crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

DHCP, DNS and Wireguard plays

certbot_on_virtu
Alexandre Iooss 2020-05-19 20:21:51 +02:00
parent e85602882c
commit 0572c53391
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
5 changed files with 50 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
base.yml
View File

@ -74,3 +74,6 @@
# Services that only apply to a subset of server # Services that only apply to a subset of server
- import_playbook: plays/tv.yml - import_playbook: plays/tv.yml
- import_playbook: plays/mailman.yml - import_playbook: plays/mailman.yml
- import_playbook: plays/dhcp.yml
- import_playbook: plays/dns.yml
- import_playbook: plays/wireguard.yml

49
network.yml
View File

@ -1,54 +1,5 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Deploy tunnel
- hosts: sputnik.adm.crans.org
vars:
debian_mirror: http://mirror.crans.org/debian
wireguard:
sputnik: true
private_key: "{{ vault_wireguard_sputnik_private_key }}"
peer_public_key: "{{ vault_wireguard_boeing_public_key }}"
roles:
- wireguard
- hosts: boeing.adm.crans.org
vars:
# Debian mirror on adm
debian_mirror: http://mirror.adm.crans.org/debian
wireguard:
sputnik: false
if: ens20
private_key: "{{ vault_wireguard_boeing_private_key }}"
peer_public_key: "{{ vault_wireguard_sputnik_public_key }}"
roles:
- wireguard
# Deploy DHCP server
- hosts: dhcp.adm.crans.org
vars:
dhcp:
authoritative: true
roles:
- isc-dhcp-server
# Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org
roles:
- bind-recursive
# Deploy authoritative DNS server
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
vars:
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
zones: "{{ lookup('re2oapi', 'dnszones') }}"
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
roles:
- bind-authoritative
# Deploy reverse proxy # Deploy reverse proxy
- hosts: bakdaur.adm.crans.org,frontdaur.adm.crans.org - hosts: bakdaur.adm.crans.org,frontdaur.adm.crans.org
vars: vars:

8
plays/dhcp.yml 100755
View File

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
# Deploy DHCP server
- hosts: dhcp.adm.crans.org
vars:
dhcp:
authoritative: true
roles: ["isc-dhcp-server"]

17
plays/dns.yml 100755
View File

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
# Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org
roles: ["bind-recursive"]
# Deploy authoritative DNS server
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
vars:
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
zones: "{{ lookup('re2oapi', 'dnszones') }}"
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
roles: ["bind-authoritative"]

22
plays/wireguard.yml 100755
View File

@ -0,0 +1,22 @@
#!/usr/bin/env ansible-playbook
---
# Deploy tunnel
- hosts: sputnik.adm.crans.org
vars:
debian_mirror: http://mirror.crans.org/debian
wireguard:
sputnik: true
private_key: "{{ vault_wireguard_sputnik_private_key }}"
peer_public_key: "{{ vault_wireguard_boeing_public_key }}"
roles: ["wireguard"]
- hosts: boeing.adm.crans.org
vars:
# Debian mirror on adm
debian_mirror: http://mirror.adm.crans.org/debian
wireguard:
sputnik: false
if: ens20
private_key: "{{ vault_wireguard_boeing_private_key }}"
peer_public_key: "{{ vault_wireguard_sputnik_public_key }}"
roles: ["wireguard"]