crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansible/network.yml

193 lines
6.3 KiB
YAML
Executable File
Raw Blame History

#!/usr/bin/env ansible-playbook
---
# Deploy tunnel
- hosts: sputnik.adm.crans.org
vars:
debian_mirror: http://mirror.crans.org/debian
wireguard:
sputnik: true
private_key: "{{ vault_wireguard_sputnik_private_key }}"
peer_public_key: "{{ vault_wireguard_boeing_public_key }}"
roles:
- wireguard
- hosts: boeing.adm.crans.org
vars:
# Debian mirror on adm
debian_mirror: http://mirror.adm.crans.org/debian
wireguard:
sputnik: false
if: ens20
private_key: "{{ vault_wireguard_boeing_private_key }}"
peer_public_key: "{{ vault_wireguard_sputnik_public_key }}"
roles:
- wireguard
# Deploy DHCP server
- hosts: dhcp.adm.crans.org
vars:
dhcp:
authoritative: true
roles:
- isc-dhcp-server
# Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org
roles:
- bind-recursive
# Deploy authoritative DNS server
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
vars:
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
zones: "{{ lookup('re2oapi', 'dnszones') }}"
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
roles:
- bind-authoritative
# Deploy reverse proxy
- hosts: bakdaur.adm.crans.org,frontdaur.adm.crans.org
vars:
certbot:
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
nginx:
ssl:
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
redirect_dnames:
- crans.eu
- crans.fr
reverseproxy_sites:
# Services web Crans
- {from: lutim.crans.org, to: 10.231.136.69}
- {from: zero.crans.org, to: 10.231.136.76}
- {from: pad.crans.org, to: "10.231.136.76:9001"}
- {from: ethercalc.crans.org, to: "10.231.136.203:8000"}
- {from: mediadrop.crans.org, to: 10.231.136.106}
- {from: videos.crans.org, to: 10.231.136.106}
- {from: video.crans.org, to: 10.231.136.106}
- {from: roundcube.crans.org, to: 10.231.136.105}
- {from: phabricator.crans.org, to: 10.231.136.123}
- {from: trackerusercontent.crans.org, to: 10.231.136.123}
- {from: cas.crans.org, to: 10.231.136.18}
- {from: auth.crans.org, to: 10.231.136.18}
- {from: login.crans.org, to: 10.231.136.18}
- {from: webmail.crans.org, to: 10.231.136.107}
- {from: horde.crans.org, to: 10.231.136.107}
- {from: owncloud.crans.org, to: 10.231.136.26}
- {from: ftps.crans.org, to: 10.231.136.98}
- {from: wiki.crans.org, to: 10.231.136.204}
- {from: www.crans.org, to: 10.231.136.46}
- {from: doc.crans.org, to: 10.231.136.46}
- {from: limesurvey.crans.org, to: 10.231.136.253}
- {from: perso.crans.org, to: 10.231.136.1}
- {from: webnews.crans.org, to: 10.231.136.63}
- {from: re2o.crans.org, to: 10.231.136.9}
- {from: intranet.crans.org, to: 10.231.136.9}
- {from: autoconfig.crans.org, to: 10.231.136.46}
- {from: grafana.crans.org, to: "10.231.136.102:3000"}
- {from: webirc.crans.org, to: "10.231.136.1:9000"}
- {from: framadate.crans.org, to: 10.231.136.153}
# Zamok
- {from: install-party.crans.org, to: 10.231.136.1}
- {from: med.crans.org, to: 10.231.136.1}
- {from: med-cartons.crans.org, to: 10.231.136.1}
- {from: amap.crans.org, to: 10.231.136.1}
- {from: pot-vieux.crans.org, to: 10.231.136.1}
- {from: bonvivens.crans.org, to: 10.231.136.1}
redirect_sites:
- {from: crans.org, to: www.crans.org}
# Aliases or legacy support
- {from: factures.crans.org, to: intranet.crans.org}
- {from: accounts.crans.org, to: intranet.crans.org}
- {from: intranet2.crans.org, to: intranet.crans.org}
- {from: clubs.crans.org, to: perso.crans.org}
- {from: task.crans.org, to: phabricator.crans.org}
- {from: adopteunpingouin.crans.org, to: install-party.crans.org}
- {from: i-p.crans.org, to: install-party.crans.org}
# To the wiki
- {from: wikipedia.crans.org, to: wiki.crans.org}
- {from: wifi.crans.org, to: wiki.crans.org/CransD%C3%A9marrage}
- {from: television.crans.org, to: wiki.crans.org/CransTv}
- {from: tv.crans.org, to: wiki.crans.org/CransTv}
# ENS Cachan
- {from: crans.ens-cachan.fr, to: www.crans.org}
- {from: install-party.ens-cachan.fr, to: install-party.crans.org}
roles:
- certbot
- nginx-reverseproxy
- hosts: gitzly.adm.crans.org
vars:
certbot:
dns_rfc2136_name: certbot_adm_challenge.
dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
mail: root@crans.org
certname: adm.crans.org
domains: "*.adm.crans.org"
bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
roles:
- certbot
# Deploy firewall
- hosts: gulp.adm.crans.org
roles: [] # TODO
# Deploy Unifi Controller
- hosts: unifi.adm.crans.org
roles:
- unifi-controller
# Configure routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
roles:
- logall
- quagga
# Deploy BGP server configuration on IPv4 routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
vars:
zebra:
password: "{{ vault_zebra_password }}"
bgp:
as: 204515
router_id: 158.255.113.73
network: 185.230.76.0/22
neighbor: 158.255.113.72
remote_as: 8218
roles:
- quagga-ipv4
# Deploy BGP server configuration on IPv6 routers
- hosts: ipv6-zayo.adm.crans.org
vars:
zebra:
password: "{{ vault_zebra_password }}"
bgp:
as: 204515
router_id: 138.231.136.200
network: 2a0c:700::/32
neighbor: 2001:1b48:2:103::bb:1
remote_as: 8218
roles:
- quagga-ipv6
Reference in New Issue View Git Blame Copy Permalink