ajout et changementroles fw-vpn

2023-01-30 10:57:23 +01:00 · 2023-01-30 10:57:23 +01:00 · 5ddbedac97
commit 5ddbedac97
parent 9fd18796a6
9 changed files with 33 additions and 32 deletions
--- a/r-vp1.yml
+++ b/r-vp1.yml
@ -15,6 +15,7 @@
 #   - firewall-vpn-r
   - wireguard-r
 #   - x509-r
+   - fw-ferm
   - ssh-cli
   - syslog-cli
   - post
--- a/r-vp2.yml
+++ b/r-vp2.yml
@ -18,6 +18,7 @@
 #   - firewall-vpn-l
   - wireguard-l
 #   - x509-l
+   - fw-ferm
   - ssh-cli
   - syslog-cli
   - post
--- a/roles/fw-ferm-2/README.md
+++ b/roles/fw-ferm-2/README.md
@ -1,19 +0,0 @@
-[Ferm]:http://ferm.foo-projects.org/ 
-
-Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables
-```bash
-update-alternatives --set iptables /usr/sbin/iptables-legacy
-```
-
-Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html
-```bash
-sudo nmap -p51820  192.168.0.51
-```(r-vp1)
-```bash
-sudo nmap -p51820  192.168.0.52
-```(r-vp2)
-
-Sortie :
-`PORT      STATE    SERVICE
-51820/tcp filtered unknown`
-Faire des ping!
--- a/roles/fw-ferm-1/README.md
+++ b/roles/fw-ferm-1/README.md
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
--- a/roles/fw-ferm/files/ferm.conf.r-vp2
+++ b/roles/fw-ferm/files/ferm.conf.r-vp2
--- a/roles/fw-ferm/tasks/main.yml
+++ b/roles/fw-ferm/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
+- name: copie du ferm.conf
+  copy:
+    src: ferm.conf.{{ ansible_hostname }}
+    dest: /etc/ferm/ferm.conf
+
+- name: redemarage service ferm
+  ansible.builtin.service:
+    name: ferm.service
+    state: restarted
--- a/roles/wireguard-l/tasks/main.yml
+++ b/roles/wireguard-l/tasks/main.yml
@ -4,16 +4,16 @@
    name: wireguard
    state: present

+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
 - name: installation de wireguard-tools
  apt:
    name: wireguard-tools
    state: present

-#- name: installation de sshpass
-#  apt:
-#    name: sshpass
-#    state: present
-
 #- name: copie du fichier de configuration depuis r-vp1
 #  command: "sshpass -p 'root' scp -r root@192.168.99.112:/root/confwg/wg0-b.conf /etc/wireguard/"

--- a/roles/wireguard-r/tasks/main.yml
+++ b/roles/wireguard-r/tasks/main.yml
@ -4,6 +4,11 @@
    name: wireguard
    state: present

+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
 - name: installation de wireguard-tools
  apt:
    name: wireguard-tools
@ -27,12 +32,10 @@
 - name: copie du fichier de configuration
  copy:
    src: /root/confwg/wg0-a.conf
-    dest: /etc/wireguard
+    dest: /etc/wireguard/wg0.conf

- name: renommage fichier de configuration
-  command: "mv /etc/wireguard/wg0-a.conf /etc/wireguard/wg0.conf"
-
- name: demarrage du service wireguard
-  tags: aaaa
-  command: "systemctl enable wg-quick@wg0"
-  command: "systemctl restart wg-quick@wg0"
+- name: Restart service httpd, in all cases
+  ansible.builtin.service:
+    name: wg-quick@wg0
+    enabled: yes
+    state: restarted