Premier commit

2021-01-04 22:49:46 +01:00
parent da1100578d
commit 65b2a3eaf3
538 changed files with 52570 additions and 0 deletions
--- a/roles/dns-master/files/db.gsb.lan
+++ b/roles/dns-master/files/db.gsb.lan
@@ -0,0 +1,30 @@
+; 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
+
+;
+; BIND data file for local loopback interface
+;
+$TTL    604800
+@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
+                        2016011401      ; Serial
+                        7200	        ; Refresh
+                        86400           ; Retry
+                        8419200         ; Expire
+                        604800 )        ; Negative Cache TTL
+;
+@       	IN      NS      s-infra.gsb.lan.
+@		IN      NS      s-backup.gsb.lan.
+@      	        IN      A       127.0.0.1
+@       	IN      AAAA    ::1
+s-infra  	IN      A       172.16.0.1
+s-backup        IN      A	172.16.0.4
+s-proxy         IN      A       172.16.0.2
+s-appli    	IN      A       172.16.0.3
+s-win    	IN      A       172.16.0.6
+s-mess   	IN      A       172.16.0.7
+s-mon    	IN      A       172.16.0.8
+s-itil		IN	A	172.16.0.9
+r-int    	IN      A       172.16.0.254
+r-int-lnk    	IN      A       192.168.200.254
+r-ext  		IN      A       192.168.200.253
+ns   	        IN      CNAME   s-infra.gsb.lan.
+wpad		IN	CNAME	s-infra.gsb.lan.	
--- a/roles/dns-master/files/db.gsb.lan.rev
+++ b/roles/dns-master/files/db.gsb.lan.rev
@@ -0,0 +1,24 @@
+; 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
+
+;
+; BIND data file for local loopback interface
+;
+$TTL    604800
+@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
+                        2015121701      ; Serial
+                        7200            ; Refresh
+                        86400           ; Retry
+                        8419200         ; Expire
+                        604800 )        ; Negative Cache TTL
+;
+@         IN      NS      s-infra.gsb.lan.
+@         IN      NS      s-backup.gsb.lan.
+1.0       IN      PTR     s-infra.gsb.lan.
+4.0       IN      PTR     s-backup.gsb.lan.
+2.0       IN      PTR     s-proxy.gsb.lan.
+3.0       IN      PTR     s-appli.gsb.lan.
+6.0       IN      PTR     s-win.gsb.lan.
+7.0       IN      PTR     s-mess.gsb.lan.
+8.0       IN      PTR     s-mon.gsb.lan.
+9.0	  IN	  PTR 	  s-itil.gsb.lan.
+254.0     IN      PTR     r-int.gsb.lan.
--- a/roles/dns-master/files/forbidden.html
+++ b/roles/dns-master/files/forbidden.html
@@ -0,0 +1,2 @@
+<center><img src="http://sio.lyc-lecastel.fr/~nicolas.denizot/warning.jpg" alt="Bloque"></img></center>
+<center><h1>Vous n'avez pas les droits requis pour acceder a cette page, veuillez contacter votre Administrateur.</h1></center>
--- a/roles/dns-master/files/hosts
+++ b/roles/dns-master/files/hosts
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	s-infra
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
--- a/roles/dns-master/files/named.conf.local
+++ b/roles/dns-master/files/named.conf.local
@@ -0,0 +1,20 @@
+// 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
+
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "gsb.lan" {
+        type master;
+        file "/etc/bind/db.gsb.lan";
+};
+
+zone "16.172.in-addr.arpa"{
+        type master;
+        notify no;
+        file "/etc/bind/db.gsb.lan.rev";
+};
--- a/roles/dns-master/files/named.conf.options
+++ b/roles/dns-master/files/named.conf.options
@@ -0,0 +1,25 @@
+// 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
+
+options {
+        directory "/var/cache/bind";
+
+        // If there is a firewall between you and nameservers you want
+        // to talk to, you may need to fix the firewall to allow multiple
+        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+        // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+
+        forwarders {
+                192.168.99.99;
+
+         };
+
+        auth-nxdomain no;    # conform to RFC1035
+        listen-on-v6 { any; };
+	allow-query { 172.16.0.0/16; } ;
+	allow-recursion { 172.16.0.0/16; } ;
+};
+
--- a/roles/dns-master/files/resolv.conf
+++ b/roles/dns-master/files/resolv.conf
@@ -0,0 +1,4 @@
+domain gsb.lan
+search gsb.lan
+nameserver 127.0.0.1
+
--- a/roles/dns-master/handlers/main.yml
+++ b/roles/dns-master/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+  - name: restart bind9
+    service: name=bind9 state=restarted
+
--- a/roles/dns-master/tasks/main.yml
+++ b/roles/dns-master/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: Installation bind9
+  apt:  name=bind9 state=present update_cache=yes
+
+- name: Copie named.conf.options
+  copy: src=named.conf.options dest=/etc/bind
+  notify:
+    - restart bind9
+
+- name: Copie named.conf.local
+  copy: src=named.conf.local dest=/etc/bind
+  notify:
+    - restart bind9
+
+- name: Copie db.gsb.lan
+  copy: src=db.gsb.lan dest=/etc/bind
+  notify:
+    - restart bind9
+
+- name: Copie db.gsb.lan.rev
+  copy: src=db.gsb.lan.rev dest=/etc/bind
+  notify:
+    - restart bind9
+
+- name: Copie resolv.conf
+  copy: src=resolv.conf dest=/etc
+  notify:
+    - restart bind9
+
+- name: Copie page squidguard
+  copy: src=forbidden.html dest=/var/www/
+