crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use query rather than specify ip directly

main
_shirenn 2022-11-14 16:58:03 +01:00
parent 8acf8086a1
commit 24ff9e9584
64 changed files with 151 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/home_nounou.yml
View File

@ -1,7 +1,7 @@
---
glob_home_nounou:
mounts:
- ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
- ip: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"
mountpoint: /pool/home
target: /home_nounou
name: home_nounou

8
group_vars/all/ldap.yml
View File

@ -3,8 +3,8 @@ glob_ldap:
uri: 'ldap://re2o-ldap.adm.crans.org/'
users_base: 'cn=Utilisateurs,dc=crans,dc=org'
servers:
- 172.16.10.100
- 172.16.10.11
- 172.16.10.12
- 172.16.10.13
- "{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}"
- "{{ query('ldap', 'ip4', 'sam', 'adm') }}"
- "{{ query('ldap', 'ip4', 'daneel', 'adm') }}"
- "{{ query('ldap', 'ip4', 'jack', 'adm') }}"
base: 'dc=crans,dc=org'

2
group_vars/all/mirror.yml
View File

@ -1,7 +1,7 @@
---
glob_mirror:
hostname: mirror.adm.crans.org
ip: 172.16.10.104
ip: "{{ query('ldap', 'ip4', 'eclat', 'adm') }}"
debian_mirror: http://mirror.adm.crans.org/debian
ubuntu_mirror: http://mirror.adm.crans.org/ubuntu

12
group_vars/all/network_interfaces.yml
View File

@ -3,26 +3,26 @@ glob_network_interfaces:
vlan:
- name: srv
id: 2
gateway: "{{ query('ldap', 'ip', 'passerelle', 'srv') | ansible.utils.ipv4 | first }}"
gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'srv') | ansible.utils.ipv6 | first }}"
gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}"
gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}"
- name: srv_nat
id: 3
gateway: "{{ query('ldap', 'ip', 'passerelle', 'srv-nat') | ansible.utils.ipv4 | first }}"
gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'srv-nat') | ansible.utils.ipv6 | first }}"
gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}"
gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}"
- name: san
id: 4
extra:
- "mtu 9000"
- name: adm
id: 10
dns: "{{ query('ldap', 'ip', 'romanesco', 'adm') | ansible.utils.ipv4 | first }}"
dns: "{{ query('ldap', 'ip4', 'romanesco', 'adm') }}"
- name: adh
id: 12
- name: adh_adm
id: 13
- name: renater
id: 38
gateway: "{{ query('ldap', 'ip', 'dsi', 'renater') | ansible.utils.ipv4 | first }}"
gateway: "{{ query('ldap', 'ip4', 'dsi', 'renater') }}"
- name: lp
id: 56
- name: auto

2
group_vars/all/prometheus_nginx_exporter.yaml
View File

@ -1,3 +1,3 @@
---
glob_prometheus_nginx_exporter:
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}"
listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}"

2
group_vars/all/prometheus_node_exporter.yaml
View File

@ -1,3 +1,3 @@
---
glob_prometheus_node_exporter:
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}"
listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}"

2
group_vars/all/rsyslog_client.yml
View File

@ -1,3 +1,3 @@
---
glob_rsyslog_client:
server: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
server: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"

2
group_vars/all/ssh_known_hosts.yml
View File

@ -12,4 +12,4 @@ glob_service_ssh_known_hosts:
frequency: "*/10 * * * *"
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}"
server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}"

2
group_vars/aurore/home_nounou.yml
View File

@ -1,7 +1,7 @@
---
loc_home_nounou:
mounts:
- ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
- ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}"
mountpoint: /home_nounou
target: /home_nounou
name: home_nounou

2
group_vars/aurore/ldap.yml
View File

@ -1,4 +1,4 @@
---
loc_ldap:
servers:
- "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
- "{{ query('ldap', 'ip4', 'thot', 'adm') }}"

2
group_vars/aurore/ssh_known_hosts.yml
View File

@ -2,4 +2,4 @@
loc_service_ssh_known_hosts:
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}"

2
group_vars/bird.yml
View File

@ -2,4 +2,4 @@
glob_bird: {}
glob_prometheus_bird_exporter:
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}"
listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}"

2
group_vars/certbot.yml
View File

@ -15,7 +15,7 @@ glob_service_certbot:
config:
"crans.org":
zone: _acme-challenge.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.

4
group_vars/constellation.yml
View File

@ -8,14 +8,14 @@ glob_constellation:
- 'intranet.crans.org'
email:
ssl: false
host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}"
host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}"
port: 25
user: ''
password: ''
from: "root@crans.org"
from_full: "Crans <root@crans.org>"
database:
host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432
user: 'constellation'
password: "{{ vault.constellation.django_db_password }}"

4
group_vars/django_cas.yml
View File

@ -6,14 +6,14 @@ glob_django_cas:
dn: 'cn=Utilisateurs,dc=crans,dc=org'
password: "{{ vault.cas.ldap.password }}"
user: 'cn=cas,ou=service-users,dc=crans,dc=org'
server: 172.16.10.157
server: "{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}"
db:
host: tealc.adm.crans.org
password: "{{ vault.cas.database.password }}"
secret_key: "{{ vault.cas.secret_key }}"
mail:
address: 'root@crans.org'
host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}"
host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}"
port: 25
loc_nginx:

2
group_vars/dovecot.yml
View File

@ -1,7 +1,7 @@
---
glob_dovecot:
ldap:
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ansible.utils.ipv4 | first }}/"
uri: "ldap://{{ query('ldap', 'ip4', 're2o-ldap', 'adm') }}/"
dn: 'cn=dovecot,ou=service-users,dc=crans,dc=org'
pass: "{{ vault.dovecot_dnpass }}"
users_base: 'cn=Utilisateurs,dc=crans,dc=org'

2
group_vars/ethercalc.yml
View File

@ -1,3 +1,3 @@
---
glob_ethercalc:
ip: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}"

4
group_vars/horde.yml
View File

@ -19,5 +19,5 @@ glob_horde:
admin_dest_hostname: webmail.adm.crans.org
zone_ipv4: 172.16.10.0/24
zone_ipv6: fd00:0:0:10::/64
ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}"
ipv6: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv6 | first }}"
ipv4: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}"
ipv6: "{{ query('ldap', 'ip6', ansible_hostname, 'adm') }}"

14
group_vars/keepalived.yml
View File

@ -2,7 +2,7 @@
glob_keepalived:
mail_source: keepalived@crans.org
mail_destination: root@crans.org
smtp_server: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}"
smtp_server: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}"
routeur_id: "{{ ansible_hostname }}"
pool:
VI_ALL:
@ -20,19 +20,19 @@ glob_keepalived:
ipv6:
- {ip: '2a0c:700:28::1/64', scope: 'global'}
- vlan: srv
ipv4: 185.230.79.62/26
ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}/26"
ipv6:
- {ip: '2a0c:700:2::ff:fe00:9902/64', scope: 'global'}
- {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}/64", scope: 'global'}
- {ip: 'fe80::1/64', scope: 'link'}
- vlan: srv_nat
ipv4: 172.16.3.99/24
ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}/24"
ipv6:
- {ip: '2a0c:700:3::ff:fe00:9903/64', scope: 'global'}
- {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}/64", scope: 'global'}
- {ip: 'fe80::1/64', scope: 'link'}
- vlan: adh
ipv4: 185.230.78.99/24
ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}/24"
ipv6:
- {ip: '2a0c:700:12::ff:fe00:9912/48', scope: 'global'}
- {ip: "{{ query('ldap', 'ip6', 'passerelle', 'adh') }}/48", scope: 'global'}
- {ip: 'fe80::1/64', scope: 'link'}
# - vlan: ens
# ipv4: 100.84.0.99/16

4
group_vars/mailman.yml
View File

@ -57,13 +57,13 @@ glob_mailman3:
database:
user: "mailman3"
pass: "{{ vault.mailman3.database.pass }}"
host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432
name: "mailman3"
web_database:
user: "mailman3web"
pass: "{{ vault.mailman3.web_database.pass }}"
host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432
name: "mailman3web"
restadmin_pass: "{{ vault.mailman3.restadmin_pass }}"

10
group_vars/printer.yml
View File

@ -8,14 +8,14 @@ glob_printer:
- 'imprimante.crans.org'
email:
ssl: false
host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}"
host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}"
port: 25
user: ''
password: ''
from: "root@crans.org"
from_full: "Crans <root@crans.org>"
database:
host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432
user: 'helloworld'
password: "{{ vault.printer.django_db_password }}"
@ -27,9 +27,9 @@ glob_printer:
note_id: 2088
note_alias: 'Crans'
printer_name: 'Lexmark_X950_Series'
domain: "{{ query('ldap', 'ip', 'printer', 'lp') | ansible.utils.ipv4 | first }}"
domain: "{{ query('ldap', 'ip4', 'printer', 'lp') }}"
scan_server:
address: "{{ query('ldap', 'ip', ansible_hostname, 'lp') | ansible.utils.ipv4 | first }}"
address: "{{ query('ldap', 'ip4', ansible_hostname, 'lp') }}"
port: 9751
debug: false
owner: www-data
@ -38,7 +38,7 @@ glob_printer:
settings_local_owner: www-data
settings_local_group: _nounou
ldap:
uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/"
uri: "ldaps://{{ query('ldap', 'ip4', 'tealc', 'adm') }}/"
dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org
group_search: ou=group,dc=crans,dc=org
read_group: cn=_user,ou=group,dc=crans,dc=org

2
group_vars/prometheus.yml
View File

@ -13,7 +13,7 @@ glob_service_prometheus_target:
options: ""
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'ldap-adh', 'adm') | ansible.utils.ipv4 | first }}"
server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adh', 'adm') }}"
glob_ninjabot:
config:

4
group_vars/re2o.yml
View File

@ -9,7 +9,7 @@ glob_re2o:
- 'intranet.adm.crans.org'
- 're2o.crans.org'
- 'intranet.crans.org'
- '172.16.10.156'
- "{{ query('ldap', 'ip4', 're2o', 'adm') }}"
from_email: "root@crans.org"
smtp_server: smtp.adm.crans.org
ldap:
@ -18,7 +18,7 @@ glob_re2o:
dn: "{{ vault.slapd.re2o.admin.binddn }}"
database:
password: "{{ vault.re2o.database.password }}"
uri: "172.16.10.1"
uri: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"
optional_apps:
- api
- captcha

4
group_vars/re2o_front.yml
View File

@ -1,8 +1,8 @@
---
glob_re2o_front:
server_names:
- "{{ query('ldap', 'ip', 're2o', 'adm') | ansible.utils.ipv4 | first }}"
- "[{{ query('ldap', 'ip', 're2o', 'adm') | ansible.utils.ipv6 | first }}]"
- "{{ query('ldap', 'ip4', 're2o', 'adm') }}"
- "[{{ query('ldap', 'ip6', 're2o', 'adm') }}]"
- re2o.adm.crans.org
- intranet.adm.crans.org
- re2o.crans.org

2
group_vars/re2o_ldap.yml
View File

@ -1,7 +1,7 @@
---
glob_re2o_ldap:
suffix: dc=crans,dc=org
url: "ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636"
url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636"
root_password_hash: "{{ vault.slapd.re2o.admin.bindpass_hash }}"
certificate: "{{ vault.slapd.re2o.certificate }}"
private_key: "{{ vault.slapd.re2o.private_key }}"

6
group_vars/reverseproxy.yml
View File

@ -8,7 +8,7 @@ loc_service_certbot:
config:
"crans.org":
zone: _acme-challenge.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.
@ -16,7 +16,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512
"crans.eu":
zone: _acme-challenge.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.
@ -24,7 +24,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512
"crans.fr":
zone: _acme-challenge.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.

2
group_vars/slapd.yml
View File

@ -1,6 +1,6 @@
---
glob_slapd:
master_ip: "{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}"
master_ip: "{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}"
regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$"
replication_credentials: "{{ vault.slapd.main.replication_credentials }}"
private_key: "{{ vault.slapd.main.private_key }}"

12
group_vars/sssd.yml
View File

@ -4,17 +4,17 @@ glob_sssd:
domain: ldap-adm.adm.crans.org
enumerate: "true"
servers:
- "ldaps://{{ query('ldap','ip','ldap-adm','adm') | ansible.utils.ipv4 | first }}/"
- "ldaps://{{ query('ldap','ip','sam','adm') | ansible.utils.ipv4 | first }}/"
- "ldaps://{{ query('ldap','ip','daniel','adm') | ansible.utils.ipv4 | first }}/"
- "ldaps://{{ query('ldap','ip','jack','adm') | ansible.utils.ipv4 | first }}/"
- "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'sam', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'daniel', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'jack', 'adm') }}/"
base: "dc=crans,dc=org"
secondary:
domain: re2o-ldap.adm.crans.org
enumerate: "false"
servers:
- "ldaps://{{ query('ldap','ip','re2o-ldap','adm') | ansible.utils.ipv4 | first }}/"
- "ldaps://{{ query('ldap','ip','terenez','adm') | ansible.utils.ipv4 | first }}/"
- "ldaps://{{ query('ldap', 'ip4', 're2o-ldap', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'terenez', 'adm') }}/"
base: "dc=crans,dc=org"
bind:
dn: "{{ vault.sssd.secondary_ldap.binddn }}"

2
group_vars/thelounge.yml
View File

@ -17,7 +17,7 @@ glob_thelounge:
join: "#general"
ldap_enable: "false"
ldap:
url: "ldap://172.16.10.157"
url: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}"
primaryKey: "cn"
rootDN: "{{ vault.thelounge.ldap.rootDN }}"
rootPassword: "{{ vault.thelounge.ldap.rootPassword }}"

2
group_vars/viarezo/home_nounou.yml
View File

@ -1,7 +1,7 @@
---
loc_home_nounou:
mounts:
- ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
- ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}"
mountpoint: /home_nounou
target: /home_nounou
name: home_nounou

2
group_vars/viarezo/ldap.yml
View File

@ -1,4 +1,4 @@
---
loc_ldap:
servers:
- "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
- "{{ query('ldap', 'ip4', 'ft', 'adm') }}"

2
group_vars/viarezo/ssh_known_hosts.yml
View File

@ -2,4 +2,4 @@
loc_service_ssh_known_hosts:
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}"

4
group_vars/virtu.yml
View File

@ -18,7 +18,7 @@ glob_service_proxmox_user:
config:
ldap:
admin:
uri: "ldaps://{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}/"
uri: "ldaps://{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}/"
userBase: "ou=passwd,dc=crans,dc=org"
realm: "pam"
dependencies:
@ -34,7 +34,7 @@ loc_service_certbot:
config:
"adm.crans.org":
zone: _acme-challenge.adm.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_adm_challenge.

4
group_vars/virtu_adh.yml
View File

@ -12,11 +12,11 @@ glob_service_proxmox_user:
config:
ldap:
admin:
uri: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/"
uri: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/"
userBase: "ou=passwd,dc=crans,dc=org"
realm: "pam"
user:
uri: "ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ansible.utils.ipv4 | first }}/"
uri: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}/"
userBase: "ou=users,dc=adh,dc=crans,dc=org"
realm: "pve"
binddn: "{{ vault.ldap_adh_reader.binddn }}"

4
host_vars/backup-ft.adm.crans.org.yml
View File

@ -4,14 +4,14 @@ interfaces:
loc_home_nounou:
mounts:
- ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
- ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}"
mountpoint: /home_nounou
target: /home_nounou
name: home_nounou
owner: root
group: _user
mode: '0750'
- ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
- ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}"
mountpoint: /rpool/backup
target: /backup
name: backup

4
host_vars/backup-thot.adm.crans.org.yml
View File

@ -4,14 +4,14 @@ interfaces:
loc_home_nounou:
mounts:
- ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
- ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}"
mountpoint: /home_nounou
target: /home_nounou
name: home_nounou
owner: root
group: _user
mode: '0750'
- ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
- ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}"
mountpoint: /rpool/backup
target: /backup
name: backup

8
host_vars/boeing.adm.crans.org.yml
View File

@ -12,9 +12,9 @@ loc_wireguard:
peers:
- public_key: "{{ vault.wireguard.sputnik.pubkey }}"
allowed_ips:
- "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}/32"
- "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv6 | first }}/128"
endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ansible.utils.ipv4 | first }}:51820"
- "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/32"
- "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/128"
endpoint: "{{ query('ldap', 'ip4', 'sputnik', 'srv') }}:51820"
post_up:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
@ -63,7 +63,7 @@ loc_wireguard:
loc_service_proxy:
config:
ldap:
- server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/"
- server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/"
protocol: "proxy"
filter: ".adm.crans.org"
proxy:

2
host_vars/daniel.adm.crans.org.yml
View File

@ -1,6 +1,6 @@
---
loc_slapd:
ip: "{{ query('ldap', 'ip', 'daniel', 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', 'daniel', 'adm') }}"
replica: true
replica_rid: 2

2
host_vars/eclat.adm.crans.org.yml
View File

@ -6,7 +6,7 @@ interfaces:
loc_nfs_mount:
mounts:
- ip: 172.16.4.1
- ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}"
mountpoint: /pool/mirror
target: /mirror
name: mirror

2
host_vars/ft.adm.crans.org.yml
View File

@ -6,6 +6,6 @@ loc_borg:
- /var
loc_slapd:
ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}"
replica: true
replica_rid: 6

2
host_vars/fyre.adm.crans.org.yml
View File

@ -171,5 +171,5 @@ loc_prometheus:
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- replacement: 172.16.10.131:9116
- replacement: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
target_label: __address__

4
host_vars/gitzly.adm.crans.org.yml
View File

@ -15,7 +15,7 @@ loc_service_certbot:
config:
"crans.org":
zone: _acme-challenge.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.
@ -23,7 +23,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512
"adm.crans.org":
zone: _acme-challenge.adm.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_adm_challenge.

2
host_vars/helloworld.adm.crans.org.yml
View File

@ -5,4 +5,4 @@ interfaces:
lp: ens20
loc_snmp_exporter:
listen_address: "{{ query('ldap', 'ip', 'helloworld', 'adm') | ansible.utils.ipv4 | first }}:9116"
listen_address: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116"

24
host_vars/irc.adm.crans.org.yml
View File

@ -42,15 +42,15 @@ loc_inspircd:
nick: PEB
email: root@crans.org
bind:
- address: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv4 | first }}"
- address: "{{ query('ldap', 'ip4', 'irc', 'srv') }}"
type: clients
clair: 6667
ssl: 6697
- address: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv6 | first }}"
- address: "{{ query('ldap', 'ip6', 'irc', 'srv') }}"
type: clients
clair: 6667
ssl: 6697
- address: "{{ query('ldap', 'ip', 'irc', 'adm') | ansible.utils.ipv4 | first }}"
- address: "{{ query('ldap', 'ip4', 'irc', 'adm') }}"
type: clients
clair: 6667
- address: 127.0.0.1
@ -59,28 +59,28 @@ loc_inspircd:
connect:
- name: zamok
allows:
ipv4: "{{ query('ldap', 'ip', 'zamok', 'srv') | ansible.utils.ipv4 | first }}/32"
ipv6: "{{ query('ldap', 'ip', 'zamok', 'srv') | ansible.utils.ipv6 | first }}/128"
ipv4: "{{ query('ldap', 'ip4', 'zamok', 'srv') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'zamok', 'srv') }}/128"
threshold: 1
- name: irc
allows:
ipv4: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv4 | first }}/32"
ipv6: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv6 | first }}/128"
ipv4: "{{ query('ldap', 'ip4', 'irc', 'srv') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'irc', 'srv') }}/128"
threshold: 1
- name: gitlab
allows:
ipv4: "{{ query('ldap', 'ip', 'gitzly', 'srv') | ansible.utils.ipv4 | first }}/32"
ipv6: "{{ query('ldap', 'ip', 'gitzly', 'srv') | ansible.utils.ipv6 | first }}/128"
ipv4: "{{ query('ldap', 'ip4', 'gitzly', 'srv') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'gitzly', 'srv') }}/128"
threshold: 10
commandrate: 10000
- name: monitoring
allows:
ipv4: "{{ query('ldap', 'ip', 'fyre', 'adm') | ansible.utils.ipv4 | first }}/32"
ipv6: "{{ query('ldap', 'ip', 'fyre', 'adm') | ansible.utils.ipv6 | first }}/128"
ipv4: "{{ query('ldap', 'ip4', 'fyre', 'adm') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'fyre', 'adm') }}/128"
threshold: 10
commandrate: 10000
modes: true
dns: "{{ query('ldap', 'ip', 'romanesco', 'srv') | ansible.utils.ipv4 | first }}"
dns: "{{ query('ldap', 'ip4', 'romanesco', 'srv') }}"
services:
name: services.irc.crans.org
port: 6668

2
host_vars/jack.adm.crans.org.yml
View File

@ -1,6 +1,6 @@
---
loc_slapd:
ip: "{{ query('ldap', 'ip', 'jack', 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', 'jack', 'adm') }}"
replica: true
replica_rid: 3

2
host_vars/owncloud.adm.crans.org.yml
View File

@ -7,4 +7,4 @@ interfaces:
loc_ldap:
base_dn: "{{ vault.slapd.re2o.admin.binddn }}"
password: "{{ vault.slapd.re2o.admin.bindpass }}"
uri: "ldap://172.16.10.157"
uri: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}"

2
host_vars/ptf.adm.crans.org.yml
View File

@ -6,7 +6,7 @@ interfaces:
loc_nfs_mount:
mounts:
- ip: 172.16.4.1
- ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}"
mountpoint: /pool/ftp
target: /ftp
name: ftp

2
host_vars/re2o-dev.adm.crans.org.yml
View File

@ -4,4 +4,4 @@ interfaces:
srv_nat: eth1
loc_re2o_ldap_replica:
url: "ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636"
url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636"

4
host_vars/redisdead.adm.crans.org.yml
View File

@ -19,7 +19,7 @@ loc_service_certbot:
config:
"crans.org":
zone: _acme-challenge.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.
@ -27,7 +27,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512
"adm.crans.org":
zone: _acme-challenge.adm.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_adm_challenge.

4
host_vars/routeur-daniel.adm.crans.org/dhcp.yml
View File

@ -7,8 +7,8 @@ loc_dhcp:
vlan: "adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.78.99"
dns: ["185.230.78.99"]
routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}"
dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"]
domain_name: "adh.crans.org"
domain_search: "adh.crans.org"
options: []

2
host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml
View File

@ -15,6 +15,6 @@ loc_service_prefix_delegation:
prefix: "2a0c:700:12::"
length: "48"
ldap:
server: "ldaps://172.16.10.114"
server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}"
binddn: "{{ vault.ldap_adh_reader.binddn }}"
password: "{{ vault.ldap_adh_reader.bindpass }}"

8
host_vars/routeur-ft.adm.crans.org.yml
View File

@ -14,12 +14,12 @@ loc_wireguard:
allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51821"
endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51821"
persistent_keepalive: 25
post_up:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
- "ip route add 172.16.10.1 dev %i proto proxy"
- "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy"
- "python3 /var/local/services/proxy/proxy.py --alter"
pre_down:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
@ -29,8 +29,8 @@ loc_wireguard:
loc_service_proxy:
config:
ldap:
- server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/"
- server: "ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}/"
- server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/"
- server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}/"
protocol: "proxy"
filter: ".adm.crans.org"
proxy:

4
host_vars/routeur-jack.adm.crans.org/dhcp.yml
View File

@ -7,8 +7,8 @@ loc_dhcp:
vlan: "adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.78.99"
dns: ["185.230.78.99"]
routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}"
dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"]
domain_name: "adh.crans.org"
domain_search: "adh.crans.org"
options: []

2
host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml
View File

@ -15,6 +15,6 @@ loc_service_prefix_delegation:
prefix: "2a0c:700:12::"
length: "48"
ldap:
server: "ldaps://172.16.10.114"
server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}"
binddn: "{{ vault.ldap_adh_reader.binddn }}"
password: "{{ vault.ldap_adh_reader.bindpass }}"

4
host_vars/routeur-sam.adm.crans.org/dhcp.yml
View File

@ -7,8 +7,8 @@ loc_dhcp:
vlan: "adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.78.99"
dns: ["185.230.78.99"]
routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}"
dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"]
domain_name: "adh.crans.org"
domain_search: "adh.crans.org"
options: []

2
host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml
View File

@ -15,6 +15,6 @@ loc_service_prefix_delegation:
prefix: "2a0c:700:12::"
length: "48"
ldap:
server: "ldaps://172.16.10.114"
server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}"
binddn: "{{ vault.ldap_adh_reader.binddn }}"
password: "{{ vault.ldap_adh_reader.bindpass }}"

8
host_vars/routeur-thot.adm.crans.org.yml
View File

@ -14,12 +14,12 @@ loc_wireguard:
allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51822"
endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51822"
persistent_keepalive: 25
post_up:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
- "ip route add 172.16.10.1 dev %i proto proxy"
- "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy"
- "python3 /var/local/services/proxy/proxy.py --alter"
pre_down:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
@ -30,8 +30,8 @@ loc_wireguard:
loc_service_proxy:
config:
ldap:
- server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/"
- server: "ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}/"
- server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/"
- server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}/"
protocol: "proxy"
filter: ".adm.crans.org"
proxy:

2
host_vars/sam.adm.crans.org.yml
View File

@ -6,7 +6,7 @@ loc_borg:
- /var
loc_slapd:
ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', 'sam', 'adm') }}"
replica: true
replica_rid: 1

14
host_vars/sputnik.adm.crans.org.yml
View File

@ -12,8 +12,8 @@ loc_wireguard:
tunnels:
- name: "sputnik"
addresses:
- "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}/24"
- "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv6 | first }}/64"
- "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/24"
- "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/64"
listen_port: 51820
private_key: "{{ vault.wireguard.sputnik.privkey }}"
peers:
@ -21,12 +21,12 @@ loc_wireguard:
allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51820"
endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51820"
post_up:
- "/sbin/ip link set sputnik alias adm"
loc_slapd:
ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}"
replica: true
replica_rid: 4
@ -45,7 +45,7 @@ loc_service_certbot:
config:
"crans.org":
zone: _acme-challenge.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.
@ -53,7 +53,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512
"adm.crans.org":
zone: _acme-challenge.adm.crans.org
server: 172.16.10.147
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_adm_challenge.
@ -121,4 +121,4 @@ loc_bind:
loc_service_ssh_known_hosts:
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}"
server: "ldaps://{{ query('ldap', 'ip4', 'sputnik', 'adm') }}"

2
host_vars/tealc.adm.crans.org.yml
View File

@ -33,7 +33,7 @@ loc_postgres:
frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"
loc_slapd:
ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}"
replica: false
loc_borg:

2
host_vars/thot.adm.crans.org.yml
View File

@ -6,6 +6,6 @@ loc_borg:
- /var
loc_slapd:
ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}"
replica: true
replica_rid: 5

10
host_vars/vol447.adm.crans.org.yml
View File

@ -11,8 +11,8 @@ loc_wireguard:
peers:
- public_key: "{{ vault.wireguard.charybde.pubkey }}"
allowed_ips:
- "{{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv4 | first }}/32"
- "{{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }}/128"
endpoint: "{{ query('ldap', 'ip', 'freebox', 'srv') | ansible.utils.ipv4 | first }}:51820"
post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18"
post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18"
- "{{ query('ldap', 'ip4', 'charybde', 'adm') }}/32"
- "{{ query('ldap', 'ip6', 'charybde', 'adm') }}/128"
endpoint: "{{ query('ldap', 'ip4', 'freebox', 'srv') }}:51820"
post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip6', 'charybde', 'adm') }} dev ens18"
post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip6', 'charybde', 'adm') }} dev ens18"

6
host_vars/zamok.adm.crans.org.yml
View File

@ -7,7 +7,7 @@ loc_borg:
- /var/lib/mysql
loc_thelounge:
host: "\"172.16.10.31\""
host: "\"{{ query('ldap', 'ip4, 'zamok', 'adm') }}\""
oidentd: "\"/usr/local/lib/thelounge/.oidentd.conf\""
reverseProxy: "true"
ldap_enable: "true"
@ -19,14 +19,14 @@ loc_crans_scripts:
loc_nfs_mount:
mounts:
- ip: 172.16.4.2
- ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}"
mountpoint: /pool/home
target: /home
name: home
owner: root
group: root
mode: '0755'
- ip: 172.16.4.2
- ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}"
mountpoint: /pool/mail
target: /var/mail
name: var-mail

16
lookup_plugins/ldap.py
View File

@ -60,6 +60,22 @@ class LookupModule(LookupBase):
result = [res.decode('utf-8') for res in result['ipHostNumber']]
return result
def ip4(self, host, vlan):
"""
Retrieve the first IP addresses of an interface of a device
query('ldap', 'ip4', HOST, VLAN)
"""
result = [res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 4 ]
return result[0]
def ip6(self, host, vlan):
"""
Retrieve IP addresses of an interface of a device
query('ldap', 'ip', HOST, VLAN)
"""
result = [res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 6 ]
return result[0]
def all_ip(self, host):
"""
Retrieve all IP addresses of a device