36:34 +01:00
6963d9fc16 Add utils 2021-02-11 22:36:34 +01:00
6ec449c3b3 Fix restarting prometheus snmp (not installed)
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-10 20:43:43 +01:00
d8924abe66 Add prometheus-federate role 2021-02-10 20:42:37 +01:00
45d8ca80a4 OVH PVE and VM are now monitored by prometheus-ovh 2021-02-10 20:12:04 +01:00
4308bedf8f Monitoring of docker containers 2021-02-10 19:06:28 +01:00
b5dbe2c5c9 Prometheus-ovh role 2021-02-10 18:40:28 +01:00
5dfadc0b52 Add prometheus federate and ovh in hosts 2021-02-10 18:39:13 +01:00
otthorn
992f580984 Merge pull request 'add_borne_and_correcting_monitoring' (#15) from add_borne_and_correcting_monitoring into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#15
Reviewed-by: otthorn <otthorn@noreply.localhost>
2021-02-10 11:14:00 +01:00
63f0ebec7d Fix yaml lint
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-10 11:07:36 +01:00
08891be5a3 fix if file is not already present
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-10 11:04:06 +01:00
df8bae6df7 Add utils
Some checks failed
continuous-integration/drone/push Build is failing
2021-02-10 11:02:17 +01:00
bd5b88c4fc Correcting format of percentage
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-02-08 18:22:08 +01:00
d7cf61dd94 Add new EDC Borne
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-08 13:58:28 +01:00
428b6f5733 Correcting grafana stats for wireless 2021-02-08 13:57:32 +01:00
8bfe83f73c Adaptation of UPS alerts 2021-02-08 13:52:17 +01:00
otthorn
c2d33d594b Merge pull request 'Fixing Ansible lint once and for all' (#14) from fix_ansible_lint into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: Aurore/ansible#14
Reviewed-by: ynerant <ynerant@noreply.localhost>
2021-02-07 18:09:27 +01:00
faf5fc7362 fix re2o-service -> re2o_service role name
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2021-02-07 17:39:04 +01:00
e6b853a552 fix role name 2021-02-07 17:33:29 +01:00
679daa633f Fix ansible lint 2021-02-07 17:32:44 +01:00
83cdd60e27 Ansible-lint every file, not just playbooks 2021-02-07 17:32:02 +01:00
1e136e3736 Remove rules from warn list when it is not needed 2021-02-07 17:31:21 +01:00
otthorn
06fab325fb Merge pull request 'Add the Jitsi VM' (#13) from add_jitsi into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#13
2021-02-07 14:45:47 +01:00
5330718945 Add the Jitsi VM
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-07 14:38:32 +01:00
ynerant
71d7358bd7 Merge pull request 'Update re2o-service password' (#12) from change-password into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#12
2021-02-05 22:19:30 +01:00
4ecb6ed7be
Update re2o-service password
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Signed-off-by: ynerant <ynerant@crans.org>
2021-02-05 21:18:26 +01:00
ynerant
f9e83e514e Merge pull request 'Captive portal' (#11) from accueil into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#11
2021-02-05 20:39:50 +01:00
0e224df41f
Install ipset on each router
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:26 +01:00
ce00d5e50f
Authorize comnpay urls in the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:26 +01:00
c527ce16b0
Use good output interface for the main router
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
3f62644927
Use production server
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
a82edc3e24
Firewall configuration without MASQUERADE
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
bbac76023c
Update masquerade configuration for the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
a808e3c793
Update captive portal nginx configuration
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
7e4a2d20c0
Clone nginx role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
889cb764c1
Clone certbot role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
154cbedec2
Deploy firewall config for the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
ba9e60dba8
Update the nginx configuration of the captive portal
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
9bd06520fb
Add reverse-proxy for Re2o on the portal VM
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:25 +01:00
6df41d16b5
Add portail VM
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:39:20 +01:00
e02670afb0
Les caches unbound renvoie les addresses en 10/8 2021-02-05 20:38:50 +01:00
a7b073e1cc
Add captive portal firewall configuration
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
89ebbd423e
Use the local firewall repository
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:50 +01:00
9af9a7bab8
Redirect the proxy IP address to intranet.auro.re by default
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:49 +01:00
5a09b77070
Resolve DNS for the accueil vlan
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-05 20:38:49 +01:00
5fc2d0a3f9
Ajout d'accueil dans keepalived 2021-02-05 20:38:49 +01:00
7cdef7ee96
Fix: keep the logs for 90 days 2021-02-05 20:38:49 +01:00
ynerant
9d66bba3b0 Merge pull request 'Tmux everywhere' (#6) from tmux into master
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Reviewed-on: Aurore/ansible#6
2021-02-02 23:18:58 +01:00
3eb48edccd
Tmux everywhere
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-02 23:17:47 +01:00
otthorn
f6c9208a41 Merge pull request 'Limit floats in alerts to 2 decimal places' (#5) from human_readable_altermanager into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#5
2021-01-29 20:48:43 +01:00
otthorn
c9352fb9ab Merge pull request 'Use unattended-upgrades for Debian-Security' (#4) from unattended into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#4
2021-01-29 20:42:24 +01:00
otthorn
3da5dde917 Merge pull request 'monitoring_pdu' (#3) from monitoring_pdu into master
Some checks failed
continuous-integration/drone/push Build is failing
Reviewed-on: Aurore/ansible#3
2021-01-29 20:32:12 +01:00
otthorn
a8af3c9c72 Merge branch 'master' into monitoring_pdu
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:29:28 +01:00
eecf807b53 Delte main.yml.save
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 20:15:21 +01:00
a12bcbc97f Correct yamlint
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-29 20:12:14 +01:00
6ec89b88d8 Limit floats in alerts to 2 decimal places
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-29 19:33:38 +01:00
d59cb41d5e Use unattended-upgrades for Debian-Security
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-28 03:42:07 +01:00
3050a95699 Add playbook to deploy sudo update on all machines
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-27 14:36:14 +01:00
3d05acbd03 Add Loki server
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-26 19:18:35 +01:00
e3ae912f44 Add prometheus-aurore to monitor all service VM and physical servers. Modifying monitoring role to exclude wireless access points when running the role on all hosts
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 22:10:57 +01:00
bac377f634 Update alert rules of UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-23 19:01:27 +01:00
85d0dc9621 Fix: keep the logs for 90 days
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-01-23 17:19:50 +01:00
705fe953ae Monitoring of Pacaterie's UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-22 18:20:13 +01:00
c7a3495ae5 Alert rules for UPS
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-22 12:16:36 +01:00
40d3c22276 Setup config snmp for Prometheus, to monitore Aurore's PDU
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-21 21:26:40 +01:00
208 changed files with 6736 additions and 1991 deletions

View file

@ -1,7 +1,10 @@
skip_list: skip_list:
- '301' - no-changed-when
- load-failure
- document-start
- meta-no-info
- ignore-errors
warn_list: exclude_paths:
- '305' # Use shell only when shell functionality is required - group_vars/all/vault.yml
- '503' # Tasks that run when changed should likely be handlers - utils/
- experimental # all rules tagged as experimental

View file

@ -4,16 +4,8 @@ type: docker
name: check name: check
steps: steps:
- name: yamllint - name: ansible and yaml linting
image: python:3.9-alpine image: quay.io/ansible/toolset:3.5.0
commands: commands:
- pip install yamllint==1.25.0 - ansible-lint
- yamllint -c .yamllint.yml .
- name: ansible-lint
image: python:3.9-alpine
commands:
- apk add --no-cache gcc libc-dev libffi-dev openssl-dev
- pip install ansible-lint==4.3.7
- ansible-lint *.yml
... ...

View file

@ -1,19 +0,0 @@
---
image: python:3.9-alpine
stages:
- lint
yamllint:
stage: lint
script:
- pip install yamllint==1.25.0
- yamllint -c .yamllint.yml .
ansible-lint:
stage: lint
script:
- apk add gcc libc-dev libffi-dev openssl-dev
- pip install ansible-lint==4.3.7
- ansible-lint *.yml
...

View file

@ -6,6 +6,5 @@ rules:
max: 120 max: 120
level: warning level: warning
document-start: document-start:
ignore: | ignore: group_vars/all/vault.yml
/groups_var/all/vault.yml
... ...

View file

@ -1,7 +1,10 @@
[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible)
# Recettes Ansible d'Aurore # Recettes Ansible d'Aurore
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore. Dépendances requises :
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
* Ansible 2.9 ou plus récent.
## Ansible 101 ## Ansible 101
@ -86,8 +89,11 @@ On va utiliser plutôt `ProxyJump`.
Dans la configuration SSH : Dans la configuration SSH :
``` ```
# Use a proxy jump server to log on all Aurore inventory Host *.adm.auro.re *.pve.auro.re
Host 10.128.0.* *.adm.auro.re # Accept new host keys
StrictHostKeyChecking accept-new
# Use passerelle to connect to administration VLANs
ProxyJump passerelle.auro.re ProxyJump passerelle.auro.re
``` ```

View file

@ -1,38 +1,17 @@
# Ansible configuration
[defaults] [defaults]
ask_vault_pass = True
# Do not create .retry files roles_path = ./roles
retry_files_enabled = False retry_files_enabled = False
# Use inventory
inventory = ./hosts inventory = ./hosts
filter_plugins = ./filter_plugins
# Custom header in templates ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
# Do not use cows (with cowsay)
nocows = 1 nocows = 1
# Do more parallelism
forks = 15 forks = 15
# Some SSH connection will take time
timeout = 60 timeout = 60
remote_user = root
[privilege_escalation]
# Use sudo to get priviledge access
become = True
# Ask for password
become_ask_pass = True
[diff] [diff]
# TO know what changed
always = yes always = yes
[ssh_connection] [ssh_connection]
pipelining = True pipelining = True

View file

@ -1,20 +0,0 @@
#!/bin/bash
set -e
# Grab valid unique hostnames from the Ansible inventory.
HOSTS=$(grep -ve '^[#\[]' hosts \
| grep -F adm.auro.re \
| sort -u)
# Ask password
read -s -p "Hello adventurer, what is your LDAP password? " passwd
echo
for host in $HOSTS; do
echo "[+] Handling host $host"
# sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
done

3
deploy_all.sh Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env bash
# Deploy all playbooks
ansible-playbook playbooks/*.yml $@

View file

@ -0,0 +1,40 @@
import ipaddress
from operator import attrgetter
import dns.name
class FilterModule:
def filters(self):
return {
"remove_domain_suffix": remove_domain_suffix,
"ipaddr_sort": ipaddr_sort,
}
def remove_domain_suffix(name):
parent = dns.name.from_text(name).parent()
return parent.to_text()
def ipaddr_sort(addrs, types, unknown_after=True):
check_types = {
"global": attrgetter("is_global"),
"link-local": attrgetter("is_link_local"),
"loopback": attrgetter("is_loopback"),
"multicast": attrgetter("is_multicast"),
"private": attrgetter("is_private"),
"reserved": attrgetter("is_reserved"),
"site_local": attrgetter("is_site_local"),
"unspecified": attrgetter("is_unspecified"),
}
def addr_weight(addr):
if isinstance(addr, str):
addr = ipaddress.ip_address(addr.split("/")[0])
for index, ty in enumerate(types):
if check_types[ty](ipaddress.ip_address(addr)):
return index
return len(types) if unknown_after else -1
return sorted(addrs, key=addr_weight)

View file

@ -17,9 +17,7 @@ ldap_admin_password: "{{ vault_ldap_admin_password }}"
ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
# Databases # Databases
postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_services_url: 'bdd-ovh.adm.auro.re'
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
# Scripts will tell users to go there to manage their account # Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/' intranet_url: 'https://re2o.auro.re/'
@ -89,3 +87,24 @@ apartment_block_dhcp: "{{ apartment_block }}"
ipv6_base_prefix: "2a09:6840" ipv6_base_prefix: "2a09:6840"
is_aurore_host: "{{ 'aurore_vm' in group_names }}" is_aurore_host: "{{ 'aurore_vm' in group_names }}"
# Borgbackup
borg_keep_daily: 7
borg_keep_weekly: 4
borg_keep_monthly: 12
borg_backup_directories:
- /etc
- /var
borg_backup_exclude:
- /var/log
- /var/lib/docker
- /var/lib/lxcfs
borg_encryption_passphrase: "{{ vault_borg_encryption_passphrase }}"
borg_server_host: 10.128.0.4
rsyslog_outputs:
- proto: relp
address: 10.128.0.241
port: 20514
...

View file

@ -1,174 +1,246 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34336231623938346631313932323131336439623837626366646338396137633436646365386639 64313161633263303464663933363265373935633862653634643862343232643432343966376438
6332383765386235396331373836366230663563376665380a616436373136633933376435653230 6134633764383937373966346538306530316539303966320a363035303038616435383366656532
64333963663436393265666434653164643164616134353665306462326666623530383838343135 39346463396563626166333362306464343836386365303836356461323663633831636562393039
3531343533656332350a343432336636316131386132306238653736633966363235623833343638 3832636432626238350a666566323435623834396166656233306639333830343130326265616234
38643061383963396466346536343061653034333037393664356661376565643765306462626231 61666365663963643437386530363261306438376665386463376366363662656161316263303831
39326233363962373839303464333833306532343834306232653731326135653934643836323639 61393136363934316462616131326463333736656136643038623061313363386538393833663637
36343937626536346331613263663865346634666534646266623061303639626636393230616261 36373565333566306632313865646538633532393731313430633462666334323762653337383338
32336366356439353738633234326138656464656630303362623664616634306230623538373965 63313433333835653366363061343839326131666139346563306366656365316663333438363837
32346439306337623737616666353830626630373562366436653131393532313035303836326430 33323165353936343165646464306434303161313139653561346461653537616164623434376534
64613235646366616533313065396663366434363832333535336631323366336437396664303834 33666662343734633766356230383761353239333632613031396365346536373432363433633564
30336466313064636565326564356435306136396363373464326534303366323262303732626661 61633762393033343336373864653438336436613630366539333731383336346665313732396265
38326663313332633530353739346538343434316133343066313530366637376135323564306537 32356138666135383562656366353131366436363464643630656130303437623131333239386363
65626261303231656432333364333965663065346436626631666466643934623064333163626339 66373866393064306565306565386230373638633733326661333065633136633130323963323765
32633565303734303862326365336339346133393431636266303530626564326361653230626536 30353262323835313365383562326363343965636634376133613331363133313030346561653931
32313231373037633134623761663832393666353732613965613436323939343233613433343538 39363636636235646131353034663861336362383263613165323230366439383561653165363764
37326438383130303861316663396333376662386337353964633930353536653437653061356635 65366130623362623539393461363832353435616266393036386439303834316635366438393936
35646232343535313130646237643835376162623639333961323964353830653366626438346237 33383933366262636232383066663130383965306137356363363539633661373664613738336539
36343663346332656537363434396633336161373730663364306239306432343930643230656465 31363131616135623039346465623530376533386263343836376662316562386530336266303062
37633537616232656661313764626232303535383563353861396431643735326162383866626231 64386531303938623939653635313163633261336339366139666135323130653862346132646636
61383165613332666537656137636430323332326335323763303537386662646263353539613964 30363065303235346331333434653331646333616337623562643564366435613938643235333664
37323966306364306436653033393931663239383435613836356164633135306233356364313036 30626164373030303237656366623631396138333265383566333664663061613536666363623630
39356661613434633930633066646437636535313565356366303732613731333062643231313035 61623362383439636239336234333161366635306432363230366630383836326330343932303863
65333461396131663764626665393562623030343561313136363964393664376136303839333664 39393232373831363863333332636362396639663831656266336430313837666463336439353332
65313465623331333538393734373264313562643232666130303930333662616465656432363039 63303036633433323439613535326663633332346565646338353761363733643766363132666365
66616530336666343861336434633063343561323931323931346132376263376565313366306639 34303865656262303563323665363730663062626537363461646363636461633762663237366366
64646465303432333136353661323936633965666364356633653861363139616562653834313861 64393133656464643065633634313261336662646435313735306266316132636530393631353830
63306133613066373462383236613939316130623937643939323134343936356638376335323836 61303939373363323131316463333136326365333430626266376636356130396239323464353937
39383334656236633037633230313138326238303863623231353465346661663162623138353461 64616232373532396334343433636332353530386662633164353235626361623164313039336666
33343738613137366364633730346261366564646161373837613865393233663431636361663962 31636434666437393839393133633961373139313663616366373239386163623064373836376164
38313230363737306265636435353533666262333666383639343364633464396566333433333538 62316638366366376134386231306435616138656461373633393339653532363434393834393430
39643934646537653234336361613664333434623739353831316531313666396638333136343638 37363335623934306661333135343266663464623438353665613330356236323036363139643064
33653034366362363562633462303165626333306664326366353334363964663936616430643662 62383934363465316338393065383935646134353230376131613935613431656333383565353134
30616334326638323133366632663237356238353934323361376237613632396134663536336364 34643866353131653061623236306536363163373639396564336434653839346263303930633663
39363439326335363437373939353564646663616464663763353931323233316135656634343137 39393935636235313431303032336361313730373238333732626465346662363038636361383631
34396130386134386331643534353461663963323435656337653032376565313635623231343135 65393433346363366337383233646166306339653533646632623262376630383265393438326135
34303130316239303065386134663332393938636332363665643832326439653733633231346537 31643039333835666338383762336163336337343532393063323165636531353361613731363065
63383634333034323434376237663932613638363835393837613632663265616363303233653539 65303637396332613432663636326334646635346237396461636366356133303333306239393739
61333765313463616665613136303533343230303735626437343635303934613365326166333966 34353966653662346230383865643231313239626533643761366162613164333132373636623237
66613538393466666630363333643730653239393435616634303430396635383631613439623433 32356335643766646266646266633366363165373861306433316561363166363865303133633939
36646431393865666162373232343335356366366633633264326639643434396234313863333163 34633132343438363034323638376666313061383965323566646463653163313235373364386666
63396534623931633833656565396635333133376165613031663831633564663061656131303564 62393865373137343237306637363536383939303833663532396333313931336162333837613935
61303132666264636139313738643161313134643733633366376538366135663135333333333564 66383266343735396337663936333162323738383264376533316536376563396333343263643931
64366262353837363061653663616265393264373230346330636465336439623063636639356136 65646535363337373865353265306434356432353066656665366638353331366334366339613538
65383638643961326661396336373163643832366561363764626461623662333436373136616437 32373637633564613861626538373365336362313434633137613966353861393462623862663330
30316537653432356133616338353165633462643634323563306366343965326635363863316232 64386431373066306334383863366133333564373163386433313231363366393830343230323734
61633135643861333635383464383937306236626632366235363433313335663431366531356337 61633962356637326538336663386330653563353763663236623539363630626363323237333237
37303465323638383930336138356665343966336137356137656564303733373565366162343330 30656139626561313064323330373032323031343137366638303966313832646365666238326337
38326366653733376138356339313564616165626235356363343430353239616339656239323964 63306363613361653933306234386163383837666430616663383664386563323839326232383761
31643734653263653461333135386261646265323134633334376262323330396634643764323635 35373539626438356539393266653864353066633365383437623437356464383335383039343137
30336262323035613338333166353364333836623865393132613338393237363734616330366463 61373539343631373932373033656233323964353666626162386537616333366562346265656238
64646163303337323531636532383438356237306337656439663565643032633462316366663164 35396130356166303564303036383664656435626534303064653363316464616335303965376330
33613039326337353531303831313136653539353261373930613030383134653261363833653439 61646638383138323265313631613037396561626162306661653231646230343139656135333236
31343662623035393238646263633066653362323434306137633339393330376462356139333362 63303838316266333665636335663361656262353066666430656162323236633564313337353665
35363436356530363134663064653031376561343732346262383333353733363136396262643135 35363565303736633564356632346632343832363934343962313030646132663566346664313632
31326566303535343833326562376464643632363434323839366366626134303830323563633237 38393061613163356265643434626166393366366634343032626637333332316361663639623534
37313964353033316163303738636632346137353437333463303135323631383132623133663130 62323239373639393337373537646232663531653835356165313264663561623633633830373734
32373163393861366137303138363134653534613236636439623731393837306130626638343134 31336234613633666538373961626430316530346462343061323661353564323938353338373961
39313532386338343662333134353761653162663665396664366239633536613132313735373334 64616637303734303333626166306330613238646265636136653939363936356165356232396436
37613161383633653861376433633632333163653439633938386137313632396137616337373465 65353731633836363433616534636330663565643561363233396538386430393964353433616437
65383238396439666537313833663364333731613434333739393161363437306665363834653761 36343936313936303165396236393463646363383338366238363961666530623335653234656139
34303464386633633163353636643964393233383232623765373239376633393139326630653765 65346337663437623134376137326166323933613861663032623965643538343638376234316232
62646439646534376234323661383063656463313437323231333165626163626262626562376338 36333065323234663263343630353739313661373536316162366532336438373263303730626464
62646362346261313738323830613037663035666361386139666432613230346334323063326239 38613136393166626663636631363064303736666235333036616435373063363762666565363136
65303065343061613736343663363630336333623439383032313137616131623933323636306331 38333966303831313333613831313132633062616235353365313533386236613338373130303836
34636130626338303039356137353532346562363531623936316162336663306437386532363236 61326262313833306437366364316433393931353265326131653563656131333436376338613266
36333661316161613237343032623764396435346632363963643438316430666539393566353939 39326632613366666136643137303635336631353230396435313537656366326239626362313833
33333234313839636537366465356364303438313830663261373563346538626432313139303030 62653039343261613265306362323234623264366664306561663839306631663465303962386462
33333066626463663663643833323764643737386162663766356665643064313263376434353038 39353934643562383762623937643034383534393962333466613636346637323235346438666636
37643630643737663566653562353261333734636262626437393239383063613661643166626630 31613838313535666166663063373333653439313035346266666463623666613837313933623837
31313564346239396561326162333534376264616435313762623032636432363832383630343964 63343565663739393764353761316432626237346234663032316131306262356233333439323961
30343663643935633465393465626131633931623930653962303830333065363435383237653566 38646664383030303832646563393836643135303731306435383338623633626638306165386637
65646632376330306437663334313932653230653562356338663366616463303466366263366137 65393238653464623032336437643838333932366131656332333165376261383539386466343139
64633934626339633235386630396561376130373763313137386531356637633863393035306634 65613733383837323832303738363664653138613830376333363038383839623463623631666237
65353432323235363135633832373032623837376333346131303162303464616234313062316563 63363263396533353763373934373034643763376665316638353435663635346135333265363235
64646634633963663032613533636665333335656539323238623362306363313835626632306236 62663432343935343964626432353563313036303761393039386231343530663737633466643035
30663637356463363530316434316639326639633539333335633330333834643035353932313638 65343835353037643539316439666666633866356530363237373230373439373133313337653237
64356565653065666131373538356462306633343161376537323762313666373235353236313963 66613631373637313534353862653437393234363365323032393035376438616264336661616262
65613561633266306632616538616461626532666435663038646138386430376164663766363138 37336435326135373065353564383637626637343532396331623334643139386364316431376435
35316262393065653739323035666531333330326235386133383834383865356635666537333533 36356566363033636539363430356565373039363863396565643730656531346364626334393436
31376138353231313262646334386566376264323066373934666363313431643738383064666437 33343839303538383530363231366166623233333730323163323432373831313639626337346230
36656437313039656666373530346534393735353163646635663839326366643333393665626464 30333930333064393337616564386163623436613933623466353933393733346339383534633239
36616637303631653661373433653865323634363065303433386534363064356564636465366265 30633365313364666566643533326163336330323232353533316633313739343035383465376330
31333064383233636538393032376234663663353162343530376631356533653231303730396465 65356139386463633565366132383832643032333234633964373437633836343435393631396166
33366162376464633633313664303939306330613865663431653037303061633130626635653638 34633439643764623936366536353931646132373539326238303761383339643661616266646130
66626264363333376463386666313663333964333137333231303361616533393236373861656534 30393166393465326365393130636136336433623262346435353936306133616135653734383635
32326335306566623332396638383133353434363565316432353963353062313662326361336537 65393530633836613937346430366337626365363361663533313837363063396538663766646566
34396632656234333263663831326566353434316234613365316132363730643665373761666562 63373639653732353135343562353266316164303863336365303635653464393232613939396131
31393565653663653731633333633730326265376135666162656132623238333765333363653130 30636361343932663233663566656131363938656161623966316366656561343166336532613666
61353632313532616266363139336162336565356365316531336364623930636430353831623233 65613534663762353662353262623634616264373964316336626166353330303539356130646166
61616131313438306633333066613764313161333934316139633738623164623564646365663566 63643435353765633766626165643465386331333637366562393861613834323464363932306430
66356464376133363137313036623930373362306166623838373131313330393837396261656561 32643836646266643031396262626136313363623663366430376432373036643835653863323631
66396233313530643164353264656563383632363139333262626532376562613630643437666266 30613164326430633664306630333632363931656135643465363439376263386561383534633666
66656335656634613138316138643666623430363833663035616138336461303035633731636262 64323763656466343064396639313264386239356664663461333166626332326536623132333434
36393939333765346239666433323032323361343934656463396365333366623337316663396263 62303261643164643330333662623935383037353338306135613737306563326336336162633138
36616431626633663963636135643833666234613830366434636532373031343263316436306162 33623066373265663362303133363032343933306336396466383034636131333837313333326531
39356365376561643665323866656465313434623138326238353662653735613565623264333336 39336163313633623639303462313763656632633030336236643030343262653366633939643536
61393763363862613766653064636130323732663466366133666361636339356464313037353462 31636535393864663363353930363761623264343630396336396431663330323436613462633136
63633936653235656538383433393065393162643034393538666433616131343462346235393164 37336464353730643566393432343762333336653932333366636265343663323462626232623635
39353663373338626665663563663162633430343330373430376336326432346233663365376533 34346136333630363539633666316561376266373032373961313437653564636537656630303261
32656465343538643137326366653232343530363834383831386634366262303333636261353863 37313639333233333365383763333061373730623939303530303832646365323739356564626137
32633437343432653936643766363338636535613532323362656435613363393238626466303861 35633366393636376463393961333830343232363266633931613332643134643234303733373466
38633861333638613466306338613932353964393365356637306261626535323732316362623731 35323831623931633436626636346431303965663639666566623433383736633834626330303265
33313963623439613939333639346461663338373334396165636231666266613065323731373964 37353337656233663938663839373931623137666662623266336537383631626631306235363064
64313133383435333935376531313432663766633133633863356563663535333263636237386136 33313564316438633139336261623736336336326239376630316335313631376132646563333430
61653963633166383135333436646465383536373039383538326366636634313061613730653962 33656432643130643832343065353834633366363339353964623762666564633835633636313731
37623962643866396637336231363038373465393637356463656566666661313130313863383233 63353637636165663136623736343234393038313235333363643237643566623766393838386635
37343636346535363832626365396262303862393535336565393635663637323730373564336634 33646233623032653233336266636335666233353032303837663162303939383262373761623261
37363036323733306535336366373630356531353737303165376530656433626634343365626239 35366661363966346233633739663635353361303264356534366235616164316138623730623632
64346136363030663862313431653761666432393933366665346361626361623039326434633835 62316362623736396264366632373661373835393434343364353431316362666235616635633566
32666538653037613361343536383634643762356234366433663639653461303933306434333864 64353530633334393737346663653562346335323065356665643132353738363132623031353664
37386436393465323139306161333738383265323436376536656264356230303163326134323864 66666639326238386634363664356664343161386435323736316636343536326435303066353035
63396331666431666464656161633466333764653631623131646566303366333030653834333335 37363731613138393333636562386363333932386362303139643262386237353863363764643139
31323365353239366232643863386365633861376235643034303563613363663661616564363663 64616561373239346464623165616332623434303433626638376232333733646136376431626438
63326562613365653539383336383339646164623864323830653434623365393432666466323134 66613134343639656331626630303030366133356636663735353466353834613430356265386162
33626330373361393734656632393232363866613863373135636537613934343065306265623964 66613332663232623438636661306332613162666561353537313336643134663664306630636639
34643765636165393336356630353663343065333431656164363638646233663762346536343362 61613363353264373831393962333631383236666130646333336431303735333165656438363432
65653364343537383336373933313464663464653465383830363631316336303464313731356230 38396530333631636135653534393531326434306362396237366430383166323832336434376364
34336130323766386465373162346535396565346630353734303937396130656132376331326563 38393431646338316232373431613930326532646333386435303034356564336665346133393866
36386339383338346533646331666262396432336434646333653664326635386238333763626637 61643533643361646265313334633463616437393437653935613261366635616430313064346532
31363464306465666339316436323265623437636533643431363161323139653065323534636533 32363831613565313836376338646466323130373032613863323037323566643164653132633735
64386334353439373133313937343234373963353331646233346432646430636530663336316134 65636562653535626461396666643330386333663137613333643165656336633038323036373162
66303337313034396232643531643262343036313762633165353665653938313665386363353865 31376338613862333334643561313332326237646565633934323032626662633631633033623063
66333166303636626565613136653365313763303263313239333033353638616566656134396131 63306664656437663732323339383735306132616531373865323835633264333639336163366466
38356434343931303134303362313363343634613361353538636634336332373132356165326163 33373433653839393638323034623835643531393266306331313563613265616633353763653438
30386130326239366532363962316435663862393836326439623862366166376234343439306465 65363532653163303861383531356639316331343531666666636336373634636134633331366364
36346639623939353232366333643963646336383833386565643435393734653936313638663930 62366230366435323435613964636533353236373935626632623536396664313264653031623062
32323065343737663564333961373034393261613862333431663562353964666561643831316432 33366166343630313839366262313234346262343336386538336335393835646138666330656361
35313832356639333937333266306166656538643065386639346337306134613536356137316331 61313936323838653832633130346539636363613838343363663431623063333933383466353938
38376434666332366531393639303561663934353130333161636530383932653236313530616531 65383361333561383631643938613862343236346233363466333237316339616362366565306639
61656664626663373164343863333039356362343034326131376666623264663732303734366363 39356563656132303463346138356435303038303165363935343266396462326365363262393336
30306430353732616131346637626332656434393163313661356465393263393235396662623962 37396235366639623761366239386165613065626431633733306234343866663266633631656237
62643538623331646265643561623366383937313136383939366164613235666234663137653432 63643430383433393835663635356265636635363137613064353066313338346436356632346265
34316138643139336331356663333632656539653632626136613431393736613630353237356164 38393730336465396263373137383238653337396364643061303234666266663064663265383434
33623632643335663163656236633134343464353837346237316162346634633336663564656531 36636138643432373633313038393737663735363838396164366234643533633762383062353831
39373730346130363963376463326238366235613539613466653139306237343164336462353236 66326231363337323666386263373438656630346336663239643030386434636264666634393631
39323361636333353661633863663162633563343937366461346338363061623730633537626562 39313364333761343532346165396365306463393037643935666363323630326664616638313338
30353938383664333861366431343033313961376436363065373430353736343563313531386663 39396336653738353333343835363861643166376565346463303135376439336134666235623230
37313534303564333237616331396437376436383833373936376664666366373235613533663239 32363031303732666133386164313437366164326539373564623236356432303132633436323563
64653863613531356666646233393533646131333961343730663461346235633961306263343831 36323634373538376133613736633133356638323861636434646465643432636366376138636232
64386332653330323937643266373437633465363933653833343930616134626566363339366362 63633830613462613831313938326339343632393038376639623131366364623536353338363439
36356163333730656233653431326430326566386264343330666131393166323537623137396237 32613331623863336165636364616634303264356630303665383638663737343836663831363263
65386234653231666631366533383762643830333261363532666138386263643662633932626335 63366562393734323030306436346534626530656465396535323835316139633562363830373437
66303363613035643931393933303035323566373634663037313338616132373162366334373962 63626530326530383538623165356532303862353763326432373966626436303465373431373762
33666463613435396331326565353433336361303562326562663035313639333232333430373266 38613539623164353732623636376630643465343839666531306438326633343362306665366132
65383235356132353838636565636436356361653831356430663935613766613237366564316566 39396537366266353864656232616334336130333337306463313932393832653661343036396261
37396130393363386566306162346466326165353863636633306335383265306139396339383866 64613461633433356334623631643861303133383963336635623138326139613564343838366565
34326335323962633032386162623033353036643437313832323166363764653339343638343964 36343130353462333162313736636139306233366466626231306561626335396262663531333839
66626662326234306362656162336538353131366337643761643930306163333661653062663832 61336437343137356335633764373730306466326133356331333530353537616661373062656438
61303963623433313565633235306132366663336662616232613339366363373934613631623431 35356235666464656466323937353837623535643937383866666133383633396563333338633034
34323736383366333032343364373533363761323338346163323836653235653136646162306166 38366531613164363966323137646237393135383164643230663331306335636432656565633636
65333734623663346233343961396566313838653036396430396134393839326535363237363638 34343031633632346533353666353034666266666561346464306665386634313263323333653330
38333232333863396334366561303136333863356666656335633630616531363766343535616533 66323033393531343633356466613837346164393332613037636465343230623731616361336338
35656166303837653365303436623431613931336331356531666665346562613263363666626238 61373332373636646435353734386366613334323161626437396232613534613330613532323534
62626236323863383366643162356462306163653032626130333863656337623136646439316337 65653065386432313733663165616333663666363733623162306536303833663136353334656466
33306432663134383038646133346131333732633932383239643733643138303434646565663266 64353931363838613761663561666639373865393438396565626661343934353662363834636535
34616265383733343963323538656138656331396438616133393063356638633965323363653066 65363664393433313036383438643864663339626331343230343337316437336634636363303563
65353837333363613762333839313631373137363064383830353565333832356162323862393030 35373539383535353235633730386232363539616632336566376264393832383637663330613133
35373038613133643466636537626437393837633865363566343565626633376262373766613738 37643261363966633138373935333438393536373938383265373261363232343030373539366335
39343334336238363131373762646564653839623531323066356430326263376534373664363331 61633162663137643061363366653135323639363838626266386262666133306461333432313738
64373735383933303638303661333964333464306338613363326261623438336530636262373766 30313332626166303630363839396663396564633961383863326663356230343938643833303933
35346339643939666162386232666236326131366366303432393838326239313730323431376231 34333032353935323565346633363537656639613663356130383264373739636231363364613066
39363032616666393431326533643865643937363937356431623763363037373333653266376561 36653664346434393933383337313630623131396461343930383537633536643365306564396665
63323462363063343234373534663063353865363037383932386231313338343239653131633561 31353861643335353538623838393335326364393738376239623431306231363739656438626265
34623439396232633265616438623562666333303932396366663330326565363736633461333463 37666532336661306262303761616238666239623265663231386165353437366631376234343035
66346537323061306662323062393061353565393165363532306439343262343632616465363364 33393037316563373534373765616238616639303031346430623561663430393536303163613338
30376331346430313536313963333136663833323064633631653935326366633862336163316538 65353062336164626335376235656235343637366438353334356436653266333062663838316263
33383434336666303434363236396662366664393637656462363331356631613332353766636663 32623732306462356162623437393035626433336631643833626463656634366332613936346465
62323264336235306532343065323834313730353237616463373766303439663533336366363565 34653331363133373635633330363564333264623566613432383439396537343963653239336265
35646461636263646633343634323735383235376330616334373937646165623639363663353361 33326132663434363065646265646130333935303662623037363938313464366564323734333437
65613034353736633332663333616564356265323731613537393430633137333337643663323137 36336335303738643634653164306332636130316161393335656536386131396662616366383139
31623732663331653935316337306433333633353565343265666333363864346562363961333439 36663863343736666665363337663537326330323437346565346465326231366563643136366365
30656136636661396335623566386362333861616663393738626632633537613564636261383138 37636361343961326261336437616266373962643765346438333766306537303137353764396330
3233 39626635373631353635313935363834363730386132376363663462653330623130663266373432
65343237326535613535386363396236336536366165306463643162346638623638373433646163
62613935363636353639623839396231393838303135346536383037353636613563323234626131
64373666303436393861373164376564646235366131343433623733663832653039393738343537
65323534343464613230346532623966616462353532373064623566626563336464326336393364
39626237646431313135323036303065343138616632343237396136366332636132303037376132
33623031623635653162616265316366663262373666636638386130643336383130643232643662
34326663343562613962343033396332303261636230353331313730336630633461333736626333
66636430643330383032646634396133626339623036333963396662313234623466366634636334
33373762386662613966353664346239666133656435353365653536356331613632666132376264
62613433366633663065306166396166633836306139376533396165393966323465303638373563
63326330323161303065643365343363313338326238363137663139613463613434643834613662
64663365633965653363633165653038333335333232633434323037643936646561376431626230
66356138373136366134373533386634373061666330663364376336383433306331386162393633
33636330643531396464313736363061303466393861613730323563626363643731333633366532
64646130636234653566346533323962353332653335336239353630633535623935396638663366
37383661343636613261623833653032373764653164346634663431653664636233323734666166
36373664306566663930353338366431623563396166356638626166333165623263636336613138
34343936393964666564306637346561393538383137663162663630336462656663316338376236
63633666333263663734353861633164653132663334306664643133663736663766626639393236
32653430333163313363343731666135656662363838366132383732346130313130363365656263
32643533393163376264653632663262353966306630333064313932616262323134326361633764
63383837303936616434616630653833653833623263623532306363373836323431393335623530
34316562343035326265333164643163356230643639373431326431303538346363376332373434
31313666313663343363353130306561646136393732663164393232636330663635346434343134
33663138663336636430373763396435323138373633666438623234363631336232366635366532
62616239663934653462656163326134303261376635323864633435383666363065656665303538
62626538343638366236646136363232373437336630383739656438636465326531646664366462
36353663626634386538336239623734323234393463313034303837363164363263623065613061
38333162646232366339333662313965663336613238386530393162346266636532353433656136
66326436323836376432313238613165373565643233333435393361636637653361616435393438
32383763393561343734643438346635613663393736613839623263663866336165343235663933
66623137616561313462653631613830363666653635336534643935373739353138363934656134
35663063396162623432373534333463376231666466393963336231653939326663396336383735
34633763336163313432616163313638623963306666643432306661393632346339373963633265
32303862643661376433356661383335313365306534663534396638313531373538326236636363
37626138333437393363323261336663653163643565303063313231346131376261653763356631
62306262336337366134626632333663363139393131306666303235303761623665356431646234
33666461663035303066353137623762653565353533613435663839396238336337333463636465
38353135356634626137376232613330393235383432356436393030313564306537616363383136
66356463373138313661373565326565343066643133633630313031303132313031663739316631
66666631386163313034306532393862393930653931363235396662366262636466363464396466
61303962303066633764393831396632626233343633313061323838623134373036393164633139
30303861636335636131376334376239636235653233323435623262366132663934613661333135
61386136326435363337316363666330363431613135663661303438383664663930656564373730
32373731393666333364633835646431646662313232383136616238303264383438663766356462
32346664376430663934626661663039656461383738626265346162393861346163656161323333
39323666643031376530303230626166613233383731363766373634623430633635303963313466
34646331363539636133373134353535356265393265393635323532323134643034343663636362
38633261613433393634396234396265623063346138363133646532366638306632396464646432
61373961383438386535336131393633303430346162613738343839653038303035303033626535
37343030623530333332306265373539633735616634663666356437303862636338363866613861
38346130336338373865343866306665616530313938616366346131376262346135323537663137
39383366313766666234323234363937623264353532323033363966313135653163343036666262
34393832613034383239393930383063336131356364303231323966303633333331633666373764
65383137333965663234663933303231356165376233326233303035316536666563656363343933
36633039666432643135636331353932633164633964623661373739633665313433306561303637
62373534346562363132643063643732343462653838393635343266626535353864656437313434
34376538303965616539626534613431623834376337643936613137323031323139393762636463
66346664666361623636666533663037613434353135393862376633636233656330366136646434
30653735323961383130393763333630306131376430363436623238646632363462383739653636
37346566663039383866323639633565366338353438386461616239313639343766333661346435
33316538366463383733346663316564656566656165396465393461363061613239666165346661
62346639623163363762366431313831663135643062336363323336303737393437653863303665
36643466336566336236353166333063633830646461626262333937316162353365353130353535
30383164363532363532306364393236303537383139643431393962333063633162313033613561
32323434336364343061386666616639336566373461633462393130336461303531353436623065
65663430623066336533373662306566396263376562343936666166626666323964373334613835
64633535303365643564626562643562636363363834353865353765356665643965663861366436
63333736613232353130616466316637613966646139323565356537666331666564623832333439
36376131663431616430616265323039646432393166613631313762613264313765323231663961
65616636306362386534626130636261636566626365643630616135323634343935653033653433
3061

5
group_vars/bdd.yml Normal file
View file

@ -0,0 +1,5 @@
---
borg_keep_hourly: 6
borg_backup_exclude:
- "/var/lib/postgresql/"
...

8
group_vars/certbot.yml Normal file
View file

@ -0,0 +1,8 @@
---
glob_certbot:
- dns_rfc2136_server: '10.128.0.30'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: tech.aurore@lists.crans.org
certname: auro.re
domains: "*.auro.re"

32
group_vars/nginx.yml Normal file
View file

@ -0,0 +1,32 @@
---
glob_nginx:
contact: tech.aurore@lists.crans.org
who: "L'équipe technique d'Aurore"
service_name: service
ssl:
# Add adm.auro.re if necessary
- name: auro.re
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
servers:
- ssl: false # Replace by auro.re or adm.auro.re
default: true
server_name:
- "default"
- "_"
root: "/var/www/html"
locations:
- filter: "/"
params: []
additional_params: []
upstreams: []
auth_passwd: []
default_server:
default_ssl_server:
default_ssl_domain: auro.re
real_ip_from:
- "10.128.0.0/16"
- "2a09:6840:128::/64"
deploy_robots_file: false

View file

@ -0,0 +1,12 @@
---
loc_nginx:
servers: []
glob_reverseproxy:
redirect_dnames:
- aurores.net
- fede-aurore.net
reverseproxy_sites: []
redirect_sites: []

3
group_vars/routeur.yml Normal file
View file

@ -0,0 +1,3 @@
---
rsyslog_high_density: true
...

View file

@ -0,0 +1,12 @@
---
borg_keep_hourly: 6
borg_keep_daily: 7
borg_keep_weekly: 4
borg_keep_monthly: 12
borg_backup_directories:
- "/etc"
- "/var"
- "/data_nextcloud"
- "/data_gitea"
- "/data_mail"
...

View file

@ -0,0 +1,16 @@
---
borg_backup_directories:
- "/etc/"
- "/var/"
borg_backup_exclude: []
rsyslog_collector_base_dir: /var/log/remote
rsyslog_inputs:
- proto: relp
port: 20514
- proto: udp
port: 514
- proto: tcp
port: 6514
rsyslog_outputs: []
...

View file

@ -0,0 +1,3 @@
---
borg_server_backups_dir: /borg
...

View file

@ -0,0 +1,105 @@
---
loc_nginx:
service_name: captive_portal
default_server: '$server_addr'
default_ssl_server: '$server_addr'
servers:
- server_name:
- "10.13.0.247"
locations:
- filter: "/"
params:
- "return 302 https://portail-fleming.auro.re/portail/"
- ssl: auro.re
server_name:
- portail-fleming.auro.re
locations:
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
params:
- "proxy_pass http://10.128.0.20"
- "include /etc/nginx/snippets/options-proxypass.conf"
- filter: "/"
params:
- "return 302 https://portail-fleming.auro.re/portail/"
- ssl: auro.re
server_name:
- 10.23.0.247
locations:
- filter: "/"
params:
- "return 302 https://portail-pacaterie.auro.re/portail/"
- ssl: auro.re
server_name:
- portail-pacaterie.auro.re
locations:
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
params:
- "proxy_pass http://10.128.0.20"
- "include /etc/nginx/snippets/options-proxypass.conf"
- filter: "/"
params:
- "return 302 https://portail-pacaterie.auro.re/portail/"
- ssl: auro.re
server_name:
- "10.33.0.247"
locations:
- filter: "/"
params:
- "return 302 https://portail-rives.auro.re/portail/"
- ssl: auro.re
server_name:
- portail-rives.auro.re
locations:
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
params:
- "proxy_pass http://10.128.0.20"
- "include /etc/nginx/snippets/options-proxypass.conf"
- filter: "/"
params:
- "return 302 https://portail-rives.auro.re/portail/"
- ssl: auro.re
server_name:
- "10.43.0.247"
locations:
- filter: "/"
params:
- "return 302 https://portail-edc.auro.re/portail/"
- ssl: auro.re
server_name:
- portail-edc.auro.re
locations:
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
params:
- "proxy_pass http://10.128.0.20"
- "include /etc/nginx/snippets/options-proxypass.conf"
- filter: "/"
params:
- "return 302 https://portail-edc.auro.re/portail/"
- ssl: auro.re
server_name:
- "10.53.0.247"
locations:
- filter: "/"
params:
- "return 302 https://portail-gs.auro.re/portail/"
- ssl: auro.re
server_name:
- portail-gs.auro.re
locations:
- filter: "~ /(potail|cotisations/comnpay|static|javascript|media|about|contact|logout|.*-autocomplete)"
params:
- "proxy_pass http://10.128.0.20"
- "include /etc/nginx/snippets/options-proxypass.conf"
- filter: "/"
params:
- "return 302 https://portail-gs.auro.re/portail/"

View file

@ -1,44 +1,20 @@
--- ---
certbot: loc_certbot:
domains: - dns_rfc2136_server: '10.128.0.30'
- auro.re dns_rfc2136_name: certbot_challenge.
- chat.auro.re # cname to riot.auro.re dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
- codimd.auro.re mail: tech.aurore@lists.crans.org
- element.auro.re # cname to riot.auro.re certname: auro.re
- ehterpad.auro.re # cname to pad.auro.re domains: "auro.re, *.auro.re"
- grafana.auro.re
- hedgedoc.auro.re # cname to codimd.auro.re
- pad.auro.re
- passbolt.auro.re
- paste.auro.re # cname to privatebin.auro.re
- phabricator.auro.re
- privatebin.auro.re
- riot.auro.re
- sharelatex.auro.re
- status.auro.re
- wiki.auro.re
- www.auro.re
- zero.auro.re # cname to privatebin.auro.re
mail: tech.aurore@lists.crans.org
certname: auro.re
nginx:
ssl:
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
redirect_dnames:
- aurores.net
- fede-aurore.net
redirect_tcp: {}
loc_reverseproxy:
redirect_sites: redirect_sites:
- from: www.auro.re - from: www.auro.re
to: auro.re to: auro.re
- from: 92.222.211.195 - from: 92.222.211.195
to: auro.re to: auro.re
- from: codimd.auro.re
to: hedgedoc.auro.re
reverseproxy_sites: reverseproxy_sites:
- from: phabricator.auro.re - from: phabricator.auro.re
@ -53,6 +29,9 @@ nginx:
- from: passbolt.auro.re - from: passbolt.auro.re
to: 10.128.0.53 to: 10.128.0.53
- from: auth.auro.re
to: 10.128.0.150:8089
- from: riot.auro.re - from: riot.auro.re
to: "10.128.0.150:8080" to: "10.128.0.150:8080"
- from: element.auro.re - from: element.auro.re
@ -60,8 +39,6 @@ nginx:
- from: chat.auro.re - from: chat.auro.re
to: "10.128.0.150:8080" to: "10.128.0.150:8080"
- from: codimd.auro.re
to: "10.128.0.150:8081"
- from: hedgedoc.auro.re - from: hedgedoc.auro.re
to: "10.128.0.150:8081" to: "10.128.0.150:8081"
@ -82,5 +59,10 @@ nginx:
- from: cas.auro.re - from: cas.auro.re
to: "10.128.0.150:8085" to: "10.128.0.150:8085"
- from: rss.auro.re
to: 10.128.0.150:8090
- from: status.auro.re - from: status.auro.re
to: "10.128.0.150:8086" to: "10.128.0.150:8086"
- from: "kanboard.auro.re"
to: "10.128.0.150:8088"
...

View file

@ -1,31 +1,31 @@
--- ---
certbot: loc_certbot:
domains: - dns_rfc2136_server: '10.128.0.30'
- bbb.auro.re dns_rfc2136_name: certbot_adm_challenge.
- drone.auro.re dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
- gitea.auro.re mail: tech.aurore@lists.crans.org
- intranet.auro.re certname: adm.auro.re
- litl.auro.re domains: "*.adm.auro.re"
- nextcloud.auro.re - dns_rfc2136_server: '10.128.0.30'
- re2o.auro.re dns_rfc2136_name: certbot_challenge.
- vote.auro.re dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
- re2o-server.auro.re mail: tech.aurore@lists.crans.org
- re2o-test.auro.re certname: auro.re
- wikijs.auro.re domains: "*.auro.re"
mail: tech.aurore@lists.crans.org loc_nginx:
certname: auro.re servers: []
nginx:
ssl: ssl:
cert: /etc/letsencrypt/live/auro.re/fullchain.pem - name: adm.auro.re
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem cert: /etc/letsencrypt/live/adm.auro.re/fullchain.pem
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem cert_key: /etc/letsencrypt/live/adm.auro.re/privkey.pem
trusted_cert: /etc/letsencrypt/live/adm.auro.re/chain.pem
redirect_dnames: - name: auro.re
- aurores.net cert: /etc/letsencrypt/live/auro.re/fullchain.pem
- fede-aurore.net cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
loc_reverseproxy:
redirect_tcp: redirect_tcp:
- name: Gitea - name: Gitea
port: 2222 port: 2222
@ -33,7 +33,7 @@ nginx:
redirect_sites: redirect_sites:
- from: 45.66.111.61 - from: 45.66.111.61
to: auro.re to: intranet.auro.re
reverseproxy_sites: reverseproxy_sites:
- from: re2o.auro.re - from: re2o.auro.re
@ -41,14 +41,14 @@ nginx:
- from: intranet.auro.re - from: intranet.auro.re
to: 10.128.0.20 to: 10.128.0.20
- from: bbb.auro.re
to: 10.128.0.54
- from: nextcloud.auro.re - from: nextcloud.auro.re
to: "10.128.0.58:8080" to: "10.128.0.58:8080"
- from: gitea.auro.re - from: gitea.auro.re
to: "10.128.0.60:3000" to: "10.128.0.60:3000"
- from: git.adm.auro.re
to: "10.128.0.60:3000"
ssl: adm.auro.re
- from: drone.auro.re - from: drone.auro.re
to: "10.128.0.64:8000" to: "10.128.0.64:8000"
@ -61,3 +61,12 @@ nginx:
- from: wikijs.auro.re - from: wikijs.auro.re
to: "10.128.0.66:3000" to: "10.128.0.66:3000"
- from: wiki.auro.re
to: "10.128.0.66:3000"
- from: netbox.auro.re
to: 10.128.0.97
- from: grafana.auro.re
to: "10.128.0.98:3000"

403
hosts
View file

@ -8,10 +8,11 @@
############################################################################### ###############################################################################
# Aurore : main services # Aurore : main services
viviane.adm.auro.re
[aurore_pve] [aurore_pve]
merlin.adm.auro.re escalope.adm.auro.re
services-1.pve.auro.re
services-2.pve.auro.re
services-3.pve.auro.re
[aurore_vm] [aurore_vm]
routeur-aurore.adm.auro.re routeur-aurore.adm.auro.re
@ -25,17 +26,30 @@ camelot.adm.auro.re
gitea.adm.auro.re gitea.adm.auro.re
drone.adm.auro.re drone.adm.auro.re
nextcloud.adm.auro.re nextcloud.adm.auro.re
stream.adm.auro.re galene.adm.auro.re
re2o-server.adm.auro.re re2o-server.adm.auro.re
re2o-ldap.adm.auro.re re2o-ldap.adm.auro.re
re2o-db.adm.auro.re re2o-db.adm.auro.re
pendragon.adm.auro.re
services-bdd-local.adm.auro.re
backup.adm.auro.re
services-web.adm.auro.re
mail.adm.auro.re mail.adm.auro.re
wikijs.adm.auro.re wikijs.adm.auro.re
prometheus-aurore.adm.auro.re
portail.adm.auro.re
jitsi-aurore.adm.auro.re
log.adm.auro.re
bdd.adm.auro.re
bdd-ovh.adm.auro.re
litl.adm.auro.re
log.adm.auro.re
netbox.adm.auro.re
grafana.adm.auro.re
dolibarr.adm.auro.re
infra-1.router.auro.re ansible_host=10.129.0.245
infra-2.router.auro.re ansible_host=10.129.0.246
[aurore_testing_vm]
[aurore_ilo]
escalope-ilo.adm.auro.re
############################################################################### ###############################################################################
# OVH # OVH
@ -45,20 +59,16 @@ horus.adm.auro.re
[ovh_container] [ovh_container]
synapse.adm.auro.re synapse.adm.auro.re
services-bdd.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re www.adm.auro.re
proxy-ovh.adm.auro.re proxy-ovh.adm.auro.re
matrix-services.adm.auro.re
[ovh_vm] [ovh_vm]
serge.adm.auro.re serge.adm.auro.re
passbolt.adm.auro.re
vpn-ovh.adm.auro.re
docker-ovh.adm.auro.re docker-ovh.adm.auro.re
switchs-manager.adm.auro.re switchs-manager.adm.auro.re
ldap-replica-ovh.adm.auro.re ldap-replica-ovh.adm.auro.re
prometheus-ovh.adm.auro.re
prometheus-federate.adm.auro.re
[ovh_testing_vm] [ovh_testing_vm]
#re2o-test.adm.auro.re #re2o-test.adm.auro.re
@ -67,8 +77,10 @@ ldap-replica-ovh.adm.auro.re
############################################################################### ###############################################################################
# Les Jardins de Fleming # Les Jardins de Fleming
[fleming_server]
perceval.adm.auro.re
[fleming_pve] [fleming_pve]
freya.adm.auro.re
marki.adm.auro.re marki.adm.auro.re
[fleming_vm] [fleming_vm]
@ -77,37 +89,30 @@ dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re dns-fleming-backup.adm.auro.re
ntp-1.int.infra.auro.re
prometheus-fleming.adm.auro.re prometheus-fleming.adm.auro.re
#prometheus-fleming-fo.adm.auro.re #prometheus-fleming-fo.adm.auro.re
radius-fleming.adm.auro.re radius-fleming.adm.auro.re
dns-1.int.infra.auro.re
isp-1.rtr.infra.auro.re
isp-2.rtr.infra.auro.re
dhcp-1.isp.auro.re
dhcp-2.isp.auro.re
radius-fleming-backup.adm.auro.re radius-fleming-backup.adm.auro.re
unifi-fleming.adm.auro.re unifi-fleming.adm.auro.re
routeur-fleming.adm.auro.re routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re routeur-fleming-backup.adm.auro.re
[fleming_ilo]
marki-ilo.adm.auro.re
[fleming_unifi] [fleming_unifi]
ff-1-2.borne.auro.re fa-0-1.borne.auro.re
fe-1-2.borne.auro.re
ff-2-2.borne.auro.re
ff-3-2.borne.auro.re
ff-4-2.borne.auro.re
fh-1-2.borne.auro.re
fh-2-2.borne.auro.re
fe-3-2.borne.auro.re
fe-2-2.borne.auro.re
fe-4-2.borne.auro.re
fh-3-2.borne.auro.re
fh-4-2.borne.auro.re
fg-3-2.borne.auro.re
fg-2-2.borne.auro.re
fi-1-2.borne.auro.re
fi-2-2.borne.auro.re
fi-3-2.borne.auro.re
fi-4-2.borne.auro.re
fa-1-1.borne.auro.re fa-1-1.borne.auro.re
fa-2-1.borne.auro.re fa-2-1.borne.auro.re
fa-3-1.borne.auro.re fa-3-1.borne.auro.re
fa-4-1.borne.auro.re fa-4-1.borne.auro.re
fa-j-1.borne.auro.re
fb-0-1.borne.auro.re fb-0-1.borne.auro.re
fb-1-1.borne.auro.re fb-1-1.borne.auro.re
fb-2-1.borne.auro.re fb-2-1.borne.auro.re
@ -118,67 +123,83 @@ fc-1-1.borne.auro.re
fc-2-1.borne.auro.re fc-2-1.borne.auro.re
fc-3-1.borne.auro.re fc-3-1.borne.auro.re
fc-4-1.borne.auro.re fc-4-1.borne.auro.re
fd-2-1.borne.auro.re
fd-0-1.borne.auro.re fd-0-1.borne.auro.re
fd-1-1.borne.auro.re fd-1-1.borne.auro.re
fa-0-1.borne.auro.re fd-2-1.borne.auro.re
fd-3-1.borne.auro.re fd-3-1.borne.auro.re
fe-0-1.borne.auro.re fe-0-1.borne.auro.re
fe-1-1.borne.auro.re
fe-1-2.borne.auro.re
fe-2-1.borne.auro.re
fe-2-2.borne.auro.re
fe-3-1.borne.auro.re fe-3-1.borne.auro.re
fe-3-2.borne.auro.re
fe-4-1.borne.auro.re fe-4-1.borne.auro.re
fe-4-2.borne.auro.re
ff-0-1.borne.auro.re ff-0-1.borne.auro.re
ff-0-f.borne.auro.re
ff-1-1.borne.auro.re ff-1-1.borne.auro.re
ff-1-2.borne.auro.re
ff-2-1.borne.auro.re ff-2-1.borne.auro.re
ff-2-2.borne.auro.re
ff-3-1.borne.auro.re ff-3-1.borne.auro.re
ff-3-2.borne.auro.re
ff-4-1.borne.auro.re ff-4-1.borne.auro.re
ff-4-2.borne.auro.re
fg-0-1.borne.auro.re fg-0-1.borne.auro.re
fg-1-1.borne.auro.re fg-1-1.borne.auro.re
fg-1-2.borne.auro.re
fg-2-1.borne.auro.re fg-2-1.borne.auro.re
fg-2-2.borne.auro.re
fg-3-1.borne.auro.re fg-3-1.borne.auro.re
fg-3-2.borne.auro.re
fg-4-1.borne.auro.re fg-4-1.borne.auro.re
fh-0-1.borne.auro.re fh-0-1.borne.auro.re
fh-1-1.borne.auro.re fh-1-1.borne.auro.re
fh-1-2.borne.auro.re
fh-2-1.borne.auro.re fh-2-1.borne.auro.re
fh-2-2.borne.auro.re
fh-3-1.borne.auro.re fh-3-1.borne.auro.re
fe-2-1.borne.auro.re fh-3-2.borne.auro.re
fh-4-1.borne.auro.re fh-4-1.borne.auro.re
fh-4-2.borne.auro.re
fi-0-1.borne.auro.re fi-0-1.borne.auro.re
fi-0-2.borne.auro.re
fi-1-1.borne.auro.re fi-1-1.borne.auro.re
fi-1-2.borne.auro.re
fi-2-1.borne.auro.re fi-2-1.borne.auro.re
fi-2-2.borne.auro.re
fi-3-1.borne.auro.re fi-3-1.borne.auro.re
fi-3-2.borne.auro.re
fi-4-1.borne.auro.re fi-4-1.borne.auro.re
fi-4-2.borne.auro.re
fj-0-1.borne.auro.re fj-0-1.borne.auro.re
fj-1-1.borne.auro.re fj-1-1.borne.auro.re
fj-1-2.borne.auro.re
fj-2-1.borne.auro.re fj-2-1.borne.auro.re
fj-2-2.borne.auro.re
fj-3-1.borne.auro.re fj-3-1.borne.auro.re
fj-3-2.borne.auro.re
fj-4-1.borne.auro.re fj-4-1.borne.auro.re
fj-4-2.borne.auro.re
fk-0-1.borne.auro.re fk-0-1.borne.auro.re
fk-1-1.borne.auro.re fk-1-1.borne.auro.re
fk-1-2.borne.auro.re
fk-2-1.borne.auro.re fk-2-1.borne.auro.re
fk-2-2.borne.auro.re
fk-3-1.borne.auro.re fk-3-1.borne.auro.re
fk-3-2.borne.auro.re
fk-4-1.borne.auro.re fk-4-1.borne.auro.re
fk-4-2.borne.auro.re
fl-0-1.borne.auro.re fl-0-1.borne.auro.re
fl-1-1.borne.auro.re fl-1-1.borne.auro.re
fl-2-1.borne.auro.re
fl-3-1.borne.auro.re
fl-4-1.borne.auro.re
fe-1-1.borne.auro.re
ff-0-f.borne.auro.re
fj-4-2.borne.auro.re
fj-3-2.borne.auro.re
fj-2-2.borne.auro.re
fj-1-2.borne.auro.re
fk-4-2.borne.auro.re
fk-3-2.borne.auro.re
fk-2-2.borne.auro.re
fk-1-2.borne.auro.re
fl-4-2.borne.auro.re
fl-3-2.borne.auro.re
fl-2-2.borne.auro.re
fl-1-2.borne.auro.re fl-1-2.borne.auro.re
fa-j-1.borne.auro.re fl-2-1.borne.auro.re
fg-1-2.borne.auro.re fl-2-2.borne.auro.re
fi-0-2.borne.auro.re fl-3-1.borne.auro.re
fl-3-2.borne.auro.re
fl-4-1.borne.auro.re
fl-4-2.borne.auro.re
############################################################################### ###############################################################################
# Pacaterie # Pacaterie
@ -201,48 +222,51 @@ unifi-pacaterie.adm.auro.re
routeur-pacaterie.adm.auro.re routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re routeur-pacaterie-backup.adm.auro.re
[pacaterie_ilo]
mordred-ilo.adm.auro.re
titan-ilo.adm.auro.re
[pacaterie_unifi] [pacaterie_unifi]
pn-1-1.borne.auro.re pc-1-1.borne.auro.re
pn-0-1.borne.auro.re
pn-0-2.borne.auro.re pn-0-2.borne.auro.re
pn-0-3.borne.auro.re pn-0-3.borne.auro.re
pn-1-1.borne.auro.re
pn-1-2.borne.auro.re
pn-1-3.borne.auro.re pn-1-3.borne.auro.re
pn-3-1.borne.auro.re pn-2-1.borne.auro.re
pn-2-2.borne.auro.re pn-2-2.borne.auro.re
pn-2-3.borne.auro.re pn-2-3.borne.auro.re
pn-3-3.borne.auro.re pn-3-1.borne.auro.re
pn-4-3.borne.auro.re
pn-2-1.borne.auro.re
pn-3-2.borne.auro.re pn-3-2.borne.auro.re
pn-0-1.borne.auro.re pn-3-3.borne.auro.re
pn-1-2.borne.auro.re
pc-1-1.borne.auro.re
pn-4-2.borne.auro.re
pn-4-1.borne.auro.re pn-4-1.borne.auro.re
ps-0-3.borne.auro.re pn-4-2.borne.auro.re
pn-4-3.borne.auro.re
ps-0-1.borne.auro.re ps-0-1.borne.auro.re
ps-1-3.borne.auro.re
ps-2-3.borne.auro.re
ps-1-2.borne.auro.re
ps-3-2.borne.auro.re
ps-4-1.borne.auro.re
ps-2-1.borne.auro.re
ps-3-1.borne.auro.re
ps-4-3.borne.auro.re
ps-2-2.borne.auro.re
ps-1-1.borne.auro.re
ps-4-2.borne.auro.re
ps-0-2.borne.auro.re ps-0-2.borne.auro.re
ps-0-3.borne.auro.re
ps-1-1.borne.auro.re
ps-1-2.borne.auro.re
ps-1-3.borne.auro.re
ps-2-1.borne.auro.re
ps-2-2.borne.auro.re
ps-2-3.borne.auro.re
ps-3-1.borne.auro.re
ps-3-2.borne.auro.re
ps-3-3.borne.auro.re ps-3-3.borne.auro.re
ps-4-1.borne.auro.re
ps-4-2.borne.auro.re
ps-4-3.borne.auro.re
############################################################################### ###############################################################################
# Emilie du Chatelet # Emilie du Chatelet
[edc_server] [edc_server]
perceval.adm.auro.re caradoc.adm.auro.re
[edc_pve] [edc_pve]
chapalux.adm.auro.re chapalux.adm.auro.re
escalope.adm.auro.re
[edc_vm] [edc_vm]
routeur-edc.adm.auro.re routeur-edc.adm.auro.re
@ -257,12 +281,20 @@ radius-edc-backup.adm.auro.re
ldap-replica-edc.adm.auro.re ldap-replica-edc.adm.auro.re
prometheus-edc.adm.auro.re prometheus-edc.adm.auro.re
[edc_ilo]
caradoc-ilo.adm.auro.re
chapalux-ilo.adm.auro.re
[edc_unifi] [edc_unifi]
ep-1-1.borne.auro.re ee-2-1.borne.auro.re
ep-1-3.borne.auro.re ee-2-2.borne.auro.re
ep-1-2.borne.auro.re eo-0-1.borne.auro.re
ep-0-1.borne.auro.re
eo-2-1.borne.auro.re eo-2-1.borne.auro.re
ep-0-1.borne.auro.re
ep-1-1.borne.auro.re
ep-1-2.borne.auro.re
ep-1-3.borne.auro.re
############################################################################### ###############################################################################
# George Sand # George Sand
@ -284,59 +316,65 @@ radius-gs-backup.adm.auro.re
prometheus-gs.adm.auro.re prometheus-gs.adm.auro.re
ldap-replica-gs.adm.auro.re ldap-replica-gs.adm.auro.re
[gs_ilo]
lancelot-ilo.adm.auro.re
odin-ilo.adm.auro.re
[gs_unifi] [gs_unifi]
ga-1-2.borne.auro.re
ge-3-2.borne.auro.re
gb-4-2.borne.auro.re
gg-5-2.borne.auro.re
gd-5-2.borne.auro.re
gc-5-2.borne.auro.re
gc-3-1.borne.auro.re
gc-4-1.borne.auro.re
gg-5-1.borne.auro.re
ge-1-2.borne.auro.re
gh-1-2.borne.auro.re
gd-1-2.borne.auro.re
gf-3-2.borne.auro.re
gd-4-2.borne.auro.re
ga-0-1.borne.auro.re ga-0-1.borne.auro.re
ga-1-1.borne.auro.re ga-1-1.borne.auro.re
ga-1-2.borne.auro.re
ga-2-1.borne.auro.re ga-2-1.borne.auro.re
ga-2-2.borne.auro.re
ga-3-1.borne.auro.re ga-3-1.borne.auro.re
ga-4-1.borne.auro.re ga-4-1.borne.auro.re
ga-5-1.borne.auro.re ga-5-1.borne.auro.re
ga-5-2.borne.auro.re
gb-1-1.borne.auro.re gb-1-1.borne.auro.re
gc-1-1.borne.auro.re
gc-2-1.borne.auro.re
gc-5-1.borne.auro.re
gb-2-1.borne.auro.re gb-2-1.borne.auro.re
gb-3-1.borne.auro.re gb-3-1.borne.auro.re
gb-4-1.borne.auro.re gb-4-1.borne.auro.re
gb-4-2.borne.auro.re
gb-5-1.borne.auro.re gb-5-1.borne.auro.re
gc-1-1.borne.auro.re
gc-2-1.borne.auro.re
gc-3-1.borne.auro.re
gc-4-1.borne.auro.re
gc-5-1.borne.auro.re
gc-5-2.borne.auro.re
gd-1-1.borne.auro.re gd-1-1.borne.auro.re
gd-1-2.borne.auro.re
gd-2-1.borne.auro.re gd-2-1.borne.auro.re
gd-3-1.borne.auro.re gd-3-1.borne.auro.re
gd-4-1.borne.auro.re gd-4-1.borne.auro.re
gd-4-2.borne.auro.re
gd-5-1.borne.auro.re gd-5-1.borne.auro.re
gd-5-2.borne.auro.re
gd-garage-1.borne.auro.re
ge-0-1.borne.auro.re ge-0-1.borne.auro.re
ge-1-1.borne.auro.re ge-1-1.borne.auro.re
ge-1-2.borne.auro.re
ge-2-1.borne.auro.re ge-2-1.borne.auro.re
ge-2-2.borne.auro.re
ge-3-1.borne.auro.re ge-3-1.borne.auro.re
ge-3-2.borne.auro.re
ge-4-1.borne.auro.re ge-4-1.borne.auro.re
ge-5-1.borne.auro.re ge-5-1.borne.auro.re
gf-0-1.borne.auro.re gf-0-1.borne.auro.re
gf-1-1.borne.auro.re
gf-2-1.borne.auro.re gf-2-1.borne.auro.re
gf-3-1.borne.auro.re gf-3-1.borne.auro.re
gf-3-2.borne.auro.re
gf-4-1.borne.auro.re gf-4-1.borne.auro.re
gf-1-1.borne.auro.re
gd-garage-1.borne.auro.re
gf-5-1.borne.auro.re gf-5-1.borne.auro.re
gg-5-1.borne.auro.re
gg-5-2.borne.auro.re
gh-1-2.borne.auro.re
############################################################################### ###############################################################################
# Les Rives # Les Rives
[rives_pve] [rives_pve]
thor.adm.auro.re loki.adm.auro.re
[rives_vm] [rives_vm]
dhcp-rives-backup.adm.auro.re dhcp-rives-backup.adm.auro.re
@ -345,41 +383,76 @@ dns-rives-backup.adm.auro.re
radius-rives-backup.adm.auro.re radius-rives-backup.adm.auro.re
routeur-rives-backup.adm.auro.re routeur-rives-backup.adm.auro.re
ldap-replica-rives.adm.auro.re ldap-replica-rives.adm.auro.re
prometheus-rives.adm.auro.re
dhcp-rives.adm.auro.re
dns-rives.adm.auro.re
radius-rives.adm.auro.re
routeur-rives.adm.auro.re
[rives_ilo]
loki-ilo.adm.auro.re
[rives_unifi] [rives_unifi]
r3-4-4.borne.auro.re r1-1-1.borne.auro.re
r3-4-3.borne.auro.re r1-1-2.borne.auro.re
r3-2-1.borne.auro.re r1-1-3.borne.auro.re
r3-4-1.borne.auro.re r1-1-4.borne.auro.re
r3-2-8.borne.auro.re r1-1-5.borne.auro.re
r3-3-4.borne.auro.re r1-1-6.borne.auro.re
r3-1-3.borne.auro.re r1-2-1.borne.auro.re
r3-3-5.borne.auro.re r1-2-2.borne.auro.re
r3-2-4.borne.auro.re r1-2-3.borne.auro.re
r3-3-6.borne.auro.re r1-2-4.borne.auro.re
r3-1-2.borne.auro.re r1-3-1.borne.auro.re
r3-4-5.borne.auro.re r1-3-2.borne.auro.re
r3-2-2.borne.auro.re r1-3-3.borne.auro.re
r3-4-6.borne.auro.re r1-3-4.borne.auro.re
r1-3-5.borne.auro.re
r1-3-6.borne.auro.re
r2-1-1.borne.auro.re
r2-1-2.borne.auro.re
r2-1-3.borne.auro.re
r2-1-4.borne.auro.re
r2-2-1.borne.auro.re
r2-2-2.borne.auro.re
r2-2-3.borne.auro.re
r2-3-1.borne.auro.re
r2-3-2.borne.auro.re
r2-3-3.borne.auro.re
r2-3-4.borne.auro.re
r3-0-1.borne.auro.re
r3-0-2.borne.auro.re
r3-0-3.borne.auro.re
r3-0-4.borne.auro.re
r3-1-1.borne.auro.re r3-1-1.borne.auro.re
r3-4-7.borne.auro.re r3-1-2.borne.auro.re
r3-4-2.borne.auro.re r3-1-3.borne.auro.re
r3-4-8.borne.auro.re r3-1-4.borne.auro.re
r3-2-3.borne.auro.re r3-1-5.borne.auro.re
r3-1-6.borne.auro.re r3-1-6.borne.auro.re
r3-1-7.borne.auro.re r3-1-7.borne.auro.re
r3-2-1.borne.auro.re
r3-2-2.borne.auro.re
r3-2-3.borne.auro.re
r3-2-4.borne.auro.re
r3-2-5.borne.auro.re r3-2-5.borne.auro.re
r3-2-6.borne.auro.re r3-2-6.borne.auro.re
r3-2-7.borne.auro.re r3-2-7.borne.auro.re
r3-3-3.borne.auro.re r3-2-8.borne.auro.re
r3-0-1.borne.auro.re
r3-3-2.borne.auro.re
r3-0-2.borne.auro.re
r3-3-1.borne.auro.re r3-3-1.borne.auro.re
r3-0-3.borne.auro.re r3-3-2.borne.auro.re
r3-1-5.borne.auro.re r3-3-3.borne.auro.re
r3-0-4.borne.auro.re r3-3-4.borne.auro.re
r3-1-4.borne.auro.re r3-3-5.borne.auro.re
r3-3-6.borne.auro.re
r3-4-1.borne.auro.re
r3-4-2.borne.auro.re
r3-4-3.borne.auro.re
r3-4-4.borne.auro.re
r3-4-5.borne.auro.re
r3-4-6.borne.auro.re
r3-4-7.borne.auro.re
r3-4-8.borne.auro.re
# -aurore services # -aurore services
[aurore:children] [aurore:children]
@ -394,31 +467,35 @@ ovh_vm
# everything at fleming # everything at fleming
[fleming:children] [fleming:children]
fleming_server
fleming_pve fleming_pve
fleming_vm fleming_vm
#fleming_unifi fleming_unifi
# everything at pacaterie # everything at pacaterie
[pacaterie:children] [pacaterie:children]
pacaterie_pve pacaterie_pve
pacaterie_vm pacaterie_vm
#pacaterie_unifi pacaterie_unifi
# everything at edc # everything at edc
[edc:children] [edc:children]
edc_server
edc_pve edc_pve
edc_vm edc_vm
edc_unifi
# everything at georgesand # everything at georgesand
[gs:children] [gs:children]
gs_pve gs_pve
gs_vm gs_vm
gs_unifi
# everything at Les Rives # everything at Les Rives
[rives:children] [rives:children]
rives_pve rives_pve
rives_vm rives_vm
rives_unifi
############################################################################### ###############################################################################
# Groups by type # Groups by type
@ -436,6 +513,11 @@ edc_vm
gs_vm gs_vm
rives_vm rives_vm
# every server
[server:children]
fleming_server
edc_server
# every PVE # every PVE
[pve:children] [pve:children]
ovh_pve ovh_pve
@ -456,6 +538,20 @@ pacaterie_unifi
############################################################################### ###############################################################################
# Groups by service # Groups by service
[routeur]
routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re
routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re
routeur-edc.adm.auro.re
routeur-edc-backup.adm.auro.re
routeur-gs.adm.auro.re
routeur-gs-backup.adm.auro.re
routeur-rives.adm.auro.re
routeur-rives-backup.adm.auro.re
routeur-aurore.adm.auro.re
routeur-aurore-backup.adm.auro.re
[ldap_replica:children] [ldap_replica:children]
ldap_replica_fleming ldap_replica_fleming
ldap_replica_pacaterie ldap_replica_pacaterie
@ -482,3 +578,46 @@ ldap-replica-ovh.adm.auro.re
[ldap_replica_rives] [ldap_replica_rives]
ldap-replica-rives.adm.auro.re ldap-replica-rives.adm.auro.re
[certbot]
portail.adm.auro.re
[certbot:children]
reverseproxy
[nginx]
portail.adm.auro.re
[nginx:children]
reverseproxy
[reverseproxy]
proxy-ovh.adm.auro.re
proxy.adm.auro.re
[bdd]
bdd.adm.auro.re
bdd-ovh.adm.auro.re
re2o-db.adm.auro.re
[radius]
radius-aurore.adm.auro.re
radius-fleming.adm.auro.re
radius-fleming-backup.adm.auro.re
radius-edc.adm.auro.re
radius-edc-backup.adm.auro.re
radius-gs.adm.auro.re
radius-gs-backup.adm.auro.re
radius-pacaterie.adm.auro.re
radius-pacaterie-backup.adm.auro.re
radius-rives.adm.auro.re
radius-rives-backup.adm.auro.re
[prometheus]
prometheus-ovh.adm.auro.re
prometheus-aurore.adm.auro.re
prometheus-rives.adm.auro.re
prometheus-gs.adm.auro.re
prometheus-edc.adm.auro.re
prometheus-pacaterie.adm.auro.re
prometheus-fleming.adm.auro.re
prometheus-federate.adm.auro.re

View file

@ -1,62 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: prometheus-fleming.adm.auro.re,prometheus-fleming-fo.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-pacaterie.adm.auro.re,prometheus-pacaterie-fo.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-edc.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['edc_pve'] + groups['edc_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['edc_unifi'] | list | sort }}"
roles:
- prometheus
- hosts: prometheus-gs.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# Prometheus targets.json
prometheus_targets:
- targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets:
- targets: "{{ groups['gs_unifi'] | list | sort }}"
roles:
- prometheus
# Monitor all hosts
- hosts: all,!unifi,!ovh
roles:
- prometheus_node

View file

@ -1,65 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Set up DHCP servers.
- hosts: dhcp-*.adm.auro.re
roles:
- isc_dhcp_server
# Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
roles:
- unbound
# Déploiement du service re2o aurore-firewall et keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
roles:
- router
- radvd
# No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re
roles:
- router
- ipv6_edge_router
# Radius (backup only for now)
- hosts: radius-*.adm.auro.re
roles:
- radius
# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
# vars:
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
# service_name: dns
# service_version: crans
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o-service
# Deploy Unifi Controller
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
# roles:
# - unifi-controller
# Deploy Re2o switch service
# - hosts: switchs-manager.adm.auro.re
# vars:
# service_repo: https://gitlab.federez.net/re2o/switchs.git
# service_name: switchs
# service_version: master
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o-service

View file

@ -5,13 +5,6 @@
roles: roles:
- baseconfig - baseconfig
- basesecurity - basesecurity
# Plug LDAP on all servers
- hosts: all,!unifi
roles:
- ldap_client - ldap_client
# Install logrotate
- hosts: all,!unifi,!pve
roles:
- logrotate - logrotate
- update_motd

32
playbooks/borgbackup.yml Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env ansible-playbook
---
- hosts: perceval.adm.auro.re
vars:
update_motd:
borgbackup_server: >-
Les sauvegardes (borg) sont stockées dans
{{ borg_server_backups_dir }}.
roles:
- borgbackup_server
- update_motd
- hosts: all,!unifi,!unifi-*,!bdd
vars:
update_motd:
borgbackup_client: >-
BorgBackup est déployé (/etc/borgmatic/config.yaml)
roles:
- borgbackup_client
- update_motd
# On databases server, also backup databases
- hosts: bdd
vars:
borg_postgresql_databases: true
update_motd:
borgbackup_client: >-
BorgBackup est déployé (/etc/borgmatic/config.yaml)
roles:
- borgbackup_client
- update_motd
...

27
playbooks/chronyd.yml Executable file
View file

@ -0,0 +1,27 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
vars:
chronyd__allow_networks:
- 10.128.0.0/16
- 2a09:6840:128::/48
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
chronyd__local_stratum: 10
roles:
- chronyd
- hosts:
- all
- "!ntp-1.int.infra.auro.re"
- "!unifi"
vars:
chronyd__pools:
- ntp-1.int.infra.auro.re
roles:
- chronyd
...

10
playbooks/docker.yml Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Docker hosts
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
vars:
update_motd:
docker: Docker est déployé.
roles:
- docker
- update_motd

27
playbooks/grafana.yml Executable file
View file

@ -0,0 +1,27 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Grafana
- hosts: grafana.adm.auro.re
vars:
grafana:
root_url: https://grafana.auro.re
database:
type: postgres
host: 10.128.0.95
name: grafana
user: grafana
password: "{{ vault_postgresql_grafana_passwd }}"
ldap:
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
bind_password: "{{ vault_ldap_grafana_password }}"
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
editors_group_dn:
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
update_motd:
grafana: Grafana est déployé (/etc/grafana).
roles:
- grafana
- update_motd

213
playbooks/ifupdown2.yml Executable file
View file

@ -0,0 +1,213 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
# TODO: netbox
ifupdown2__hosts:
ntp-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::203/56
- 10.128.0.203/16
dns-1.int.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::127/56
- 10.128.0.127/16
dhcp-1.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::204/56
- 10.128.0.204/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.2/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.34/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.66/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.98/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.130/27
vlan_id: 1004
vlan_raw_device: clients
dhcp-2.isp.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::91/56
- 10.128.0.91/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
addresses:
- 100.64.0.3/27
vlan_id: 1000
vlan_raw_device: clients
client-1:
addresses:
- 100.64.0.35/27
vlan_id: 1001
vlan_raw_device: clients
client-2:
addresses:
- 100.64.0.67/27
vlan_id: 1002
vlan_raw_device: clients
client-3:
addresses:
- 100.64.0.99/27
vlan_id: 1003
vlan_raw_device: clients
client-4:
addresses:
- 100.64.0.131/27
vlan_id: 1004
vlan_raw_device: clients
isp-1.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::255/56
- 10.128.0.255/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
bridge_disable_pvid: true
forward: true
ipv6_addrgen: false
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
isp-2.rtr.infra.auro.re:
ens18:
gateways:
- 2a09:6840:128::254
- 10.128.0.254
addresses:
- 2a09:6840:128::158/56
- 10.128.0.158/16
ens19: null
clients:
bridge_vlan_aware: true
bridge_ports:
- ens19
bridge_vids:
- 1000-1004
client-0:
forward: true
vlan_id: 1000
vlan_raw_device: clients
ipv6_addrgen: false
client-1:
forward: true
vlan_id: 1001
vlan_raw_device: clients
ipv6_addrgen: false
client-2:
forward: true
vlan_id: 1002
vlan_raw_device: clients
ipv6_addrgen: false
client-3:
forward: true
vlan_id: 1003
vlan_raw_device: clients
ipv6_addrgen: false
client-4:
forward: true
vlan_id: 1004
vlan_raw_device: clients
ipv6_addrgen: false
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
roles:
- ifupdown2
- hosts:
- ntp-1.int.infra.auro.re
- dns-1.int.infra.auro.re
- dhcp-1.isp.auro.re
- dhcp-2.isp.auro.re
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
resolvconf__nameservers:
- 2a09:6840:128::127
- 10.128.0.127
resolvconf__domain: auro.re
resolvconf__search:
- "{{ inventory_hostname | remove_domain_suffix }}"
- auro.re
roles:
- resolvconf
...

9
playbooks/isc-dhcp-server.yml Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: dhcp-*.adm.auro.re
vars:
update_motd:
unbound: isc-dhcp-server est déployé.
roles:
- isc_dhcp_server
- update_motd

32
playbooks/keepalived.yml Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- isp-1.rtr.infra.auro.re
- isp-2.rtr.infra.auro.re
vars:
keepalived__virtual_router_id: 80
keepalived__interface: ens18
keepalived__virtual_addresses:
client-0:
- 100.64.0.1/27
- 2a09:6841::/56
- fe80::1/10
client-1:
- 100.64.0.33/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-2:
- 100.64.0.65/27
- 2a09:6841:0:100::/56
- fe80::1/10
client-3:
- 100.64.0.97/27
- 2a09:6841:0:200::/56
- fe80::1/10
client-4:
- 100.64.0.129/27
- 2a09:6841:0:300::/56
- fe80::1/10
roles:
- keepalived
...

17
playbooks/knot.yml Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
# vars:
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
# service_name: dns
# service_version: crans
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

View file

@ -1,7 +1,10 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: all
roles: []
# Clone LDAP on local geographic location # Clone LDAP on local geographic location
# DON'T DO THIS AS IT RECREATES THE REPLICA # DON'T DO THIS AS IT RECREATES THE REPLICA
- hosts: ldap_replica # - hosts: ldap_replica
roles: # roles:
- ldap_replica # - ldap_replica

View file

@ -1,18 +1,18 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Install Matrix Synapse on corresponding containers # Install Matrix Synapse
- hosts: synapse.adm.auro.re - hosts: synapse.adm.auro.re
vars: vars:
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
update_motd:
matrix-synapse: matrix-synapse est déployé.
matrix-appservice-irc: matrix-appservice-irc est déployé.
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
roles: roles:
- debian_backports - debian_backports
- nodejs - nodejs
- matrix_synapse - matrix_synapse
- matrix_appservice_irc - matrix_appservice_irc
- matrix_appservice_webhooks - matrix_appservice_webhooks
- update_motd
# Install Matrix services
- hosts: matrix-services.adm.auro.re
roles:
- debian_backports

26
playbooks/nginx.yml Executable file
View file

@ -0,0 +1,26 @@
#!/usr/bin/env ansible-playbook
---
- hosts: reverseproxy
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
update_motd:
nginx: >-
Le reverse-proxy NGINX est déployé (/etc/nginx).
roles:
- certbot
- nginx
- update_motd
- hosts: nginx,!reverseproxy
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
update_motd:
nginx: >-
NGINX avec certbot est déployé (/etc/nginx).
roles:
- certbot
- nginx
- update_motd

22
playbooks/postfix.yml Executable file
View file

@ -0,0 +1,22 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Postfix on non mailhost servers
- hosts: all,!unifi
vars:
local_network: 10.128.0.0/16
relay_host: proxy.adm.auro.re
roles:
- postfix_non_mailhost
# Deploy Re2o mail service
- hosts: mail.auro.re
vars:
service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
service_name: mail-server
service_version: aurore
service_config:
hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod!
username: service-user
password: "{{ vault_serviceuser_passwd }}"
roles:
- re2o_service

170
playbooks/postgresql.yml Executable file
View file

@ -0,0 +1,170 @@
#!/usr/bin/env ansible-playbook
---
# Install and configure database servers at Saclay
- hosts: bdd.adm.auro.re
vars:
postgresql:
version: 13
hosts:
- database: nextcloud
user: nextcloud
net: 10.128.0.58/32
method: md5
- database: gitea
user: gitea
net: 10.128.0.60/32
method: md5
- database: wikijs
user: wikijs
net: 10.128.0.66/32
method: md5
- database: drone
user: drone
net: 10.128.0.64/32
method: md5
- database: netbox
user: netbox
net: 10.128.0.97/32
method: md5
- database: grafana
user: grafana
net: 10.128.0.98/32
method: md5
- database: dolibarr
user: dolibarr
net: 10.128.0.236/32
method: md5
- database: rt5
user: rt5
net: 10.128.0.123/32
method: md5
databases:
- nextcloud
- gitea
- wikijs
- drone
- netbox
- grafana
- dolibarr
- rt5
users:
- name: nextcloud
database: nextcloud
password: "{{ vault_postgresql_nextcloud_passwd }}"
privs:
- ALL
- name: gitea
database: gitea
password: "{{ vault_postgresql_gitea_passwd }}"
privs:
- ALL
- name: wikijs
database: wikijs
password: "{{ vault_postgresql_wikijs_passwd }}"
privs:
- ALL
- name: drone
database: drone
password: "{{ vault_postgresql_drone_passwd }}"
privs:
- ALL
- name: netbox
database: netbox
password: "{{ vault_postgresql_netbox_passwd }}"
privs:
- ALL
- name: grafana
database: grafana
password: "{{ vault_postgresql_grafana_passwd }}"
privs:
- ALL
- name: dolibarr
database: dolibarr
password: "{{ vault_postgresql_dolibarr_passwd }}"
privs:
- ALL
- name: rt5
database: rt5
password: "{{ vault_postgresql_rt5_passwd }}"
privs:
- ALL
update_motd:
postgresql: PostgreSQL est déployé.
roles:
- postgresql
- update_motd
# Install and configure database servers at OVH
- hosts: bdd-ovh.adm.auro.re
vars:
postgresql:
version: 13
hosts:
- database: etherpad
user: etherpad
net: 10.128.0.150/32
method: md5
- database: codimd
user: codimd
net: 10.128.0.150/32
method: md5
- database: synapse
user: synapse
net: 10.128.0.56/32
method: md5
- database: kanboard
user: kanboard
net: 10.128.0.150/32
method: md5
- database: cas
user: cas
net: 10.128.0.150/32
method: md5
- database: appservice-discord
user: appservice-discord
net: 10.128.0.150/32
method: md5
databases:
- synapse
- codimd
- etherpad
- kanboard
- cas
- appservice-discord
users:
- name: synapse
database: synapse
password: "{{ vault_postgresql_synapse_passwd }}"
privs:
- ALL
- name: codimd
database: codimd
password: "{{ vault_postgresql_codimd_passwd }}"
privs:
- ALL
- name: etherpad
database: etherpad
password: "{{ vault_postgresql_etherpad_passwd }}"
privs:
- ALL
- name: kanboard
database: kanboard
password: "{{ vault_postgresql_kanboard_passwd }}"
privs:
- ALL
- name: cas
database: cas
password: "{{ vault_postgresql_cas_passwd }}"
privs:
- ALL
- name: appservice-discord
database: appservice-discord
password: "{{ vault_postgresql_appservice_discord_passwd }}"
privs:
- ALL
update_motd:
postgresql: PostgreSQL est déployé.
roles:
- postgresql
- update_motd
...

241
playbooks/prometheus.yml Executable file
View file

@ -0,0 +1,241 @@
#!/usr/bin/env ansible-playbook
---
- hosts: prometheus-fleming.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['fleming_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['fleming_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-pacaterie.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['pacaterie_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['pacaterie_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-edc.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-ec-1.ups.auro.re
# - ups-ec-2.ups.auro.re
- ups-ec-3.ups.auro.re
prometheus_servers_targets: |
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['edc_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['edc_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration edc) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-gs.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['gs_unifi'] | list | sort }}
prometheus_ups_snmp_targets:
- ups-gk-1.ups.auro.re
prometheus_apc_pdu_snmp_targets:
- pdu-ga-1.ups.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['gs_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration gs) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-rives.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_ups_snmp_targets:
- ups-r3-1.ups.auro.re
- ups-r1-1.ups.auro.re
prometheus_servers_targets: |
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets: |
{{ groups['rives_unifi'] | list | sort }}
prometheus_ilo_snmp_targets: |
{{ groups['rives_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration rives) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-aurore.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
prometheus_postgresql_targets: |
{{ groups['bdd'] + groups['radius'] | list | sort }}
prometheus_switch_snmp_targets:
- yggdrasil.switch.auro.re
- sw-pn-serveurs.switch.auro.re
- sw-ec-serveurs.switch.auro.re
- sw-gk-serveurs.switch.auro.re
- sw-fl-serveurs.switch.auro.re
- sw-ff-uplink.switch.auro.re
- sw-fl-core.switch.auro.re
- sw-fd-vcore.switch.auro.re
- sw-fl-vcore.switch.auro.re
- sw-ff-vcore.switch.auro.re
- sw-pn-core.switch.auro.re
- sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re
prometheus_ilo_snmp_targets: |
{{ groups['aurore_ilo'] | list | sort }}
update_motd:
prometheus: >-
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-ovh.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_switch_community: "{{ vault_snmp_switch_community }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets: |
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
prometheus_postgresql_targets:
- bdd-ovh.adm.auro.re
prometheus_docker_targets:
- docker-ovh.adm.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
roles:
- prometheus
- update_motd
- hosts: prometheus-federate.adm.auro.re
vars:
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
snmp_ilo_user: aurore
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
prometheus_servers_targets:
- prometheus-edc.adm.auro.re
- prometheus-gs.adm.auro.re
- prometheus-fleming.adm.auro.re
- prometheus-pacaterie.adm.auro.re
- prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re
update_motd:
prometheus_federate: >-
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
roles:
- prometheus_federate
- update_motd
# Postgres Exporters
- hosts: bdd,radius
roles:
- prometheus_postgres
# Monitor all hosts
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
roles:
- prometheus_node

10
playbooks/radius.yml Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env ansible-playbook
---
# Deploy Radius
- hosts: radius-*.adm.auro.re
vars:
update_motd:
unbound: FreeRADIUS est déployé.
roles:
- radius
- update_motd

9
playbooks/root.yml Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
root_shell: /bin/bash
root_password: "{{ vault_root_password }}"
roles:
- root_account
...

23
playbooks/router.yml Executable file
View file

@ -0,0 +1,23 @@
#!/usr/bin/env ansible-playbook
---
# Deploy firewall and keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
vars:
update_motd:
unbound: Le routage (avec radvd) est déployé.
roles:
- router
- radvd
- update_motd
# No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re
vars:
update_motd:
unbound: Le routage (avec DHCPv6) est déployé.
roles:
- router
- ipv6_edge_router
- update_motd

10
playbooks/rsyslog.yml Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env ansible-playbook
---
- hosts: log.adm.auro.re
roles:
- rsyslog_collector
- hosts: all,!unifi
roles:
- rsyslog_common
...

14
playbooks/ssh.yml Executable file
View file

@ -0,0 +1,14 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
vars:
openssh_users_ca_public_key:
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
openssh_authorized_principals:
- any
- "{{ inventory_hostname }}"
roles:
- openssh_server
...

17
playbooks/switchs-manager.yml Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Deploy Re2o switch service
# - hosts: switchs-manager.adm.auro.re
# vars:
# service_repo: https://gitlab.federez.net/re2o/switchs.git
# service_name: switchs
# service_version: master
# service_config:
# hostname: re2o-server.adm.auro.re
# username: service-user
# password: "{{ vault_serviceuser_passwd }}"
# roles:
# - re2o_service

10
playbooks/unbound.yml Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env ansible-playbook
---
# Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
vars:
update_motd:
unbound: Unbound est déployé.
roles:
- unbound
- update_motd

9
playbooks/unifi.yml Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: all
roles: []
# Deploy Unifi Controller
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
# roles:
# - unifi-controller

View file

@ -1,432 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# This is a special playbook to create a new VM !
- hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests
become: false # We do not need root as we use Proxmox API
vars:
vm_definitions:
# Réseau Pacaterie
- name: ldap-replica-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau Fleming
- name: ldap-replica-fleming1
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau EdC
- name: ldap-replica-edc1
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
# Réseau George Sand
- name: ldap-replica-gs1
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-gs
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
vars_prompt:
- name: "password"
prompt: "Enter LDAP password for your user"
private: true
tasks:
- name: Define a virtual machine in Proxmox
proxmox_kvm:
api_user: "{{ ansible_user_id }}@pam"
api_password: "{{ password }}"
api_host: "{{ item.virtu }}.adm.auro.re"
name: "{{ item.name }}"
node: "{{ item.virtu }}"
scsihw: virtio-scsi-pci
scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default
cores: "{{ item.cores }}"
memory: "{{ item.memory }}"
balloon: "{{ item.memory // 2 }}"
bios: seabios # Ansible module doesn't support UEFI boot disk
loop:
# Réseau Fleming
- name: ldap-replica-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-fleming
virtu: freya
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: ldap-replica-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: routeur-fleming-fo
virtu: marki
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau Pacaterie
- name: ldap-replica-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-pacaterie
virtu: mordred
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: ldap-replica-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: routeur-pacaterie-fo
virtu: titan
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau EDC
- name: ldap-replica-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-edc
virtu: chapalux
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
# Réseau George Sand
- name: ldap-replica-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dhcp-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: dns-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: prometheus-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: radius-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso
- name: unifi-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-9.9.0-amd64-netinst.iso
- name: routeur-georgesand
virtu: perceval
cores: 2 # 2 mimimum, 10 maximum
memory: 1024 # M
disksize: 16 # G
installiso: debian-10.0.0-amd64-netinst.iso

View file

@ -1,3 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
uname -snrvm

View file

@ -0,0 +1,21 @@
---
- name: Install unattended-upgrades
when: ansible_os_family == "Debian"
apt:
name: unattended-upgrades
state: present
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Configure unattended-upgrades
template:
src: "apt/{{ item }}.j2"
dest: "/etc/apt/apt.conf.d/{{ item }}"
owner: root
mode: u=rw,g=r,o=r
loop:
- 50unattended-upgrades
- 20auto-upgrades
...

View file

@ -9,8 +9,6 @@
- aptitude # nice to have for Ansible - aptitude # nice to have for Ansible
- bash-completion # because bash - bash-completion # because bash
- curl # better than wget - curl # better than wget
- emacs-nox # for maman
- fish # to motivate @edpibu
- git # code versioning - git # code versioning
- htop # better than top - htop # better than top
- iotop # monitor i/o - iotop # monitor i/o
@ -18,34 +16,19 @@
- lsb-release - lsb-release
- molly-guard # prevent reboot - molly-guard # prevent reboot
- nano # for vulcain - nano # for vulcain
- net-tools
- ntp # network time sync - ntp # network time sync
- oidentd # postgresql identification
- screen # Vulcain asked for this - screen # Vulcain asked for this
- sudo - sudo
- tmux # For shirenn
- tree # create a graphical tree of files - tree # create a graphical tree of files
- vim # better than nano - vim # better than nano
- zsh # to be able to ssh @erdnaxe - zsh # to be able to ssh @erdnaxe
- dnsutils # dig
update_cache: true update_cache: true
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
# Pimp my server
- name: Customize motd
copy:
src: "update-motd.d/{{ item }}"
dest: "/etc/update-motd.d/{{ item }}"
mode: 0755
loop:
- 00-logo
- 10-uname
- name: Remove Debian warranty motd
file:
path: /etc/motd
state: absent
# Configure APT mirrors on Debian Stretch # Configure APT mirrors on Debian Stretch
- name: Configure APT mirrors - name: Configure APT mirrors
when: when:
@ -74,6 +57,9 @@
# APT-List Changes : send email with changelog # APT-List Changes : send email with changelog
- include_tasks: apt-listchanges.yml - include_tasks: apt-listchanges.yml
# APT Unattended upgrades
- include_tasks: apt-unattended.yml
# User skeleton # User skeleton
- name: Configure user skeleton - name: Configure user skeleton
copy: copy:

View file

@ -0,0 +1,4 @@
// {{ ansible_managed }}
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

View file

@ -0,0 +1,22 @@
// {{ ansible_managed }}
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
Unattended-Upgrade::Package-Blacklist {};
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::InstallOnShutdown "false";
Unattended-Upgrade::Mail "{{ monitoring_mail }}";
// Unattended-Upgrade::MailOnlyOnError "false";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "false";
Unattended-Upgrade::Remove-New-Unused-Dependencies "false";
Unattended-Upgrade::Remove-Unused-Dependencies "false";
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::SyslogEnable "true";
Unattended-Upgrade::SyslogFacility "daemon";

View file

@ -0,0 +1,8 @@
---
borg_keep_hourly: 0
borg_keep_daily: 0
borg_keep_weekly: 0
borg_keep_monthly: 0
borg_server_user: borgbackup
borg_server_group: borgbackup
...

View file

@ -0,0 +1,5 @@
---
- name: Run systemd daemon-reload
systemd:
daemon_reload: true
...

View file

@ -0,0 +1,110 @@
---
- name: Pin borgmatic
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop:
- src: apt/list.j2
dest: /etc/apt/sources.list.d/bullseye.list
- src: apt/preferences.j2
dest: /etc/apt/preferences.d/borgmatic-bullseye
when:
- "ansible_distribution == 'Debian'"
- "ansible_distribution_major_version in ('stretch', 'buster', '9', '10')"
- name: Install borgmatic
apt:
name: borgmatic
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create configuration directory for borgmatic
file:
path: /etc/borgmatic
state: directory
owner: root
group: root
mode: u=rwx,g=rx,o=
- name: Add borgmatic configuration file
become: true
template:
src: config.yaml.j2
dest: /etc/borgmatic/config.yaml
owner: root
group: root
mode: u=rw,g=r,o=
vars:
borg_host_dir: "/borg/{{ inventory_hostname }}"
- name: Create SSH key
openssh_keypair:
path: "/etc/borgmatic/id_remote"
type: ed25519
regenerate: full_idempotence
owner: root
group: root
mode: u=rw,g=,o=
register: ssh_key
- name: Gather SSH host keys
delegate_to: "{{ borg_server_host }}"
command: "ssh-keyscan {{ borg_server_host }}"
register: keys
- name: Add server key to known hosts
known_hosts:
hash_host: true
host: "{{ borg_server_host }}"
key: "{{ item }}"
loop: "{{ keys.stdout_lines }}"
- name: Add public key to remote
delegate_to: "{{ borg_server_host }}"
become: true
authorized_key:
exclusive: false
user: "{{ borg_server_user }}"
key: "{{ ssh_key.public_key }}"
key_options: "{{ options | join(',') }}"
vars:
borg_host_dir: "/borg/{{ inventory_hostname }}"
options:
- 'command="borg serve --restrict-to-path {{ borg_host_dir }}"'
- no-agent-forwarding
- no-port-forwarding
- no-pty
- no-user-rc
- no-X11-forwarding
- name: Init repository
command: borgmatic init --encryption repokey
- name: Install timer and service for borgmatic
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop:
- borgmatic.timer
- borgmatic.service
notify:
- Run systemd daemon-reload
- name: Run systemd deamon-reload
systemd:
daemon_reload: true
- name: Start and enable borgmatic timer
systemd:
name: borgmatic.timer
state: started
enabled: true
...

View file

@ -0,0 +1,3 @@
{{ ansible_managed | comment }}
deb https://deb.debian.org/debian/ bullseye main

View file

@ -0,0 +1,9 @@
{{ ansible_managed | comment }}
Package: *
Pin: release n=bullseye
Pin-Priority: 1
Package: borgmatic
Pin: release n=bullseye
Pin-Priority: 900

View file

@ -0,0 +1,32 @@
{{ ansible_managed | comment }}
[Unit]
Description=Service for borgmatic backup
Wants=network-online.target
After=network-online.target
ConditionACPower=true
[Service]
Type=simple
ProtectSystem=full
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
# Lower CPU and I/O priority.
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100
Restart=no
# Prevent rate limiting of borgmatic log events. If you are using an older
# version of systemd that doesn't support this (pre-240 or so), you may have
# to remove this option.
LogRateLimitIntervalSec=0
# Delay start to prevent backups running during boot. Note that
# systemd-inhibit requires dbus and dbus-user-session to be installed.
# ExecStartPre=sleep 1m
ExecStart=systemd-inhibit --who="borgmatic" \
--why="Prevent interrupting scheduled backup" \
/usr/bin/borgmatic -v 2

View file

@ -0,0 +1,17 @@
{{ ansible_managed | comment }}
[Unit]
Description=Timer for borgmatic backup
[Timer]
{% if borg_keep_hourly > 0 %}
OnCalendar=hourly
RandomizedDelaySec=60m
{% else %}
OnCalendar=daily
RandomizedDelaySec=24h
{% endif %}
FixedRandomDelay=true
[Install]
WantedBy=timers.target

View file

@ -0,0 +1,51 @@
---
{{ ansible_managed | comment }}
location:
source_directories:
{% for source in borg_backup_directories %}
- {{ source }}
{% endfor %}
exclude_patterns:
{% for exclude in borg_backup_exclude %}
- {{ exclude }}
{% endfor %}
repositories:
- {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }}
borgmatic_source_directory: /var/backups
storage:
encryption_passphrase: "{{ borg_encryption_passphrase }}"
ssh_command: ssh -i /etc/borgmatic/id_remote
# compression: 'lz4'
# umask: 0077
# lock_wait: 5
# archive_name_format: '{hostname}-{now}'
retention:
{% if borg_keep_hourly > 0 %}
keep_hourly: {{ borg_keep_hourly }}
{% endif %}
{% if borg_keep_daily > 0 %}
keep_daily: {{ borg_keep_daily }}
{% endif %}
{% if borg_keep_weekly > 0 %}
keep_weekly: {{ borg_keep_weekly }}
{% endif %}
{% if borg_keep_monthly > 0 %}
keep_monthly: {{ borg_keep_monthly }}
{% endif %}
consistency:
checks:
- repository
- archives
{% if borg_postgresql_databases is defined %}
hooks:
postgresql_databases:
- name: all
username: postgres
{% endif %}
...

View file

@ -0,0 +1,5 @@
---
borg_server_user: borgbackup
borg_server_group: borgbackup
borg_home_dir: /var/lib/borgbackup
...

View file

@ -0,0 +1,38 @@
---
- name: Install borg
apt:
name: borgbackup
state: present
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create a local group for borg
become: true
group:
name: "{{ borg_server_group }}"
system: true
- name: Create a local user for borg
become: true
user:
home: "{{ borg_home_dir }}"
create_home: true
comment: Local user for borgbackup server
name: "{{ borg_server_user }}"
group: "{{ borg_server_group }}"
system: true
# Does not constitute a valid hash, preventing from login via password
password: "*"
update_password: always
- name: Create backup directory
become: true
file:
path: "{{ borg_server_backups_dir }}"
state: directory
owner: "{{ borg_server_user }}"
group: "{{ borg_server_group }}"
mode: u=rwx,g=,o=
...

View file

@ -1,8 +0,0 @@
---
- name: Reload nginx
service:
name: nginx
state: reloaded
- name: Generate certificates
command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"

View file

@ -1,13 +1,28 @@
--- ---
- name: Install certbot and nginx plugin - name: Install certbot and RFC2136 plugin
apt: apt:
update_cache: true update_cache: true
name: name:
- certbot - certbot
- python3-certbot-nginx - python3-certbot-dns-rfc2136
register: pkg_result state: present
register: apt_result
retries: 3 retries: 3
until: pkg_result is succeeded until: apt_result is succeeded
- name: Add DNS credentials
template:
src: letsencrypt/rfc2136.ini.j2
dest: "/etc/letsencrypt/rfc2136.{{ item.certname }}.ini"
mode: 0600
owner: root
loop: "{{ certbot }}"
- name: Add dhparam
template:
src: "letsencrypt/dhparam.j2"
dest: "/etc/letsencrypt/dhparam"
mode: 0600
- name: Create /etc/letsencrypt/conf.d - name: Create /etc/letsencrypt/conf.d
file: file:
@ -18,8 +33,19 @@
- name: Add Certbot configuration - name: Add Certbot configuration
template: template:
src: "letsencrypt/conf.d/certname.ini.j2" src: "letsencrypt/conf.d/certname.ini.j2"
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
mode: 0644 mode: 0644
notify: loop: "{{ certbot }}"
- Generate certificates
- Reload nginx - name: Run certbot
command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
loop: "{{ certbot }}"
- name: Clean old files
file:
path: "{{ item }}"
state: absent
loop:
- "/etc/letsencrypt/options-ssl-nginx.conf"
- "/etc/letsencrypt/ssl-dhparams.pem"
- "/etc/letsencrypt/rfc2136.ini"

View file

@ -1,7 +1,7 @@
# {{ ansible_managed }} {{ ansible_managed | comment(decoration='# ') }}
# Pour appliquer cette conf et générer la conf de renewal : # To generate the certificate, please use the following command
# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly # certbot --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
# Use a 4096 bit RSA key instead of 2048 # Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096 rsa-key-size = 4096
@ -10,14 +10,19 @@ rsa-key-size = 4096
# server = https://acme-staging.api.letsencrypt.org/directory # server = https://acme-staging.api.letsencrypt.org/directory
# Uncomment and update to register with the specified e-mail address # Uncomment and update to register with the specified e-mail address
email = {{ certbot.mail }} email = {{ item.mail }}
# Uncomment to use a text interface instead of ncurses # Uncomment to use a text interface instead of ncurses
text = True text = True
# Use nginx challenge # Yes I want to sell my soul and my guinea pig.
authenticator = nginx agree-tos = True
# Use DNS-01 challenge
authenticator = dns-rfc2136
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.{{ item.certname }}.ini
dns-rfc2136-propagation-seconds = 30
# Wildcard the domain # Wildcard the domain
cert-name = {{ certbot.certname }} cert-name = {{ item.certname }}
domains = {{ ", ".join(certbot.domains) }} domains = {{ item.domains }}

View file

@ -0,0 +1,7 @@
{{ ansible_managed | comment(decoration='# ') }}
dns_rfc2136_server = {{ item.dns_rfc2136_server }}
dns_rfc2136_port = 53
dns_rfc2136_name = {{ item.dns_rfc2136_name }}
dns_rfc2136_secret = {{ item.dns_rfc2136_secret }}
dns_rfc2136_algorithm = HMAC-SHA512

View file

@ -0,0 +1,11 @@
---
chronyd__pools: []
chronyd__key_file: /etc/chrony/chrony.keys
chronyd__drift_file: /var/lib/chrony/chrony.drift
chronyd__nts_dump_dir: /var/lib/chrony
chronyd__log_dir: /var/log/chrony
chronyd__max_update_skew: 100.0
chronyd__rtcsync: true
chronyd__allow_networks: []
chronyd__log_change_seconds: 0.5
...

View file

@ -0,0 +1,6 @@
---
- name: Restart chronyd
systemd:
name: chrony.service
state: restarted
...

View file

@ -0,0 +1,32 @@
---
- name: Uninstall ntp and sntp
apt:
name:
- sntp
- ntp
- systemd-timesyncd
state: absent
- name: Install chronyd
apt:
name: chrony
- name: Configure chronyd
template:
src: "{{ item }}.j2"
dest: "/etc/chrony/{{ item }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop:
- chrony.conf
- chrony.keys
notify:
- Restart chronyd
- name: Enable and start chronyd
systemd:
name: chrony.service
enabled: true
state: started
...

View file

@ -0,0 +1,30 @@
{{ ansible_managed | comment }}
{% for pool in chronyd__pools %}
pool {{ pool }} iburst
{% endfor %}
keyfile {{ chronyd__key_file }}
driftfile {{ chronyd__drift_file }}
ntsdumpdir {{ chronyd__nts_dump_dir }}
logdir {{ chronyd__log_dir }}
log tracking measurements statistics
maxupdateskew {{ chronyd__max_update_skew | float }}
{% if chronyd__rtcsync %}
rtcsync
{% endif %}
{% if chronyd__local_stratum is defined %}
local stratum {{ chronyd__local_stratum | int }}
{% endif %}
logchange {{ chronyd__log_change_seconds | float }}
leapsectz right/UTC
{% for network in chronyd__allow_networks %}
allow {{ network | ipaddr }}
{% endfor %}

View file

@ -0,0 +1 @@
{{ ansible_managed | comment }}

View file

@ -50,9 +50,4 @@
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64 url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
dest: /usr/local/bin/docker-compose dest: /usr/local/bin/docker-compose
mode: "0755" mode: "0755"
...
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
dest: /etc/update-motd.d/05-docker
mode: 0755

View file

@ -1,3 +0,0 @@
#!/bin/sh
# {{ ansible_managed }}
echo "> Les recettes Docker-compose se trouvent dans /var/local/ansible-docker"

View file

@ -1,30 +0,0 @@
---
# For DokuWiki package
- name: Configure Debian Buster mirrors
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/buster.list.j2
dest: /etc/apt/sources.list.d/buster.list
mode: 0644
# For DokuWiki package
- name: Configure DokuWiki pin
when:
- ansible_distribution == 'Debian'
- ansible_distribution_release == 'stretch'
template:
src: apt/dokuwiki.j2
dest: /etc/apt/preferences.d/dokuwiki
mode: 0644
# Install
- name: Install DokuWiki
apt:
update_cache: true
name: dokuwiki
state: present
register: apt_result
retries: 3
until: apt_result is succeeded

View file

@ -1,9 +0,0 @@
# {{ ansible_managed }}
{# #}
{# Default mirror #}
{% if debian_mirror is not defined %}
{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
{% endif %}
deb {{ debian_mirror }} buster main
deb-src {{ debian_mirror }} buster main

View file

@ -1,9 +0,0 @@
# {{ ansible_managed }}
Package: *
Pin: release n=stretch*
Pin-Priority: 990
Package: dokuwiki
Pin: release n=buster
Pin-Priority: 990

View file

@ -0,0 +1,5 @@
---
- name: Restart grafana
service:
name: grafana-server
state: restarted

View file

@ -0,0 +1,111 @@
---
- name: Install gpg (to import Grafana key)
apt:
name: gpg
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Import Grafana GPG signing key
apt_key:
url: https://packages.grafana.com/gpg.key
state: present
register: apt_key_result
retries: 3
until: apt_key_result is succeeded
- name: Add Grafana repository
apt_repository:
repo: deb https://packages.grafana.com/oss/deb stable main
state: present
update_cache: true
- name: Install Grafana
apt:
name: grafana
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Configure Grafana
ini_file:
path: /etc/grafana/grafana.ini
section: "{{ item.section }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: 0640
loop:
- section: server
option: root_url
value: "{{ grafana.root_url }}"
- section: analytics
option: reporting_enabled
value: "false"
- section: analytics
option: check_for_updates
value: "false"
- section: security
option: disable_initial_admin_creation
value: "true"
- section: security
option: cookie_secure
value: "true"
- section: security
option: disable_gravatar
value: "true"
- section: snapshots
option: external_enabled
value: "false"
- section: users
option: allow_sign_up
value: "false"
- section: users
option: allow_org_create
value: "false"
- section: auth.anonymous
option: enabled
value: "false" # no public access
- section: auth.anonymous
option: hide_version
value: "true"
- section: auth.basic # only LDAP auth
option: enabled
value: "false"
- section: auth.ldap
option: enabled
value: "true"
- section: alerting
option: enabled
value: "false"
- section: database
option: type
value: "{{ grafana.database.type }}"
- section: database
option: host
value: "{{ grafana.database.host }}"
- section: database
option: name
value: "{{ grafana.database.name }}"
- section: database
option: user
value: "{{ grafana.database.user }}"
- section: database
option: password
value: "{{ grafana.database.password }}"
notify: Restart grafana
- name: Configure Grafana LDAP
template:
src: ldap.toml.j2
dest: /etc/grafana/ldap.toml
mode: 0640
notify: Restart grafana
- name: Enable and start Grafana
systemd:
name: grafana-server
enabled: true
state: started
daemon_reload: true

View file

@ -0,0 +1,61 @@
{{ ansible_managed | comment }}
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
# [log]
# filters = ldap:debug
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "{{ grafana.ldap.host }}"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "{{ grafana.ldap.bind_dn }}"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = '{{ grafana.ldap.bind_password }}'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(cn=%s)"
# An array of base dns to search through
search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "sn"
surname = ""
username = "cn"
member_of = "dn"
email = "mail"
# Editors
{% for group_dn in grafana.ldap.editors_group_dn %}
[[servers.group_mappings]]
group_dn = "{{ group_dn }}"
org_role = "Editor"
{% endfor %}
# Viewers
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"

View file

@ -0,0 +1,3 @@
---
ifupdown2__interfaces: {}
...

View file

@ -0,0 +1,9 @@
---
- name: Restart networking
systemd:
name: networking.service
state: restarted
- name: Bring all interfaces up
shell: /usr/sbin/ifup -a
...

View file

@ -0,0 +1,42 @@
---
- name: Gather package facts
package_facts:
manager: apt
- name: Check if ifupdown2 is installed
set_fact:
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
- name: Mask networking before installing ifupdown2
systemd:
name: networking.service
masked: true
when: must_mask
- name: Install ifupdown2
apt:
name: ifupdown2
- name: Unmask networking now that ifupdown2 is installed
systemd:
name: networking.service
masked: false
when: must_mask
- name: Configure ifupdown2
template:
src: interfaces.j2
dest: /etc/network/interfaces
owner: root
group: root
mode: u=rw,g=r,o=
notify:
- Restart networking
- Bring all interfaces up
- name: Enable and start networking
systemd:
name: networking.service
state: started
enabled: true
...

View file

@ -0,0 +1,41 @@
{{ ansible_managed | comment }}
{% for name, iface in ifupdown2__interfaces.items() %}
auto {{ name }}
iface {{ name }}
{% for address in iface.addresses | default([]) %}
address {{ address | ipaddr }}
{% endfor %}
{% for gateway in iface.gateways | default([]) %}
gateway {{ gateway | ipaddr }}
{% endfor %}
{% if iface.bridge_ports is defined %}
bridge-ports {{ iface.bridge_ports | join(" ") }}
{% endif %}
{% if iface.bridge_vlan_aware is defined %}
bridge-vlan-aware {{ iface.bridge_vlan_aware
| ternary("yes", "no") }}
{% endif %}
{% if iface.bridge_vids is defined %}
bridge-vids {{ iface.bridge_vids | join(",") }}
{% endif %}
{% if iface.vlan_id is defined %}
vlan-id {{ iface.vlan_id | int }}
{% endif %}
{% if iface.vlan_raw_device is defined %}
vlan-raw-device {{ iface.vlan_raw_device }}
{% endif %}
{% if iface.bridge_disable_pvid | default(false) %}
bridge-pvid 0
post-up bridge vlan del dev {{ name }} vid 1 self
{% endif %}
{% if iface.forward | default(false) %}
ip-forward yes
ip6-forward yes
{% endif %}
{% if iface.ipv6_addrgen is defined %}
ipv6-addrgen {{ iface.ipv6_addrgen
| ternary("yes", "no") }}
{% endif %}
{% endfor %}

View file

@ -1,6 +1,6 @@
--- ---
- name: force run dhcp re2o-service - name: force run dhcp re2o-service
shell: /var/local/re2o-services/dhcp/main.py --force command: /var/local/re2o-services/dhcp/main.py --force
become_user: re2o-services become_user: re2o-services
- name: restart dhcpd - name: restart dhcpd

View file

@ -1,7 +1,7 @@
--- ---
- name: Install dhcp (re2o-service) - name: Install dhcp (re2o-service)
import_role: import_role:
name: re2o-service name: re2o_service
vars: vars:
service_repo: https://gitlab.federez.net/re2o/dhcp.git service_repo: https://gitlab.federez.net/re2o/dhcp.git
service_name: dhcp service_name: dhcp
@ -18,7 +18,7 @@
owner: re2o-services owner: re2o-services
group: nogroup group: nogroup
recurse: true recurse: true
mode: 755 mode: 0755
- name: Install isc-dhcp-server - name: Install isc-dhcp-server
apt: apt:

View file

@ -0,0 +1,7 @@
---
keepalived__virtual_addresses: {}
keepalived__notify_master: []
keepalived__notify_backup: []
keepalived__notify_fault: []
keepalived__max_auto_priority: -1
...

View file

@ -0,0 +1,6 @@
---
- name: Reload keepalived
systemd:
name: keepalived.service
state: reloaded
...

View file

@ -0,0 +1,28 @@
---
- name: Install keepalived
apt:
name: keepalived
- name: Configure keepalived
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
mode: u=rw,g=,o=
- src: notify.sh.j2
dest: /etc/keepalived/notify.sh
mode: u=rwx,g=,o=
notify:
- Reload keepalived
- name: Enable and start keepalived
systemd:
name: keepalived
enabled: true
state: started
...

View file

@ -0,0 +1,92 @@
{{ ansible_managed | comment }}
global_defs {
dynamic_interfaces
script_user root
enable_script_security
vrrp_version 3
{% if keepalived__max_auto_priority is defined %}
max_auto_priority {{ keepalived__max_auto_priority | int }}
{% endif %}
}
{%
set ipv4_enabled =
keepalived__ipv4_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv4)
%}
{%
set ipv6_enabled =
keepalived__ipv6_enabled
| default(keepalived__virtual_addresses.values()
| flatten | ansible.utils.ipv6)
%}
{% if ipv4_enabled and ipv6_enabled %}
vrrp_sync_group group {
group {
{% if ipv4_enabled %}
instance_v4
{% endif %}
{% if ipv6_enabled %}
instance_v6
{% endif %}
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
{% endif %}
{% if ipv4_enabled %}
vrrp_instance instance_v4 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses %}
{% if address | ansible.utils.ipv4 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}
{% if ipv6_enabled %}
vrrp_instance instance_v6 {
virtual_router_id {{ keepalived__virtual_router_id | int }}
interface {{ keepalived__interface }}
state BACKUP
priority 250
nopreempt
advert_int 1
accept
virtual_ipaddress {
{% for dev, addresses in keepalived__virtual_addresses.items() %}
{% for address in addresses | ipaddr_sort(["link-local"]) %}
{% if address | ansible.utils.ipv6 %}
{{ address }} dev {{ dev }}
{% endif %}
{% endfor %}
{% endfor %}
}
{% if not (ipv4_enabled and ipv6_enabled) %}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
{% endif %}
}
{% endif %}

View file

@ -0,0 +1,33 @@
#!/bin/bash
master=(
{% for notify in keepalived__notify_master %}
{{ notify | quote }}
{% endfor %}
)
backup=(
{% for notify in keepalived__notify_backup %}
{{ notify | quote }}
{% endfor %}
)
fault=(
{% for notify in keepalived__notify_fault %}
{{ notify | quote }}
{% endfor %}
)
case "$1" in
master | backup | fault)
scripts="$1[@]"
;;
*)
echo "Usage: $0 (master|backup|fault)" >&2
exit 1
esac
for script in "${!scripts}"
do
eval "${script}"
done

View file

@ -21,4 +21,4 @@
user: root user: root
key: "{{ ssh_pub_keys }}" key: "{{ ssh_pub_keys }}"
state: present state: present
# exclusive: True exclusive: true

View file

@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope. # The search scope.
#scope sub #scope sub

View file

@ -1,5 +1,6 @@
--- ---
- name: reload logrotate - name: Reload logrotate
service: systemd:
name: logrotate name: logrotate.service
state: reloaded state: reloaded
...

View file

@ -1,29 +1,28 @@
--- ---
# Install and configure logrotate
# Install the apt package
- name: Install logrotate - name: Install logrotate
apt: apt:
name: name: logrotate
- logrotate state: present
# Copy the configuration and reload the service if it has changed - name: Create rsyslog configuration directory
- name: Configure logrotate file:
template: path: /etc/rsyslog.d
src: logrotate.d/rsyslog.j2
dest: /etc/logrotate.d/rsyslog
owner: root owner: root
group: root group: root
mode: "0644" mode: u=rwx,g=rx,o=rx
notify: reload logrotate
- name: Configure logrotate
template:
src: logrotate.conf
dest: /etc/logrotate.conf
owner: root
group: root
mode: u=rwx,g=r,o=r
notify: Reload logrotate
# Make sure the service is enabled and started
- name: Enable logrotate service - name: Enable logrotate service
service: systemd:
name: logrotate name: logrotate.service
enabled: true enabled: true
state: started state: started
...
# Enforce new logrotate rules now
- name: Run logrotate now
command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog

View file

@ -0,0 +1,24 @@
# see "man logrotate" for details
{{ ansible_managed | comment }}
# global options do not affect preceding include directives
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here.

Some files were not shown because too many files have changed in this diff Show more