crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[apt] MàJ

certbot_on_virtu
_shirenn 2021-06-18 22:39:04 +02:00 committed by Yohann D'ANELLO
parent cf5b232af8
commit d0ff9cc204
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
20 changed files with 33 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
group_vars/all/vars.yaml → group_vars/all/ansible-header.yml
View File

@ -1,5 +1,4 @@
---
# Custom header
dirty: "{% if template_fullpath is defined %}{{ lookup('pipe', 'git diff --quiet -- ' + template_fullpath | quote + ' || echo dirty') }}{% else %}{{ lookup('pipe', 'git diff --quiet || echo dirty') }}{% endif %}"
ansible_header: |
@ -17,45 +16,3 @@ ansible_header: |
{% endif %}
+++++++++++++++++++++++++++++++++++++++++++++++++++
# Crans subnets
adm_subnet: 10.231.136.0/24
# # Role rsync-client
# to_backup:
# - {
# name: "var",
# path: "/var",
# auth_users: "backupcrans",
# secrets_file: "/etc/rsyncd.secrets",
# hosts_allow: ["zephir.adm.crans.org", "10.231.136.6"],
# }
# - {
# name: "slash",
# path: "/",
# auth_users: "backupcrans",
# secrets_file: "/etc/rsyncd.secrets",
# hosts_allow: ["zephir.adm.crans.org", "10.231.136.6"],
# }
#
# re2o:
# server: re2o.adm.crans.org
# service_user: "{{ vault.re2o_service_user }}"
# service_password: "{{ vault.re2o_service_password }}"
#
#
# # global server definitions
glob_smtp: smtp.adm.crans.org
glob_mirror:
name: mirror.adm.crans.org
ip: 172.16.10.30
glob_ldap:
uri: 'ldap://re2o-ldap.adm.crans.org/'
users_base: 'cn=Utilisateurs,dc=crans,dc=org'
servers:
- 172.16.10.1
- 172.16.10.11
- 172.16.10.12
- 172.16.10.13
base: 'dc=crans,dc=org'

10
group_vars/all/ldap.yml 100644
View File

@ -0,0 +1,10 @@
---
glob_ldap:
uri: 'ldap://re2o-ldap.adm.crans.org/'
users_base: 'cn=Utilisateurs,dc=crans,dc=org'
servers:
- 172.16.10.1
- 172.16.10.11
- 172.16.10.12
- 172.16.10.13
base: 'dc=crans,dc=org'

7
group_vars/all/mirror.yml 100644
View File

@ -0,0 +1,7 @@
---
glob_mirror:
hostname: mirror.adm.crans.org
ip: 172.16.10.30
debian_mirror: http://mirror.adm.crans.org/debian
debian_components: main contrib non-free

5
group_vars/ovh/vars.yml
View File

@ -1,5 +0,0 @@
# Parameters for debian and ubuntu mirror
debian_mirror: http://deb.debian.org/debian
ubuntu_mirror: http://deb.debian.org/ubuntu
debian_components: main contrib non-free
ubuntu_components: main restricted universe multiverse

1
group_vars/re2o.yml
View File

@ -11,6 +11,7 @@ glob_re2o:
- 'intranet.crans.org'
- '172.16.10.156'
from_email: "root@crans.org"
smtp_server: smtp.adm.crans.org
ldap:
master_password: "{{ vault.ldap_master_password }}"
uri: "ldap://re2o-ldap.adm.crans.org/"

2
host_vars/airbus.cachan-adm.crans.org.yml
View File

@ -12,7 +12,7 @@ glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

6
host_vars/fyre.cachan-adm.crans.org.yml
View File

@ -15,11 +15,7 @@ loc_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
loc_mirror:
name: mirror.cachan-adm.crans.org
ip: "{{ query('ldap','ip','terenez','cachan-adm') | ipv4 | first }}"
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

2
host_vars/gulp.cachan-adm.crans.org.yml
View File

@ -8,7 +8,7 @@ glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_postgres:
subnets:

6
host_vars/omnomnom.cachan-adm.crans.org.yml
View File

@ -15,11 +15,7 @@ loc_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
loc_mirror:
name: mirror.cachan-adm.crans.org
ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

2
host_vars/re2o-ldap.cachan-adm.crans.org.yml
View File

@ -12,7 +12,7 @@ glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

2
host_vars/re2o.cachan-adm.crans.org.yml
View File

@ -12,7 +12,7 @@ glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
debian_mirror: http://mirror.cachan-adm.crans.org/debian
glob_prometheus_node_exporter:
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"

2
host_vars/rodauh.cachan-adm.crans.org.yml
View File

@ -16,7 +16,7 @@ glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_certbot:
- dns_rfc2136_server: '185.230.79.9'

6
host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
View File

@ -12,11 +12,7 @@ loc_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
loc_mirror:
name: mirror.cachan-adm.crans.org
ip: "{{ query('ldap','ip','terenez','cachan-adm') | ipv4 | first }}"
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

2
host_vars/sputnik.adm.crans.org.yml
View File

@ -1,4 +1,6 @@
---
debian_mirror: http://deb.debian.org/debian
postfix:
primary: false
secondary: true

2
host_vars/terenez.cachan-adm.crans.org.yml
View File

@ -12,7 +12,7 @@ glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

2
host_vars/unifi.cachan-adm.crans.org.yml
View File

@ -17,7 +17,7 @@ glob_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

6
host_vars/zephir.cachan-adm.crans.org.yml
View File

@ -15,11 +15,7 @@ loc_ntp_client:
servers:
- terenez.cachan-adm.crans.org
debian_mirror: http://172.17.10.202/debian
loc_mirror:
name: mirror.cachan-adm.crans.org
ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
debian_mirror: http://mirror.cachan-adm.crans.org/debian
loc_borg:
remote:

18
plays/root.yml
View File

@ -2,24 +2,6 @@
---
# root is the first playbook to launch (as root) whe initiation a new server
- hosts: server
tasks:
- name: Check if mirror.adm is defined in /etc/hosts
lineinfile:
state: absent
path: /etc/hosts
regexp: '^{{ glob_mirror.ip }}'
check_mode: True
changed_when: False
register: check_mirror
- name: Define mirror.adm.crans.org if it doesn't exist.
lineinfile:
path: /etc/hosts
line: '{{ glob_mirror.ip }} {{ glob_mirror.name }}'
insertafter: '127.0.0.1 localhost'
when: check_mirror.found == 0
- hosts: virtu
roles:
- proxmox-apt-sources

18
roles/debian-apt-sources/templates/apt/sources.list.j2
View File

@ -1,4 +1,4 @@
{{ ansible_header | comment }}
{{ ansible_header }}
{% if ansible_distribution == "Debian" %}
# Mises à jour de sécurité
@ -14,19 +14,3 @@ deb {{ debian_mirror }} {{ ansible_distribution_release }} {{ debian_compone
# Dépôt pour mises à jour fréquentes (volatile)
deb {{ debian_mirror }} {{ ansible_distribution_release }}-updates {{ debian_components }}
{% if backports | default(false) %}
# Backports
deb {{ debian_mirror }} {{ ansible_distribution_release }}-backports {{ debian_components }}
{% endif %}
{% elif ansible_distribution == "Ubuntu" %}
# Mises à jour de sécurité
deb {{ ubuntu_mirror }} {{ ansible_distribution_release }}-security {{ ubuntu_components }}
# Dépôt classique
deb {{ ubuntu_mirror }} {{ ansible_distribution_release }} {{ ubuntu_components }}
# Dépôt pour mises à jour fréquentes (volatile)
deb {{ ubuntu_mirror }} {{ ansible_distribution_release }}-updates {{ ubuntu_components }}
{% endif %}

2
roles/re2o/templates/re2o/settings_local.py.j2
View File

@ -63,7 +63,7 @@ LOGO_PATH = "static_files/logo.png"
# The mail configuration for Re2o to send mails
SERVER_EMAIL = '{{ re2o.from_email }}' # The mail address to use
EMAIL_HOST = '{{ glob_smtp }}' # The host to use
EMAIL_HOST = '{{ re2o.smtp_server }}' # The host to use
EMAIL_PORT = 25 # The port to use
# Settings of the LDAP structure