20 changed files with 21645 additions and 249 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,3 @@
 # siotp
 Ceci est le répertoire qui servira à accueillir les travaux du BTS SIO 
--- a/sio2/AP/apdb.yml
+++ b/sio2/AP/apdb.yml
@ -32,7 +32,7 @@
    - name: 5. copier la base de donnée sur l'hôte distant
      copy:
-        src: sdis2023.sql
+        src: /tmp/sdis2023.sql
        dest: /tmp/sdis2023.sql
    - name: 6. Restore la base de donnée
--- a/sio2/AP/apdbdump.yml
+++ b/sio2/AP/apdbdump.yml
@ -3,18 +3,9 @@
  hosts: web
  become: yes
  tasks:
-
+    - name: 1. recuperation de sdis2023.sql avec fetch
-    
+      ansible.builtin.fetch:
-  - name: 1. Dump multiple databases
+        src: /tmp/sdis2023.sql
-    community.mysql.mysql_db:
+        dest: /tmp/sdis2023.sql
-      state: dump
+        flat: yes
      name: sdis2023
      target: /tmp/sdis2023.sql
      login_unix_socket: /var/run/mysqld/mysqld.sock
  - name: 2. recuperation de sdis2023.sql avec fetch
    ansible.builtin.fetch:
      src: /tmp/sdis2023.sql
      dest: sdis2023-dump.sql
      flat: yes
--- a/sio2/AP/drop.yml
+++ b/sio2/AP/drop.yml
@ -1,12 +0,0 @@
 ---
 - name: apdb
  hosts: web
  become: yes
  tasks:
    - name: 1. Suppression de la base de donnee  'sdis2023'
      community.mysql.mysql_db:
        name: sdis2023
        state: absent
        login_unix_socket: /var/run/mysqld/mysqld.sock
--- a/sio2/AP/sdis2023.sql
+++ b/sio2/AP/sdis2023.sql
--- a/sio2/AP4/Vagrantfile
+++ b/sio2/AP4/Vagrantfile
@ -1,22 +0,0 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 Vagrant.configure("2") do |config|
  config.vm.provision "shell", inline: <<-SHELL
 #     export http_proxy=http://10.121.38.1:8080
 #     export https_proxy=http://10.121.38.1:8080
     timedatectl set-timezone Europe/Paris
     apt-get -y update
     apt-get -y upgrade 
  SHELL
  config.vm.define "glpi" do |glpi| # VM No'1
    glpi.vm.box = "debian/bookworm64" # Type de la machine 
    glpi.vm.hostname = "glpi" # Nom de la machine
    glpi.vm.network "public_network" #, ip: "192.168.0.111"# Set static IP
    glpi.vm.provision "ansible" do |ansible|
      ansible.playbook = "provision/glpi.yml" # Lance le playbook glpi.yml
    end
  end
 end
--- a/sio2/AP4/hosts
+++ b/sio2/AP4/hosts
@ -1,2 +0,0 @@
 [web]
 glpi
--- a/sio2/AP4/provision/glpi.yml
+++ b/sio2/AP4/provision/glpi.yml
@ -1,7 +0,0 @@
 ---
 - hosts: all
  become: true
  roles:
    - web
    - bdd
    - glpi
--- a/sio2/AP4/provision/roles/bdd/handlers/main.yml
+++ b/sio2/AP4/provision/roles/bdd/handlers/main.yml
@ -1,5 +0,0 @@
 ---
  - name: restart mariadb
    service:
      name: mariadb.service
      state: restarted
--- a/sio2/AP4/provision/roles/bdd/tasks/main.yml
+++ b/sio2/AP4/provision/roles/bdd/tasks/main.yml
@ -1,29 +0,0 @@
 - name: 1. Installer mariadb
  apt:
    name:
      - mariadb-server 
      - python3-pymysql
    state: present
 - name: 2. s'assurer que mariadb est en fonctionnement
  service:
    name: mariadb
    state: started
 - name: 3. Creer un utilisateur et  lui attribuer tous les droits
  community.mysql.mysql_user:
    name: glpi
    password: glpi
    priv: '*.*:ALL,GRANT'
    state: present
    login_unix_socket: /var/run/mysqld/mysqld.sock
  notify:
    - restart mariadb
 - name: 4. Creation de la base de donnee  'db_glpi'
  community.mysql.mysql_db:
    name: db_glpi
    state: present
    login_unix_socket: /var/run/mysqld/mysqld.sock
  notify:
    - restart mariadb
--- a/sio2/AP4/provision/roles/glpi/tasks/main.yml
+++ b/sio2/AP4/provision/roles/glpi/tasks/main.yml
@ -1,21 +0,0 @@
 --- 
 - name: 1. Telechargement de l'archive de glpi 10.0.10
  get_url:
    url: http://depl.sio.lan/store/glpi-10.0.10.tgz
    dest: /tmp
 - name: 2.  Extraire glpi 10.0.10.tgz vers /tmp/
  ansible.builtin.unarchive:
    src: /tmp/glpi-10.0.10.tgz
    dest: /var/www/html/
    remote_src: true 
 - name: 3.  Changer propritaire group et permissions
  file:
    path: /var/www/html/glpi
    owner: www-data
    group: www-data
    mode: '0755'
    recurse: yes
--- a/sio2/AP4/provision/roles/web/handlers/main.yml
+++ b/sio2/AP4/provision/roles/web/handlers/main.yml
@ -1,6 +0,0 @@
 --- 
 - name: restart apache2
  service: 
    name: apache2
    state: restarted
--- a/sio2/AP4/provision/roles/web/tasks/main.yml
+++ b/sio2/AP4/provision/roles/web/tasks/main.yml
@ -1,30 +0,0 @@
 ---
 - name: 1. Installer apache php 
  apt:
    name:
      - apache2 
      - php
      - curl 
    state: present
      #notify: 2. redémarrer apache et activer adminer 
 - name: 2. Installation des extensions php de GLPI
  apt:
    name:
      - php-xml 
      - php-common
      - php-json
      - php-mysql
      - php-mbstring
      - php-curl
      - php-gd
      - php-intl
      - php-imap
      - php-apcu
      - php-zip
      - php-xmlrpc
      - php-bz2
      - php-ldap
    state: present
  notify:
    - restart apache2
--- a/sio2/CYBER/Journald/journal-upload.conf
+++ b/sio2/CYBER/Journald/journal-upload.conf
@ -1,19 +0,0 @@
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it under the
 #  terms of the GNU Lesser General Public License as published by the Free
 #  Software Foundation; either version 2.1 of the License, or (at your option)
 #  any later version.
 #
 # Entries in this file show the compile time defaults. Local configuration
 # should be created by either modifying this file, or by creating "drop-ins" in
 # the journal-upload.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
 # See journal-upload.conf(5) for details.
 [Upload]
 URL=http://192.168.1.42:19532
 # ServerKeyFile=/etc/ssl/private/journal-upload.pem
 # ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
 # TrustedCertificateFile=/etc/ssl/ca/trusted.pem
--- a/sio2/CYBER/Journald/journald-rcv.sh
+++ b/sio2/CYBER/Journald/journald-rcv.sh
@ -1,10 +0,0 @@
 #!/bin/bash
 sudo timedatectl set-timezone Europe/Paris
 sudo apt-get update
 sudo apt-get install -y systemd-journal-remote
 sudo systemctl enable --now systemd-journal-remote.socket
 sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
 sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
 [[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
 sudo chown systemd-journal-remote /var/log/journal/remote
 sudo systemctl daemon-reload
--- a/sio2/CYBER/Journald/journald-snd.sh
+++ b/sio2/CYBER/Journald/journald-snd.sh
@ -1,9 +0,0 @@
 #!/bin/bash
 # usage : ./journald-snd.sh 192.168.1.100
 sudo timedatectl set-timezone Europe/Paris
 sudo apt-get update
 sudo apt-get install -y systemd-journal-remote
 rpl="s/^# URL=/URL=http:\/\/${1}:19532/"  # $1 represente l'adresse du recepteur
 sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
 sudo systemctl enable --now systemd-journal-upload.service
 sudo systemctl restart systemd-journal-upload.service
--- a/sio2/CYBER/Journald/systemd-journal-remote.service
+++ b/sio2/CYBER/Journald/systemd-journal-remote.service
@ -1,46 +0,0 @@
 #  SPDX-License-Identifier: LGPL-2.1-or-later
 #
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 [Unit]
 Description=Journal Remote Sink Service
 Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
 Requires=systemd-journal-remote.socket
 [Service]
 ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/
 LockPersonality=yes
 LogsDirectory=journal/remote
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 PrivateDevices=yes
 PrivateNetwork=yes
 PrivateTmp=yes
 ProtectProc=invisible
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes
 ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 User=systemd-journal-remote
 WatchdogSec=3min
 # If there are many split up journal files we need a lot of fds to access them
 # all in parallel.
 LimitNOFILE=524288
 [Install]
 Also=systemd-journal-remote.socket
--- a/sio2/CYBER/Wireguard/wg0-a.conf
+++ b/sio2/CYBER/Wireguard/wg0-a.conf
@ -1,10 +1,15 @@
 # local settings for Endpoint A
 [Interface]
-PrivateKey = iGPtDYyKYCoQVPofdo7KQXfC4OGCGOBXonF44nKUSFw=
+PrivateKey = aLihTWpe3bt3XwNPGOVS0mB9vfr4JqeZPyzhlgQ052k=
-Address = 10.0.0.2/32 # Adresses autorisées dans le VPN
+Address = 10.0.0.1/32
-Listenport = 51820
+ListenPort = 51820
 # IP forwarding
 PreUp = sysctl -w net.ipv4.ip_forward=1
 # remote settings for Endpoint B
 [Peer]
-PublicKey = sAJc6fITMHs9Entb5upqGMN+4M+fnhIIpcWbQiqW50g= # de machine B
+PublicKey = 8bEwgf4jUaIvZslBNwQSP3sNrJPZg1YDiFqyMCvJszo=
-AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
+Endpoint = 192.168.3.2:51820
-Endpoint = 192.168.0.45:51820
+AllowedIPs = 10.0.0.2/32, 192.168.2.0/24
--- a/sio2/CYBER/Wireguard/wg0-b.conf
+++ b/sio2/CYBER/Wireguard/wg0-b.conf
@ -1,10 +0,0 @@
 [Interface]
 Address = 10.0.0.1/32 # Adresses autorisées dans le VPN
 Listenport = 51820
 PrivateKey = YH3oUGyt8hXlqRINQIANWsqf7Bd+SJcyLhMLGPwbvHk=
 [Peer]
 PublicKey = k2Yzmoz+7e1TT+n2+zK9AHjssgQLp7DW0T3Zi+AtPV0= # de machine B
 AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
 Endpoint = 192.168.0.26:51820
--- a/sio2/CYBER/wg0-b.conf
+++ b/sio2/CYBER/wg0-b.conf
@ -0,0 +1,15 @@
 # local settings for Endpoint B
 [Interface]
 PrivateKey = eLqg4jQCId97MOdcP5k0FIlxnaMBArlPPEaTVmRPWFk=
 Address = 10.0.0.2/32
 ListenPort = 51820
 # IP forwarding
 PreUp = sysctl -w net.ipv4.ip_forward=1
 # remote settings for Endpoint A
 [Peer]
 PublicKey = 5UQzcels7MqDXWdt2oDvfbjykISpYl4i8uYFytHijUc=
 Endpoint = 192.168.3.2:51820
 AllowedIPs = 10.0.0.1/32, 192.168.1.0/24
		`@ -0,0 +1,3 @@`
							`# siotp`

							`Ceci est le répertoire qui servira à accueillir les travaux du BTS SIO`