Compare commits
21 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| dab3b43db1 | |||
| 4f417a892e | |||
| bd89e3a964 | |||
| 61ae1027a2 | |||
| d60dcb613b | |||
| d9e0959cc4 | |||
| 4fe6f9f8f7 | |||
| 4db4c8e719 | |||
| a0a8ec62bd | |||
| 699ddddaba | |||
| 1943b172d3 | |||
| 84c2e68cc8 | |||
| 74e723896c | |||
| b8c681c4bb | |||
| 28f1560add | |||
| b04bbbe7d1 | |||
| 8e602c15a6 | |||
| 20f8fcccbe | |||
| a76aa215d3 | |||
| afdd827df3 | |||
| 290e2866fe |
@ -12,9 +12,9 @@
|
||||
- base
|
||||
- goss
|
||||
- snmp-agent
|
||||
- vpn-stg-r
|
||||
# - x509-r
|
||||
# - firewall-vpn-r
|
||||
- firewall-vpn-r
|
||||
# - vpn-stg-r
|
||||
- x509-r
|
||||
- ssh-cli
|
||||
- syslog-cli
|
||||
- post
|
||||
|
||||
@ -13,10 +13,11 @@
|
||||
- goss
|
||||
- dhcp-ag
|
||||
- dns-agence
|
||||
- ssh-root-access
|
||||
- snmp-agent
|
||||
- vpn-stg-l
|
||||
# - x509-l
|
||||
# - firewall-vpn-l
|
||||
- firewall-vpn-l
|
||||
# - vpn-stg-l
|
||||
- x509-l
|
||||
- ssh-cli
|
||||
- syslog-cli
|
||||
- post
|
||||
|
||||
@ -21,6 +21,8 @@ s-proxy IN A 172.16.0.2
|
||||
s-appli IN A 172.16.0.3
|
||||
s-win IN A 172.16.0.6
|
||||
s-mess IN A 172.16.0.7
|
||||
s-nxec IN A 172.16.0.7
|
||||
s-docker IN A 172.16.0.7
|
||||
s-mon IN A 172.16.0.8
|
||||
s-itil IN A 172.16.0.9
|
||||
r-int IN A 172.16.0.254
|
||||
|
||||
@ -16,6 +16,7 @@ services:
|
||||
- MYSQL_PASSWORD=root
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
- TZ=Europe/Paris
|
||||
|
||||
app:
|
||||
image: nextcloud
|
||||
@ -31,3 +32,4 @@ services:
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_HOST=db
|
||||
- TZ=Europe/Paris
|
||||
|
||||
@ -24,7 +24,7 @@ server {
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://localhost:5678;
|
||||
proxy_connect_timeout 900;
|
||||
proxy_send_timeout 900;
|
||||
|
||||
@ -29,3 +29,36 @@
|
||||
shell: docker-compose up -d
|
||||
args:
|
||||
chdir: /root/nextcloud
|
||||
|
||||
- name: Installation de Nginx
|
||||
package:
|
||||
name: nginx
|
||||
state: present
|
||||
|
||||
- name: Copie de /etc/nginx/site-availables/proxy
|
||||
copy:
|
||||
src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/proxy
|
||||
dest: /etc/nginx/sites-available
|
||||
|
||||
- name: Supression de /etc/nginx/sites-enabled/default
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled/default
|
||||
state: absent
|
||||
|
||||
- name: Creation de lien symbolique avec /etc/nginx/sites-available/proxy dans /etc/nginx/sites-enabled/proxy
|
||||
file:
|
||||
src: /etc/nginx/sites-available/proxy
|
||||
dest: /etc/nginx/sites-enabled/proxy
|
||||
owner: root
|
||||
group: root
|
||||
state: link
|
||||
|
||||
- name: Redemmarage de Nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
|
||||
- name: Copie de config.php dans /root/nextcloud/nextcloud/config
|
||||
copy:
|
||||
src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/config.php
|
||||
dest: /root/nextcloud/nextcloud/config
|
||||
|
||||
@ -7,9 +7,9 @@
|
||||
@def $DEV_VPN = enp0s8;
|
||||
@def $DEV_EXT = enp0s9;
|
||||
|
||||
@def $NET_ADM=192.168.99.0/24;
|
||||
@def $NET_VPN=192.168.0.0/24;
|
||||
@def $NET_EXT=192.168.1.0/30;
|
||||
@def $NET_ADM=192.168.99.102/24;
|
||||
@def $NET_VPN=172.16.128.254/24;
|
||||
@def $NET_EXT=192.168.0.52/30;
|
||||
|
||||
table filter {
|
||||
chain INPUT {
|
||||
|
||||
@ -7,9 +7,9 @@
|
||||
@def $DEV_VPN = enp0s8;
|
||||
@def $DEV_EXT = enp0s9;
|
||||
|
||||
@def $NET_ADM=192.168.99.0/24;
|
||||
@def $NET_VPN=192.168.0.0/24;
|
||||
@def $NET_EXT=192.168.1.0/30;
|
||||
@def $NET_ADM=192.168.99.112/24;
|
||||
@def $NET_VPN=192.168.0.51/24;
|
||||
@def $NET_EXT=192.168.1.2/30;
|
||||
|
||||
table filter {
|
||||
chain INPUT {
|
||||
|
||||
@ -1,15 +1,10 @@
|
||||
---
|
||||
- name: redemarrer interfaces
|
||||
command: ifdown enp0s8
|
||||
- name: redemarrer interfaces
|
||||
command: ifup enp0s8
|
||||
- name: redemarrer interfaces
|
||||
command: ifdown enp0s9
|
||||
- name: redemarrer interfaces
|
||||
command: ifup enp0s9
|
||||
- name: redemarrer interfaces
|
||||
- name : installer ferm
|
||||
apt: name=ferm state=present
|
||||
|
||||
- name: fichier parefeu pour VPN
|
||||
copy: src=ferm.conf dest=/etc/ferm/ferm.conf
|
||||
notify:
|
||||
- Restart ferm
|
||||
|
||||
- name: Restart ferm
|
||||
name: ferm
|
||||
state: restarted
|
||||
7
roles/ssh-root-access/tasks/main.yml
Normal file
7
roles/ssh-root-access/tasks/main.yml
Normal file
@ -0,0 +1,7 @@
|
||||
- name: Activation acces ssh root pour vp-1 (certificat)
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^PermitRootLogin"
|
||||
line: "PermitRootLogin yes"
|
||||
state: present
|
||||
|
||||
15
s-lb-bd.yml
15
s-lb-bd.yml
@ -11,13 +11,14 @@
|
||||
roles:
|
||||
- base
|
||||
- goss
|
||||
- post
|
||||
#- s-lb-bd-ab
|
||||
- mariadb-ab
|
||||
- role: db-user
|
||||
cli_ip: "192.168.102.1"
|
||||
- role: db-user
|
||||
cli_ip: "192.168.102.2"
|
||||
- role: db-user
|
||||
cli_ip: "192.168.102.3"
|
||||
# - role: db-user
|
||||
# cli_ip: "192.168.102.1"
|
||||
# - role: db-user
|
||||
# cli_ip: "192.168.102.2"
|
||||
# - role: db-user
|
||||
# cli_ip: "192.168.102.3"
|
||||
- snmp-agent
|
||||
- post
|
||||
# - post
|
||||
|
||||
Reference in New Issue
Block a user