Compare commits
	
		
			4 Commits
		
	
	
		
			d13fd49d51
			...
			master
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 928fda2aa8 | ||
|  | 338f2079d2 | ||
|  | 90e7dd49e1 | ||
|  | d8c2e77297 | 
							
								
								
									
										43
									
								
								Ansible/confsrv.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										43
									
								
								Ansible/confsrv.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| --- | ||||
| - hosts: srv | ||||
|   remote_user: root | ||||
|   tasks: | ||||
|   - name: création de sioadm | ||||
|     user: | ||||
|       name: sioadm | ||||
|       state: present | ||||
|       generate_ssh_key: yes | ||||
|       password: "{{ 'sioadm' | password_hash('sha512') }}" | ||||
|       uid: 1200 | ||||
|       groups: sudo | ||||
|       append: yes | ||||
|     register: mavar | ||||
|   - name: debug | ||||
|     debug: | ||||
|       msg: "{{ mavar }}" | ||||
|   - name: export clé publique | ||||
|     authorized_key: | ||||
|       user: "{{ sioadm }}" | ||||
|       key: /sioadm/.ssh/id_rsa.pub  | ||||
|       state: present  | ||||
|   - name: désinstaller paquets wpasupplicant | ||||
|     apt : | ||||
|       name : wpasupplicant | ||||
|       state: absent | ||||
|   - name: désinstaller paquets rpcbindd | ||||
|     apt : | ||||
|       name : rpcbind | ||||
|       state: absent | ||||
|   - name: copie fichier resolv.conf | ||||
|     copy: | ||||
|       src:resolv.conf | ||||
|       dest:/etc | ||||
|   - name: disable SSH access for root | ||||
|     lineinfile: | ||||
|       path: /etc/ssh/sshd_config | ||||
|       regexp: '^(.*)#PermitRootLogin prohibit-password(.*)$" | ||||
|       replace: "PermitRootLogin prohibit-password" | ||||
|   - name: copie fichier sshd_config | ||||
|     copy: | ||||
|       src:sshd_config | ||||
|       dest:/etc/ssh/ | ||||
							
								
								
									
										21
									
								
								Ansible/cr-ansible.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								Ansible/cr-ansible.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| Script démarré sur 2021-11-24 09:49:54+01:00 [TERM="xterm-256color" TTY="/dev/pts/0" COLUMNS="126" LINES="45"] | ||||
| [?2004hroot@ansible:~# sed -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Knano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[27Papt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[14Pip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Kapt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/bullseye/test/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[23Papt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Ksed -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Kapt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cnano resolv.conf[K[8Pip -br ased -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Ksed -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Knano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[27Papt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[14Pip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Kapt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/bullseye/test/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Knano /etc/ssh/sshd_config | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cls[K[Kpoweroff[4Pip rnlapoweroffapt autoremove[1Pcleaninstall vim curl mc sudo [K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[Kansible-playbook -i hi[Kosr[Kts confsrv.yml | ||||
| [?2004l | ||||
							
								
								
									
										2
									
								
								Ansible/hosts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								Ansible/hosts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,2 @@ | ||||
| [srv] | ||||
| srv | ||||
							
								
								
									
										4
									
								
								Ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								Ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| search sio.lan | ||||
| domain sio.lan | ||||
| nameserver 10.121.38.7 | ||||
| nameserver 10.121.38.8 | ||||
							
								
								
									
										124
									
								
								Ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										124
									
								
								Ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,124 @@ | ||||
| #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ | ||||
|  | ||||
| # This is the sshd server system-wide configuration file.  See | ||||
| # sshd_config(5) for more information. | ||||
|  | ||||
| # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||||
|  | ||||
| # The strategy used for options in the default sshd_config shipped with | ||||
| # OpenSSH is to specify options with their default value where | ||||
| # possible, but leave them commented.  Uncommented options override the | ||||
| # default value. | ||||
|  | ||||
| Include /etc/ssh/sshd_config.d/*.conf | ||||
|  | ||||
| #Port 22 | ||||
| #AddressFamily any | ||||
| #ListenAddress 0.0.0.0 | ||||
| #ListenAddress :: | ||||
|  | ||||
| #HostKey /etc/ssh/ssh_host_rsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ecdsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ed25519_key | ||||
|  | ||||
| # Ciphers and keying | ||||
| #RekeyLimit default none | ||||
|  | ||||
| # Logging | ||||
| #SyslogFacility AUTH | ||||
| #LogLevel INFO | ||||
|  | ||||
| # Authentication: | ||||
|  | ||||
| #LoginGraceTime 2m | ||||
| #PermitRootLogin prohibit-password | ||||
| #StrictModes yes | ||||
| #MaxAuthTries 6 | ||||
| #MaxSessions 10 | ||||
|  | ||||
| #PubkeyAuthentication yes | ||||
|  | ||||
| # Expect .ssh/authorized_keys2 to be disregarded by default in future. | ||||
| #AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2 | ||||
|  | ||||
| #AuthorizedPrincipalsFile none | ||||
|  | ||||
| #AuthorizedKeysCommand none | ||||
| #AuthorizedKeysCommandUser nobody | ||||
|  | ||||
| # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | ||||
| #HostbasedAuthentication no | ||||
| # Change to yes if you don't trust ~/.ssh/known_hosts for | ||||
| # HostbasedAuthentication | ||||
| #IgnoreUserKnownHosts no | ||||
| # Don't read the user's ~/.rhosts and ~/.shosts files | ||||
| #IgnoreRhosts yes | ||||
|  | ||||
| # To disable tunneled clear text passwords, change to no here! | ||||
| #PasswordAuthentication yes | ||||
| #PermitEmptyPasswords no | ||||
|  | ||||
| # Change to yes to enable challenge-response passwords (beware issues with | ||||
| # some PAM modules and threads) | ||||
| ChallengeResponseAuthentication no | ||||
|  | ||||
| # Kerberos options | ||||
| #KerberosAuthentication no | ||||
| #KerberosOrLocalPasswd yes | ||||
| #KerberosTicketCleanup yes | ||||
| #KerberosGetAFSToken no | ||||
|  | ||||
| # GSSAPI options | ||||
| #GSSAPIAuthentication no | ||||
| #GSSAPICleanupCredentials yes | ||||
| #GSSAPIStrictAcceptorCheck yes | ||||
| #GSSAPIKeyExchange no | ||||
|  | ||||
| # Set this to 'yes' to enable PAM authentication, account processing, | ||||
| # and session processing. If this is enabled, PAM authentication will | ||||
| # be allowed through the ChallengeResponseAuthentication and | ||||
| # PasswordAuthentication.  Depending on your PAM configuration, | ||||
| # PAM authentication via ChallengeResponseAuthentication may bypass | ||||
| # the setting of "PermitRootLogin without-password". | ||||
| # If you just want the PAM account and session checks to run without | ||||
| # PAM authentication, then enable this but set PasswordAuthentication | ||||
| # and ChallengeResponseAuthentication to 'no'. | ||||
| UsePAM yes | ||||
|  | ||||
| #AllowAgentForwarding yes | ||||
| #AllowTcpForwarding yes | ||||
| #GatewayPorts no | ||||
| X11Forwarding yes | ||||
| #X11DisplayOffset 10 | ||||
| #X11UseLocalhost yes | ||||
| #PermitTTY yes | ||||
| PrintMotd no | ||||
| #PrintLastLog yes | ||||
| #TCPKeepAlive yes | ||||
| #PermitUserEnvironment no | ||||
| #Compression delayed | ||||
| #ClientAliveInterval 0 | ||||
| #ClientAliveCountMax 3 | ||||
| #UseDNS no | ||||
| #PidFile /var/run/sshd.pid | ||||
| #MaxStartups 10:30:100 | ||||
| #PermitTunnel no | ||||
| #ChrootDirectory none | ||||
| #VersionAddendum none | ||||
|  | ||||
| # no default banner path | ||||
| #Banner none | ||||
|  | ||||
| # Allow client to pass locale environment variables | ||||
| AcceptEnv LANG LC_* | ||||
|  | ||||
| # override default of no subsystems | ||||
| Subsystem	sftp	/usr/lib/openssh/sftp-server | ||||
|  | ||||
| # Example of overriding settings on a per-user basis | ||||
| #Match User anoncvs | ||||
| #	X11Forwarding no | ||||
| #	AllowTcpForwarding no | ||||
| #	PermitTTY no | ||||
| #	ForceCommand cvs server | ||||
| PermitRootLogin prohibit-password | ||||
							
								
								
									
										11
									
								
								Python/Python/exotp2-exprregu
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										11
									
								
								Python/Python/exotp2-exprregu
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| #!/usr/bin/python3 | ||||
| import sys | ||||
| import re | ||||
|  | ||||
| regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)' | ||||
| for line in sys.stdin: | ||||
|     line = line.rstrip () | ||||
|     match =re.match (regexp, line) | ||||
|     if match : | ||||
|         print (match.group(1)," ",match.group(8)) | ||||
| #        for line in | ||||
							
								
								
									
										23
									
								
								Python/analog.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								Python/analog.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| #!/usr/bin/python3 | ||||
| import sys | ||||
| import re | ||||
|  | ||||
| cptip = {} | ||||
|  | ||||
|  | ||||
| regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)' | ||||
| for line in sys.stdin: | ||||
|         line = line.rstrip () | ||||
|         match =re.match (regexp, line) | ||||
|         if match : | ||||
|             print (match.group(1)," ",match.group(8)) | ||||
|             #print {match.group(1)} | ||||
|             ip = match.group(1) | ||||
|             vol = int(match.group(8)) | ||||
|             if ip in cptip : | ||||
|                 cptip[ip] = cptip[ip] + vol | ||||
|             else: | ||||
|                 cptip[ip] = vol | ||||
|  | ||||
| for key in cptip.keys(): | ||||
|     print(key, ":", cptip[key])  | ||||
							
								
								
									
										11
									
								
								nxc/inst-nxc.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								nxc/inst-nxc.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| --- | ||||
| - name: Installation de Docker Nextcloud et  Traefik | ||||
|   hosts: test  | ||||
|   become: yes | ||||
|   become_method: sudo | ||||
|   remote_user: root | ||||
|  | ||||
|   roles: | ||||
|     - docker | ||||
|     - nextcloud | ||||
|     - traefik | ||||
							
								
								
									
										15
									
								
								nxc/roles/docker/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								nxc/roles/docker/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| --- | ||||
| - name: Téléchargement get.docker | ||||
|   get_url: | ||||
|     url: http://s-adm/gsbstore/getdocker.sh | ||||
|     dest: /tmp | ||||
|     mode: '0755' | ||||
|  | ||||
| - name: Execution du script get_docker | ||||
|   script: /tmp/get_docker.sh | ||||
|  | ||||
| - name: Téléchargement docker-compose | ||||
|   get_url: | ||||
|     url: http://s-adm/gsbstore/docker-compose | ||||
|     dest: /usr/local/bin                | ||||
|     mode: '0755' | ||||
							
								
								
									
										32
									
								
								nxc/roles/nextcloud/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								nxc/roles/nextcloud/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| --- | ||||
| - name: Creation du repertoire nextcloud | ||||
|   file: | ||||
|     path: /root/nxc | ||||
|     state: directory | ||||
|  | ||||
| - name: Download foo.conf | ||||
|   get_url: | ||||
|     url: http://example.com/path/file.conf | ||||
|     dest: /etc/foo.conf | ||||
|     mode: '0755' | ||||
|  | ||||
| - name: Execution du script get_docker | ||||
|   script: /root/nextcloud/get_docker.sh | ||||
|  | ||||
| - name: Installation de docker-compose | ||||
|   shell: curl -L "https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | ||||
|  | ||||
| - name: Attribution des droits de docker compose | ||||
|   file: | ||||
|     path: /usr/local/bin/docker-compose | ||||
|     mode: '755' | ||||
|  | ||||
| - name: Copie de docker-compose.yml | ||||
|   copy:  | ||||
|     src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/docker-compose.yml | ||||
|     dest: /root/nextcloud | ||||
|  | ||||
| - name: Execution du fichier docker-compose.yml | ||||
|   shell: docker-compose up -d | ||||
|   args: | ||||
|     chdir: /root/nextcloud | ||||
							
								
								
									
										0
									
								
								testansible/.web.yml.swp
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								testansible/.web.yml.swp
									
									
									
									
									
										Normal file
									
								
							
							
								
								
									
										5
									
								
								testansible/dokuw/local.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								testansible/dokuw/local.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| --- | ||||
| - hosts: all | ||||
|   roles: | ||||
|   - web | ||||
|   - doku | ||||
							
								
								
									
										10
									
								
								testansible/dokuw/roles/web/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								testansible/dokuw/roles/web/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| - name: installation apache2 | ||||
|   apt: | ||||
|     name: apache2 | ||||
|     state: present | ||||
|  | ||||
| - name: installation php | ||||
|   apt: | ||||
|     name: php | ||||
|     state: present | ||||
|  | ||||
							
								
								
									
										6
									
								
								testansible/hosts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								testansible/hosts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| [adm] | ||||
| infra | ||||
|  | ||||
| [web] | ||||
| web1 | ||||
| web2 | ||||
							
								
								
									
										1
									
								
								testansible/index.html
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								testansible/index.html
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| On m'appelle l'ovni | ||||
							
								
								
									
										8567
									
								
								testansible/squid.conf.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8567
									
								
								testansible/squid.conf.j2
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										16
									
								
								testansible/squid.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								testansible/squid.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| - hosts:  | ||||
|  | ||||
|   tasks: | ||||
|   - name: install squid | ||||
|     apt : | ||||
|       name: squid | ||||
|       state: present | ||||
|  | ||||
|   - name: mise en place du fichier de conf | ||||
|     template: | ||||
|       src: squid.conf.j2 | ||||
|       dest: /etc/squid/squid.conf | ||||
|     notify: | ||||
|       - restart squid | ||||
|        | ||||
							
								
								
									
										25
									
								
								testansible/syslog-cli.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								testansible/syslog-cli.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| - hosts: web | ||||
|   tasks: | ||||
|   - name: on decommente l'option ForwardToSyslog=yes dans /etc/systemd/journald> | ||||
|     replace: | ||||
|       path: /etc/systemd/journald.conf | ||||
|       regexp: '^#ForwardToSyslog=yes' | ||||
|       replace: 'ForwardToSyslog=yes' | ||||
|     notify: | ||||
|     - restart journald | ||||
|   - name: Ajoute l'indication de serveur syslog distant | ||||
|     lineinfile: | ||||
|       path: /etc/rsyslog.conf | ||||
|       line: '*.* @192.168.0.37:514' | ||||
|       create: yes | ||||
|     notify: | ||||
|     - restart rsyslog | ||||
|   handlers: | ||||
|   - name: restart journald | ||||
|     service: | ||||
|       name: systemd-journald.service | ||||
|       state: restarted | ||||
|   - name: restart rsyslog | ||||
|     service: | ||||
|       name: rsyslog | ||||
|       state: restarted | ||||
							
								
								
									
										22
									
								
								testansible/syslog.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								testansible/syslog.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | ||||
| - hosts: adm | ||||
|   tasks: | ||||
|   - name: on active le module imudp dans /etc/rsyslog.conf | ||||
|     replace: | ||||
|       path: /etc/rsyslog.conf | ||||
|       regexp: '^#module\(load="imudp"\)' | ||||
|       replace: 'module(load="imudp")' | ||||
|     notify: | ||||
|     - restart rsyslog | ||||
|   - name: on decommente la ligne input type imudp port 514 dans /etc/rsyslog.conf | ||||
|     replace: | ||||
|       path: /etc/rsyslog.conf | ||||
|       regexp: '^#input\(type="imudp" port="514"\)' | ||||
|       replace: 'input(type="imudp" port="514")' | ||||
|     notify: | ||||
|     - restart rsyslog | ||||
|   handlers: | ||||
|   - name: restart rsyslog | ||||
|     service: | ||||
|       name: rsyslog | ||||
|       state: restarted | ||||
|  | ||||
							
								
								
									
										27
									
								
								testansible/web.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								testansible/web.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| --- | ||||
| - hosts: web | ||||
|   vars: | ||||
|     http_port: 80 | ||||
|     max_clients: 200 | ||||
|   remote_user: root | ||||
|   tasks: | ||||
|   - name: install apache2 | ||||
|     apt : | ||||
|       name: apache2 | ||||
|       state: present | ||||
|   - name: install php | ||||
|     apt :  | ||||
|       name: php | ||||
|       state: present | ||||
|   - name: install php-mbstring | ||||
|     apt : | ||||
|       name: php-mbstring | ||||
|       state: present | ||||
|   - name: apache is running | ||||
|     service: | ||||
|       name: apache2 | ||||
|       state: started | ||||
|   - name: copie fichier index.html | ||||
|     copy: | ||||
|       src: index.html | ||||
|       dest: /var/www/html/ | ||||
		Reference in New Issue
	
	Block a user