crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,766 Commits
12 Branches
0 Tags
7.9 MiB
Commit Graph

965 Commits (9024a402a997686d5875e719e4250526133a69f3)

Author SHA1 Message Date
_shirenn 5661bb4bf6 [dhcp] Restart isc-dhcp-server only if it is already running 2021-02-23 23:28:20 +01:00
Yohann D'ANELLO 2844df31b2
[gitlab] Fix irker configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 23:35:17 +01:00
Yohann D'ANELLO 98eaeaa53b
[gitlab] Install irker from Debian Sid to add IRC webhooks 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 23:29:58 +01:00
ynerant 7eae75a470
[gitlab] Enable local nginx server, don't server HTTPS port 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-22 23:29:57 +01:00
ynerant 5786663cfb
[gitlab] Disable grafana server 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-22 23:29:57 +01:00
ynerant a8e90e1ea9
[gitlab] Update gitlab default configuration 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-22 23:29:57 +01:00
ynerant 065fe78435
[gitlab] Import Gitlab GPG public key 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-22 23:29:57 +01:00
_shirenn b152c48ed3
[gitlab] smtp server and https push 2021-02-22 23:29:56 +01:00
Yohann D'ANELLO 46f1627c02
[gitlab] Fix gitlab configuration file path 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 23:29:56 +01:00
Yohann D'ANELLO 73a6b5afb4
[gitlab] Install gitlab 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 23:29:56 +01:00
Yohann D'ANELLO f07bb8b749
[Gitlab] Reconfigure Gitlab after deploying its configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 23:29:56 +01:00
Yohann D'ANELLO ae30c0593a
display_name -> email_display_name 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 23:29:55 +01:00
ynerant 63d4164ba0
Cransible Gitlab configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 23:29:55 +01:00
Yohann D'ANELLO 6d35dcd7e8 [nginx/mailman] Fix configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO f83b34191a [nginx/statping] Drop old statping configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 978c265c03 [nginx/statping] Extract nginx configuration from statping and gitea 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 6b8fb0916f [nginx/moinmoin] Extract nginx configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO d6f15d4210 [nginx/cas] Factorize nginx configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 82119c746e [nginx] Define proper set_realip_from 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 8d8c212f49 [nginx/roundcube] Factorize configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 4c115a8b34 [thelounge] Don't load ldap configuration if it is disabled 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 201dbd6ee0 [thelounge] Download debian package 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 44cf074a39 [nginx] Add feature to add additional params to a nginx server 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 19beb34227 [nginx/certbot] Remove obsolete files 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO de58138a22 [nginx] Multiple certficates are compatible with reverse-proxy 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 72238d79ed [nginx] Add feature to manage multiple certificates, for example for crans.org and for adm.crans.org 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 96d5f945e3 [nginx] Update configuration for default servers 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 9d5a080fc5 [thelounge] Support zamok configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO af33ff7d56 [thelounge] Temporary not download automatically the thelounge packet 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 2360b992c4 Restart the lounge at the end of the playbook 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 334b4ace02 [thelounge] Uncomment the download of the Debian package, but for now the package must be manually downloaded because of redirection issues 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 3f4a66eb7c [thelounge] Copy ldap configuration for zamok 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO f039121e21 [thelounge] Download the Debian package and install it, and deploy 
configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO c3d58d9ca9 [nginx] Fix default configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO a16208b1c3 [nginx] Add template permissions 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO dd249f2a30 [nginx] Disable default site 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 9f21a7ad79 [nginx] Drop nginx-pubftp role 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 2b8e0dbbff [nginx] Fix nginx template, this is now usable 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
ynerant a9897ec3c0 [nginx] Load global and local nginx configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO ec262bd5c1 [nginx] Drop role nginx-mailman 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO dafa3685ce [nginx] Copy 401 error page if we use credentials 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 0eaee6c78f [nginx] Copy robots.txt 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 3fceaeb836 [nginx] allow setting credentials to a nginx server 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 6ee4d8b44d Deploy nginx configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
ynerant 244e1c284b Cransible mailman nginx configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 84fb96eab6 Create generic Nginx template 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO f09ec69ef1 Remove unused role nginx-rtmp 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 51c54e4b86 Install reverse proxy sites only if necessary 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 454ca95edf Rename nginx-reverseproxy to nginx 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 22:26:31 +00:00
Yohann D'ANELLO 82818b732f
Reload apache after deploying its configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 14:10:44 +01:00
Yohann D'ANELLO 408c857f81
[zamok_apache] Pepcransification 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 14:07:35 +01:00
Yohann D'ANELLO 6774cca43c
[zamok_apache] Fix role 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 14:06:53 +01:00
ynerant 3f84bb5628
[zamok] Apache is listening on its private interface only 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-22 13:55:31 +01:00
Yohann D'ANELLO 634369ad62
[zamok] export apache2 + php custom configuration 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 13:55:29 +01:00
Yohann D'ANELLO ae163d6bc9
[nullmailer] Define allmailfrom to always send mails as root 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 12:31:30 +01:00
Yohann D'ANELLO 601a52132e
[belenios] Move ocsigenserver command pipe 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 12:31:30 +01:00
Yohann D'ANELLO 2bdd00b385
[belenios] Don't need to link the ocsidb file 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-02-22 12:31:30 +01:00
ynerant 094bb497f4
[belenios] Sort APT dependencies 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-22 12:31:30 +01:00
ynerant 359b6a4553
[belenios] Deploy belenios 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-22 12:31:30 +01:00
_shirenn 6e6dd56e4d [borg] lets filter-out shit and backup cameron 2021-02-22 12:13:23 +01:00
_shirenn 59bc91dc9d [vault] Changing cranspasswords to pass crans 2021-02-22 12:01:03 +01:00
_shirenn fc76317aec [oldinfra] cleanup 2021-02-22 11:54:30 +01:00
_shirenn 262696970f [network-interfaces] PEPCRANSED 2021-02-22 11:51:44 +01:00
_shirenn c5c7e16d07 [root-config] Rajoute un fichier de configuration pour vim 2021-02-22 11:34:55 +01:00
_shirenn 02df5674b1 [slapd] soyouz, query and regex 2021-02-22 01:30:02 +01:00
_benjamin f4dd6fe242 [ssh_known_hosts] Use LDAP to deploy ssh_known_hosts 2021-02-18 14:36:34 +01:00
ynerant 009e7b42cb
[certbot] Generate multiple certificates (useful for adm) 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-16 15:35:07 +01:00
ynerant 167818eb90
[ldap] libpam-ldapd is required to use ldap authentication and is not automatically installed on bullseye 
Signed-off-by: ynerant <ynerant@crans.org>
 2021-02-15 23:38:28 +01:00
_shirenn d03eed8abe [re2o-services] PEPCRANSIFIED 2021-02-11 09:57:10 +01:00
_shirenn f5cf25c9b7 [dhcp] dont clone git from /tmp 2021-02-11 09:57:10 +01:00
_shirenn acd8e3da2a [nullmailer] PEPCRANSED BRO 2021-02-10 11:30:07 +01:00
_shirenn 7cd62269a3 pepcrans :) 2021-02-08 15:02:14 +01:00
_benjamin bc486b5570 Merge branch 'linx' into 'newinfra' 
[linx] Add linx server, role and playbook

See merge request nounous/ansible!206
 2021-02-08 13:37:42 +00:00
_benjamin 1d5310127e [linx] Add linx server, role and playbook 2021-02-08 14:37:05 +01:00
pa d7660e8333 [cas] CRANSIBLEISED bro 2021-02-07 18:16:43 +01:00
_shirenn 33e43c8815 [framadate] Moving to version 1.1.11 2021-02-06 11:30:00 +01:00
_shirenn dfb995e958 [ldap] Petit nettoyage 2021-02-03 16:17:38 +01:00
_benjamin 76114488e3 Merge branch 'slapd' into 'newinfra' 
[slapd] Petit ménage

See merge request nounous/ansible!202
 2021-02-03 14:28:19 +00:00
_benjamin 43b5f28c29 [rsyslog-client] Restart rsyslog 2021-01-31 19:38:16 +01:00
pa b064590f2b Nettoyage de printemps 2021-01-18 09:52:53 +01:00
_shirenn 7702e3ff3a [slapd] Petit ménage 2021-01-17 22:22:40 +01:00
_shirenn 29222acf56 [crans_scripts] PEPCRANSIFICATION 2021-01-17 21:39:18 +01:00
_shirenn 1eba54f3ec [ntp-client] On continue à PEPCRANSIFIER 2021-01-17 20:59:45 +01:00
_shirenn 4987bbaf02 [sudo] Autorise les cableurs à qm list 2021-01-17 20:23:09 +01:00
pa 28fa6e0a94 [keepalived] Rafraichissement de la conf 2021-01-17 20:13:30 +01:00
_shirenn 54d88729cf [zamok-tools] Coucou bat 2021-01-17 18:58:05 +01:00
Alexandre Iooss e7226ad7a5
Procurve suffix for SNMP monitoring 2021-01-16 18:57:33 +01:00
Alexandre Iooss f3c38819ef
Prometheus on bullseye 2021-01-13 16:37:48 +01:00
_pollion 854f483af7 Enable configuring network interfaces 2021-01-10 21:34:47 +01:00
_pollion 32e0c220f0 configure re2o-ldap and re2o-dev 2021-01-10 14:15:41 +01:00
_benjamin 3b81f9d758 [re2o-front] Install re2o frontend dependancies 2021-01-10 14:02:40 +01:00
_benjamin 9628a7ece0 [re2o] Fix typo 2021-01-10 13:43:47 +01:00
_benjamin 44b3eec6ea [re2o] Install version 1.6.0 of django-macaddress 2021-01-10 13:03:16 +01:00
_benjamin d98518f295 [radvd] Add a line feed after each block 2021-01-08 16:43:21 +01:00
_benjamin c22afa2adc [sysctl-forwarding] Allow even more routes in IPv6 :) 2021-01-08 15:08:14 +01:00
_benjamin b01779a351 [sysctl-forwarding] Allow more routes in IPv6 2021-01-08 15:05:44 +01:00
_benjamin 30ecc05a52 [bird] Use bird instead of quagga 2021-01-08 14:48:55 +01:00
Alexandre Iooss c6e11e398f
mtail for tealc from the future 2021-01-06 21:26:06 +01:00
Alexandre Iooss b71f4d3635
Monitor all websites 2021-01-06 13:43:20 +01:00
Yohann D'ANELLO b9f0bbb460
[redisdead] Replace very old crans logo and remove all crans-specific options in the config template 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-01-05 22:29:49 +01:00
Yohann D'ANELLO 4507d367bd
[grafana] Move crans icon file 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-01-05 22:09:50 +01:00
Yohann D'ANELLO 2f7205aafd
[grafana] Replace Crans image 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-01-05 21:39:29 +01:00
erdnaxe 91b8f5e6d6 Merge branch 'grafana_newinfra' into 'newinfra' 
Grafana newinfra

See merge request nounous/ansible!176
 2021-01-05 19:26:57 +01:00
Alexandre Iooss b7f64f33ac
More scotch to fix ldap 2021-01-05 19:26:03 +01:00
Alexandre Iooss 648a35a36b
Change Grafana LDAP configuration 2021-01-05 19:09:15 +01:00
Alexandre Iooss 9899a32739
Make grafana public 2021-01-05 19:01:47 +01:00
_benjamin c9accd6be4 [arp-proxy] delete arp proxy 2021-01-05 17:33:26 +01:00
_benjamin 6a094a5913 [rsyslog-client] install relp module 2021-01-04 20:35:25 +01:00
_benjamin 8eafa78df6 [rsyslog-server] do a line feed 2021-01-03 19:32:35 +01:00
_benjamin 935be638bf [rsyslog-server] rotate logs and install relp module 2021-01-03 11:01:49 +01:00
_benjamin f750f50758 Merge branch 'rsyslog' into 'newinfra' 
[rsyslog-server] tealc is the rsyslog server

See merge request nounous/ansible!166
 2021-01-03 10:47:07 +01:00
_benjamin c8ed25a704 [rsyslog-server] tealc is the rsyslog server 2021-01-03 10:46:23 +01:00
Yohann D'ANELLO ac85697784
[common_tools] Redorder APT packages 2021-01-03 02:36:22 +01:00
Yohann D'ANELLO 0c3840fd1f
[common_tools] Install curl 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2021-01-03 02:33:51 +01:00
_benjamin 2bce15ed6e [bind-authoritative] New path for zones 2021-01-02 21:39:59 +01:00
_benjamin 4a20b96da3 [logall] Deploy rsyslogd config, logrotate and mount logs 2021-01-02 11:03:34 +01:00
erdnaxe 834f8e34bd Merge branch 'cas' into 'newinfra' 
Migrate CAS to new infra

See merge request nounous/ansible!156
 2021-01-02 09:35:42 +01:00
Alexandre Iooss 585d947b6f
Migrate CAS to new infra 2021-01-02 09:34:22 +01:00
_pollion 4f4e0e4b22 backup MySQL db on Zamok 2021-01-01 23:15:30 +01:00
_pollion 816a63ad0b Clean up zamok tools 2021-01-01 22:33:30 +01:00
_pollion 8f65faa638 [borgbackup-server] Render unto borg the things that are borg's 2021-01-01 19:23:19 +01:00
_pollion 189885c7da [borgbackup-client] don't use ansible_lsb 2021-01-01 19:22:46 +01:00
pa 2bcf91b975 Ssh known hosts 2021-01-01 17:53:35 +01:00
_pollion 14b35312fe Pumped up MoinMoin gendoc 2020-12-30 13:14:25 +01:00
_pollion 6f6b9bc826 [moinmoin-gendoc] Documentation compliance about writing facts modules. 2020-12-29 21:32:36 +01:00
_benjamin 2ad6728a4d Merge branch 'ldap' into 'newinfra' 
[slapd] uid musts start with _

See merge request nounous/ansible!142
 2020-12-29 16:25:52 +01:00
_benjamin f7b85d6214 [slapd] uid musts start with _ 2020-12-29 16:25:22 +01:00
Alexandre Iooss 8e82626efd
Reverse proxy statping 2020-12-29 13:09:10 +01:00
_benjamin 6a4494361d [home-permanent] Mount cameron on san 2020-12-29 11:28:01 +01:00
_pollion ca0cb52cc1 Merge branch 'owncloud' into 'newinfra' 
Owncloud is on !

See merge request nounous/ansible!139
 2020-12-29 02:21:06 +01:00
_pollion 9dc5f3fefb Owncloud is on ! 2020-12-29 02:05:18 +01:00
Alexandre Iooss f3c31c072a
Fix certbot 2020-12-28 19:15:23 +01:00
_pollion 5cc694c20d Merge branch 'lsb_fix' into 'newinfra' 
use ansible_distribution insted of lsb infos, lsb is deprecated by debian since 2015

See merge request nounous/ansible!133
 2020-12-28 17:32:24 +01:00
_pollion a6e5fd722e Merge branch 'certbot' into 'newinfra' 
run certbot

See merge request nounous/ansible!126
 2020-12-28 17:23:22 +01:00
_pollion 559935d983 Merge branch 'owl' into 'newinfra' 
Owl

See merge request nounous/ansible!127
 2020-12-28 17:22:46 +01:00
Michaël Paulon f383888305 use ansible_distribution insted of lsb infos, lsb is deprecated by debian since 2015 2020-12-28 16:28:35 +01:00
erdnaxe f3413d6a84 Merge branch 'statping' into 'newinfra' 
Init statping role

See merge request nounous/ansible!132
 2020-12-28 14:22:19 +01:00
Alexandre Iooss aa8aca6a26
Init statping role 2020-12-28 13:53:19 +01:00
_benjamin 29970808ec Merge branch 'nfs' into 'newinfra' 
[home-permanent] Déploie le mount file des mails

See merge request nounous/ansible!131
 2020-12-28 13:46:32 +01:00
_benjamin 3700774d88 [home-permanent] Déploie le mount file des mails 2020-12-28 13:42:26 +01:00
Alexandre Iooss acf63fd300
Change memory formula in prometheus 2020-12-28 12:54:12 +01:00
Alexandre Iooss 946250e322
Monitor NGINX with Prometheus 2020-12-28 12:01:19 +01:00
Michaël Paulon 565cf4fcbe run certbot 2020-12-27 20:03:26 +01:00
_pollion 0c8247d4a2 [dovecot] Fix ldap queries. 2020-12-27 19:59:52 +01:00
Michaël Paulon 6dfa92d65b gné ! 2020-12-27 13:30:02 -05:00
Michaël Paulon 4251074bc0 dovecot is now in ansible 2020-12-27 13:04:57 -05:00
_benjamin 891921115c [home] fix names 2020-12-27 10:35:18 +01:00
_benjamin 0bee051045 [home] fix names 2020-12-27 10:34:41 +01:00
_benjamin c48b1d565c [home] add playbook to deploy home creation script 2020-12-27 10:24:41 +01:00
_benjamin 30ae977365 [home] add role to deploy home creation script 2020-12-26 16:02:45 +01:00
_benjamin 5ad4333867 [dns] rename template path 2020-12-26 16:01:09 +01:00
_benjamin 571486451d [dns] rename template path 2020-12-26 15:59:55 +01:00
_pollion ec6cd26d6c [moimoin-gendoc] Write ssh fingerprint instead of the full key that no one would ever read. 2020-12-23 23:40:02 +01:00
Alexandre Iooss b202dcffd1 Add support for bullseye and add codichotomie 2020-12-18 17:26:26 +01:00
_pollion d2a6501b9e Merge branch 'newinfra' into 'borgbackup' 
# Conflicts:
#   group_vars/crans_server/vars.yml
#   plays/backup.yml
 2020-12-06 02:25:53 +01:00
_pollion 8798fa348c [borg] Update motd. 2020-12-06 01:51:05 +01:00
_pollion a871e1e480 [Borg] Server config 2020-12-06 01:44:39 +01:00
_pollion 6c54221a97 [borg] Update client role. 2020-12-06 01:01:42 +01:00
_pollion 31f4164adb [borgbackup] Typo in borgmatic config 2020-12-06 00:03:39 +01:00
_pollion 79f30669b3 [borgbackups] Initialize borg repository. 2020-12-03 03:37:32 +01:00
_pollion 2850679ced [borgbackups] Make use of handlers 2020-12-03 03:36:57 +01:00
_pollion acafd5b7c8 [Borgbackup] Pull borg from bullseye and deploy configuration. 2020-12-02 19:42:21 +01:00
_pollion bb08b4312a [borg] Use borgmatic 2020-12-02 16:01:07 +01:00
Alexandre Iooss 1e567358eb
Add ubuntu support 2020-11-30 18:26:15 +01:00
_pollion b3e4383a01 [Borgbackup] Init borgbackup role 2020-11-29 20:39:17 +01:00
Alexandre Iooss 460e2995bf Small fix on ntp 2020-11-29 17:49:02 +01:00
Alexandre Iooss 6bb927ffca
all.yml is back 2020-11-29 17:24:50 +01:00
erdnaxe c253fe9331 Merge branch 'ntpsrv' into 'newinfra' 
NTP client with timesyncd

See merge request nounous/ansible!115
 2020-11-29 16:50:48 +01:00
Alexandre Iooss 2cff6b4cfe NTP client with timesyncd 2020-11-29 16:52:17 +01:00
_pollion 60d7d55fd0 Merge branch 'in_memoriam' into 'newinfra' 
Welcome Zephir to new infra

See merge request nounous/ansible!114
 2020-11-29 16:50:37 +01:00
_pollion 374085c8a5 Welcome Zephir to new infra 2020-11-29 16:50:38 +01:00
Alexandre Iooss 9b248ee56d
Use Proxmox and Grafana mirrors 2020-11-29 11:00:41 +01:00
_pollion bc80702bea Horde, welcome to new infra 2020-11-29 00:25:13 +01:00
Alexandre Iooss 13f9b9b15e
Moinmoin backup config 2020-11-28 23:10:56 +01:00
Alexandre Iooss 5c8ac3685d
Sync prod configuration moin 2020-11-28 22:33:35 +01:00
Alexandre Iooss 7afa94dc70
Make prometheus exporter work 2020-11-28 19:58:06 +01:00
Alexandre Iooss efff9f75d3
Make ninjabot role work 2020-11-28 18:45:59 +01:00
Alexandre Iooss aa109fa224
Il installe oidentd, ça tourne mal 2020-11-28 16:27:13 +01:00
_pollion d45fff9176 [Certbot] Praise new infra 2020-10-12 18:34:46 +02:00
_benjamin fa51fa7cea [moinmoin] Listen on all interfaces 2020-09-23 17:45:26 +02:00
_pollion c888c56093 ethercalc on new infra 2020-09-22 22:48:50 +02:00
_benjamin 7e64b42647 [nullmailer] Typo snmp -> smtp 2020-09-20 17:58:14 +02:00
Alexandre Iooss 2aedbe0a16 Configure CAS 2020-09-19 10:32:09 +02:00
Alexandre Iooss 44a8379294 More CAS configuration 2020-09-19 08:26:19 +02:00
erdnaxe 1eb06b96ab Merge branch 'roundcube' into 'newinfra' 
Roundcube

See merge request nounous/ansible!87
 2020-09-18 18:03:30 +02:00
_benjamin 309cd318d2 [interfaces] Deploy interfaces on unifi 2020-09-12 11:04:52 +02:00
Alexandre Iooss 206f0ced7d Generalize logo 2020-09-07 11:14:36 +02:00
Alexandre Iooss dc53d4c411 Clone plugins and add logo 2020-09-07 11:10:17 +02:00
_shirenn 239b8ec406 [roundcube][unsafe] coucou erdnaxe[m] il faut que tu proprifies la conf nginx et que tu ajoutes ce qui est en prod :) 2020-09-05 10:41:27 +02:00
Alexandre Iooss c2aee6173c Add gitlab-runner role 2020-08-28 10:58:07 +02:00
Alexandre Iooss 5a2b990799 [stream] Create HLS in tmpfs 2020-08-27 16:01:11 +02:00
Alexandre Iooss 2986420ab3 [stream] Refresh button and icons 2020-08-27 16:00:54 +02:00
Alexandre Iooss be3bdb71c4 Poster when nobody is streaming 2020-08-27 10:35:28 +02:00
Alexandre Iooss 61fbf41c94 Link to source on stream page 2020-08-26 17:13:18 +02:00
Alexandre Iooss 097d4b8b93
Better streaming, less latency and nicer page 2020-08-26 16:24:01 +02:00
_shirenn b84fcbf9ce [stream] \o fluxx.crans.org 2020-08-26 15:44:22 +02:00
_benjamin 8c2e40bd56 [wireguard] Use NDP and ARP proxy 2020-08-24 17:40:00 +02:00
_benjamin 1f759b6d20 [wireguard] Also NAT IPv6 2020-08-24 14:12:23 +02:00
_benjamin 17dddde252 [wireguard] Use nftables on boeing 2020-08-24 13:46:07 +02:00
_benjamin 4970f3b725 [interfaces] Search crans.org on srv 2020-08-23 20:30:54 +02:00
_benjamin 6acab35bf9 [interfaces] Use ipaddr to get network and netmask 2020-08-23 20:07:28 +02:00
_benjamin 22dee4e764 Merge branch 'newinfra' into 'interfaces' 
# Conflicts:
#   lookup_plugins/ldap.py
 2020-08-23 19:57:41 +02:00
_benjamin d0b023c6d5 [wireguard] Deploy wireguard on boeing 2020-08-23 19:48:30 +02:00
_benjamin 9ad954a0c3 [bind-recursive] Deploy configuration 2020-08-23 11:41:39 +02:00
_benjamin 53d457afd7 [bind-authoritative] Query LDAP for IPs 2020-08-22 09:21:10 +02:00
_benjamin dd55b0cf28 Merge branch 'dns' into 'newinfra' 
[dns] handle LDAP zones

See merge request nounous/ansible!68
 2020-08-21 16:08:05 +02:00
_benjamin 212433f736 [keepalived] Add IPv6 2020-08-20 18:24:29 +02:00
_benjamin a65076dc28 [interfaces] Add IPv6 gateways 2020-08-20 18:10:36 +02:00
_benjamin 589c7d7ac7 [quagga] Working config for IPv4 and IPv6 2020-08-20 02:46:32 +02:00
_benjamin fb08fbf7c9 [radvd] Install radvd on routers 2020-08-19 19:02:00 +02:00
_benjamin b76d538ad6 [nftables] Install and enable nftables on routers 2020-08-19 17:49:07 +02:00
_benjamin fa41bdb816 [interfaces] Configure interfaces only if an IP exists 2020-08-19 17:36:25 +02:00
_benjamin 68ce662296 Merge branch 'gulp' into 'newinfra' 
[firewall] Deploy firewall on gulp

See merge request nounous/ansible!61
 2020-08-19 16:06:13 +02:00
_benjamin 83d52d6c85 [firewall] Deploy firewall on gulp 2020-08-19 16:05:50 +02:00
_benjamin b500cc128c [slapd] Move variables to group_vars 2020-08-19 14:21:52 +02:00
_benjamin 2527390703 Merge branch 'openssh' into 'newinfra' 
Openssh

See merge request nounous/ansible!58
 2020-08-19 14:05:46 +02:00
_benjamin 1a2890936b [openssh] Permit root login 2020-08-19 14:04:18 +02:00
Alexandre Iooss e7b5f7e612
Add monitoring server for newinfra 2020-08-19 13:47:29 +02:00
_benjamin 9ee665828d Merge branch 'dhcp' into 'newinfra' 
[dhcp][keepalived] Enables dhcp on adh and infra

See merge request nounous/ansible!57
 2020-08-19 13:29:04 +02:00
_benjamin 4ea6bd9687 [interfaces] Deploy interfaces using LDAP 2020-08-19 13:07:47 +02:00
pa 1c81c5e0d3 Merge branch 'hodaur' into 'newinfra' 
Reverse proxy + first vm migration

See merge request nounous/ansible!56
 2020-08-18 19:12:06 +02:00
_shirenn 1f16dc88b6 [reverseproxy] variables and dirty things 2020-08-18 19:09:19 +02:00
_shirenn 9a01dd59fd [reverse_proxy] Adds hodaur and clean role 2020-08-18 17:13:44 +02:00
_benjamin 7d68f56e91 [arp-proxy] Deploy ARP proxy on routeur-sam 2020-08-18 16:01:01 +02:00
_benjamin 884076186f Merge branch 'home-nounous' into 'newinfra' 
[home-nounous] Fixed mount file mode

See merge request nounous/ansible!53
 2020-08-17 14:00:40 +02:00
_benjamin 2004d07a19 [home-nounous] Fixed mount file mode 2020-08-17 14:00:15 +02:00
_benjamin 2a191b0622 [dhcp][keepalived] Enables dhcp on adh and infra 2020-08-16 17:03:28 +02:00
_benjamin 7f12145fe6 [baie] Add extension to backports apt list file 2020-08-16 14:51:52 +02:00
_benjamin 3b305d4866 [sysctl-fowarding] Enable IP forwarding on routers 2020-08-16 10:09:29 +02:00
_pollion 58425a8081 Merge branch 'freeradius' into 'newinfra' 
Freeradius

See merge request nounous/ansible!48
 2020-08-11 23:30:32 +02:00
_benjamin 80f0d3686f [quagga] Merge ipv4 and ipv6 2020-08-11 18:43:39 +02:00
_benjamin 297cef0453 [baie] Playbook pour setup la baie 2020-08-11 17:00:28 +02:00
_benjamin 2c42757620 [iproute2] name table 26 2020-08-11 14:22:37 +02:00
_benjamin 1837c85b3a [root-config] tabs are tabs 2020-08-11 14:09:41 +02:00
_benjamin 884e6f8d09 [dns] handle LDAP zones 2020-08-11 14:05:24 +02:00
_benjamin 7c0cdb4e5a [firewall] Install python dependencies 2020-08-11 13:57:17 +02:00
_benjamin a5f5a6a52a [vm] Activate serial tty 2020-08-11 11:44:58 +02:00
_benjamin 1f9e65e6fb [dns] Deploy dns on silice 2020-08-11 08:44:15 +02:00
_benjamin a27a641ab8 [dns] Deploy dns 2020-08-11 08:37:56 +02:00
_benjamin c0140d5911 [re2o-services] Fix config file header 2020-08-11 08:29:29 +02:00
_pollion a7d67b1f87 Role freeradius 2020-08-11 04:04:41 +02:00
_pollion 44a6022885 Configure freeradius 2020-08-11 02:31:42 +02:00
_pollion c7a4049903 [Draft] Install freeradius with rlm_python3 2020-08-10 04:56:14 +02:00
_benjamin 6ae814e1e1 Merge branch 'firewall' into 'newinfra' 
[firewall] Deploy firewall

See merge request nounous/ansible!37
 2020-08-10 03:51:22 +02:00
_benjamin eb84bca7a8 [firewall] Deploy firewall 2020-08-10 03:48:24 +02:00
_pollion aacd9e1e31 Install re2o on new infra 2020-08-10 02:25:54 +02:00
_pollion 84fc337722 [postgresql] Configure psql database 2020-08-09 19:39:53 +02:00
vulcain 26ae5d595a Merge branch 'newinfra' into 'nano' 
# Conflicts:
#   roles/root-config/templates/nanorc.j2
 2020-08-09 02:09:20 +02:00
vulcain 2cf9fe0743 patch source of python.nanorc 2020-08-08 15:29:49 +02:00
vulcain 45a84cf91d Merge branch 'nano' into 'newinfra' 
patch source of python.nanorc

See merge request nounous/ansible!29
 2020-08-08 15:23:10 +02:00
vulcain b14088da0b patch source of python.nanorc 2020-08-08 15:19:16 +02:00
_benjamin dc35709d86 [slapd] Deploy LDAP certificate 2020-08-08 14:57:43 +02:00
pa 63b06fc02c Merge branch 'keepalived' into 'newinfra' 
Keepalived

See merge request nounous/ansible!27
 2020-08-07 17:43:32 +02:00
_shirenn ea0d140a66 [keepalived][unsafe] PEP CRANS + dhcp notify 2020-08-07 17:30:20 +02:00
_benjamin f93829267d [qemu-guest-agent] Install qemu-guest-agent on VMs 2020-08-07 16:52:26 +02:00
_shirenn dc17f75f90 Merge Pollion cherry pick 2020-08-07 12:59:56 +02:00
_shirenn 2c72c8c6c9 [proxmox] tout pleins de nouveaux copains 2020-08-07 12:42:42 +02:00
_shirenn 5c7569cce2 [proxmox][safe] Configuration CRANS 2020-08-07 12:42:40 +02:00
_shirenn 7024617206 [home-nounous][unsafe] Documentation + rennomage variables 2020-08-07 12:41:26 +02:00
_shirenn 194a725228 [ldap][unsafe] Documentation 2020-08-07 12:34:34 +02:00
_shirenn 3c1a94822b [slapd][unsafe] Rennomage variables et doc 2020-08-07 12:34:34 +02:00
_shirenn 34985f5558 [slapd] Check-mode safe 2020-08-07 12:34:34 +02:00
_shirenn 0b47e83b28 [ntp-client] Check-mode safe 2020-08-07 12:34:34 +02:00
_shirenn aa552f55b6 [common-tools] Check-mode safe 2020-08-07 12:34:34 +02:00
_shirenn 8f0f082139 [proxmox] Role for proxmox repositories 2020-08-07 12:34:34 +02:00
_benjamin 70f180e9a9 [slapd] fix role 2020-08-07 12:34:34 +02:00
_benjamin 2d1a5211c1 [slapd] Use password from vault 2020-08-07 12:34:34 +02:00
_benjamin 8bbec61350 [slapd] Change replication settings 2020-08-07 12:34:34 +02:00
_benjamin 19685dc466 [slapd] added slapd role 2020-08-07 12:34:34 +02:00
_pollion 7011f816ef [ldap-client] host looks into ldap before making a dns request 2020-08-07 12:34:02 +02:00
_pollion 52e237b0cf [New-infra] Deploy ldap and nfs with base system. 2020-08-07 12:34:01 +02:00
_benjamin 2310a08594 [home-nounous] install nfs-common 2020-08-07 12:32:59 +02:00
_benjamin 391d855fa7 [ldap-client] use nounous ldap 2020-08-07 12:32:59 +02:00
_benjamin 76421036b2 [home-nounous] added home-nounous role 2020-08-07 12:32:59 +02:00
_pollion 18d01d9cc8 [roles/re2o-services] OTL 2020-08-07 00:14:46 +02:00
_shirenn c06e3b5ee5 [horde] Adds motd 2020-08-05 20:16:21 +02:00
_shirenn 98a86d021f [framadate][unsafe] PEP-CRANS compliance 2020-08-05 19:57:27 +02:00
_shirenn b888bfb204 [horde] configuration complete 2020-08-05 00:15:02 +02:00
_shirenn 995cf4d67b [horde] Horde initial configuration 2020-08-04 04:36:40 +02:00
_pollion 5cab753ea8 [dhcp] Sanitize dhcp configuration 2020-08-03 01:21:50 +02:00
_pollion 5cf704f4b7 [dhcp] Configure /etc/default/isc-dhcp-server 2020-08-02 19:59:04 +02:00
_pollion d2176be40e [dhcp] Make use of handlers to restart the server only when needed 2020-08-02 19:03:05 +02:00
_pollion a37ced87aa [dhcp] Generate dhcpd.conf 2020-08-02 18:58:08 +02:00
_pollion 3e81a90787 [moimoi-gendoc] Update cache before installing python3-dmidecode. 2020-08-02 01:59:16 +02:00
_benjamin 700ff275af [quagga] Create log directory 2020-08-02 01:28:14 +02:00
_pollion 2612bfe332 [rsyncd] Do not hardcode anything in rsyncd.conf 2020-08-02 00:32:30 +02:00
_benjamin d9e1731ba1 Keepalived 2020-08-01 18:58:44 +02:00
_benjamin d7dc4398d5 [keepalived] Use zayo as default route 2020-08-01 14:32:42 +02:00
Alexandre Iooss 2690fd4600
Upgrade roundcube config 2020-07-31 07:48:59 +02:00
Alexandre Iooss 0027c844d5
Deploy roundcube conf and plugins 2020-07-30 22:15:17 +02:00
Alexandre Iooss 239c05e01c Add some cool deps to roundcube 2020-07-30 19:50:17 +02:00
Alexandre Iooss 1cb9021bd9
Beginning of roundcube role 2020-07-30 19:46:30 +02:00
Alexandre Iooss 9632039df8
Fix etherpad service enable 2020-07-26 22:49:56 +02:00
Alexandre Iooss cfac25a515
Etherpad role 2020-07-26 22:48:36 +02:00
Alexandre Iooss b1f1de3a9c Moinmoin: Use smtp.adm.crans.org as mail server 2020-07-17 12:45:24 +02:00
Alexandre Iooss 3eaca766ff Install bsd-mailx with nullmailer 2020-07-17 12:40:25 +02:00
Alexandre Iooss a1e0e35dca
Add moinmoin crons 2020-07-15 09:29:44 +02:00
Alexandre Iooss fdb2675d8d
Moinmoin mywiki conf 2020-07-15 09:24:00 +02:00
Alexandre Iooss acb8e3f972
Add mailman3 fix 2020-07-14 20:07:50 +02:00
Alexandre Iooss 2641dcd9c5
Move reverse-proxy in plays/ 2020-07-14 19:42:19 +02:00
vulcain ab4f15c61d add role for root config file deployment 2020-07-14 19:25:14 +02:00
Alexandre Iooss 18d8065155 Better generation of doc 2020-07-14 18:54:20 +02:00
Alexandre Iooss fcf0ebf4c9
Certbot on mailman3 2020-07-13 12:02:06 +02:00
Alexandre Iooss 4bce1f93cf
Link hyperkitty to mailman 2020-07-13 09:51:23 +02:00
Alexandre Iooss 77bf6ecc9e
Postfix mailman3 configuration 2020-07-12 23:59:14 +02:00
Alexandre Iooss e48a440b7e
Install postfix on mailman3 vm 2020-07-12 23:15:52 +02:00
Alexandre Iooss ed40b871dc Mailman3: Working cas 2020-07-11 17:30:25 +02:00
Alexandre Iooss ae36169565
Mailman3 web config 2020-07-11 15:12:32 +02:00
Alexandre Iooss 1fcf1fa8b3
Configure mailman3.cfg 2020-07-11 14:44:44 +02:00
Alexandre Iooss f337548b4b
Role mailman3 2020-07-11 13:29:53 +02:00
Alexandre Iooss 86fdedf5c2 Minor fix in cas motd 2020-07-11 12:49:56 +02:00
Alexandre Iooss 34b8671545
Edit wiki from controller 2020-07-01 11:49:35 +02:00
Alexandre Iooss 21db69864c
Add SSH pub key and fix ProLiant link 2020-07-01 11:37:35 +02:00
Alexandre Iooss 1e28c82ca8
Lazy SysAdmin strikes back 2020-07-01 11:17:03 +02:00
Alexandre Iooss 6d5cd2a567
Fix moinmoin-gendoc regex 2020-07-01 09:25:36 +02:00
Alexandre Iooss 14f02b8d76 Move moinmoin htdocs 2020-07-01 08:26:54 +02:00
Alexandre Iooss 4be7621670
Add nginx conf to moinmoin role 2020-07-01 07:50:16 +02:00
Alexandre Iooss 9ed6b68f55
moinmoin role 2020-06-30 17:30:00 +02:00
Alexandre Iooss ad8cffd4ea
moinmoin-server -> moinmoin-gendoc role 2020-06-30 17:08:04 +02:00
Fardale 1d5bd09fca [owncloud]: better fix for permission problem 2020-06-10 12:24:12 +02:00
Fardale 5cf60b7cce [owncloud]: fix permission problem 
Do not crash if the Owncloud folder exist with the wrong permissions
 2020-06-09 09:53:44 +02:00
Alexandre Iooss 3d834ff77a
Backup monitoring 2020-06-05 17:34:48 +02:00
Michaël Paulon a4e09e92f9 Merge branch 'master' into framadate 2020-06-02 23:12:34 +02:00
_shirenn c5d60fcf1e [framadate] les erreurs php … 2020-06-02 22:50:20 +02:00
_shirenn 45b65cd9b9 [framadate] … 2020-06-02 22:11:40 +02:00
_shirenn 8b6ca864d6 [framadate] on prie 2020-06-02 22:06:16 +02:00
_shirenn 49e7217485 [framadate] coucou mika 2020-06-02 21:07:18 +02:00
_shirenn 4c50bedaa3 [framadate] python-mysql 2020-06-02 21:03:02 +02:00
_shirenn 7b571dee03 [framadate] python-mysql 2020-06-02 21:02:40 +02:00
_shirenn 394016b06f [framadate] python-mysql 2020-06-02 21:00:38 +02:00
_shirenn cc36ef653b [framadate] Mysql package list 2020-06-02 20:56:04 +02:00
_shirenn 3dc27fa1da [framadate] Creation de la base de données mysql 2020-06-02 20:52:04 +02:00
_shirenn 3c05a6439e [framadate] phpv2 … 2020-06-02 20:42:14 +02:00
_shirenn ac40717cea [framadate] php … 2020-06-02 20:40:54 +02:00
_shirenn 9c8c5c1c05 [framadate] Ansible comment … 2020-06-02 20:39:06 +02:00
_pollion b6d15e85ea [freeradius] LE certificate with DNS challenge 2020-06-02 18:06:05 +02:00
Alexandre Iooss 0d36ac644c
[monitoring] Use ip filter for adm 2020-06-01 19:42:47 +02:00
_shirenn 481b7e8a9f Removes unnecessary become 2020-05-29 21:09:38 +02:00
_shirenn 34035fd687 pouet 2020-05-29 20:29:12 +02:00
_shirenn e776bee6eb [Framadate] corrects a missing 0 in .htpasswd permission 2020-05-27 12:11:00 +02:00
_shirenn 17abd936c1 Changes framadate to version 1.1.10 2020-05-27 00:23:49 +02:00
_pollion 5cb249c5cc [Alerts] Please stop yelling, it's not so hot (yet) ... But we keep watching you. 2020-05-26 13:09:33 +02:00
Alexandre Iooss 67ffa3c893
[prometheus] use dig lookup for adm ip 2020-05-25 12:43:12 +02:00
Alexandre Iooss ec3da3b8e5
[mtail] Add radiusd 2020-05-24 11:23:25 +02:00
Alexandre Iooss 55ad4a87a4
Copy dhparam only if does not already exist 2020-05-19 19:00:06 +02:00
_benjamin 7c049d2c17 [postfix] Add header to sender_login_maps 2020-05-19 12:49:11 +02:00
Michaël Paulon f3a3eda192 on envoie des alertes quand le load de zbee est à 7 et pas 5 pour arrêter le spam 2020-05-19 11:02:45 +02:00
_pollion 1080857f26 [Policyd] Fix policyd deployment. 2020-05-17 21:10:54 +02:00
_pollion 9e4e71dbbd Configuration for policyd 2020-05-17 20:31:00 +02:00
_benjamin aed4b4fadf [sqlgrey] Deploy sqlgrey on redisdead 2020-05-17 19:51:39 +02:00