crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Au revoir cachan :'(

certbot_on_virtu
_shirenn 2022-02-24 13:22:00 +01:00 committed by Yohann D'ANELLO
parent db79b88812
commit ab78352554
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
25 changed files with 14 additions and 587 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/borg.yml
View File

@ -7,7 +7,7 @@ glob_borg:
- /var
path: /backup/borg
remote:
- borg@zephir.adm.crans.org:/backup/borg/{{ ansible_hostname }}
- borg@zephir-c.adm.crans.org:/backup/borg/{{ ansible_hostname }}
retention:
- ["daily", 4]
- ["monthly", 6]

4
group_vars/cachan/home_nounou.yml
View File

@ -1,8 +1,8 @@
---
glob_home_nounou:
mounts:
- ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
mountpoint: /rpool/home
- ip: "{{ query('ldap', 'ip', 'charybde', 'cachan-adm') | ipv4 | first }}"
mountpoint: /pool/home
target: /home_nounou
name: home_nounou
owner: root

7
group_vars/cachan/ldap.yml
View File

@ -1,7 +0,0 @@
---
glob_ldap:
uri: 'ldaps://re2o-ldap.cachan-adm.crans.org/'
users_base: 'cn=Utilisateurs,dc=crans,dc=org'
servers:
- "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
base: 'dc=crans,dc=org'

8
group_vars/cachan/mirror.yml
View File

@ -1,8 +0,0 @@
---
glob_mirror:
hostname: mirror.cachan-adm.crans.org
ip: 172.17.10.30
debian_mirror: http://mirror.cachan-adm.crans.org/debian
debian_components: main contrib non-free
proxmox_mirror: http://mirror.cachan-adm.crans.org/proxmox/debian/pve

12
group_vars/cachan/network_interfaces.yml
View File

@ -1,23 +1,11 @@
---
glob_network_interfaces:
vlan:
- name: cachan_srv
id: 2
gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
- name: cachan_srv_nat
id: 3
gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv4 | first }}"
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv4 | first }}"
gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv6 | first }}"
- name: cachan_adm
id: 10
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
extra:
- "post-up /sbin/ip route add 172.16.10.0/24 via {{ query('ldap', 'ip', 'terenez', 'cachan-adm') | ipv4 | first }}"
# extra_v6:
# - "post-up /sbin/ip -6 route add fd00:0:0:10::/64 {{ query('ldap', 'ip', 'terenez', 'cachan-adm') | ipv6 | first }}"
- name: infra
id: 11
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"

3
group_vars/cachan/prometheus_nginx_exporter.yaml
View File

@ -1,3 +0,0 @@
---
glob_prometheus_nginx_exporter:
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"

3
group_vars/cachan/rsyslog_client.yml
View File

@ -1,3 +0,0 @@
---
glob_rsyslog_client:
server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"

30
host_vars/charybde.cachan-adm.crans.org.yml
View File

@ -3,39 +3,9 @@ debian_mirror: 'file:/pool/mirror/pub/debian'
interfaces:
cachan_adm: eth0.10
cachan_srv: eth1.2
infra: eth0.111
loc_ntp_server:
open:
- 172.17.10.0/24
- 172.16.32.0/22
loc_vsftpd:
anonymous:
root: /pool/mirror/pub
loc_ftpsync:
root: /pool/mirror/pub
loc_rsync_mirror:
root: /pool/mirror/pub
loc_apt_mirror:
root: /pool/mirror/pub
loc_nginx:
service_name: ftp
ssl: []
servers:
- server_name:
- "mirror"
- "mirror.*"
root: "/pool/mirror/pub"
locations:
- filter: "/"
params:
- "autoindex on"
- "autoindex_exact_size off"
- "add_before_body /.html/HEADER.html"
- "add_after_body /.html/FOOTER.html"

103
host_vars/fyre.cachan-adm.crans.org.yml
View File

@ -1,103 +0,0 @@
---
interfaces:
cachan_adm: ens18
infra: ens19
glob_snmp_exporter:
procurve_password: "{{ vault.snmp_procurve_password }}"
unifi_password: "{{ vault.snmp_unifi_password }}"
loc_ninjabot:
config:
nick: fyre
server: irc.adm.crans.org
port: 6667
channel: "#monitoring"
loc_prometheus:
node:
file: targets_node.json
targets: "{{ groups['server'] | select('match', '^.*\\.cachan-adm\\.crans\\.org$') | list | sort }}"
config:
- job_name: servers
file_sd_configs:
- files:
- '/etc/prometheus/targets_node.json'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- source_labels: [__param_target]
target_label: __address__
replacement: '$1:9100'
ups_snmp:
file: targets_ups_snmp.json
targets:
- pulsar.cachan-adm.crans.org # 0B
- quasar.cachan-adm.crans.org # 4J
config:
- job_name: ups_snmp
file_sd_configs:
- files:
- '/etc/prometheus/targets_ups_snmp.json'
metrics_path: /snmp
params:
module: [eatonups]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
unifi_snmp:
file: targets_unifi_snmp.json
targets: "{{ groups['crans_unifi'] | list | sort }}"
config:
- job_name: unifi_snmp
file_sd_configs:
- files:
- '/etc/prometheus/targets_unifi_snmp.json'
metrics_path: /snmp
params:
module: [ubiquiti_unifi]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
nginx:
file: targets_nginx.json
targets: "{{ groups['nginx'] | select('match', '^.*\\.cachan-adm\\.crans\\.org$') | list | sort }}"
config:
- job_name: nginx
file_sd_configs:
- files:
- '/etc/prometheus/targets_nginx.json'
relabel_configs:
- source_labels: [__address__]
target_label: instance
- source_labels: [instance]
target_label: __address__
replacement: '$1:9117'
mtail:
file: targets_mtail.json
targets:
- gulp.cachan-adm.crans.org
config:
- job_name: mtail
static_configs:
- targets: ["gulp.cachan-adm.crans.org"]
relabel_configs:
- source_labels: [__address__]
target_label: instance
- source_labels: [instance]
target_label: __address__
replacement: '$1:3903'

58
host_vars/gulp.cachan-adm.crans.org.yml
View File

@ -1,58 +0,0 @@
---
loc_slapd:
ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
replica: true
replica_rid: 5
glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://mirror.cachan-adm.crans.org/debian
proxmox_mirror: http://mirror.cachan-adm.crans.org/proxmox/debian/pve
loc_debian_images:
rsync_host: 'mirror.cachan-adm.crans.org'
rsync_module: 'ftp'
loc_postgres:
subnets:
- 172.17.10.0/24
- fd00:0:0:3010::/64
version: 11
hosts:
- {db: re2o, user: re2o}
addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
backup:
dir: /var/local/db-backup
frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"
loc_borg:
remote:
- borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
ssh_options: ""
glob_prometheus_node_exporter:
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
loc_rsyslog_server:
name: gulp
root: /var/log
rules:
- name: cablage
rotate: 365
ips:
- 172.16.33
- 172.16.34
programs:
- firewall
- radiusd
- dhcpd
modules:
- name: imudp
index: 53
- name: imrelp
index: 52
vars:
- name: InputRELPServerRun
value: 20514

3
host_vars/re2o-ldap.cachan-adm.crans.org.yml
View File

@ -1,3 +0,0 @@
---
interfaces:
cachan_adm: ens18

51
host_vars/re2o.cachan-adm.crans.org.yml
View File

@ -1,51 +0,0 @@
---
interfaces:
cachan_adm: ens18
cachan_srv_nat: ens19
loc_re2o:
owner: root
group: _nounou
version: crans
settings_local_owner: www-data
settings_local_group: _nounou
django_secret_key: "{{ vault.re2o_django_secret_key }}"
aes_key: "{{ vault.re2o_aes_key }}"
admins:
- ('Root', 'root@crans.org')
allowed_hosts:
- "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
- "[{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv6 | first }}]"
- "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
- "[{{ query('ldap', 'ip', 'c3po', 'adm') | ipv6 | first }}]"
- re2o.cachan-adm.crans.org
- intranet.cachan-adm.crans.org
- re2o.adm.crans.org
- re2o.crans.org
- intranet.crans.org
from_email: "root@crans.org"
ldap:
master_password: "{{ vault.ldap_master_password }}"
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
dn: "cn=admin,dc=crans,dc=org"
database:
password: "{{ vault.re2o_db_password }}"
uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
loc_nginx:
real_ip_from:
- "172.17.0.0/16"
- "fd00:0:0:3000::/56"
loc_re2o_front:
server_names:
- "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
- "[{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv6 | first }}]"
- "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
- "[{{ query('ldap', 'ip', 'c3po', 'adm') | ipv6 | first }}]"
- re2o.cachan-adm.crans.org
- intranet.cachan-adm.crans.org
- re2o.adm.crans.org
- re2o.crans.org
- intranet.crans.org

28
host_vars/rodauh.cachan-adm.crans.org.yml
View File

@ -1,28 +0,0 @@
---
interfaces:
cachan_adm: ens18
cachan_srv: ens19
loc_certbot:
- mail: root@crans.org
certname: crans.org
domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
loc_nginx:
servers: []
ssl:
- name: crans.org
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
real_ip_from:
- "172.17.0.0/16"
- "fd00:0:0:3000::/56"
loc_reverseproxy:
reverseproxy_sites:
- {from: mirrors.crans.org, to: 172.17.10.30}
- {from: intranet.crans.org, to: 172.17.10.203}
- {from: re2o.crans.org, to: 172.17.10.203}
redirect_sites: []

34
host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
View File

@ -1,34 +0,0 @@
---
loc_bird:
ipv4:
id: 158.255.113.73
binds:
- 158.255.113.73
statics:
- 185.230.76.0/24
bgps:
- name: zayo
allow_local_as: 1
local:
as: 204515
remote:
as: 8218
address: 158.255.113.72
allow_export_prefixes:
- 185.230.76.0/22+
ipv6:
id: 185.230.79.62
binds:
- 2001:1b48:2:103::bb:2
statics:
- 2a0c:700:3000::/36
bgps:
- name: zayo
allow_local_as: 1
local:
as: 204515
remote:
as: 8218
address: 2001:1b48:2:103::bb:1
allow_export_prefixes:
- 2a0c:700::/32+

62
host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
View File

@ -1,62 +0,0 @@
---
loc_dhcp:
authoritative: true
subnets:
- network: "185.230.76.0/26"
deny_unknown: true
vlan: "cachan_adh"
default_lease_time: "600"
max_lease_time: "7200"
routers: "185.230.76.62"
dns: ["185.230.76.62"]
domain_name: "adh.crans.org"
domain_search: "adh.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.cachan-adh.crans.org.list"
- network: "100.64.0.0/16"
deny_unknown: true
vlan: "adh_nat"
default_lease_time: "600"
max_lease_time: "7200"
routers: "100.64.0.99"
dns: ["100.64.0.99"]
domain_name: "adh-nat.crans.org"
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "172.16.32.0/22"
deny_unknown: true
vlan: "infra"
default_lease_time: "600"
max_lease_time: "7200"
dns: ["172.16.32.99"]
domain_name: "infra.crans.org"
domain_search: "infra.crans.org"
options: []
lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- network: 100.65.0.0/16
vlan: "federez"
default_lease_time: "600"
max_lease_time: "7200"
routers: "100.65.0.99"
dns: ["100.65.0.99"]
domain_name: "federez.net"
domain_search: "federez.net"
ranges:
- min: 100.65.1.0
max: 100.65.255.254
options: []
loc_service_dhcp:
re2o:
hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
git:
remote: https://gitlab.adm.crans.org/nounous/dhcp.git
version: cachan
config:
subnets:
adh-nat.crans.org: 100.64.0.0/16
cachan-adh.crans.org: 185.230.76.0/26
infra.crans.org: 172.16.32.0/22

9
host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
View File

@ -1,9 +0,0 @@
---
loc_service_firewall:
re2o:
hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
user: services
password: "{{ vault.re2o_service_password }}"
git:
remote: https://gitlab.adm.crans.org/nounous/firewall.git
version: gulp

25
host_vars/routeur-gulp.cachan-adm.crans.org/radius.yml
View File

@ -1,25 +0,0 @@
---
loc_re2o:
owner: freerad
group: _nounou
version: master_freeradius_python3
settings_local_owner: freerad
settings_local_group: _nounou
django_secret_key: "{{ vault.re2o_django_secret_key }}"
aes_key: "{{ vault.re2o_aes_key }}"
admins:
- ('Root', 'root@crans.org')
allowed_hosts:
- 're2o.cachan-adm.crans.org'
- 'intranet.cachan-adm.crans.org'
from_email: "root@crans.org"
ldap:
master_password: "{{ vault.ldap_master_password }}"
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
dn: "cn=admin,dc=crans,dc=org"
database:
password: "{{ vault.re2o_db_password }}"
uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
optional_apps: []

24
host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
View File

@ -1,24 +0,0 @@
---
loc_radvd:
subnets:
- name: cachan_adh
prefix: 2a0c:700:3012::/64
dnssl: adh.crans.org
dns:
- "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adh') | ipv6 | first }}"
- name: adh_nat
prefix: 2a0c:700:3013::/64
dnssl: adh-nat.crans.org
dns:
- "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adh') | ipv6 | first }}"
- name: federez
prefix: 2a0c:700:254::/64
dnssl: federez.net
dns:
- 2a0c:700:254::ff:fe00:99fe
- name: infra
prefix: fd00:0:0:11::/64
no_gateway: true
dnssl: infra.crans.org
dns:
- fd00::11:0:ff:fe00:9911

10
host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
View File

@ -1,10 +0,0 @@
---
interfaces:
adm: ens18
srv: ens20
srv_nat: ens21
cachan_adh: ens22
adh_nat: ens23
infra: ens1
zayo: ens2
federez: enp1s3

41
host_vars/terenez.cachan-adm.crans.org.yml
View File

@ -1,41 +0,0 @@
---
interfaces:
cachan_adm: ens18
cachan_srv: ens19
infra: ens20
# Don't route to adm so we redefine local network interfaces
loc_network_interfaces:
vlan:
- name: cachan_srv
id: 2
gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
- name: cachan_adm
id: 10
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
- name: infra
id: 11
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"
loc_ntp_server:
open:
- 172.17.10.0/24
- 172.16.32.0/22
loc_wireguard:
tunnels:
- name: "gulp"
addresses:
- "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv4 | first }}/24"
- "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }}/64"
listen_port: 51820
private_key: "{{ vault.wireguard_terenez_private_key }}"
peers:
- public_key: "{{ vault.wireguard_vol447_public_key }}"
allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip', 'vol447', 'srv') | ipv4 | first }}:51820"
post_up: "/sbin/ip link set gulp alias adm"

5
host_vars/unifi.cachan-adm.crans.org.yml
View File

@ -1,5 +0,0 @@
---
interfaces:
cachan_adm: ens18
cachan_srv_nat: ens19
infra: ens20

12
host_vars/vol447.adm.crans.org.yml
View File

@ -9,10 +9,10 @@ loc_wireguard:
listen_port: 51820
private_key: "{{ vault.wireguard_vol447_private_key }}"
peers:
- public_key: "{{ vault.wireguard_terenez_public_key }}"
- public_key: "{{ vault.wireguard_charybde_public_key }}"
allowed_ips:
- "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv4 | first }}/32"
- "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }}/128"
endpoint: "{{ query('ldap', 'ip', 'terenez', 'cachan-srv') | ipv4 | first }}:51820"
post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }} dev ens18"
post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }} dev ens18"
- "{{ query('ldap', 'ip', 'charybde', 'adm') | ipv4 | first }}/32"
- "{{ query('ldap', 'ip', 'charybde', 'adm') | ipv6 | first }}/128"
endpoint: "{{ query('ldap', 'ip', 'freebox', 'srv') | ipv4 | first }}:51820"
post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ipv6 | first }} dev ens18"
post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ipv6 | first }} dev ens18"

59
hosts
View File

@ -20,9 +20,6 @@ tealc.adm.crans.org
[belenios]
belenios.adm.crans.org
[bird]
routeur-gulp.cachan-adm.crans.org
[bird:children]
routeurs_vm
@ -125,15 +122,12 @@ linx.adm.crans.org
mailman.adm.crans.org
[mtail]
gulp.cachan-adm.crans.org
tealc.adm.crans.org
[mirror_backend]
charybde.cachan-adm.crans.org
eclat.adm.crans.org
[mirror_frontend]
charybde.cachan-adm.crans.org
tealc.adm.crans.org
[nginx]
@ -157,7 +151,6 @@ wiki
[ntp_server]
charybde.cachan-adm.crans.org
eclat.adm.crans.org
terenez.cachan-adm.crans.org
[opendkim:children]
mailman
@ -173,11 +166,9 @@ ovh_physical
[postgres]
tealc.adm.crans.org
gulp.cachan-adm.crans.org
[postgres:children]
virtu_adm
virtu_cachan
[prefix_delegation]
routeur-sam.adm.crans.org
@ -189,27 +180,21 @@ helloworld.adm.crans.org
[prometheus]
monitoring.adm.crans.org
fyre.cachan-adm.crans.org
[prometheus_alertmanager]
monitoring.adm.crans.org
[radius]
routeur-gulp.cachan-adm.crans.org
[radvd:children]
routeurs_vm
[re2o]
# re2o.adm.crans.org
re2o.cachan-adm.crans.org
re2o.adm.crans.org
[re2o:children]
radius
[re2o_front]
# re2o.adm.crans.org
re2o.cachan-adm.crans.org
re2o.adm.crans.org
[re2o_ldap_replica]
re2o-dev.adm.crans.org
@ -217,7 +202,6 @@ yson-partou.adm.crans.org
[reverseproxy]
hodaur.adm.crans.org
rodauh.cachan-adm.crans.org
sputnik.adm.crans.org
[reverseproxy:children]
@ -226,43 +210,30 @@ gitlab
[roundcube]
roundcube.adm.crans.org
[routeurs_cachan]
routeur-gulp.cachan-adm.crans.org
[routeurs_vm]
routeur-daniel.adm.crans.org
routeur-jack.adm.crans.org
routeur-sam.adm.crans.org
[routeurs_vm:children]
routeurs_cachan
[rsyncd]
charybde.cachan-adm.crans.org
eclat.adm.crans.org
[rsyslog_server]
gulp.cachan-adm.crans.org
tealc.adm.crans.org
[snmp]
monitoring.adm.crans.org
helloworld.adm.crans.org
[unifi]
unifi.cachan-adm.crans.org
[slapd]
tealc.adm.crans.org
sam.adm.crans.org
daniel.adm.crans.org
jack.adm.crans.org
sputnik.adm.crans.org
gulp.cachan-adm.crans.org
[sssd]
zamok.adm.crans.org
zamok-tmtc.adm.crans.org
[thelounge]
irc.adm.crans.org
@ -281,52 +252,29 @@ sam.adm.crans.org
[virtu:children]
virtu_adh
virtu_adm
virtu_cachan
[virtu_cachan]
gulp.cachan-adm.crans.org
[vsftpd_mirror]
charybde.cachan-adm.crans.org
eclat.adm.crans.org
ptf.adm.crans.org
[vsftpd_cameras]
zephir.cachan-adm.crans.org
[wiki]
kiwi.adm.crans.org
sputnik.adm.crans.org
[wireguard]
boeing.adm.crans.org
charybde.cachan-adm.crans.org
sputnik.adm.crans.org
terenez.cachan-adm.crans.org
vol447.adm.crans.org
[cachan:children]
cachan_physical
cachan_vm
[cachan_physical]
charybde.cachan-adm.crans.org
omnomnom.cachan-adm.crans.org
zephir.cachan-adm.crans.org
[cachan_physical:children]
virtu_cachan
[cachan_vm]
fyre.cachan-adm.crans.org
re2o.cachan-adm.crans.org
re2o-ldap.cachan-adm.crans.org
rodauh.cachan-adm.crans.org
terenez.cachan-adm.crans.org
# unifi.cachan-adm.crans.org
[cachan_vm:children]
routeurs_cachan
[crans_routeurs:children]
routeurs_vm
@ -386,7 +334,6 @@ voyager.adm.crans.org
yson-partou.adm.crans.org
[crans_vm:children]
cachan_vm
routeurs_vm
[ovh_physical]

6
plays/firewall.yml
View File

@ -1,13 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: routeurs_vm !routeur-gulp.cachan-adm.crans.org
- hosts: routeurs_vm
roles:
- logall
- hosts: routeur-gulp.cachan-adm.crans.org
roles:
- logall-cachan
- hosts: firewall
vars:
service: "{{ glob_service_firewall | default({}) | combine(loc_service_firewall | default({})) }}"

2
plays/root.yml
View File

@ -21,7 +21,7 @@
roles:
- ldap-client
- hosts: server,!ovh_physical,!tealc.adm.crans.org,!gulp.cachan-adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org
- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org
vars:
nfs_mount: "{{ glob_home_nounou | default({}) | combine(loc_home_nounou | default({})) }}"
roles: