Lot of stuff
Signed-off-by: Emmy D'Anello <ynerant@crans.org>
This commit is contained in:
parent
de76ae0085
commit
7f4f846408
GPG Key ID:
3A75C55819C8CF85
|
|
@ -1 +1,2 @@
|
||||||
|
__pycache__
|
||||||
debug.yml
|
debug.yml
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
glob_home:
|
glob_home:
|
||||||
ip: 172.16.42.1
|
ip: 172.16.42.1
|
||||||
mountpoint: /rpool/home
|
mountpoint: /vm/home
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
glob_network_interfaces:
|
glob_network_interfaces:
|
||||||
vlan:
|
vlan:
|
||||||
- name: srv
|
- name: adh
|
||||||
id: 1
|
id: 12
|
||||||
gateway: "185.230.76.62"
|
gateway: "185.230.78.99"
|
||||||
dns: "{{ query('ldap', 'ip', 'routeur-templier', 'srv') | ipv4 | first }}"
|
dns: "{{ query('ldap', 'ip', 'routeur-templier', 'adh') | ipv4 | first }}"
|
||||||
gateway_v6: "2a0c:700:3012::ff:fe02:112"
|
gateway_v6: "2a0c:700:12::ff:fe00:9912"
|
||||||
- name: adm
|
- name: adm
|
||||||
id: 42
|
id: 42
|
||||||
dns: "{{ query('ldap', 'ip', 'routeur-templier', 'adm') | ipv4 | first }}"
|
dns: "{{ query('ldap', 'ip', 'routeur-templier', 'adm') | ipv4 | first }}"
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,7 @@ glob_apt:
|
||||||
mirror: "http://mirror.adm.ynerant.fr/"
|
mirror: "http://mirror.adm.ynerant.fr/"
|
||||||
backports: false
|
backports: false
|
||||||
extra_repositories: []
|
extra_repositories: []
|
||||||
pin:
|
pin: {}
|
||||||
bullseye: []
|
|
||||||
|
|
||||||
glob_root:
|
glob_root:
|
||||||
passwd_hash: '{{ vault.root_passwd_hash }}'
|
passwd_hash: '{{ vault.root_passwd_hash }}'
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
adh: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
interfaces:
|
interfaces:
|
||||||
adm: ens18
|
adm: ens18
|
||||||
srv: ens19
|
adh: ens19
|
||||||
srv_nat: ens20
|
srv_nat: ens20
|
||||||
|
|
|
||||||
|
|
@ -2,3 +2,11 @@
|
||||||
user:
|
user:
|
||||||
name: ynerant
|
name: ynerant
|
||||||
root: yes
|
root: yes
|
||||||
|
|
||||||
|
loc_certbot:
|
||||||
|
- dns_rfc2136_server: '172.16.42.103'
|
||||||
|
dns_rfc2136_name: certbot_challenge.
|
||||||
|
dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
|
||||||
|
mail: ynerant@crans.org
|
||||||
|
certname: adm.ynerant.fr
|
||||||
|
domains: "*.adm.ynerant.fr"
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
srv_nat: ens19
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
interfaces:
|
||||||
|
adm: ens18
|
||||||
|
adh: ens19
|
||||||
35
hosts
35
hosts
|
|
@ -1,20 +1,13 @@
|
||||||
[archlinux:children]
|
[archlinux:children]
|
||||||
perso
|
perso
|
||||||
|
|
||||||
[babel]
|
|
||||||
babel0.adm.ynerant.fr
|
|
||||||
babel1.adm.ynerant.fr
|
|
||||||
babel2.adm.ynerant.fr
|
|
||||||
babel3.adm.ynerant.fr
|
|
||||||
babel4.adm.ynerant.fr
|
|
||||||
babel5.adm.ynerant.fr
|
|
||||||
babel6.adm.ynerant.fr
|
|
||||||
|
|
||||||
[blackbox]
|
[blackbox]
|
||||||
monitoring.adm.ynerant.fr
|
monitoring.adm.ynerant.fr
|
||||||
|
|
||||||
[certbot]
|
[certbot]
|
||||||
|
nupes.adm.ynerant.fr
|
||||||
proxy.adm.ynerant.fr
|
proxy.adm.ynerant.fr
|
||||||
|
templier.adm.ynerant.fr
|
||||||
|
|
||||||
[debian:children]
|
[debian:children]
|
||||||
server
|
server
|
||||||
|
|
@ -22,6 +15,9 @@ server
|
||||||
[grafana]
|
[grafana]
|
||||||
monitoring.adm.ynerant.fr
|
monitoring.adm.ynerant.fr
|
||||||
|
|
||||||
|
[nginx]
|
||||||
|
nupes.adm.ynerant.fr
|
||||||
|
|
||||||
[nginx:children]
|
[nginx:children]
|
||||||
reverseproxy
|
reverseproxy
|
||||||
|
|
||||||
|
|
@ -57,22 +53,25 @@ templier.adm.ynerant.fr
|
||||||
templier.adm.ynerant.fr
|
templier.adm.ynerant.fr
|
||||||
|
|
||||||
[vm]
|
[vm]
|
||||||
# candilib.adm.ynerant.fr
|
an.adm.ynerant.fr
|
||||||
|
borg.adm.ynerant.fr
|
||||||
|
dendrite.adm.ynerant.fr
|
||||||
docker.adm.ynerant.fr
|
docker.adm.ynerant.fr
|
||||||
dns.adm.ynerant.fr
|
dns.adm.ynerant.fr
|
||||||
|
excalidraw.adm.ynerant.fr
|
||||||
|
fosscord.adm.ynerant.fr
|
||||||
gitea.adm.ynerant.fr
|
gitea.adm.ynerant.fr
|
||||||
mailu.adm.ynerant.fr
|
mailu.adm.ynerant.fr
|
||||||
|
mastodon.adm.ynerant.fr
|
||||||
|
minecraft.adm.ynerant.fr
|
||||||
monitoring.adm.ynerant.fr
|
monitoring.adm.ynerant.fr
|
||||||
nextcloud.adm.ynerant.fr
|
nextcloud.adm.ynerant.fr
|
||||||
|
nupes.adm.ynerant.fr
|
||||||
|
pad.adm.ynerant.fr
|
||||||
|
peertube.adm.ynerant.fr
|
||||||
psql.adm.ynerant.fr
|
psql.adm.ynerant.fr
|
||||||
proxy.adm.ynerant.fr
|
proxy.adm.ynerant.fr
|
||||||
re6st.adm.ynerant.fr
|
|
||||||
routeur-templier.adm.ynerant.fr
|
routeur-templier.adm.ynerant.fr
|
||||||
synapse.adm.ynerant.fr
|
synapse.adm.ynerant.fr
|
||||||
|
testing.adm.ynerant.fr
|
||||||
[vm:children]
|
wireguard.adm.ynerant.fr
|
||||||
babel
|
|
||||||
|
|
||||||
[all:vars]
|
|
||||||
# Force remote to use Python 3
|
|
||||||
ansible_python_interpreter=/usr/bin/env python3
|
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ class LookupModule(LookupBase):
|
||||||
network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
|
network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
|
||||||
network_result = self.base.result(network_query_id)
|
network_result = self.base.result(network_query_id)
|
||||||
vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
|
vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
|
||||||
if vlan == 'srv':
|
if vlan == 'adh':
|
||||||
query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
||||||
else:
|
else:
|
||||||
query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
||||||
|
|
@ -82,7 +82,7 @@ class LookupModule(LookupBase):
|
||||||
network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
|
network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
|
||||||
network_result = self.base.result(network_query_id)
|
network_result = self.base.result(network_query_id)
|
||||||
vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
|
vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
|
||||||
if vlan == 'srv':
|
if vlan == 'adh':
|
||||||
query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
||||||
else:
|
else:
|
||||||
query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
||||||
|
|
@ -168,7 +168,7 @@ class LookupModule(LookupBase):
|
||||||
network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
|
network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
|
||||||
network_result = self.base.result(network_query_id)
|
network_result = self.base.result(network_query_id)
|
||||||
vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
|
vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
|
||||||
if vlan == 'srv':
|
if vlan == 'adh':
|
||||||
query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
query_id = self.base.search(f"cn={host}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
||||||
else:
|
else:
|
||||||
query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
query_id = self.base.search(f"cn={host}.{vlan}.ynerant.fr,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
|
||||||
|
|
@ -187,7 +187,7 @@ class LookupModule(LookupBase):
|
||||||
res = []
|
res = []
|
||||||
for _, network in result[1]:
|
for _, network in result[1]:
|
||||||
network = network['cn'][0].decode('utf-8')
|
network = network['cn'][0].decode('utf-8')
|
||||||
if network == 'srv':
|
if network == 'adh':
|
||||||
res.append('ynerant.fr')
|
res.append('ynerant.fr')
|
||||||
else:
|
else:
|
||||||
res.append(f"{network}.ynerant.fr")
|
res.append(f"{network}.ynerant.fr")
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@
|
||||||
- import_playbook: ldap-client.yml
|
- import_playbook: ldap-client.yml
|
||||||
- import_playbook: home.yml
|
- import_playbook: home.yml
|
||||||
- import_playbook: nullmailer.yml
|
- import_playbook: nullmailer.yml
|
||||||
|
- import_playbook: monitoring.yml
|
||||||
|
|
||||||
- hosts: debian
|
- hosts: debian
|
||||||
roles:
|
roles:
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@
|
||||||
- "{% if ansible_os_family == 'Debian' %}dnsutils{% else %}bind-tools{% endif %}"
|
- "{% if ansible_os_family == 'Debian' %}dnsutils{% else %}bind-tools{% endif %}"
|
||||||
- git
|
- git
|
||||||
- man
|
- man
|
||||||
|
- molly-guard
|
||||||
|
- needrestart
|
||||||
- "mtr{% if ansible_os_family == 'Debian' %}-tiny{% endif %}"
|
- "mtr{% if ansible_os_family == 'Debian' %}-tiny{% endif %}"
|
||||||
- sl
|
- sl
|
||||||
- htop
|
- htop
|
||||||
|
|
@ -17,6 +19,7 @@
|
||||||
- tmux
|
- tmux
|
||||||
- traceroute
|
- traceroute
|
||||||
- tree
|
- tree
|
||||||
|
- unattended-upgrades
|
||||||
- vim
|
- vim
|
||||||
register: pkg_result
|
register: pkg_result
|
||||||
retries: 3
|
retries: 3
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
when: "'ntp_server' not in group_names"
|
when: "'ntp_server' not in group_names"
|
||||||
|
|
||||||
- name: Install systemd-timesyncd (bullseye)
|
- name: Install systemd-timesyncd
|
||||||
apt:
|
apt:
|
||||||
name: systemd-timesyncd
|
name: systemd-timesyncd
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
@ -19,7 +19,6 @@
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
when:
|
when:
|
||||||
- "'ntp_server' not in group_names"
|
- "'ntp_server' not in group_names"
|
||||||
- ansible_distribution_release == "bullseye"
|
|
||||||
|
|
||||||
- name: Configure NTP
|
- name: Configure NTP
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
- name: Install Prometheus node-exporter-collectors (bullseye)
|
- name: Install Prometheus node-exporter-collectors
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
name: prometheus-node-exporter-collectors
|
name: prometheus-node-exporter-collectors
|
||||||
|
|
@ -16,8 +16,6 @@
|
||||||
register: apt_result
|
register: apt_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
when:
|
|
||||||
- ansible_lsb.codename == 'bullseye'
|
|
||||||
|
|
||||||
- name: Make Prometheus node-exporter listen on adm only
|
- name: Make Prometheus node-exporter listen on adm only
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
@ -32,14 +30,3 @@
|
||||||
name: prometheus-node-exporter
|
name: prometheus-node-exporter
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
# Install new APT textfile collector, it might be upstreamed one day
|
|
||||||
# https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/pull/35
|
|
||||||
- name: Patch APT textfile collector
|
|
||||||
copy:
|
|
||||||
src: apt.sh
|
|
||||||
dest: /usr/share/prometheus-node-exporter/apt.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0755
|
|
||||||
when: ansible_distribution_release != "bullseye"
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue