Lot of stuff

Signed-off-by: Emmy D'Anello <ynerant@crans.org>
2023-01-12 12:36:32 +01:00 · 2023-01-12 12:36:32 +01:00 · 7f4f846408
commit 7f4f846408
parent de76ae0085
27 changed files with 103 additions and 47 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 __pycache__
 debug.yml
--- a/group_vars/all/home.yml
+++ b/group_vars/all/home.yml
@ -1,4 +1,4 @@
 ---
 glob_home:
  ip: 172.16.42.1
-  mountpoint: /rpool/home
+  mountpoint: /vm/home
--- a/group_vars/all/network_interfaces.yml
+++ b/group_vars/all/network_interfaces.yml
@ -1,10 +1,10 @@
 glob_network_interfaces:
  vlan:
-    - name: srv
+    - name: adh
-      id: 1
+      id: 12
-      gateway: "185.230.76.62"
+      gateway: "185.230.78.99"
-      dns: "{{ query('ldap', 'ip', 'routeur-templier', 'srv') | ipv4 | first }}"
+      dns: "{{ query('ldap', 'ip', 'routeur-templier', 'adh') | ipv4 | first }}"
-      gateway_v6: "2a0c:700:3012::ff:fe02:112"
+      gateway_v6: "2a0c:700:12::ff:fe00:9912"
    - name: adm
      id: 42
      dns: "{{ query('ldap', 'ip', 'routeur-templier', 'adm') | ipv4 | first }}"
--- a/group_vars/debian.yml
+++ b/group_vars/debian.yml
@ -3,8 +3,7 @@ glob_apt:
  mirror: "http://mirror.adm.ynerant.fr/"
  backports: false
  extra_repositories: []
-  pin:
+  pin: {}
    bullseye: []
 glob_root:
  passwd_hash: '{{ vault.root_passwd_hash }}'
--- a/host_vars/an.adm.ynerant.fr.yml
+++ b/host_vars/an.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/borg.adm.ynerant.fr.yml
+++ b/host_vars/borg.adm.ynerant.fr.yml
@ -0,0 +1,3 @@
 ---
 interfaces:
  adm: ens18
--- a/host_vars/cemantix.adm.ynerant.fr.yml
+++ b/host_vars/cemantix.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/dendrite.adm.ynerant.fr.yml
+++ b/host_vars/dendrite.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/dgac.adm.ynerant.fr.yml
+++ b/host_vars/dgac.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/excalidraw.adm.ynerant.fr.yml
+++ b/host_vars/excalidraw.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/fosscord.adm.ynerant.fr.yml
+++ b/host_vars/fosscord.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/mastodon.adm.ynerant.fr.yml
+++ b/host_vars/mastodon.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/minecraft.adm.ynerant.fr.yml
+++ b/host_vars/minecraft.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/nupes.adm.ynerant.fr.yml
+++ b/host_vars/nupes.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  adh: ens19
--- a/host_vars/pad.adm.ynerant.fr.yml
+++ b/host_vars/pad.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/peertube.adm.ynerant.fr.yml
+++ b/host_vars/peertube.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/routeur-templier.adm.ynerant.fr.yml
+++ b/host_vars/routeur-templier.adm.ynerant.fr.yml
@ -1,5 +1,5 @@
 ---
 interfaces:
  adm: ens18
-  srv: ens19
+  adh: ens19
  srv_nat: ens20
--- a/host_vars/templier.adh.crans.org.yml
+++ b/host_vars/templier.adh.crans.org.yml
@ -2,3 +2,11 @@
 user:
  name: ynerant
  root: yes
 loc_certbot:
  - dns_rfc2136_server: '172.16.42.103'
    dns_rfc2136_name: certbot_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
    mail: ynerant@crans.org
    certname: adm.ynerant.fr
    domains: "*.adm.ynerant.fr"
--- a/host_vars/testing.adm.ynerant.fr.yml
+++ b/host_vars/testing.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/wireguard.adm.ynerant.fr.yml
+++ b/host_vars/wireguard.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  srv_nat: ens19
--- a/host_vars/zemour.adm.ynerant.fr.yml
+++ b/host_vars/zemour.adm.ynerant.fr.yml
@ -0,0 +1,4 @@
 ---
 interfaces:
  adm: ens18
  adh: ens19
--- a/35
+++ b/35
@ -1,20 +1,13 @@
 [archlinux:children]
 perso
 [babel]
 babel0.adm.ynerant.fr
 babel1.adm.ynerant.fr
 babel2.adm.ynerant.fr
 babel3.adm.ynerant.fr
 babel4.adm.ynerant.fr
 babel5.adm.ynerant.fr
 babel6.adm.ynerant.fr
 [blackbox]
 monitoring.adm.ynerant.fr
 [certbot]
 nupes.adm.ynerant.fr
 proxy.adm.ynerant.fr
 templier.adm.ynerant.fr
 [debian:children]
 server
@ -22,6 +15,9 @@ server
 [grafana]
 monitoring.adm.ynerant.fr
 [nginx]
 nupes.adm.ynerant.fr
 [nginx:children]
 reverseproxy
@ -57,22 +53,25 @@ templier.adm.ynerant.fr
 templier.adm.ynerant.fr
 [vm]
-# candilib.adm.ynerant.fr
+an.adm.ynerant.fr
 borg.adm.ynerant.fr
 dendrite.adm.ynerant.fr
 docker.adm.ynerant.fr
 dns.adm.ynerant.fr
 excalidraw.adm.ynerant.fr
 fosscord.adm.ynerant.fr
 gitea.adm.ynerant.fr
 mailu.adm.ynerant.fr
 mastodon.adm.ynerant.fr
 minecraft.adm.ynerant.fr
 monitoring.adm.ynerant.fr
 nextcloud.adm.ynerant.fr
 nupes.adm.ynerant.fr
 pad.adm.ynerant.fr
 peertube.adm.ynerant.fr
 psql.adm.ynerant.fr
 proxy.adm.ynerant.fr
 re6st.adm.ynerant.fr
 routeur-templier.adm.ynerant.fr
 synapse.adm.ynerant.fr
-
+testing.adm.ynerant.fr
-[vm:children]
+wireguard.adm.ynerant.fr
 babel
 [all:vars]
 # Force remote to use Python 3
 ansible_python_interpreter=/usr/bin/env python3
--- a/lookup_plugins/ldap.py
+++ b/lookup_plugins/ldap.py
@ -51,7 +51,7 @@ class LookupModule(LookupBase):
            network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
            network_result = self.base.result(network_query_id)
            vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
-        if vlan == 'srv':
+        if vlan == 'adh':
            query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
        else:
            query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
@ -82,7 +82,7 @@ class LookupModule(LookupBase):
            network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
            network_result = self.base.result(network_query_id)
            vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
-        if vlan == 'srv':
+        if vlan == 'adh':
            query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
        else:
            query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
@ -168,7 +168,7 @@ class LookupModule(LookupBase):
                network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
                network_result = self.base.result(network_query_id)
                vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
-            if vlan == 'srv':
+            if vlan == 'adh':
                query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
            else:
                query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
@ -187,7 +187,7 @@ class LookupModule(LookupBase):
            res = []
            for _, network in result[1]:
                network = network['cn'][0].decode('utf-8')
-                if network == 'srv':
+                if network == 'adh':
                    res.append('ynerant.fr')
                else:
                    res.append(f"{network}.ynerant.fr")
--- a/plays/base.yml
+++ b/plays/base.yml
@ -8,6 +8,7 @@
 - import_playbook: ldap-client.yml
 - import_playbook: home.yml
 - import_playbook: nullmailer.yml
 - import_playbook: monitoring.yml
 - hosts: debian
  roles:
--- a/roles/cli-utils/tasks/main.yml
+++ b/roles/cli-utils/tasks/main.yml
@ -9,6 +9,8 @@
      - "{% if ansible_os_family == 'Debian' %}dnsutils{% else %}bind-tools{% endif %}"
      - git
      - man
      - molly-guard
      - needrestart
      - "mtr{% if ansible_os_family == 'Debian' %}-tiny{% endif %}"
      - sl
      - htop
@ -17,6 +19,7 @@
      - tmux
      - traceroute
      - tree
      - unattended-upgrades
      - vim
  register: pkg_result
  retries: 3
--- a/roles/ntp-client/tasks/main.yml
+++ b/roles/ntp-client/tasks/main.yml
@ -9,7 +9,7 @@
  until: apt_result is succeeded
  when: "'ntp_server' not in group_names"
- name: Install systemd-timesyncd (bullseye)
+- name: Install systemd-timesyncd
  apt:
    name: systemd-timesyncd
    update_cache: true
@ -19,7 +19,6 @@
  until: apt_result is succeeded
  when:
    - "'ntp_server' not in group_names"
    - ansible_distribution_release == "bullseye"
 - name: Configure NTP
  template:
--- a/roles/prometheus-node-exporter/tasks/main.yml
+++ b/roles/prometheus-node-exporter/tasks/main.yml
@ -8,7 +8,7 @@
  retries: 3
  until: apt_result is succeeded
- name: Install Prometheus node-exporter-collectors (bullseye)
+- name: Install Prometheus node-exporter-collectors
  apt:
    update_cache: true
    name: prometheus-node-exporter-collectors
@ -16,8 +16,6 @@
  register: apt_result
  retries: 3
  until: apt_result is succeeded
  when:
    - ansible_lsb.codename == 'bullseye'
 - name: Make Prometheus node-exporter listen on adm only
  lineinfile:
@ -32,14 +30,3 @@
    name: prometheus-node-exporter
    enabled: true
    state: started
 # Install new APT textfile collector, it might be upstreamed one day
 # https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/pull/35
 - name: Patch APT textfile collector
  copy:
    src: apt.sh
    dest: /usr/share/prometheus-node-exporter/apt.sh
    owner: root
    group: root
    mode: 0755
  when: ansible_distribution_release != "bullseye"