update_motd: apply conventions #71
19 changed files with 94 additions and 86 deletions
12
backups.yml
Normal file → Executable file
12
backups.yml
Normal file → Executable file
|
@ -1,9 +1,21 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: perceval.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
borgbackup_server: >-
|
||||
Les sauvegardes (borg) sont stockées dans
|
||||
{{ borg_server_backups_dir }}.
|
||||
roles:
|
||||
- borgbackup_server
|
||||
- update_motd
|
||||
|
||||
- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
borgbackup_client: >-
|
||||
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
||||
roles:
|
||||
- borgbackup_client
|
||||
- update_motd
|
||||
...
|
||||
|
|
1
base.yml
1
base.yml
|
@ -5,6 +5,7 @@
|
|||
roles:
|
||||
- baseconfig
|
||||
- basesecurity
|
||||
- update_motd
|
||||
|
||||
# Plug LDAP on all servers
|
||||
- hosts: all,!unifi
|
||||
|
|
4
bdd.yml
Normal file → Executable file
4
bdd.yml
Normal file → Executable file
|
@ -2,6 +2,10 @@
|
|||
---
|
||||
# Install and configure bdd servers at Saclay and at OVH
|
||||
- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
postgresql: PostgreSQL est déployé.
|
||||
roles:
|
||||
- postgresql_server
|
||||
- update_motd
|
||||
...
|
||||
|
|
1
deploy_postfix_non_mailhost.yml
Normal file → Executable file
1
deploy_postfix_non_mailhost.yml
Normal file → Executable file
|
@ -1,3 +1,4 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Deploy a correclty configured postfix on non mailhost servers
|
||||
- hosts: all,!unifi
|
||||
|
|
|
@ -20,5 +20,8 @@
|
|||
editors_group_dn:
|
||||
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
||||
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
||||
update_motd:
|
||||
grafana: Grafana est déployé (/etc/grafana).
|
||||
roles:
|
||||
- grafana
|
||||
- update_motd
|
||||
|
|
|
@ -5,12 +5,17 @@
|
|||
vars:
|
||||
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
||||
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
||||
update_motd:
|
||||
matrix-synapse: matrix-synapse est déployé.
|
||||
matrix-appservice-irc: matrix-appservice-irc est déployé.
|
||||
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
|
||||
roles:
|
||||
- debian_backports
|
||||
- nodejs
|
||||
- matrix_synapse
|
||||
- matrix_appservice_irc
|
||||
- matrix_appservice_webhooks
|
||||
- update_motd
|
||||
|
||||
# Install Matrix services
|
||||
- hosts: matrix-services.adm.auro.re
|
||||
|
|
|
@ -14,8 +14,12 @@
|
|||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-pacaterie.adm.auro.re
|
||||
vars:
|
||||
|
@ -34,8 +38,12 @@
|
|||
prometheus_ups_snmp_targets:
|
||||
- ups-pn-1.ups.auro.re
|
||||
- ups-ps-1.ups.auro.re
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-edc.adm.auro.re
|
||||
vars:
|
||||
|
@ -56,8 +64,12 @@
|
|||
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['edc_unifi'] | list | sort }}"
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-gs.adm.auro.re
|
||||
vars:
|
||||
|
@ -77,8 +89,12 @@
|
|||
- ups-gk-1.ups.auro.re
|
||||
prometheus_pdu_snmp_targets:
|
||||
- pdu-ga-1.ups.auro.re
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-rives.adm.auro.re
|
||||
vars:
|
||||
|
@ -98,8 +114,12 @@
|
|||
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||
prometheus_unifi_snmp_targets:
|
||||
- targets: "{{ groups['rives_unifi'] | list | sort }}"
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-aurore.adm.auro.re
|
||||
vars:
|
||||
|
@ -132,8 +152,12 @@
|
|||
- sw-ec-core.switch.auro.re
|
||||
- sw-gk-core.switch.auro.re
|
||||
- sw-r3-core.switch.auro.re
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-ovh.adm.auro.re
|
||||
vars:
|
||||
|
@ -152,9 +176,12 @@
|
|||
- bdd-ovh.adm.auro.re
|
||||
prometheus_docker_targets:
|
||||
- docker-ovh.adm.auro.re
|
||||
update_motd:
|
||||
prometheus: >-
|
||||
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus
|
||||
|
||||
- update_motd
|
||||
|
||||
- hosts: prometheus-federate.adm.auro.re
|
||||
vars:
|
||||
|
@ -172,15 +199,18 @@
|
|||
- prometheus-rives.adm.auro.re
|
||||
- prometheus-aurore.adm.auro.re
|
||||
- prometheus-ovh.adm.auro.re
|
||||
update_motd:
|
||||
prometheus_federate: >-
|
||||
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
|
||||
roles:
|
||||
- prometheus_federate
|
||||
- update_motd
|
||||
|
||||
# Postgres Exporters
|
||||
- hosts: bdd,radius
|
||||
roles:
|
||||
- prometheus_postgres
|
||||
|
||||
|
||||
# Monitor all hosts
|
||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
||||
roles:
|
||||
|
|
23
network.yml
23
network.yml
|
@ -2,35 +2,52 @@
|
|||
---
|
||||
# Set up DHCP servers.
|
||||
- hosts: dhcp-*.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: isc-dhcp-server est déployé.
|
||||
roles:
|
||||
- isc_dhcp_server
|
||||
|
||||
- update_motd
|
||||
|
||||
# Deploy unbound DNS server (recursive).
|
||||
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: Unbound est déployé.
|
||||
roles:
|
||||
- unbound
|
||||
|
||||
- update_motd
|
||||
|
||||
# Déploiement du service re2o aurore-firewall et keepalived
|
||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: Le routage (avec radvd) est déployé.
|
||||
roles:
|
||||
- router
|
||||
- radvd
|
||||
- update_motd
|
||||
|
||||
# No radvd here
|
||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: Le routage (avec DHCPv6) est déployé.
|
||||
roles:
|
||||
- router
|
||||
- ipv6_edge_router
|
||||
- update_motd
|
||||
|
||||
# Radius (backup only for now)
|
||||
- hosts: radius-*.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
unbound: FreeRADIUS est déployé.
|
||||
roles:
|
||||
- radius
|
||||
|
||||
- update_motd
|
||||
|
||||
# WIP: Deploy authoritative DNS servers
|
||||
# - hosts: authoritative_dns
|
||||
|
|
|
@ -29,10 +29,6 @@
|
|||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
|
||||
# Configure APT mirrors on Debian Stretch
|
||||
- name: Configure APT mirrors
|
||||
when:
|
||||
|
|
|
@ -107,11 +107,4 @@
|
|||
name: borgmatic.timer
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
key: 10-borgmatic
|
||||
message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
|
||||
...
|
||||
|
|
|
@ -35,14 +35,4 @@
|
|||
owner: "{{ borg_server_user }}"
|
||||
group: "{{ borg_server_group }}"
|
||||
mode: u=rwx,g=,o=
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 10-borg-server
|
||||
message: >-
|
||||
Les sauvegardes (borg) sont stockées dans
|
||||
{{ borg_server_backups_dir }}.
|
||||
...
|
||||
|
|
|
@ -50,13 +50,4 @@
|
|||
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
||||
dest: /usr/local/bin/docker-compose
|
||||
mode: "0755"
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 10-docker
|
||||
message: >-
|
||||
Docker est installé sur ce serveur.
|
||||
...
|
||||
|
|
|
@ -148,15 +148,6 @@
|
|||
group: www-data
|
||||
mode: 0644
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 10-nginx
|
||||
message: >-
|
||||
NGinx est installé sur ce serveur. Voir /etc/nginx.
|
||||
|
||||
- name: Clean old files
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
|
|
|
@ -118,13 +118,4 @@
|
|||
name: prometheus
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 05-prometheus
|
||||
message: >-
|
||||
Prometheus est déployé sur cette machine (voir /etc/prometheus)
|
||||
...
|
||||
|
|
|
@ -42,14 +42,4 @@
|
|||
name: prometheus
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 05-prometheus-federate
|
||||
message: >-
|
||||
Prometheus (en configuration fédération) est déployé sur cette
|
||||
machine (voir /etc/prometheus)
|
||||
...
|
||||
|
|
|
@ -39,14 +39,4 @@
|
|||
owner: "{{ service_user }}"
|
||||
group: nogroup
|
||||
state: link
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: "15-re2o-service-{{ service_name }}"
|
||||
message: >-
|
||||
Le service re2o {{ service_name }} est dans
|
||||
{{ service_homedir }}/{{ service_name }}.
|
||||
...
|
||||
|
|
|
@ -39,13 +39,4 @@
|
|||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Configure MOTD
|
||||
include_role:
|
||||
name: update_motd
|
||||
vars:
|
||||
motd_messages:
|
||||
- key: 10-unifi-controller
|
||||
message: >-
|
||||
Le contrôleur Unifi a été installé sur ce serveur.
|
||||
...
|
||||
|
|
|
@ -43,12 +43,12 @@
|
|||
|
||||
- name: Install additional motd messages
|
||||
copy:
|
||||
content: "✨ {{ item.message }}\n"
|
||||
content: "✨ {{ item.value }}\n"
|
||||
dest: "/etc/motd-messages/{{ item.key }}"
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
mode: u=rw,g=r,o=r
|
||||
owner: root
|
||||
group: root
|
||||
loop: "{{ motd_messages }}"
|
||||
loop: "{{ update_motd | dict2items }}"
|
||||
notify: Remove cached motd
|
||||
when: motd_messages is defined
|
||||
when: update_motd is defined
|
||||
...
|
||||
|
|
|
@ -2,8 +2,12 @@
|
|||
---
|
||||
# Deploy Docker hosts
|
||||
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
|
||||
vars:
|
||||
update_motd:
|
||||
docker: Docker est déployé.
|
||||
roles:
|
||||
- docker
|
||||
- update_motd
|
||||
|
||||
# Deploy Passbolt
|
||||
- hosts: passbolt.adm.auro.re
|
||||
|
@ -15,14 +19,22 @@
|
|||
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
|
||||
update_motd:
|
||||
nginx: >-
|
||||
Le reverse-proxy NGINX est déployé (/etc/nginx).
|
||||
roles:
|
||||
- certbot
|
||||
- nginx
|
||||
- update_motd
|
||||
|
||||
- hosts: nginx,!reverseproxy
|
||||
vars:
|
||||
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||
update_motd:
|
||||
nginx: >-
|
||||
NGINX avec certbot est déployé (/etc/nginx).
|
||||
roles:
|
||||
- certbot
|
||||
- nginx
|
||||
- update_motd
|
||||
|
|
Loading…
Reference in a new issue