From 09820c3b08fca5bd1e3c44f07535f61230e55d05 Mon Sep 17 00:00:00 2001 From: shirenn Date: Mon, 14 Mar 2022 10:55:44 +0100 Subject: [PATCH] =?UTF-8?q?kes=20tu=20es=20born=C3=A9=E2=8B=85e=20toi=20!?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- group_vars/cachan/borg.yml | 20 --- group_vars/cachan/home_nounou.yml | 10 -- group_vars/cachan/network_interfaces.yml | 11 -- group_vars/cachan/ntp.yml | 4 - .../cachan/prometheus_node_exporter.yaml | 3 - group_vars/mirror_backend.yml | 2 +- group_vars/vsftpd_cameras.yml | 6 - host_vars/charybde.cachan-adm.crans.org.yml | 11 -- host_vars/codichotomie.adm.crans.org.yml | 4 - host_vars/omnomnom.cachan-adm.crans.org.yml | 3 - host_vars/zamok-tmtc.adm.crans.org.yml | 4 - host_vars/zephir.cachan-adm.crans.org.yml | 7 - hosts | 122 ------------------ re2o.yml | 44 ------- roles/logall-cachan/tasks/main.yml | 24 ---- .../templates/logrotate.d/firewall.j2 | 28 ---- .../templates/rsyslog.d/10-firewall.conf.j2 | 32 ----- roles/unifi-controller/tasks/main.yml | 47 ------- .../templates/update-motd.d/05-service.j2 | 3 - upgrade.yml | 51 -------- 20 files changed, 1 insertion(+), 435 deletions(-) delete mode 100644 group_vars/cachan/borg.yml delete mode 100644 group_vars/cachan/home_nounou.yml delete mode 100644 group_vars/cachan/network_interfaces.yml delete mode 100644 group_vars/cachan/ntp.yml delete mode 100644 group_vars/cachan/prometheus_node_exporter.yaml delete mode 100644 group_vars/vsftpd_cameras.yml delete mode 100644 host_vars/charybde.cachan-adm.crans.org.yml delete mode 100644 host_vars/codichotomie.adm.crans.org.yml delete mode 100644 host_vars/omnomnom.cachan-adm.crans.org.yml delete mode 100644 host_vars/zamok-tmtc.adm.crans.org.yml delete mode 100644 host_vars/zephir.cachan-adm.crans.org.yml delete mode 100755 re2o.yml delete mode 100644 roles/logall-cachan/tasks/main.yml delete mode 100644 roles/logall-cachan/templates/logrotate.d/firewall.j2 delete mode 100644 roles/logall-cachan/templates/rsyslog.d/10-firewall.conf.j2 delete mode 100644 roles/unifi-controller/tasks/main.yml delete mode 100755 roles/unifi-controller/templates/update-motd.d/05-service.j2 delete mode 100755 upgrade.yml diff --git a/group_vars/cachan/borg.yml b/group_vars/cachan/borg.yml deleted file mode 100644 index 2f1b3e2b..00000000 --- a/group_vars/cachan/borg.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -glob_borg: - to_exclude: - - /var/lib/lxcfs - to_backup: - - /etc - - /var - path: /backup/borg - remote: - - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }} - retention: - - ["daily", 4] - - ["monthly", 6] - consistency_check: - - disabled - extra_init: - - make-parent-dirs - encryption_passphrase: "{{ vault.borgbackup_passwd }}" - ssh_privkey: "{{ vault.borgbackup_ssh_privkey }}" - ssh_options: "" diff --git a/group_vars/cachan/home_nounou.yml b/group_vars/cachan/home_nounou.yml deleted file mode 100644 index fe17e060..00000000 --- a/group_vars/cachan/home_nounou.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -glob_home_nounou: - mounts: - - ip: "{{ query('ldap', 'ip', 'charybde', 'cachan-adm') | ipv4 | first }}" - mountpoint: /pool/home - target: /home_nounou - name: home_nounou - owner: root - group: _user - mode: '0750' diff --git a/group_vars/cachan/network_interfaces.yml b/group_vars/cachan/network_interfaces.yml deleted file mode 100644 index 49d2501f..00000000 --- a/group_vars/cachan/network_interfaces.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -glob_network_interfaces: - vlan: - - name: cachan_adm - id: 10 - dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}" - extra: - - "post-up /sbin/ip route add 172.16.10.0/24 via {{ query('ldap', 'ip', 'terenez', 'cachan-adm') | ipv4 | first }}" - - name: infra - id: 11 - dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}" diff --git a/group_vars/cachan/ntp.yml b/group_vars/cachan/ntp.yml deleted file mode 100644 index db570f3c..00000000 --- a/group_vars/cachan/ntp.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -loc_ntp_client: - servers: - - ntp.cachan-adm.crans.org diff --git a/group_vars/cachan/prometheus_node_exporter.yaml b/group_vars/cachan/prometheus_node_exporter.yaml deleted file mode 100644 index 988720db..00000000 --- a/group_vars/cachan/prometheus_node_exporter.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -glob_prometheus_node_exporter: - listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}" diff --git a/group_vars/mirror_backend.yml b/group_vars/mirror_backend.yml index 2545f78e..531d60bf 100644 --- a/group_vars/mirror_backend.yml +++ b/group_vars/mirror_backend.yml @@ -6,7 +6,7 @@ glob_ftpsync: info: maintainer: Les Nounous country: FR - location: Cachan, Île-de-France + location: Gif-sur-Yvette, Île-de-France targets: - name: main dest: debian diff --git a/group_vars/vsftpd_cameras.yml b/group_vars/vsftpd_cameras.yml deleted file mode 100644 index abbad98e..00000000 --- a/group_vars/vsftpd_cameras.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -glob_vsftpd_cameras: - local: yes - write: yes - userlist: - - cameras diff --git a/host_vars/charybde.cachan-adm.crans.org.yml b/host_vars/charybde.cachan-adm.crans.org.yml deleted file mode 100644 index 5b4fd7f9..00000000 --- a/host_vars/charybde.cachan-adm.crans.org.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -debian_mirror: 'file:/pool/mirror/pub/debian' - -interfaces: - cachan_adm: eth0.10 - infra: eth0.111 - -loc_ntp_server: - open: - - 172.17.10.0/24 - - 172.16.32.0/22 diff --git a/host_vars/codichotomie.adm.crans.org.yml b/host_vars/codichotomie.adm.crans.org.yml deleted file mode 100644 index 2eb6f993..00000000 --- a/host_vars/codichotomie.adm.crans.org.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -interfaces: - adm: eth0 - srv_nat: eth1 diff --git a/host_vars/omnomnom.cachan-adm.crans.org.yml b/host_vars/omnomnom.cachan-adm.crans.org.yml deleted file mode 100644 index 329042ac..00000000 --- a/host_vars/omnomnom.cachan-adm.crans.org.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -interfaces: - cachan_adm: eno1.10 diff --git a/host_vars/zamok-tmtc.adm.crans.org.yml b/host_vars/zamok-tmtc.adm.crans.org.yml deleted file mode 100644 index a72d2fd9..00000000 --- a/host_vars/zamok-tmtc.adm.crans.org.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -interfaces: - adm: eth0 - san: eth1 diff --git a/host_vars/zephir.cachan-adm.crans.org.yml b/host_vars/zephir.cachan-adm.crans.org.yml deleted file mode 100644 index 47861c81..00000000 --- a/host_vars/zephir.cachan-adm.crans.org.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -interfaces: - cachan_adm: eno1 - -loc_borg: - remote: - - /backup/borg/{{ ansible_hostname }} diff --git a/hosts b/hosts index d96a730b..6171e489 100644 --- a/hosts +++ b/hosts @@ -10,8 +10,6 @@ hodaur.adm.crans.org cameron.adm.crans.org [backups] -zephir.cachan-adm.crans.org -omnomnom.cachan-adm.crans.org [baie] cameron.adm.crans.org @@ -149,7 +147,6 @@ thelounge wiki [ntp_server] -charybde.cachan-adm.crans.org eclat.adm.crans.org [opendkim:children] @@ -263,18 +260,9 @@ sputnik.adm.crans.org [wireguard] boeing.adm.crans.org -charybde.cachan-adm.crans.org sputnik.adm.crans.org vol447.adm.crans.org -[cachan:children] -cachan_physical - -[cachan_physical] -charybde.cachan-adm.crans.org -omnomnom.cachan-adm.crans.org -zephir.cachan-adm.crans.org - [crans_routeurs:children] routeurs_vm @@ -287,7 +275,6 @@ zbee.adm.crans.org [crans_physical:children] backups baie -cachan_physical virtu [crans_vm] @@ -344,115 +331,6 @@ sputnik.adm.crans.org crans_physical crans_vm -[crans_unifi] -0g-2.infra.crans.org -0g-3.infra.crans.org -0g-4.infra.crans.org -0h-2.infra.crans.org -0h-3.infra.crans.org -0m-2.infra.crans.org -1g-1.infra.crans.org -1g-3.infra.crans.org -1g-4.infra.crans.org -1g-5.infra.crans.org -1h-2.infra.crans.org -1h-3.infra.crans.org -1i-2.infra.crans.org -1i-3.infra.crans.org -1j-2.infra.crans.org -1j-3.infra.crans.org -1m-1.infra.crans.org -1m-2.infra.crans.org -1m-5.infra.crans.org -2a-1.infra.crans.org -2b-3.infra.crans.org -2c-2.infra.crans.org -2c-3.infra.crans.org -2g-1.infra.crans.org -2g-3.infra.crans.org -2g-5.infra.crans.org -2h-2.infra.crans.org -2h-3.infra.crans.org -2i-2.infra.crans.org -2i-3.infra.crans.org -2j-2.infra.crans.org -2j-3.infra.crans.org -2m-2.infra.crans.org -3a-2.infra.crans.org -3b-3.infra.crans.org -3c-2.infra.crans.org -3c-3.infra.crans.org -3g-1.infra.crans.org -3g-5.infra.crans.org -3h-2.infra.crans.org -3h-3.infra.crans.org -3i-2.infra.crans.org -3i-3.infra.crans.org -3j-2.infra.crans.org -3m-2.infra.crans.org -3m-4.infra.crans.org -3m-5.infra.crans.org -4a-1.infra.crans.org -4a-2.infra.crans.org -4a-3.infra.crans.org -4b-1.infra.crans.org -4c-2.infra.crans.org -4c-3.infra.crans.org -4g-1.infra.crans.org -4g-3.infra.crans.org -4g-5.infra.crans.org -4h-2.infra.crans.org -4h-3.infra.crans.org -4i-2.infra.crans.org -4i-3.infra.crans.org -4j-1.infra.crans.org -4j-2.infra.crans.org -4j-3.infra.crans.org -4m-2.infra.crans.org -4m-4.infra.crans.org -5a-1.infra.crans.org -5b-1.infra.crans.org -5c-1.infra.crans.org -5g-1.infra.crans.org -5g-3.infra.crans.org -5m-4.infra.crans.org -6a-1.infra.crans.org -6a-2.infra.crans.org -6c-1.infra.crans.org -adonis.infra.crans.org # 5a -atlas.infra.crans.org # 1a -baba-au-rhum.infra.crans.org # 3b -bacchus.infra.crans.org # 1b -baucis.infra.crans.org # 2b -bellerophon.infra.crans.org # 2b -benedict-cumberbatch.infra.crans.org # 1b -benthesicyme.infra.crans.org # 4b -boree.infra.crans.org # 6b -branchos.infra.crans.org # 3b -calypso.infra.crans.org # 4c -chaos.infra.crans.org # 1c -chronos.infra.crans.org # 2c -crios.infra.crans.org # 3c -gaia.infra.crans.org # 0g -hades.infra.crans.org # 4h -hephaistos.infra.crans.org # 1h -hermes.infra.crans.org # 3h -hypnos.infra.crans.org # 2h -iaso.infra.crans.org # 1i -idothee.infra.crans.org # 3i -idyie.infra.crans.org # 0i -ino.infra.crans.org # 2i -ioke.infra.crans.org # 4i -jaipudidees.infra.crans.org # 2j -jaipudpapier.infra.crans.org # 3j -japavolonte.infra.crans.org # 1j -jesuischarlie.infra.crans.org # 0j -jveuxduwifi.infra.crans.org # 0j -mania.infra.crans.org # 2m -marquis.infra.crans.org # manoir -mercure.infra.crans.org # 3m -#5m-5.infra.crans.org Déplacée au 2b - [ilo_snmp] ilo-daniel.adm.crans.org ilo-ft.adm.crans.org diff --git a/re2o.yml b/re2o.yml deleted file mode 100755 index 29757932..00000000 --- a/re2o.yml +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# THIS FILE SHOULD BE UPDATED TO NEW INFRA AND THE MERGED TO plays/ - -# Deploy services config on all servers -- hosts: server - vars: - re2o: - server: re2o.adm.crans.org - service_user: "{{ vault.re2o_service_user }}" - service_password: "{{ vault.re2o_service_password }}" - mail_server: smtp.adm.crans.org - roles: - - re2o-services - -# Deploy re2o dns service on dns server -- hosts: silice.adm.crans.org - roles: - - re2o-dns - -# Deploy re2o notif-users service on zamok -- hosts: zamok.adm.crans.org - roles: - - re2o-notif-users - -# Deploy re2o firewall on servers -- hosts: zamok.adm.crans.org - roles: - - re2o-firewall - -# Re2o firewall specific configuration for ipv6-zayo -- hosts: ipv6-zayo.adm.crans.org - roles: - - re2o-firewall-ipv6-zayo - -# Re2o firewall specific configuration for zamok -- hosts: zamok.adm.crans.org - roles: - - re2o-firewall-zamok - -# Deploy re2o mail-server on MTA and MDA -- hosts: titanic.adm.crans.org,sputnik.adm.crans.org - roles: - - re2o-mail-server diff --git a/roles/logall-cachan/tasks/main.yml b/roles/logall-cachan/tasks/main.yml deleted file mode 100644 index 8a4b031d..00000000 --- a/roles/logall-cachan/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Deploy firewall rsyslog - template: - src: rsyslog.d/10-firewall.conf.j2 - dest: /etc/rsyslog.d/10-firewall.conf - mode: 0644 - owner: root - group: root - -- name: Create firewall log directory - file: - path: /var/log/firewall - mode: 0755 - owner: root - group: root - state: directory - -- name: Deploy firewall logrotate - template: - src: logrotate.d/firewall.j2 - dest: /etc/logrotate.d/firewall - mode: 0644 - owner: root - group: root diff --git a/roles/logall-cachan/templates/logrotate.d/firewall.j2 b/roles/logall-cachan/templates/logrotate.d/firewall.j2 deleted file mode 100644 index 9948f3b8..00000000 --- a/roles/logall-cachan/templates/logrotate.d/firewall.j2 +++ /dev/null @@ -1,28 +0,0 @@ -{{ ansible_header | comment }} - -/var/log/firewall/trace.log -/var/log/firewall/filtre.log -/var/log/firewall/iptables.err -/var/log/firewall/iptables.log { - rotate 1 - weekly - missingok - notifempty - compress - postrotate - /usr/sbin/invoke-rc.d rsyslog rotate >/dev/null; - endscript -} -/var/log/firewall/logall.log { - daily - compress - compresscmd /bin/bzip2 - uncompresscmd /bin/bunzip2 - compressext .bz2 - rotate 365 - notifempty - sharedscripts - postrotate - /usr/sbin/invoke-rc.d rsyslog rotate >/dev/null; - endscript -} diff --git a/roles/logall-cachan/templates/rsyslog.d/10-firewall.conf.j2 b/roles/logall-cachan/templates/rsyslog.d/10-firewall.conf.j2 deleted file mode 100644 index 61281ea9..00000000 --- a/roles/logall-cachan/templates/rsyslog.d/10-firewall.conf.j2 +++ /dev/null @@ -1,32 +0,0 @@ -{{ ansible_header | comment }} -#$ModLoad imklog #Déjà présent dans rsyslog.conf - -# Messages du firewall (ie de sa génération) -if $programname == 'firewall' and $syslogseverity <= '3' then /var/log/firewall/iptables.err - -if $programname == 'firewall' then /var/log/firewall/iptables.log - - -# kernel (facility = 0): -# Discard broadcast (sinon trop de spam) -# Note: on discard tout au final, sinon, on risquerait d'envoyer du contenu -# (LOG_ALL est dans PREROUTING donc je sais pas si ça compte, mais je veux -# pas essayer) -if $syslogfacility == '0' and $msg contains 'ff:ff:ff:ff:ff:ff' then ~ - -# LOG_ALL pour … je sais plus à quoi ça sert … -if $syslogfacility == '0' and $msg contains 'LOG_ALL' and ($msg contains 'SRC=10.' or $msg contains 'SRC=100.64.' or $msg contains 'SRC=172.16.' or $msg contains 'SRC=185.230.76.' or $msg contains 'SRC=185.230.77.' or $msg contains 'SRC=185.230.78.' or $msg contains 'SRC=185.230.79.' or $msg contains 'SRC=2a0c:0700:') then /var/log/firewall/logall.log -& ~ - -# LOG_MAC_IP pour l'association mac_ip en ipv6 -if $syslogfacility == '0' and $msg contains 'LOG_MAC_IP' then ~ - -# TRACE -if $syslogfacility == '0' and $msg contains 'TRACE:' then /var/log/firewall/trace.log -& ~ - -# filtre.log était parsé par un script pour gérer les déconnexions -#if $syslogfacility == '0' and $msg contains 'DST=' then /var/log/firewall/filtre.log -#& ~ - -if $syslogfacility == '0' and $msg contains 'LOG_ALL' then ~ diff --git a/roles/unifi-controller/tasks/main.yml b/roles/unifi-controller/tasks/main.yml deleted file mode 100644 index 7f886f25..00000000 --- a/roles/unifi-controller/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Install HTTPS support for APT -- name: Install apt-transport-https - apt: - update_cache: true - name: - - apt-transport-https - - gpg - - dirmngr - state: present - register: apt_result - retries: 3 - until: apt_result is succeeded - -# Add the key -- name: Configure the apt key - apt_key: - keyserver: keyserver.ubuntu.com - id: 06E85760C0A52C50 - state: present - register: apt_key_result - retries: 3 - until: apt_key_result is succeeded - loop: - -# Add the repository into source list -- name: Configure unifi repository - apt_repository: - repo: "{{ item }}" - state: present - loop: - - deb http://www.ui.com/downloads/unifi/debian stable ubiquiti - -- name: Install unifi - apt: - update_cache: true - name: unifi - state: present - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Indicate role in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-unifi-controller - mode: 0755 diff --git a/roles/unifi-controller/templates/update-motd.d/05-service.j2 b/roles/unifi-controller/templates/update-motd.d/05-service.j2 deleted file mode 100755 index db3d73c2..00000000 --- a/roles/unifi-controller/templates/update-motd.d/05-service.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/tail +14 -{{ ansible_header | comment }} -> Le contrôleur Unifi a été déployé sur cette machine. diff --git a/upgrade.yml b/upgrade.yml deleted file mode 100755 index 194f0137..00000000 --- a/upgrade.yml +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# This is a special playbook to upgrade a server, be careful! -- hosts: server,test_vm - tasks: - - name: Upgrade - apt: - upgrade: dist - update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded - - - name: Clean unwanted olderstuff - apt: - autoremove: true - purge: true - register: apt_result - retries: 3 - until: apt_result is succeeded - -- hosts: owncloud-srv.adm.crans.org - become_user: www-data - become: true - vars: - # Owncloud command line interface - occ_bin: '/var/www/owncloud/occ' - tasks: - - name: Upgrade owncloud - command: "{{ occ_bin }} upgrade" - register: upgrade_owncloud - failed_when: - # occ return code is 3 when ownCloud is already latest version - - upgrade_owncloud.rc != 0 - - upgrade_owncloud.rc != 3 - changed_when: - - upgrade_owncloud.rc != 3 - - - name: Upgrade owncloud output - debug: - msg: - - "stdout: {{ upgrade_owncloud.stdout_lines }}" - - "stderr: {{ upgrade_owncloud.stderr_lines }}" - when: not ansible_check_mode - - - name: Disable maintenance mode - command: "{{ occ_bin }} maintenance:mode --off" - when: - - not ansible_check_mode - # Maintenance mode has not been enabled. - - upgrade_owncloud.rc != 3