Création de README, suppression d'éléments inutiles

2024-12-14 21:49:57 +01:00 · 2024-12-14 21:49:57 +01:00 · e965ce9acd
parent 7241dd0745
commit e965ce9acd
27 changed files with 277 additions and 197 deletions
--- a/group_vars/all/mirror.yml
+++ b/group_vars/all/mirror.yml
@ -4,7 +4,5 @@ glob_mirror:
  ip: "{{ lookup('ldap', 'ip4', 'eclat', 'adm') }}"
 debian_mirror: http://mirror.adm.crans.org/debian
 ubuntu_mirror: http://mirror.adm.crans.org/ubuntu
 proxmox_mirror: http://mirror.adm.crans.org/proxmox/debian/pve
 debian_components: main contrib non-free
 ubuntu_components: main restricted universe multiverse
--- a/host_vars/fyre.adm.crans.org.yml
+++ b/host_vars/fyre.adm.crans.org.yml
@ -10,33 +10,6 @@ loc_needrestart:
  override: []
 loc_prometheus:
  node:
    config:
      - job_name: servers
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/node.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
            replacement: '$1:9100'
  nginx:
    config:
      - job_name: nginx
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/nginx.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: instance
          - source_labels: [instance]
            target_label: __address__
            replacement: '$1:9117'
  apache:
    config:
@ -50,29 +23,59 @@ loc_prometheus:
            target_label: __address__
            replacement: '$1:9117'
  bind:
    config:
      - job_name: bind
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/bind.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
            replacement: '$1:9119'
  bird:
    config:
      - job_name: bird
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/bird.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
            replacement: '$1:9324'
  blackbox:
    file: targets/blackbox.json
    targets:
      - http://ftp.crans.org/
      - https://cas.crans.org/
      - https://crans.org/
      - https://www.crans.org/
      - https://webirc.crans.org/
      - https://jitsi.crans.org/
      - https://ftps.crans.org/
      - http://ftp.crans.org/
      - https://grafana.crans.org/
      - https://roundcube.crans.org/
      - https://zero.crans.org/
      - https://wiki.crans.org/PageAccueil
      - https://framadate.crans.org/
      - https://pad.crans.org/
      - https://lists.crans.org/
      - https://cas.crans.org/
      - https://ethercalc.crans.org/
      - https://framadate.crans.org/
      - https://ftps.crans.org/
      - https://gitlab.crans.org/
-      - https://perso.crans.org/crans/
+      - https://grafana.crans.org/
      - https://install-party.crans.org/
      - https://intranet.crans.org/
      - https://jitsi.crans.org/
      - https://lists.crans.org/
      - https://owncloud.crans.org/
      - https://pad.crans.org/
      - https://perso.crans.org/crans/
      - https://roundcube.crans.org/
      - https://webirc.crans.org/
      - https://wiki.crans.org/PageAccueil
      - https://zero.crans.org/
    config:
      - job_name: blackbox
        file_sd_configs:
@ -106,27 +109,30 @@ loc_prometheus:
          - target_label: __address__
            replacement: 127.0.0.1:9115
-  bird:
+  ilo_snmp:
    config:
-      - job_name: bird
+      - job_name: ilo_snmp
        file_sd_configs:
          - files:
-              - '/etc/prometheus/targets/bird.json'
+              - '/etc/prometheus/targets/ilo_snmp.json'
        metrics_path: '/snmp'
        params:
          module:
            - ilo
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
-          - source_labels: [__param_target]
+          - replacement: '127.0.0.1:9116'
            target_label: __address__
            replacement: '$1:9324'
-  bind:
+  mtail:
    config:
-      - job_name: bind
+      - job_name: mtail
        file_sd_configs:
          - files:
-              - '/etc/prometheus/targets/bind.json'
+              - '/etc/prometheus/targets/mtail.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
@ -134,7 +140,50 @@ loc_prometheus:
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
-            replacement: '$1:9119'
+            replacement: '$1:3903'
  mysql:
    config:
      - job_name: mysql
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/mysql.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
            replacement: '$1:9104'
  nginx:
    config:
      - job_name: nginx
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/nginx.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: instance
          - source_labels: [instance]
            target_label: __address__
            replacement: '$1:9117'
  node:
    config:
      - job_name: servers
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/node.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
            replacement: '$1:9100'
  postfix:
    config:
@ -166,54 +215,27 @@ loc_prometheus:
            target_label: __address__
            replacement: '$1:9187'
-  mysql:
+  printer_snmp:
    config:
-      - job_name: mysql
+      - job_name: printer_snmp
-        file_sd_configs:
+        static_configs:
-          - files:
+          - targets: ["printer.lp.crans.org"]
              - '/etc/prometheus/targets/mysql.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
            replacement: '$1:9104'
  mtail:
    config:
      - job_name: mtail
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/mtail.json'
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - source_labels: [__param_target]
            target_label: __address__
            replacement: '$1:3903'
  ilo_snmp:
    config:
      - job_name: ilo_snmp
        file_sd_configs:
          - files:
              - '/etc/prometheus/targets/ilo_snmp.json'
        metrics_path: '/snmp'
        params:
          module:
-            - ilo
+            - printer_mib
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
-          - replacement: '127.0.0.1:9116'
+          - replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
            target_label: __address__
  tsdb:
    retention_time: "180d"
    retention_size: "200GB"
  ups_snmp:
    config:
      - job_name: ups_snmp
@ -233,23 +255,3 @@ loc_prometheus:
            target_label: instance
          - replacement: 127.0.0.1:9116
            target_label: __address__
  printer_snmp:
    config:
      - job_name: printer_snmp
        static_configs:
          - targets: ["printer.lp.crans.org"]
        metrics_path: '/snmp'
        params:
          module:
            - printer_mib
        relabel_configs:
          - source_labels: [__address__]
            target_label: __param_target
          - source_labels: [__param_target]
            target_label: instance
          - replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
            target_label: __address__
  tsdb:
    retention_time: "180d"
    retention_size: "200GB"
--- a/roles/ceph/tasks/main.yml
+++ b/roles/ceph/tasks/main.yml
@ -1,27 +0,0 @@
 ---
 - name: Fetch ceph repository public key
  get_url:
    url: "{{ ceph.mirror_key }}"
    dest: /etc/apt/trusted.gpg.d/ceph-release.asc
 - name: Add ceph to source lists
  lineinfile:
    path: /etc/apt/sources.list.d/ceph.list
    regexp: '^deb'
    create: true
    line: 'deb [signed-by=/etc/apt/trusted.gpg.d/ceph-release.asc] {{ ceph.mirror }} {{ ansible_distribution_release }} main'
 - name: Install ceph
  apt:
    name:
      - ceph
      - ceph-mds
      - ceph-volume
      - rsync
      - nvme-cli
      - smartmontools
    install_recommends: false
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded
--- a/roles/common-tools/README.md
+++ b/roles/common-tools/README.md
@ -0,0 +1,9 @@
 # Common tools
 Installe et configure les outils essentiels pour l'administration des serveurs.
 Par exemple :
 - git
 - nano
 - screen
--- a/roles/debian-apt-sources/README.md
+++ b/roles/debian-apt-sources/README.md
@ -0,0 +1,3 @@
 # Debian apt sources
 Configure les sources de debian avec le miroir du crans.
--- a/roles/ethercalc/README.md
+++ b/roles/ethercalc/README.md
@ -0,0 +1,8 @@
 # Ethercalc
 Installe et configure ethercalc
 ## Variables
 glob_ethercalc:
  ip: ip du serveur
--- a/roles/etherpad/README.md
+++ b/roles/etherpad/README.md
@ -0,0 +1,31 @@
 # Etherpad
 Installe et configure etherpad
 # Variables
 glob_etherpad:
  instances:
    - name: nom de l'instance
      title: titre de la page
      favicon: icon de la page
      skin:
      ip: ip du serveur
      port: port
      version: version du pad
      database:
        user: utilisateur de la bdd
        host: serveur pgsql
        name: nom de la bdd
      default_pad_text: texte par défaut des pads
      admin:
        user: utilisateur admin
        password: mot de passe
      apikey: clé api
      temporary:
        enabled: activer les pads éphémères
        delay: durée avant suppression
        loop: true si une boucle est utilisée
        loop_delay: delai entre chaque itération de la boucle
        delete_at_start: true si la suppression à lieu au démarrage du pad
        deleted_text: message après suppression
--- a/roles/logos/README.md
+++ b/roles/logos/README.md
@ -0,0 +1,12 @@
 # Logos
 Copie les logos du crans.
 ## Variables
 logos:
  - which: source du logo (cf : files/)
    where: destination du logo
    owner: propriétaire (défaut : root)
    group: groupe (defaut : root)
    mode: permissions (defaut : 0644)
--- a/roles/moinmoin-gendoc/README.md
+++ b/roles/moinmoin-gendoc/README.md
@ -0,0 +1,3 @@
 # Moinmoin gendoc
 Générateur automatique de la documentation sur le wiki.
--- a/roles/moinmoin/README.md
+++ b/roles/moinmoin/README.md
@ -0,0 +1,7 @@
 # Moinmoin
 Installe et configure le wiki (avec hardcode)
 ## Variables
 moinmoin.main: booléen
--- a/roles/ntp-client/README.md
+++ b/roles/ntp-client/README.md
@ -0,0 +1,8 @@
 # NTP client
 Installe et configure un client ntp.
 ## Variables
 glob_ntp_client:
  servers: serveurs
--- a/roles/ntp-server/README.md
+++ b/roles/ntp-server/README.md
@ -0,0 +1,8 @@
 # NTP server
 Installe et configure un serveur NTP
 ## Variables
 glob_ntp_server:
  open: adresses ip
--- a/roles/openssh/README.md
+++ b/roles/openssh/README.md
@ -0,0 +1,3 @@
 # Openssh
 Installe et configure un serveur ssh.
--- a/roles/prometheus/README.md
+++ b/roles/prometheus/README.md
@ -0,0 +1,10 @@
 # Prometheus
 Installe et configure prometheus
 ## Variables
 prometheus:
  tsdb:
    retention_time: Durée de conservation maximale
    retention_size: Taille maximale
--- a/roles/qemu-guest-agent/README.md
+++ b/roles/qemu-guest-agent/README.md
@ -0,0 +1,3 @@
 # Qemu guest agent
 Installe qemu guest agent
--- a/roles/restic-client/README.md
+++ b/roles/restic-client/README.md
@ -0,0 +1,19 @@
 # Restic client
 Restic client est déployé sur toutes les machines du crans. Il permet de
 configurer les backups sur toutes les machines du crans. Plus d'information sur
 la [documentation](gitlab.crans.org/nounous/documentation).
 ## Variables
 glob_restic: (ou loc_restic dans host_vars)
  config:
    <nom>:
      to_exclude: chemins à ne pas backuper
      to_backup: chemins à backuper
      retention: règles de conservations
  remote: Serveurs sur lesquels les backups doivent être effectuées
 Remarque : il est possible de configurer plusieurs backups (notamment pour avoir
 des rétentions différentes ou pour les séparer) en mettant plusieurs
 configurations dans `config` (avec des noms différents).
--- a/roles/restic-client/handlers/main.yml
+++ b/roles/restic-client/handlers/main.yml
@ -4,3 +4,7 @@
    name: restic-{{ item }}.timer
    state: restarted
  loop: "{{ restic.config.keys() }}"
 - name: systemctl daemon-reload
  systemd:
    daemon_reload: true
--- a/roles/root-config/README.md
+++ b/roles/root-config/README.md
@ -0,0 +1,3 @@
 # Root config
 Configure les différentes applications de root (typiquement nano et vim).
--- a/roles/root-config/tasks/main.yml
+++ b/roles/root-config/tasks/main.yml
@ -1,5 +1,5 @@
 ---
- name: Create or rewrite .nanorc for root
+- name: Create or rewrite .nanorc and .vimrc for root
  template:
    src: "{{ item.src }}.j2"
    dest: /root/{{ item.dest }}
--- a/roles/root/README.md
+++ b/roles/root/README.md
@ -0,0 +1,6 @@
 # Root
 Configure le mot de passe root.
 Remarque : Bien que le role `root` ne fasse que cela, le playbook root permet de
 pré-configurer une vm entièrement (backups, sudoers, home_nounou, ...)
--- a/roles/sudo/README.md
+++ b/roles/sudo/README.md
@ -0,0 +1,3 @@
 # Sudo 
 Configure les sudoers.
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@ -1,11 +1,10 @@
 ---
 - name: Configure sudoers
  template:
-    src: "{{ item.src }}.j2"
+    src: "{{ item }}.j2"
-    dest: "/etc/{{ item.dst |  default(item.src) }}"
+    dest: "/etc/{{ item }}"
    mode: 0440
  loop:
-    - src: sudoers.d/custom_passprompt
+    - sudoers.d/custom_passprompt
-    - src: sudoers.d/group_privilege
+    - sudoers.d/group_privilege
-    - src: "sudoers.{{ ansible_distribution_release }}"
+    - sudoers
      dst: "sudoers"
--- a/roles/sudo/templates/sudoers.bullseye.j2
+++ b/roles/sudo/templates/sudoers.bullseye.j2
@ -1,27 +0,0 @@
 {{ ansible_header | comment }}
 #
 # See the man page for details on how to write a sudoers file.
 #
 Defaults	env_reset
 Defaults	mail_badpass
 Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 # Host alias specification
 User_Alias    USERS= %_user
 User_Alias    NOUNOUS= %_nounou
 # User alias specification
 # Cmnd alias specification
 # User privilege specification
 root	ALL=(ALL:ALL) ALL
 {% if 'virtu' in group_names %}
 # Pour vérifier quels vms sont sur quels virtus
 USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
 {% endif %}
 # See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
--- a/roles/sudo/templates/sudoers.buster.j2
+++ b/roles/sudo/templates/sudoers.buster.j2
@ -1,27 +0,0 @@
 {{ ansible_header | comment }}
 #
 # See the man page for details on how to write a sudoers file.
 #
 Defaults	env_reset
 Defaults	mail_badpass
 Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 # Host alias specification
 User_Alias    USERS= %_user
 User_Alias    NOUNOUS= %_nounou
 # User alias specification
 # Cmnd alias specification
 # User privilege specification
 root	ALL=(ALL:ALL) ALL
 {% if 'virtu' in group_names %}
 # Pour vérifier quels vms sont sur quels virtus
 USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
 {% endif %}
 # See sudoers(5) for more information on "@include" directives:
 #includedir /etc/sudoers.d
--- a/roles/sudo/templates/sudoers.bookworm.j2
+++ b/roles/sudo/templates/sudoers.bookworm.j2
@ -24,4 +24,4 @@ USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
 {% endif %}
 # See sudoers(5) for more information on "@include" directives:
-@includedir /etc/sudoers.d
+{% if ansible_facts['distribution_major_version'] == "10" %}#{% else %}@{% endif %}includedir /etc/sudoers.d
--- a/roles/wireguard/README.md
+++ b/roles/wireguard/README.md
@ -0,0 +1,19 @@
 # Wireguard
 Installe et configure wireguard
 ## Variables
 loc_wireguard:
  tunnels:
    - name: nom
      listen_port: port
      private_key: clé privée
      table: "off"
      peers:
        - public_key: clé publique de la machine distante
          allowed_ips: ips autorisées
          endpoint: ip:port (facultatif)
          persistent_keepalive: int (facultatif)
      post_up: actions après activation
      pre_down: actions avant arrêt
--- a/roles/zamok-tools/README.md
+++ b/roles/zamok-tools/README.md
@ -0,0 +1,3 @@
 # Zamok tools
 Installe les logiciels nécessaire sur Zamok et configure les pages persos.
		`@ -0,0 +1,3 @@`
							`# Debian apt sources`

							`Configure les sources de debian avec le miroir du crans.`
		`@ -0,0 +1,3 @@`
							`# Moinmoin gendoc`

							`Générateur automatique de la documentation sur le wiki.`
		`@ -0,0 +1,3 @@`
							`# Openssh`

							`Installe et configure un serveur ssh.`
		`@ -0,0 +1,3 @@`
							`# Qemu guest agent`

							`Installe qemu guest agent`
		`@ -0,0 +1,3 @@`
							`# Root config`

							`Configure les différentes applications de root (typiquement nano et vim).`
		`@ -0,0 +1,3 @@`
							`# Zamok tools`

							`Installe les logiciels nécessaire sur Zamok et configure les pages persos.`