From ab78352554ed2011ee104db7204dcac180dd45e2 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Thu, 24 Feb 2022 13:22:00 +0100
Subject: [PATCH] Au revoir cachan :'(
---
group_vars/all/borg.yml | 2 +-
group_vars/cachan/home_nounou.yml | 4 +-
group_vars/cachan/ldap.yml | 7 --
group_vars/cachan/mirror.yml | 8 --
group_vars/cachan/network_interfaces.yml | 12 --
.../cachan/prometheus_nginx_exporter.yaml | 3 -
group_vars/cachan/rsyslog_client.yml | 3 -
host_vars/charybde.cachan-adm.crans.org.yml | 30 -----
host_vars/fyre.cachan-adm.crans.org.yml | 103 ------------------
host_vars/gulp.cachan-adm.crans.org.yml | 58 ----------
host_vars/re2o-ldap.cachan-adm.crans.org.yml | 3 -
host_vars/re2o.cachan-adm.crans.org.yml | 51 ---------
host_vars/rodauh.cachan-adm.crans.org.yml | 28 -----
.../bird.yml | 34 ------
.../dhcp.yml | 62 -----------
.../firewall.yml | 9 --
.../radius.yml | 25 -----
.../radvd.yml | 24 ----
.../vars.yml | 10 --
host_vars/terenez.cachan-adm.crans.org.yml | 41 -------
host_vars/unifi.cachan-adm.crans.org.yml | 5 -
host_vars/vol447.adm.crans.org.yml | 12 +-
hosts | 59 +---------
plays/firewall.yml | 6 +-
plays/root.yml | 2 +-
25 files changed, 14 insertions(+), 587 deletions(-)
delete mode 100644 group_vars/cachan/ldap.yml
delete mode 100644 group_vars/cachan/mirror.yml
delete mode 100644 group_vars/cachan/prometheus_nginx_exporter.yaml
delete mode 100644 group_vars/cachan/rsyslog_client.yml
delete mode 100644 host_vars/fyre.cachan-adm.crans.org.yml
delete mode 100644 host_vars/gulp.cachan-adm.crans.org.yml
delete mode 100644 host_vars/re2o-ldap.cachan-adm.crans.org.yml
delete mode 100644 host_vars/re2o.cachan-adm.crans.org.yml
delete mode 100644 host_vars/rodauh.cachan-adm.crans.org.yml
delete mode 100644 host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
delete mode 100644 host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
delete mode 100644 host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
delete mode 100644 host_vars/routeur-gulp.cachan-adm.crans.org/radius.yml
delete mode 100644 host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
delete mode 100644 host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
delete mode 100644 host_vars/terenez.cachan-adm.crans.org.yml
delete mode 100644 host_vars/unifi.cachan-adm.crans.org.yml
diff --git a/group_vars/all/borg.yml b/group_vars/all/borg.yml
index e719aab1..019a7c55 100644
--- a/group_vars/all/borg.yml
+++ b/group_vars/all/borg.yml
@@ -7,7 +7,7 @@ glob_borg:
- /var
path: /backup/borg
remote:
- - borg@zephir.adm.crans.org:/backup/borg/{{ ansible_hostname }}
+ - borg@zephir-c.adm.crans.org:/backup/borg/{{ ansible_hostname }}
retention:
- ["daily", 4]
- ["monthly", 6]
diff --git a/group_vars/cachan/home_nounou.yml b/group_vars/cachan/home_nounou.yml
index 3623495d..fe17e060 100644
--- a/group_vars/cachan/home_nounou.yml
+++ b/group_vars/cachan/home_nounou.yml
@@ -1,8 +1,8 @@
---
glob_home_nounou:
mounts:
- - ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
- mountpoint: /rpool/home
+ - ip: "{{ query('ldap', 'ip', 'charybde', 'cachan-adm') | ipv4 | first }}"
+ mountpoint: /pool/home
target: /home_nounou
name: home_nounou
owner: root
diff --git a/group_vars/cachan/ldap.yml b/group_vars/cachan/ldap.yml
deleted file mode 100644
index 80a4d119..00000000
--- a/group_vars/cachan/ldap.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-glob_ldap:
- uri: 'ldaps://re2o-ldap.cachan-adm.crans.org/'
- users_base: 'cn=Utilisateurs,dc=crans,dc=org'
- servers:
- - "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
- base: 'dc=crans,dc=org'
diff --git a/group_vars/cachan/mirror.yml b/group_vars/cachan/mirror.yml
deleted file mode 100644
index a0031f73..00000000
--- a/group_vars/cachan/mirror.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-glob_mirror:
- hostname: mirror.cachan-adm.crans.org
- ip: 172.17.10.30
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-debian_components: main contrib non-free
-proxmox_mirror: http://mirror.cachan-adm.crans.org/proxmox/debian/pve
diff --git a/group_vars/cachan/network_interfaces.yml b/group_vars/cachan/network_interfaces.yml
index 433e0478..49d2501f 100644
--- a/group_vars/cachan/network_interfaces.yml
+++ b/group_vars/cachan/network_interfaces.yml
@@ -1,23 +1,11 @@
---
glob_network_interfaces:
vlan:
- - name: cachan_srv
- id: 2
- gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
- dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
- gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
- - name: cachan_srv_nat
- id: 3
- gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv4 | first }}"
- dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv4 | first }}"
- gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv6 | first }}"
- name: cachan_adm
id: 10
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
extra:
- "post-up /sbin/ip route add 172.16.10.0/24 via {{ query('ldap', 'ip', 'terenez', 'cachan-adm') | ipv4 | first }}"
- # extra_v6:
- # - "post-up /sbin/ip -6 route add fd00:0:0:10::/64 {{ query('ldap', 'ip', 'terenez', 'cachan-adm') | ipv6 | first }}"
- name: infra
id: 11
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"
diff --git a/group_vars/cachan/prometheus_nginx_exporter.yaml b/group_vars/cachan/prometheus_nginx_exporter.yaml
deleted file mode 100644
index 2634838b..00000000
--- a/group_vars/cachan/prometheus_nginx_exporter.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-glob_prometheus_nginx_exporter:
- listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
diff --git a/group_vars/cachan/rsyslog_client.yml b/group_vars/cachan/rsyslog_client.yml
deleted file mode 100644
index 86f2d0f4..00000000
--- a/group_vars/cachan/rsyslog_client.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-glob_rsyslog_client:
- server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
diff --git a/host_vars/charybde.cachan-adm.crans.org.yml b/host_vars/charybde.cachan-adm.crans.org.yml
index da91159e..5b4fd7f9 100644
--- a/host_vars/charybde.cachan-adm.crans.org.yml
+++ b/host_vars/charybde.cachan-adm.crans.org.yml
@@ -3,39 +3,9 @@ debian_mirror: 'file:/pool/mirror/pub/debian'
interfaces:
cachan_adm: eth0.10
- cachan_srv: eth1.2
infra: eth0.111
loc_ntp_server:
open:
- 172.17.10.0/24
- 172.16.32.0/22
-
-loc_vsftpd:
- anonymous:
- root: /pool/mirror/pub
-
-loc_ftpsync:
- root: /pool/mirror/pub
-
-loc_rsync_mirror:
- root: /pool/mirror/pub
-
-loc_apt_mirror:
- root: /pool/mirror/pub
-
-loc_nginx:
- service_name: ftp
- ssl: []
- servers:
- - server_name:
- - "mirror"
- - "mirror.*"
- root: "/pool/mirror/pub"
- locations:
- - filter: "/"
- params:
- - "autoindex on"
- - "autoindex_exact_size off"
- - "add_before_body /.html/HEADER.html"
- - "add_after_body /.html/FOOTER.html"
diff --git a/host_vars/fyre.cachan-adm.crans.org.yml b/host_vars/fyre.cachan-adm.crans.org.yml
deleted file mode 100644
index 5fd7f265..00000000
--- a/host_vars/fyre.cachan-adm.crans.org.yml
+++ /dev/null
@@ -1,103 +0,0 @@
----
-interfaces:
- cachan_adm: ens18
- infra: ens19
-
-glob_snmp_exporter:
- procurve_password: "{{ vault.snmp_procurve_password }}"
- unifi_password: "{{ vault.snmp_unifi_password }}"
-
-loc_ninjabot:
- config:
- nick: fyre
- server: irc.adm.crans.org
- port: 6667
- channel: "#monitoring"
-
-loc_prometheus:
- node:
- file: targets_node.json
- targets: "{{ groups['server'] | select('match', '^.*\\.cachan-adm\\.crans\\.org$') | list | sort }}"
- config:
- - job_name: servers
- file_sd_configs:
- - files:
- - '/etc/prometheus/targets_node.json'
- relabel_configs:
- - source_labels: [__address__]
- target_label: __param_target
- - source_labels: [__param_target]
- target_label: instance
- - source_labels: [__param_target]
- target_label: __address__
- replacement: '$1:9100'
-
- ups_snmp:
- file: targets_ups_snmp.json
- targets:
- - pulsar.cachan-adm.crans.org # 0B
- - quasar.cachan-adm.crans.org # 4J
- config:
- - job_name: ups_snmp
- file_sd_configs:
- - files:
- - '/etc/prometheus/targets_ups_snmp.json'
- metrics_path: /snmp
- params:
- module: [eatonups]
- relabel_configs:
- - source_labels: [__address__]
- target_label: __param_target
- - source_labels: [__param_target]
- target_label: instance
- - target_label: __address__
- replacement: 127.0.0.1:9116
-
- unifi_snmp:
- file: targets_unifi_snmp.json
- targets: "{{ groups['crans_unifi'] | list | sort }}"
- config:
- - job_name: unifi_snmp
- file_sd_configs:
- - files:
- - '/etc/prometheus/targets_unifi_snmp.json'
- metrics_path: /snmp
- params:
- module: [ubiquiti_unifi]
- relabel_configs:
- - source_labels: [__address__]
- target_label: __param_target
- - source_labels: [__param_target]
- target_label: instance
- - target_label: __address__
- replacement: 127.0.0.1:9116
-
- nginx:
- file: targets_nginx.json
- targets: "{{ groups['nginx'] | select('match', '^.*\\.cachan-adm\\.crans\\.org$') | list | sort }}"
- config:
- - job_name: nginx
- file_sd_configs:
- - files:
- - '/etc/prometheus/targets_nginx.json'
- relabel_configs:
- - source_labels: [__address__]
- target_label: instance
- - source_labels: [instance]
- target_label: __address__
- replacement: '$1:9117'
-
- mtail:
- file: targets_mtail.json
- targets:
- - gulp.cachan-adm.crans.org
- config:
- - job_name: mtail
- static_configs:
- - targets: ["gulp.cachan-adm.crans.org"]
- relabel_configs:
- - source_labels: [__address__]
- target_label: instance
- - source_labels: [instance]
- target_label: __address__
- replacement: '$1:3903'
diff --git a/host_vars/gulp.cachan-adm.crans.org.yml b/host_vars/gulp.cachan-adm.crans.org.yml
deleted file mode 100644
index ce3a5eb0..00000000
--- a/host_vars/gulp.cachan-adm.crans.org.yml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-loc_slapd:
- ip: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
- replica: true
- replica_rid: 5
-
-glob_ntp_client:
- servers:
- - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-proxmox_mirror: http://mirror.cachan-adm.crans.org/proxmox/debian/pve
-
-loc_debian_images:
- rsync_host: 'mirror.cachan-adm.crans.org'
- rsync_module: 'ftp'
-
-loc_postgres:
- subnets:
- - 172.17.10.0/24
- - fd00:0:0:3010::/64
- version: 11
- hosts:
- - {db: re2o, user: re2o}
- addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
- backup:
- dir: /var/local/db-backup
- frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"
-
-loc_borg:
- remote:
- - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
- ssh_options: ""
-
-glob_prometheus_node_exporter:
- listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_server:
- name: gulp
- root: /var/log
- rules:
- - name: cablage
- rotate: 365
- ips:
- - 172.16.33
- - 172.16.34
- programs:
- - firewall
- - radiusd
- - dhcpd
- modules:
- - name: imudp
- index: 53
- - name: imrelp
- index: 52
- vars:
- - name: InputRELPServerRun
- value: 20514
diff --git a/host_vars/re2o-ldap.cachan-adm.crans.org.yml b/host_vars/re2o-ldap.cachan-adm.crans.org.yml
deleted file mode 100644
index 4dc1ad62..00000000
--- a/host_vars/re2o-ldap.cachan-adm.crans.org.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-interfaces:
- cachan_adm: ens18
diff --git a/host_vars/re2o.cachan-adm.crans.org.yml b/host_vars/re2o.cachan-adm.crans.org.yml
deleted file mode 100644
index d9635258..00000000
--- a/host_vars/re2o.cachan-adm.crans.org.yml
+++ /dev/null
@@ -1,51 +0,0 @@
----
-interfaces:
- cachan_adm: ens18
- cachan_srv_nat: ens19
-
-loc_re2o:
- owner: root
- group: _nounou
- version: crans
- settings_local_owner: www-data
- settings_local_group: _nounou
-
- django_secret_key: "{{ vault.re2o_django_secret_key }}"
- aes_key: "{{ vault.re2o_aes_key }}"
- admins:
- - ('Root', 'root@crans.org')
- allowed_hosts:
- - "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
- - "[{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv6 | first }}]"
- - "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
- - "[{{ query('ldap', 'ip', 'c3po', 'adm') | ipv6 | first }}]"
- - re2o.cachan-adm.crans.org
- - intranet.cachan-adm.crans.org
- - re2o.adm.crans.org
- - re2o.crans.org
- - intranet.crans.org
- from_email: "root@crans.org"
- ldap:
- master_password: "{{ vault.ldap_master_password }}"
- uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
- dn: "cn=admin,dc=crans,dc=org"
- database:
- password: "{{ vault.re2o_db_password }}"
- uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
-
-loc_nginx:
- real_ip_from:
- - "172.17.0.0/16"
- - "fd00:0:0:3000::/56"
-
-loc_re2o_front:
- server_names:
- - "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
- - "[{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv6 | first }}]"
- - "{{ query('ldap', 'ip', 'c3po', 'adm') | ipv4 | first }}"
- - "[{{ query('ldap', 'ip', 'c3po', 'adm') | ipv6 | first }}]"
- - re2o.cachan-adm.crans.org
- - intranet.cachan-adm.crans.org
- - re2o.adm.crans.org
- - re2o.crans.org
- - intranet.crans.org
diff --git a/host_vars/rodauh.cachan-adm.crans.org.yml b/host_vars/rodauh.cachan-adm.crans.org.yml
deleted file mode 100644
index 5bcdded4..00000000
--- a/host_vars/rodauh.cachan-adm.crans.org.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-interfaces:
- cachan_adm: ens18
- cachan_srv: ens19
-
-loc_certbot:
- - mail: root@crans.org
- certname: crans.org
- domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
-
-loc_nginx:
- servers: []
- ssl:
- - name: crans.org
- cert: /etc/letsencrypt/live/crans.org/fullchain.pem
- cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
- trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
- real_ip_from:
- - "172.17.0.0/16"
- - "fd00:0:0:3000::/56"
-
-loc_reverseproxy:
- reverseproxy_sites:
- - {from: mirrors.crans.org, to: 172.17.10.30}
- - {from: intranet.crans.org, to: 172.17.10.203}
- - {from: re2o.crans.org, to: 172.17.10.203}
-
- redirect_sites: []
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
deleted file mode 100644
index f8a8c03e..00000000
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/bird.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-loc_bird:
- ipv4:
- id: 158.255.113.73
- binds:
- - 158.255.113.73
- statics:
- - 185.230.76.0/24
- bgps:
- - name: zayo
- allow_local_as: 1
- local:
- as: 204515
- remote:
- as: 8218
- address: 158.255.113.72
- allow_export_prefixes:
- - 185.230.76.0/22+
- ipv6:
- id: 185.230.79.62
- binds:
- - 2001:1b48:2:103::bb:2
- statics:
- - 2a0c:700:3000::/36
- bgps:
- - name: zayo
- allow_local_as: 1
- local:
- as: 204515
- remote:
- as: 8218
- address: 2001:1b48:2:103::bb:1
- allow_export_prefixes:
- - 2a0c:700::/32+
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
deleted file mode 100644
index 23085035..00000000
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/dhcp.yml
+++ /dev/null
@@ -1,62 +0,0 @@
----
-loc_dhcp:
- authoritative: true
- subnets:
- - network: "185.230.76.0/26"
- deny_unknown: true
- vlan: "cachan_adh"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "185.230.76.62"
- dns: ["185.230.76.62"]
- domain_name: "adh.crans.org"
- domain_search: "adh.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.cachan-adh.crans.org.list"
- - network: "100.64.0.0/16"
- deny_unknown: true
- vlan: "adh_nat"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.64.0.99"
- dns: ["100.64.0.99"]
- domain_name: "adh-nat.crans.org"
- domain_search: "adh-nat.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- - network: "172.16.32.0/22"
- deny_unknown: true
- vlan: "infra"
- default_lease_time: "600"
- max_lease_time: "7200"
- dns: ["172.16.32.99"]
- domain_name: "infra.crans.org"
- domain_search: "infra.crans.org"
- options: []
- lease_file: "/var/local/services/dhcp/generated/dhcp.infra.crans.org.list"
- - network: 100.65.0.0/16
- vlan: "federez"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.65.0.99"
- dns: ["100.65.0.99"]
- domain_name: "federez.net"
- domain_search: "federez.net"
- ranges:
- - min: 100.65.1.0
- max: 100.65.255.254
- options: []
-
-loc_service_dhcp:
- re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
- user: services
- password: "{{ vault.re2o_service_password }}"
- git:
- remote: https://gitlab.adm.crans.org/nounous/dhcp.git
- version: cachan
- config:
- subnets:
- adh-nat.crans.org: 100.64.0.0/16
- cachan-adh.crans.org: 185.230.76.0/26
- infra.crans.org: 172.16.32.0/22
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
deleted file mode 100644
index 71e8b808..00000000
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/firewall.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-loc_service_firewall:
- re2o:
- hostname: "{{ query('ldap', 'ip', 're2o', 'cachan-adm') | ipv4 | first }}"
- user: services
- password: "{{ vault.re2o_service_password }}"
- git:
- remote: https://gitlab.adm.crans.org/nounous/firewall.git
- version: gulp
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/radius.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/radius.yml
deleted file mode 100644
index 0b31409d..00000000
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/radius.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-loc_re2o:
- owner: freerad
- group: _nounou
- version: master_freeradius_python3
- settings_local_owner: freerad
- settings_local_group: _nounou
-
- django_secret_key: "{{ vault.re2o_django_secret_key }}"
- aes_key: "{{ vault.re2o_aes_key }}"
- admins:
- - ('Root', 'root@crans.org')
- allowed_hosts:
- - 're2o.cachan-adm.crans.org'
- - 'intranet.cachan-adm.crans.org'
- from_email: "root@crans.org"
- ldap:
- master_password: "{{ vault.ldap_master_password }}"
- uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'cachan-adm') | ipv4 | first }}/"
- dn: "cn=admin,dc=crans,dc=org"
- database:
- password: "{{ vault.re2o_db_password }}"
- uri: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
-
- optional_apps: []
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
deleted file mode 100644
index c35b4746..00000000
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/radvd.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-loc_radvd:
- subnets:
- - name: cachan_adh
- prefix: 2a0c:700:3012::/64
- dnssl: adh.crans.org
- dns:
- - "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adh') | ipv6 | first }}"
- - name: adh_nat
- prefix: 2a0c:700:3013::/64
- dnssl: adh-nat.crans.org
- dns:
- - "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adh') | ipv6 | first }}"
- - name: federez
- prefix: 2a0c:700:254::/64
- dnssl: federez.net
- dns:
- - 2a0c:700:254::ff:fe00:99fe
- - name: infra
- prefix: fd00:0:0:11::/64
- no_gateway: true
- dnssl: infra.crans.org
- dns:
- - fd00::11:0:ff:fe00:9911
diff --git a/host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml b/host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
deleted file mode 100644
index cbda4b8f..00000000
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/vars.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-interfaces:
- adm: ens18
- srv: ens20
- srv_nat: ens21
- cachan_adh: ens22
- adh_nat: ens23
- infra: ens1
- zayo: ens2
- federez: enp1s3
diff --git a/host_vars/terenez.cachan-adm.crans.org.yml b/host_vars/terenez.cachan-adm.crans.org.yml
deleted file mode 100644
index 9b8435f2..00000000
--- a/host_vars/terenez.cachan-adm.crans.org.yml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-interfaces:
- cachan_adm: ens18
- cachan_srv: ens19
- infra: ens20
-
-# Don't route to adm so we redefine local network interfaces
-loc_network_interfaces:
- vlan:
- - name: cachan_srv
- id: 2
- gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
- dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
- gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
- - name: cachan_adm
- id: 10
- dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
- - name: infra
- id: 11
- dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"
-
-loc_ntp_server:
- open:
- - 172.17.10.0/24
- - 172.16.32.0/22
-
-loc_wireguard:
- tunnels:
- - name: "gulp"
- addresses:
- - "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv4 | first }}/24"
- - "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }}/64"
- listen_port: 51820
- private_key: "{{ vault.wireguard_terenez_private_key }}"
- peers:
- - public_key: "{{ vault.wireguard_vol447_public_key }}"
- allowed_ips:
- - "{{ query('ldap', 'network', 'adm') }}"
- - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
- endpoint: "{{ query('ldap', 'ip', 'vol447', 'srv') | ipv4 | first }}:51820"
- post_up: "/sbin/ip link set gulp alias adm"
diff --git a/host_vars/unifi.cachan-adm.crans.org.yml b/host_vars/unifi.cachan-adm.crans.org.yml
deleted file mode 100644
index f033a76a..00000000
--- a/host_vars/unifi.cachan-adm.crans.org.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-interfaces:
- cachan_adm: ens18
- cachan_srv_nat: ens19
- infra: ens20
diff --git a/host_vars/vol447.adm.crans.org.yml b/host_vars/vol447.adm.crans.org.yml
index 2aac8890..dd9dbf36 100644
--- a/host_vars/vol447.adm.crans.org.yml
+++ b/host_vars/vol447.adm.crans.org.yml
@@ -9,10 +9,10 @@ loc_wireguard:
listen_port: 51820
private_key: "{{ vault.wireguard_vol447_private_key }}"
peers:
- - public_key: "{{ vault.wireguard_terenez_public_key }}"
+ - public_key: "{{ vault.wireguard_charybde_public_key }}"
allowed_ips:
- - "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv4 | first }}/32"
- - "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }}/128"
- endpoint: "{{ query('ldap', 'ip', 'terenez', 'cachan-srv') | ipv4 | first }}:51820"
- post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }} dev ens18"
- post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }} dev ens18"
+ - "{{ query('ldap', 'ip', 'charybde', 'adm') | ipv4 | first }}/32"
+ - "{{ query('ldap', 'ip', 'charybde', 'adm') | ipv6 | first }}/128"
+ endpoint: "{{ query('ldap', 'ip', 'freebox', 'srv') | ipv4 | first }}:51820"
+ post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ipv6 | first }} dev ens18"
+ post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ipv6 | first }} dev ens18"
diff --git a/hosts b/hosts
index 8228d2d6..d96a730b 100644
--- a/hosts
+++ b/hosts
@@ -20,9 +20,6 @@ tealc.adm.crans.org
[belenios]
belenios.adm.crans.org
-[bird]
-routeur-gulp.cachan-adm.crans.org
-
[bird:children]
routeurs_vm
@@ -125,15 +122,12 @@ linx.adm.crans.org
mailman.adm.crans.org
[mtail]
-gulp.cachan-adm.crans.org
tealc.adm.crans.org
[mirror_backend]
-charybde.cachan-adm.crans.org
eclat.adm.crans.org
[mirror_frontend]
-charybde.cachan-adm.crans.org
tealc.adm.crans.org
[nginx]
@@ -157,7 +151,6 @@ wiki
[ntp_server]
charybde.cachan-adm.crans.org
eclat.adm.crans.org
-terenez.cachan-adm.crans.org
[opendkim:children]
mailman
@@ -173,11 +166,9 @@ ovh_physical
[postgres]
tealc.adm.crans.org
-gulp.cachan-adm.crans.org
[postgres:children]
virtu_adm
-virtu_cachan
[prefix_delegation]
routeur-sam.adm.crans.org
@@ -189,27 +180,21 @@ helloworld.adm.crans.org
[prometheus]
monitoring.adm.crans.org
-fyre.cachan-adm.crans.org
[prometheus_alertmanager]
monitoring.adm.crans.org
-[radius]
-routeur-gulp.cachan-adm.crans.org
-
[radvd:children]
routeurs_vm
[re2o]
-# re2o.adm.crans.org
-re2o.cachan-adm.crans.org
+re2o.adm.crans.org
[re2o:children]
radius
[re2o_front]
-# re2o.adm.crans.org
-re2o.cachan-adm.crans.org
+re2o.adm.crans.org
[re2o_ldap_replica]
re2o-dev.adm.crans.org
@@ -217,7 +202,6 @@ yson-partou.adm.crans.org
[reverseproxy]
hodaur.adm.crans.org
-rodauh.cachan-adm.crans.org
sputnik.adm.crans.org
[reverseproxy:children]
@@ -226,43 +210,30 @@ gitlab
[roundcube]
roundcube.adm.crans.org
-[routeurs_cachan]
-routeur-gulp.cachan-adm.crans.org
-
[routeurs_vm]
routeur-daniel.adm.crans.org
routeur-jack.adm.crans.org
routeur-sam.adm.crans.org
-[routeurs_vm:children]
-routeurs_cachan
-
[rsyncd]
-charybde.cachan-adm.crans.org
eclat.adm.crans.org
[rsyslog_server]
-gulp.cachan-adm.crans.org
tealc.adm.crans.org
[snmp]
monitoring.adm.crans.org
helloworld.adm.crans.org
-[unifi]
-unifi.cachan-adm.crans.org
-
[slapd]
tealc.adm.crans.org
sam.adm.crans.org
daniel.adm.crans.org
jack.adm.crans.org
sputnik.adm.crans.org
-gulp.cachan-adm.crans.org
[sssd]
zamok.adm.crans.org
-zamok-tmtc.adm.crans.org
[thelounge]
irc.adm.crans.org
@@ -281,52 +252,29 @@ sam.adm.crans.org
[virtu:children]
virtu_adh
virtu_adm
-virtu_cachan
-
-[virtu_cachan]
-gulp.cachan-adm.crans.org
[vsftpd_mirror]
-charybde.cachan-adm.crans.org
eclat.adm.crans.org
ptf.adm.crans.org
-[vsftpd_cameras]
-zephir.cachan-adm.crans.org
-
[wiki]
kiwi.adm.crans.org
sputnik.adm.crans.org
[wireguard]
boeing.adm.crans.org
+charybde.cachan-adm.crans.org
sputnik.adm.crans.org
-terenez.cachan-adm.crans.org
vol447.adm.crans.org
[cachan:children]
cachan_physical
-cachan_vm
[cachan_physical]
charybde.cachan-adm.crans.org
omnomnom.cachan-adm.crans.org
zephir.cachan-adm.crans.org
-[cachan_physical:children]
-virtu_cachan
-
-[cachan_vm]
-fyre.cachan-adm.crans.org
-re2o.cachan-adm.crans.org
-re2o-ldap.cachan-adm.crans.org
-rodauh.cachan-adm.crans.org
-terenez.cachan-adm.crans.org
-# unifi.cachan-adm.crans.org
-
-[cachan_vm:children]
-routeurs_cachan
-
[crans_routeurs:children]
routeurs_vm
@@ -386,7 +334,6 @@ voyager.adm.crans.org
yson-partou.adm.crans.org
[crans_vm:children]
-cachan_vm
routeurs_vm
[ovh_physical]
diff --git a/plays/firewall.yml b/plays/firewall.yml
index 85c94543..ce6a16b7 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -1,13 +1,9 @@
#!/usr/bin/env ansible-playbook
---
-- hosts: routeurs_vm !routeur-gulp.cachan-adm.crans.org
+- hosts: routeurs_vm
roles:
- logall
-- hosts: routeur-gulp.cachan-adm.crans.org
- roles:
- - logall-cachan
-
- hosts: firewall
vars:
service: "{{ glob_service_firewall | default({}) | combine(loc_service_firewall | default({})) }}"
diff --git a/plays/root.yml b/plays/root.yml
index 58940ad2..999bf68f 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -21,7 +21,7 @@
roles:
- ldap-client
-- hosts: server,!ovh_physical,!tealc.adm.crans.org,!gulp.cachan-adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org
+- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org
vars:
nfs_mount: "{{ glob_home_nounou | default({}) | combine(loc_home_nounou | default({})) }}"
roles:
--
GitLab