diff --git a/.gitignore b/.gitignore index 110be62..ff03494 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +__pycache__ debug.yml diff --git a/group_vars/all/home.yml b/group_vars/all/home.yml index c41417c..946db88 100644 --- a/group_vars/all/home.yml +++ b/group_vars/all/home.yml @@ -1,4 +1,4 @@ --- glob_home: ip: 172.16.42.1 - mountpoint: /rpool/home + mountpoint: /vm/home diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml index f0d0613..cec1b4d 100644 --- a/group_vars/all/network_interfaces.yml +++ b/group_vars/all/network_interfaces.yml @@ -1,10 +1,10 @@ glob_network_interfaces: vlan: - - name: srv - id: 1 - gateway: "185.230.76.62" - dns: "{{ query('ldap', 'ip', 'routeur-templier', 'srv') | ipv4 | first }}" - gateway_v6: "2a0c:700:3012::ff:fe02:112" + - name: adh + id: 12 + gateway: "185.230.78.99" + dns: "{{ query('ldap', 'ip', 'routeur-templier', 'adh') | ipv4 | first }}" + gateway_v6: "2a0c:700:12::ff:fe00:9912" - name: adm id: 42 dns: "{{ query('ldap', 'ip', 'routeur-templier', 'adm') | ipv4 | first }}" diff --git a/group_vars/debian.yml b/group_vars/debian.yml index 4b3275a..ad7aef2 100644 --- a/group_vars/debian.yml +++ b/group_vars/debian.yml @@ -3,8 +3,7 @@ glob_apt: mirror: "http://mirror.adm.ynerant.fr/" backports: false extra_repositories: [] - pin: - bullseye: [] + pin: {} glob_root: passwd_hash: '{{ vault.root_passwd_hash }}' diff --git a/host_vars/an.adm.ynerant.fr.yml b/host_vars/an.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/an.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/borg.adm.ynerant.fr.yml b/host_vars/borg.adm.ynerant.fr.yml new file mode 100644 index 0000000..dc2ef38 --- /dev/null +++ b/host_vars/borg.adm.ynerant.fr.yml @@ -0,0 +1,3 @@ +--- +interfaces: + adm: ens18 diff --git a/host_vars/cemantix.adm.ynerant.fr.yml b/host_vars/cemantix.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/cemantix.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/dendrite.adm.ynerant.fr.yml b/host_vars/dendrite.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/dendrite.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/dgac.adm.ynerant.fr.yml b/host_vars/dgac.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/dgac.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/excalidraw.adm.ynerant.fr.yml b/host_vars/excalidraw.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/excalidraw.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/fosscord.adm.ynerant.fr.yml b/host_vars/fosscord.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/fosscord.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/mastodon.adm.ynerant.fr.yml b/host_vars/mastodon.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/mastodon.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/minecraft.adm.ynerant.fr.yml b/host_vars/minecraft.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/minecraft.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/nupes.adm.ynerant.fr.yml b/host_vars/nupes.adm.ynerant.fr.yml new file mode 100644 index 0000000..7efd34f --- /dev/null +++ b/host_vars/nupes.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + adh: ens19 diff --git a/host_vars/pad.adm.ynerant.fr.yml b/host_vars/pad.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/pad.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/peertube.adm.ynerant.fr.yml b/host_vars/peertube.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/peertube.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/routeur-templier.adm.ynerant.fr.yml b/host_vars/routeur-templier.adm.ynerant.fr.yml index 1e0d1a2..c512c28 100644 --- a/host_vars/routeur-templier.adm.ynerant.fr.yml +++ b/host_vars/routeur-templier.adm.ynerant.fr.yml @@ -1,5 +1,5 @@ --- interfaces: adm: ens18 - srv: ens19 + adh: ens19 srv_nat: ens20 diff --git a/host_vars/templier.adh.crans.org.yml b/host_vars/templier.adh.crans.org.yml index bc3f8f6..67c0e6b 100644 --- a/host_vars/templier.adh.crans.org.yml +++ b/host_vars/templier.adh.crans.org.yml @@ -2,3 +2,11 @@ user: name: ynerant root: yes + +loc_certbot: + - dns_rfc2136_server: '172.16.42.103' + dns_rfc2136_name: certbot_challenge. + dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}" + mail: ynerant@crans.org + certname: adm.ynerant.fr + domains: "*.adm.ynerant.fr" diff --git a/host_vars/testing.adm.ynerant.fr.yml b/host_vars/testing.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/testing.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/wireguard.adm.ynerant.fr.yml b/host_vars/wireguard.adm.ynerant.fr.yml new file mode 100644 index 0000000..92076e1 --- /dev/null +++ b/host_vars/wireguard.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + srv_nat: ens19 diff --git a/host_vars/zemour.adm.ynerant.fr.yml b/host_vars/zemour.adm.ynerant.fr.yml new file mode 100644 index 0000000..7efd34f --- /dev/null +++ b/host_vars/zemour.adm.ynerant.fr.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + adh: ens19 diff --git a/hosts b/hosts index c6060b6..58fac8f 100644 --- a/hosts +++ b/hosts @@ -1,20 +1,13 @@ [archlinux:children] perso -[babel] -babel0.adm.ynerant.fr -babel1.adm.ynerant.fr -babel2.adm.ynerant.fr -babel3.adm.ynerant.fr -babel4.adm.ynerant.fr -babel5.adm.ynerant.fr -babel6.adm.ynerant.fr - [blackbox] monitoring.adm.ynerant.fr [certbot] +nupes.adm.ynerant.fr proxy.adm.ynerant.fr +templier.adm.ynerant.fr [debian:children] server @@ -22,6 +15,9 @@ server [grafana] monitoring.adm.ynerant.fr +[nginx] +nupes.adm.ynerant.fr + [nginx:children] reverseproxy @@ -57,22 +53,25 @@ templier.adm.ynerant.fr templier.adm.ynerant.fr [vm] -# candilib.adm.ynerant.fr +an.adm.ynerant.fr +borg.adm.ynerant.fr +dendrite.adm.ynerant.fr docker.adm.ynerant.fr dns.adm.ynerant.fr +excalidraw.adm.ynerant.fr +fosscord.adm.ynerant.fr gitea.adm.ynerant.fr mailu.adm.ynerant.fr +mastodon.adm.ynerant.fr +minecraft.adm.ynerant.fr monitoring.adm.ynerant.fr nextcloud.adm.ynerant.fr +nupes.adm.ynerant.fr +pad.adm.ynerant.fr +peertube.adm.ynerant.fr psql.adm.ynerant.fr proxy.adm.ynerant.fr -re6st.adm.ynerant.fr routeur-templier.adm.ynerant.fr synapse.adm.ynerant.fr - -[vm:children] -babel - -[all:vars] -# Force remote to use Python 3 -ansible_python_interpreter=/usr/bin/env python3 +testing.adm.ynerant.fr +wireguard.adm.ynerant.fr diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py index b085b89..e6677de 100644 --- a/lookup_plugins/ldap.py +++ b/lookup_plugins/ldap.py @@ -51,7 +51,7 @@ class LookupModule(LookupBase): network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}") network_result = self.base.result(network_query_id) vlan = network_result[1][0][1]['cn'][0].decode('utf-8') - if vlan == 'srv': + if vlan == 'adh': query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE) else: query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE) @@ -82,7 +82,7 @@ class LookupModule(LookupBase): network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}") network_result = self.base.result(network_query_id) vlan = network_result[1][0][1]['cn'][0].decode('utf-8') - if vlan == 'srv': + if vlan == 'adh': query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE) else: query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE) @@ -168,7 +168,7 @@ class LookupModule(LookupBase): network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}") network_result = self.base.result(network_query_id) vlan = network_result[1][0][1]['cn'][0].decode('utf-8') - if vlan == 'srv': + if vlan == 'adh': query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE) else: query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE) @@ -187,7 +187,7 @@ class LookupModule(LookupBase): res = [] for _, network in result[1]: network = network['cn'][0].decode('utf-8') - if network == 'srv': + if network == 'adh': res.append('ynerant.fr') else: res.append(f"{network}.ynerant.fr") diff --git a/plays/base.yml b/plays/base.yml index 176d933..983bf6e 100755 --- a/plays/base.yml +++ b/plays/base.yml @@ -8,6 +8,7 @@ - import_playbook: ldap-client.yml - import_playbook: home.yml - import_playbook: nullmailer.yml +- import_playbook: monitoring.yml - hosts: debian roles: diff --git a/roles/cli-utils/tasks/main.yml b/roles/cli-utils/tasks/main.yml index 06fd405..0e2083b 100644 --- a/roles/cli-utils/tasks/main.yml +++ b/roles/cli-utils/tasks/main.yml @@ -9,6 +9,8 @@ - "{% if ansible_os_family == 'Debian' %}dnsutils{% else %}bind-tools{% endif %}" - git - man + - molly-guard + - needrestart - "mtr{% if ansible_os_family == 'Debian' %}-tiny{% endif %}" - sl - htop @@ -17,6 +19,7 @@ - tmux - traceroute - tree + - unattended-upgrades - vim register: pkg_result retries: 3 diff --git a/roles/ntp-client/tasks/main.yml b/roles/ntp-client/tasks/main.yml index 7e7d69b..07756d8 100644 --- a/roles/ntp-client/tasks/main.yml +++ b/roles/ntp-client/tasks/main.yml @@ -9,7 +9,7 @@ until: apt_result is succeeded when: "'ntp_server' not in group_names" -- name: Install systemd-timesyncd (bullseye) +- name: Install systemd-timesyncd apt: name: systemd-timesyncd update_cache: true @@ -19,7 +19,6 @@ until: apt_result is succeeded when: - "'ntp_server' not in group_names" - - ansible_distribution_release == "bullseye" - name: Configure NTP template: diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index bdb43fc..fa8fe27 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -8,7 +8,7 @@ retries: 3 until: apt_result is succeeded -- name: Install Prometheus node-exporter-collectors (bullseye) +- name: Install Prometheus node-exporter-collectors apt: update_cache: true name: prometheus-node-exporter-collectors @@ -16,8 +16,6 @@ register: apt_result retries: 3 until: apt_result is succeeded - when: - - ansible_lsb.codename == 'bullseye' - name: Make Prometheus node-exporter listen on adm only lineinfile: @@ -32,14 +30,3 @@ name: prometheus-node-exporter enabled: true state: started - -# Install new APT textfile collector, it might be upstreamed one day -# https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/pull/35 -- name: Patch APT textfile collector - copy: - src: apt.sh - dest: /usr/share/prometheus-node-exporter/apt.sh - owner: root - group: root - mode: 0755 - when: ansible_distribution_release != "bullseye"