diff --git a/group_vars/all/borg.yml b/group_vars/all/borg.yml index c133bc141ca32b3eea80ff88e18410bb606cc33d..abf2aa78cdf5356bcf4fac3d4205472c129c857a 100644 --- a/group_vars/all/borg.yml +++ b/group_vars/all/borg.yml @@ -5,9 +5,11 @@ glob_borg: to_backup: - /etc - /var - path: /backup/borg + paths: + - /backup/borg-server + - /backup/borg-adh remote: - - borg@zephir-c.adm.crans.org:/backup/borg/{{ ansible_hostname }} + - borg@backup-ft.adm.crans.org:/backup/borg-server/{{ ansible_hostname }} retention: - ["daily", 4] - ["monthly", 6] @@ -17,4 +19,5 @@ glob_borg: - make-parent-dirs encryption_passphrase: "{{ vault.borg.encryption_passphrase }}" ssh_privkey: "{{ vault.borg.ssh.privkey }}" - ssh_options: -4 -p 2223 + ssh_pubkey: "{{ vault.borg.ssh.pubkey }}" + ssh_options: "" diff --git a/group_vars/all/home_nounou.yml b/group_vars/all/home_nounou.yml index 4839e1fefffbd72ef0c465a32a1673d31a10f824..d4b16d6d72015a020f78ceb3f48ffe564940660c 100644 --- a/group_vars/all/home_nounou.yml +++ b/group_vars/all/home_nounou.yml @@ -1,7 +1,7 @@ --- glob_home_nounou: mounts: - - ip: 172.16.10.1 + - ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}" mountpoint: /pool/home target: /home_nounou name: home_nounou diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml index d0560363e929eef5cd5b0c61dd12bf3e34fd828e..a86a9ed8d114c3f463dc08d067c3d7eb114360fc 100644 --- a/group_vars/all/network_interfaces.yml +++ b/group_vars/all/network_interfaces.yml @@ -18,21 +18,17 @@ glob_network_interfaces: - name: adm id: 10 dns: "{{ query('ldap', 'ip', 'routeur-sam', 'adm') | ipv4 | first }} {{ query('ldap', 'ip', 'routeur-daniel', 'adm') | ipv4 | first }}" - - name: infra - id: 11 - dns: "{{ query('ldap', 'ip', 'passerelle', 'infra') | ipv4 | first }}" - name: adh id: 12 gateway: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv4 | first }}" dns: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv4 | first }}" gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv6 | first }}" - - name: adh_nat + - name: adh_adm id: 13 - gateway: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv4 | first }}" - dns: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv4 | first }}" - gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv6 | first }}" - name: renater id: 38 gateway: "{{ query('ldap', 'ip', 'dsi', 'renater') | ipv4 | first }}" - name: lp id: 56 + - name: auto + id: 0 diff --git a/group_vars/arpproxy.yml b/group_vars/arpproxy.yml new file mode 100644 index 0000000000000000000000000000000000000000..172e07434ee99f023e02a11a4d8b45f81e46e321 --- /dev/null +++ b/group_vars/arpproxy.yml @@ -0,0 +1,11 @@ +--- +glob_service_proxy: + git: + remote: https://gitlab.adm.crans.org/nounous/proxy.git + version: main + name: proxy + install_dir: /var/local/services/proxy + generated: false + cron: + frequency: "* * * * *" + options: "--alter" diff --git a/group_vars/aurore/home_nounou.yml b/group_vars/aurore/home_nounou.yml new file mode 100644 index 0000000000000000000000000000000000000000..462cc0f659bc156fefb77cdae1680934e5e0ea93 --- /dev/null +++ b/group_vars/aurore/home_nounou.yml @@ -0,0 +1,10 @@ +--- +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' diff --git a/group_vars/aurore/ldap.yml b/group_vars/aurore/ldap.yml new file mode 100644 index 0000000000000000000000000000000000000000..a2160a480c7a40ad8c10019b4452bc4c17d16b58 --- /dev/null +++ b/group_vars/aurore/ldap.yml @@ -0,0 +1,4 @@ +--- +loc_ldap: + servers: + - "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml index e82aa8c5e283e166021e6d761cd496cf15209d2c..48ebdc819615c59d16a726cf6c748d1721cceb2b 100644 --- a/group_vars/slapd.yml +++ b/group_vars/slapd.yml @@ -2,6 +2,6 @@ glob_slapd: master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}" regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$" - replication_credentials: "{{ vault.sldap.tealc.replication_credentials }}" + replication_credentials: "{{ vault.slapd.tealc.replication_credentials }}" private_key: "{{ vault.slapd.tealc.private_key }}" certificate: "{{ vault.slapd.tealc.certificate }}" diff --git a/group_vars/viarezo/home_nounou.yml b/group_vars/viarezo/home_nounou.yml new file mode 100644 index 0000000000000000000000000000000000000000..461b21b2dfd5d049ed5b9ddeb3376237ed05bb17 --- /dev/null +++ b/group_vars/viarezo/home_nounou.yml @@ -0,0 +1,10 @@ +--- +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' diff --git a/group_vars/viarezo/ldap.yml b/group_vars/viarezo/ldap.yml new file mode 100644 index 0000000000000000000000000000000000000000..148b6ed7b26aa98f885818cbcf6c6717703a5bc2 --- /dev/null +++ b/group_vars/viarezo/ldap.yml @@ -0,0 +1,4 @@ +--- +loc_ldap: + servers: + - "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml index 570a04cb99168e11e4fd0041f89ac2f9f6d0e128..3db203e816b77aad449572dca5cd1facaed8167e 100644 --- a/group_vars/virtu.yml +++ b/group_vars/virtu.yml @@ -4,3 +4,23 @@ glob_debian_images: rsync_host: 'eclat.adm.crans.org' rsync_module: 'mirror' include_extra_images: false + +glob_service_proxmox_user: + git: + remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git + version: main + name: proxmox-user + install_dir: /var/local/services/proxmox-user + generated: false + cron: + frequency: "*/2 * * * *" + options: "" + config: + ldap: + admin: + uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + userBase: "ou=passwd,dc=crans,dc=org" + realm: "pam" + dependencies: + - python3-jinja2 + - python3-ldap diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml new file mode 100644 index 0000000000000000000000000000000000000000..d3a5f3e9513181b014942e52c92f03141194c54c --- /dev/null +++ b/group_vars/virtu_adh.yml @@ -0,0 +1,25 @@ +glob_service_proxmox_user: + git: + remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git + version: main + name: proxmox-user + install_dir: /var/local/services/proxmox-user + generated: false + cron: + frequency: "*/2 * * * *" + options: "" + config: + ldap: + admin: + uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + userBase: "ou=passwd,dc=crans,dc=org" + realm: "pam" + user: + uri: "ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ipv4 | first }}/" + userBase: "ou=users,dc=adh,dc=crans,dc=org" + realm: "pve" + binddn: "{{ vault.ldap_adh_reader.binddn }}" + passwd: "{{ vault.ldap_adh_reader.bindpass }}" + dependencies: + - python3-jinja2 + - python3-ldap diff --git a/host_vars/backup-ft.adm.crans.org.yml b/host_vars/backup-ft.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..c0cea06dedcee7dd25f84050e8f7ac7ba3a9848e --- /dev/null +++ b/host_vars/backup-ft.adm.crans.org.yml @@ -0,0 +1,20 @@ +--- +interfaces: + adm: ens18 + +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' + - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + mountpoint: /rpool/backup + target: /backup + name: backup + owner: root + group: root + mode: '0755' diff --git a/host_vars/backup-thot.adm.crans.org.yml b/host_vars/backup-thot.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..75cd112f42ebd043808ebda9a7954fe103e3cb2b --- /dev/null +++ b/host_vars/backup-thot.adm.crans.org.yml @@ -0,0 +1,20 @@ +--- +interfaces: + adm: ens18 + +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' + - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" + mountpoint: /rpool/backup + target: /backup + name: backup + owner: root + group: root + mode: '0755' diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml index ef2880881c420fc78e6e1ec9b6f7461950d81387..e945734bb87d266c2e0f5b6a62f4275ed373d0aa 100644 --- a/host_vars/boeing.adm.crans.org.yml +++ b/host_vars/boeing.adm.crans.org.yml @@ -8,11 +8,40 @@ loc_wireguard: - name: "sputnik" listen_port: 51820 private_key: "{{ vault.wireguard.boeing.privkey }}" + table: "off" peers: - public_key: "{{ vault.wireguard.sputnik.pubkey }}" allowed_ips: - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}/32" - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }}/128" endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820" - post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" - post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" + - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + persistent_keepalive: 25 + - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + persistent_keepalive: 25 + post_up: + - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1" + - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1" + - "python3 /var/local/services/proxy/proxy.py --alter" + pre_down: + - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0" + - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0" + - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" + +loc_service_proxy: + config: + ldap: + server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + protocol: "proxy" + filter: "adm.crans.org" + proxy: + default: "ens18" + viarezo: "sputnik" + aurore: "sputnik" + ovh: "sputnik" diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml index fe23407af57b21045826ec71b9b4aebff6fca81e..96967505b1a0625e8e933f7e811a4b200dcce880 100644 --- a/host_vars/daniel.adm.crans.org.yml +++ b/host_vars/daniel.adm.crans.org.yml @@ -8,3 +8,6 @@ loc_postgres: version: 13 replica: true addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}" + +loc_service_proxmox_user: + cron: null diff --git a/host_vars/ft.adm.crans.org.yml b/host_vars/ft.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..95d02a50fff49cbe8f2c7ca8232a0d1fdab46ea2 --- /dev/null +++ b/host_vars/ft.adm.crans.org.yml @@ -0,0 +1,11 @@ +--- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var + +loc_slapd: + ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + replica: true + replica_rid: 6 diff --git a/host_vars/gulp.adm.crans.org.yml b/host_vars/gulp.adm.crans.org.yml index 119fa7ab3b1ecd24d2b45c9d8f0cb435cd24e518..4c4ef29dda6b5aa7ee387f6ff20177b412a2d69a 100644 --- a/host_vars/gulp.adm.crans.org.yml +++ b/host_vars/gulp.adm.crans.org.yml @@ -1,3 +1,6 @@ --- loc_debian_images: include_extra_images: true + +loc_service_proxmox_user: + cron: null diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml index 7a83dd685ebd5ab0a7f92708c77533690ccf8359..ac4ac7e0d7de7e0ac0e482b39c5939ee1cb64c43 100644 --- a/host_vars/jack.adm.crans.org.yml +++ b/host_vars/jack.adm.crans.org.yml @@ -8,3 +8,6 @@ loc_postgres: version: 13 replica: true addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}" + +loc_service_proxmox_user: + cron: null diff --git a/host_vars/odlyd.adm.crans.org.yml b/host_vars/odlyd.adm.crans.org.yml index 119fa7ab3b1ecd24d2b45c9d8f0cb435cd24e518..4c4ef29dda6b5aa7ee387f6ff20177b412a2d69a 100644 --- a/host_vars/odlyd.adm.crans.org.yml +++ b/host_vars/odlyd.adm.crans.org.yml @@ -1,3 +1,6 @@ --- loc_debian_images: include_extra_images: true + +loc_service_proxmox_user: + cron: null diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..7b5b403f788198774019965099211dba27014b3f --- /dev/null +++ b/host_vars/routeur-ft.adm.crans.org.yml @@ -0,0 +1,37 @@ +--- +interfaces: + adm: ens18 + auto: ens19 + +loc_wireguard: + tunnels: + - name: "wg0" + listen_port: 51820 + private_key: "{{ vault.wireguard.routeur_ft.privkey }}" + table: "off" + peers: + - public_key: "{{ vault.wireguard.boeing.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820" + persistent_keepalive: 25 + post_up: + - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1" + - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1" + - "ip route add 172.16.10.1 dev wg0 proto proxy" + - "python3 /var/local/services/proxy/proxy.py --alter" + pre_down: + - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0" + - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0" + - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" + +loc_service_proxy: + config: + ldap: + server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + protocol: "proxy" + filter: "adm.crans.org" + proxy: + default: "wg0" + viarezo: "ens18" diff --git a/host_vars/routeur-sam.adm.crans.org/borg.yml b/host_vars/routeur-sam.adm.crans.org/borg.yml new file mode 100644 index 0000000000000000000000000000000000000000..9bb00abd0c2303effc3c02146f803df592759b47 --- /dev/null +++ b/host_vars/routeur-sam.adm.crans.org/borg.yml @@ -0,0 +1,6 @@ +--- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..d5c816101dddfe6601dc9a9a0996a3f48eb17f77 --- /dev/null +++ b/host_vars/routeur-thot.adm.crans.org.yml @@ -0,0 +1,37 @@ +--- +interfaces: + adm: ens18 + auto: ens19 + +loc_wireguard: + tunnels: + - name: "wg0" + listen_port: 51820 + private_key: "{{ vault.wireguard.routeur_thot.privkey }}" + table: "off" + peers: + - public_key: "{{ vault.wireguard.boeing.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820" + persistent_keepalive: 25 + post_up: + - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1" + - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1" + - "ip route add 172.16.10.1 dev wg0 proto proxy" + - "python3 /var/local/services/proxy/proxy.py --alter" + pre_down: + - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0" + - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0" + - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" + +loc_service_proxy: + config: + ldap: + server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + protocol: "proxy" + filter: "adm.crans.org" + proxy: + default: "wg0" + aurore: "ens18" diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml index fcc229257f8547cf0ab72cbce716a6e41e04d9c7..ea05b3ac0b1bfe294b92bccbdace68471fc8c979 100644 --- a/host_vars/sam.adm.crans.org.yml +++ b/host_vars/sam.adm.crans.org.yml @@ -1,4 +1,10 @@ --- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var + loc_slapd: ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}" replica: true diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml index f9bd86664101ee188c81183f993e0c23366bf812..356ff00dba140afa196e6613f06be467d74afc9a 100644 --- a/host_vars/sputnik.adm.crans.org.yml +++ b/host_vars/sputnik.adm.crans.org.yml @@ -22,7 +22,8 @@ loc_wireguard: - "{{ query('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820" - post_up: "/sbin/ip link set sputnik alias adm" + post_up: + - "/sbin/ip link set sputnik alias adm" loc_slapd: ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}" diff --git a/host_vars/thot.adm.crans.org.yml b/host_vars/thot.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..efe08b404dc219951cb52252fd1def7164a2a29e --- /dev/null +++ b/host_vars/thot.adm.crans.org.yml @@ -0,0 +1,11 @@ +--- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var + +loc_slapd: + ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + replica: true + replica_rid: 5 diff --git a/hosts b/hosts index 55963056f28caaa3922501f9dd5482b1faecfb69..3f3f03b3b7a21b50346d38a84dd1b4924b6a6af3 100644 --- a/hosts +++ b/hosts @@ -3,6 +3,11 @@ [adh_server] zamok.adm.crans.org +[arpproxy] +boeing.adm.crans.org +routeur-ft.adm.crans.org +#routeur-thot.adm.crans.org + [autoconfig] hodaur.adm.crans.org @@ -10,6 +15,8 @@ hodaur.adm.crans.org cameron.adm.crans.org [backups] +backup-ft.adm.crans.org +#backup-thot.adm.crans.org [baie] cameron.adm.crans.org @@ -218,11 +225,13 @@ monitoring.adm.crans.org helloworld.adm.crans.org [slapd] -tealc.adm.crans.org -sam.adm.crans.org daniel.adm.crans.org +ft.adm.crans.org jack.adm.crans.org +sam.adm.crans.org sputnik.adm.crans.org +tealc.adm.crans.org +thot.adm.crans.org [sssd] zamok.adm.crans.org @@ -241,9 +250,14 @@ daniel.adm.crans.org jack.adm.crans.org sam.adm.crans.org +[virtu_backup] +ft.adm.crans.org +thot.adm.crans.org + [virtu:children] virtu_adh virtu_adm +virtu_backup [vsftpd_mirror] eclat.adm.crans.org @@ -255,22 +269,23 @@ sputnik.adm.crans.org [wireguard] boeing.adm.crans.org +routeur-ft.adm.crans.org +#routeur-thot.adm.crans.org sputnik.adm.crans.org -vol447.adm.crans.org [crans_routeurs:children] routeurs_vm [crans_physical] -ft.adm.crans.org thot.adm.crans.org zamok.adm.crans.org -zbee.adm.crans.org +#zbee.adm.crans.org [crans_physical:children] -backups +aurore_physical baie virtu +viarezo_physical [crans_vm] belenios.adm.crans.org @@ -308,10 +323,31 @@ roundcube.adm.crans.org routeur-2754.adm.crans.org silice.adm.crans.org trinity.adm.crans.org -vol447.adm.crans.org voyager.adm.crans.org yson-partou.adm.crans.org +[viarezo_physical] +ft.adm.crans.org + +[viarezo_vm] +backup-ft.adm.crans.org +routeur-ft.adm.crans.org + +[viarezo:children] +viarezo_physical +viarezo_vm + +[aurore_physical] +thot.adm.crans.org + +[aurore_vm] +#backup-thot.adm.crans.org +#routeur-thot.adm.crans.org + +[aurore:children] +aurore_physical +aurore_vm + [forget_me] ceph-controller-a.adm.crans.org ceph-controller-b.adm.crans.org @@ -321,8 +357,9 @@ ceph-storage-b.adm.crans.org tilque.adm.crans.org [crans_vm:children] -routeurs_vm forget_me +routeurs_vm +viarezo_vm [ovh_physical] sputnik.adm.crans.org diff --git a/plays/arpproxy.yml b/plays/arpproxy.yml new file mode 100755 index 0000000000000000000000000000000000000000..ddc4fdd27e28b343d62b3e9b7cc217aeec604a29 --- /dev/null +++ b/plays/arpproxy.yml @@ -0,0 +1,7 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: arpproxy + vars: + service: "{{ glob_service_proxy | default({}) | combine(loc_service_proxy | default({})) }}" + roles: + - service diff --git a/plays/proxmox.yml b/plays/proxmox.yml index cc44d139e140f58ef4d96faff7e5aad7722b9c84..70d55ed082914a6fb96420731c2073bbbc427a63 100755 --- a/plays/proxmox.yml +++ b/plays/proxmox.yml @@ -3,6 +3,8 @@ - hosts: virtu vars: debian_images: '{{ glob_debian_images | default({}) | combine(loc_debian_images | default({})) }}' + service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}" roles: - proxmox-apt-sources - proxmox-debian-images + - service diff --git a/plays/root.yml b/plays/root.yml index 999bf68f6c818f22574b6306efca4629698d4393..5b92d4fc8f455880bda8762dd5f3c1f21608a386 100755 --- a/plays/root.yml +++ b/plays/root.yml @@ -21,7 +21,7 @@ roles: - ldap-client -- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org +- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org,!ft.adm.crans.org,!thot.adm.crans.org vars: nfs_mount: "{{ glob_home_nounou | default({}) | combine(loc_home_nounou | default({})) }}" roles: diff --git a/roles/borgbackup-server/templates/authorized_keys.j2 b/roles/borgbackup-server/templates/authorized_keys.j2 index 3504fcf91e170a9d24f285cfaabe292e61ae49b2..80d0e78528afc1c01f633e323d9b867441fd3472 100644 --- a/roles/borgbackup-server/templates/authorized_keys.j2 +++ b/roles/borgbackup-server/templates/authorized_keys.j2 @@ -1,3 +1,3 @@ {{ ansible_header | comment }} -command="borg serve --restrict-to-path {{ borg.path }}",restrict {{ vault.borgbackup_ssh_pubkey }} +command="borg serve{% for path in borg.paths %} --restrict-to-path {{ path }}{% endfor %}",restrict {{ borg.ssh_pubkey }} diff --git a/roles/borgbackup-server/templates/update-motd.d/05-service.j2 b/roles/borgbackup-server/templates/update-motd.d/05-service.j2 index f27119aa58fb0b3c924ecf85c793a8d92d9f35c0..b2f35c2f377febfc4c0576baf5c54555de11a649 100755 --- a/roles/borgbackup-server/templates/update-motd.d/05-service.j2 +++ b/roles/borgbackup-server/templates/update-motd.d/05-service.j2 @@ -1,3 +1,3 @@ #!/usr/bin/tail +14 {{ ansible_header | comment }} -[0m> [38;5;82mBorgbackup (Serveur)[0m a été déployé sur cette machine. Les backups sont situés dans [38;5;6m{{ borg.path }}[0m. +[0m> [38;5;82mBorgbackup (Serveur)[0m a été déployé sur cette machine. Les backups sont situés dans [38;5;6m{{ borg.paths|join(', ') }}[0m. diff --git a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 index a28afab7995d86ce964ad7258f6d661c21bbb5a5..ada7a9f93711a56f230ed1f1595e5783223305c8 100644 --- a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 +++ b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 @@ -1,6 +1,11 @@ {{ ansible_header | comment }} {% set vlan_name = (item.name | replace('_', '-')) %} +{% if vlan_name == "auto" %} +auto {{ interfaces[item.name] }} +iface {{ interfaces[item.name] }} inet dhcp +iface {{ interfaces[item.name] }} inet6 auto +{% else %} {% set subnet_network = (query('ldap', 'network', vlan_name) | ipaddr('network')) %} {% set subnet_netmask = (query('ldap', 'network', vlan_name) | ipaddr('netmask')) %} {% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %} @@ -63,3 +68,4 @@ iface {{ interfaces[item.name] }} inet6 static {% endfor %} {% endif %} {% endif %} +{% endif %} diff --git a/roles/service/tasks/main.yml b/roles/service/tasks/main.yml index 78c40fa81799c10630704089468f515a57930b23..11525d343fd5a9089aced281cb3f2ae0525c6838 100644 --- a/roles/service/tasks/main.yml +++ b/roles/service/tasks/main.yml @@ -55,7 +55,7 @@ template: src: cron.d/service.j2 dest: "/etc/cron.d/services-{{ service.name }}" - when: service.cron is defined + when: service.cron is defined and service.cron.frequency is defined - name: Deploy service configuration template: diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index c9f9d293ae7df7f2a11122b725ffeb9b82cd0f3b..905cbfce9e95235778f4dc462ef9502d6c4d4af9 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -5,7 +5,6 @@ name: - wireguard - resolvconf - - linux-headers-amd64 register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/wireguard/templates/wireguard/tunnel.conf.j2 b/roles/wireguard/templates/wireguard/tunnel.conf.j2 index e8682637b0642465d732d66dc8d9452286ebac05..17aacb31ffd2cfff41120389b12a7bd701762cd1 100644 --- a/roles/wireguard/templates/wireguard/tunnel.conf.j2 +++ b/roles/wireguard/templates/wireguard/tunnel.conf.j2 @@ -8,18 +8,40 @@ Address = {{ item.addresses | join(", ") }} ListenPort = {{ item.listen_port }} {% endif %} PrivateKey = {{ item.private_key }} +{% if item.table is defined %} +Table = {{ item.table }} +{% endif %} +{% if item.pre_up is defined %} +{% for command in item.pre_up %} +PreUp = {{ command }} +{% endfor %} +{% endif %} {% if item.post_up is defined %} -PostUp = {{ item.post_up }} +{% for command in item.post_up %} +PostUp = {{ command }} +{% endfor %} +{% endif %} +{% if item.pre_down is defined %} +{% for command in item.pre_down %} +PreDown = {{ command }} +{% endfor %} {% endif %} {% if item.post_down is defined %} -PostDown = {{ item.post_down }} +{% for command in item.post_down %} +PostDown = {{ command }} +{% endfor %} {% endif %} {% for peer in item.peers %} [Peer] PublicKey = {{ peer.public_key }} AllowedIPs = {{ peer.allowed_ips | join(", ") }} +{% if peer.endpoint is defined %} Endpoint = {{ peer.endpoint }} +{% endif %} +{% if peer.persistent_keepalive is defined %} +PersistentKeepalive = {{ peer.persistent_keepalive }} +{% endif %} {% endfor -%}