diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml
index 3dd13db998ea06e82c28d11561aec33a5df745a6..89ae3297a380dce3e51396f4cf4b428b9bcf2c40 100644
--- a/group_vars/certbot.yml
+++ b/group_vars/certbot.yml
@@ -1,6 +1,6 @@
---
glob_certbot:
- dns_rfc2136_server: '172.16.10.147'
+ dns_rfc2136_server: '185.230.79.9'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org
diff --git a/group_vars/horde.yml b/group_vars/horde.yml
index 11ea19577bd20b9813390b1adfc84cb9c414aee7..1e5ba8909b0cf3c6e6910c24cd07ed4f3d6fc21a 100644
--- a/group_vars/horde.yml
+++ b/group_vars/horde.yml
@@ -1,9 +1,9 @@
glob_horde:
secret: '{{ vault_horde_secret }}'
imap: imap.adm.crans.org
- smtp: smtp.crans.org
+ smtp: smtp.adm.crans.org
maildomain: crans.org
- db: thot.adm.crans.org
+ db: pgsql.adm.crans.org
admins:
- "'paulon'"
- "'vulcain'"
@@ -16,5 +16,5 @@ glob_horde:
dest_hostname : webmail.crans.org
admin_src_hostname : horde.adm.crans.org
admin_dest_hostname : webmail.adm.crans.org
- zone_ipv4 : 10.231.136.0/24
- zone_ipv6 : 2a0c:700:0:2::/64
+ zone_ipv4 : 172.16.10.0/24
+ zone_ipv6 : fd00:0:0:10::/64
diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index a9d52d1a16904db6f3a7306455969912d7194c17..342d671fc1739c01a5a32c02a678acea9980beae 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -29,8 +29,6 @@ nginx:
# - {from: roundcube.crans.org, to: 10.231.136.105}
# - {from: phabricator.crans.org, to: 10.231.136.123}
# - {from: trackerusercontent.crans.org, to: 10.231.136.123}
- # - {from: webmail.crans.org, to: 10.231.136.107}
- # - {from: horde.crans.org, to: 10.231.136.107}
# - {from: owncloud.crans.org, to: 10.231.136.26}
# - {from: ftps.crans.org, to: 10.231.136.98}
# - {from: wiki.crans.org, to: 10.231.136.204}
@@ -44,6 +42,8 @@ nginx:
# - {from: autoconfig.crans.org, to: 10.231.136.46}
# - {from: grafana.crans.org, to: "10.231.136.102:3000"}
# - {from: webirc.crans.org, to: "10.231.136.1:9000"}
+ - {from: webmail.crans.org, to: 172.16.10.108}
+ - {from: horde.crans.org, to: 172.16.10.108}
- {from: framadate.crans.org, to: 172.16.10.109}
- {from: stream.crans.org, to: 172.16.10.118}
- {from: cas.crans.org, to: 172.16.10.120}
@@ -55,8 +55,8 @@ nginx:
- {from: pad.crans.org, to: "172.16.10.130:9001"}
- {from: zero.crans.org, to: 172.16.10.130}
- {from: ethercalc.crans.org, to: "172.16.10.133:8000"}
- - {from: belenios.crans.org, to: 172.16.10.111}
- {from: roundcube.crans.org, to: 172.16.10.107}
+ # - {from: belenios.crans.org, to: 172.16.10.111}
# - {from: mailman.crans.org, to: 10.231.136.180}
#
# # Zamok
diff --git a/host_vars/hodaur.adm.crans.org.yml b/host_vars/hodaur.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2aa4c1945303a1ebd593b9b139ad6a63e8bc23d5
--- /dev/null
+++ b/host_vars/hodaur.adm.crans.org.yml
@@ -0,0 +1,3 @@
+---
+loc_certbot:
+ domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
diff --git a/host_vars/horde-srv.adm.crans.org.yml b/host_vars/horde-srv.adm.crans.org.yml
deleted file mode 100644
index 54e2e5fc70e2001ccb847854836ae1449e1e08e8..0000000000000000000000000000000000000000
--- a/host_vars/horde-srv.adm.crans.org.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-loc_horde:
- ipv6: '[2a0c:700:0:2:5474:8dff:fe5d:e2be]'
diff --git a/host_vars/horde.adm.crans.org.yml b/host_vars/horde.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f0914f81882cd7cce111a7b20e2fcb225411d2d5
--- /dev/null
+++ b/host_vars/horde.adm.crans.org.yml
@@ -0,0 +1,3 @@
+loc_horde:
+ ipv6: 'fd00::10:400:ff:fe01:810'
+ ipv4: '172.16.10.108'
diff --git a/host_vars/kiwi.adm.crans.org.yml b/host_vars/kiwi.adm.crans.org.yml
index 54ee53858d267323bfb04407b27ed98b33e6e057..fb1eb81f5427dc7f13d305f06347b129a30e2cb0 100644
--- a/host_vars/kiwi.adm.crans.org.yml
+++ b/host_vars/kiwi.adm.crans.org.yml
@@ -30,3 +30,6 @@ to_backup:
hosts_allow: ["soyouz.adm.crans.org", "10.231.136.108"],
read_only: "yes",
}
+
+moinmoin:
+ main: true
diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ddb21e603310a30773630a81f0fa746c9d5a7af1
--- /dev/null
+++ b/host_vars/monitoring.adm.crans.org.yml
@@ -0,0 +1,3 @@
+interfaces:
+ adm: eth0
+ srv_nat: eth1
diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml
index 4e53d5513abfa18b1c8cef1068626adda7f3e981..6b2473f11c2035e2b83290955e8c50a82fe70d6c 100644
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@@ -22,3 +22,6 @@ to_backup:
secrets_file: "/etc/rsyncd.secrets",
hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"],
}
+
+moinmoin:
+ main: false
diff --git a/hosts b/hosts
index 47b15016618e272397516641863edeb4887af1be..280b1da7483be1c2a0678c7d1fbc6539f8803f27 100644
--- a/hosts
+++ b/hosts
@@ -28,13 +28,13 @@ gitzly.adm.crans.org
[certbot:children]
radius # We use certbot to manage LE certificates
+reverseproxy
[nginx_rtmp]
fluxx.adm.crans.org
[reverseproxy]
hodaur.adm.crans.org
-frontdaur.adm.crans.org
[roundcube]
roundcube-srv.adm.crans.org
@@ -43,7 +43,7 @@ roundcube-srv.adm.crans.org
ethercalc-srv.adm.crans.org
[horde]
-horde-srv.adm.crans.org
+horde.adm.crans.org
[radius]
routeur-sam.adm.crans.org
@@ -68,11 +68,11 @@ jack.adm.crans.org
[keepalived]
routeur-sam.adm.crans.org
-routeur-daniel.adm.crans.org
+#routeur-daniel.adm.crans.org
[dhcp]
routeur-sam.adm.crans.org
-routeur-daniel.adm.crans.org
+#routeur-daniel.adm.crans.org
[crans_routeurs:children]
dhcp
@@ -84,30 +84,31 @@ tealc.adm.crans.org
sam.adm.crans.org
daniel.adm.crans.org
jack.adm.crans.org
-gulp.adm.crans.org
+#gulp.adm.crans.org
[crans_vm]
voyager.adm.crans.org
-silice.adm.crans.org
+#silice.adm.crans.org
routeur-sam.adm.crans.org
-routeur-daniel.adm.crans.org
-belenios # on changera plus tard
-re2o-ldap.adm.crans.org
+#routeur-daniel.adm.crans.org
+#belenios.adm.crans.org
+#re2o-ldap.adm.crans.org
gitlab-ci.adm.crans.org
gitzly.adm.crans.org
hodaur.adm.crans.org
monitoring.adm.crans.org
-boeing.adm.crans.org
+#boeing.adm.crans.org
fluxx.adm.crans.org
-unifi.adm.crans.org
-pastemoisa.adm.crans.org
-casouley.adm.crans.org
+#unifi.adm.crans.org
+#pastemoisa.adm.crans.org
+#casouley.adm.crans.org
kiwi.adm.crans.org
tracker.adm.crans.org
jitsi.adm.crans.org
-ethercalc-srv.adm.crans.org
+#ethercalc-srv.adm.crans.org
kenobi.adm.crans.org
roundcube.adm.crans.org
+horde.adm.crans.org
[ovh_physical]
sputnik.adm.crans.org
diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py
index 3174e79e0a6d9e058b6e7b17d8df8d8260acdf4c..cdca475f389f925d3a575a95abb26cdf1bb83a64 100644
--- a/lookup_plugins/ldap.py
+++ b/lookup_plugins/ldap.py
@@ -1,10 +1,18 @@
+"""
+To use this lookup plugin, you need to pass ldap:
+ssh -L 1636:172.16.10.1:636 172.16.10.1
+"""
+
import ipaddress
from ansible.errors import AnsibleError, AnsibleParserError
from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display
-import ldap
+try:
+ import ldap
+except ImportError:
+ raise AnsibleError("You need to install python3-ldap")
display = Display()
diff --git a/plays/horde.yml b/plays/horde.yml
index bc775369a6ad54dd7b9f0f19ffabce723ec19b12..f1b8aa8dda249f8ce6c0a134a09142fe0a700da1 100755
--- a/plays/horde.yml
+++ b/plays/horde.yml
@@ -2,5 +2,7 @@
---
# Moi j'aime le ocaml et lui il installe horde
- hosts: horde
+ vars:
+ horde: '{{ glob_horde | default({}) | combine(loc_horde | default({})) }}'
roles:
- horde
diff --git a/plays/monitoring.yml b/plays/monitoring.yml
index 6d90a5bc2c476be054a618bdf6e0bae47024cac6..adb21a0789576afc866339c07bc690f718012bd4 100755
--- a/plays/monitoring.yml
+++ b/plays/monitoring.yml
@@ -6,17 +6,17 @@
# Prometheus targets.json
prometheus:
node_targets: "{{ groups['server'] | list | sort }}"
- ups_snmp_targets:
- - pulsar.adm.crans.org # 0B
- - quasar.adm.crans.org # 4J
- unifi_snmp_targets: "{{ groups['crans_unifi'] | list | sort }}"
+ ups_snmp_targets: []
+ # - pulsar.adm.crans.org # 0B
+ # - quasar.adm.crans.org # 4J
+ unifi_snmp_targets: [] # "{{ groups['crans_unifi'] | list | sort }}"
blackbox_targets:
- https://crans.org
- https://www.crans.org
- https://grafana.crans.org
- https://wiki.crans.org
- https://pad.crans.org
- apache_targets: [zamok.adm.crans.org]
+ apache_targets: [] # [zamok.adm.crans.org]
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
@@ -26,38 +26,38 @@
ldap_passwd: "{{ vault_ldap_grafana_passwd }}"
ldap_base: 'dc=crans,dc=org'
- ldap_master_ipv4: '10.231.136.19'
- ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}"
+ ldap_master_ipv4: '172.16.10.1'
+ ldap_user_tree: "ou=users,{{ ldap_base }}"
roles:
- prometheus
- prometheus-alertmanager
- - prometheus-snmp-exporter
+ #- prometheus-snmp-exporter
- prometheus-blackbox-exporter
- ninjabot
- grafana
# Deploy backup Prometheus on backup server
-- hosts: odlyd.adm.crans.org
- vars:
- # only critical infra
- prometheus:
- node_targets:
- - odlyd.adm.crans.org # me, myself and I
- - zamok.adm.crans.org # parce que WeeChat c'est critique
- - thot.adm.crans.org # la bdd adh est critique... enfin a skip
- - zbee.adm.crans.org # zbeu! la bay!
- - stitch.adm.crans.org # last hope virtu
- - redisdead.adm.crans.org # Postmen... youtu.be/vEkY6W-fEZQ?t=132
- ups_snmp_targets:
- - pulsar.adm.crans.org # 0B
- - quasar.adm.crans.org # 4J
-
- snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
- roles:
- - prometheus
- - prometheus-alertmanager
- - prometheus-snmp-exporter
- - ninjabot
+#- hosts: odlyd.adm.crans.org
+# vars:
+# # only critical infra
+# prometheus:
+# node_targets:
+# - odlyd.adm.crans.org # me, myself and I
+# - zamok.adm.crans.org # parce que WeeChat c'est critique
+# - thot.adm.crans.org # la bdd adh est critique... enfin a skip
+# - zbee.adm.crans.org # zbeu! la bay!
+# - stitch.adm.crans.org # last hope virtu
+# - redisdead.adm.crans.org # Postmen... youtu.be/vEkY6W-fEZQ?t=132
+# ups_snmp_targets:
+# - pulsar.adm.crans.org # 0B
+# - quasar.adm.crans.org # 4J
+#
+# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
+# roles:
+# - prometheus
+# - prometheus-alertmanager
+# - prometheus-snmp-exporter
+# - ninjabot
# Monitor all hosts
@@ -67,15 +67,15 @@
roles: ["prometheus-node-exporter"]
# Export apache metrics
-- hosts: zamok.adm.crans.org
- vars:
- adm_ipv4: "{{ ansible_all_ipv4_addresses | ipaddr(adm_subnet) | first }}"
- roles: ["prometheus-apache-exporter"]
+#- hosts: zamok.adm.crans.org
+# vars:
+# adm_ipv4: "{{ ansible_all_ipv4_addresses | ipaddr(adm_subnet) | first }}"
+# roles: ["prometheus-apache-exporter"]
# Monitor mailq with a special text exporter
-- hosts: redisdead.adm.crans.org
- roles: ["prometheus-node-exporter-postfix"]
+#- hosts: redisdead.adm.crans.org
+# roles: ["prometheus-node-exporter-postfix"]
# Monitor logs with mtail
-- hosts: thot.adm.crans.org
- roles: ["mtail"]
+#- hosts: thot.adm.crans.org
+# roles: ["mtail"]
diff --git a/plays/network-interfaces.yml b/plays/network-interfaces.yml
index a557befd085b417df832dde35c6ce2a9ceafed22..bdba54eb1ff65a86f47c80983d18ca7b11f651a1 100755
--- a/plays/network-interfaces.yml
+++ b/plays/network-interfaces.yml
@@ -1,6 +1,6 @@
#!/usr/bin/env ansible-playbook
---
-- hosts: voyager.adm.crans.org,boeing.adm.crans.org,fluxx.adm.crans.org,hodaur.adm.crans.org,unifi.adm.crans.org,kiwi.adm.crans.org,roundcube.adm.crans.org
+- hosts: voyager.adm.crans.org,boeing.adm.crans.org,fluxx.adm.crans.org,hodaur.adm.crans.org,unifi.adm.crans.org,kiwi.adm.crans.org,roundcube.adm.crans.org,monitoring.adm.crans.org
vars:
vlan:
- name: srv
diff --git a/plays/reverse-proxy.yml b/plays/reverse-proxy.yml
index b7a8d3ade94e8df60e3674d8d97276c28aba2785..0e25fc503a45ebf6f9ba936d7143ac6b96fa43be 100755
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@@ -1,6 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: reverseproxy
+ vars:
+ certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
+ mirror: '{{ glob_mirror.name }}'
roles:
- certbot
- nginx-reverseproxy
diff --git a/roles/common-tools/tasks/main.yml b/roles/common-tools/tasks/main.yml
index 931348a7b995a3ac7ec3885909789f82f3f25984..87279c79ea31df99bfb948df85b7bb383fe52cff 100644
--- a/roles/common-tools/tasks/main.yml
+++ b/roles/common-tools/tasks/main.yml
@@ -16,7 +16,6 @@
- htop # better than top
- zsh # to be able to ssh @erdnaxe
- fish # to motivate @edpibu
- - oidentd # postgresql identification
- aptitude # nice to have for Ansible
- acl # advanced ACL
- iotop # monitor i/o
@@ -42,6 +41,7 @@
- doc-debian # graphical
- debian-faq # graphical
- os-prober # makes grub-install lag
+ - oidentd # kill the monster, https://youtu.be/yhNB0vO7FxI
- python3-reportbug
register: apt_result
retries: 3
diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml
index 6b29017805af5406fa4b7eb67e33c65d0b059152..0ec974c39f230f2b199a5e8154d506b9b735b539 100644
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@@ -1,15 +1,4 @@
---
-- name: Install APT HTTPS support
- apt:
- name:
- - apt-transport-https
- - gpg
- state: present
- update_cache: true
- register: apt_result
- retries: 3
- until: apt_result is succeeded
-
- name: Import Grafana GPG signing key
apt_key:
url: https://packages.grafana.com/gpg.key
@@ -21,7 +10,7 @@
- name: Add Grafana repository
apt_repository:
- repo: deb https://packages.grafana.com/oss/deb stable main
+ repo: deb http://mirror.adm.crans.org/grafana/oss/deb stable main
state: present
update_cache: true
diff --git a/roles/horde/README.md b/roles/horde/README.md
index 874a42e6360c9d4cbc0f4ca9a8a447fecd79de32..133011b6459db35a71eaa34f217372756fba5738 100644
--- a/roles/horde/README.md
+++ b/roles/horde/README.md
@@ -2,7 +2,7 @@
Ce rôle ansible deploie une instance du webmail horde.
## Variables
- - glob_horde. :
+ - horde. :
- secret : le secret de horde
- imap : le serveur imap
- smtp : le serveur smtp (il doit juste être contactable depuis le serveur
diff --git a/roles/horde/tasks/main.yml b/roles/horde/tasks/main.yml
index f08addf09c11109e8cd9bb2f88c9842ecc049d70..aa7dd9acb7b25c58828e0d8da015ef5668455c76 100644
--- a/roles/horde/tasks/main.yml
+++ b/roles/horde/tasks/main.yml
@@ -3,9 +3,13 @@
- name: Install horde APT dependencies
apt:
update_cache: true
- name:
- - nginx
- - php-horde-webmail
+ name: '{{ item }}'
+ loop: # Install dependencies in the right order.
+ - nginx
+ - php7.3-fpm
+ - php-horde-webmail
+ - php-pgsql
+ - oidentd
register: apt_result
retries: 3
until: apt_result is succeeded
@@ -21,6 +25,23 @@
- horde/horde/conf.php
- horde/imp/backends.php
+- name: Enable horde plugins
+ template:
+ src: 'horde/{{ item }}/conf.php.j2'
+ dest: '/etc/horde/{{ item }}/conf.php'
+ owner: www-data
+ group: www-data
+ mode: 0640
+ loop:
+ - gollem
+ - imp
+ - ingo
+ - kronolith
+ - mnemo
+ - nag
+ - trean
+ - turba
+
- name: Configure nginx site
template:
src: '{{ item }}.j2'
diff --git a/roles/horde/templates/horde/gollem/conf.php.j2 b/roles/horde/templates/horde/gollem/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..abd03a53d09ce83ff3c559cded6ebf28d26b0261
--- /dev/null
+++ b/roles/horde/templates/horde/gollem/conf.php.j2
@@ -0,0 +1,8 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: c70cc328a58f2b69cb67558ab883380298313e1e $
+$conf['backend']['backend_list'] = 'none';
+$conf['foldercache']['use_cache'] = false;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/horde/conf.php.j2 b/roles/horde/templates/horde/horde/conf.php.j2
index 6da1cbab1bb264876c3f65d739b7b900a7aaf31b..1c6c5018446a00617ee04b9ea6e08db761c6ee53 100644
--- a/roles/horde/templates/horde/horde/conf.php.j2
+++ b/roles/horde/templates/horde/horde/conf.php.j2
@@ -6,7 +6,7 @@ $conf['vhosts'] = false;
$conf['debug_level'] = E_ALL & ~E_NOTICE;
$conf['max_exec_time'] = 0;
$conf['compress_pages'] = true;
-$conf['secret_key'] = '{{ glob_horde.secret }}';
+$conf['secret_key'] = '{{ horde.secret }}';
$conf['umask'] = 077;
$conf['testdisable'] = true;
$conf['use_ssl'] = 1;
@@ -23,7 +23,7 @@ $conf['session']['max_time'] = 72000;
$conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
$conf['cookie']['path'] = '/';
$conf['sql']['username'] = 'www-data';
-$conf['sql']['hostspec'] = '{{ glob_horde.db }}';
+$conf['sql']['hostspec'] = '{{ horde.db }}';
$conf['sql']['protocol'] = 'tcp';
$conf['sql']['database'] = 'horde5';
$conf['sql']['charset'] = 'utf-8';
@@ -32,14 +32,14 @@ $conf['sql']['logqueries'] = false;
$conf['sql']['phptype'] = 'pgsql';
$conf['nosql']['phptype'] = false;
$conf['ldap']['useldap'] = false;
-$conf['auth']['admins'] = array({{ glob_horde.admins | join(', ')}});
+$conf['auth']['admins'] = array({{ horde.admins | join(', ')}});
$conf['auth']['checkip'] = false;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = false;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
-$conf['auth']['params']['hostspec'] = '{{ glob_horde.imap }}';
+$conf['auth']['params']['hostspec'] = '{{ horde.imap }}';
$conf['auth']['params']['port'] = 143;
$conf['auth']['params']['secure'] = 'tls';
$conf['auth']['driver'] = 'imap';
diff --git a/roles/horde/templates/horde/imp/backends.php.j2 b/roles/horde/templates/horde/imp/backends.php.j2
index b03fc3de616eed3e0405a5df8045f3194946a74e..cac5f91504a2e77360935b244b15c6abde571faf 100644
--- a/roles/horde/templates/horde/imp/backends.php.j2
+++ b/roles/horde/templates/horde/imp/backends.php.j2
@@ -4,14 +4,14 @@ $servers['imp'] = array(
// Disabled by default
'disabled' => false,
'name' => 'IMAP Cr@ns',
- 'hostspec' => '{{ glob_horde.imap }}',
+ 'hostspec' => '{{ horde.imap }}',
'hordeauth' => true,
'protocol' => 'imap',
'port' => 143,
'secure' => 'tls',
- 'maildomain' => '{{ glob_horde.maildomain }}',
+ 'maildomain' => '{{ horde.maildomain }}',
'smtp' => array(
- 'host' => '{{ glob_horde.smtp }}',
+ 'host' => '{{ horde.smtp }}',
'port' => 25,
),
'cache' => false,
diff --git a/roles/horde/templates/horde/imp/conf.php.j2 b/roles/horde/templates/horde/imp/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..31ee99c4de260bf7cd6c377892af908a3994f3c2
--- /dev/null
+++ b/roles/horde/templates/horde/imp/conf.php.j2
@@ -0,0 +1,22 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 48bf0b4cc99e7941b4432a29e70e145b8d654cc7 $
+$conf['user']['allow_view_source'] = true;
+$conf['server']['server_list'] = 'none';
+$conf['compose']['use_vfs'] = false;
+$conf['compose']['link_attachments'] = false;
+$conf['compose']['attach_size_limit'] = 0;
+$conf['compose']['attach_count_limit'] = 0;
+$conf['compose']['reply_limit'] = 200000;
+$conf['compose']['ac_threshold'] = 3;
+$conf['compose']['htmlsig_img_size'] = 30000;
+$conf['pgp']['keylength'] = 0;
+$conf['maillog']['driver'] = 'history';
+$conf['sentmail']['driver'] = 'Null';
+$conf['contactsimage']['backends'] = array('IMP_Contacts_Avatar_Addressbook');
+$conf['tasklist']['use_tasklist'] = true;
+$conf['notepad']['use_notepad'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
+
diff --git a/roles/horde/templates/horde/ingo/conf.php.j2 b/roles/horde/templates/horde/ingo/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..99753a627f4a5f64b7af88c155d8fa7bc69fa86a
--- /dev/null
+++ b/roles/horde/templates/horde/ingo/conf.php.j2
@@ -0,0 +1,12 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 48142d13ef06c07f56427fe5b43981631bdbfdb0 $
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['rules']['userheader'] = true;
+$conf['spam']['header'] = 'X-Spam-Level';
+$conf['spam']['char'] = '*';
+$conf['spam']['compare'] = 'string';
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/kronolith/conf.php.j2 b/roles/horde/templates/horde/kronolith/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..a58b33402bedb3b468e25c4dc9ec520fccae55d3
--- /dev/null
+++ b/roles/horde/templates/horde/kronolith/conf.php.j2
@@ -0,0 +1,23 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 380230c774efc2661b03a58bd71824d28cdc6040 $
+$conf['calendar']['params']['table'] = 'kronolith_events';
+$conf['calendar']['params']['driverconfig'] = 'horde';
+$conf['calendar']['params']['utc'] = true;
+$conf['calendar']['driver'] = 'sql';
+$conf['storage']['params']['table'] = 'kronolith_storage';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['calendars']['driver'] = 'default';
+$conf['resource']['params']['table'] = 'kronolith_resources';
+$conf['resource']['params']['driverconfig'] = 'horde';
+$conf['resource']['params']['utc'] = true;
+$conf['resource']['driver'] = 'sql';
+$conf['autoshare']['shareperms'] = 'none';
+$conf['share']['notify'] = false;
+$conf['holidays']['enable'] = true;
+$conf['menu']['import_export'] = true;
+$conf['maps']['driver'] = false;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/mnemo/conf.php.j2 b/roles/horde/templates/horde/mnemo/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..31cbd097b3c368f3f0e02db3b69cf14b4bd97917
--- /dev/null
+++ b/roles/horde/templates/horde/mnemo/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: d97e56b407852ff0a86c7d88c9a57c8f3089e82f $
+$conf['storage']['params']['table'] = 'mnemo_memos';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['notepads']['driver'] = 'default';
+$conf['menu']['import_export'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/nag/conf.php.j2 b/roles/horde/templates/horde/nag/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ae4e5425009b0b717824ec5fa4ba125474a0a95d
--- /dev/null
+++ b/roles/horde/templates/horde/nag/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 7a2eb8e9002cee73d99d618dfb6509a56ab639ec $
+$conf['storage']['params']['table'] = 'nag_tasks';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['tasklists']['driver'] = 'default';
+$conf['menu']['import_export'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/trean/conf.php.j2 b/roles/horde/templates/horde/trean/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b1e7d1a5d75c47a3bcd751a35d018c6d7092a00d
--- /dev/null
+++ b/roles/horde/templates/horde/trean/conf.php.j2
@@ -0,0 +1,10 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 5622bdf8096764a63c7e1039b09edb337bd46a0f $
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['content_index']['enabled'] = false;
+$conf['favicons']['type'] = 'horde';
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/turba/conf.php.j2 b/roles/horde/templates/horde/turba/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..aebb5b9cf331a8d149e6db35d22e5f2b4d117a0d
--- /dev/null
+++ b/roles/horde/templates/horde/turba/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 4cd616848fb2e5c81200bf7c65930e9086ec2dcd $
+$conf['menu']['import_export'] = true;
+$conf['shares']['source'] = 'localsql';
+$conf['comments']['allow'] = true;
+$conf['documents']['type'] = 'horde';
+$conf['tags']['enabled'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/nginx/sites-available/horde.j2 b/roles/horde/templates/nginx/sites-available/horde.j2
index cbf84402e869e2fbd8675874a93210f358b04a34..cc91c95244eb9816958d6602100e2ba9a4725faf 100644
--- a/roles/horde/templates/nginx/sites-available/horde.j2
+++ b/roles/horde/templates/nginx/sites-available/horde.j2
@@ -1,17 +1,16 @@
{{ ansible_header | comment }}
server {
- listen {{ glob_horde.admin_src_hostname }}:80;
- listen {{ loc_horde.ipv6 }}:80 ipv6only=on;
- server_name {{ glob_horde.admin_src_hostname }} {{ glob_horde.src_hostname }};
+ listen [{{ horde.ipv6 }}]:80;
+ server_name {{ horde.admin_src_hostname }} {{ horde.src_hostname }};
root /usr/share/;
location / {
- return 302 https://{{ glob_horde.dest_hostname }}/horde;
+ return 302 https://{{ horde.dest_hostname }}/horde;
}
include "snippets/php.conf";
- set_real_ip_from {{ glob_horde.zone_ipv4 }};
- set_real_ip_from {{ glob_horde.zone_ipv6 }};
+ set_real_ip_from {{ horde.zone_ipv4 }};
+ set_real_ip_from {{ horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}
diff --git a/roles/horde/templates/nginx/sites-available/webmail.j2 b/roles/horde/templates/nginx/sites-available/webmail.j2
index 71270f89204cded39f28fc063634569e0b7949ef..a8896e5bd01f47b28de5b87d3106e2da657c6149 100644
--- a/roles/horde/templates/nginx/sites-available/webmail.j2
+++ b/roles/horde/templates/nginx/sites-available/webmail.j2
@@ -1,12 +1,11 @@
{{ ansible_header | comment }}
server {
- listen {{ glob_horde.admin_dest_hostname }}:80;
- listen {{ loc_horde.ipv6 }}:80;
- server_name {{ glob_horde.dest_hostname }} {{ glob_horde.admin_dest_hostname }};
+ listen {{ horde.ipv4 }}:80;
+ server_name {{ horde.dest_hostname }} {{ horde.admin_dest_hostname }};
root /usr/share/;
location / {
- return 302 {{ glob_horde.redirection }};
+ return 302 {{ horde.redirection }};
}
location /horde {
try_files $uri $uri/ /horde/rampage.php?$args;
@@ -14,8 +13,8 @@ server {
}
include "snippets/php.conf";
- set_real_ip_from {{ glob_horde.zone_ipv4 }};
- set_real_ip_from {{ glob_horde.zone_ipv6 }};
+ set_real_ip_from {{ horde.zone_ipv4 }};
+ set_real_ip_from {{ horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}
diff --git a/roles/moinmoin/templates/cron.d/moinmoin.j2 b/roles/moinmoin/templates/cron.d/moinmoin.j2
index 6c58ebd457ab9daff72dc1e4b222f1826a4b5fab..b9be386126ffc4253a086239ff48b652dfeb92cf 100644
--- a/roles/moinmoin/templates/cron.d/moinmoin.j2
+++ b/roles/moinmoin/templates/cron.d/moinmoin.j2
@@ -1,13 +1,13 @@
{{ ansible_header | comment }}
-# Generate calendars
-0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/EventsBDE.py > /var/local/calendrier/bde.ics
-0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/EventsCrans.py > /var/local/calendrier/crans.ics
-0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/Sports.py > /var/local/calendrier/sports.ics
-
# Generate sitemap
5 5 * * * /usr/bin/wget "http://wiki.adm.crans.org/PageAccueil?action=sitemap" -O /var/local/moin_htdocs_crans/www-sitemap.xml
# Cleanup
17 3 * * * www-data /usr/bin/find /var/local/wiki/data/cache/__session__ -mtime +30 -delete
27 3 * * * www-data /usr/bin/find /var/local/wiki/tickets -mtime +30 -delete
+{% if not moinmoin.main %}
+
+# Sync main wiki to backup
+02 02 * * * root rsync -a4 --exclude "attachments" rsync://kiwi.adm.crans.org/wiki /var/local/wiki
+{% endif %}
diff --git a/roles/moinmoin/templates/moin/mywiki.py.j2 b/roles/moinmoin/templates/moin/mywiki.py.j2
index a71d97dfcec4c99021d292630fa4034566661e10..f21a1d7fa0a6958a5c16340250f82c09c4db404b 100644
--- a/roles/moinmoin/templates/moin/mywiki.py.j2
+++ b/roles/moinmoin/templates/moin/mywiki.py.j2
@@ -48,10 +48,11 @@ class Config(FarmConfig):
# This is checked by some rather critical and potentially harmful actions,
# like despam or PackageInstaller action:
- superuser= [u"PeBecue", u"Wiki20-100", u"WikiB2moo", u"WikiBoudy", u"Benjamin", u"WikiPollion", u"Fardale", u"WikiErdnaxe"]
+ # WikiShirenn is a giant avocado https://youtu.be/UJeH8gcjuj0
+ superuser= [u"PeBecue", u"Wiki20-100", u"WikiB2moo", u"WikiBoudy", u"Benjamin", u"WikiPollion", u"Fardale", u"WikiErdnaxe", u"WikiShirenn"]
# Custom logo
- logo_string = u'<img src="/wiki/logo.png" alt="Crans" height="60">'
+ logo_string = u'<img src="/wiki/logo.svg" alt="Crans" height="60">'
# French by default
language_default = 'fr'
@@ -139,22 +140,42 @@ class Config(FarmConfig):
auth = [
moin.MoinAuth(),
+{% if moinmoin.main %}
cas.CASAuth("https://cas.crans.org",
fallback_url='https://wiki.crans.org/',
ticket_path='/var/local/wiki/tickets/',
assoc_path='/var/local/wiki/assowiki/',
),
ip_range.IpRange(
- local_nets=['185.230.76.0/22', '10.53.0.0/16', '10.54.0.0/16', '2a0c:700:0::/40'],
+ local_nets=[
+ '185.230.76.0/22', # ENS
+ '185.230.79.0/23', # test pour zamok
+ '10.53.0.0/16',
+ '10.54.0.0/16',
+ '2a0c:700:0::/40',
+ '45.66.108.0/22', # IPv4 Aurore
+ '2a09:6840::/29' # IPv6 Aurore
+ ],
actions=['newaccount'],
actions_msg={'newaccount':"La création de comptes n'est autorisée que depuis le réseau du Cr@ns ou sur zamok."},
),
categorie_public.PublicCategories(pub_cats=[u'Cat\xe9goriePagePublique']), # Avec trusted à False, les acl de Known s'appliquent
+{% endif %}
]
# Force text editor as CKEditor is broken
editor_force = True
def ip_autorised_create_account(self,ip):
+{% if moinmoin.main %}
return ip.startswith('185.230.76.') or ip.startswith('185.230.77.') or ip.startswith('185.230.78.') or ip.startswith('185.230.79.') or ip.startswith('10.') or ip.startswith('2a0c:700:0:')
-
+{% else %}
+ return False
+{% endif %}
+
+{% if not moinmoin.main %}
+ # Stop new accounts being created
+ actions_excluded = config.multiconfig.DefaultConfig.actions_excluded + [
+ 'newaccount', 'recoverpass'
+ ]
+{% endif %}
diff --git a/roles/moinmoin/templates/nginx/sites-available/wiki.j2 b/roles/moinmoin/templates/nginx/sites-available/wiki.j2
index 40e68cbc5e1199768eda6235b6c2d3acdb1ec578..4c7482f094d71b7dbb05793526257b12007fe60a 100644
--- a/roles/moinmoin/templates/nginx/sites-available/wiki.j2
+++ b/roles/moinmoin/templates/nginx/sites-available/wiki.j2
@@ -3,7 +3,7 @@
server {
listen 80;
listen [::]:80;
- server_name wiki.crans.org;
+ server_name wiki.adm.crans.org;
access_log /var/log/nginx/wiki.log combined;
error_log /var/log/nginx/wiki.error.log;
@@ -25,10 +25,7 @@ server {
include uwsgi_params;
}
- set_real_ip_from 10.231.136.0/24;
- set_real_ip_from 2a0c:700:0::/48;
- set_real_ip_from 185.230.76.0/22; #filaire publique
- set_real_ip_from 10.53.0.0/16; #nat des machines wifi crans
- set_real_ip_from 10.54.0.0/16; #nat des machines filaires crans
+ set_real_ip_from 172.16.10.0/24;
+ set_real_ip_from fd00:0:0:10::/64;
real_ip_header X-Real-Ip;
}
diff --git a/roles/ninjabot/tasks/main.yml b/roles/ninjabot/tasks/main.yml
index 768cad9731f5b0b70913105c5b81038e5c15006a..1ea0787ab171d0b3b5922e256a3de883bad01a4e 100644
--- a/roles/ninjabot/tasks/main.yml
+++ b/roles/ninjabot/tasks/main.yml
@@ -17,18 +17,18 @@
retries: 3
until: apt_result is succeeded
-- name: Deploy NinjaBot main systemd unit
+- name: Clone NinjaBot code
+ git:
+ repo: https://gitlab.adm.crans.org/nounous/NinjaBot.git
+ dest: /var/local/ninjabot
+ version: master
+
+- name: Deploy NinjaBot systemd unit
template:
src: systemd/system/ninjabot.service.j2
dest: /etc/systemd/system/ninjabot.service
mode: 0644
-- name: Deploy NinjaBot webhook systemd unit
- template:
- src: systemd/system/ninjabot-webhook.service.j2
- dest: /etc/systemd/system/ninjabot-webhook.service
- mode: 0644
-
- name: Load and activate NinjaBot service
systemd:
name: ninjabot
@@ -36,13 +36,6 @@
enabled: true
state: started
-- name: Load and activate NinjaBot webook service
- systemd:
- name: ninjabot-webhook
- daemon_reload: true
- enabled: true
- state: started
-
- name: Indicate NinjaBot in motd
template:
src: update-motd.d/05-service.j2
diff --git a/roles/ninjabot/templates/systemd/system/ninjabot-webhook.service.j2 b/roles/ninjabot/templates/systemd/system/ninjabot-webhook.service.j2
deleted file mode 100644
index 3fbf9b82e2ea62d947693160aca6bd2877292b74..0000000000000000000000000000000000000000
--- a/roles/ninjabot/templates/systemd/system/ninjabot-webhook.service.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-{{ ansible_header | comment }}
-[Unit]
-Description=NinjaBot WebHook server
-After=network.target ninjabot.service
-
-[Service]
-Type=simple
-WorkingDirectory=/var/local/ninjabot
-User=ninjabot
-Group=nogroup
-ExecStart=/usr/bin/python3 /var/local/ninjabot/main.py
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/ninjabot/templates/systemd/system/ninjabot.service.j2 b/roles/ninjabot/templates/systemd/system/ninjabot.service.j2
index 4a9886ca9672c09cb584d87b2b9596e1c7c86475..8c88045b5ee0650d470c8a1f7e2f29280d7122db 100644
--- a/roles/ninjabot/templates/systemd/system/ninjabot.service.j2
+++ b/roles/ninjabot/templates/systemd/system/ninjabot.service.j2
@@ -6,9 +6,9 @@ After=network.target
[Service]
Type=simple
WorkingDirectory=/var/local/ninjabot
-User=ninjabot
+User=nobody
Group=nogroup
-ExecStart=/usr/bin/python3 /var/local/ninjabot/ninjabot.py
+ExecStart=/usr/bin/python3 /var/local/ninjabot/main.py
Restart=always
[Install]
diff --git a/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2 b/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2
index 28c27f277240f49d06bff60bea64eef8d262cbe9..1b61324dc712eb10281e4e8fceb924ada825de56 100644
--- a/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2
+++ b/roles/prometheus-alertmanager/templates/prometheus/alertmanager.yml.j2
@@ -58,5 +58,5 @@ inhibit_rules:
receivers:
- name: 'webhook-ninjabot'
webhook_configs:
- - url: 'http://fyre.adm.crans.org:5000/'
+ - url: 'http://localhost:5000/'
send_resolved: true
diff --git a/roles/prometheus-node-exporter/templates/default/prometheus-node-exporter.j2 b/roles/prometheus-node-exporter/templates/default/prometheus-node-exporter.j2
index 819d243a9ebfc2ed3bab51e96753c9017eaaccfb..9610d2d43a71b5502c080252e5800d10a81725a1 100644
--- a/roles/prometheus-node-exporter/templates/default/prometheus-node-exporter.j2
+++ b/roles/prometheus-node-exporter/templates/default/prometheus-node-exporter.j2
@@ -4,7 +4,7 @@
# Due to shell scaping, to pass backslashes for regexes, you need to double
# them (\\d for \d). If running under systemd, you need to double them again
# (\\\\d to mean \d), and escape newlines too.
-ARGS="--web.listen-address={{ adm_ipv4 }}:9100"
+ARGS="--web.listen-address={{ query('ldap', 'ip', ansible_hostname, 10) | ipv4 | first }}:9100"
# Prometheus-node-exporter supports the following options:
#
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 884b859ea69d5dda2cc83bbacc8565c4f4c84578..e3bfc5bc4c6d570712eb55291663fe497c31e6e1 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -11,12 +11,14 @@
template:
src: prometheus/prometheus.yml.j2
dest: /etc/prometheus/prometheus.yml
+ mode: 0644
notify: Restart Prometheus
- name: Configure Prometheus alert rules
template:
src: "prometheus/{{ item }}.j2"
dest: "/etc/prometheus/{{ item }}"
+ mode: 0644
notify: Restart Prometheus
loop:
- alert.rules.yml
@@ -27,18 +29,21 @@
copy:
content: "{{ [{'targets': prometheus.node_targets}] | to_nice_json }}"
dest: /etc/prometheus/targets.json
+ mode: 0644
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus UPS SNMP devices
copy:
content: "{{ [{'targets': prometheus.ups_snmp_targets}] | to_nice_json }}"
dest: /etc/prometheus/targets_ups_snmp.json
+ mode: 0644
# We don't need to restart Prometheus when updating nodes
- name: Configure Prometheus Ubiquity Unifi SNMP devices
copy:
content: "{{ [{'targets': prometheus.unifi_snmp_targets}] | to_nice_json }}"
dest: /etc/prometheus/targets_unifi_snmp.json
+ mode: 0644
when: prometheus.unifi_snmp_targets is defined
# We don't need to restart Prometheus when updating nodes
@@ -46,6 +51,7 @@
copy:
content: "{{ [{'targets': prometheus.apache_targets}] | to_nice_json }}"
dest: /etc/prometheus/targets_apache.json
+ mode: 0644
when: prometheus.apache_targets is defined
# We don't need to restart Prometheus when updating nodes
@@ -53,6 +59,7 @@
copy:
content: "{{ [{'targets': prometheus.blackbox_targets}] | to_nice_json }}"
dest: /etc/prometheus/targets_blackbox.json
+ mode: 0644
when: prometheus.blackbox_targets is defined
- name: Activate prometheus service
diff --git a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2
index f1a09d1ddfafd8c742aa09f723ee5fe69bcf970b..739806d30d471227cce6da4730d3893282f069ed 100644
--- a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2
+++ b/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2
@@ -1,2 +1,2 @@
{{ ansible_header | comment }}
-deb http://download.proxmox.com/debian/pve {{ ansible_lsb.codename }} pve-no-subscription
+deb http://mirror.adm.crans.org/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription