79 changed files with 199 additions and 662 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # gsb2023
-2023-02-02 ps
+2023-02-01 ps 
 Environnement et playbooks ansible pour le projet GSB 2023
@ -53,15 +53,15 @@ On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer
 ```shell
 gsb2023>
-cd scripts
+cd pre
 $ mkvm -r s-adm
 ```
 ### Machine s-adm
-  * créer la machine virtuelle **s-adm** avec **mkvm** comme décrit plus haut.
+  * créer la machine virtuelle **s-adm** avec **mkvm * comme décrit plus haut.
-  * utiliser le script de renommage comme suit --> `bash chname <nouveau_nom_de_machine>` , puis redémarrer
+  * utiliser le script de renommage comme suit --> bash chname [nouveau_nom_de_machine] puis redémarrer
-  * utiliser le script **s-adm-start** : `bash s-adm-start` , puis redémarrer
+  * utiliser le script s-adm-start --> bash s-adm-start, redémarrer
  * ou sinon :
 ```shell
    mkdir -p tools/ansible ; cd tools/ansible
@ -79,9 +79,9 @@ $ mkvm -r s-adm
 ### Pour chaque machine
  - créer la machine avec **mkvm -r**, les cartes réseau sont paramétrées par **mkvm** selon les spécifications 
-  - utiliser le script de renommage comme suit : `bash chname <nouveau_nom_de_machine>`
+  - utiliser le script de renommage comme suit --> bash chname [nouveau_nom_de_machine]
  - redémarrer
-  - utiliser le script **gsb-start** : `bash gsb-start`
+  - utiliser le script gsb-start --> bash gsb-start
  - ou sinon:
 ```shell
 mkdir -p tools/ansible ; cd tools/ansible
@ -94,16 +94,3 @@ bash pull-config
 ```
  - redémarrer
  - **Remarque** : une machine doit avoir été redémarrée pour prendre en charge la nouvelle configuration
 ## Les tests
 Il peuvent êtres mis en oeuvre avec **goss** de la façon suivante : chaque machine installée  dispose d'un fichier de test ad-hoc portant le nom de la machine elle-même (machine.yml).
 ```
 cd tools/ansible/gsb2023
 bash agoss # lance le test portant le nom de la machine 
 ```
 `bash agoss -f tap` permet de lancer le test avec le détail d'exécution
--- a/goss/s-elk.yaml
+++ b/goss/s-elk.yaml
@ -1,26 +0,0 @@
 port:
  tcp:5044:
    listening: true
    ip:
    - 0.0.0.0
  tcp:5601:
    listening: true
    ip:
    - 0.0.0.0
  tcp:9200:
    listening: true
    ip:
    - 0.0.0.0
 service:
  docker:
    enabled: true
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.11/24
  enp0s8:
    exists: true
    addrs:
    - 172.16.0.11/24
--- a/pre/gsbboot
+++ b/pre/gsbboot
@ -34,7 +34,7 @@ if [[ $? != 0 ]]; then
 	${APT} install -y git-core
 fi
 ${APT} update
-#${APT} upgrade -y
+${APT} upgrade -y
 which ansible >> /dev/null
 if [[ $? != 0 ]]; then
--- a/pre/inst-depl
+++ b/pre/inst-depl
@ -45,9 +45,7 @@ str6="curl -L https://github.com/aelsabbahy/goss/releases/download/${GOSSVER}/go
 #str8="wget -nc 'https://gestsup.fr/index.php?page=download&channel=stable&version=${GESTSUPREL}&type=gestsup' -O gestsup_${GESTSUPREL}.zip"
 str8="wget -nc 'https://gestsup.fr/index.php?page=download&channel=stable&version=3.2.30&type=gestsup' -O gestsup_3.2.30.zip"
-
+ELKREL=8.6.0
 #METRICBEAT ET FILEBEAT
 ELKREL=8.5.3
 str81="wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${ELKREL}-amd64.deb"
 str82="wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${ELKREL}-windows-x86_64.zip"
--- a/r-vp1-fw.yml
+++ b/r-vp1-fw.yml
@ -1,13 +0,0 @@
 ---
 - hosts: localhost
  connection: local
  vars:
   - ip1: 192.168.0.51
   - remip: 192.168.0.52
   - mynet: 192.168.1.0
   - remnet: 172.16.128.0
  roles:
   - fw-ferm
--- a/r-vp1.yml
+++ b/r-vp1.yml
@ -12,8 +12,10 @@
   - base
   - goss
 #   - snmp-agent
 #   - firewall-vpn-r
   - post
   - wireguard-r
   - fw-ferm
   - ssh-cli
   - syslog-cli
--- a/r-vp2-fw.yml
+++ b/r-vp2-fw.yml
@ -1,12 +0,0 @@
 ---
 - hosts: localhost
  connection: local
  vars:
   - ip1: 192.168.0.52
   - remip: 192.168.0.51
   - mynet: 172.16.128.0
   - remnet: 192.168.1.0
  roles:
   - fw-ferm
--- a/r-vp2.yml
+++ b/r-vp2.yml
@ -15,7 +15,10 @@
   - dns-agence
   - ssh-root-access
 #   - snmp-agent
 #   - firewall-vpn-l
   - wireguard-l
-   - post
+#   - x509-l
   - fw-ferm
   - ssh-cli
   - syslog-cli
   - post
--- a/roles/base/templates/hosts.j2
+++ b/roles/base/templates/hosts.j2
@ -28,7 +28,7 @@
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
 192.168.99.102  r-vp2.gsb.adm
-192.168.99.120  s-peertube.gsb.adm
+
 192.168.99.8	syslog.gsb.adm
--- a/roles/base/templates/hosts.s-proxy.j2
+++ b/roles/base/templates/hosts.s-proxy.j2
@ -27,6 +27,6 @@
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
 192.168.99.102  r-vp2.gsb.adm
-192.168.99.120  s-peertube.gsb.adm
+
 192.168.99.8	syslog.gsb.adm
--- a/roles/dns-ag-cs/files/named.conf.options
+++ b/roles/dns-ag-cs/files/named.conf.options
@ -0,0 +1,23 @@
 // 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
 options {
        directory "/var/cache/bind";
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        forwarders {
                172.16.0.1;
         };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
 };
--- a/roles/dns-ag-cs/handlers/main.yml
+++ b/roles/dns-ag-cs/handlers/main.yml
@ -0,0 +1,4 @@
 ---
  - name: restart bind9
    service: name=bind9 state=restarted
--- a/roles/dns-ag-cs/tasks/main.yml
+++ b/roles/dns-ag-cs/tasks/main.yml
@ -0,0 +1,11 @@
 ---
 - name: Installation bind9
  apt:  name=bind9 state=present update_cache=yes
 - name: Copie named.conf.options
  copy: src=named.conf.options dest=/etc/bind
  notify:
    - restart bind9
--- a/roles/dns-master/files/db.gsb.lan
+++ b/roles/dns-master/files/db.gsb.lan
@ -5,7 +5,7 @@
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023051000      ; Serial
+                        2023012500      ; Serial
                        7200	        ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
@ -36,5 +36,3 @@ s-web2          IN      A       192.168.101.2
 s-lb.gsb.lan    IN      A       192.168.100.10
 ns   	        IN      CNAME   s-infra.gsb.lan.
 wpad		IN	CNAME	s-infra.gsb.lan.	
 s-peertube	IN	A	192.168.100.20
 peertube 	IN 	CNAME 	s-peertube
--- a/roles/dns-master/files/db.gsb.lan.rev
+++ b/roles/dns-master/files/db.gsb.lan.rev
@ -5,7 +5,7 @@
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023040501      ; Serial
+                        2023012500      ; Serial
                        7200            ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
@ -28,3 +28,4 @@ $TTL    604800
 11.0	  IN	  PTR	  s-elk.gsb.lan.
 17.0	  IN	  PTR	  s-gestsup.lan
 254.0     IN      PTR     r-int.gsb.lan.
--- a/roles/elk/tasks/main.yml
+++ b/roles/elk/tasks/main.yml
@ -22,6 +22,6 @@
      replace: 'xpack.license.self_generated.type: basic'
  - name: Execution du fichier docker-compose.yml
-    shell: docker compose up -d
+    shell: docker-compose up -d
    args:
      chdir: /root/elk
--- a/roles/filebeat-cli/defaults/main.yml
+++ b/roles/filebeat-cli/defaults/main.yml
@ -1 +0,0 @@
 BEATVER: "8.5.3"
--- a/roles/filebeat-cli/handlers/main.yml
+++ b/roles/filebeat-cli/handlers/main.yml
@ -1,4 +1,4 @@
- name: restart filebeat
+- name: start filebeat
  service:
    name: filebeat
    state: started
--- a/roles/filebeat-cli/tasks/main.yml
+++ b/roles/filebeat-cli/tasks/main.yml
@ -1,12 +1,12 @@
 ---
 - name: Récupération de filebeat
  get_url:
-    url: http://s-adm.gsb.adm/gsbstore/filebeat-${BEATVAR}-amd64.deb
+    url: http://s-adm.gsb.adm/gsbstore/filebeat-7.16.3-amd64.deb
    dest: /tmp/
 - name: Installation de filebeat
  apt:
-    deb: /tmp/filebeat-${BEATVEAR}-amd64.deb
+    deb: /tmp/filebeat-7.16.3-amd64.deb
 - name: Changement du fichier de conf
  copy:
@ -15,9 +15,9 @@
 - name: Configuration de filebeat
  shell: filebeat modules enable system  
-  notify: restart filebeat
+  notify: start filebeat
 - name: Lancement de la configuration de filebeat
  shell: filebeat setup -e
-  notify: restart filebeat
+  notify: start filebeat
--- a/roles/fog/README.md
+++ b/roles/fog/README.md
@ -1,16 +0,0 @@
 # Fog
 Ce rôle permet l'installation et la modification de Fog.
 ## Fog, c'est quoi ?
 Fog permet le déploiement d'images disque tel que Windows ou bien Linux en utilisant PXE (Preboot Execution Environment).
 ## Comment l'installer ?
 Avant toute chose, lancer le fichier goss de s-fog ( présent dans gsb2023/goss/s-fog.yaml ) pour vérifier que la configuration réseau est correct et opérationnel. Une fois l'installation principale effectuée, il faut lancer le playbook ansible s-fog.yaml.
 Il faudra se rendre dans le dossier **fog** pour lancer le script **installfog.sh** ( fog/bin/ ). La configuration sera déjà établie via le fichier **.fogsettings**
--- a/roles/fog/files/fogsettings
+++ b/roles/fog/files/fogsettings
@ -1,46 +0,0 @@
 ## Start of FOG Settings
 ## Created by the FOG Installer
 ## Find more information about this file in the FOG Project wiki:
 ##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
 ## Version: 1.5.9
 ## Install time: jeu. 26 janv. 2023 11:41:05
 ipaddress='172.16.64.16'
 copybackold='0'
 interface='enp0s9'
 submask='255.255.255.0'
 hostname='s-fog.gsb.lan'
 routeraddress='192.168.99.99'
 plainrouter='192.168.99.99'
 dnsaddress='172.16.0.1'
 username='fogproject'
 password='/7ElC1OHrP47EN2w59xl'
 osid='2'
 osname='Debian'
 dodhcp='y'
 bldhcp='1'
 dhcpd='isc-dhcp-server'
 blexports='1'
 installtype='N'
 snmysqluser='fogmaster'
 snmysqlpass='HHO5vSGqFiHE_9d2lja3'
 snmysqlhost='localhost'
 mysqldbname='fog'
 installlang='0'
 storageLocation='/images'
 fogupdateloaded=1
 docroot='/var/www/html/'
 webroot='/fog/'
 caCreated='yes'
 httpproto='http'
 startrange='172.16.64.10'
 endrange='172.16.64.254'
 bootfilename='undionly.kpxe'
 packages='apache2 bc build-essential cpp curl g++ gawk gcc genisoimage git gzip htmldoc isc-dhcp-server isolinux lftp libapache2-mod-php7.4 libc6 libcurl4 li>
 noTftpBuild=''
 sslpath='/opt/fog/snapins/ssl/'
 backupPath='/home/'
 armsupport='0'
 php_ver='7.4'
 php_verAdds='-7.4'
 sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
 ## End of FOG Settings
--- a/roles/fog/tasks/main.yml
+++ b/roles/fog/tasks/main.yml
@ -1,15 +1,11 @@
 ---
 - name: creation d'un repertoire fog
  file:
    path: /root/tools/fog
    state: directory
 - name: recuperation de l'archive d'installation fog sur git
  git:
    repo: https://gitea.lyc-lecastel.fr/gadmin/fog.git
    dest: /root/tools/fog/
    clone: yes
    update: yes
    force: yes
 - name: Modification fichier bash (desac UDPCast)
  ansible.builtin.lineinfile:
@ -17,10 +13,3 @@
    regexp: '^configureUDPCast\(\).*'
    line: "configureUDPCast() {\nreturn"
    backup: yes
 - name: fichier config fogsettings
  command: "cp /root/tools/ansible/roles/fog/files/fogsettings /opt/fog/"
 - name: fichier fogsettings en .fogsettings
  command: "mv /opt/fog/fogsettings /opt/fog/.fogsettings"
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
@ -4,12 +4,10 @@
@def $DEV_PRIVATE = enp0s8;
@def $DEV_WORLD = enp0s9;
-@def $DEV_WORLD = enp0s9;
+
@def $DEV_VPN= wg0;
@def $NET_PRIVATE = 172.16.0.0/24;
 table filter {
    chain (INPUT OUTPUT){
        # allow VPN
 	proto udp dport 51820 ACCEPT;
@ -30,7 +28,7 @@ table filter {
        # allow SSH connections from the private network and from some
        # well-known internet hosts
-        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
+        saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT;
        # we provide DNS and SMTP services for the internal net
        interface $DEV_PRIVATE saddr $NET_PRIVATE {
@ -38,21 +36,20 @@ table filter {
            proto udp dport bootps ACCEPT;            
        }
-        # the rest is dropped by the above policy
+        # interface réseau 
        interface $DEV_WORLD {
        }
        # the rest is dropped by the above policy
    }#FIN INPUT
    # outgoing connections are not limited
-
+    chain OUTPUT policy ACCEPT;
    chain OUTPUT {
        policy ACCEPT;
    }#FIN OUTPUT
    chain FORWARD {
        policy ACCEPT;
        proto icmp icmp-type echo-request ACCEPT;
        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
@ -61,9 +58,6 @@ table filter {
        # internal nets are allowed
        interface $DEV_PRIVATE ACCEPT;
 	interface $DEV_VPN daddr $NET_PRIVATE {
 	proto tcp dport ssh DROP;
        }
        # the rest is dropped by the above policy
    }
 }
--- a/roles/fw-ferm/files/ferm.conf.r-vp2
+++ b/roles/fw-ferm/files/ferm.conf.r-vp2
@ -4,7 +4,7 @@
@def $DEV_PRIVATE = enp0s9;
@def $DEV_WORLD = enp0s8;
-@def $DEV_VPN= wg0;
+
@def $NET_PRIVATE = 172.16.0.0/24;
 table filter {
@ -27,7 +27,7 @@ table filter {
        # allow SSH connections from the private network and from some
        # well-known internet hosts
-        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
+        saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT;
        # we provide DNS and SMTP services for the internal net
        interface $DEV_PRIVATE saddr $NET_PRIVATE {
@ -35,7 +35,6 @@ table filter {
            proto udp dport bootps ACCEPT;
        }
        # interface réseau
        interface $DEV_WORLD {
@ -45,13 +44,11 @@ table filter {
    }#FIN INPUT
    # outgoing connections are not limited
-    chain OUTPUT {
+    chain OUTPUT policy ACCEPT;
-	policy ACCEPT;
+
 }
    chain FORWARD {
        policy ACCEPT;
 	proto icmp icmp-type echo-request ACCEPT;
        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
@ -60,9 +57,6 @@ table filter {
        # internal nets are allowed
        interface $DEV_PRIVATE ACCEPT;
 	interface $DEV_VPN daddr $NET_PRIVATE {
 	proto tcp dport ssh DROP;
 	}
        # the rest is dropped by the above policy
    }
 }
--- a/roles/goss/defaults/main.yml
+++ b/roles/goss/defaults/main.yml
@ -1,2 +1,3 @@
 depl_url: "http://s-adm.gsb.adm/gsbstore"
 depl_goss: "goss"
--- a/roles/goss/tasks/main.yml
+++ b/roles/goss/tasks/main.yml
@ -1,4 +1,5 @@
 ---
 - name: goss binary exists
  stat: path=/usr/local/bin/goss
  register: gossbin
@ -17,3 +18,4 @@
    mode: 0755
    remote_src: yes
  when: gossbin.stat.exists == false and ansible_hostname == "s-adm"
--- a/roles/lb-web/tasks/main.yml
+++ b/roles/lb-web/tasks/main.yml
@ -13,3 +13,16 @@
  apt:
    name: nfs-common
    state: present
 - name: montage nfs pour word press
  blockinfile:
    path: /etc/fstab
    block: |
      192.168.102.253:/home/wordpress /var/www/html nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0
      #- name: monte export wordpress
      #  ansible.posix.mount:
      #    path: /var/www/html
      #    state: mounted
      #    fstype: nfs
      #    src: 192.168.102.253:/exports/wordpress
--- a/roles/metricbeat-cli/defaults/main.yml
+++ b/roles/metricbeat-cli/defaults/main.yml
@ -1 +0,0 @@
 BEATVER: "8.5.3"
--- a/roles/metricbeat-cli/handlers/main.yml
+++ b/roles/metricbeat-cli/handlers/main.yml
@ -1,5 +1,5 @@
- name: restart metricbeat
+- name: start metricbeat
  service:
    name: metricbeat
-    state: restarted
+    state: started
    enabled: yes
--- a/roles/metricbeat-cli/tasks/main.yml
+++ b/roles/metricbeat-cli/tasks/main.yml
@ -1,12 +1,12 @@
 ---
 - name: Récupération de metricbeat
  get_url:
-    url: http://s-adm.gsb.adm/gsbstore/metricbeat-${BEATVER}-amd64.deb
+    url: http://s-adm.gsb.adm/gsbstore/metricbeat-7.16.3-amd64.deb
    dest: /tmp/
 - name: Installation de metricbeat
  apt:
-    deb: /tmp/metricbeat-${BEATVER}-amd64.deb
+    deb: /tmp/metricbeat-7.16.3-amd64.deb
 - name: Changement du fichier de conf
  copy:
@ -15,9 +15,9 @@
 - name: Configuration de metricbeat
  shell: metricbeat modules enable system  
-  notify: restart metricbeat
+  notify: start metricbeat
 - name: Lancement de la configuration de metricbeat
  shell: metricbeat setup -e
-  notify: restart metricbeat
+  notify: start metricbeat
--- a/roles/nagios/files/cfg/localhost.cfg
+++ b/roles/nagios/files/cfg/localhost.cfg
@ -26,7 +26,6 @@ define host {
    host_name               localhost
    alias                   localhost
    address                 127.0.0.1
    parents		    r-int
 }
--- a/roles/nagios/files/cfg/s-adm.cfg
+++ b/roles/nagios/files/cfg/s-adm.cfg
@ -9,6 +9,5 @@ define host{
        host_name               s-adm
        alias                   debian-servers
        address                 192.168.99.99
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-appli.cfg
+++ b/roles/nagios/files/cfg/s-appli.cfg
@ -9,6 +9,5 @@ define host{
        host_name               s-appli
        alias                   debian-servers
        address                 172.16.0.3
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-backup.cfg
+++ b/roles/nagios/files/cfg/s-backup.cfg
@ -9,6 +9,5 @@ define host{
        host_name               s-backup
        alias                   serveur proxy
        address                 172.16.0.4
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-fog.cfg
+++ b/roles/nagios/files/cfg/s-fog.cfg
@ -9,7 +9,6 @@ define host{
        host_name               s-fog
        alias                   serveur proxy
        address                 172.16.0.16
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-infra.cfg
+++ b/roles/nagios/files/cfg/s-infra.cfg
@ -9,6 +9,5 @@ define host{
        host_name               s-infra
        alias                   debian-servers
        address                 172.16.0.1
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-itil.cfg
+++ b/roles/nagios/files/cfg/s-itil.cfg
@ -9,7 +9,6 @@ define host{
        host_name               s-itil
        alias                   serveur proxy
        address                 172.16.0.9
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-nxc.cfg
+++ b/roles/nagios/files/cfg/s-nxc.cfg
@ -9,6 +9,5 @@ define host{
        host_name               s-nxc
        alias                   debian-servers
        address                 172.16.0.7
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-proxy.cfg
+++ b/roles/nagios/files/cfg/s-proxy.cfg
@ -9,7 +9,6 @@ define host{
        host_name               s-proxy
        alias                   serveur proxy
        address                 172.16.0.2
 	parents			r-int
        }
--- a/roles/nagios/files/cfg/s-win.cfg
+++ b/roles/nagios/files/cfg/s-win.cfg
@ -9,7 +9,6 @@ define host{
        host_name               s-win
        alias                   serveur proxy
        address                 172.16.0.6
 	parents			r-int
        }
--- a/roles/nxc-traefik/README.md
+++ b/roles/nxc-traefik/README.md
@ -35,24 +35,3 @@ Nextcloud est alors fonctionnel avec le proxy inverse **traefik** assurant la re
 ATTENTION : Après avoir relancé la VM, executez le script "nxc-start.sh" afin d'installer les piles applicatives.
 Une fois le script terminé, le site est disponible ici : https://s-nxc.gsb.lan
 ## 5. Ajout authentification LDAP
 Pour ajouter l'authentification LDAP au Nextcloud, il faut :
 * Une fois l'installation de Nextcloud terminé, cliquez sur le profil et Application
 * Dans vos applications, descendre et activer "LDAP user and group backend"
 * Puis cliquer sur le profil, puis Paramètres d'administration et dans Administration cliquer sur Intégration LDAP/AD
 * Une fois sur la page d'intégration LDAP/AD :
    * Dans Hôte mettre : 
        > ldap://s-win.gsb.lan
    * Cliquer sur Détecter le port (normalement le port 389 apparait)
    * Dans DN Utilisateur mettre :
        > CN=nextcloud,CN=Users,DC=GSB,DC=LAN
    * Mot de passe : 
        > Azerty1+
    * Et dans Un DN de base par ligne : 
        > DC=GSB,DC=LAN
 * Après la configuration passe OK
 * Une fois la configuration finie, cliquer 3 fois sur continuer
 * Une fois arrivé sur Groupes, vous pouvez vous déconnecter du compte Admin et vous connecter avec un compte qui est dans l'AD.
--- a/roles/peertube-k3s/README.md
+++ b/roles/peertube-k3s/README.md
--- a/roles/peertube-k3s/tasks/main.yml
+++ b/roles/peertube-k3s/tasks/main.yml
@ -1,22 +0,0 @@
 ---
  - name: mise a jour de resolv.conf...
    copy:
      src: /root/tools/ansible/gsb2023/roles/peertube/files/resolv.conf
      dest: /etc/
      mode: '0644'
  - name: installation de docker...
    shell: curl https://releases.rancher.com/install-docker/20.10.sh | sh
  - name: attente de l'installation de docker...
    wait_for:
      timeout: 30
      host: localhost
  - name: installation de k3s...
    shell: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--node-ip=192.168.100.20 --flannel-iface=enp0s8" sh -s - --docker
  - name: attente de l'installation de k3s...
    wait_for:
      timeout: 25
      host: localhost
--- a/roles/peertube/README.md
+++ b/roles/peertube/README.md
--- a/roles/peertube/files/finish
+++ b/roles/peertube/files/finish
@ -1,9 +0,0 @@
 MYHOST=peertube.gsb.lan;
 export KUBECONFIG=/etc/rancher/k3s/k3s.yaml;
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.cert -subj /CN="${MYHOST}"/O="${MYHOST}" -addext "subjectAltName = DNS:${MYHOST}";
 kubectl create secret tls tls-peertube --key tls.key --cert tls.cert;
 helm repo add postgresql https://charts.bitnami.com/bitnami;
 helm repo add redis https://charts.bitnami.com/bitnami;
 helm repo add mail https://bokysan.github.io/docker-postfix;
 helm install --create-namespace -n peertube peertube-gsb /root/tools/peertube/helm/ ;
 kubectl config view --raw > ~/.kube/config
--- a/roles/peertube/files/resolv.conf
+++ b/roles/peertube/files/resolv.conf
@ -1,4 +0,0 @@
 domain gsb.lan
 search gsb.lan
 nameserver 172.16.0.1
 nameserver 192.168.99.99
--- a/roles/peertube/files/values.yaml
+++ b/roles/peertube/files/values.yaml
@ -1,139 +0,0 @@
 replicaCount: 1
 image:
  repository: chocobozzz/peertube
  pullPolicy: IfNotPresent
  tag: "v5.0.1-bullseye"
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  create: false
  annotations: {}
  name: ""
 podAnnotations: {}
 podSecurityContext: {}
 securityContext: {}
 service:
  type: ClusterIP
  port: 9000
  nginxPort: 9001
 ## default config for postgresql should work, but feel free to modify it if required.
 # must stay consistent with peertube configuration, otherwise peertube will crash
 postgresql:
  enabled: true
  primary:
    persistence:
      enabled: true
      existingClaim: "pvc-postgres"
  global:
    postgresql:
      auth:
        postgrePassword: "admin"
        username: "user"
        password: "user"
        database: "peertube"
 ## the main list of variables tha will be applied in the peertube container
 # any error or misconfiguration will make peertube crash.
 peertube:
  env:
    dbUser: user # must be consistent with postgresql configuration
    dbPasswd: user # must be consistent with postgresql configuration
    dbSsl: false # disabled by default WARNING: ssl connection feature not tested, use at your own risk
    dbHostname: peertube-gsb-postgresql # must be consistent with postgresql configuration
    webHostname: peertube.gsb.lan # must be changed to your local setup
    secret: b2753b0f37444974de0e81f04815e6a889fcf8960bd203a01b624d8fa8a37683
    smtpHostname: peertube-gsb-mail # must be consistent with mail configuration
    smtpPort: 587 # must be consistent with mail configuration
    smtpFrom: noreply@lan.lan # not configured by default, add something meaningfull if you want
    smtpTls: false # disabled by default WARNING: tls connection feature not tested, use at your own risk
    smtpDisableStartTls: false # unless crashes related to tls/ssl, this should be unchanged
    adminEmail: root@localhost.lan # use this if you want peopleto be able to reach you 
    redisHostname: peertube-gsb-redis-master # must be consistent with redis configuration
    redisAuth: peertube # must be consistent with redis configuration
  app:
    userCanRegister: true # control if people can register by themselves
    rootPasswd: rootroot # CHANGE THIS! the default admin username is 'root' this variable define the password
 ## the next section configure at wich quality videos will be transcoded 
    transcoding360: true
    transcoding480: true
    transcoding720: true
    transcoding1080: false
    transcoding2160: false
 ## the configuration of the postfix server called 'mail' here 
 # change these settings if you know what you are doing
 mail:
  enbled: true
  config:
    general:
      ALLOWED_SENDER_DOMAINS: "yes" 
      DKIM_AUTOGENERATE: "yes"
    opendkim:
      RequireSafeKeys: "no"
    postfix:
       smtp_tls_security_level: "secure" # works by default, any other tls level is untested
  persistence:
    enabled: false
  service:
    port: 587
 ## the configuration of the redis server
 redis:
  master:
    persistence:
      enabled: true
      existingClaim: "pvc-redis"
  replica:
    persistence:
      enabled: true
      existingClaim: "pvc-redis"
  auth:
    enbled: true
    password: "peertube"
 ## ingress configuration is very specific this part must be configured or else you'll get 503 or 404 errors
 ingress:
  enabled: true
  className: ""
  annotations: 
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/proxy-body-size: 6G # this caps the size of imported videos, if set low this might prevent you from uploading videos
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: peertube.gsb.lan
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: tls-peertube
    - hosts:
      - peertube.gsb.lan
 resources: {}
 autoscaling:
  enabled: false
  minimumReplicas: 3
  maximumReplicas: 20
  targetCPUUtilizationPercentage: 90
  targetMemoryUtilizationPercentage: 75
  windowSeconds: 120
  minCPUPercentage: 20
  minMemoryPercentage: 30
 ## this section should be configured to match your needs and available ressources
 persistence:
  enabled: true
  reclaimPolicy: Retain
  redisVolumeStorage: 1Gi
  peertubeVolumeStorage: 5Gi
  postgresqlVolumeStorage: 1Gi
  accessMode: ReadWriteOnce 
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/roles/peertube/tasks/main.yml
+++ b/roles/peertube/tasks/main.yml
@ -1,28 +0,0 @@
 ---
  - name: création du répertoire du dépot peertube...
    file:
      path: /root/tools/peertube
      state: directory
      mode: '0755'
  - name: clonage du dépot peertube...
    git:
      repo: https://github.com/Elam-Monnot/Peertube-helm.git
      dest: /root/tools/peertube
      clone: yes
      force: yes
  - name: copie de values.yaml...
    copy:
      src: /root/tools/ansible/gsb2023/roles/peertube/files/values.yaml
      dest: /root/tools/peertube/helm/
      mode: '0644'
  - name: copie du script finish...
    copy:
      src: /root/tools/ansible/gsb2023/roles/peertube/files/finish
      dest: /root
      mode: '0644'
  - name: installation de helm...
    shell: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
--- a/roles/post-lb/README.md
+++ b/roles/post-lb/README.md
@ -1,7 +0,0 @@
 # Rôle Post
 Le rôle "post" copie la configuration des interfaces des cartes réseaux nécessaires selon la machine sur laquelle on exécute le rôle. Il place cette configuration dans /etc/network/interfaces.
 Ensuite, on copie le fichier "resolv.conf" dans /etc/ lorsque que la machine qui exécute le rôle n'est pas "s-adm", "s-proxy" ou "r-vp2".
 Cependant, si la machine qui exécute le rôle est "s-proxy", on copie le fichier "resolv.conf.s-proxy" dans /etc/resolv.conf
--- a/roles/post-lb/files/interfaces.s-lb-web1
+++ b/roles/post-lb/files/interfaces.s-lb-web1
@ -1,21 +0,0 @@
 ### 0.2 - putconf - jeudi 7 janvier 2016, 16:18:49 (UTC+0100)
 # The loopback network interface
 auto lo
 iface lo inet loopback
 # carte n-adm
 allow-hotplug enp0s3
 iface enp0s3 inet static
 	address 192.168.99.101/24
 # Réseau n-dmz-lb
 allow-hotplug enp0s8
 iface enp0s8 inet static
        address 192.168.101.1/24
 # réseau n-dmz-db
 allow-hotplug enp0s9
 iface enp0s9 inet static
        address 192.168.102.1/24
 	post-up mount -o rw 192.168.102.253:/home/wordpress /var/www/html
--- a/roles/post-lb/files/interfaces.s-lb-web2
+++ b/roles/post-lb/files/interfaces.s-lb-web2
@ -1,21 +0,0 @@
 ### 0.2 - putconf - jeudi 7 janvier 2016, 16:18:49 (UTC+0100)
 # The loopback network interface
 auto lo
 iface lo inet loopback
 # carte n-adm
 allow-hotplug enp0s3
 iface enp0s3 inet static
 	address 192.168.99.101/24
 # Réseau n-dmz-lb
 allow-hotplug enp0s8
 iface enp0s8 inet static
        address 192.168.101.1/24
 # réseau n-dmz-db
 allow-hotplug enp0s9
 iface enp0s9 inet static
        address 192.168.102.1/24
 	post-up mount -o rw 192.168.102.253:/home/wordpress /var/www/html
--- a/roles/post-lb/files/resolv.conf
+++ b/roles/post-lb/files/resolv.conf
@ -1,4 +0,0 @@
 search gsb.lan
 domain gsb.lan
 nameserver 172.16.0.1
--- a/roles/post-lb/tasks/main.yml
+++ b/roles/post-lb/tasks/main.yml
@ -1,24 +0,0 @@
 ---
 - name: Copie interfaces
  copy: src=interfaces.{{ ansible_hostname }} dest=/etc/network/interfaces
 - name: Copie resolv.conf
  copy: src=resolv.conf dest=/etc/
  when: ansible_hostname != "s-adm" and ansible_hostname != "s-proxy"
 - name: pas de chgt resolv.conf pour r-vp2
  meta: end_play
  when: ansible_hostname == "r-vp2"
 - name: Copie resolv.conf pour s-proxy
  copy: src=resolv.conf.s-proxy dest=/etc/resolv.conf
  when: ansible_hostname == "s-proxy"
 #- name: Confirm
 #  prompt: "<Entree> pour redemarrer ..."
 #- name: Reboot
 #  shell: reboot
--- a/roles/post/files/interfaces.r-int
+++ b/roles/post/files/interfaces.r-int
@ -34,4 +34,4 @@ iface enp0s10 inet static
 allow-hotplug enp0s16
 iface enp0s16 inet static
 	address 172.16.0.254/24
-	post-up sleep 10 && systemctl restart isc-dhcp-server	
+	
--- a/roles/post/files/interfaces.r-vp1-cs
+++ b/roles/post/files/interfaces.r-vp1-cs
@ -0,0 +1,26 @@
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
 # The loopback network interface
 #auto lo
 #iface lo inet loopback
 #cote N-adm
 allow-hotplug enp0s3
 iface enp0s3 inet dhcp
 # reseau entre vpn
 allow-hotplug enp0s8
 iface enp0s8 inet static
 	address 192.168.0.51
 	netmask 255.255.255.0
 # reseau interne n-linkv
 allow-hotplug enp0s9
 iface enp0s9 inet static
 	address 192.168.1.2
 	netmask 255.255.255.0
 	up route add -net 172.16.128.0/24 gw 192.168.1.2
 	up route add default gw 192.168.1.1
 #	post-up /bin/bash /root/iptables-vpn
 	post-up /etc/init.d/ipsec restart
--- a/roles/post/files/interfaces.r-vp2-cs
+++ b/roles/post/files/interfaces.r-vp2-cs
@ -0,0 +1,25 @@
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
 # The loopback network interface
 #auto lo
 #iface lo inet loopback
 # cote N-adm
 allow-hotplug enp0s3
 iface enp0s3 inet dhcp
 # cote Agence
 allow-hotplug enp0s8
 iface enp0s8 inet static
 	address 172.16.128.254
 	netmask 255.255.255.0
 # cote VPN
 allow-hotplug enp0s9
 iface enp0s9 inet static
 	address 192.168.0.52
 	netmask 255.255.255.0
 	up route add -net 192.168.1.0/24 gw 172.16.128.254
 #	post-up /bin/bash /root/iptables-vpn
 	post-up /etc/init.d/ipsec restart
--- a/roles/post/files/interfaces.s-peertube
+++ b/roles/post/files/interfaces.s-peertube
@ -1,17 +0,0 @@
 ### 0.1 - putconf - jeudi 30 mars 2023, 8:11:30 (UTC+0100)
 # The loopback network interface
 auto lo
 iface lo inet loopback
 # carte n-adm
 allow-hotplug enp0s3
 iface enp0s3 inet static
 	address 192.168.99.120/24
 	gateway 192.168.99.99
 # Réseau n-dmz
 allow-hotplug enp0s8
 iface enp0s8 inet static
        address 192.168.100.20/24
 	post-up systemctl start k3s 
--- a/roles/post/tasks/main.yml
+++ b/roles/post/tasks/main.yml
@ -21,3 +21,4 @@
 #- name: Reboot
 #  shell: reboot
--- a/roles/r-int/tasks/main.yml
+++ b/roles/r-int/tasks/main.yml
@ -17,13 +17,3 @@
  #- name: extraction fog.tar.gz
  #unarchive: src=/tmp/fog.tar.gz  dest=/var/www/ copy=no
 #- name: delais 2 secondes isc-dhcp-service
 #  become: yes
 #  lineinfile:
 #    path: /etc/init.d/isc-dhcp-server
 #    insertafter: '^\s+start\)$'
 #    line: "                sleep 2"
 #    firstmatch: yes
 #    state: present
 #    backup: yes
--- a/roles/wireguard-l/README.md
+++ b/roles/wireguard-l/README.md
@ -1,5 +1,5 @@
 #ajout du sleep 5
-~~éditer "/etc/init.d/isc-dhcp-server"~~
+éditer "/etc/init.d/isc-dhcp-server"
-~~aller au "case \"$1\" in" et rajouter "sleep 5" avant le "if"~~
+aller au "case \"$1\" in" et rajouter "sleep 5" avant le "if"
--- a/roles/wireguard-l/tasks/main.yml
+++ b/roles/wireguard-l/tasks/main.yml
@ -14,15 +14,7 @@
    name: wireguard-tools
    state: present
- name: delais 2 secondes isc-dhcp-service
+
  become: yes
  lineinfile:
    path: /etc/init.d/isc-dhcp-server
    insertafter: '^\s+start\)$'
    line: "                sleep 2"
    firstmatch: yes
    state: present
    backup: yes
 #- name: renommage du fichier de configuration
 #  command: "mv /etc/wireguard/wg0-b.conf /etc/wireguard/wg0.conf"
--- a/roles/wireguard-r/README.md
+++ b/roles/wireguard-r/README.md
@ -1,32 +1,19 @@
-
+Procédure d'installation de **r-vp1** et de copie du fichier wg0-b.conf.
 # <p align="center">Procédure d'installation </p>
 de **r-vp1** et de copie du fichier wg0-b.conf.
 ***
 ## Sur **r-vp1**:
 Attendre la fin de l'installation. Ensuite lancer un serveur http avec python3 pour récuperer le fichier wg0-b.conf sur **r-vp2** . 
 ### 🛠️ Lancer le script
 ```bash
 cd /tools/ansible/gsb2023/Scripts
 ```
 ```bash
 bash r-vp1-post.sh
 ```
 ## Sur **r-vp2**:
-Lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
+Depuis **r-vp1** se deplacer dans le repertoire **/tools/ansible/gsb2023** pour executer le playbook:
-### 🛠️ Lancer le script
+**"ansible-playbook -i localhost, -c local r-vp1.yml"** puis reboot **r-vp1**.
-```bash
+
-cd /tools/ansible/gsb2023/Scripts
+
-```
+Sur **r-vp1**:
-```bash
+
-bash r-vp2-post.sh
+Attendre la fin de l'installation. Ensuite lancer un serveur http avec python3 pour récuperer le fichier
-```
+wg0-b.conf sur **r-vp2** . Lancer le script **r-vp1-post.sh** dans **/tools/ansible/gsb2023/Scripts**.
-## Fin
+
 Sur **r-vp2**:
 Lancer le script r-vp2-post.sh dans **/tools/ansible/gsb2023/Scripts** pour recuperer wg0-b.conf
 et qui renomme le fichier en **wg0.conf** . Il redémarre et active le service **wg-quick@wg0**.
 redemarer les machines
 ```bash
 reboot
 ```
--- a/s-adm.yml
+++ b/s-adm.yml
@ -4,6 +4,7 @@
  roles:
    - base
    - goss
    - s-ssh
    - dnsmasq
    - squid
@ -11,4 +12,3 @@
    - snmp-agent
    - syslog-cli
    - post
 #    - goss
--- a/s-lb-web1.yml
+++ b/s-lb-web1.yml
@ -4,7 +4,7 @@
  roles:
    - base
-    - post-lb
+    - post
    - lb-web
    - snmp-agent
    - ssh-cli
--- a/s-lb-web2.yml
+++ b/s-lb-web2.yml
@ -4,8 +4,7 @@
  roles:
    - base
-    - post-lb
+    - post
    - lb-web
    - snmp-agent
    - ssh-cli
--- a/s-peertube.yml
+++ b/s-peertube.yml
@ -1,11 +0,0 @@
 ---
 - hosts: localhost
  connection: local
  roles:
    - base
    - post
    - snmp-agent
    - ssh-cli
    - peertube-k3s
    - peertube
--- a/scripts/Debian11/chname
+++ b/scripts/Debian11/chname
@ -0,0 +1,9 @@
 #!/bin/bash
 if [[ $1 == "version" ]] ; then
 	echo 'chname v1.0 pour debian 11'
 	exit 0
 fi
 sed -i "s/bullseye/$1/g" /etc/host{s,name}
 echo 'redemarrer pour finaliser le changement du nom'
 exit 0
--- a/scripts/Debian11/gsb-start
+++ b/scripts/Debian11/gsb-start
@ -0,0 +1 @@
 apt update;upgrade -y;mkdir -p /root/tools/ansible;cd /root/tools/ansible;git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git;cd gsb2023/pre;export DEPL=192.168.99.99;bash gsbboot;cd ../..;bash pull-config
--- a/scripts/Debian11/s-adm-start
+++ b/scripts/Debian11/s-adm-start
@ -0,0 +1,4 @@
 apt update;apt upgrade -y;
 mkdir -p tools/ansible;cd tools/ansible;git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git;
 cd gsb2023/pre;bash inst-depl;cd /var/www/html/gsbstore;bash getall;
 cd /root/tools/ansible/gsb2023/pre;bash gsbboot; cd ..;bash pull-config;
--- a/scripts/addint.s-peertube
+++ b/scripts/addint.s-peertube
@ -1,18 +0,0 @@
 #!/bin/bash
 nom=s-peertube
 # N-adm (enp0s3)
 VBoxManage modifyvm $nom --nic1 intnet
 VBoxManage modifyvm $nom --intnet1 "n-adm"
 VBoxManage modifyvm $nom --nictype1 82540EM
 VBoxManage modifyvm $nom --cableconnected1 on
 VBoxManage modifyvm $nom --nicpromisc1 allow-all
 # N-dmz (enp0s8)
 VBoxManage modifyvm $nom --nic2 intnet
 VBoxManage modifyvm $nom --intnet2 "n-dmz"
 VBoxManage modifyvm $nom --nictype2 82540EM
 VBoxManage modifyvm $nom --cableconnected2 on
 VBoxManage modifyvm $nom --nicpromisc2 allow-all
--- a/scripts/debian11/chname
+++ b/scripts/debian11/chname
@ -1,14 +0,0 @@
 #!/bin/bash
 if [[ $# != 1 ]] ; then
 	echo "$0 - renomme une VM"  
 	echo "usage : $0 <nouveaunom> "
 	exit 1
 fi
 if [[ $1 == "version" ]] ; then
 	echo 'chname v1.1 pour debian 11'
 	exit 0
 fi
 oldname=$(hostname)
 sed -i "s/${oldname}/$1/g" /etc/host{s,name}
 echo 'redemarrer pour finaliser le changement du nom'
 exit 0
--- a/scripts/debian11/gsb-start
+++ b/scripts/debian11/gsb-start
@ -1,11 +0,0 @@
 #!/bin/bash
 apt-get  update
 #upgrade -y
 mkdir -p /root/tools/ansible
 cd /root/tools/ansible
 git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git
 cd gsb2023/pre
 export DEPL=192.168.99.99
 bash gsbboot
 cd ../..
 bash pull-config
--- a/scripts/debian11/s-adm-start
+++ b/scripts/debian11/s-adm-start
@ -1,15 +0,0 @@
 #!/bin/bash
 apt-get  update
 #apt upgrade -y;
 mkdir -p tools/ansible
 cd tools/ansible
 git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git;
 cd gsb2023/pre
 bash inst-depl
 cd /var/www/html/gsbstore
 bash getall
 cd /root/tools/ansible/gsb2023/pre
 bash gsbboot
 cd ..
 bash pull-config
--- a/scripts/mkvm
+++ b/scripts/mkvm
@ -1,9 +1,9 @@
 #!/bin/bash
-mkvmrelease="v1.2.2"
+mkvmrelease="v1.2.1"
-ovarelease="2023b"
+ovarelease="2023a"
-ovafogrelease="2023b"
+ovafogrelease="2023a"
 ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova"
 ovafilefog="$HOME/Téléchargements/debian-buster-gsb-${ovafogrelease}.ova"
 deletemode=0
@ -110,8 +110,6 @@ elif [[ "${vm}" == "s-lb-bd" ]] ; then
        create_if "${vm}" "n-adm" "n-dmz-db"
 elif [[ "${vm}" == "s-nas" ]] ; then
        create_if "${vm}" "n-adm" "n-dmz-db"
 elif [[ "${vm}" == "s-peertube" ]] ; then
 	./addint.s-peertube
 elif [[ "${vm}" == "r-vp1" ]] ; then
 	./addint.r-vp1
 elif [[ "${vm}" == "r-vp2" ]] ; then
--- a/scripts/mkvm.ps1
+++ b/scripts/mkvm.ps1
@ -3,9 +3,9 @@
 #mkvm pour toutes les vms
-$mkvmrelease="v1.2.2"
+$mkvmrelease="v1.2"
-$ovarelease="2023b"
+$ovarelease="2023a"
-$ovafogrelease="2023b"
+$ovafogrelease="2023a"
 $ovafile="$HOME\Downloads\debian-bullseye-gsb-${ovarelease}.ova"
 $ovafilefog="$HOME\Downloads\debian-buster-gsb-${ovafogrelease}.ova"
 $vboxmanage="C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"
--- a/windows/mkusr-backup.cmd
+++ b/windows/mkusr-backup.cmd
@ -1,4 +1,3 @@
@echo off
 net group gg-backup /ADD
 call mkusr uBackup "u-backup" gg-backup
 icacls "C:\gsb\partages\public" /Grant:r uBackup:M /T
--- a/windows/mkusr-compta.cmd
+++ b/windows/mkusr-compta.cmd
@ -1,4 +1,3 @@
@echo off
 call mkusr aDupont "Albert Dupon" gg-compta
 call mkusr cSeum "Claire Seum" gg-compta
 call mkusr nPaul "Nicolas Paul" gg-compta
--- a/windows/mkusr-nextcloud.cmd
+++ b/windows/mkusr-nextcloud.cmd
@ -1,2 +0,0 @@
@echo off
 call mkusr nextcloud "nextcloud" nextcloud
`@ -1,2 +1,3 @@`
	`depl_url: "http://s-adm.gsb.adm/gsbstore"`	`depl_url: "http://s-adm.gsb.adm/gsbstore"`
	`depl_goss: "goss"`	`depl_goss: "goss"`
`@ -21,3 +21,4 @@`

	`#- name: Reboot`	`#- name: Reboot`
	`# shell: reboot`	`# shell: reboot`
		`@ -0,0 +1 @@`
							`apt update;upgrade -y;mkdir -p /root/tools/ansible;cd /root/tools/ansible;git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git;cd gsb2023/pre;export DEPL=192.168.99.99;bash gsbboot;cd ../..;bash pull-config`
		`@ -1,2 +0,0 @@`
			`@echo off`
			`call mkusr nextcloud "nextcloud" nextcloud`