From 6c090e61f81a8dbcc55e6a00a37a4482d75633b5 Mon Sep 17 00:00:00 2001 From: Thomas Lerallu Date: Thu, 28 Jan 2021 17:46:09 +0100 Subject: [PATCH 01/36] ajout schema dmz --- doc/pics/e4-dmz-tl.dia | Bin 0 -> 5950 bytes doc/pics/e4-dmz-tl.png | Bin 0 -> 37584 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 doc/pics/e4-dmz-tl.dia create mode 100644 doc/pics/e4-dmz-tl.png diff --git a/doc/pics/e4-dmz-tl.dia b/doc/pics/e4-dmz-tl.dia new file mode 100644 index 0000000000000000000000000000000000000000..99f5627f90b2c70a007045c0618322daa162b323 GIT binary patch literal 5950 zcmV-E7s2QsiwFP!000021MOYgZX-vMeebUz`IPHPk9?uN0-Zk7aYrro8 zC6*y&=HuraD!pG8K6;ZW-~%KYhBL^ga~x z#dtP-b0!!+>lM?h*=RhyeslJZzkh%3&;IoFt3Qs$!#}`(*Yn|R4}N00z)x?^ZkEgU ze|Y`++JRFL9f@IwB_mVhu6jB zycqsg|8NdpAsqMc_r-kk!ME>ci!lsYet!RKNX>Kb&nIJ6qZTk|dj0iR-{`N(S6Y4J z@mW;7&Vnzb1#nUA7B1X%}wZF5Gx=@qRX6 z&WGdWbI8ltY*GxTCF*j1R~(PCxEfAC#I{WADXQLnJY6>S_|MHe zep3SC8S(hzi4s>nt@aQa`N9NNJTKCOyiAysYFWygv zpSMq8b5PB*hSTL3IBd8mMh!7d9aT<;@6VUB^9`QJh%~$Wui`2*|KH3$?lYqXP_Aav zDNF~{(DU~**shCaAomr;@>?4kYD5JgE9R>={boKN|Ng)8;v7V8de&PJ&gx})t0@eh zd}|0Z`f&g0iO83~yOk)vTMnnA;e6CP@4cOUI(t;dK^Y&9-kkjhU*8Iw>jw`5b>P`{ zj>}js7H3xV4U=JWk3L_oI)KZ|&F9Z?uG8yDagSj;naxL7PdPl`=|VtRL5KK)2xE9LBBJ{*nj7TXp~ z^7SvV1F!sMxzmr{`XYVn3)4Rr%(&feoVNW1!dO@(G0>K&z5-B_mjIHdwhsxwWW+(g z_!JUQig6bm5UVeH65Fy7S(d4?>=^K4A9!DzjFRk_@`z%B83=&vJ7#!LHm4{j&ukw- z4lD@sRFDImW^|ghd77zI29Sb^f@BM!-mLF&H-(c(iG=m?U_uhTJy_`*+kbqc`fJr3*;o(RYwjUU( zmo6g{fE5r*B!x%=3Brb-g+L?W$Y0ZKu^gW52sw<#SIeB7)5sF;rF3NE8JVyH_a>D@ zWhsJTeCKZd{CB>ddcgT()aNjeU&oWl9w3{^6J4c8{wy$68KgXD1t;V87dNx{_`he< z<#4ifavM>cgJFOWm*cB^Ad9<84Br=LM=#QWy57IR@2o=Ev&qUHFG)&pWGS6f;{znI zLed&|9t<)e9DX+19DN*5rx(R^^en2i_dF{tMQ_U&(?K7}+pv+Y-fzB7RiJ#^Lm$I- zi)WN`|1Z58kP(cDfk-T8@#yb8{_C4F^=zsYKP&EkcH@Wr^RV;A8y%*${5V`*-N2vI zqDpCT$-=Cd3}8(#X{1*p@0tp8|17$#WalWsa@Zwls<|(KwO)TI(8jFyOOYYUf zm(8fcprgqf88ons)sEX^U9+UrkWxcRO@m6!--}PnigUm>a1Ll~R39ub>7~zm5R^!c zS?~Pd39?qlhGmwxEIUqujWKn<(U`=%Hf|%|xhC6rOO{ccgo6B60pa(1zYcH5lh5!z z!|CFz7k6n?Sjr#$YccsypkzPYo`=7|vvZ*OEZCrDod&uthzAMdF>vdNjeDO7$3P7y zU(6vxhGAEG^tu)BzihQdV2Kw{iT=|bC8=KX4CN!*7je19xrctk-q-5 zinWr{a#dhlaNU;o%P+lu66R-yQk|QuQtv_`|`$>yAys zBZZF?J~|Te=d+3AOH4@6-ip4$fGp3M(55t#+(je_w&VaQR9Ok1fo4SRgtppwRt$v~ zH4b0QI(KaH%gZIS39+7(CJxDHbL&4VWy2Y5yAtt5@^u^`Fw0EGH1d$O$OItq5=kM_ zKqw~hbIimK9ae4{SwhOhC(VU47t&nnVy&hLq7O>+JyYIiEy8e*o5<*6b<@3#t=f533{|DB8HXPGVkdKZh#z8Wfvr<_^{5eB>swIyMpZ{|^2H&+ zG_abmHstgj3#R%gNPseMOgW=GrrHHzLx*jv)TP_Ut}@KSYB@08ln~qrr!pE^npsnK zu#)9PmRIH^frbQvk_5h}BmvZNTtKbD3o9v0Aaj-gIaW?5B;=d&peL#1dserUTe6=rBS9dpSbp&3km5IGi4(tq#HI!9e(11WI<3OweSP?$6r%QK-QN%$Z1g4`i6Na_|JV8`&tNT4cZZUn7d7TAcL7|8J(tVmcjG zu~TxMKaho17!hGXi@a&khDq*aA6;SIfL>vl3kL7_%fM}yePB&2;eI|aAw8GedLe}O zR_E;T#gy0FO0JbM)&xm;)8qo9=sl?~FPS)N8Aw8a6N4)+3`Othj{pA~4|nqYH&C;b z=A~QFik!jD2P7~&tu=!u$nx0xoJ8bb5|P)+A{nA5ZHR8~J0X*=Zs}OmA`*w@ITMVq zgIx)vELQ{c4SUQt0)}!*cGnbbVgdKEL^%Uy2W!`~(506%XQVe0n@$+-r9SrbB3qPf zQBqc03wfqri<1}umu=+dVIv)BkvN^T4r87|mdIKjjl5UPvv!i(hiWT!4#f!_FciC? zTStM<#%Q0+(A8%&W`#Aktpu#T2OoY4_Tfv@SJm4*S zr=7>{TV3vYnzm;9C~?@(%Xw+Jx4~E=*Dk~~-)WhJwMNTJ;zF4SK6{hy0sc-Q;xhhM1hN=q%oHU*O0ja^QuO~3yYm|1m} z*WQVo+9@DmnH8*Y=|D%7iUnm=tfY55@_zPZ-6ZRWVu4Fg(6%;r2KCg#1P&Z}blFU@ zFZZrBqZ8_S@}{$Dx9(uY8z`J)%Zh8-E1lOtq%@o!j%gF5z`99JL|~&-)|~jdDb|m4 z%u8q84xf(-aXJSKH5_J6+qbFh`{3cp(JOwpey@^mq)5=GJSbF{#+g&ezlV_n=@{3j z|W&!>aSp=9(cT29X|x$1&5yq$Wk8dJ>scWBl}gN zNlevErn2d#p7p5O$gHlu5=Af@Tm13h5EA*SJKB^XmTJ}Ds}M^fscw>#Yv6VZHm>o^ zsLY8A9xpZqWss(fz#KRalGp{S4-_dPrJ;edB$jExi}q$7$VirPaYiK4nmQOW80k~86B z4;m?W&TjJeK%7}&BOVHtt#XW^u6-}() ze!UpATKlpYi&bc**4fZeu?i|yLB%Rgy8(uF4Y(Ig2pY-E3Yjy}O^C95G9Vc%-5_4I zMr6T^%iI8?ZjxJvZXXA;@#Spx8wayYYx6<14J*|#?br1&b4YE{&Au5;D|6esnQ7lZ zYi${PlvXYCUh)AXQ6edA)Bv}Vw^0f5zSE7h(-&|bWzK+p<>f;?Fdj_Sc4o?H`&f8P z9b1uzv^mn|NSkX-n+pw`2bkT|hBgOCXv||vF9Wu{X55uFu{}DcWlv?UZjSXsg=1=K z{djnL32(pmILiW+na{7w$wPEGBQjUH-nw@UZ@>~$L8vzNE+FX=DOzF=n^!WOB-Z;F zV%2lpGE_39#9rI-z@dhAaP}R1P^SoOU)Hs5L{qMHY!GPLaIIrLgn4wWi@=2W0$l4U z>qoA2GRDXlBV+97+!G@kQ00UZ0_iwdkyn$u2U6A!P=Rx*47du_sbYqL%7nF>#9Jw# zl!(&FY&oMEC=QKTwGQjbyS(+GOB@Yq5cVi6i?0F$XfL}^EQ}bcwX)Dv0!akbO@eBo zdcD=&_kl8mv_3CIl}M5qB|MUp!bYm_f9Zni!j%Iesn$rUS}2L8PMfCQ&OSY1DSppV z>GkUc^BxiUAx9vIbuYAGzAu2NOjhq)1GC%5JBRI@t$DJMb9(0tEFnNV z_ofpHt{ z?5q_gJPRICydEfxZP;bZ)NRLmo(|xONYbEm=cM@ zb{%Ly4CSo_Z*y+m+9_@sD$$2(w++SD*9Q%hp7w6zdv{~|Nq*4g^)Gq9$|m2g59f?VJdi!lDeEGu$3OaJLZ`*?^Tp0JFyH++3KMh*D z7PjrZ!hC<^B62|F?6)Fo=eT94+@%OVz350cB2Q=cs+YeJxjSFeCMT3D$0T|kUCzSL z_aMTU!TsMuC(1&;+2b}jdt6x-OsSt{z236IvCJ6m1}ZS4 zWW<%B3)frTolh>$FGrL<-V#MsOC_;XH(AOwpfl-MDKcbcse2r?VkxaLxj<2FOXqTDu}QImy^t%4lq! z6GW*y$!?Gn1@GD;rwVB#a_S~I=?1Ql+E`Fc=k+_4FdnP8VUBRjArJ69*Qu5+l3Kd7 zY2;PPCQ;Q1Qq}$?$6Rtwxy43$M#n0UI^?`RYq1kyi6jAO;F%1dPsI#`qmfUc_*f%L zNCn8K02vh^qXJ}!1r=O!0>5M0S=qvQ06Y7Tq8^eOwey9xNUkL3rZku$@r`jO)@{b=_&K+T82^aQVdoX;(67K6;ix~qX$or zg_D6w!B8ofT45x5>Lxvfbb4}HdL6Slwa80PDAbe{5o2N_d~xsq9VYJ~(s$h{mqLDuHjYBZ!qeOdHWBaB2(oenbkiKOM>Y3PCcU|p040SIGB<8Noeo!FMiz->X&AsvAXn^mO-VYul{Od83;sMQ5T|$lRsqB8*hA6djKr zg6m8vI=TnkVkx@k0!iMRZaSBfQ^WE0o59m9Z<&Gz80BLr-&m#~bfruIkyBgbR4I)_ zPTeFY+rT~GQW|XDTfikVS%W1CgkMpUkVH*HOz{oWqnapZ1-lKRo5P@M$VE7|xUPB4Ij`GC<>Hwg)O)E31i}u* zv&72;0!1W&K>lJ2Io`=mXe+@#l(&@55D6Qk|HXWG8%!YVBPbG2U3GXl*6pmddv0B3 za-oW?O!m}(16ffF?-sToKc?LxMFdBmbB8zY)Zlr@dt5;N^!LY^yr;i@KbpgP@f`2q z+Ebc64zX7=ukv3iiuGU@DVSJYUv!D=jk@vt#?7!ub?rK@T^ygszKt0QO3w5w6b~I| zt()0|dm-$z_ckHJzaO{Q9Iz_!43CI;_wF!1zv-v@n}7fQ&CSi7Vjhv7Wms2H zUS3d8pnmJkG3!`QVabJMf41MHc(x%1Q08YONYs!O}Ox)_DDlaC#x z-?JxC%D~t-@xuq{N~3=##ZSXfU79E!`w) zjc+Ap+fQhx9ug{9&3sm~W$V_T;(xyIL|gWjX&u5o*@;={QUmx`HW!GC}4jY>px3%RDD}M^5>cmbAmif@12vE9s(OgL~_~}y@ z7niZ|aWhlXqN1Y4@85HbeX6u1)US*)aWy{0tE#FB-}XErLh{6k3onihF7&#$x_!lD zWk0o)?$S`K z{QUf@tE=}PJcx{p^ht<`@wl)rQ(OMgcFwp@52z~3%QsU|WsT3TE%a{Nwy`u6?K6x! zEiJov@gmu-4^tH^r6Cv~GBPs$IFX}Ajel!w*|xFLyU~+lqSo^C&r@x$uKciyGQSO-&v$JJufjAv`K7)!_Kaja8f6gGuk+wLRa)B$)2W zDsCye(wvx-Wb)_rR(kGDn>Gy$4jPvTGvK$gb8|bWsc&hX*RNL7cJ%aSWn+tWTmCJ0 z<2}u#J9qBbq;SQF^}1YP{_d;SSz21!-M#k0FluUH!H{J3^Xc+UKhT2F;$Eb~kl8p<*`T6(Z3Tw;hZECU| zYs=u5Y{R37evLWxz}skX^5>yLhdwwjaL2i?jp~>RGPZ`lcyZzRk$XEj+uIRlHgDQQ z^Q53)DaWMMA!=b}CPKudWqR-{#?Vpqv*qNEQ=y_mgM%5N3_dd9nnLTkvd8tSf|#@& zbi4Ach_hAu17FIxYd^m^Tp#P><5Nw~H)N7$)>)yw{HJh2JU}z+c1@JDa|e6tF{}=L zZMCQ$&1yO#Vq&|tZ|4^h%1ck5oSQT7Q3%bSpC9jJXJ;qwrlaF}Dq+?*QzxTL#JZBI z^{Ps7MsBfjETt|;SVPhVvr!(5#w3A(`iu5(qQA1c0?a_v{ zFE72AjQ>2+YmBIK+ zroq>?1$piR2L}Fh7j~HMBoI8FnV4v4s;GQ?D*PCO>dV0A5Y=1kD!EPFZDY+|^fk@l z3=?-bIr6$0nf1l}5mR{T_V#w7zJb9t4GpK!mK1*$F}f!a5iAjY<(b4J z>Khw7;+NPsSfN}Uh4w;qGyI)RZEX%4>uZyfmRuV7ma*p|5R^;?l@<}txw2&r9a41p z;E+RPqxEN(eqU7d@`KY<-)SxhEI}Lkv>S!bhL*mD3E7Xf_&1Asm*qG*I?Blwxhz?S zsx|j_Jbbu`D>E+-^Yvk&$1fm&JMK#`5B((tg-1?WnrdoHbaZmW2b4Q5@9fJl{nGI2 zOnb-L`pN{7_wB;s?Ch&9(V6>ya%?P8t;~G9M?oCu>%&kzyMLcNHvGPtFH<}Dg$oxf zy7E8GtYXWwuVh+?m>zqUdeUt*-_mI7*9PVUSL{1e!Dke=orAqGQwhbJvyCw3R;HX!=)8 z#QOR=2EX)%Dpu}9M^2K8eUjAC&vJDZC2P5vnWRtr{P|NUOz9FC={{Vz#QS7{6E-5KF zx3x^OZ(^dZaYi%Ow7tmjI4#y&ZF%|W2v-TWRR>WTIyyQwwwga}NNFQ2DV+1zH zb2m{@4gLDn(b3_XN7NS_kBGHe>PS-x7ASCD__H|GuN)<{1i(Q&b0+IXf$rx=BO`Y% zuxv-hx}f30Q+#vgSIv_rPt5o<1QVv2(BRa9f66seg~8-57#Q zYg+-C$u&2(;_2r%3hfZxG#xV&ue^PiSE5Mm*{8Fy%%tS_&bC07h&0J2X5JMm??p#X z-<;Qppqgjej$j`e9NhowSIfY(NbUhq(Rl>KwbhxriJlKi#N;5g2-oU&M|={lyuBD9 zW`PL~bYB_I!<7VXyca%r(DU>FdG1GFUtj#vZlY)H+l%9-Qb{bjZ7hd4H2S8er!n+W zQc^Cit{;kuzSY!>j*L)m+xEG%l$x5_yQ;P})uOlf0o5+mcJeX*-PE3o)8%5_FOC~> zad8Q17l{L`&W*Nib3PM)kjuun_c1Qw%dfL?*Esbc^0)n;E>14Ss*?_r9vYcf0May4 z=BxniOkG@x3JWo#-O7;?r-`+-wLl^#Po6|LFWFdMnf&>g!+mvXWMl;4Ykt4A4PZ=H zcXwU1Oo{a%X`NtsMoBp~mX#gg=Rg0oLReTh{T`M~TpU+u*V~V!rF~g-CnJz(e}8|w zvM@0LIB8~@ZJ6z`O5Cgzuzt{ zE+Q0Sn`K!mb7l!XmvXd5{1DR0r(tE40;JBJigua)QnEH~(O1)%fh@)*dHvCP$;O(+ z`SaU5xg#a+BBy=*@wzjs`#;w;HN!$fPZNnWPYMfHfPcy~8@sgnOx~>)_kC@(=HwDU zUbMHfD+Xf6sIt(~PDO95dU>-uj~)GKf}Q74JeiV`b^}P~`BA->k&!huHO{lcM-8fX z$L_j^We1FE@X>>ek&zJtsrGxFKH7)|G3fDK9UNwesP^hgYxku3l|wO1$F3DCYgmU8w4)lNrb{+?qm#TB0Z#Ps`Rju}n9hu81E-pSSVBGJj zXWC=l{eCkg<(t>9n_F7mouBM+o=E(bpruo2H{QX$%O^cO{aLOd(5Pw8;-Z6YeAUTo zi3$RT4(*Y&OGc@NAo1bD8p4vFuW!@aBCGxifRG8qBm)Bx%O4++z_#X1`mt*8+o@gB z(W#qR4LNk>Y-0BN)Kqii=;ZM7ni>HSk!!Ik!Ue?#4;}<~NiK?DyPcA6asGqX?Vnp{ zNyQJB$vZjyrN4L`*?KhF`1|#Z9M|PpMPV|@zg-QoP8w7;dNqh5pQ=*kkQj3)%`EXyJN zdviNYE9ni7qq17tNN-dStOQ8^GE@AY`@s1f-2@}Pfc}TNQA3_bnJd!gKjR7tge48a zVzk8>{Cuo@N-8khKiP`a%azKEb5o9Z5P=~3rY&dtl14$F_)eX(vOH~^4=J{yp5KWZ z+?RkS((_oU7@)qlWtg#XqtEgI_oJhab+@xvUjO=)e){jj?K9Ts>3vN4kn@fhY2#?p zgGGLKp!;Rn%S`YP59ps{qa%F$@$mkpsWO2PlR;`V^?CuK1&L9pYPHj164D;Srj?VE z)6;tu+eyCfl2qOP7Aiu}7XKmrvK;G!Pkk5u7TtMy3kwUq@9!p63tzi-O;=YJ=X(+IV(Dfyr`-=I~exx z(A+(f6Kf(0JTxE42p(OWsUjMwsj0!-7cz5lq>+cOUcG8%l`)-!u)j8**9!z-nDFbU zUd3b1IOK)y0vj)Hx5b}Sq9=uf0=;)rmp|Em#@lFixS>Yi)0Z!YesJ2`FW4C!H+EHf zbMY7X=cncNbOeu`a{VXvSfywge@pfB^h9teOi1u1{V{-D`y#e>Sy>qhp-x~*XJ?C^ zBK7BksFgX6-1K<;+8|8u#-p8V%P5;oULF(_1Y#&hghn9${8#=z`v(smL}=Ea@-Ox3aa%D<$&IY# zH~k`$C{Lgw5UjoOTb>`TtE$S%$y&{LDrMtg;F$PzHKoH>Xzc%|_ z*=KmT;T1x4iTlQS+-X067cDI8spP-b2HR+)EDP!QnKRaMo@=lLjf5sOUCx8jrcb|LrWSo!6g zI(%v5Gufcbsh*DOQTGnp5eRH@t|<+T&u@T^i1hLKg3vKOHkNDNJ@WgvA`wAH!g)S9 zG!zNmRRqa1BxE<2M$R1uT7=F(5?!Hn;|3`+rj@KaElm&hWzk%6b6ZE%+~YD+v+LyI zO(ZI!?T?RSgSTx*;(s#hiBJM3@+e0Y0nAxiPU6`eqw4DF46Rbm(vs7n2<31cuJC8+ zo7l{yqSMKB?A9_7quOpJ_l4gY&aim#6Ma=BnJ_FBiD<)vd9fCud2mOro- zCb|lOkpfZ`!i03V;}8f@hv`-~Ha3Qbhhwychlf#V9Fvd;_vRN6K?blB&YnriAGq@i#UyGD?jEQKnsBJy-__-fiETAw!~Scu{W4$V3a5=hzI@ zUQkwUwR=U#rs3&WdjZ7lYVp zDRiPe%WxN)#B86R5H-E{i4$8n+(QrBO(7b@X!Z^1%N45@3*TYDegBs+zCkM z@#DveHL1`k^sG$2R17*NxAT_=@|ALN@@zSI` zTLAGQ_4|;53Q#k#2|VARR7P3M{gy@JAz+YoxF5*5KiJZo^owYh!CG3naLQ&(hP;QSR6)Y~CdvyTfcr?iNxzI8U%K zQovoPbdWc(OjH%CZyOjyid)^^0i>wId)mkxscYEhm(vMdYIgn8`e{4%9DC^ft2XlM zy8ahtuI1&?G{-0`CFQechg;L45#t^_kjE~0b0NYZO6Y%^H;@#ENg{y(Eu4!{gn|bA&D+rZcBqq zq6VinQ-zbiV=){(O*w_8;-8)qa@L=+%Tm=ZSS=meTylaQ&fw6HNq=#Ls z;`Lv?{6-KY3L{jTn3!<+VzL4Q0dP@Et)M3Ju4->rFVLhIT-Nxf2=K8Wb2&v$kZy3e zs8Fn$8gzrAyHto^_DRASGt!f57UAi68ao!50&JLS^7Rbk?{ARjus6fKU%q_F%F4Pv z6TQK&o;gq-E04Ws=vwUiZ5q3$qOvj~JY4X4`VZU>s*bB}y>~}jcCd(!k&=tc;w0#g zaFZTy+WncCnfLGCN6Bfmx@g736b49pf!FPN#;wz`vL9s{Ia8t!;al&(h3?lO1w@rIHwPZNa)V%u{zvsQnYw4uY%% zvG&V`y)mOu>1M~Jk)$+S4V93070L=`oy(Ww+&2AXs+Sv;guoJmeNxxdbary0UXU~? zaUq4F@FTi%$oB~8sJ2RgsDC~C-W5`JawYlP{)ocQ?~9AqYs7lTx(oBbZ-Cpna^(sG zwdeFEAQ*&`j^yrgKPIF>@2ax0_yWo#qdBU}Uk6zp&T1ObwDA)NjhxmOZwtj1w^+`HT$3OX%sby@7|3xCo!$qe15b8(}MI>Z27Yke z4^t+BYl_01y1K6E1xl0R;L@}~%h9(I{#TY47j406?SQ5rQV_Ix8)N+I*C^yKMxS)W zVorXWj<>e(UDwd4US^}$DO_G&-gEqRSBZPc7kjcFPZBp1g0|NT=}-M&I-sPVmQg6t zG?RE9kPlRjj}b^X({E5I>L_?7dPU@e)fBfuR@7KeUgVdPrey9&)h>sj1v?_b8}xjb4CcxS4ke8D2s{ z!fv!>9E?hl_29YDH;;XNK~~w?+v^~Op=Mr|^Y!xsBjC+@(OPVRcvVM-gNaG)^5wqq@efDjVD{Ux4?P*S=GF~#!E!~4#rqN z{gjfvZ3ck``aXC-qJj3*A(p*+A0C1v=3Vva)2R<+Kw0`W*REcjloGN%81FhByJ17MsX>IHQt1Lek!x zNG#(^D{35&D|?%ql(cQjmYbY!&Tg*7dve5pfB=0ILMEk%-v~Ir!d$hW7kOik?+6{w(Putqb2-#lwsy*RdCLmG+ z0|MBO-r7W~uA!lDhV&8>70pz`Ryj)qnd!bZ7dEYx9L8s2GP-rwL2mBMuk@1}f02_S!xx0q1k~3kwS;$##?IEvn99)c#x+ zDa9_a|I<{iX!}glmuQTXH`%{y5Mfc&*5(=1i?%_?X z7r*9F5bDnkynLMBvIWfGRq1E9N~%bYxbnJbMhp<}a26n5X4us@#V3O^QX36tICd}} z`3L|~UOqS&rc-P)bTN3FvH3Y@Qts<678Vmw9Buz}IYP(baGiaUZW-#?)Z8qfk(~f( z3^Fn{f!sz;wCntfhwqj=|Lp|;Z)W{NFw>4avLfeJwpQ`{j{0VD$Cp&$oSEvxz78-P zeskCItoju~!@&Q=y?W&X@_q%l`k!Yve+y)kR=j-pYn79;bCPWj|H;9@uVICEN9W7v zl_$dkR)vZe?+e7gdGly!341V82Ka?{6*tK_mGgaloInt!JHfNDG0K%{cvF}iwbY?2 zZ-!THfbJ0Ll(QS>`?^EB3JX=*?tZCjqP1tGv#2p7WfTs=wtV_qE1#w|wYHXEPY{JM z2zEn^z%(zsy}fa%TFfCrK(!F67d)k-g9FCXm%kk;uDyL}d2TfMIDM=Vy=qlb5zUiB z?E$rQbxe$3XI8O)Z`VboWYPeNLKz3PDlL^`^r6FIzJb`_V}wA9C@42XS(6gE*hxkh zW)76{mjYT-(L8A`Vd0VbZ0m(P*89J{54!QfN!KHu8teM1x7H$_Df{WAiX8D>!iisM zxJKpd4EFYGd}hp~U{+PCn;fsGXQ>Dx<`SHJ`W@Lzj3~0tCPnMSBq_hJrm!tM|B_0U z1@Zl-xH+!>$b5?jyA>;~v75c^k6VZ5jnE$*^J{}vyMu^`E7DhH} za&x94$c`hn^n{rGjSd(8GzIvR-ME~}eQ)RK*VJ*%r)fw0nw#UmyKE;1+v9QjXXk!` zhpmwm&;Ha^X?V`p{6ts#L;hARN1JsH-RQ7OI*I=8Svve=&S;HHgb=P@h2Z^UD;Sr z4iXD7BoNM0jhOf|j+h)&khbrPGfn-;=>e|@>65ZaiH7=Dn%7$oKFJU67k8;^pfbJo zAKxu7%ouPGgqbAxFo8!j>HQy>&f=H#z=>LXYWel|%{e_xs1j~c_CE-wJWCA&iDNx8 zU2K^u$83h;)YbDx_EI{g^4sbsq={%$rQRcrAnCF)I(P=T1>D%*$8<^2;w+?m?}>K_ zvVTaNoba}LC;u6$S36IoPRsm`}h9( zGw#~pMIS6{yz(5=pgJ&Zl#wfQcYEb!$&U(@gnGWFR`Ro9P6^dBMdwW8PrmuGC-$xi z2KL`z=G_+~%E!+uy1Og-$;ema&=HDaX>!6@uL_%EQLp&a+DzC^ z1;@TScgV~pG{;&>)bc8YhwWKWb&p{E;7QgSgcG!VYN1zBCJj3+*eLF9$svT*rd0u&xjlz9?c5GnZB;_LT4qp z1U#g?nHYX%C-5YI5H^q~2_~!iWkw4!bJmLx6WS74rLmTA*-=uUE`B7~xR-F~B~^Sq zB?Fx)9f4W3aFEvW*Cih7iwf>r2u^P^zN?$@_R@1tv)<4p6lk)Q-rY>NYGk89Ga*Wr zla=zust|=GU;LBp`npQo7n{}iW(k#a1lgpVxNUm}WvnP$7_j70g3o2E{C2;*e5LYw zquOfxA(y&SnW}k{o9PJI@vg6vt3xD8XluNU|A`h_Mv@_R!@K@95!h#68gy%~@oX+; z+mp*qFxqO|Y8Qimu}%ZJHziW~v52OYPN%PHe5VHa9<~GG@5p4i4rqS&Jg#rEK5=Qr z+r)tMv7BYrx1aM><6Tr&Uq2K5sB*yJs#3Zlp?)V#>p6N7<;AvI^~Wfra4K#?`loME z6W5j>1j5yql4|rZQ@^cE(zAkq%J9PfJR9&JeTxjn_QSXord zh#2|xcAHZ8UYK=f+(Yb>-JF!hCSI>rP_H_mtV*7=7Of$u>S#yP`lWsc+%*)KEM z!kesa29w)b@`vxfbJnO{Vmn8g6p5;q)IS8 zNm!35ZZXnL%gOpRN+UdAk`b8g^=dES0C}B35L@n7l4fDVSZVe2LlGIlRv5(vVi%u_ z9!0lY>TZIpM{w+UPMG(M7*oyu6+)La3QDz23@?ukedYa`KuPduA+ZAc?!G`zowH?Pq9i8Wvsni1Y}3!*C#fr-S1ERaAeOwMj#@2+CYd<-hZae zWPI%BE)Id()>|CLyUvKf8@IFY{yuEHu^hXW5iX^%{o{(03D0iApee!s#O9du*0~&O z&uuCERYqd}N`G40Vi-2Lu+h(>ezA?&AjQeO|IT;_3mB!@zX6ey8U7zK6z?!2yX-!4 z4lx4ZbK~@Z$M96fY!1=W+OEg^nYqGpWqYt)tiTAiXQD{Gz|Ogx8u}<5q+rU}!NIL{ zEEEJTAA&>jBr5iYt~U@4!mSXvJah>EoOYoI&DU&yJ@R6>j?rO^MQ-N z+3>e-c@}~|7JyTPW_>q*6`F}PYuL+|$)64I-5#}5QfWu~;Z)WC*xY;<0sw3am4O_A zzP{iiMQ!~)E*d*dfYd%q)u$134}vDN1SSRs+9z_c;*Qh$!NI5~4{&qOPxSUyR8+t_ z3J-tymZLN`h^AqH8FuyWuvsXx_HVse{ppIqMrvhP| z8UmFxJu^e9p<%81-Pb2agwX{$3`7>wp-}Qe-+xgFAt>(dA1hJS6Sp|eXVN7lEnWBW z#Qs%dL&JsNZ=)3y6zCdIRN_kHq9;)%egAF)5&*P1FngiDe@$Mm8w(Q?947N9P3bPd zqzAJB_zc5&sLMN9^W8VrL4)WU8fN9^f{g;FXL|qC1IoL<8$G?>B_-Xsal>;Dhy#;5 zcfgVf@bmwwi{AKlylzs81GMUW4Fc_!OfrIgC3By~oVRNK>$8JCpYv@Mwa%VB>*TZy zVTI@X^Pm?mmYS|8Ux4Tj%DGxnP*O6&8(xayrC%)c^z@=I`L;AQg?Jz4<5Rb8g%z{E z!XIY3y(eA7X){nXpI%AZjj1wHj(C2dXD;V3L)ohQUc;*|wu_zoDraOg3@yrsL^O>! zpTNL@JVIHHX*ST+{fQgsbzSJ5owa3bttczg!sNq-LShJvjJ$n)|Isp*JD}}MzYf!0 z28Y<;8Y%n!FJ_Xo_BRRLe`)-)I>SgqN^J+#at178Tv(hW`m|aJti#gM($=k8TT^dn z!bJe~9d1)NT8+8jZRmtW3Pn(BvN}B*+ZuRN?P8Y`qN2~dK@>63(5Pr@7elFsRFJo^ z7kl4BG<)m3zGLt6lkfB{S#67vSFr4T9={jCqpwX-^Y)TPsBp^8Fn<0W>Y4=Ob1+Rz zO=aZe7As%HrSF=ww0U2K_S;?=GE)?3;_c%y7AtwUSej zVxI_$sHvru)e9-dY0qs;@Mb)F{@m#H?fKGeLR;uTJO7(g+}aPR!|>a4D=0OLAJ{Hp z+h*?1auN8wbZdWz`970vZ2q%Zv9QvdfaV826FzQnlI`1aPn%Rbin7&!8yz!8!5g%OT>13XAmu}p+K%}7Bc{OU^;luAx zQ-Y!bAv*^3z+6}N6!9O@COD+GRmH5HL(xDUj5)+c2-s~T59c0H)9ditL!AOuU}R`mSurE!{ZetWogHRB_P3q|AaKTD65GiS&oRadjx*FxTcU5<{YfZQa^b43O5jAHf zC-V`yK=*j_a&tfOhO&)UTjTtnZb{?D1N8L4j~-E)^{^ST6A106idDB?&ZVQ>vqycg zzSE+lMj;ARCxRA8>)9g~%k!NUfy_rsySk*r#PZ;(I(jq%0ZtTpQ%?^>m)kZent1{J z`6PzD0V`iTU=(XoPj7$S3>ZMx%E6%_`b%0`FX58S$;pAP22J+;-O=q?zm^XanhryB z^d3goTw#X;D*AdbVj&(eIym^s_3OifgL7b>UcY|*`xUV3P2P$Y_Y_v22}1n+?2ypV zyM1L_MWw*J#O^+I+S=M0@ljtt9=6$pORvDcNJ2LO;|8tdsHkXeaj{$N%M%b?c;etY zz#iamTfFBDDro^O9jqiIzP7fuO_Y>$4KRvTKHl>kt^lZtrucJCPTl&LQ;47@X(Hyk z9@RX$Bmes2tAc~@XTTz4tkr=Gp*idGxsskBYZuSnTFtB0;rr&@xBH_;Hq~EAulDq_ zf=5I}?eHCc8xKHkYN)Hb&NZuH95Dm|etw!ccbZ?Gu%X<^+Lol2Msk^_rEp36)M-8P@Xyv6 zL|aH9T#!~6-&y-4{B^5VAb~(~g6O#P(~AQ(LAcCakavoTq;Ma)Td6&{5E}OH?+39( z?RmdOa8rxI=k#`!-~WmvAab@uGBG54`MeWh{*` zU#Ns_}`c??Whpt$&BgQI8zy3(HXs~cZ_*8Ewx2z zGP(Kx&L#Mmo!bCFL7w>O(=$`C=KcR!;Psb)g5Zl(d8BZl|1-7?CLZ8{Uv+3{83!is>dv}FaIT~T>?(}d8 zh-1`3J!uV=HMn(qyf7HChQl@F#ft)9K|@1B(P^ML zfG$`(^xUcYJLS9@8o^uxiF6I=rASio0>BL@3F2L=#BB|FJ8?HXy*v^1 zPBe5Y4Gj%b)3JQ3e&EH^M3}rD!KKE+5)&w%_)ntvPe@1I=QO?{6~Ysmbe=xFtgcQP zy!jC%tzP#HS5c|k-=1T24;NjtKJbc{aSgm|Re*M%hSn~RqeqXvka1s!&WiK|zjRob z8Zu!}!TAdpaxycQ;pr(^`V|2Ykfawic8bzPJt&t;$dzGC%FF~PIVL7128$98Pi0HX zGk=TJvitt(ADr&qxihjfGXw~kVb+<8-Gwm}%`MxK-c3tS|GAcKe53vt3Zp}2rApnE zIr$IrAHXc^b>y4X%d=tGKp;ph!0ZNv*-4vmiGSSQKErT=gI0u{@gG4uC0ukTKl|P=)ItBeW{Gya8sdVJNo!-3VD+nFy28BP|r@gcskrbDJz&1w1yDS5(~D zm=POI_(_5Z^W%DYhYue-W_lr#8%Dc|9zA+V#)M+|zSCjS zdbHB=`=T>lo9qu7a!@v#}W4YYadZ3Kd7@a`yJp$#T)i!S#Rt~CC-hp4>oP*rR7BTJw1oM+($3w+$%3MW3dYUL`QxYDLi^b_b(;BxjF za#X$RL5ivZx6(l=tu-vJb>dT5Ld>@%TiXP<^6jrCQw0gX=mi>arN z1_u>hdwcZu$Uc^W=5%|+vo&Lz^&wb0bjAFKr!FZ=bUeD|SoQANQF_Vep7P<@wcXTh zEO%dycS)plN6`TtO6&6``X*d~N-CJcMj zyQjn(2UE+bY%|L+tb-0q!`0{5Q&~AQ`};fA)|H)eswo;GR(-^|JvvZ%b=;N=emA~` zpl4q4E7!kPjWPNpX;CS$kvp9>+P}^zFScpGzub`+ufmJU-p2^hznY$S`ZRRo_l1Q* znz_ljxzGIJ!#C8>=zzq&wz}F;@X4$pRu#k-MI*PcTye|Is}j?~rg{Sb-AQHZOu2{e zSiXR%1kSjSkPw(@g*39g{e}M~jj`6WUbrwJio+s_QVW&v6;)M6divuqgus9cBsmgK zHsXB7y->mH--D>L;LmB0wBzSfpB>E#BUW_xHQpe)2n*Yy00RI*4cMz_a9eXi@094Cx)~-xEgH8s@IQ0H>xa7P2A_J|7gG3Pi*(Vn|TXz7TtuKE1r* z?sbTYmbiOIbMKo#X|8rG6N2jz7gvF&Pc%v&k-O&GPq5QUJ51gL^I&@Z^y$sCFP=aD z7A>=Z&NL|f)SjhZzw*IoguKKS9$%8iDxstP&!*)eUR{=SHR)wBp(+V{_aLn}Q?>WT zZWfl#XH`Dkoe#%_QXh=5kyN#(Ty7e-({d|kDnc~twQ7Xe$K~_y-_HnEbKSDsK>@5| zH!`I3+IiE%^qNoKJ37v4KcPp2G*XPHPmrF@A)l(;u}?B?d#sFy?$0v^usn?empd4r zT-DpYndMXZ6!A>YbjR>MXDSYP0zvV~Iah(~oz|xbln-^_pVz0VYY62UJTqo@e)&%% z#nd^?o1*{^E5TYM4nQl0#Bf79I2Uqm7aa++vAq!eO^JK1R|VbIC66{$uyQ1SqWLW# z=zxB^u{O@)Z~wtcj#k{+Hisw7d;p@?_VfSBN&cajMXdklTmV5qbL(R;NqBg8Km^aV znE|eC`3q(@D=PgLa>lSf+WF6kKkk_DLv`?C-LbH!vwE3$$UMN52NqPgaRm<_=0eAt z)%3s@ZXQXizB1VK(Xl+N`)3}Dnq9`t18RpMr*7Z!F=QzIL;7$#v3D6>Zz&N{pZqf`{B zNKZfH@Yj6P4(}GTge@;Esc&d#3F+>c_xxD<_W>7eN~SLS2- z-qY&kNR*wqW@E3hFFm}Tp_qhW^l+x@ik+?lC_bq=4jH$XHEt{OW>G_+7G;TOgM0H+ z6;$^D;wp8m_Gvcqvl?g5Zeda3-3_-AQ5d!5&*p>#UetbQ6+mMP+GR4I{7=rW6|wyN zEK&}WXixzw`R5-exPt1nYizE=sOpTY73Td1pPXUWb?0h;UOy7j-}-A`YBQtn`1XY2 z;*)}csqyh;;Gh3?uim+{mzkLvFm?Ctt1#I-eLCG?l12*_MI8;y7+?^dJGw`9q9i*2 z8uWBFB3E+d12{OTb>5%}yKCSv94+xJNo*{MD!jAZW50gvhlnhR(-$0#7dku4!z82_ zl~h2=?A`kwPxIr)kFG8)c%8XA@~!l6`hkK%#m~=PB<~e$-@)F+YxA8Ts=$3b^72Bl z8iF>6(+&;}y1KEtt#SQZcI;q7=`NitXf$Vyh63+lQ01g}RJ=UG7nuV}Y+&nJ>&P~` z6U)JWQSzrhi9B(jwYRf~@{5VtV>)5(%FfE#&lNR+Aq#^)HV4SX zii)w0oKeK=@e)BcQo}W=a&f>cr)XE9j}sOy5Dy?x3*9%|x^pgScC7wDTzgtNB_)*8 z6hm|D+*`%jlC4(WW$MJ`u_2``IR`y+ zeEY>Y{XXwaED_(D!SqiL11x|aosJ)j17!h93YeBd+;Sfe&zV>i6j$gGDX*+#$$ov) zbdq5UiCB4_b}*5fzgaBg+-gd2%Q;JXW_nZYdb*tq2y3)50$FMYHFWsGOnlC5*6tiN zKlnU>a`^c_tTUaziJ}wRes340`fIj)HT=MC1dmU~!RA4?TvMo38}AIO8oir+gX6J= z+w$&RwqyELaR1{|BIwxxD+U5@#KsJvS0j7ti}@3Fk+>%_OQ;)Jj0)`?$wRL8-%jr)Rgue8ByXy01|T5aXv=yJ0~7=!JF= z!N)@U{QA2j+z{l}=krQ3p5O=x?~;;|>e4inG=tR)Tq6K$+JMZ2c!h`rW%j#Usvq)R z`7lIw$7Z{4xEdkS(%v4ySH@3uGmKeyjnHokhO;fEU~?+67O-! zD(UvztWsp9Kfb;#AxPsc?73J<7Q=wOafT@EG^@f+V(B4;h>nenIQ?!sC^|MUP(}$t z99H?R0djTM6fj%xq$jIqJ=(q}F6|8k!Q+52eZ&{>R0eOUHdX!jiqmAWd{D|r$16ZQ z+82i&FSFZQ(Lmks3T>NWIG<%~Vq#)!>^u=|D(*OWgC~URp{M88qgE@j8>HO2|LwAd zSwipggVyS$H?#;6phgErM>{e5Ogb)4NK{77SmwVPVYAZH|3w{CJ=sq|PVO{6wuH8< z(Sk3?!z>+8z%{ix?(g0C?FIc zd33ZZ>NEMzm;8S%V{c;17}2DM<_JSQv)V7Xj07X=IBBDL$&;=D?pT=Qm%>&5|LkG> ze|?D{9j&ictd&+!yhk5}D#l9xeIj%w>RoruzpKyKnrj6~7`t#;gK64IsxIqbbpTau1BirH^;x``(+U)6G|uN-GvAR(eJ zWbb)dAM#ys!r|NHH096>*@Q@CkOaIog#t`Cv@Uc zQ$u(|C)Jhcn^0*=t8f5K`V;ib@x)<$SzmBm8VuW!evb70mm7UMtIp3gg|t}Ry*oEK zxri?3Kn@vp28Ka676%6p7IlEG#yKT59yM2f4h%Gb1V?iVh+4d$A+Sr>R-wh)F&v*N zo~}m0%nd=N9me`;C9t&U>nV*UQ5Q~ghiOS$*0lqvlyLKW{L?f8d;{9qZ;krj=szG;oUoHS&fM0027bZ)qX+4v8CX^K;2aCkdbJg5e+6&R6H5P8qIekA#)1$* zOX6z(HYQ%k6+Lz=Ga+FZ+B^Kmf0cx$rmKTn-`kCoTJV6I9(kW!{6WEm!w(`R@7%n3 z^QSz(2$Ub9Fhm`kPm}9JL0X2)RP#2jez%{fYAKO!_Lj2W<$<6Fm-|GWy4V>-abA!vjqp~KsOAs zX3+?l{nM2A9hDOE-o59DzzA2|4vC7kK+q8oAoUQS$bFrbmWK0wmg#`h=ouO904C9) z=Z+(cI!Z{%lCUNInpe7cx5P8)oUE)B^iE1kOZylBV35upfsCO8Dt{L05>R~eyKC^l z7Ldv&Q04hZDusnS;J1!>KrM?zW%othn^#5#hb~=?Rk^CBhW2VRG)ExzF^ieMtbcql zQiJsm%+5f`8vr=f`_U0b%fOHWWCoT6BrBT82k|s2FEYT@fg>(~0~d$YpfeAomBw-l zVV}6KVh2(-eCSJwC96iq=rHyO4{pmWvg^2A{y$DT` zwgJKtBwUh2pI9f3WsF_}v@p1WXT?(PDA`XMQ{G@zEfzXDbOqLMk+1@kNt#ROJ!((F zVF=Qb_26?2@7(DCjs?Tki|q#Tl_Z)bCW14jy$w?SQuIL_7a$@shs!}x1m8(&@_n5~ z4poV03qa3xYmjCyI9277O9P~nRCeQ-ujvu6q3Yb?pvk0}3SE|_anQzfb@jo4f&7Ak zoLhcm9<<{2sa5qC0D)erHnpBh+IbJhq5#vbf`AL-S3idCB6MYlx(!x`B1Pl5q#dW@ zeS8$JUvEPzabJHwmMdC#fPK%C2v?psd>VxUqDE33m%c7~t;gKs&tob-u!{{G@5zP+*gNVJ2;q`6OOq7!TdeY1m84R z{6QgrHL**QnKYzE^1fCAv;sQCtFU4KKw_~w<0ung;a;cF6fm1;$|`MXv77wy3ByMm znBC|oTuA4wb-vd>aX(qBNtPJoRKCsoTKiQNUfLqs`*Bm3U*&RNdsk6mbiw+aA_IN@ zK?V9gq4h#i6f10MiCo;aJrqf2L8OELgSu zb%2;cxbgh2tFGhZ7K<7|ihb_>=er&~n$NkWOt}6~!_hfCu2}VT>!>49Amo9Czj8sjrI}J?JbY zHW4WJ$Yq9{1VMljZn8NJn0#qMbmaAA2peUKPQ%zJL7#yog%dQ(|ZK@t}cgi()?I&%c>xFdc;eKPCFMo-## z9Je$Zf_DF*@F)Yf{c_&ug@d$-X7~}GmH7AXok|~WMO-{Gr%SNpy=d&QEk>nBH922v zg1?SM2_XijifrGGb1WXsRztx6eC2xRus9iu`Ix;0^9ml1|L<)g_CBO>`k?))0lFv- z#BsvHBRxXBkuU}X-08)0=icQN<>lF*K3%@LG=rw-e1LWI=%C^?#mxN5(*ZjgD^C@9 zF$}a)P*6Gs1w*sEv~&Z~3x;k-4H%l_&SW2j_=CO96CV(Y!KKJpMXy%=U!8q-Jk<^V z{zr?9oHC=*NtvmPq_R30A(SE`H0%+Dk}|53RFtf&A|bLOO2a6!GD4gp5iPR_W&f^^ z?)$m#=l(v=_xJk!`r~=-mvYW$zQ=W4@9XV5Sq`HT-nGW0%nMNl_fgbW;`34eZ=5Ul zD7vt_a(G-g_OSAd(=U?_WBJhG#R`RsZc+V>A!{fqfPbNrQ#ysL7#c1c5TbN29T_Pp z6dK*%-}Ln~%5RX}bP9Z0a7pdk9*^j(FMwLb(0*X+x2LxaQX|%xx1fw6PenkEobKbz zgCSjfV>g|GHVGtJ01LGgGB>z9+8v4*3);bkVHEP2yEw5L8FcgJG1vzTVBT0A4uOkNhJ`X4}i5@ot=>9tP&O`r(bx8$Sh2hMPtJ5{D+x_UJ;w9 z_5ex(&>X<8EjkOzCK3T805n4;iNfHNdJNvpmBLrDvYZ37lUe{|0}X-a!U8_@;#t5iEly2GQ=e;JhpoK+Vm5_5clXs%XOo};-Udc zz<=B0*5cJ_=pDgu`}9bb?^L+SH?yn@pqRSmW}N&O@jNeh5e($2^Y z+q7@2vndD?vHQFIM{^O5 zsRwiIWIV27JnWd@56gnM`I;_K!X~-QiRTf|ai*_9%qMnNRcYIgH|nc+xVcS?)%g~} zDhG`KuaqgEQyX+HzzP~d8hFNVYf;$j^GZrjuWlHH_oRiPVV+G*G>@dwy!rD<*G*^x zxM_giNEHc6W(BX|ufW2PD<*&tV*0G2VH7!I06HQxxd^-kn2JVZLw$NJLQXpErhmk{ zJjd&%8PMOzuC0U6X*MyBR9wvF#3w(P#(!A5GL`fDvU^> zI^nvS_0#el$gEMOgm&>5JHgIh)U53xX$vpsEJ*98Sy7}aL_>}wu1m_`)x5iwmma(Q|jnZ(Sktv{jW6{W*IL=|=L zdCHa>naH@FmFNf|-f{z%gD&BfLmrAsm$x~e5LjVgOJbc>RTzxNd?562?|o;cV6Op` z7;sJj9%*E~%+^`}TYzL@F%!zm`@n0Y2LX>-iqcbz4!6DRRhi*>mm+QoY!08}r+D*a zyg_Qd)Iz__pa-CN7NwK3zd%*-kgiZZ&A(*Hp{G`4+Ca!PyVGcGZM~3+$n4u$dJ#<+ z%&edhQPa@qaeoYiAJqs%Wq5IZLPd@Fw{1H^p=B5q!6X+&bX`>yDc8!~38R6t^VwP+y7=Pm z!2Cm5R`x#NSTxC%)z!m8Loiv?)I84|cY1NlwX`Zp4K{cQ)0Qt9i#$#EE}G@@|B(FL8}T$o%y(0E#Kjko*9r3SiqP{< z{zxt=@;&^3WfWy!^O=!6k8j}%E_#}54VUu%#7qDG;yFO{)^>GNJQHwfI~u^+i-{$fW~Yg^|gZsG=N%K7jrKqrL$-_^Rv#atzIhe`2z)Sf*<~3 z>DJ>;uouH0SR{FQJ*ITxn}KlO{W&4_A`dS_A=)87rn&IHV`P}!F-l7^p#>mhvQS|} z{J^Chs?~KFkVQ77znz)#yt&y;g9X}J@9D{tB@%?w^T|tNPsT_cGtmAt6hdqq z9AwYS@qqcb2;T2ON2bX2($YuE0+&*$RA3sYkZ1w%@hiInjjx7BnlOBT(+VDAEkxv7D)^Is`0~X z>X&(;ubKfHArNE(OySI#GqeDlGYT;+)A*bmgXn3%5Q0k?GLd}T6_b}vc6kK7Y=<@G zk2iUN*V#EZaORjg#$!a5M3DM?^PM@>Xr8pC;=^9Af}2h$xy&C8C&Ub$tJ3O5MH;K~lp8S^g3!iCgIO;*?2H!XH6T`}0_%H9i0W2h zOk!uK&WH6hcz3aozoYbEvaNazlm(C7yN@A#!s)BDyc`y-&DD$cthYk4^m+FTsU(&G z;~&U{0qB8)N906q15ES2+^Aa6EZ43cQ8sbtC$MjA3Exd_T6v~Zz;#}fmM+6vgE|w| z$q{4T$|u$_+%x*Q`20LlvUn1XT1)%sij5I_bG%0KcvG*x%edge{VJ?y!IFl>&eKPA zy`8tGr(~_cX%Yuy4HUJ-&u-skDcRSOGZk#TDLK~rInM&dp7jS0KQ0{2KIZoGXaCmH zvbH$~9zE7vmp2sj>{lMqv1RR+FHLL?V_ljHeLLr*K-ev%qVFetg^f>jcp<@&-6@lf zG(_wQD|;taQy>yF>3Bv({?(4MeWuk>!~{8a6nj}c`|yzgpM!EaXHvNCYCp?7y7;EY(st6)faO|92yH)G@y3eZjqlFI zTjy-xvSuG44~6L9SG0Zh;p1XPNb3Cfc^pa`(k*z)6;cmRo)#wb5*9jqGUow-?zaG< zcV0fe3+K;|^rsE~SVLT2jc5Xb`q)A9zBh6n9_adD(vDsvVmtybSakH=CWrGB+}#_{ z4^l`EOsGa2&(;!|+K-v`@|&NL_Aa+A*q4&WL&nCEO0naL|D!zfFJ$uL`8e1Ga6qeh zPOz}}aoA7>{5sK>KWl7bdcj=;#tvDGnNRC|uT4LK`(?p3o0^If#T!Xq)7$mG07(7% z1z7MDdRu=Js1I{`W>B1&wRr#lg4_CDiSW(LJK77kC(bz4b#xs3QwvbU!7A*{8Q>Z=g=8L<80)RCm`m?^X?W7h>o^K{bPuK(qiBX{0i-`B z(l8(GDHQbx>CJX>0GA_peV`#lg^<(@CjsPTSQ$WeGTSc-bd~ASErXuA?5wm@zr0Ap z{@}?;^V%$Sg0IZHPL&I_F29^zFol-IaFmP2Q3Hw7KAK^L_zZlZOtKIT=5SRbHL9qm z4~$ERUCNUJu5t1;wb%iY>5G>x4ULW(rS64VZ=+kpOWEvxu(=4-!29;5H31ZbU*>$@ zT}*y#!DrE~fJjqUKTlaDCzm@gr)aFk1y#s)8jY-L;P>DC0+|qcT9D|Z&7AJLgT~vy z0L)=ai}Lip6C%Xna;O!(RSeAaQEMXb^VD}R??NBj>Jct$mgAbT} z*FRI5OBjRFCsjlhHB;@zKLErRO@3MrCpbC04QLjYo;5A7SRYg>dTq`-v@L_*0(y|K zkWV9yY;5cu!G9b-vom4d!HXn_ZEM3!Tk&3_g%uRw z-1fZwiz`64@L0O$9+>imh=4?Yh1wKk2jkT8d(5@xRk?zF8UQ6ixMa~C4j~qmj@B)1 zdiW0b2@!zYkb5C6z|J8``mn$71S^$psJ;!Kc~BV=6Jwi!2mmf=O%4EK;8zEsRGZ;v z(22-E$vxsku{?UA-s$_d6w|bm#xXK<^Ns20(~2hYU%)#>NcjASnqk+s^?7=yChCzH zN^=XS=DuD!m0Fm>skTIJof5swwi z#&Vd;#%PUQ#t)dUdtZST*)R0=B81j!Ssv3Xvmq?c6+}w%M#_NP(|q?op}e6*$<+)J5p#iYs?t z=x`mXU_9rKi~jR)@aZcm@RirH@|dq@Z1=MXVA3e*4wV!uziiPYO6YN3LK^I!p_ z%aSd8G$536%F5HJcW$CT>w(`HiMU0)`CeMx{zx7`+tF>8hMEc-6LK)C0>P)&?=f(SlraR(`YA$ zhdg6q99#%c?L5o}DENfb9w4#;KAiYg^e|-# zD5!|2=tKKPsI{fRm5}b}!wKqBo9Y8*;XkwzXau|t#X#Z2C9)If>zPXZ60O~qy`KK6 z#+)V}{=Dz=(_dB0EgkNGrkJ^gV-I|(}!?BPtd$?44oY~nyxHGNICretJAzspKRZAqt) z__pU@!r0WNwgAeijT=2aR$Obyy(r(<*a(Fjnt?7%rkUjO_^F|gBej8Fxc`QAhKChS zF^Z-=W~RMMWN<4GrNq~+W#{CK+vIXnz5jYdgfdz^(ZcWPn73lP^ z+;nFqSx{U;qN=X$`e?{Sc??A%Ym?%AllwL%xeHwlJ-D)M5(=9i84DDelmnb43zse|rC%0XqrhF#H~@LY$R zWoTR+?)FXeydR#QhprLyCFn=AN77KBgPVt6Bw{}F_+dR<)rUht~?GG(#o0|XS9i+SB;G$ zDbMTbzTw&dpRTX3H`t0^8&h6OXxPjEn%5Z;JKwRFmOCFJJdCSMe&9rN3CMv=v+&CV zQap~%$8g`i6DTbKmfx-qtC55?hJkm(3T>1eWWwMe?m7@nek>z_);THOh=po?%@>y!**a+-5U{n* zz5um>PC#iu0s^~sy%KbJnvJTQO2^D4)&Si<@a!ylQUJS8aco%yqb<0r_%%ou5Q?y} zWegYcFzbpkR_o*-WGT^-%A{GrhQ0fnf#qlTP{&89b5C8=MUxeg+2~* zQzMKzP9D~?#@j9tF0pZAQ~mNYmqQzWl%W8t-59&|dTZp&vNmtI<<`mzE8VlIoz$L( z1`}IJ_!RX5vG&jlSL4Zb+ie7vW<7BjJ0lZEw>l*CLvZn>lS`I#Q0C>?X(MgQ_(&aS z0chumh8wQPdGC7>3k<>#+iQ`Lo&s?}z{JLp(9h%>i#Z>(t@sxWdwkhH9kF?^p6&^p z7-ANTxlBTxl7%-P=QlGJHzQsX@*dp6XH2YzXqa%au-qeAl?J3bR;oNkNIiOuQa_Pi z0y#MiIC>W~mTS?`Ey#!6H;*<>e8k?D&EUWfGS4CU$}hbfK`p>!T%L!MNYn6KvV_QA zfNDYPe!fxufV!L9(r&FCaEouKsc7)v#DDugYr;X@(T!>TB}&!3sdy4a585QjwQHf5 zOVm!%MhOkP3l5(yz7wrvgVPWi%-;0y^M*mnZ4{X;iHq?m=m0(TNxv8Mh@e3XgB&JyF3HQ53{TvdOvZ`m|&6R|~T9 zubmK-?6)!ZL80Z!;{Q zg+v!8iR;Wn?3#li{i~)1hx@n=FT204#3yQny0=nK6C=7ZHaDryAg0+Pa=fK%Lu{f` zYkIoA!Gl>xoLlVsJ~|ghct~vx?%UEQ;N+?F>htcLow!v^LLAJ*t5SsvOn$l*!j@@o zc1pd7M{(GEL%90U60s*~=W}}R^?nec2Y#vOiRmcqU;T0TskHLG$OH9P z143u4f>jm}s<;{*tOCB4D#Bn_xJd?t&nTV}G!x=>kMNuO$l*-v_60F-@nJhK3F z#~RcLt*vHB26=dH2hstj{8Jm?`YS3DR7{^Hnu7Be=0{u^O{WWNEm2d&I+Xa`m0}p#5D`bBi_&(mCqILT+}WKd=Z2JQWFZZ zU<>j8rKk1*9PDocEX1_!;15oNMYboi%Nb_RPjp=Le9!N6_Dj&)tLp8xo0VJw=kn+! z#mB4OX))B< z#h|4Q?8B466PcQ~?ptR|z3cXg(&56Ka%JdO|GhPB8-{uBcQvE^nb$#x$p!tLX?;-z zNX00vY0C}Rm>^egdz@CyU_6Ax2g4;CH4X{Rpwv3^MCuPp@V+P-<=q z2nClA5g`u^h%0jJ%w8a;v+66Hu}9SIQ5Xy2}bNb7zl{0x8HYq za)uy8)xw{0px$?=9`m{2KkCsxG*{>C_vWELFz0C4$c818dK=gvz-98($&=ogEZxf`ng%C6P8z)yxF8B)#b;Eff z3v^_&>0Ic+h9|K3tsoG=z-aZdQh_Qor0x-gBPf6wz?G=Zn(sANg-arp0Qw=RMhwfI z#+B2(XMQglpb7UcW-)<7J`{bsG*|dDT+dN}RY_Qm0x93@Obdn3@*CuffRJ)c`yt%{ z{|h~-Gzk3UzPTOGe^YcPK!8D|34UF1)v7~Kd7|JGF){%VlLkB+9V4C+$d(~iXQe`n z02c8L+86jN904{3U;zjWW@R8lt0i#~B&*t(O%RYmZHDv zc1O2ZrUT0KIDQwF8(UmE{EX7D6yp?n06Y%;pFi`$kH*L-B0QXD`Eqk3qfy9nY^|)I zTY(QuKMb(L2889XFNm}Zf{GeGDn?lr%XxU#(Ek(MxP&oBei*i^@Ss-0h!l>B1u8Gn zg$LcEt+n;i6$ePw3IrIk0{{utGNc&rQiiQ}%mAl24;eR+P%=C&Xcpvg8zvDus_QyS%gR`(P+EFy z!AV6>Iss`Rqr+qZ(}+I?2QLN&zV3EM$&HE^%kjJ**1{^DU=TXy=1LG?Zr=+2(igjG zu*ye2R$;M_P*#%zWax=xIeTOMc?$G|y4h2HhtN-c{`3h#U2#!STRd>+h0)`n27$S& z5sWQzcR~%p{_%J1Nd>eS!|>a7sN&cwE8uqVRP&S;6e3V>OR(gH}C%ZZ{1a}<+UG@(5HRXCMbURl{9i}CGE z_I4JCpV7UO<^*8USg6p-Cv9?Qdz?pE1(|LZ1KMk?x(;JlX5SKpd~Az2#){gXoX9#N zDmXSGf2(rz{^_Xux2+z^S~EVBwSvh4zL3-n{gckAm0P#AdTMp=LZNlXBI|k;C!K;e zjuiA#62R_~bT3*pMeym=(nPJ$VJ~kCXjo*CZ37w|a(vxB+pDIfODv*It4eQe%fg1| zD6=K*6+Rf$+;L=Jy3qT=n?zZ^Wl?c2(CAbEQN~LlBP$CBf55}oP$$l@d9Ae@rY}~} zQy`4SRQ0W?goFe@r6m=m1zsadXemuSKsiG~me})9)lQxq14s{e6~p+U5fRPMIEu8+ z^;-hZvD!#!Vf4f+SFQw8#zJ<(hC)%P*pwHYa`$c(wn^01%2$(XAxQuS4&2~OQ){U! zR~9F?T@e4RL_9d3!RByr5!+3@ioy-{KY_9c*N+pH z#vocj;Gu<$UPDK(e2((GyxbOmBdFd6Q#4aG(NpdEUjf6?DS#uOdfJqJ>_2FSG#j0^ z#xK)}SWE7iLO()|^r3z8Lgfm2)8`P6lQ{{dKrn z9N`1d7$hr4^kO0wO{g1YW}u*PlV(51h|~z|b+lGuUooME9~pu=!405Z-eYPiz|Ec5 z9NKr?=1EER?H>sBjxmbg=Ti2 zp26`$FMj2HbTp@Iy2SK6WUU_5(@+GH9xjNr@$vCkO#>(|9mXEeuQqU6lX*l)`6+hi zL9ek!Cn6V&9O4F&w1*%<_imV-q2r3Lx5G#_4?n*cJ@`nn&mRr%3pBhp-?(*$+1N*y zuXrX+R9r?sUE99h?An9ZdRC9;I)`L!6v+M8J2n~~<6?M!RB8eP12m%rHWlr4mU`%=wo`LJ-g!2`xzS@{bfq#;ah&v~}< zHG}pjY*{ZO>5a-9>$~q2EJvz71vQz+-})w7GFNeY>3&C77KGMuaXNH(jH4 zAmUJ5@h7E0#qx_3zhfk^C{uR(BU8LIdOQhZ6`))N`Q|+@xxUjSwHTGvFh#mT(o`Bi`d!2L_k--$A1MEmm4G?(Br{) z{53{AFQad@2iO|Jo2r{tzWGy5! z?@d8?`r8L-V2Tm|+x#wYL^hQ*ZFP|<9=k2s_GxTjJt=+kMWZoS++wL7!44TR$?V2h z=kDE9I)*eeo)klj9RuetoHT?GgJ|OI!7dGtqoqcegFqclTCKVEvWLsqPq|->e=zv_ zYD!Z5WigU8G*l{i^MQ5!((H>93lzdZD*`k{g@NcTShbMUq%K|h7F8b=XD!j@a)!?OAteX20Mii78x0tn=1!BVD|{{ zc1T2Y8ewo!W;rvy4{8!Hq5?*z0Y{^9z_9PGZ=TteyPbAgh>CB`{z`=LMramBSn{%j zqzA`{S`6lfdtLC~?8_u?(oU3DRadWFw{8&|TW{;bEDAZa@;`t?d+7oTWONSAGu$2U z4Pd2W3k%jzgL}ZrMie>ZPH=D$(1Liml=jDr!kW8xC9dZ3IUm1f?^C=%m;K3c?;`jj z=%HZiuXEHHLSyLAFvJ755k<6{R5j>eP((t7@fz0y_#HqwNHqJ}ivViF!;-3o-DeuN zF~qS5&l~hS&}GmmFs~bV|23PBN6;;ky6XWc2$*lxIkP8F7a=a{c-8eMP7j| z!p$!`BX>-`$#MY#kdo!Ge4d5hyN&KI8kZ`#;Zue8^cw$e&DLyMSaBt4pW^c8Q4dwpV zJ%(St-OAWu<{&E5cBYT(R^oP5`@WwepIZ-cE%WkR)va@EV1K6bdI{}}!8X~r;cbZW z>rS5o;g(JgBiQLz{u=%;gqhy`ga?bfCY%i_IIoFy%*lWBb}1>!c#f5Us=IM}h>sUA zlyGk$E_P1EYZwlVmvE{m0^ql|?*~RSp`Xn3n851MGyAy?z%ato z4NPf4W#iQ9OI7Q7Vyl9R@W1ISWi1*WY+YtIM=b%$d(Yy}xR{aXz5!9=rKy4?$@QYi zB)vP3G-9arB~)oW>o77<*(O zq^Fab0F*|k>KAfy>T799ul@Y(TNWNrtQkS|f~1V5tM|#bLN3~HPm?3w2wDJ0;=6nA zq7`g%K8xBy}+LLt!!?nQ-9Blk13DpSM0~Hh$py-k; z$ST3qkG9fgyi)(xZ5CHI-Eh4OHp||t;C+MS=toCq)V>oCy3qn)Ei%(*s}gEKZY{nE zm7Bj&{r}d4l*m9L=Y^p)Aw|#N&`?=ut1%Tqt|rClk|QS2$@z|?Spv0o2?byacD0rK#B|JhlN_}yhOLc_#$+pa zg5j&JA8H?|^L|+AVR(GXS+gr!c2KS1dg+608MiiSy2PHtWNISHtrpb-2jb;+qw>3N ztM6unvFu9}bOZ^&=>7R1`$40K$%iCg?St?3=qs(6`T;ELesZdMt?_qElxb@{11@nBYT8={^nVCF3ygmYJ-t^!bb~l=4MA$@)6#|%EOv6B9oQm)JdzVU*5)%VKUW4kx zA6Ql?DVehz1?~b1N2S5bA7ahs@xw+spXi}D)so=o(Tq?>d@|`^1sOY1Bxo`Sj!;)X z&IG3N(XD)Wz#7;Vk7o|pSkUFmIQI9LlR<99R=k}>`@pKvDTp^d=!G#4MzRHu-I5af zK%Jkb!1o5%8L5to2B9{_9b(1`C5_U>uto`g#KrCF6JDUX6v#W_wE90NRO5ke#N5wx zJF@tI>T1?}qHMeCf+2p+TSq?8-2}ihqMsz)k}&r`QtySQH)G`zrb0NR+5s+ruEgBh z5BQ3aEfQQcaB0zH#QoBMs?Z2827+rY)Oe&V!uxmV6)-VKRr{?Py$Pci@x@zF0*QZf zteseAn)?;t8jK9iY1}3^l(8G~Udgkn41tOjj7@d*PT+G8F5v1hVAL1ual?&_8w-ut zFC^hc>iL8V5zMJ+A<8DFUQ@q2XD?i&qBiq8JU zs_&uY3gos9KYMi55cm|b+sm<;&y2dU&C;ou-! zgS$^hNTNzhKYc$zB%!5wnI((E{d1a+$iIi_4(HYbz!zKPS%@6e3*>2J*7#pbskv=M zxU!VZo*%7J*it7MgMM-{P1<8j#J=ZHbN=!De|+8Sk;m`)eR1OFaaYXoBe@5^z@u2c zE9Z}^`rpnCI%**HqV&F^z1=d&ASpRnpbp*= zFePB809bYa->JdETF2) z&CTtONo36akrvSC0-z{=eCWj`k%75HMcC~4K>_(V-`nwDq2J=!i3}wA**V5s(+tdK zVoVL?H~=QNzU`H00?=`uf;2hp%)y-2-pU^%K(UhooTyB(RaXFqN3s# zqVb{?iu_Q=NZHi&FCf%WJo>R=?9Yjj+4fJZI*hIP*Dnf{q8}ZgvnR7i9V_e)Q63B6#RMcjtH}~KSg}{l9WAK~P z01RR16rjWqzR2fVVp77yL|jUQ{@s zc}G5)CLAPEbf96b^q-@5<=ksl3|Ydm?N6*R3(c~a*p9R&tPo?EG4v{jjilJf?t zfld{*5|xe#7udgRC*gaLi|g>tVBI^WDv@HK5D~|>1_rX*XAcb>gL4>c#;{9qg^JHp zOfcXr#?2E562Wdo+(=XnpdL`9MM@t=dF-)OoUQ;p{ezpMrMCtWB@EJ zAfv-aK&O^|_pSi^&e}9EVuuZXd9c3TcDw#GDqsM7s0q+Lkm7H+#gJ}kmXn=)&?HTQ zJ!tr)E3C^#Tt#B~S57osZz(xHUF6t9|9}SrLuD0=7S;wC$`1 z4;v9bZz$g-uqd2Kb#iOUnp|kxjrMOqGGQaMcRkE3j@5>@i#Zu&U7^aKO*{jFbFEa- zekshe6)GOn64ge~9MeUZpN+VT(zxT9RU&oPDGxJmZ7h^0!ZeV9p=RE1)+Lk|9P^~e zrJX9@%}ywgGv#Ck+NZjUjrc3?l2QApfMp3mWS%)%NE9FJ+j3U0D2fQ%uGe)M+Urw& zo-9F?&xhn>h^p0BC(4GslrAz8$AE>s&M?~q^Gdkk;=Kk*if2vpL>2d24}QNTDSIV! z);nCo*9l7EPM}7DB^k<6)RMW_>5eD|s9EVKHtkMz9u*ekAIkDyeWYMtkBD8yj$yF1 zgsa5wOtVt>-_b1Q(JvRR7zYXM1HZ+w#7ApL?+{@CcK`{)6bz}}-R!v8mEE*=3p+7e zkf3-N$^rj`H(0w7cNO8`@L^Ngby6umwYx5i=Qv+L3qMOX;|i!A2ZrK4JvjzTm%j$L z%U&3mfI7*W-2mEhy#mAz+(py%!Yyzkq#R*F=AJQR|@dTdJ({N5QS>~Oxu>z zyMZ`QrrwXGskp_(sm8l4B~eFR+eGl$w3febQPf^QT)0P;V%~?5i~muIy(Gsk`7}Ne z#2fnWawC5O`7!)|l}3;~xE{1J{{6F+DiCv%S_{&{fJ6=cEIQbPOIQi{KSntD0B8~X z_mTg*sQAue9%wVjLV-`ipN9wpI7tj)r`+$a{7*GX{sswVV)hvDeW+;2?^{EnxX>u< z&)f%TZRXHizwNkF$De0yAx!R*vqU6vS0P9q6FDTh`9qxtagU0tI5`ZRgBU9UG5+or z)LVZYc?J2i-$$1`dp5JBMsT7pT`C$ggR zD_@2Cf!cU>i_ZV||LMHy9l0`qb0c0EBQRmghIQ}n|DQ9>yzOn;V4XYZ?F-*Hbv?CA I+JUqG2g88IzyJUM literal 0 HcmV?d00001 From dc276e2c6831fdde66b4a103dcd45f95eb596172 Mon Sep 17 00:00:00 2001 From: am Date: Thu, 28 Jan 2021 17:54:55 +0100 Subject: [PATCH 02/36] ajout de config.php --- roles/docker-nextcloud/files/config.php | 47 +++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 roles/docker-nextcloud/files/config.php diff --git a/roles/docker-nextcloud/files/config.php b/roles/docker-nextcloud/files/config.php new file mode 100644 index 0000000..ee6ca8f --- /dev/null +++ b/roles/docker-nextcloud/files/config.php @@ -0,0 +1,47 @@ + '/', + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'apps_paths' => + array ( + 0 => + array ( + 'path' => '/var/www/html/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => + array ( + 'path' => '/var/www/html/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), + 'instanceid' => 'ocvc4q2htemf', + 'passwordsalt' => 'stdJZMx4C5hz85Kqt8XdZIzx8kVOHI', + 'secret' => 'II1BBgzlx70WUYCapAt/m/Bt1ZEk/n11n0DVq3zynyU8F/bU', + 'trusted_domains' => + array ( + 0 => '172.16.0.7:5678', + 1 => '172.16.0.7:8080', + 2 => 's-mess', + 3 => 's-mess.gsb.lan', + 4 => 'localhost:8080', + ), + 'trusted_proxies' => ['172.16.0.7'], + 'overwriteprotocol' => 'http', + 'overwritehost' => '172.16.0.7:8080', + 'proxy' => '172.16.0.7:8080', + 'datadirectory' => '/var/www/html/data', + 'dbtype' => 'mysql', + 'version' => '20.0.6.1', + 'overwrite.cli.url' => 'http://172.16.0.7:5678', + 'dbname' => 'nextcloud', + 'dbhost' => 'db', + 'dbport' => '', + 'dbtableprefix' => 'oc_', + 'mysql.utf8mb4' => true, + 'dbuser' => 'nextcloud', + 'dbpassword' => 'root', + 'installed' => true, +); From 290e2866fe6a32965a7d0616685a55834ef81644 Mon Sep 17 00:00:00 2001 From: Theo Vallet Date: Mon, 1 Feb 2021 09:35:18 +0100 Subject: [PATCH 03/36] ajout permitrootlogin --- r-vp2.yml | 1 + roles/ssh-root-access/tasks/main.yml | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 roles/ssh-root-access/tasks/main.yml diff --git a/r-vp2.yml b/r-vp2.yml index b03d553..a3522e9 100644 --- a/r-vp2.yml +++ b/r-vp2.yml @@ -13,6 +13,7 @@ - goss - dhcp-ag - dns-agence + - ssh-root-access - snmp-agent - vpn-stg-l # - x509-l diff --git a/roles/ssh-root-access/tasks/main.yml b/roles/ssh-root-access/tasks/main.yml new file mode 100644 index 0000000..a77345b --- /dev/null +++ b/roles/ssh-root-access/tasks/main.yml @@ -0,0 +1,7 @@ +- name: Activation acces ssh root pour vp-1 (certificat) + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^PermitRootLogin" + line: "PermitRootLogin yes" + state: present + From afdd827df376adc69076386ac4e7ee9b88699a26 Mon Sep 17 00:00:00 2001 From: am Date: Mon, 1 Feb 2021 09:40:04 +0100 Subject: [PATCH 04/36] ajout du proxy inverse --- .../docker-nextcloud/files/docker-compose.yml | 2 ++ roles/docker-nextcloud/files/proxy | 2 +- roles/docker-nextcloud/tasks/main.yml | 30 +++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/roles/docker-nextcloud/files/docker-compose.yml b/roles/docker-nextcloud/files/docker-compose.yml index dda2ca6..99dc4fd 100755 --- a/roles/docker-nextcloud/files/docker-compose.yml +++ b/roles/docker-nextcloud/files/docker-compose.yml @@ -16,6 +16,7 @@ services: - MYSQL_PASSWORD=root - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud + TZ: Europe/Paris app: image: nextcloud @@ -31,3 +32,4 @@ services: - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_HOST=db + TZ: Europe/Paris diff --git a/roles/docker-nextcloud/files/proxy b/roles/docker-nextcloud/files/proxy index 2f34477..534e71e 100644 --- a/roles/docker-nextcloud/files/proxy +++ b/roles/docker-nextcloud/files/proxy @@ -24,7 +24,7 @@ server { location / { proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:5678; proxy_connect_timeout 900; proxy_send_timeout 900; diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index cc5bd3f..117363c 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -29,3 +29,33 @@ shell: docker-compose up -d args: chdir: /root/nextcloud + +- name: Installation de Nginx + package: + name: nginx + state: present + +- name: Copie de /etc/nginx/site-availables/proxy + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/proxy + dest: /etc/nginx/sites-available + +- name: Supression de /etc/nginx/sites-enabled/default + file: + path: /etc/nginx/sites-enabled/default + state: absent + +- name: Creation de lien symbolique avec /etc/nginx/sites-available/proxy dans /etc/nginx/sites-enabled/proxy + shell: ln -s /etc/nginx/sites-availables/proxy proxy + args: + chdir: /etc/nginx/sites-enabled + +- name: Redemmarage de Nginx + service: + name: nginx + state: restarted + +- name: Copie de config.php dans /root/nextcloud/nextcloud/config + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/config.php + dest: /root/nextcloud/nextcloud/config From a76aa215d389ce6c27517d53fe10f586040b02f1 Mon Sep 17 00:00:00 2001 From: am Date: Mon, 1 Feb 2021 11:02:16 +0100 Subject: [PATCH 05/36] modif main.yml --- roles/docker-nextcloud/tasks/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index 117363c..f76e75f 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -46,9 +46,10 @@ state: absent - name: Creation de lien symbolique avec /etc/nginx/sites-available/proxy dans /etc/nginx/sites-enabled/proxy - shell: ln -s /etc/nginx/sites-availables/proxy proxy - args: - chdir: /etc/nginx/sites-enabled + file: + src: /etc/nginx/sites-available/proxy + dest: /etc/nginx/sites-enabled + state: link - name: Redemmarage de Nginx service: From 20f8fcccbe6a17e70d103a15f68b8c6a1d940128 Mon Sep 17 00:00:00 2001 From: bb Date: Mon, 1 Feb 2021 11:16:02 +0100 Subject: [PATCH 06/36] =?UTF-8?q?X509=20install=20en=20priorit=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp1.yml | 4 ++-- r-vp2.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/r-vp1.yml b/r-vp1.yml index f764b6a..21475e4 100644 --- a/r-vp1.yml +++ b/r-vp1.yml @@ -12,8 +12,8 @@ - base - goss - snmp-agent - - vpn-stg-r -# - x509-r +# - vpn-stg-r + - x509-r # - firewall-vpn-r - ssh-cli - syslog-cli diff --git a/r-vp2.yml b/r-vp2.yml index a3522e9..bf1cfbe 100644 --- a/r-vp2.yml +++ b/r-vp2.yml @@ -15,8 +15,8 @@ - dns-agence - ssh-root-access - snmp-agent - - vpn-stg-l -# - x509-l +# - vpn-stg-l + - x509-l # - firewall-vpn-l - ssh-cli - syslog-cli From 8e602c15a6b0f45b1abd8ebe7cc791fe9605b1ec Mon Sep 17 00:00:00 2001 From: am Date: Mon, 1 Feb 2021 11:32:56 +0100 Subject: [PATCH 07/36] modif main.yml et docker compose --- proxy | 1 + roles/docker-nextcloud/files/docker-compose.yml | 4 ++-- roles/docker-nextcloud/tasks/main.yml | 4 +++- 3 files changed, 6 insertions(+), 3 deletions(-) create mode 120000 proxy diff --git a/proxy b/proxy new file mode 120000 index 0000000..3f32243 --- /dev/null +++ b/proxy @@ -0,0 +1 @@ +/etc/nginx/sites-availables/proxy \ No newline at end of file diff --git a/roles/docker-nextcloud/files/docker-compose.yml b/roles/docker-nextcloud/files/docker-compose.yml index 99dc4fd..1278464 100755 --- a/roles/docker-nextcloud/files/docker-compose.yml +++ b/roles/docker-nextcloud/files/docker-compose.yml @@ -16,7 +16,7 @@ services: - MYSQL_PASSWORD=root - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - TZ: Europe/Paris + - TZ=Europe/Paris app: image: nextcloud @@ -32,4 +32,4 @@ services: - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_HOST=db - TZ: Europe/Paris + - TZ=Europe/Paris diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index f76e75f..32fef39 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -48,7 +48,9 @@ - name: Creation de lien symbolique avec /etc/nginx/sites-available/proxy dans /etc/nginx/sites-enabled/proxy file: src: /etc/nginx/sites-available/proxy - dest: /etc/nginx/sites-enabled + dest: /etc/nginx/sites-enabled/proxy + owner: root + group: root state: link - name: Redemmarage de Nginx From b04bbbe7d1d0bbd5e9afb835eec9fc8758ae208b Mon Sep 17 00:00:00 2001 From: bb Date: Mon, 1 Feb 2021 11:49:54 +0100 Subject: [PATCH 08/36] =?UTF-8?q?secret=20partag=C3=A9=20install=20en=20pr?= =?UTF-8?q?iorit=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp1.yml | 4 ++-- r-vp2.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/r-vp1.yml b/r-vp1.yml index 21475e4..f764b6a 100644 --- a/r-vp1.yml +++ b/r-vp1.yml @@ -12,8 +12,8 @@ - base - goss - snmp-agent -# - vpn-stg-r - - x509-r + - vpn-stg-r +# - x509-r # - firewall-vpn-r - ssh-cli - syslog-cli diff --git a/r-vp2.yml b/r-vp2.yml index bf1cfbe..a3522e9 100644 --- a/r-vp2.yml +++ b/r-vp2.yml @@ -15,8 +15,8 @@ - dns-agence - ssh-root-access - snmp-agent -# - vpn-stg-l - - x509-l + - vpn-stg-l +# - x509-l # - firewall-vpn-l - ssh-cli - syslog-cli From b8c681c4bb952a440ef97be115714a3554d0660d Mon Sep 17 00:00:00 2001 From: am Date: Mon, 29 Mar 2021 11:03:36 +0200 Subject: [PATCH 09/36] ajout de s-nxec et s-docker --- roles/dns-master/files/db.gsb.lan | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/dns-master/files/db.gsb.lan b/roles/dns-master/files/db.gsb.lan index 0dbcd49..a6362c0 100644 --- a/roles/dns-master/files/db.gsb.lan +++ b/roles/dns-master/files/db.gsb.lan @@ -21,6 +21,8 @@ s-proxy IN A 172.16.0.2 s-appli IN A 172.16.0.3 s-win IN A 172.16.0.6 s-mess IN A 172.16.0.7 +s-nxec IN A 172.16.0.7 +s-docker IN A 172.16.0.7 s-mon IN A 172.16.0.8 s-itil IN A 172.16.0.9 r-int IN A 172.16.0.254 From 74e723896c7310dfe7f0a6b48d86698201d4b7f0 Mon Sep 17 00:00:00 2001 From: gadmin Date: Mon, 29 Mar 2021 11:26:16 +0200 Subject: [PATCH 10/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/files/ferm.conf'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/files/ferm.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/firewall-vpn-l/files/ferm.conf b/roles/firewall-vpn-l/files/ferm.conf index 60550bb..1009efc 100644 --- a/roles/firewall-vpn-l/files/ferm.conf +++ b/roles/firewall-vpn-l/files/ferm.conf @@ -7,9 +7,9 @@ @def $DEV_VPN = enp0s8; @def $DEV_EXT = enp0s9; -@def $NET_ADM=192.168.99.0/24; -@def $NET_VPN=192.168.0.0/24; -@def $NET_EXT=192.168.1.0/30; +@def $NET_ADM=192.168.99.102/24; +@def $NET_VPN=172.16.128.254/24; +@def $NET_EXT=192.168.0.52/30; table filter { chain INPUT { From 84c2e68cc86cbc7842464e9c69bd8e7e807fb4a1 Mon Sep 17 00:00:00 2001 From: gadmin Date: Mon, 29 Mar 2021 11:26:44 +0200 Subject: [PATCH 11/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/files/ferm.conf'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/files/ferm.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/firewall-vpn-r/files/ferm.conf b/roles/firewall-vpn-r/files/ferm.conf index 45ed360..c9e47d6 100644 --- a/roles/firewall-vpn-r/files/ferm.conf +++ b/roles/firewall-vpn-r/files/ferm.conf @@ -7,9 +7,9 @@ @def $DEV_VPN = enp0s8; @def $DEV_EXT = enp0s9; -@def $NET_ADM=192.168.99.0/24; -@def $NET_VPN=192.168.0.0/24; -@def $NET_EXT=192.168.1.0/30; +@def $NET_ADM=192.168.99.112/24; +@def $NET_VPN=192.168.0.51/24; +@def $NET_EXT=192.168.1.2/30; table filter { chain INPUT { From 1943b172d3f0c813708e7bcc1dcd5f54de63bebc Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 13:45:15 +0200 Subject: [PATCH 12/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'r-vp1.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp1.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/r-vp1.yml b/r-vp1.yml index f764b6a..55e67f7 100644 --- a/r-vp1.yml +++ b/r-vp1.yml @@ -12,9 +12,9 @@ - base - goss - snmp-agent - - vpn-stg-r -# - x509-r -# - firewall-vpn-r +# - vpn-stg-r + - x509-r + - firewall-vpn-r - ssh-cli - syslog-cli - post From 699ddddaba34e63a06e46fee11edb4a00288f235 Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 13:45:43 +0200 Subject: [PATCH 13/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'r-vp2.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp2.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/r-vp2.yml b/r-vp2.yml index a3522e9..08ea1af 100644 --- a/r-vp2.yml +++ b/r-vp2.yml @@ -15,9 +15,9 @@ - dns-agence - ssh-root-access - snmp-agent - - vpn-stg-l -# - x509-l -# - firewall-vpn-l +# - vpn-stg-l + - x509-l + - firewall-vpn-l - ssh-cli - syslog-cli - post From a0a8ec62bdd0093816c088ad6b785a7425b1c259 Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 14:16:09 +0200 Subject: [PATCH 14/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'r-vp1.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/r-vp1.yml b/r-vp1.yml index 55e67f7..21475e4 100644 --- a/r-vp1.yml +++ b/r-vp1.yml @@ -14,7 +14,7 @@ - snmp-agent # - vpn-stg-r - x509-r - - firewall-vpn-r +# - firewall-vpn-r - ssh-cli - syslog-cli - post From 4db4c8e71985032c073c68bc29a91e9bc1501951 Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 14:16:33 +0200 Subject: [PATCH 15/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'r-vp2.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/r-vp2.yml b/r-vp2.yml index 08ea1af..bf1cfbe 100644 --- a/r-vp2.yml +++ b/r-vp2.yml @@ -17,7 +17,7 @@ - snmp-agent # - vpn-stg-l - x509-l - - firewall-vpn-l +# - firewall-vpn-l - ssh-cli - syslog-cli - post From 4fe6f9f8f78d665f699bb9e4606f2a8247e5bdfa Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 15:47:18 +0200 Subject: [PATCH 16/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'r-vp2.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/r-vp2.yml b/r-vp2.yml index bf1cfbe..bf16cd4 100644 --- a/r-vp2.yml +++ b/r-vp2.yml @@ -15,9 +15,9 @@ - dns-agence - ssh-root-access - snmp-agent -# - vpn-stg-l + - firewall-vpn-l +# - vpn-stg-l - x509-l -# - firewall-vpn-l - ssh-cli - syslog-cli - post From d9e0959cc4e556c201b9bc379abbdfdacd4dc757 Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 15:48:00 +0200 Subject: [PATCH 17/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'r-vp1.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp1.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/r-vp1.yml b/r-vp1.yml index 21475e4..3a95a6d 100644 --- a/r-vp1.yml +++ b/r-vp1.yml @@ -12,9 +12,9 @@ - base - goss - snmp-agent -# - vpn-stg-r +# - firewall-vpn-r +# - vpn-stg-r - x509-r -# - firewall-vpn-r - ssh-cli - syslog-cli - post From d60dcb613bd54997e2e0ea8eff6747166366e941 Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 15:50:11 +0200 Subject: [PATCH 18/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/tasks/main.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/roles/firewall-vpn-r/tasks/main.yml b/roles/firewall-vpn-r/tasks/main.yml index 7d85a62..910d285 100644 --- a/roles/firewall-vpn-r/tasks/main.yml +++ b/roles/firewall-vpn-r/tasks/main.yml @@ -1,14 +1,8 @@ --- - - name: redemarrer interfaces - command: ifdown enp0s8 - - name: redemarrer interfaces - command: ifup enp0s8 - - name: redemarrer interfaces - command: ifdown enp0s9 - - name: redemarrer interfaces - command: ifup enp0s9 - - name: redemarrer interfaces - apt: name=ferm state=present + - name: Install ferm + apt: + name: ferm + - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf notify: From 61ae1027a232ae60d7e1b7e13f73c62a893a45ed Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 15:55:38 +0200 Subject: [PATCH 19/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/firewall-vpn-r/tasks/main.yml b/roles/firewall-vpn-r/tasks/main.yml index 910d285..e411fa3 100644 --- a/roles/firewall-vpn-r/tasks/main.yml +++ b/roles/firewall-vpn-r/tasks/main.yml @@ -5,5 +5,7 @@ - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf - notify: - - Restart ferm + + - name: Restart ferm + name: ferm + state: restarted \ No newline at end of file From bd89e3a964293e90c1b8675cf0cfe2c4805dd8e2 Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 16:20:40 +0200 Subject: [PATCH 20/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/firewall-vpn-r/tasks/main.yml b/roles/firewall-vpn-r/tasks/main.yml index e411fa3..b77d6b3 100644 --- a/roles/firewall-vpn-r/tasks/main.yml +++ b/roles/firewall-vpn-r/tasks/main.yml @@ -1,7 +1,6 @@ --- - - name: Install ferm - apt: - name: ferm +- name : installer ferm + apt: name=ferm state=present - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf From 4f417a892ecc552cb54aa3a0fed675806f6d8021 Mon Sep 17 00:00:00 2001 From: gadmin Date: Tue, 30 Mar 2021 16:34:31 +0200 Subject: [PATCH 21/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'r-vp1.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- r-vp1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/r-vp1.yml b/r-vp1.yml index 3a95a6d..12064a6 100644 --- a/r-vp1.yml +++ b/r-vp1.yml @@ -12,7 +12,7 @@ - base - goss - snmp-agent -# - firewall-vpn-r + - firewall-vpn-r # - vpn-stg-r - x509-r - ssh-cli From dab3b43db19f9fc4b58dbeefee35327f41ac3c70 Mon Sep 17 00:00:00 2001 From: TL Date: Wed, 31 Mar 2021 09:02:15 +0200 Subject: [PATCH 22/36] suppresion utilisation role db-user --- s-lb-bd.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/s-lb-bd.yml b/s-lb-bd.yml index 656c459..c31f907 100644 --- a/s-lb-bd.yml +++ b/s-lb-bd.yml @@ -11,13 +11,14 @@ roles: - base - goss + - post #- s-lb-bd-ab - mariadb-ab - - role: db-user - cli_ip: "192.168.102.1" - - role: db-user - cli_ip: "192.168.102.2" - - role: db-user - cli_ip: "192.168.102.3" +# - role: db-user +# cli_ip: "192.168.102.1" +# - role: db-user +# cli_ip: "192.168.102.2" +# - role: db-user +# cli_ip: "192.168.102.3" - snmp-agent - - post +# - post From c0cebf0b90bb0ffdf9ce5cf984a7a5f359db6a41 Mon Sep 17 00:00:00 2001 From: am Date: Wed, 31 Mar 2021 10:28:43 +0200 Subject: [PATCH 23/36] ajout des fichiers certificat tls --- roles/docker-nextcloud/files/config.php | 1 + roles/docker-nextcloud/files/dhparam.pem | 13 +++ .../files/nginx-selfsigned.crt | 24 +++++ .../files/nginx-selfsigned.key | 28 +++++ roles/docker-nextcloud/files/proxy | 35 ++++-- roles/docker-nextcloud/files/proxy.bak | 100 ++++++++++++++++++ roles/docker-nextcloud/files/self-signed.conf | 2 + roles/docker-nextcloud/files/ssl-params.conf | 18 ++++ roles/docker-nextcloud/tasks/main.yml | 29 ++++- 9 files changed, 241 insertions(+), 9 deletions(-) create mode 100644 roles/docker-nextcloud/files/dhparam.pem create mode 100644 roles/docker-nextcloud/files/nginx-selfsigned.crt create mode 100644 roles/docker-nextcloud/files/nginx-selfsigned.key create mode 100644 roles/docker-nextcloud/files/proxy.bak create mode 100644 roles/docker-nextcloud/files/self-signed.conf create mode 100644 roles/docker-nextcloud/files/ssl-params.conf diff --git a/roles/docker-nextcloud/files/config.php b/roles/docker-nextcloud/files/config.php index ee6ca8f..4a8a5c3 100644 --- a/roles/docker-nextcloud/files/config.php +++ b/roles/docker-nextcloud/files/config.php @@ -27,6 +27,7 @@ $CONFIG = array ( 2 => 's-mess', 3 => 's-mess.gsb.lan', 4 => 'localhost:8080', + 5 => 's-nxec.gsb.lan', ), 'trusted_proxies' => ['172.16.0.7'], 'overwriteprotocol' => 'http', diff --git a/roles/docker-nextcloud/files/dhparam.pem b/roles/docker-nextcloud/files/dhparam.pem new file mode 100644 index 0000000..30b44e5 --- /dev/null +++ b/roles/docker-nextcloud/files/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA9YcWlg90PgLB2PS31Tv8mxn6cyRZd4GvX6tkqwOfXhdBZYzgoEnJ +17U+hDqpT5utQpUbfR0//uXr53mpu3ufxCNJ9gSsCIAbmhTIT3qwLwUis3Etb8PA +4LCTbVHvua5W7/pdM0s8PIOAWK7ah09p+mzwZqx5tKZWtbdERQKIAGE6Xmd4845/ +9oBWTj2g5t83Gt/fZDy+NVRy5ePb/KGix4bEmfnZ5htC/16VFPVrSZUALoxn8HtC +3nn4eqBrZeAxY6UHuW0ZPkRmpLs3GCILa+gze+wDlKlhC+RQU/f8Fijo6SsQPzNf +6BzJdoyeeE9OyyhhWu4Mihr39RnShk1ABO2eZrA1TE7L5X3YuCeIO09j99hkEsPr +mX1zh+v4sx2FFMZLebu+5KYf+ROOOYtMy6AJQq55avccTPrs0S+pxswypbzMD4ym +BYtPO46XYkRhrX47TfVHLW9oonDmMxPKNidNMrFtKW0b6f09iOcN9iEA/EM0s+3n +uQ2h+bQrwGqo5aMSUuJ3w8EjFySIqKgU5ZxJzPGSndsqS7zd2hUxNx7EZueHXX5N +CJ7kWRhIFv8YHHx0J/VFJieyr7DAUATu7chu4aGhwf2AoGYzmI0tjSh+3rQiDh7O +h+JtKr+wifr9P2vBqIWFQltOC2srRs+EB+5/qN1iIjYmq52MkUbFLfMCAQI= +-----END DH PARAMETERS----- diff --git a/roles/docker-nextcloud/files/nginx-selfsigned.crt b/roles/docker-nextcloud/files/nginx-selfsigned.crt new file mode 100644 index 0000000..c7548de --- /dev/null +++ b/roles/docker-nextcloud/files/nginx-selfsigned.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIUAr99SgfwQjW0wJSay5rL7I8V6G4wDQYJKoZIhvcNAQEL +BQAwgZAxCzAJBgNVBAYTAkZSMRIwEAYDVQQIDAlCb3VyZ29nbmUxDjAMBgNVBAcM +BURpam9uMQwwCgYDVQQKDANHU0IxDjAMBgNVBAsMBWluZnJhMRcwFQYDVQQDDA5z +LW54ZWMuZ3NiLmxhbjEmMCQGCSqGSIb3DQEJARYXYXhlbC5tcmwuc2NvbEBnbWFp +bC5jb20wHhcNMjEwMzI5MDkzMTIxWhcNMjIwMzI5MDkzMTIxWjCBkDELMAkGA1UE +BhMCRlIxEjAQBgNVBAgMCUJvdXJnb2duZTEOMAwGA1UEBwwFRGlqb24xDDAKBgNV +BAoMA0dTQjEOMAwGA1UECwwFaW5mcmExFzAVBgNVBAMMDnMtbnhlYy5nc2IubGFu +MSYwJAYJKoZIhvcNAQkBFhdheGVsLm1ybC5zY29sQGdtYWlsLmNvbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+iB7H1clY8gwX6CQfBqU+V4gF4ZMmg +HMbnoPvWV0WOJlgyODh5xdE11iJBBby8VNdiruGNJCeLeI4WWUUkJJXMyeWNTM6/ +JIZhVZI0UF042S/s8WdP+jls4aASkp0QH+XDs+758y5D9lRoX+At+bRZSC/Fz/tL +Y16e15F1+BxZeSWUEajHZIJZ79gm0UQxA9HdHAHpoWR05P74Fy6rnOsQNtBW4Jkt +xDb9CHRWNVjvbBuPsDwPTEOvMq94r5yWspHDhA3edvtAAJke5N9od4mN8KTJQouJ +O0ZzvOYIofr8iQM3981p9MuBUwtDNT7+ns22lDXeORoliOCG1gE25DsCAwEAAaNT +MFEwHQYDVR0OBBYEFJgtmIFxdyFe3vZ/a3UwxORCZiLiMB8GA1UdIwQYMBaAFJgt +mIFxdyFe3vZ/a3UwxORCZiLiMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAJm7oJOJev7hh/G1xCPPyASWn9s9C9sb5zbxyq1gF5P6Br8Xof9OJ1ZE +XJaH1MwxxR+2Qhok6gERBSqpwe6jnreImOpqhHEQGdMWJvIRlvTPQmEj/mCoLGKf +DsIvl3ug4OfNqMojwYlGhsfQH92Qz2pnE88pLIT13y85c8TJHti2+GOxOTSxYLrs +lt3fYYjnSZ2mm9fLBcP/XgdCSTeN6XwpJr2b56sVh0uehFXnkgzjDd+PTGkIgnfT +/eXtX8+VbQIOSEOrIt0GneBZ3n37FSgz/y9TR5HgNKyt74oxbLsYR0qWpbCcEjw+ +ex/v7vE3bXgPGE56NzhlM1Pjh90R9hI= +-----END CERTIFICATE----- diff --git a/roles/docker-nextcloud/files/nginx-selfsigned.key b/roles/docker-nextcloud/files/nginx-selfsigned.key new file mode 100644 index 0000000..e5eca2f --- /dev/null +++ b/roles/docker-nextcloud/files/nginx-selfsigned.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvogex9XJWPIMF ++gkHwalPleIBeGTJoBzG56D71ldFjiZYMjg4ecXRNdYiQQW8vFTXYq7hjSQni3iO +FllFJCSVzMnljUzOvySGYVWSNFBdONkv7PFnT/o5bOGgEpKdEB/lw7Pu+fMuQ/ZU +aF/gLfm0WUgvxc/7S2NenteRdfgcWXkllBGox2SCWe/YJtFEMQPR3RwB6aFkdOT+ ++Bcuq5zrEDbQVuCZLcQ2/Qh0VjVY72wbj7A8D0xDrzKveK+clrKRw4QN3nb7QACZ +HuTfaHeJjfCkyUKLiTtGc7zmCKH6/IkDN/fNafTLgVMLQzU+/p7NtpQ13jkaJYjg +htYBNuQ7AgMBAAECggEAfyHLbi7cL74nnZjrFnlBpIE7EpNiaWyDyBr8ta7mh0up +R+g6N+81mQXeVfc5PvAYfbxKGKyBAjr77eYRgnHyJZkSgB5y/ajwuHEWbvl9Pq2a +0Q0zhPQojY7aF3O6OwTkAf5Sbebx94hsc5cF55GAEeMa1LHcpethJ6nVIs8A5QtP +ZgGlfFkgGXp1GQPmeX1jQePSp8nqCftIwFPOuLcuQnisc282NCRHl3M+VlnUIZNL +fgRxalurrnaKf5P9DRvxiGlUJzoH1h0tgYbfUMpoRXdYYK3wjVbWWPROrS1c1yrl +17W004k8Fb++rUmQucQEtsiID/ymAMZPtiCG2IqvwQKBgQDjQGf8GFt04ypvoux/ +acOMtHXaA1k1Fa6Gtvr3dCfhlm4dCxvHfAqWawW2GXrSajhVRe+vcqBMyKAY5G3a +O3nZNpFliMqbftzKkF6AThIgaDaGAzfr+I88urvX0od1+wzjzievOHOlbil3OriD +HrGmfO/xnnXkgHCQK2YjmhFeoQKBgQDF2fEp5HZAZFWy55LVlS6DIDFfK2DShCNf +ENcDp1YWz/PCbHTY0xXZ6T4TOX14YYmeZVZFCUcpWGQrfL+ogJhoM9iQFuzYrzMz +iYjgICeTJPLGQawC6CKVFcE7i6kjNie66IjEIZj1rS2zG/+WVTl95M8JxJO2U7a/ +7JiYJiehWwKBgQCqxb6euisYJpHAPL3ebbtO5Fnf0D5cXwO9JopoJHjH1ITA/JUO +jo9iQ+CR3Inoz3uv0RNyVABUUzvEGPzYT3OcoJ4Yn/gpa+c9rcnmP0Tt54J5qLeA +c1QofeclI4c6SMOB+WznBtQZEDTG7XC0z/8OLrsdZkgPw9lS7doejOvaoQKBgGbV +azp561h2jfBp2nC2lDFFN0Qe2LkyQuwzZX4ZqG488ZZZJrZXqGDVkRUO6X77Ozsf +sqI5O0prDc1ojnk3NX/birEBqWLKVRNxZboQHGGnb6PKGGx+WRMh9ohLg8KwcB/+ +oq9GQylWNI2GfOaXL0WW+mE6UggPJMpGX92c3zZHAoGAMOFoxUjjzsB0oJLTuYax +VKE7Jno24o5JeDRm69WS3E6boSZsIY/9r4jWtYiTbhwlTZpZMqad3h/zM/swHvVq +hh1BaHXBik/9rpnyTMZ9vo6UNyYo/TJPH3yrKwZbF4Cn2uWQoJCfDeo9VXdIEbEn +SwyeWd4Zkt/wvqmocF5KVqI= +-----END PRIVATE KEY----- diff --git a/roles/docker-nextcloud/files/proxy b/roles/docker-nextcloud/files/proxy index 534e71e..7e5abec 100644 --- a/roles/docker-nextcloud/files/proxy +++ b/roles/docker-nextcloud/files/proxy @@ -21,16 +21,37 @@ server { listen 8080 default_server; listen [::]:8080 default_server; + + server_name s-nxec.gsb.lan; + + return 302 https://$server_name$request_uri; +} +# location / { +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_pass http://localhost:5678; +# proxy_connect_timeout 900; +# proxy_send_timeout 900; +# proxy_read_timeout 900; + +server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + server_name s-nxec.gsb.lan; + + include snippets/self-signed.conf; + include snippets/ssl-params.conf; location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://localhost:5678; - proxy_connect_timeout 900; - proxy_send_timeout 900; - proxy_read_timeout 900; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:5678; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; } +} # SSL configuration # # listen 443 ssl default_server; @@ -77,7 +98,7 @@ server { #location ~ /\.ht { # deny all; #} -} + # Virtual Host configuration for example.com diff --git a/roles/docker-nextcloud/files/proxy.bak b/roles/docker-nextcloud/files/proxy.bak new file mode 100644 index 0000000..534e71e --- /dev/null +++ b/roles/docker-nextcloud/files/proxy.bak @@ -0,0 +1,100 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 8080 default_server; + listen [::]:8080 default_server; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:5678; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + } + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + +# root /var/www/html; + + # Add index.php to the list if you are using PHP +# index index.html index.htm index.nginx-debian.html; + +# server_name _; + +# location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. +# try_files $uri $uri/ =404; +# } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/roles/docker-nextcloud/files/self-signed.conf b/roles/docker-nextcloud/files/self-signed.conf new file mode 100644 index 0000000..d9017ca --- /dev/null +++ b/roles/docker-nextcloud/files/self-signed.conf @@ -0,0 +1,2 @@ +ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; +ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; diff --git a/roles/docker-nextcloud/files/ssl-params.conf b/roles/docker-nextcloud/files/ssl-params.conf new file mode 100644 index 0000000..473862a --- /dev/null +++ b/roles/docker-nextcloud/files/ssl-params.conf @@ -0,0 +1,18 @@ +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_dhparam /etc/nginx/dhparam.pem; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; +ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; # Requires nginx >= 1.5.9 +ssl_stapling on; # Requires nginx >= 1.3.7 +ssl_stapling_verify on; # Requires nginx => 1.3.7 +resolver 172.16.0.1 valid=300s; +resolver_timeout 5s; +# Disable strict transport security for now. You can uncomment the following +# line if you understand the implications. +# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; +add_header X-Frame-Options DENY; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index 32fef39..e010466 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -40,7 +40,7 @@ src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/proxy dest: /etc/nginx/sites-available -- name: Supression de /etc/nginx/sites-enabled/default +- name: Suppression de /etc/nginx/sites-enabled/default file: path: /etc/nginx/sites-enabled/default state: absent @@ -53,7 +53,7 @@ group: root state: link -- name: Redemmarage de Nginx +- name: Redemarage de Nginx service: name: nginx state: restarted @@ -62,3 +62,28 @@ copy: src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/config.php dest: /root/nextcloud/nextcloud/config + +- name: Copie de nginx-selfsigned.key + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/nginx-selfsigned.key + dest: /etc/ssl/private + +- name: Copie nginx-selfsigned.crt + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/nginx-selfsigned.crt + dest: /etc/ssl/certs + +- name: Copie de dhparam.pem + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/dhparam.pem + dest: /etc/nginx + +- name: Copie de self-signed.conf + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/self-signed.conf + dest: /etc/nginx/snippets + +- name: Copie de ssl-params.conf + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/ssl-params.conf + dest: /etc/nginx/snippets From 97e2d007d030816b69dfe2757523c04eb621a039 Mon Sep 17 00:00:00 2001 From: gadmin Date: Wed, 31 Mar 2021 11:08:07 +0200 Subject: [PATCH 24/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/files/ferm.conf'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/files/ferm.conf | 69 +++++----------------------- 1 file changed, 11 insertions(+), 58 deletions(-) diff --git a/roles/firewall-vpn-l/files/ferm.conf b/roles/firewall-vpn-l/files/ferm.conf index 1009efc..ad1b38f 100644 --- a/roles/firewall-vpn-l/files/ferm.conf +++ b/roles/firewall-vpn-l/files/ferm.conf @@ -4,12 +4,12 @@ # @def $DEV_ADM = enp0s3; -@def $DEV_VPN = enp0s8; -@def $DEV_EXT = enp0s9; +@def $DEV_AG = enp0s8; +@def $DEV_VPN = enp0s9; @def $NET_ADM=192.168.99.102/24; -@def $NET_VPN=172.16.128.254/24; -@def $NET_EXT=192.168.0.52/30; +@def $NET_AG=172.16.128.254/24; +@def $NET_VPN=192.168.0.52/24; table filter { chain INPUT { @@ -23,7 +23,7 @@ table filter { interface lo ACCEPT; # allow SSH connections - #interface ($DEV_ADM) { + #interface ($DEV_VPN) { proto tcp dport ssh ACCEPT; #} @@ -37,14 +37,14 @@ table filter { proto udp dport (67 68) ACCEPT; # allow IPsec - interface ($DEV_VPN $DEV_EXT) { + interface ($DEV_AG $DEV_VPN) { proto udp sport 500 ACCEPT; proto udp dport 500 ACCEPT; proto esp ACCEPT; } # Autoriser nat-t-ike - # interface ($DEV_VPN) { + # interface ($DEV_AG) { proto udp sport 4500 ACCEPT; proto udp dport 5500 ACCEPT; # } @@ -54,52 +54,16 @@ table filter { proto (udp tcp) dport domain ACCEPT; #} - # autoriser supervision - proto udp sport 161 ACCEPT; - # autoriser NTP proto udp sport 123 ACCEPT; - # respond to ping - proto icmp mod limit limit 30/minut ACCEPT; - } chain OUTPUT { - policy DROP; -# interface ($DEV_PUB) { - - # Autoriser SSH - proto tcp sport ssh ACCEPT; - - # Autoriser DNS - proto udp dport domain ACCEPT; - proto udp sport domain ACCEPT; - - # DHCP - proto udp sport (67 68) ACCEPT; - - # Autoriser ipsec - proto udp dport 500 ACCEPT; - proto udp sport 500 ACCEPT; - - # Autoriser nat-t-ike - proto udp dport 4500 ACCEPT; - proto udp sport 4500 ACCEPT; - - # Autoriser supervision - proto udp dport 161 ACCEPT; - - # Autoriser NTP - proto udp dport 123 ACCEPT; - - # respond to ping - proto icmp ACCEPT; - -# } + policy ACCEPT; # connection tracking - #mod state state INVALID DROP; - mod state state (ESTABLISHED RELATED) ACCEPT; + # mod state state INVALID DROP; + # mod state state (ESTABLISHED RELATED) ACCEPT; } chain FORWARD { policy ACCEPT; @@ -108,15 +72,4 @@ table filter { mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; } -} - -# IPv6: -#domain ip6 { -# table filter { -# chain INPUT { -# policy ACCEPT; -# # ... -# } -# # ... -# } -#} +} \ No newline at end of file From abd94f520cfc424e8a3cd8d6665039502a30b307 Mon Sep 17 00:00:00 2001 From: am Date: Wed, 31 Mar 2021 11:23:24 +0200 Subject: [PATCH 25/36] modifs main.yml --- roles/docker-nextcloud/tasks/main.yml | 46 +++++++++++++-------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index e010466..08c877b 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -35,29 +35,6 @@ name: nginx state: present -- name: Copie de /etc/nginx/site-availables/proxy - copy: - src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/proxy - dest: /etc/nginx/sites-available - -- name: Suppression de /etc/nginx/sites-enabled/default - file: - path: /etc/nginx/sites-enabled/default - state: absent - -- name: Creation de lien symbolique avec /etc/nginx/sites-available/proxy dans /etc/nginx/sites-enabled/proxy - file: - src: /etc/nginx/sites-available/proxy - dest: /etc/nginx/sites-enabled/proxy - owner: root - group: root - state: link - -- name: Redemarage de Nginx - service: - name: nginx - state: restarted - - name: Copie de config.php dans /root/nextcloud/nextcloud/config copy: src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/config.php @@ -87,3 +64,26 @@ copy: src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/ssl-params.conf dest: /etc/nginx/snippets + +- name: Copie de /etc/nginx/site-availables/proxy + copy: + src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/proxy + dest: /etc/nginx/sites-available + +- name: Suppression de /etc/nginx/sites-enabled/default + file: + path: /etc/nginx/sites-enabled/default + state: absent + +- name: Creation de lien symbolique avec /etc/nginx/sites-available/proxy dans /etc/n$ + file: + src: /etc/nginx/sites-available/proxy + dest: /etc/nginx/sites-enabled/proxy + owner: root + group: root + state: link + +- name: Redemarage de Nginx + service: + name: nginx + state: restarted From 53e5e4dc9ec206a790fb5784e75f18408198930a Mon Sep 17 00:00:00 2001 From: gadmin Date: Wed, 31 Mar 2021 11:33:48 +0200 Subject: [PATCH 26/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/files/ferm.conf'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/files/ferm.conf | 51 ++++------------------------ 1 file changed, 6 insertions(+), 45 deletions(-) diff --git a/roles/firewall-vpn-r/files/ferm.conf b/roles/firewall-vpn-r/files/ferm.conf index c9e47d6..7e274cc 100644 --- a/roles/firewall-vpn-r/files/ferm.conf +++ b/roles/firewall-vpn-r/files/ferm.conf @@ -23,15 +23,14 @@ table filter { interface lo ACCEPT; # allow SSH connections - #interface ($DEV_ADM) { + #interface ($DEV_VPN) { proto tcp dport ssh ACCEPT; #} # allow DNS connections - #interface ($DEV_INT) { proto udp sport domain ACCEPT; proto udp dport domain ACCEPT; - #} + # allow IPsec interface ($DEV_VPN) { @@ -62,38 +61,11 @@ table filter { } chain OUTPUT { - policy DROP; -# interface ($DEV_PUB) { - - # Autoriser SSH - proto tcp sport ssh ACCEPT; - - # Autoriser DNS - proto udp dport domain ACCEPT; - proto udp sport domain ACCEPT; - - # Autoriser ipsec - proto udp dport 500 ACCEPT; - proto udp sport 500 ACCEPT; - - # Autoriser nat-t-ike - proto udp dport 4500 ACCEPT; - proto udp sport 4500 ACCEPT; - - # Autoriser supervision - proto udp dport 161 ACCEPT; - - # Autoriser NTP - proto udp dport 123 ACCEPT; - - # respond to ping - proto icmp ACCEPT; - -# } + policy ACCEPT; # connection tracking - #mod state state INVALID DROP; - mod state state (ESTABLISHED RELATED) ACCEPT; + # mod state state INVALID DROP; + # mod state state (ESTABLISHED RELATED) ACCEPT; } chain FORWARD { policy ACCEPT; @@ -102,15 +74,4 @@ table filter { mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; } -} - -# IPv6: -#domain ip6 { -# table filter { -# chain INPUT { -# policy ACCEPT; -# # ... -# } -# # ... -# } -#} +} \ No newline at end of file From 98890660f8470097cb0735ed2e7c3b43276021eb Mon Sep 17 00:00:00 2001 From: gadmin Date: Wed, 31 Mar 2021 11:51:22 +0200 Subject: [PATCH 27/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/files/ferm.conf'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/files/ferm.conf | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/roles/firewall-vpn-r/files/ferm.conf b/roles/firewall-vpn-r/files/ferm.conf index 7e274cc..899911f 100644 --- a/roles/firewall-vpn-r/files/ferm.conf +++ b/roles/firewall-vpn-r/files/ferm.conf @@ -9,7 +9,7 @@ @def $NET_ADM=192.168.99.112/24; @def $NET_VPN=192.168.0.51/24; -@def $NET_EXT=192.168.1.2/30; +@def $NET_EXT=192.168.1.2/24; table filter { chain INPUT { @@ -23,9 +23,8 @@ table filter { interface lo ACCEPT; # allow SSH connections - #interface ($DEV_VPN) { proto tcp dport ssh ACCEPT; - #} + # allow DNS connections proto udp sport domain ACCEPT; @@ -50,22 +49,13 @@ table filter { # proto (udp tcp) dport domain ACCEPT; #} - # autoriser supervision - proto udp sport 161 ACCEPT; # autoriser NTP proto udp sport 123 ACCEPT; - # respond to ping - proto icmp mod limit limit 30/minut ACCEPT; - } chain OUTPUT { policy ACCEPT; - - # connection tracking - # mod state state INVALID DROP; - # mod state state (ESTABLISHED RELATED) ACCEPT; } chain FORWARD { policy ACCEPT; From c8fe45b95dd74001df430a003bd1367e89685805 Mon Sep 17 00:00:00 2001 From: gadmin Date: Wed, 31 Mar 2021 11:53:34 +0200 Subject: [PATCH 28/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/files/ferm.conf'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/files/ferm.conf | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/roles/firewall-vpn-l/files/ferm.conf b/roles/firewall-vpn-l/files/ferm.conf index ad1b38f..31d5ec1 100644 --- a/roles/firewall-vpn-l/files/ferm.conf +++ b/roles/firewall-vpn-l/files/ferm.conf @@ -23,18 +23,11 @@ table filter { interface lo ACCEPT; # allow SSH connections - #interface ($DEV_VPN) { proto tcp dport ssh ACCEPT; - #} # allow DNS connections - #interface ($DEV_INT) { proto udp sport domain ACCEPT; - proto udp dport domain ACCEPT; - #} - - # DHCP - proto udp dport (67 68) ACCEPT; + proto udp dport domain ACCEPT; # allow IPsec interface ($DEV_AG $DEV_VPN) { From 9d83f1894c7f36dde13e4305e62c8f1219f534e2 Mon Sep 17 00:00:00 2001 From: gadmin Date: Thu, 1 Apr 2021 14:49:44 +0200 Subject: [PATCH 29/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/firewall-vpn-l/tasks/main.yml b/roles/firewall-vpn-l/tasks/main.yml index 034dd32..ea9551a 100644 --- a/roles/firewall-vpn-l/tasks/main.yml +++ b/roles/firewall-vpn-l/tasks/main.yml @@ -1,8 +1,8 @@ --- - - name : installer ferm +- name : installer ferm apt: name=ferm state=present + - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf notify: - - Restart ferm - + - restart ferm \ No newline at end of file From 418676ee1e7a52e38a7b8e332addd4437e8fe3c5 Mon Sep 17 00:00:00 2001 From: gadmin Date: Thu, 1 Apr 2021 14:50:08 +0200 Subject: [PATCH 30/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/firewall-vpn-l/tasks/main.yml b/roles/firewall-vpn-l/tasks/main.yml index ea9551a..7d0856f 100644 --- a/roles/firewall-vpn-l/tasks/main.yml +++ b/roles/firewall-vpn-l/tasks/main.yml @@ -2,7 +2,7 @@ - name : installer ferm apt: name=ferm state=present - - name: fichier parefeu pour VPN - copy: src=ferm.conf dest=/etc/ferm/ferm.conf - notify: - - restart ferm \ No newline at end of file +- name: fichier parefeu pour VPN + copy: src=ferm.conf dest=/etc/ferm/ferm.conf + notify: + - restart ferm \ No newline at end of file From f8cf5f75d73d59e626a454d5b89d450ddc11005f Mon Sep 17 00:00:00 2001 From: gadmin Date: Thu, 1 Apr 2021 14:50:17 +0200 Subject: [PATCH 31/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firewall-vpn-l/tasks/main.yml b/roles/firewall-vpn-l/tasks/main.yml index 7d0856f..50183c4 100644 --- a/roles/firewall-vpn-l/tasks/main.yml +++ b/roles/firewall-vpn-l/tasks/main.yml @@ -1,6 +1,6 @@ --- - name : installer ferm - apt: name=ferm state=present + apt: name=ferm state=present - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf From fa2dc0ed36cc8111a75c42241615fe5b8ec3ac8e Mon Sep 17 00:00:00 2001 From: gadmin Date: Thu, 1 Apr 2021 14:51:46 +0200 Subject: [PATCH 32/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/tasks/main.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/firewall-vpn-r/tasks/main.yml b/roles/firewall-vpn-r/tasks/main.yml index b77d6b3..c06a81b 100644 --- a/roles/firewall-vpn-r/tasks/main.yml +++ b/roles/firewall-vpn-r/tasks/main.yml @@ -1,10 +1,8 @@ --- - name : installer ferm - apt: name=ferm state=present + apt: name=ferm state=present - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf - - - name: Restart ferm - name: ferm - state: restarted \ No newline at end of file + notify: + - Restart ferm \ No newline at end of file From bdb484cc6ebaf5320d88701d4caff0c6d46a2b03 Mon Sep 17 00:00:00 2001 From: gadmin Date: Thu, 1 Apr 2021 14:52:02 +0200 Subject: [PATCH 33/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-r/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-r/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/firewall-vpn-r/tasks/main.yml b/roles/firewall-vpn-r/tasks/main.yml index c06a81b..b2d49ed 100644 --- a/roles/firewall-vpn-r/tasks/main.yml +++ b/roles/firewall-vpn-r/tasks/main.yml @@ -2,7 +2,7 @@ - name : installer ferm apt: name=ferm state=present - - name: fichier parefeu pour VPN - copy: src=ferm.conf dest=/etc/ferm/ferm.conf - notify: - - Restart ferm \ No newline at end of file +- name: fichier parefeu pour VPN + copy: src=ferm.conf dest=/etc/ferm/ferm.conf + notify: + - Restart ferm \ No newline at end of file From b14398b20400358c3313f7af1b5b5607777a21b1 Mon Sep 17 00:00:00 2001 From: gadmin Date: Thu, 1 Apr 2021 14:52:15 +0200 Subject: [PATCH 34/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/firewall-vpn-l/tasks/main.yml b/roles/firewall-vpn-l/tasks/main.yml index 50183c4..e6b3402 100644 --- a/roles/firewall-vpn-l/tasks/main.yml +++ b/roles/firewall-vpn-l/tasks/main.yml @@ -1,8 +1,7 @@ --- - name : installer ferm apt: name=ferm state=present - - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf notify: - - restart ferm \ No newline at end of file + - Restart ferm \ No newline at end of file From a603ccd7012d3f30ab4b5b83797c3f6c9a35f3d5 Mon Sep 17 00:00:00 2001 From: gadmin Date: Thu, 1 Apr 2021 14:53:01 +0200 Subject: [PATCH 35/36] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'roles/firewa?= =?UTF-8?q?ll-vpn-l/tasks/main.yml'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/firewall-vpn-l/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/firewall-vpn-l/tasks/main.yml b/roles/firewall-vpn-l/tasks/main.yml index e6b3402..b0a540d 100644 --- a/roles/firewall-vpn-l/tasks/main.yml +++ b/roles/firewall-vpn-l/tasks/main.yml @@ -1,6 +1,7 @@ --- - name : installer ferm apt: name=ferm state=present + - name: fichier parefeu pour VPN copy: src=ferm.conf dest=/etc/ferm/ferm.conf notify: From e771d47e7921a55f9f0ce15746fd2f589008cc22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CAlbert?= Date: Thu, 1 Apr 2021 14:55:47 +0200 Subject: [PATCH 36/36] doc : README.md --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index d774e37..cd5945a 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,31 @@ prérequis : une machine Debian buster * r-int * r-ext * s-proxy + + ## Les playbooks + + +## Installation + +On utilisera l'image de machine virtuelle suivante : + * **debian-buster-gsb-2021b.ova** (2021-03-31) + * Bebian Buster 10.9 - 2 cartes - 1 Go - stockage 20 Go + + +### Machine s-adm + - créer la machine virtuelle **s-adm** en important l'image ova décrite plus haut + - + + +### Pour chaque machine + + - importer la machine à partir du fichier **.ova** + - définir les cartes réseau en accord avec le plan d'adressage et le schéma + - donner le nom adapté (avec sed -i …) + - redémarrer + - mettre à jour les paquets : apt update && apt upgrade + - cloner le dépot : https://gitea.lyc-lecastel.fr/gadmin/gsb2021.git + + + curl depl/gsbboot|bash \ No newline at end of file