crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

syntaxe dépréciée lookup ldap

mise_a_niveau
korenstin 2024-10-26 11:46:47 +02:00
parent ed6f46102c
commit d75b81fd04
61 changed files with 140 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/home_nounou.yml
View File

@ -1,7 +1,7 @@
--- ---
glob_home_nounou: glob_home_nounou:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" - ip: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"
mountpoint: /pool/home mountpoint: /pool/home
target: /home_nounou target: /home_nounou
name: home_nounou name: home_nounou

8
group_vars/all/ldap.yml
View File

@ -3,8 +3,8 @@ glob_ldap:
uri: 'ldap://yson-partou.adm.crans.org/' uri: 'ldap://yson-partou.adm.crans.org/'
users_base: 'cn=Utilisateurs,dc=crans,dc=org' users_base: 'cn=Utilisateurs,dc=crans,dc=org'
servers: servers:
- "{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" - "{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}"
# - "{{ query('ldap', 'ip4', 'sam', 'adm') }}" # - "{{ lookup('ldap', 'ip4', 'sam', 'adm') }}"
# - "{{ query('ldap', 'ip4', 'daniel', 'adm') }}" # - "{{ lookup('ldap', 'ip4', 'daniel', 'adm') }}"
# - "{{ query('ldap', 'ip4', 'jack', 'adm') }}" # - "{{ lookup('ldap', 'ip4', 'jack', 'adm') }}"
base: 'dc=crans,dc=org' base: 'dc=crans,dc=org'

2
group_vars/all/mirror.yml
View File

@ -1,7 +1,7 @@
--- ---
glob_mirror: glob_mirror:
hostname: mirror.adm.crans.org hostname: mirror.adm.crans.org
ip: "{{ query('ldap', 'ip4', 'eclat', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'eclat', 'adm') }}"
debian_mirror: http://mirror.adm.crans.org/debian debian_mirror: http://mirror.adm.crans.org/debian
ubuntu_mirror: http://mirror.adm.crans.org/ubuntu ubuntu_mirror: http://mirror.adm.crans.org/ubuntu

12
group_vars/all/network_interfaces.yml
View File

@ -3,12 +3,12 @@ glob_network_interfaces:
vlan: vlan:
- name: srv - name: srv
id: 2 id: 2
gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}" gateway: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv') }}"
gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}" gateway_v6: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv') }}"
- name: srv_nat - name: srv_nat
id: 3 id: 3
gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}" gateway: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv-nat') }}"
gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}" gateway_v6: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv-nat') }}"
- name: san - name: san
id: 4 id: 4
extra: extra:
@ -19,14 +19,14 @@ glob_network_interfaces:
- "mtu 9000" - "mtu 9000"
- name: adm - name: adm
id: 10 id: 10
dns: "{{ query('ldap', 'ip4', 'romanesco', 'adm') }}" dns: "{{ lookup('ldap', 'ip4', 'romanesco', 'adm') }}"
- name: adh - name: adh
id: 12 id: 12
- name: adh_adm - name: adh_adm
id: 13 id: 13
- name: renater - name: renater
id: 38 id: 38
gateway: "{{ query('ldap', 'ip4', 'dsi', 'renater') }}" gateway: "{{ lookup('ldap', 'ip4', 'dsi', 'renater') }}"
- name: lp - name: lp
id: 56 id: 56
- name: auto - name: auto

2
group_vars/all/prometheus_nginx_exporter.yaml
View File

@ -1,3 +1,3 @@
--- ---
glob_prometheus_nginx_exporter: glob_prometheus_nginx_exporter:
listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}"

2
group_vars/all/prometheus_node_exporter.yaml
View File

@ -1,3 +1,3 @@
--- ---
glob_prometheus_node_exporter: glob_prometheus_node_exporter:
listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}"

2
group_vars/all/rsyslog_client.yml
View File

@ -1,3 +1,3 @@
--- ---
glob_rsyslog_client: glob_rsyslog_client:
server: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"

2
group_vars/all/ssh_known_hosts.yml
View File

@ -12,4 +12,4 @@ glob_service_ssh_known_hosts:
frequency: "*/10 * * * *" frequency: "*/10 * * * *"
config: config:
ldap: ldap:
server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}"

2
group_vars/aurore/home_nounou.yml
View File

@ -1,7 +1,7 @@
--- ---
loc_home_nounou: loc_home_nounou:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"
mountpoint: /home_nounou mountpoint: /home_nounou
target: /home_nounou target: /home_nounou
name: home_nounou name: home_nounou

2
group_vars/aurore/ldap.yml
View File

@ -1,4 +1,4 @@
--- ---
loc_ldap: loc_ldap:
servers: servers:
- "{{ query('ldap', 'ip4', 'thot', 'adm') }}" - "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"

2
group_vars/aurore/ssh_known_hosts.yml
View File

@ -2,4 +2,4 @@
loc_service_ssh_known_hosts: loc_service_ssh_known_hosts:
config: config:
ldap: ldap:
server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}" server: "ldaps://{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"

2
group_vars/bird.yml
View File

@ -49,4 +49,4 @@ glob_bird:
ipv6: true ipv6: true
glob_prometheus_bird_exporter: glob_prometheus_bird_exporter:
listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}"

2
group_vars/certbot.yml
View File

@ -15,7 +15,7 @@ glob_service_certbot:
config: config:
"crans.org": "crans.org":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.

4
group_vars/constellation.yml
View File

@ -8,14 +8,14 @@ glob_constellation:
- 'intranet.crans.org' - 'intranet.crans.org'
email: email:
ssl: false ssl: false
host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}"
port: 25 port: 25
user: '' user: ''
password: '' password: ''
from: "root@crans.org" from: "root@crans.org"
from_full: "Crans <root@crans.org>" from_full: "Crans <root@crans.org>"
database: database:
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432 port: 5432
user: 'constellation' user: 'constellation'
password: "{{ vault.constellation.django_db_password }}" password: "{{ vault.constellation.django_db_password }}"

4
group_vars/django_cas.yml
View File

@ -6,14 +6,14 @@ glob_django_cas:
dn: 'cn=Utilisateurs,dc=crans,dc=org' dn: 'cn=Utilisateurs,dc=crans,dc=org'
password: "{{ vault.cas.ldap.password }}" password: "{{ vault.cas.ldap.password }}"
user: 'cn=cas,ou=service-users,dc=crans,dc=org' user: 'cn=cas,ou=service-users,dc=crans,dc=org'
server: "{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}"
db: db:
host: tealc.adm.crans.org host: tealc.adm.crans.org
password: "{{ vault.cas.database.password }}" password: "{{ vault.cas.database.password }}"
secret_key: "{{ vault.cas.secret_key }}" secret_key: "{{ vault.cas.secret_key }}"
mail: mail:
address: 'root@crans.org' address: 'root@crans.org'
host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}"
port: 25 port: 25
loc_nginx: loc_nginx:

2
group_vars/dovecot.yml
View File

@ -1,7 +1,7 @@
--- ---
glob_dovecot: glob_dovecot:
ldap: ldap:
uri: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}/" uri: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}/"
dn: 'cn=dovecot,ou=service-users,dc=crans,dc=org' dn: 'cn=dovecot,ou=service-users,dc=crans,dc=org'
pass: "{{ vault.dovecot.dnpass }}" pass: "{{ vault.dovecot.dnpass }}"
users_base: 'cn=Utilisateurs,dc=crans,dc=org' users_base: 'cn=Utilisateurs,dc=crans,dc=org'

2
group_vars/ethercalc.yml
View File

@ -1,3 +1,3 @@
--- ---
glob_ethercalc: glob_ethercalc:
ip: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" ip: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}"

14
group_vars/keepalived.yml
View File

@ -2,7 +2,7 @@
glob_keepalived: glob_keepalived:
mail_source: keepalived@crans.org mail_source: keepalived@crans.org
mail_destination: root@crans.org mail_destination: root@crans.org
smtp_server: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" smtp_server: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}"
routeur_id: "{{ ansible_hostname }}" routeur_id: "{{ ansible_hostname }}"
pool: pool:
VI_ALL: VI_ALL:
@ -20,19 +20,19 @@ glob_keepalived:
ipv6: ipv6:
- {ip: '2a0c:700:28::1/64', scope: 'global'} - {ip: '2a0c:700:28::1/64', scope: 'global'}
- vlan: srv - vlan: srv
ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}/26" ipv4: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv') }}/26"
ipv6: ipv6:
- {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}/64", scope: 'global'} - {ip: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv') }}/64", scope: 'global'}
- {ip: 'fe80::1/64', scope: 'link'} - {ip: 'fe80::1/64', scope: 'link'}
- vlan: srv_nat - vlan: srv_nat
ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}/24" ipv4: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv-nat') }}/24"
ipv6: ipv6:
- {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}/64", scope: 'global'} - {ip: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv-nat') }}/64", scope: 'global'}
- {ip: 'fe80::1/64', scope: 'link'} - {ip: 'fe80::1/64', scope: 'link'}
- vlan: adh - vlan: adh
ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}/24" ipv4: "{{ lookup('ldap', 'ip4', 'passerelle', 'adh') }}/24"
ipv6: ipv6:
- {ip: "{{ query('ldap', 'ip6', 'passerelle', 'adh') }}/48", scope: 'global'} - {ip: "{{ lookup('ldap', 'ip6', 'passerelle', 'adh') }}/48", scope: 'global'}
- {ip: 'fe80::1/64', scope: 'link'} - {ip: 'fe80::1/64', scope: 'link'}
# - vlan: ens # - vlan: ens
# ipv4: 100.84.0.99/16 # ipv4: 100.84.0.99/16

4
group_vars/mailman.yml
View File

@ -57,13 +57,13 @@ glob_mailman3:
database: database:
user: "mailman3" user: "mailman3"
pass: "{{ vault.mailman3.database.pass }}" pass: "{{ vault.mailman3.database.pass }}"
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432 port: 5432
name: "mailman3" name: "mailman3"
web_database: web_database:
user: "mailman3web" user: "mailman3web"
pass: "{{ vault.mailman3.web_database.pass }}" pass: "{{ vault.mailman3.web_database.pass }}"
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432 port: 5432
name: "mailman3web" name: "mailman3web"
restadmin_pass: "{{ vault.mailman3.restadmin_pass }}" restadmin_pass: "{{ vault.mailman3.restadmin_pass }}"

2
group_vars/postfix.yml
View File

@ -1,3 +1,3 @@
--- ---
glob_prometheus_postfix_exporter: glob_prometheus_postfix_exporter:
listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}"

2
group_vars/prefix_delegation.yml
View File

@ -14,6 +14,6 @@ loc_service_prefix_delegation:
prefix: "2a0c:700:12::" prefix: "2a0c:700:12::"
length: "48" length: "48"
ldap: ldap:
server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}" server: "ldaps://{{ lookup('ldap', 'ip4', 'flirt', 'adm') }}"
binddn: "{{ vault.ldap_adh_reader.binddn }}" binddn: "{{ vault.ldap_adh_reader.binddn }}"
password: "{{ vault.ldap_adh_reader.bindpass }}" password: "{{ vault.ldap_adh_reader.bindpass }}"

10
group_vars/printer.yml
View File

@ -8,14 +8,14 @@ glob_printer:
- 'imprimante.crans.org' - 'imprimante.crans.org'
email: email:
ssl: false ssl: false
host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}"
port: 25 port: 25
user: '' user: ''
password: '' password: ''
from: "root@crans.org" from: "root@crans.org"
from_full: "Crans <root@crans.org>" from_full: "Crans <root@crans.org>"
database: database:
host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"
port: 5432 port: 5432
user: 'helloworld' user: 'helloworld'
password: "{{ vault.printer.django_db_password }}" password: "{{ vault.printer.django_db_password }}"
@ -27,9 +27,9 @@ glob_printer:
note_id: 2088 note_id: 2088
note_alias: 'Crans' note_alias: 'Crans'
printer_name: 'Lexmark_X950_Series' printer_name: 'Lexmark_X950_Series'
domain: "{{ query('ldap', 'ip4', 'printer', 'lp') }}" domain: "{{ lookup('ldap', 'ip4', 'printer', 'lp') }}"
scan_server: scan_server:
address: "{{ query('ldap', 'ip4', ansible_hostname, 'lp') }}" address: "{{ lookup('ldap', 'ip4', ansible_hostname, 'lp') }}"
port: 9751 port: 9751
debug: false debug: false
owner: www-data owner: www-data
@ -38,7 +38,7 @@ glob_printer:
settings_local_owner: www-data settings_local_owner: www-data
settings_local_group: _nounou settings_local_group: _nounou
ldap: ldap:
uri: "ldaps://{{ query('ldap', 'ip4', 'tealc', 'adm') }}/" uri: "ldaps://{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}/"
dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org
group_search: ou=group,dc=crans,dc=org group_search: ou=group,dc=crans,dc=org
read_group: cn=_user,ou=group,dc=crans,dc=org read_group: cn=_user,ou=group,dc=crans,dc=org

2
group_vars/prometheus.yml
View File

@ -13,7 +13,7 @@ glob_service_prometheus_target:
options: "" options: ""
config: config:
ldap: ldap:
server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}"
glob_ninjabot: glob_ninjabot:
config: config:

4
group_vars/re2o.yml
View File

@ -9,7 +9,7 @@ glob_re2o:
- 'intranet.adm.crans.org' - 'intranet.adm.crans.org'
- 're2o.crans.org' - 're2o.crans.org'
- 'intranet.crans.org' - 'intranet.crans.org'
- "{{ query('ldap', 'ip4', 're2o', 'adm') }}" - "{{ lookup('ldap', 'ip4', 're2o', 'adm') }}"
from_email: "root@crans.org" from_email: "root@crans.org"
smtp_server: smtp.adm.crans.org smtp_server: smtp.adm.crans.org
ldap: ldap:
@ -18,7 +18,7 @@ glob_re2o:
dn: "{{ vault.slapd.re2o.admin.binddn }}" dn: "{{ vault.slapd.re2o.admin.binddn }}"
database: database:
password: "{{ vault.re2o.database.password }}" password: "{{ vault.re2o.database.password }}"
uri: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" uri: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"
optional_apps: optional_apps:
- api - api
- captcha - captcha

4
group_vars/re2o_front.yml
View File

@ -1,8 +1,8 @@
--- ---
glob_re2o_front: glob_re2o_front:
server_names: server_names:
- "{{ query('ldap', 'ip4', 're2o', 'adm') }}" - "{{ lookup('ldap', 'ip4', 're2o', 'adm') }}"
- "[{{ query('ldap', 'ip6', 're2o', 'adm') }}]" - "[{{ lookup('ldap', 'ip6', 're2o', 'adm') }}]"
- re2o.adm.crans.org - re2o.adm.crans.org
- intranet.adm.crans.org - intranet.adm.crans.org
- re2o.crans.org - re2o.crans.org

2
group_vars/re2o_ldap.yml
View File

@ -1,7 +1,7 @@
--- ---
glob_re2o_ldap: glob_re2o_ldap:
suffix: dc=crans,dc=org suffix: dc=crans,dc=org
url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636" url: "ldaps://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}:636"
root_password_hash: "{{ vault.slapd.re2o.admin.bindpass_hash }}" root_password_hash: "{{ vault.slapd.re2o.admin.bindpass_hash }}"
certificate: "{{ vault.slapd.re2o.certificate }}" certificate: "{{ vault.slapd.re2o.certificate }}"
private_key: "{{ vault.slapd.re2o.private_key }}" private_key: "{{ vault.slapd.re2o.private_key }}"

6
group_vars/reverseproxy.yml
View File

@ -8,7 +8,7 @@ loc_service_certbot:
config: config:
"crans.org": "crans.org":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
@ -16,7 +16,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"crans.eu": "crans.eu":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
@ -24,7 +24,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"crans.fr": "crans.fr":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.

4
group_vars/routeurs_vm.yml
View File

@ -20,8 +20,8 @@ loc_dhcp:
vlan: "adh" vlan: "adh"
default_lease_time: "600" default_lease_time: "600"
max_lease_time: "7200" max_lease_time: "7200"
routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}" routers: "{{ lookup('ldap', 'ip4', 'passerelle', 'adh') }}"
dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"] dns: ["{{ lookup('ldap', 'ip4', 'romanesco', 'adh') }}"]
domain_name: "adh.crans.org" domain_name: "adh.crans.org"
domain_search: "adh.crans.org" domain_search: "adh.crans.org"
options: [] options: []

2
group_vars/slapd.yml
View File

@ -1,6 +1,6 @@
--- ---
glob_slapd: glob_slapd:
master_ip: "{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" master_ip: "{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}"
regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$" regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$"
replication_credentials: "{{ vault.slapd.main.replication_credentials }}" replication_credentials: "{{ vault.slapd.main.replication_credentials }}"
private_key: "{{ vault.slapd.main.private_key }}" private_key: "{{ vault.slapd.main.private_key }}"

12
group_vars/sssd.yml
View File

@ -4,17 +4,17 @@ glob_sssd:
domain: wall-e.adm.crans.org domain: wall-e.adm.crans.org
enumerate: "true" enumerate: "true"
servers: servers:
- "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" - "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'sam', 'adm') }}/" - "ldaps://{{ lookup('ldap', 'ip4', 'sam', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'daniel', 'adm') }}/" - "ldaps://{{ lookup('ldap', 'ip4', 'daniel', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'jack', 'adm') }}/" - "ldaps://{{ lookup('ldap', 'ip4', 'jack', 'adm') }}/"
base: "dc=crans,dc=org" base: "dc=crans,dc=org"
secondary: secondary:
domain: yson-partou.adm.crans.org domain: yson-partou.adm.crans.org
enumerate: "false" enumerate: "false"
servers: servers:
- "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}/" - "ldaps://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}/"
- "ldaps://{{ query('ldap', 'ip4', 'terenez', 'adm') }}/" - "ldaps://{{ lookup('ldap', 'ip4', 'terenez', 'adm') }}/"
base: "dc=crans,dc=org" base: "dc=crans,dc=org"
bind: bind:
dn: "{{ vault.sssd.secondary_ldap.binddn }}" dn: "{{ vault.sssd.secondary_ldap.binddn }}"

2
group_vars/thelounge.yml
View File

@ -20,7 +20,7 @@ glob_thelounge:
join: "#general" join: "#general"
ldap_enable: "false" ldap_enable: "false"
ldap: ldap:
url: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" url: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}"
primaryKey: "cn" primaryKey: "cn"
rootDN: "{{ vault.thelounge.ldap.rootDN }}" rootDN: "{{ vault.thelounge.ldap.rootDN }}"
rootPassword: "{{ vault.thelounge.ldap.rootPassword }}" rootPassword: "{{ vault.thelounge.ldap.rootPassword }}"

2
group_vars/viarezo/home_nounou.yml
View File

@ -1,7 +1,7 @@
--- ---
loc_home_nounou: loc_home_nounou:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" - ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}"
mountpoint: /home_nounou mountpoint: /home_nounou
target: /home_nounou target: /home_nounou
name: home_nounou name: home_nounou

2
group_vars/viarezo/ldap.yml
View File

@ -1,4 +1,4 @@
--- ---
loc_ldap: loc_ldap:
servers: servers:
- "{{ query('ldap', 'ip4', 'ft', 'adm') }}" - "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}"

2
group_vars/viarezo/ssh_known_hosts.yml
View File

@ -2,4 +2,4 @@
loc_service_ssh_known_hosts: loc_service_ssh_known_hosts:
config: config:
ldap: ldap:
server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}" server: "ldaps://{{ lookup('ldap', 'ip4', 'ft', 'adm') }}"

4
group_vars/virtu.yml
View File

@ -18,7 +18,7 @@ glob_service_proxmox_user:
config: config:
ldap: ldap:
admin: admin:
uri: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" uri: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
userBase: "ou=passwd,dc=crans,dc=org" userBase: "ou=passwd,dc=crans,dc=org"
realm: "pam" realm: "pam"
dependencies: dependencies:
@ -34,7 +34,7 @@ loc_service_certbot:
config: config:
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.

4
group_vars/virtu_adh.yml
View File

@ -12,11 +12,11 @@ glob_service_proxmox_user:
config: config:
ldap: ldap:
admin: admin:
uri: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" uri: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
userBase: "ou=passwd,dc=crans,dc=org" userBase: "ou=passwd,dc=crans,dc=org"
realm: "pam" realm: "pam"
user: user:
uri: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}/" uri: "ldaps://{{ lookup('ldap', 'ip4', 'flirt', 'adm') }}/"
userBase: "ou=users,dc=adh,dc=crans,dc=org" userBase: "ou=users,dc=adh,dc=crans,dc=org"
realm: "pve" realm: "pve"
binddn: "{{ vault.ldap_adh_reader.binddn }}" binddn: "{{ vault.ldap_adh_reader.binddn }}"

4
host_vars/backup-ft.adm.crans.org.yml
View File

@ -10,14 +10,14 @@ loc_needrestart:
loc_home_nounou: loc_home_nounou:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" - ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}"
mountpoint: /home_nounou mountpoint: /home_nounou
target: /home_nounou target: /home_nounou
name: home_nounou name: home_nounou
owner: root owner: root
group: _user group: _user
mode: '0750' mode: '0750'
- ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" - ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}"
mountpoint: /rpool/backup mountpoint: /rpool/backup
target: /backup target: /backup
name: backup name: backup

4
host_vars/backup-thot.adm.crans.org.yml
View File

@ -10,14 +10,14 @@ loc_needrestart:
loc_home_nounou: loc_home_nounou:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"
mountpoint: /home_nounou mountpoint: /home_nounou
target: /home_nounou target: /home_nounou
name: home_nounou name: home_nounou
owner: root owner: root
group: _user group: _user
mode: '0750' mode: '0750'
- ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"
mountpoint: /rpool/backup mountpoint: /rpool/backup
target: /backup target: /backup
name: backup name: backup

12
host_vars/boeing.adm.crans.org.yml
View File

@ -18,9 +18,9 @@ loc_wireguard:
peers: peers:
- public_key: "{{ vault.wireguard.sputnik.pubkey }}" - public_key: "{{ vault.wireguard.sputnik.pubkey }}"
allowed_ips: allowed_ips:
- "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/32" - "{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}/32"
- "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/128" - "{{ lookup('ldap', 'ip6', 'sputnik', 'adm') }}/128"
endpoint: "{{ query('ldap', 'ip4', 'sputnik', 'srv') }}:51820" endpoint: "{{ lookup('ldap', 'ip4', 'sputnik', 'srv') }}:51820"
post_up: post_up:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
@ -36,7 +36,7 @@ loc_wireguard:
peers: peers:
- public_key: "{{ vault.wireguard.routeur_ft.pubkey }}" - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}"
allowed_ips: allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}" - "{{ lookup('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
persistent_keepalive: 25 persistent_keepalive: 25
post_up: post_up:
@ -54,7 +54,7 @@ loc_wireguard:
peers: peers:
- public_key: "{{ vault.wireguard.routeur_thot.pubkey }}" - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}"
allowed_ips: allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}" - "{{ lookup('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
persistent_keepalive: 25 persistent_keepalive: 25
post_up: post_up:
@ -69,7 +69,7 @@ loc_wireguard:
loc_service_proxy: loc_service_proxy:
config: config:
ldap: ldap:
- server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" - server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
protocol: "proxy" protocol: "proxy"
filter: ".adm.crans.org" filter: ".adm.crans.org"
proxy: proxy:

4
host_vars/cameron.adm.crans.org.yml
View File

@ -23,7 +23,7 @@ loc_service_home:
version: master version: master
config: config:
ldap: ldap:
server: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}/" server: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}/"
binddn: "{{ vault.services.home.ldap.binddn }}" binddn: "{{ vault.services.home.ldap.binddn }}"
basedn: cn=Utilisateurs,dc=crans,dc=org basedn: cn=Utilisateurs,dc=crans,dc=org
password: "{{ vault.services.home.ldap.bindpass }}" password: "{{ vault.services.home.ldap.bindpass }}"
@ -48,7 +48,7 @@ loc_service_borg:
version: main version: main
config: config:
ldap: ldap:
server: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" server: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}"
binddn: "{{ vault.services.home.ldap.binddn }}" binddn: "{{ vault.services.home.ldap.binddn }}"
rootdn: cn=Utilisateurs,dc=crans,dc=org rootdn: cn=Utilisateurs,dc=crans,dc=org
password: "{{ vault.services.home.ldap.bindpass }}" password: "{{ vault.services.home.ldap.bindpass }}"

2
host_vars/cephiroth.adm.crans.org.yml
View File

@ -12,6 +12,6 @@ loc_borg:
- /var - /var
loc_slapd: loc_slapd:
ip: "{{ query('ldap', 'ip4', 'cephiroth', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'cephiroth', 'adm') }}"
replica: true replica: true
replica_rid: 5 replica_rid: 5

2
host_vars/daniel.adm.crans.org.yml
View File

@ -6,7 +6,7 @@ loc_needrestart:
override: [] override: []
loc_slapd: loc_slapd:
ip: "{{ query('ldap', 'ip4', 'daniel', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'daniel', 'adm') }}"
replica: true replica: true
replica_rid: 2 replica_rid: 2

2
host_vars/eclat.adm.crans.org.yml
View File

@ -12,7 +12,7 @@ loc_needrestart:
loc_nfs_mount: loc_nfs_mount:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}" - ip: "{{ lookup('ldap', 'ip4', 'tealc', 'san') }}"
mountpoint: /pool/mirror mountpoint: /pool/mirror
target: /mirror target: /mirror
name: mirror name: mirror

2
host_vars/ft.adm.crans.org.yml
View File

@ -12,6 +12,6 @@ loc_borg:
- /var - /var
loc_slapd: loc_slapd:
ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}"
replica: true replica: true
replica_rid: 6 replica_rid: 6

2
host_vars/fyre.adm.crans.org.yml
View File

@ -248,7 +248,7 @@ loc_prometheus:
target_label: __param_target target_label: __param_target
- source_labels: [__param_target] - source_labels: [__param_target]
target_label: instance target_label: instance
- replacement: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116" - replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
target_label: __address__ target_label: __address__
tsdb: tsdb:
retention_time: "180d" retention_time: "180d"

4
host_vars/gitzly.adm.crans.org.yml
View File

@ -22,7 +22,7 @@ loc_service_certbot:
config: config:
"crans.org": "crans.org":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
@ -30,7 +30,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.

2
host_vars/helloworld.adm.crans.org.yml
View File

@ -11,4 +11,4 @@ loc_needrestart:
override: [] override: []
loc_snmp_exporter: loc_snmp_exporter:
listen_address: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116" listen_address: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"

30
host_vars/irc.adm.crans.org.yml
View File

@ -54,22 +54,22 @@ loc_inspircd:
- name: crans.org - name: crans.org
- name: adm.crans.org - name: adm.crans.org
bind: bind:
- address: "{{ query('ldap', 'ip4', 'irc', 'srv') }}" - address: "{{ lookup('ldap', 'ip4', 'irc', 'srv') }}"
type: clients type: clients
clair: 6667 clair: 6667
ssl: 6697 ssl: 6697
certificate: crans.org certificate: crans.org
- address: "{{ query('ldap', 'ip6', 'irc', 'srv') }}" - address: "{{ lookup('ldap', 'ip6', 'irc', 'srv') }}"
type: clients type: clients
clair: 6667 clair: 6667
ssl: 6697 ssl: 6697
certificate: crans.org certificate: crans.org
- address: "{{ query('ldap', 'ip4', 'irc', 'adm') }}" - address: "{{ lookup('ldap', 'ip4', 'irc', 'adm') }}"
type: clients type: clients
clair: 6667 clair: 6667
ssl: 6697 ssl: 6697
certificate: adm.crans.org certificate: adm.crans.org
- address: "{{ query('ldap', 'ip6', 'irc', 'adm') }}" - address: "{{ lookup('ldap', 'ip6', 'irc', 'adm') }}"
type: clients type: clients
clair: 6667 clair: 6667
ssl: 6697 ssl: 6697
@ -80,28 +80,28 @@ loc_inspircd:
connect: connect:
- name: zamok - name: zamok
allows: allows:
ipv4: "{{ query('ldap', 'ip4', 'zamok', 'srv') }}/32" ipv4: "{{ lookup('ldap', 'ip4', 'zamok', 'srv') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'zamok', 'srv') }}/128" ipv6: "{{ lookup('ldap', 'ip6', 'zamok', 'srv') }}/128"
threshold: 1 threshold: 1
- name: irc - name: irc
allows: allows:
ipv4: "{{ query('ldap', 'ip4', 'irc', 'srv') }}/32" ipv4: "{{ lookup('ldap', 'ip4', 'irc', 'srv') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'irc', 'srv') }}/128" ipv6: "{{ lookup('ldap', 'ip6', 'irc', 'srv') }}/128"
threshold: 1 threshold: 1
- name: gitlab - name: gitlab
allows: allows:
ipv4: "{{ query('ldap', 'ip4', 'gitzly', 'srv') }}/32" ipv4: "{{ lookup('ldap', 'ip4', 'gitzly', 'srv') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'gitzly', 'srv') }}/128" ipv6: "{{ lookup('ldap', 'ip6', 'gitzly', 'srv') }}/128"
threshold: 10 threshold: 10
commandrate: 10000 commandrate: 10000
- name: monitoring - name: monitoring
allows: allows:
ipv4: "{{ query('ldap', 'ip4', 'fyre', 'adm') }}/32" ipv4: "{{ lookup('ldap', 'ip4', 'fyre', 'adm') }}/32"
ipv6: "{{ query('ldap', 'ip6', 'fyre', 'adm') }}/128" ipv6: "{{ lookup('ldap', 'ip6', 'fyre', 'adm') }}/128"
threshold: 10 threshold: 10
commandrate: 10000 commandrate: 10000
modes: true modes: true
dns: "{{ query('ldap', 'ip4', 'romanesco', 'srv') }}" dns: "{{ lookup('ldap', 'ip4', 'romanesco', 'srv') }}"
services: services:
name: services.irc.crans.org name: services.irc.crans.org
port: 6668 port: 6668
@ -127,7 +127,7 @@ loc_service_certbot:
config: config:
"crans.org": "crans.org":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
@ -135,7 +135,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.

2
host_vars/jack.adm.crans.org.yml
View File

@ -6,7 +6,7 @@ loc_needrestart:
override: [] override: []
loc_slapd: loc_slapd:
ip: "{{ query('ldap', 'ip4', 'jack', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'jack', 'adm') }}"
replica: true replica: true
replica_rid: 3 replica_rid: 3

2
host_vars/owncloud.adm.crans.org.yml
View File

@ -15,4 +15,4 @@ loc_needrestart:
loc_ldap: loc_ldap:
base_dn: "{{ vault.slapd.re2o.admin.binddn }}" base_dn: "{{ vault.slapd.re2o.admin.binddn }}"
password: "{{ vault.slapd.re2o.admin.bindpass }}" password: "{{ vault.slapd.re2o.admin.bindpass }}"
uri: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" uri: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}"

2
host_vars/ptf.adm.crans.org.yml
View File

@ -12,7 +12,7 @@ loc_needrestart:
loc_nfs_mount: loc_nfs_mount:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}" - ip: "{{ lookup('ldap', 'ip4', 'tealc', 'san') }}"
mountpoint: /pool/ftp mountpoint: /pool/ftp
target: /ftp target: /ftp
name: ftp name: ftp

2
host_vars/re2o-dev.adm.crans.org.yml
View File

@ -10,4 +10,4 @@ loc_needrestart:
override: [] override: []
loc_re2o_ldap_replica: loc_re2o_ldap_replica:
url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636" url: "ldaps://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}:636"

4
host_vars/redisdead.adm.crans.org.yml
View File

@ -25,7 +25,7 @@ loc_service_certbot:
config: config:
"crans.org": "crans.org":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
@ -33,7 +33,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.

10
host_vars/routeur-ft.adm.crans.org.yml
View File

@ -18,14 +18,14 @@ loc_wireguard:
peers: peers:
- public_key: "{{ vault.wireguard.boeing.viarezo.pubkey }}" - public_key: "{{ vault.wireguard.boeing.viarezo.pubkey }}"
allowed_ips: allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}" - "{{ lookup('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51821" endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51821"
persistent_keepalive: 25 persistent_keepalive: 25
post_up: post_up:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
- "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" - "ip route add {{ lookup('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy"
- "python3 /var/local/services/proxy/proxy.py --alter" - "python3 /var/local/services/proxy/proxy.py --alter"
pre_down: pre_down:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=0" - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
@ -35,8 +35,8 @@ loc_wireguard:
loc_service_proxy: loc_service_proxy:
config: config:
ldap: ldap:
- server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" - server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
- server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}/" - server: "ldaps://{{ lookup('ldap', 'ip4', 'ft', 'adm') }}/"
protocol: "proxy" protocol: "proxy"
filter: ".adm.crans.org" filter: ".adm.crans.org"
proxy: proxy:

10
host_vars/routeur-thot.adm.crans.org.yml
View File

@ -18,14 +18,14 @@ loc_wireguard:
peers: peers:
- public_key: "{{ vault.wireguard.boeing.aurore.pubkey }}" - public_key: "{{ vault.wireguard.boeing.aurore.pubkey }}"
allowed_ips: allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}" - "{{ lookup('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51822" endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51822"
persistent_keepalive: 25 persistent_keepalive: 25
post_up: post_up:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
- "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" - "ip route add {{ lookup('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy"
- "python3 /var/local/services/proxy/proxy.py --alter" - "python3 /var/local/services/proxy/proxy.py --alter"
pre_down: pre_down:
- "sysctl -w net.ipv4.conf.%i.proxy_arp=0" - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
@ -36,8 +36,8 @@ loc_wireguard:
loc_service_proxy: loc_service_proxy:
config: config:
ldap: ldap:
- server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" - server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
- server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}/" - server: "ldaps://{{ lookup('ldap', 'ip4', 'thot', 'adm') }}/"
protocol: "proxy" protocol: "proxy"
filter: ".adm.crans.org" filter: ".adm.crans.org"
proxy: proxy:

2
host_vars/sam.adm.crans.org.yml
View File

@ -12,7 +12,7 @@ loc_borg:
- /var - /var
loc_slapd: loc_slapd:
ip: "{{ query('ldap', 'ip4', 'sam', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'sam', 'adm') }}"
replica: true replica: true
replica_rid: 1 replica_rid: 1

16
host_vars/sputnik.adm.crans.org.yml
View File

@ -18,21 +18,21 @@ loc_wireguard:
tunnels: tunnels:
- name: "sputnik" - name: "sputnik"
addresses: addresses:
- "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/24" - "{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}/24"
- "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/64" - "{{ lookup('ldap', 'ip6', 'sputnik', 'adm') }}/64"
listen_port: 51820 listen_port: 51820
private_key: "{{ vault.wireguard.sputnik.privkey }}" private_key: "{{ vault.wireguard.sputnik.privkey }}"
peers: peers:
- public_key: "{{ vault.wireguard.boeing.sputnik.pubkey }}" - public_key: "{{ vault.wireguard.boeing.sputnik.pubkey }}"
allowed_ips: allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}" - "{{ lookup('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51820" endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51820"
post_up: post_up:
- "/sbin/ip link set sputnik alias adm" - "/sbin/ip link set sputnik alias adm"
loc_slapd: loc_slapd:
ip: "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}"
replica: true replica: true
replica_rid: 4 replica_rid: 4
@ -48,7 +48,7 @@ loc_service_certbot:
config: config:
"crans.org": "crans.org":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
@ -56,7 +56,7 @@ loc_service_certbot:
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.
@ -82,4 +82,4 @@ loc_bind:
loc_service_ssh_known_hosts: loc_service_ssh_known_hosts:
config: config:
ldap: ldap:
server: "ldaps://{{ query('ldap', 'ip4', 'sputnik', 'adm') }}" server: "ldaps://{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}"

2
host_vars/thot.adm.crans.org.yml
View File

@ -12,6 +12,6 @@ loc_borg:
- /var - /var
loc_slapd: loc_slapd:
ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"
replica: true replica: true
replica_rid: 5 replica_rid: 5

6
host_vars/zamok.adm.crans.org.yml
View File

@ -20,7 +20,7 @@ loc_borg:
- /var/lib/mysql - /var/lib/mysql
loc_thelounge: loc_thelounge:
host: "\"{{ query('ldap', 'ip4', 'zamok', 'adm') }}\"" host: "\"{{ lookup('ldap', 'ip4', 'zamok', 'adm') }}\""
oidentd: "\"/usr/local/lib/thelounge/.oidentd.conf\"" oidentd: "\"/usr/local/lib/thelounge/.oidentd.conf\""
reverseProxy: "true" reverseProxy: "true"
ldap_enable: "true" ldap_enable: "true"
@ -32,14 +32,14 @@ loc_crans_scripts:
loc_nfs_mount: loc_nfs_mount:
mounts: mounts:
- ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}" - ip: "{{ lookup('ldap', 'ip4', 'cameron', 'san') }}"
mountpoint: /pool/home mountpoint: /pool/home
target: /home target: /home
name: home name: home
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
- ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}" - ip: "{{ lookup('ldap', 'ip4', 'cameron', 'san') }}"
mountpoint: /pool/mail mountpoint: /pool/mail
target: /var/mail target: /var/mail
name: var-mail name: var-mail

10
lookup_plugins/ldap.py
View File

@ -63,18 +63,18 @@ class LookupModule(LookupBase):
def ip4(self, host, vlan): def ip4(self, host, vlan):
""" """
Retrieve the first IPv4 addresse of an interface of a device Retrieve the first IPv4 addresse of an interface of a device
query('ldap', 'ip4', HOST, VLAN) lookup('ldap', 'ip4', HOST, VLAN)
""" """
result = [ res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 4 ] result = [ res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 4 ]
return result[0] return [result[0]]
def ip6(self, host, vlan): def ip6(self, host, vlan):
""" """
Retrieve the first IPv6 addresse of an interface of a device Retrieve the first IPv6 addresse of an interface of a device
query('ldap', 'ip6', HOST, VLAN) lookup('ldap', 'ip6', HOST, VLAN)
""" """
result = [ res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 6 ] result = [ res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 6 ]
return result[0] return [result[0]]
def all_ip(self, host): def all_ip(self, host):
""" """
@ -200,7 +200,7 @@ class LookupModule(LookupBase):
query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork") query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork")
result = self.base.result(query_id) result = self.base.result(query_id)
result = result[1][0][1] result = result[1][0][1]
return str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8')))) return [str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8'))))]
elif terms[0] == 'zones': elif terms[0] == 'zones':
query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, "objectClass=ipNetwork") query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, "objectClass=ipNetwork")
result = self.base.result(query_id) result = self.base.result(query_id)

4
roles/network-interfaces/templates/network/interfaces.d/ifalias.j2
View File

@ -6,8 +6,8 @@ auto {{ interfaces[item.name] }}
iface {{ interfaces[item.name] }} inet dhcp iface {{ interfaces[item.name] }} inet dhcp
iface {{ interfaces[item.name] }} inet6 auto iface {{ interfaces[item.name] }} inet6 auto
{% else %} {% else %}
{% set subnet_network = (query('ldap', 'network', vlan_name) | ansible.utils.ipaddr('network')) %} {% set subnet_network = (lookup('ldap', 'network', vlan_name) | ansible.utils.ipaddr('network')) %}
{% set subnet_netmask = (query('ldap', 'network', vlan_name) | ansible.utils.ipaddr('netmask')) %} {% set subnet_netmask = (lookup('ldap', 'network', vlan_name) | ansible.utils.ipaddr('netmask')) %}
{% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %} {% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %}
{% if (ips | ansible.utils.ipv4 | length) > 0 %} {% if (ips | ansible.utils.ipv4 | length) > 0 %}
auto {{ interfaces[item.name] }} auto {{ interfaces[item.name] }}