From e965ce9acddfa4a5ed21cf5f3ee6cdd3c6a4d2a0 Mon Sep 17 00:00:00 2001
From: korenstin <korenstin@crans.org>
Date: Sat, 14 Dec 2024 21:49:57 +0100
Subject: [PATCH] =?UTF-8?q?Cr=C3=A9ation=20de=20README,=20suppression=20d'?=
=?UTF-8?q?=C3=A9l=C3=A9ments=20inutiles?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
group_vars/all/mirror.yml | 2 -
host_vars/fyre.adm.crans.org.yml | 168 +++++++++---------
roles/ceph/tasks/main.yml | 27 ---
roles/common-tools/README.md | 9 +
roles/debian-apt-sources/README.md | 3 +
roles/ethercalc/README.md | 8 +
roles/etherpad/README.md | 31 ++++
roles/logos/README.md | 12 ++
roles/moinmoin-gendoc/README.md | 3 +
roles/moinmoin/README.md | 7 +
roles/ntp-client/README.md | 8 +
roles/ntp-server/README.md | 8 +
roles/openssh/README.md | 3 +
roles/prometheus/README.md | 10 ++
roles/qemu-guest-agent/README.md | 3 +
roles/restic-client/README.md | 19 ++
roles/restic-client/handlers/main.yml | 4 +
roles/root-config/README.md | 3 +
roles/root-config/tasks/main.yml | 2 +-
roles/root/README.md | 6 +
roles/sudo/README.md | 3 +
roles/sudo/tasks/main.yml | 11 +-
roles/sudo/templates/sudoers.bullseye.j2 | 27 ---
roles/sudo/templates/sudoers.buster.j2 | 27 ---
.../{sudoers.bookworm.j2 => sudoers.j2} | 2 +-
roles/wireguard/README.md | 19 ++
roles/zamok-tools/README.md | 3 +
27 files changed, 254 insertions(+), 174 deletions(-)
delete mode 100644 roles/ceph/tasks/main.yml
create mode 100644 roles/common-tools/README.md
create mode 100644 roles/debian-apt-sources/README.md
create mode 100644 roles/ethercalc/README.md
create mode 100644 roles/etherpad/README.md
create mode 100644 roles/logos/README.md
create mode 100644 roles/moinmoin-gendoc/README.md
create mode 100644 roles/moinmoin/README.md
create mode 100644 roles/ntp-client/README.md
create mode 100644 roles/ntp-server/README.md
create mode 100644 roles/openssh/README.md
create mode 100644 roles/prometheus/README.md
create mode 100644 roles/qemu-guest-agent/README.md
create mode 100644 roles/restic-client/README.md
create mode 100644 roles/root-config/README.md
create mode 100644 roles/root/README.md
create mode 100644 roles/sudo/README.md
delete mode 100644 roles/sudo/templates/sudoers.bullseye.j2
delete mode 100644 roles/sudo/templates/sudoers.buster.j2
rename roles/sudo/templates/{sudoers.bookworm.j2 => sudoers.j2} (85%)
create mode 100644 roles/wireguard/README.md
create mode 100644 roles/zamok-tools/README.md
diff --git a/group_vars/all/mirror.yml b/group_vars/all/mirror.yml
index 4b78e5cf..4df6a241 100644
--- a/group_vars/all/mirror.yml
+++ b/group_vars/all/mirror.yml
@@ -4,7 +4,5 @@ glob_mirror:
ip: "{{ lookup('ldap', 'ip4', 'eclat', 'adm') }}"
debian_mirror: http://mirror.adm.crans.org/debian
-ubuntu_mirror: http://mirror.adm.crans.org/ubuntu
proxmox_mirror: http://mirror.adm.crans.org/proxmox/debian/pve
debian_components: main contrib non-free
-ubuntu_components: main restricted universe multiverse
diff --git a/host_vars/fyre.adm.crans.org.yml b/host_vars/fyre.adm.crans.org.yml
index a1a19521..7effe867 100644
--- a/host_vars/fyre.adm.crans.org.yml
+++ b/host_vars/fyre.adm.crans.org.yml
@@ -10,69 +10,72 @@ loc_needrestart:
override: []
loc_prometheus:
- node:
+
+ apache:
config:
- - job_name: servers
+ - job_name: apache
file_sd_configs:
- - files:
- - '/etc/prometheus/targets/node.json'
+ - files: ['/etc/prometheus/targets/apache.json']
relabel_configs:
- source_labels: [__address__]
- target_label: __param_target
- - source_labels: [__param_target]
target_label: instance
- - source_labels: [__param_target]
+ - source_labels: [instance]
target_label: __address__
- replacement: '$1:9100'
+ replacement: '$1:9117'
- nginx:
+ bind:
config:
- - job_name: nginx
+ - job_name: bind
file_sd_configs:
- files:
- - '/etc/prometheus/targets/nginx.json'
+ - '/etc/prometheus/targets/bind.json'
relabel_configs:
- source_labels: [__address__]
+ target_label: __param_target
+ - source_labels: [__param_target]
target_label: instance
- - source_labels: [instance]
+ - source_labels: [__param_target]
target_label: __address__
- replacement: '$1:9117'
+ replacement: '$1:9119'
- apache:
+ bird:
config:
- - job_name: apache
+ - job_name: bird
file_sd_configs:
- - files: ['/etc/prometheus/targets/apache.json']
+ - files:
+ - '/etc/prometheus/targets/bird.json'
relabel_configs:
- source_labels: [__address__]
+ target_label: __param_target
+ - source_labels: [__param_target]
target_label: instance
- - source_labels: [instance]
+ - source_labels: [__param_target]
target_label: __address__
- replacement: '$1:9117'
+ replacement: '$1:9324'
blackbox:
file: targets/blackbox.json
targets:
- - https://crans.org/
- - https://www.crans.org/
- - https://webirc.crans.org/
- - https://jitsi.crans.org/
- - https://ftps.crans.org/
- http://ftp.crans.org/
- - https://grafana.crans.org/
- - https://roundcube.crans.org/
- - https://zero.crans.org/
- - https://wiki.crans.org/PageAccueil
- - https://framadate.crans.org/
- - https://pad.crans.org/
- - https://lists.crans.org/
- https://cas.crans.org/
+ - https://crans.org/
+ - https://www.crans.org/
- https://ethercalc.crans.org/
+ - https://framadate.crans.org/
+ - https://ftps.crans.org/
- https://gitlab.crans.org/
- - https://perso.crans.org/crans/
+ - https://grafana.crans.org/
- https://install-party.crans.org/
- https://intranet.crans.org/
+ - https://jitsi.crans.org/
+ - https://lists.crans.org/
- https://owncloud.crans.org/
+ - https://pad.crans.org/
+ - https://perso.crans.org/crans/
+ - https://roundcube.crans.org/
+ - https://webirc.crans.org/
+ - https://wiki.crans.org/PageAccueil
+ - https://zero.crans.org/
config:
- job_name: blackbox
file_sd_configs:
@@ -106,27 +109,30 @@ loc_prometheus:
- target_label: __address__
replacement: 127.0.0.1:9115
- bird:
+ ilo_snmp:
config:
- - job_name: bird
+ - job_name: ilo_snmp
file_sd_configs:
- files:
- - '/etc/prometheus/targets/bird.json'
+ - '/etc/prometheus/targets/ilo_snmp.json'
+ metrics_path: '/snmp'
+ params:
+ module:
+ - ilo
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- - source_labels: [__param_target]
+ - replacement: '127.0.0.1:9116'
target_label: __address__
- replacement: '$1:9324'
- bind:
+ mtail:
config:
- - job_name: bind
+ - job_name: mtail
file_sd_configs:
- files:
- - '/etc/prometheus/targets/bind.json'
+ - '/etc/prometheus/targets/mtail.json'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
@@ -134,14 +140,14 @@ loc_prometheus:
target_label: instance
- source_labels: [__param_target]
target_label: __address__
- replacement: '$1:9119'
+ replacement: '$1:3903'
- postfix:
+ mysql:
config:
- - job_name: postfix
+ - job_name: mysql
file_sd_configs:
- files:
- - '/etc/prometheus/targets/postfix.json'
+ - '/etc/prometheus/targets/mysql.json'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
@@ -149,14 +155,27 @@ loc_prometheus:
target_label: instance
- source_labels: [__param_target]
target_label: __address__
- replacement: '$1:9154'
+ replacement: '$1:9104'
- postgres:
+ nginx:
config:
- - job_name: postgres
+ - job_name: nginx
file_sd_configs:
- files:
- - '/etc/prometheus/targets/postgres.json'
+ - '/etc/prometheus/targets/nginx.json'
+ relabel_configs:
+ - source_labels: [__address__]
+ target_label: instance
+ - source_labels: [instance]
+ target_label: __address__
+ replacement: '$1:9117'
+
+ node:
+ config:
+ - job_name: servers
+ file_sd_configs:
+ - files:
+ - '/etc/prometheus/targets/node.json'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
@@ -164,14 +183,14 @@ loc_prometheus:
target_label: instance
- source_labels: [__param_target]
target_label: __address__
- replacement: '$1:9187'
+ replacement: '$1:9100'
- mysql:
+ postfix:
config:
- - job_name: mysql
+ - job_name: postfix
file_sd_configs:
- files:
- - '/etc/prometheus/targets/mysql.json'
+ - '/etc/prometheus/targets/postfix.json'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
@@ -179,14 +198,14 @@ loc_prometheus:
target_label: instance
- source_labels: [__param_target]
target_label: __address__
- replacement: '$1:9104'
+ replacement: '$1:9154'
- mtail:
+ postgres:
config:
- - job_name: mtail
+ - job_name: postgres
file_sd_configs:
- files:
- - '/etc/prometheus/targets/mtail.json'
+ - '/etc/prometheus/targets/postgres.json'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
@@ -194,26 +213,29 @@ loc_prometheus:
target_label: instance
- source_labels: [__param_target]
target_label: __address__
- replacement: '$1:3903'
+ replacement: '$1:9187'
- ilo_snmp:
+ printer_snmp:
config:
- - job_name: ilo_snmp
- file_sd_configs:
- - files:
- - '/etc/prometheus/targets/ilo_snmp.json'
+ - job_name: printer_snmp
+ static_configs:
+ - targets: ["printer.lp.crans.org"]
metrics_path: '/snmp'
params:
module:
- - ilo
+ - printer_mib
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- - replacement: '127.0.0.1:9116'
+ - replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
target_label: __address__
+ tsdb:
+ retention_time: "180d"
+ retention_size: "200GB"
+
ups_snmp:
config:
- job_name: ups_snmp
@@ -233,23 +255,3 @@ loc_prometheus:
target_label: instance
- replacement: 127.0.0.1:9116
target_label: __address__
-
- printer_snmp:
- config:
- - job_name: printer_snmp
- static_configs:
- - targets: ["printer.lp.crans.org"]
- metrics_path: '/snmp'
- params:
- module:
- - printer_mib
- relabel_configs:
- - source_labels: [__address__]
- target_label: __param_target
- - source_labels: [__param_target]
- target_label: instance
- - replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
- target_label: __address__
- tsdb:
- retention_time: "180d"
- retention_size: "200GB"
diff --git a/roles/ceph/tasks/main.yml b/roles/ceph/tasks/main.yml
deleted file mode 100644
index 6b4b2ed4..00000000
--- a/roles/ceph/tasks/main.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-- name: Fetch ceph repository public key
- get_url:
- url: "{{ ceph.mirror_key }}"
- dest: /etc/apt/trusted.gpg.d/ceph-release.asc
-
-- name: Add ceph to source lists
- lineinfile:
- path: /etc/apt/sources.list.d/ceph.list
- regexp: '^deb'
- create: true
- line: 'deb [signed-by=/etc/apt/trusted.gpg.d/ceph-release.asc] {{ ceph.mirror }} {{ ansible_distribution_release }} main'
-
-- name: Install ceph
- apt:
- name:
- - ceph
- - ceph-mds
- - ceph-volume
- - rsync
- - nvme-cli
- - smartmontools
- install_recommends: false
- update_cache: true
- register: apt_result
- retries: 3
- until: apt_result is succeeded
diff --git a/roles/common-tools/README.md b/roles/common-tools/README.md
new file mode 100644
index 00000000..d7294be6
--- /dev/null
+++ b/roles/common-tools/README.md
@@ -0,0 +1,9 @@
+# Common tools
+
+Installe et configure les outils essentiels pour l'administration des serveurs.
+
+Par exemple :
+
+- git
+- nano
+- screen
diff --git a/roles/debian-apt-sources/README.md b/roles/debian-apt-sources/README.md
new file mode 100644
index 00000000..a098d873
--- /dev/null
+++ b/roles/debian-apt-sources/README.md
@@ -0,0 +1,3 @@
+# Debian apt sources
+
+Configure les sources de debian avec le miroir du crans.
diff --git a/roles/ethercalc/README.md b/roles/ethercalc/README.md
new file mode 100644
index 00000000..ebd110da
--- /dev/null
+++ b/roles/ethercalc/README.md
@@ -0,0 +1,8 @@
+# Ethercalc
+
+Installe et configure ethercalc
+
+## Variables
+
+glob_ethercalc:
+ ip: ip du serveur
diff --git a/roles/etherpad/README.md b/roles/etherpad/README.md
new file mode 100644
index 00000000..8ee9cfb3
--- /dev/null
+++ b/roles/etherpad/README.md
@@ -0,0 +1,31 @@
+# Etherpad
+
+Installe et configure etherpad
+
+# Variables
+
+glob_etherpad:
+ instances:
+ - name: nom de l'instance
+ title: titre de la page
+ favicon: icon de la page
+ skin:
+ ip: ip du serveur
+ port: port
+ version: version du pad
+ database:
+ user: utilisateur de la bdd
+ host: serveur pgsql
+ name: nom de la bdd
+ default_pad_text: texte par défaut des pads
+ admin:
+ user: utilisateur admin
+ password: mot de passe
+ apikey: clé api
+ temporary:
+ enabled: activer les pads éphémères
+ delay: durée avant suppression
+ loop: true si une boucle est utilisée
+ loop_delay: delai entre chaque itération de la boucle
+ delete_at_start: true si la suppression à lieu au démarrage du pad
+ deleted_text: message après suppression
diff --git a/roles/logos/README.md b/roles/logos/README.md
new file mode 100644
index 00000000..954bccf7
--- /dev/null
+++ b/roles/logos/README.md
@@ -0,0 +1,12 @@
+# Logos
+
+Copie les logos du crans.
+
+## Variables
+
+logos:
+ - which: source du logo (cf : files/)
+ where: destination du logo
+ owner: propriétaire (défaut : root)
+ group: groupe (defaut : root)
+ mode: permissions (defaut : 0644)
diff --git a/roles/moinmoin-gendoc/README.md b/roles/moinmoin-gendoc/README.md
new file mode 100644
index 00000000..e0095309
--- /dev/null
+++ b/roles/moinmoin-gendoc/README.md
@@ -0,0 +1,3 @@
+# Moinmoin gendoc
+
+Générateur automatique de la documentation sur le wiki.
diff --git a/roles/moinmoin/README.md b/roles/moinmoin/README.md
new file mode 100644
index 00000000..5dd880f6
--- /dev/null
+++ b/roles/moinmoin/README.md
@@ -0,0 +1,7 @@
+# Moinmoin
+
+Installe et configure le wiki (avec hardcode)
+
+## Variables
+
+moinmoin.main: booléen
diff --git a/roles/ntp-client/README.md b/roles/ntp-client/README.md
new file mode 100644
index 00000000..cd6fee30
--- /dev/null
+++ b/roles/ntp-client/README.md
@@ -0,0 +1,8 @@
+# NTP client
+
+Installe et configure un client ntp.
+
+## Variables
+
+glob_ntp_client:
+ servers: serveurs
diff --git a/roles/ntp-server/README.md b/roles/ntp-server/README.md
new file mode 100644
index 00000000..a9c827c1
--- /dev/null
+++ b/roles/ntp-server/README.md
@@ -0,0 +1,8 @@
+# NTP server
+
+Installe et configure un serveur NTP
+
+## Variables
+
+glob_ntp_server:
+ open: adresses ip
diff --git a/roles/openssh/README.md b/roles/openssh/README.md
new file mode 100644
index 00000000..65b25696
--- /dev/null
+++ b/roles/openssh/README.md
@@ -0,0 +1,3 @@
+# Openssh
+
+Installe et configure un serveur ssh.
diff --git a/roles/prometheus/README.md b/roles/prometheus/README.md
new file mode 100644
index 00000000..0c160436
--- /dev/null
+++ b/roles/prometheus/README.md
@@ -0,0 +1,10 @@
+# Prometheus
+
+Installe et configure prometheus
+
+## Variables
+
+prometheus:
+ tsdb:
+ retention_time: Durée de conservation maximale
+ retention_size: Taille maximale
diff --git a/roles/qemu-guest-agent/README.md b/roles/qemu-guest-agent/README.md
new file mode 100644
index 00000000..0085dced
--- /dev/null
+++ b/roles/qemu-guest-agent/README.md
@@ -0,0 +1,3 @@
+# Qemu guest agent
+
+Installe qemu guest agent
diff --git a/roles/restic-client/README.md b/roles/restic-client/README.md
new file mode 100644
index 00000000..7d07b7f5
--- /dev/null
+++ b/roles/restic-client/README.md
@@ -0,0 +1,19 @@
+# Restic client
+
+Restic client est déployé sur toutes les machines du crans. Il permet de
+configurer les backups sur toutes les machines du crans. Plus d'information sur
+la [documentation](gitlab.crans.org/nounous/documentation).
+
+## Variables
+
+glob_restic: (ou loc_restic dans host_vars)
+ config:
+ <nom>:
+ to_exclude: chemins à ne pas backuper
+ to_backup: chemins à backuper
+ retention: règles de conservations
+ remote: Serveurs sur lesquels les backups doivent être effectuées
+
+Remarque : il est possible de configurer plusieurs backups (notamment pour avoir
+des rétentions différentes ou pour les séparer) en mettant plusieurs
+configurations dans `config` (avec des noms différents).
diff --git a/roles/restic-client/handlers/main.yml b/roles/restic-client/handlers/main.yml
index 77496d24..1c59875c 100644
--- a/roles/restic-client/handlers/main.yml
+++ b/roles/restic-client/handlers/main.yml
@@ -4,3 +4,7 @@
name: restic-{{ item }}.timer
state: restarted
loop: "{{ restic.config.keys() }}"
+
+- name: systemctl daemon-reload
+ systemd:
+ daemon_reload: true
diff --git a/roles/root-config/README.md b/roles/root-config/README.md
new file mode 100644
index 00000000..5ac4f9bc
--- /dev/null
+++ b/roles/root-config/README.md
@@ -0,0 +1,3 @@
+# Root config
+
+Configure les différentes applications de root (typiquement nano et vim).
diff --git a/roles/root-config/tasks/main.yml b/roles/root-config/tasks/main.yml
index 4631e40d..44550cb6 100644
--- a/roles/root-config/tasks/main.yml
+++ b/roles/root-config/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- name: Create or rewrite .nanorc for root
+- name: Create or rewrite .nanorc and .vimrc for root
template:
src: "{{ item.src }}.j2"
dest: /root/{{ item.dest }}
diff --git a/roles/root/README.md b/roles/root/README.md
new file mode 100644
index 00000000..99f1e374
--- /dev/null
+++ b/roles/root/README.md
@@ -0,0 +1,6 @@
+# Root
+
+Configure le mot de passe root.
+
+Remarque : Bien que le role `root` ne fasse que cela, le playbook root permet de
+pré-configurer une vm entièrement (backups, sudoers, home_nounou, ...)
diff --git a/roles/sudo/README.md b/roles/sudo/README.md
new file mode 100644
index 00000000..7cf8da2a
--- /dev/null
+++ b/roles/sudo/README.md
@@ -0,0 +1,3 @@
+# Sudo
+
+Configure les sudoers.
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
index 487a6587..2701c683 100644
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@@ -1,11 +1,10 @@
---
- name: Configure sudoers
template:
- src: "{{ item.src }}.j2"
- dest: "/etc/{{ item.dst | default(item.src) }}"
+ src: "{{ item }}.j2"
+ dest: "/etc/{{ item }}"
mode: 0440
loop:
- - src: sudoers.d/custom_passprompt
- - src: sudoers.d/group_privilege
- - src: "sudoers.{{ ansible_distribution_release }}"
- dst: "sudoers"
+ - sudoers.d/custom_passprompt
+ - sudoers.d/group_privilege
+ - sudoers
diff --git a/roles/sudo/templates/sudoers.bullseye.j2 b/roles/sudo/templates/sudoers.bullseye.j2
deleted file mode 100644
index 9f018b88..00000000
--- a/roles/sudo/templates/sudoers.bullseye.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-{{ ansible_header | comment }}
-#
-# See the man page for details on how to write a sudoers file.
-#
-Defaults env_reset
-Defaults mail_badpass
-Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-
-# Host alias specification
-User_Alias USERS= %_user
-User_Alias NOUNOUS= %_nounou
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root ALL=(ALL:ALL) ALL
-
-{% if 'virtu' in group_names %}
-# Pour vérifier quels vms sont sur quels virtus
-USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
-
-{% endif %}
-# See sudoers(5) for more information on "@include" directives:
-
-@includedir /etc/sudoers.d
diff --git a/roles/sudo/templates/sudoers.buster.j2 b/roles/sudo/templates/sudoers.buster.j2
deleted file mode 100644
index 91b37793..00000000
--- a/roles/sudo/templates/sudoers.buster.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-{{ ansible_header | comment }}
-#
-# See the man page for details on how to write a sudoers file.
-#
-Defaults env_reset
-Defaults mail_badpass
-Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-
-# Host alias specification
-User_Alias USERS= %_user
-User_Alias NOUNOUS= %_nounou
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root ALL=(ALL:ALL) ALL
-
-{% if 'virtu' in group_names %}
-# Pour vérifier quels vms sont sur quels virtus
-USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
-
-{% endif %}
-# See sudoers(5) for more information on "@include" directives:
-
-#includedir /etc/sudoers.d
diff --git a/roles/sudo/templates/sudoers.bookworm.j2 b/roles/sudo/templates/sudoers.j2
similarity index 85%
rename from roles/sudo/templates/sudoers.bookworm.j2
rename to roles/sudo/templates/sudoers.j2
index 9f018b88..ebca2611 100644
--- a/roles/sudo/templates/sudoers.bookworm.j2
+++ b/roles/sudo/templates/sudoers.j2
@@ -24,4 +24,4 @@ USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
{% endif %}
# See sudoers(5) for more information on "@include" directives:
-@includedir /etc/sudoers.d
+{% if ansible_facts['distribution_major_version'] == "10" %}#{% else %}@{% endif %}includedir /etc/sudoers.d
diff --git a/roles/wireguard/README.md b/roles/wireguard/README.md
new file mode 100644
index 00000000..eed1c0a0
--- /dev/null
+++ b/roles/wireguard/README.md
@@ -0,0 +1,19 @@
+# Wireguard
+
+Installe et configure wireguard
+
+## Variables
+
+loc_wireguard:
+ tunnels:
+ - name: nom
+ listen_port: port
+ private_key: clé privée
+ table: "off"
+ peers:
+ - public_key: clé publique de la machine distante
+ allowed_ips: ips autorisées
+ endpoint: ip:port (facultatif)
+ persistent_keepalive: int (facultatif)
+ post_up: actions après activation
+ pre_down: actions avant arrêt
diff --git a/roles/zamok-tools/README.md b/roles/zamok-tools/README.md
new file mode 100644
index 00000000..45135019
--- /dev/null
+++ b/roles/zamok-tools/README.md
@@ -0,0 +1,3 @@
+# Zamok tools
+
+Installe les logiciels nécessaire sur Zamok et configure les pages persos.
--
GitLab