Merge branch 'main' of https://gitea.lyc-lecastel.fr/gadmin/gsb2023

r-vp1.yml

@@ -15,6 +15,7 @@
 #   - firewall-vpn-r
    - wireguard-r
 #   - x509-r
+   - fw-ferm
    - ssh-cli
    - syslog-cli
    - post

r-vp2.yml

@@ -18,6 +18,7 @@
 #   - firewall-vpn-l
    - wireguard-l
 #   - x509-l
+   - fw-ferm
    - ssh-cli
    - syslog-cli
    - post

roles/fw-ferm-2/README.md

@@ -1,19 +0,0 @@
-[Ferm]:http://ferm.foo-projects.org/ 
-
-Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables
-```bash
-update-alternatives --set iptables /usr/sbin/iptables-legacy
-```
-
-Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html
-```bash
-sudo nmap -p51820  192.168.0.51
-```(r-vp1)
-```bash
-sudo nmap -p51820  192.168.0.52
-```(r-vp2)
-
-Sortie :
-`PORT      STATE    SERVICE
-51820/tcp filtered unknown`
-Faire des ping!

roles/fw-ferm/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
+- name: copie du ferm.conf
+  copy:
+    src: ferm.conf.{{ ansible_hostname }}
+    dest: /etc/ferm/ferm.conf
+
+- name: redemarage service ferm
+  ansible.builtin.service:
+    name: ferm.service
+    state: restarted

roles/wireguard-l/tasks/main.yml

@@ -4,16 +4,16 @@
     name: wireguard
     state: present
 
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
 - name: installation de wireguard-tools
   apt:
     name: wireguard-tools
     state: present
 
-#- name: installation de sshpass
-#  apt:
-#    name: sshpass
-#    state: present
-
 #- name: copie du fichier de configuration depuis r-vp1
 #  command: "sshpass -p 'root' scp -r root@192.168.99.112:/root/confwg/wg0-b.conf /etc/wireguard/"
 

roles/wireguard-r/tasks/main.yml

@@ -4,6 +4,11 @@
     name: wireguard
     state: present
 
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
 - name: installation de wireguard-tools
   apt:
     name: wireguard-tools
@@ -27,12 +32,10 @@
 - name: copie du fichier de configuration
   copy:
     src: /root/confwg/wg0-a.conf
-    dest: /etc/wireguard
+    dest: /etc/wireguard/wg0.conf
 
-- name: renommage fichier de configuration
+- name: Restart service httpd, in all cases
-  command: "mv /etc/wireguard/wg0-a.conf /etc/wireguard/wg0.conf"
+  ansible.builtin.service:
-
+    name: wg-quick@wg0
-- name: demarrage du service wireguard
+    enabled: yes
-  tags: aaaa
+    state: restarted
-  command: "systemctl enable wg-quick@wg0"
-  command: "systemctl restart wg-quick@wg0"

s-lb-bd.yml

@@ -1,24 +1,49 @@
 ---
- - hosts: localhost
+- hosts: all
-   connection: local
+  become: true
-   vars:
+  tasks:
-        maria_dbhost: "192.168.102.254"
-        maria_dbname: "wordpress"
-        maria_dbuser: "wp"
-        maria_dbpasswd: "wp"
 
+  - name: modules python pour
+    apt:
+      name: python3-pymysql
+      state: present
 
-   roles:
+  - name: install mariadb-server
-     - base
+    apt:
-     - goss
+      name: mariadb-server
-     - post
+      state: present
-     #- s-lb-bd-ab
+
-     - mariadb-ab
+  - name: Cree Bd wordpress
-#     - role: db-user
+    mysql_db:
-#       cli_ip: "192.168.102.1"
+      db: wordpressdb
-#     - role: db-user
+      login_unix_socket: /var/run/mysqld/mysqld.sock
-#       cli_ip: "192.168.102.2"
+      state: present
-#     - role: db-user
+
-#       cli_ip: "192.168.102.3"     
+  - name: Ouvre port 3306 mariadb-server
-     - snmp-agent
+    replace:
-#     - post
+      path: /etc/mysql/mariadb.conf.d/50-server.cnf
+      regexp: '^bind-address.*'
+      replace: '#bind-adress = 127.0.0.1'
+      backup: yes
+    notify: restart mariadb
+
+  - name: Create MySQL user for wordpress
+    mysql_user:
+      name: wordpressuser
+      password: wordpresspasswd
+      priv: "wordpressdb.*:ALL"
+      host: '%'
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  handlers:
+    - name: restart mariadb
+      ansible.builtin.service:
+        name: mariadb
+        state: restarted
+
+  roles:
+    - base
+    - goss
+    - post
+    - snmp-agent