pleasing erdnaxe and yamllint
parent
a8bf67f18e
commit
afbc9f2b58
|
|
@ -2,6 +2,5 @@
|
||||||
extends: default
|
extends: default
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
line-length:
|
line-length: disable
|
||||||
level: warning
|
|
||||||
...
|
...
|
||||||
|
|
|
||||||
2
all.yml
2
all.yml
|
|
@ -10,7 +10,7 @@
|
||||||
# Common configuration
|
# Common configuration
|
||||||
- import_playbook: plays/mail.yml
|
- import_playbook: plays/mail.yml
|
||||||
- import_playbook: plays/nfs.yml
|
- import_playbook: plays/nfs.yml
|
||||||
#- import_playbook: plays/logs.yml TODO: rsyncd
|
# - import_playbook: plays/logs.yml TODO: rsyncd
|
||||||
- import_playbook: plays/backup.yml # import borgbackup_client/server.yml
|
- import_playbook: plays/backup.yml # import borgbackup_client/server.yml
|
||||||
# - import_playbook: plays/network-interfaces.yml TODO: check this paybook
|
# - import_playbook: plays/network-interfaces.yml TODO: check this paybook
|
||||||
- import_playbook: plays/monitoring.yml
|
- import_playbook: plays/monitoring.yml
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
glob_home_nounou:
|
glob_home_nounou:
|
||||||
mounts:
|
mounts:
|
||||||
- ip: 172.16.10.1
|
- ip: 172.16.10.1
|
||||||
mountpoint: /pool/home
|
mountpoint: /pool/home
|
||||||
target: /home_nounou
|
target: /home_nounou
|
||||||
name: home_nounou
|
name: home_nounou
|
||||||
owner: root
|
owner: root
|
||||||
group: _user
|
group: _user
|
||||||
mode: '0750'
|
mode: '0750'
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_network_interfaces:
|
glob_network_interfaces:
|
||||||
vlan:
|
vlan:
|
||||||
- name: srv
|
- name: srv
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
glob_home_nounou:
|
glob_home_nounou:
|
||||||
mounts:
|
mounts:
|
||||||
- ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
|
- ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
|
||||||
mountpoint: /rpool/home
|
mountpoint: /rpool/home
|
||||||
target: /home_nounou
|
target: /home_nounou
|
||||||
name: home_nounou
|
name: home_nounou
|
||||||
owner: root
|
owner: root
|
||||||
group: _user
|
group: _user
|
||||||
mode: '0750'
|
mode: '0750'
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_network_interfaces:
|
glob_network_interfaces:
|
||||||
vlan:
|
vlan:
|
||||||
- name: cachan_srv
|
- name: cachan_srv
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,13 @@
|
||||||
---
|
---
|
||||||
glob_dhcp:
|
glob_dhcp:
|
||||||
global_options:
|
global_options:
|
||||||
- { key: "interface-mtu", value: "1500" }
|
- {key: "interface-mtu", value: "1500"}
|
||||||
global_parameters: []
|
global_parameters: []
|
||||||
|
|
||||||
glob_service_dhcp:
|
glob_service_dhcp:
|
||||||
name: dhcp
|
name: dhcp
|
||||||
install_dir: /var/local/services/dhcp
|
install_dir: /var/local/services/dhcp
|
||||||
generated: yes
|
generated: true
|
||||||
cron:
|
cron:
|
||||||
frequency: "*/2 * * * *"
|
frequency: "*/2 * * * *"
|
||||||
options: -q
|
options: -q
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_dovecot:
|
glob_dovecot:
|
||||||
ldap:
|
ldap:
|
||||||
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ipv4 | first }}/"
|
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ipv4 | first }}/"
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
|
---
|
||||||
glob_ethercalc:
|
glob_ethercalc:
|
||||||
ip: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
ip: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_etherpad:
|
glob_etherpad:
|
||||||
instances:
|
instances:
|
||||||
- name: etherpad-lite
|
- name: etherpad-lite
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_service_firewall:
|
glob_service_firewall:
|
||||||
name: firewall
|
name: firewall
|
||||||
install_dir: /var/local/services/firewall
|
install_dir: /var/local/services/firewall
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_framadate:
|
glob_framadate:
|
||||||
contact: contact@crans.org
|
contact: contact@crans.org
|
||||||
automatic_response: no-reply@crans.org
|
automatic_response: no-reply@crans.org
|
||||||
|
|
@ -8,4 +9,3 @@ glob_framadate:
|
||||||
admin_username: framadate
|
admin_username: framadate
|
||||||
admin_password: "{{ vault.framadate_password }}"
|
admin_password: "{{ vault.framadate_password }}"
|
||||||
db_password: "{{ vault.framadate_password_db }}"
|
db_password: "{{ vault.framadate_password_db }}"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_horde:
|
glob_horde:
|
||||||
secret: '{{ vault.horde_secret }}'
|
secret: '{{ vault.horde_secret }}'
|
||||||
imap: imap.adm.crans.org
|
imap: imap.adm.crans.org
|
||||||
|
|
@ -13,10 +14,10 @@ glob_horde:
|
||||||
- "'erdnaxe'"
|
- "'erdnaxe'"
|
||||||
redirection: https://wiki.crans.org/VieCrans/PagesDeDeconnexion/ERR_CHOOSE_WEBMAIL
|
redirection: https://wiki.crans.org/VieCrans/PagesDeDeconnexion/ERR_CHOOSE_WEBMAIL
|
||||||
src_hostname: horde.crans.org
|
src_hostname: horde.crans.org
|
||||||
dest_hostname : webmail.crans.org
|
dest_hostname: webmail.crans.org
|
||||||
admin_src_hostname : horde.adm.crans.org
|
admin_src_hostname: horde.adm.crans.org
|
||||||
admin_dest_hostname : webmail.adm.crans.org
|
admin_dest_hostname: webmail.adm.crans.org
|
||||||
zone_ipv4 : 172.16.10.0/24
|
zone_ipv4: 172.16.10.0/24
|
||||||
zone_ipv6 : fd00:0:0:10::/64
|
zone_ipv6: fd00:0:0:10::/64
|
||||||
ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
||||||
ipv6: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv6 | first }}"
|
ipv6: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv6 | first }}"
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ glob_keepalived:
|
||||||
VI_ALL:
|
VI_ALL:
|
||||||
password: "{{ vault.keepalived.password }}"
|
password: "{{ vault.keepalived.password }}"
|
||||||
id: 60
|
id: 60
|
||||||
ipv6: yes
|
ipv6: true
|
||||||
notify: /var/local/services/keepalived/keepalived.py
|
notify: /var/local/services/keepalived/keepalived.py
|
||||||
zones:
|
zones:
|
||||||
- vlan: via
|
- vlan: via
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_ftpsync:
|
glob_ftpsync:
|
||||||
root: /mirror/pub
|
root: /mirror/pub
|
||||||
mirror:
|
mirror:
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_postgres:
|
glob_postgres:
|
||||||
subnets:
|
subnets:
|
||||||
- 172.16.10.0/24
|
- 172.16.10.0/24
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ glob_freeradius:
|
||||||
ipv6: 2001:bc8:273e::1
|
ipv6: 2001:bc8:273e::1
|
||||||
secret: '{{ vault.radius_secret.federez }}'
|
secret: '{{ vault.radius_secret.federez }}'
|
||||||
server: radius-wifi
|
server: radius-wifi
|
||||||
|
|
||||||
loc_certbot:
|
loc_certbot:
|
||||||
- mail: root@crans.org
|
- mail: root@crans.org
|
||||||
certname: crans.org
|
certname: crans.org
|
||||||
|
|
|
||||||
|
|
@ -1 +1,2 @@
|
||||||
|
---
|
||||||
glob_radvd: {}
|
glob_radvd: {}
|
||||||
|
|
|
||||||
|
|
@ -17,8 +17,8 @@ glob_re2o:
|
||||||
uri: "ldap://re2o-ldap.adm.crans.org/"
|
uri: "ldap://re2o-ldap.adm.crans.org/"
|
||||||
dn: "cn=admin,dc=crans,dc=org"
|
dn: "cn=admin,dc=crans,dc=org"
|
||||||
database:
|
database:
|
||||||
password: "{{ vault.re2o_db_password }}"
|
password: "{{ vault.re2o_db_password }}"
|
||||||
uri: "172.16.10.1"
|
uri: "172.16.10.1"
|
||||||
optional_apps:
|
optional_apps:
|
||||||
- api
|
- api
|
||||||
- captcha
|
- captcha
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@ glob_re2o_front:
|
||||||
server_names:
|
server_names:
|
||||||
- "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
|
- "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
|
||||||
- "[{{ query('ldap', 'ip', 'c3po', 'adm') | ipv6 | first }}]"
|
- "[{{ query('ldap', 'ip', 'c3po', 'adm') | ipv6 | first }}]"
|
||||||
# - "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
|
# - "{{ query('ldap', 'ip', 're2o', 'adm') | ipv4 | first }}"
|
||||||
# - "[{{ query('ldap', 'ip', 're2o', 'adm') | ipv6 | first }}]"
|
# - "[{{ query('ldap', 'ip', 're2o', 'adm') | ipv6 | first }}]"
|
||||||
- re2o.adm.crans.org
|
- re2o.adm.crans.org
|
||||||
- intranet.adm.crans.org
|
- intranet.adm.crans.org
|
||||||
- re2o.crans.org
|
- re2o.crans.org
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
loc_certbot:
|
loc_certbot:
|
||||||
- mail: root@crans.org
|
- mail: root@crans.org
|
||||||
certname: crans.org
|
certname: crans.org
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_roundcube:
|
glob_roundcube:
|
||||||
name: Crans
|
name: Crans
|
||||||
imap_server: owl.adm.crans.org
|
imap_server: owl.adm.crans.org
|
||||||
|
|
|
||||||
|
|
@ -9,4 +9,3 @@ glob_rsyncd:
|
||||||
path: /pool/mirror/pub/videolan
|
path: /pool/mirror/pub/videolan
|
||||||
comment: VideoLAN repository
|
comment: VideoLAN repository
|
||||||
hosts_allow: "*"
|
hosts_allow: "*"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_ntp_client:
|
glob_ntp_client:
|
||||||
servers:
|
servers:
|
||||||
- ntp.adm.crans.org
|
- ntp.adm.crans.org
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_sssd:
|
glob_sssd:
|
||||||
primary:
|
primary:
|
||||||
domain: tealc.adm.crans.org
|
domain: tealc.adm.crans.org
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
glob_thelounge:
|
glob_thelounge:
|
||||||
public: "false"
|
public: "false"
|
||||||
host: "undefined"
|
host: "undefined"
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
|
---
|
||||||
interfaces:
|
interfaces:
|
||||||
adm: eth0
|
adm: eth0
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
interfaces:
|
interfaces:
|
||||||
adm: eth0
|
adm: eth0
|
||||||
srv_nat: eth1
|
srv_nat: eth1
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,5 @@ loc_slapd:
|
||||||
|
|
||||||
loc_postgres:
|
loc_postgres:
|
||||||
version: 11
|
version: 11
|
||||||
replica: yes
|
replica: true
|
||||||
addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
|
addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ loc_prometheus:
|
||||||
- job_name: servers
|
- job_name: servers
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_node.json'
|
- '/etc/prometheus/targets_node.json'
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [__address__]
|
||||||
target_label: __param_target
|
target_label: __param_target
|
||||||
|
|
@ -41,7 +41,7 @@ loc_prometheus:
|
||||||
- job_name: ups_snmp
|
- job_name: ups_snmp
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_ups_snmp.json'
|
- '/etc/prometheus/targets_ups_snmp.json'
|
||||||
metrics_path: /snmp
|
metrics_path: /snmp
|
||||||
params:
|
params:
|
||||||
module: [eatonups]
|
module: [eatonups]
|
||||||
|
|
@ -60,7 +60,7 @@ loc_prometheus:
|
||||||
- job_name: unifi_snmp
|
- job_name: unifi_snmp
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_unifi_snmp.json'
|
- '/etc/prometheus/targets_unifi_snmp.json'
|
||||||
metrics_path: /snmp
|
metrics_path: /snmp
|
||||||
params:
|
params:
|
||||||
module: [ubiquiti_unifi]
|
module: [ubiquiti_unifi]
|
||||||
|
|
@ -79,7 +79,7 @@ loc_prometheus:
|
||||||
- job_name: nginx
|
- job_name: nginx
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_nginx.json'
|
- '/etc/prometheus/targets_nginx.json'
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [__address__]
|
||||||
target_label: instance
|
target_label: instance
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ loc_postgres:
|
||||||
- fd00:0:0:3010::/64
|
- fd00:0:0:3010::/64
|
||||||
version: 11
|
version: 11
|
||||||
hosts:
|
hosts:
|
||||||
- { db: re2o, user: re2o }
|
- {db: re2o, user: re2o}
|
||||||
addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
|
addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
|
||||||
backup:
|
backup:
|
||||||
dir: /var/local/db-backup
|
dir: /var/local/db-backup
|
||||||
|
|
|
||||||
|
|
@ -42,20 +42,20 @@ loc_inspircd:
|
||||||
nick: PEB
|
nick: PEB
|
||||||
email: root@crans.org
|
email: root@crans.org
|
||||||
bind:
|
bind:
|
||||||
- address: 185.230.79.11
|
- address: 185.230.79.11
|
||||||
type: clients
|
type: clients
|
||||||
clair: 6667
|
clair: 6667
|
||||||
ssl: 6697
|
ssl: 6697
|
||||||
- address: 2a0c:700:2::ff:fe01:2902
|
- address: 2a0c:700:2::ff:fe01:2902
|
||||||
type: clients
|
type: clients
|
||||||
clair: 6667
|
clair: 6667
|
||||||
ssl: 6697
|
ssl: 6697
|
||||||
- address : 172.16.10.129
|
- address: 172.16.10.129
|
||||||
type: clients
|
type: clients
|
||||||
clair: 6667
|
clair: 6667
|
||||||
- address: 127.0.0.1
|
- address: 127.0.0.1
|
||||||
type: servers
|
type: servers
|
||||||
clair: 6668
|
clair: 6668
|
||||||
connect:
|
connect:
|
||||||
- name: zamok
|
- name: zamok
|
||||||
allows:
|
allows:
|
||||||
|
|
@ -79,7 +79,7 @@ loc_inspircd:
|
||||||
ipv6: fd00::10:ff:fe01:2110/128
|
ipv6: fd00::10:ff:fe01:2110/128
|
||||||
threshold: 10
|
threshold: 10
|
||||||
commandrate: 10000
|
commandrate: 10000
|
||||||
modes: yes
|
modes: true
|
||||||
dns: 185.230.79.62
|
dns: 185.230.79.62
|
||||||
services:
|
services:
|
||||||
name: services.irc.crans.org
|
name: services.irc.crans.org
|
||||||
|
|
@ -87,8 +87,6 @@ loc_inspircd:
|
||||||
recvpass: "{{ vault.irc_anope_recvpass }}"
|
recvpass: "{{ vault.irc_anope_recvpass }}"
|
||||||
sendpass: "{{ vault.irc_anope_sendpass }}"
|
sendpass: "{{ vault.irc_anope_sendpass }}"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
loc_anope:
|
loc_anope:
|
||||||
recvpass: "{{ vault.irc_anope_recvpass }}"
|
recvpass: "{{ vault.irc_anope_recvpass }}"
|
||||||
sendpass: "{{ vault.irc_anope_sendpass }}"
|
sendpass: "{{ vault.irc_anope_sendpass }}"
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,5 @@ loc_slapd:
|
||||||
|
|
||||||
loc_postgres:
|
loc_postgres:
|
||||||
version: 11
|
version: 11
|
||||||
replica: yes
|
replica: true
|
||||||
addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
|
addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
interfaces:
|
interfaces:
|
||||||
adm: eth0
|
adm: eth0
|
||||||
srv_nat: eth1
|
srv_nat: eth1
|
||||||
|
|
@ -10,7 +11,7 @@ loc_prometheus:
|
||||||
- job_name: servers
|
- job_name: servers
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_node.json'
|
- '/etc/prometheus/targets_node.json'
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [__address__]
|
||||||
target_label: __param_target
|
target_label: __param_target
|
||||||
|
|
@ -27,7 +28,7 @@ loc_prometheus:
|
||||||
- job_name: nginx
|
- job_name: nginx
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_nginx.json'
|
- '/etc/prometheus/targets_nginx.json'
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [__address__]
|
||||||
target_label: instance
|
target_label: instance
|
||||||
|
|
@ -63,7 +64,7 @@ loc_prometheus:
|
||||||
- job_name: blackbox
|
- job_name: blackbox
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_blackbox.json'
|
- '/etc/prometheus/targets_blackbox.json'
|
||||||
metrics_path: /probe
|
metrics_path: /probe
|
||||||
params:
|
params:
|
||||||
module: [http_2xx] # Look for a HTTP 200 response.
|
module: [http_2xx] # Look for a HTTP 200 response.
|
||||||
|
|
@ -89,22 +90,3 @@ loc_prometheus:
|
||||||
- source_labels: [instance]
|
- source_labels: [instance]
|
||||||
target_label: __address__
|
target_label: __address__
|
||||||
replacement: '$1:3903'
|
replacement: '$1:3903'
|
||||||
|
|
||||||
|
|
||||||
# apache:
|
|
||||||
# targets:
|
|
||||||
# config:
|
|
||||||
# - job_name: apache
|
|
||||||
# file_sd_configs:
|
|
||||||
# - files:
|
|
||||||
# - '/etc/prometheus/targets_apache.json'
|
|
||||||
# relabel_configs:
|
|
||||||
# - source_labels: [__address__]
|
|
||||||
# target_label: instance
|
|
||||||
# - source_labels: [instance]
|
|
||||||
# target_label: __address__
|
|
||||||
# replacement: '$1:9117'
|
|
||||||
|
|
||||||
# bird_targets:
|
|
||||||
# - routeur-sam.adm.crans.org
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,4 +8,3 @@ loc_ldap:
|
||||||
base_dn: "cn=admin,dc=crans,dc=org"
|
base_dn: "cn=admin,dc=crans,dc=org"
|
||||||
password: "{{ vault.ldap_master_password }}"
|
password: "{{ vault.ldap_master_password }}"
|
||||||
uri: "ldap://172.16.10.157"
|
uri: "ldap://172.16.10.157"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,8 +30,8 @@ loc_re2o:
|
||||||
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
|
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
|
||||||
dn: "cn=admin,dc=crans,dc=org"
|
dn: "cn=admin,dc=crans,dc=org"
|
||||||
database:
|
database:
|
||||||
password: "{{ vault.re2o_db_password }}"
|
password: "{{ vault.re2o_db_password }}"
|
||||||
uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
|
uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
|
||||||
|
|
||||||
loc_nginx:
|
loc_nginx:
|
||||||
real_ip_from:
|
real_ip_from:
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
loc_dhcp:
|
loc_dhcp:
|
||||||
authoritative: True
|
authoritative: true
|
||||||
subnets:
|
subnets:
|
||||||
- network: "185.230.78.0/24"
|
- network: "185.230.78.0/24"
|
||||||
deny_unknown: True
|
deny_unknown: true
|
||||||
vlan: "adh"
|
vlan: "adh"
|
||||||
default_lease_time: "600"
|
default_lease_time: "600"
|
||||||
max_lease_time: "7200"
|
max_lease_time: "7200"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
loc_radvd:
|
loc_radvd:
|
||||||
subnets:
|
subnets:
|
||||||
- name: adh
|
- name: adh
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
loc_dhcp:
|
loc_dhcp:
|
||||||
authoritative: True
|
authoritative: true
|
||||||
subnets:
|
subnets:
|
||||||
- network: "185.230.76.0/26"
|
- network: "185.230.76.0/26"
|
||||||
deny_unknown: True
|
deny_unknown: true
|
||||||
vlan: "cachan_adh"
|
vlan: "cachan_adh"
|
||||||
default_lease_time: "600"
|
default_lease_time: "600"
|
||||||
max_lease_time: "7200"
|
max_lease_time: "7200"
|
||||||
|
|
@ -14,7 +14,7 @@ loc_dhcp:
|
||||||
options: []
|
options: []
|
||||||
lease_file: "/var/local/services/dhcp/generated/dhcp.cachan-adh.crans.org.list"
|
lease_file: "/var/local/services/dhcp/generated/dhcp.cachan-adh.crans.org.list"
|
||||||
- network: "100.64.0.0/16"
|
- network: "100.64.0.0/16"
|
||||||
deny_unknown: True
|
deny_unknown: true
|
||||||
vlan: "adh_nat"
|
vlan: "adh_nat"
|
||||||
default_lease_time: "600"
|
default_lease_time: "600"
|
||||||
max_lease_time: "7200"
|
max_lease_time: "7200"
|
||||||
|
|
@ -25,7 +25,7 @@ loc_dhcp:
|
||||||
options: []
|
options: []
|
||||||
lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
|
lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
|
||||||
- network: "172.16.32.0/22"
|
- network: "172.16.32.0/22"
|
||||||
deny_unknown: True
|
deny_unknown: true
|
||||||
vlan: "infra"
|
vlan: "infra"
|
||||||
default_lease_time: "600"
|
default_lease_time: "600"
|
||||||
max_lease_time: "7200"
|
max_lease_time: "7200"
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ loc_re2o:
|
||||||
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
|
uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
|
||||||
dn: "cn=admin,dc=crans,dc=org"
|
dn: "cn=admin,dc=crans,dc=org"
|
||||||
database:
|
database:
|
||||||
password: "{{ vault.re2o_db_password }}"
|
password: "{{ vault.re2o_db_password }}"
|
||||||
uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
|
uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
|
||||||
|
|
||||||
optional_apps: []
|
optional_apps: []
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ loc_radvd:
|
||||||
- 2a0c:700:254::ff:fe00:99fe
|
- 2a0c:700:254::ff:fe00:99fe
|
||||||
- name: infra
|
- name: infra
|
||||||
prefix: fd00:0:0:11::/64
|
prefix: fd00:0:0:11::/64
|
||||||
no_gateway: yes
|
no_gateway: true
|
||||||
dnssl: infra.crans.org
|
dnssl: infra.crans.org
|
||||||
dns:
|
dns:
|
||||||
- fd00::11:0:ff:fe00:9911
|
- fd00::11:0:ff:fe00:9911
|
||||||
|
|
|
||||||
|
|
@ -8,4 +8,3 @@ interfaces:
|
||||||
infra: ens1
|
infra: ens1
|
||||||
zayo: ens2
|
zayo: ens2
|
||||||
federez: enp1s3
|
federez: enp1s3
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
loc_dhcp:
|
loc_dhcp:
|
||||||
authoritative: True
|
authoritative: true
|
||||||
subnets:
|
subnets:
|
||||||
- network: "185.230.78.0/24"
|
- network: "185.230.78.0/24"
|
||||||
deny_unknown: True
|
deny_unknown: true
|
||||||
vlan: "adh"
|
vlan: "adh"
|
||||||
default_lease_time: "600"
|
default_lease_time: "600"
|
||||||
max_lease_time: "7200"
|
max_lease_time: "7200"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
loc_radvd:
|
loc_radvd:
|
||||||
subnets:
|
subnets:
|
||||||
- name: adh
|
- name: adh
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
loc_dhcp:
|
loc_dhcp:
|
||||||
authoritative: True
|
authoritative: true
|
||||||
subnets:
|
subnets:
|
||||||
- network: "185.230.78.0/24"
|
- network: "185.230.78.0/24"
|
||||||
deny_unknown: True
|
deny_unknown: true
|
||||||
vlan: "adh"
|
vlan: "adh"
|
||||||
default_lease_time: "600"
|
default_lease_time: "600"
|
||||||
max_lease_time: "7200"
|
max_lease_time: "7200"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
loc_radvd:
|
loc_radvd:
|
||||||
subnets:
|
subnets:
|
||||||
- name: adh
|
- name: adh
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,5 @@ loc_slapd:
|
||||||
|
|
||||||
loc_postgres:
|
loc_postgres:
|
||||||
version: 11
|
version: 11
|
||||||
replica: yes
|
replica: true
|
||||||
addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
|
addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ loc_nginx:
|
||||||
servers:
|
servers:
|
||||||
- server_name:
|
- server_name:
|
||||||
- "wiki2.crans.org"
|
- "wiki2.crans.org"
|
||||||
ssl : "crans.org"
|
ssl: "crans.org"
|
||||||
access_log: "/var/log/nginx/wiki.log combined"
|
access_log: "/var/log/nginx/wiki.log combined"
|
||||||
error_log: "/var/log/nginx/wiki.error.log"
|
error_log: "/var/log/nginx/wiki.error.log"
|
||||||
additional_params:
|
additional_params:
|
||||||
|
|
|
||||||
|
|
@ -1,29 +1,30 @@
|
||||||
|
---
|
||||||
loc_postgres:
|
loc_postgres:
|
||||||
version: 11
|
version: 11
|
||||||
hosts:
|
hosts:
|
||||||
- db: etherpad
|
- db: etherpad
|
||||||
user: crans
|
user: crans
|
||||||
map: { name: etherpad, system: etherpad, pg: crans }
|
map: {name: etherpad, system: etherpad, pg: crans}
|
||||||
- db: etherpad_tmp
|
- db: etherpad_tmp
|
||||||
user: crans
|
user: crans
|
||||||
map: { name: etherpad_tmp, system: etherpad, pg: crans }
|
map: {name: etherpad_tmp, system: etherpad, pg: crans}
|
||||||
- db: horde5
|
- db: horde5
|
||||||
user: www-data
|
user: www-data
|
||||||
map: { name: horde, system: www-data, pg: www-data }
|
map: {name: horde, system: www-data, pg: www-data}
|
||||||
- db: roundcube
|
- db: roundcube
|
||||||
user: roundcube
|
user: roundcube
|
||||||
map: { name: webmail, system: www-data, pg: roundcube }
|
map: {name: webmail, system: www-data, pg: roundcube}
|
||||||
- { db: owncloud, user: owncloud }
|
- {db: owncloud, user: owncloud}
|
||||||
- { db: cas, user: cas }
|
- {db: cas, user: cas}
|
||||||
- { db: hedgedoc, user: hedgedoc }
|
- {db: hedgedoc, user: hedgedoc}
|
||||||
- { db: sqlgrey, user: sqlgrey, method: ident }
|
- {db: sqlgrey, user: sqlgrey, method: ident}
|
||||||
- { db: re2o, user: re2o }
|
- {db: re2o, user: re2o}
|
||||||
- { db: re2o_test, user: re2o }
|
- {db: re2o_test, user: re2o}
|
||||||
- { db: constellation-dev, user: constellation-dev }
|
- {db: constellation-dev, user: constellation-dev}
|
||||||
- { db: mailman3, user: mailman3 }
|
- {db: mailman3, user: mailman3}
|
||||||
- { db: mailman3web, user: mailman3web }
|
- {db: mailman3web, user: mailman3web}
|
||||||
- { db: all, user: all, subnets: ['127.0.0.1/32','::1/128'], local: yes }
|
- {db: all, user: all, subnets: ['127.0.0.1/32', '::1/128'], local: true}
|
||||||
- { db: replication, user: replication, local: yes }
|
- {db: replication, user: replication, local: true}
|
||||||
addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"
|
addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ipaddr('address') }}"
|
||||||
backup:
|
backup:
|
||||||
dir: /var/local/db-backup
|
dir: /var/local/db-backup
|
||||||
|
|
@ -78,7 +79,7 @@ loc_nginx:
|
||||||
locations:
|
locations:
|
||||||
- filter: "/"
|
- filter: "/"
|
||||||
params:
|
params:
|
||||||
- "autoindex on"
|
- "autoindex on"
|
||||||
- "autoindex_exact_size off"
|
- "autoindex_exact_size off"
|
||||||
- "add_before_body /.html/HEADER.html"
|
- "add_before_body /.html/HEADER.html"
|
||||||
- "add_after_body /.html/FOOTER.html"
|
- "add_after_body /.html/FOOTER.html"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
interfaces:
|
interfaces:
|
||||||
adm: ens18
|
adm: ens18
|
||||||
srv_nat: ens19
|
srv_nat: ens19
|
||||||
|
|
|
||||||
|
|
@ -40,8 +40,8 @@
|
||||||
- prometheus-nginx-exporter
|
- prometheus-nginx-exporter
|
||||||
|
|
||||||
# Monitor mailq with a special text exporter
|
# Monitor mailq with a special text exporter
|
||||||
#- hosts: redisdead.adm.crans.org
|
# - hosts: redisdead.adm.crans.org
|
||||||
# roles: ["prometheus-node-exporter-postfix"]
|
# roles: ["prometheus-node-exporter-postfix"]
|
||||||
|
|
||||||
# Monitor logs with mtail
|
# Monitor logs with mtail
|
||||||
- hosts: mtail
|
- hosts: mtail
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,6 @@
|
||||||
---
|
---
|
||||||
- hosts: crans_vm,!routeurs_vm
|
- hosts: crans_vm,!routeurs_vm
|
||||||
vars:
|
vars:
|
||||||
network_interfaces: "{{ glob_network_interfaces | default({}) | combine(loc_network_interfaces | default({})) }}"
|
network_interfaces: "{{ glob_network_interfaces | default({}) | combine(loc_network_interfaces | default({})) }}"
|
||||||
roles:
|
roles:
|
||||||
- network-interfaces
|
- network-interfaces
|
||||||
|
|
|
||||||
|
|
@ -8,5 +8,5 @@
|
||||||
adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}'
|
adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}'
|
||||||
roles:
|
roles:
|
||||||
- zamok-tools
|
- zamok-tools
|
||||||
# - postfix
|
# - postfix
|
||||||
- prometheus-node-exporter-postfix
|
- prometheus-node-exporter-postfix
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Create base directory
|
- name: Create base directory
|
||||||
file:
|
file:
|
||||||
path: "{{ autoconfig.path }}/mail"
|
path: "{{ autoconfig.path }}/mail"
|
||||||
|
|
|
||||||
|
|
@ -11,9 +11,9 @@
|
||||||
|
|
||||||
- name: Create borgbackup user
|
- name: Create borgbackup user
|
||||||
user:
|
user:
|
||||||
create_home: yes
|
create_home: true
|
||||||
home: '/var/lib/borg/'
|
home: '/var/lib/borg/'
|
||||||
system: yes
|
system: true
|
||||||
state: present
|
state: present
|
||||||
update_password: always
|
update_password: always
|
||||||
name: borg
|
name: borg
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: utmp
|
group: utmp
|
||||||
mode: '4755'
|
mode: '4755'
|
||||||
check_mode: no
|
check_mode: false
|
||||||
|
|
||||||
- name: Deploy screen tmpfile
|
- name: Deploy screen tmpfile
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
git:
|
git:
|
||||||
repo: '{{ django_cas.repo }}'
|
repo: '{{ django_cas.repo }}'
|
||||||
dest: '{{ django_cas.path }}'
|
dest: '{{ django_cas.path }}'
|
||||||
force: yes
|
force: true
|
||||||
version: master
|
version: master
|
||||||
umask: '002'
|
umask: '002'
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,4 @@
|
||||||
- name: Restart dovecot
|
- name: Restart dovecot
|
||||||
service:
|
service:
|
||||||
name: dovecot
|
name: dovecot
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Install dovecot
|
- name: Install dovecot
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
@ -23,4 +24,4 @@
|
||||||
- conf.d/10-ssl.conf
|
- conf.d/10-ssl.conf
|
||||||
- conf.d/auth-system.conf.ext
|
- conf.d/auth-system.conf.ext
|
||||||
- dovecot-ldap.conf.ext
|
- dovecot-ldap.conf.ext
|
||||||
notify: Restart dovecot
|
notify: Restart dovecot
|
||||||
|
|
|
||||||
|
|
@ -4,5 +4,3 @@
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
loop: "{{ etherpad.instances }}"
|
loop: "{{ etherpad.instances }}"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
- php-mbstring
|
- php-mbstring
|
||||||
- php-mysql
|
- php-mysql
|
||||||
- composer
|
- composer
|
||||||
- python3-passlib # Necessary for htpasswd module
|
- python3-passlib # Necessary for htpasswd module
|
||||||
- python3-pymysql
|
- python3-pymysql
|
||||||
- mariadb-server
|
- mariadb-server
|
||||||
register: apt_result
|
register: apt_result
|
||||||
|
|
|
||||||
|
|
@ -44,21 +44,21 @@
|
||||||
src: /var/www/re2o/freeradius_utils/auth.py
|
src: /var/www/re2o/freeradius_utils/auth.py
|
||||||
dest: /etc/freeradius/3.0/auth.py
|
dest: /etc/freeradius/3.0/auth.py
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: true
|
||||||
notify: Restart freeradius
|
notify: Restart freeradius
|
||||||
|
|
||||||
- name: Ensure ${certdir}/letsencrypt directory exists
|
- name: Ensure ${certdir}/letsencrypt directory exists
|
||||||
file:
|
file:
|
||||||
path: /etc/freeradius/3.0/certs/letsencrypt
|
path: /etc/freeradius/3.0/certs/letsencrypt
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
|
|
||||||
- name: Symlink radius certificates
|
- name: Symlink radius certificates
|
||||||
file:
|
file:
|
||||||
src: /etc/letsencrypt/live/crans.org/{{ item }}
|
src: /etc/letsencrypt/live/crans.org/{{ item }}
|
||||||
dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }}
|
dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }}
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: true
|
||||||
loop:
|
loop:
|
||||||
- fullchain.pem
|
- fullchain.pem
|
||||||
- privkey.pem
|
- privkey.pem
|
||||||
|
|
@ -68,7 +68,7 @@
|
||||||
path: /etc/letsencrypt/{{ item }}
|
path: /etc/letsencrypt/{{ item }}
|
||||||
group: freerad
|
group: freerad
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
recurse: yes
|
recurse: true
|
||||||
loop:
|
loop:
|
||||||
- live
|
- live
|
||||||
- archive
|
- archive
|
||||||
|
|
|
||||||
|
|
@ -75,8 +75,8 @@
|
||||||
- name: Enable systemd unit
|
- name: Enable systemd unit
|
||||||
systemd:
|
systemd:
|
||||||
name: galene
|
name: galene
|
||||||
enabled: yes
|
enabled: true
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
- name: Indicate role in motd
|
- name: Indicate role in motd
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,4 @@
|
||||||
---
|
---
|
||||||
#- name: Install InspIRCd
|
|
||||||
|
|
||||||
- name: Deploy InspIRCd configuration
|
- name: Deploy InspIRCd configuration
|
||||||
template:
|
template:
|
||||||
src: "inspircd/{{ item.dest }}.j2"
|
src: "inspircd/{{ item.dest }}.j2"
|
||||||
|
|
@ -9,12 +7,12 @@
|
||||||
owner: irc
|
owner: irc
|
||||||
group: irc
|
group: irc
|
||||||
loop:
|
loop:
|
||||||
- { dest: inspircd.conf, mode: "0644" }
|
- {dest: inspircd.conf, mode: "0644"}
|
||||||
- { dest: links.conf, mode: "0600" }
|
- {dest: links.conf, mode: "0600"}
|
||||||
- { dest: power.conf, mode: "0600" }
|
- {dest: power.conf, mode: "0600"}
|
||||||
- { dest: opers.conf, mode: "0600" }
|
- {dest: opers.conf, mode: "0600"}
|
||||||
- { dest: modules.conf, mode: "0600" }
|
- {dest: modules.conf, mode: "0600"}
|
||||||
- { dest: inspircd.motd, mode: "0644" }
|
- {dest: inspircd.motd, mode: "0644"}
|
||||||
notify: Reload InspIRCd
|
notify: Reload InspIRCd
|
||||||
|
|
||||||
- name: Deploy certificate refresh CRON
|
- name: Deploy certificate refresh CRON
|
||||||
|
|
|
||||||
|
|
@ -56,4 +56,4 @@
|
||||||
name: keepalived
|
name: keepalived
|
||||||
daemon-reload: true
|
daemon-reload: true
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
#- name: Install linx
|
# - name: Install linx
|
||||||
|
|
||||||
- name: Create linx user
|
- name: Create linx user
|
||||||
user:
|
user:
|
||||||
create_home: yes
|
create_home: true
|
||||||
home: /var/lib/linx
|
home: /var/lib/linx
|
||||||
system: yes
|
system: true
|
||||||
state: present
|
state: present
|
||||||
password: "!"
|
password: "!"
|
||||||
update_password: always
|
update_password: always
|
||||||
|
|
|
||||||
|
|
@ -16,11 +16,10 @@
|
||||||
- name: Disable and mask rpcbind.service
|
- name: Disable and mask rpcbind.service
|
||||||
systemd:
|
systemd:
|
||||||
name: rpcbind.service
|
name: rpcbind.service
|
||||||
enabled: no
|
enabled: false
|
||||||
masked: yes
|
masked: true
|
||||||
|
|
||||||
- name:
|
- name:
|
||||||
systemd:
|
systemd:
|
||||||
name: rpcbind.socket
|
name: rpcbind.socket
|
||||||
masked: yes
|
masked: true
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
path: /etc/default/ntp
|
path: /etc/default/ntp
|
||||||
regexp: '^NTPD_OPTS'
|
regexp: '^NTPD_OPTS'
|
||||||
line: NTPD_OPTS='-g -x'
|
line: NTPD_OPTS='-g -x'
|
||||||
check_mode: no
|
check_mode: false
|
||||||
|
|
||||||
- name: Configure NTP
|
- name: Configure NTP
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
name:
|
name:
|
||||||
- gpg
|
- gpg
|
||||||
register: apt_result
|
register: apt_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Install policyd-rate-limit
|
- name: Install policyd-rate-limit
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
@ -17,8 +18,8 @@
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
chmod: 0640
|
chmod: 0640
|
||||||
loop:
|
loop:
|
||||||
- { src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml }
|
- {src: policyd/policyd-rate-limit.yaml.j2, dest: /etc/policyd-rate-limit.yaml}
|
||||||
- { src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit }
|
- {src: policyd/policyd.py.j2, dest: /usr/lib/python3/dist-packages/policyd_rate_limit}
|
||||||
when: postfix.primary
|
when: postfix.primary
|
||||||
|
|
||||||
- name: Indicate role in motd
|
- name: Indicate role in motd
|
||||||
|
|
|
||||||
|
|
@ -46,8 +46,8 @@
|
||||||
owner: postgres
|
owner: postgres
|
||||||
group: postgres
|
group: postgres
|
||||||
loop:
|
loop:
|
||||||
- pg_hba.conf
|
- pg_hba.conf
|
||||||
- pg_ident.conf
|
- pg_ident.conf
|
||||||
notify:
|
notify:
|
||||||
- reload postgresql
|
- reload postgresql
|
||||||
when: 'not(postgres.replica | default(False))'
|
when: 'not(postgres.replica | default(False))'
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@
|
||||||
|
|
||||||
- name: systemctl daemon-reload
|
- name: systemctl daemon-reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,7 @@
|
||||||
|
|
||||||
- name: systemctl daemon-reload
|
- name: systemctl daemon-reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: override.changed
|
when: override.changed
|
||||||
|
|
||||||
- name: Activate prometheus-node-exporter service
|
- name: Activate prometheus-node-exporter service
|
||||||
|
|
|
||||||
|
|
@ -99,11 +99,11 @@
|
||||||
|
|
||||||
- name: Enable LDAPS
|
- name: Enable LDAPS
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/default/slapd
|
path: /etc/default/slapd
|
||||||
regexp: '^SLAPD_SERVICES='
|
regexp: '^SLAPD_SERVICES='
|
||||||
line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
|
line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
|
||||||
notify: Restart slapd
|
notify: Restart slapd
|
||||||
check_mode: no
|
check_mode: false
|
||||||
|
|
||||||
- name: Touch installation marker
|
- name: Touch installation marker
|
||||||
when: not installation.stat.exists
|
when: not installation.stat.exists
|
||||||
|
|
|
||||||
|
|
@ -21,15 +21,15 @@
|
||||||
owner: openldap
|
owner: openldap
|
||||||
group: openldap
|
group: openldap
|
||||||
loop:
|
loop:
|
||||||
- { dest: slapd.conf, mode: "0600" }
|
- {dest: slapd.conf, mode: "0600"}
|
||||||
- { dest: ldap.key, mode: "0600" }
|
- {dest: ldap.key, mode: "0600"}
|
||||||
- { dest: ldap.pem, mode: "0644" }
|
- {dest: ldap.pem, mode: "0644"}
|
||||||
notify: Restart slapd
|
notify: Restart slapd
|
||||||
|
|
||||||
- name: Deploy ldap services
|
- name: Deploy ldap services
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/default/slapd
|
path: /etc/default/slapd
|
||||||
regexp: '^SLAPD_SERVICES='
|
regexp: '^SLAPD_SERVICES='
|
||||||
line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
|
line: 'SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///"'
|
||||||
notify: Restart slapd
|
notify: Restart slapd
|
||||||
check_mode: no
|
check_mode: false
|
||||||
|
|
|
||||||
|
|
@ -3,13 +3,13 @@
|
||||||
unarchive:
|
unarchive:
|
||||||
src: https://github.com/statping/statping/releases/download/v0.90.74/statping-linux-amd64.tar.gz
|
src: https://github.com/statping/statping/releases/download/v0.90.74/statping-linux-amd64.tar.gz
|
||||||
dest: /usr/local/bin/
|
dest: /usr/local/bin/
|
||||||
remote_src: yes
|
remote_src: true
|
||||||
|
|
||||||
- name: Create statping user
|
- name: Create statping user
|
||||||
user:
|
user:
|
||||||
create_home: yes
|
create_home: true
|
||||||
home: /var/lib/statping
|
home: /var/lib/statping
|
||||||
system: yes
|
system: true
|
||||||
state: present
|
state: present
|
||||||
password: "!"
|
password: "!"
|
||||||
update_password: always
|
update_password: always
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
update_cache: true
|
update_cache: true
|
||||||
name:
|
name:
|
||||||
- apache2
|
- apache2
|
||||||
- bat # Rajouté par shirenn le 10/11/2021
|
- bat # Rajouté par shirenn le 10/11/2021
|
||||||
- bitlbee # Demande du 06/09/2017 17:40 sur #crans
|
- bitlbee # Demande du 06/09/2017 17:40 sur #crans
|
||||||
- byobu
|
- byobu
|
||||||
- cabal-install
|
- cabal-install
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue