Compare commits
5 Commits
v0.0.3l-em
...
v0.0.3o-jl
| Author | SHA1 | Date | |
|---|---|---|---|
| 76b4ceabe3 | |||
| 0988c9729e | |||
| 9bcfcc6305 | |||
| 4cb8aa49b9 | |||
| 340333d5d1 |
12
goss/list-goss
Normal file
12
goss/list-goss
Normal file
@ -0,0 +1,12 @@
|
||||
cd goss/
|
||||
goss -g r-vp1.yaml v
|
||||
goss -g r-vp1.yaml aa wireguard
|
||||
goss add interface enp0s3
|
||||
goss add interface enp0s8
|
||||
goss add interface enp0s9
|
||||
goss add interface wg0
|
||||
goss aa wireguard
|
||||
goss add package wireguard-tools
|
||||
goss add service wg-quick@wg0
|
||||
goss add command "ping -c4 10.0.0.2"
|
||||
goss add file "/etc/wireguard/wg0.conf"
|
||||
63
roles/fw-ferm-1/ferm.conf
Normal file
63
roles/fw-ferm-1/ferm.conf
Normal file
@ -0,0 +1,63 @@
|
||||
# -*- shell-script -*-
|
||||
#
|
||||
# Ferm script r-vp1
|
||||
|
||||
@def $DEV_PRIVATE = enp0s8;
|
||||
@def $DEV_WORLD = enp0s9;
|
||||
|
||||
@def $NET_PRIVATE = 172.16.0.0/24;
|
||||
|
||||
table filter {
|
||||
chain (INPUT OUTPUT){
|
||||
# allow VPN
|
||||
proto udp dport 51820 ACCEPT;
|
||||
}
|
||||
chain INPUT {
|
||||
policy DROP;
|
||||
|
||||
# connection tracking
|
||||
mod state state INVALID DROP;
|
||||
mod state state (ESTABLISHED RELATED) ACCEPT;
|
||||
|
||||
# allow local connections
|
||||
interface lo ACCEPT;
|
||||
|
||||
# respond to ping
|
||||
proto icmp icmp-type echo-request ACCEPT;
|
||||
|
||||
|
||||
# allow SSH connections from the private network and from some
|
||||
# well-known internet hosts
|
||||
saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT;
|
||||
|
||||
# we provide DNS and SMTP services for the internal net
|
||||
interface $DEV_PRIVATE saddr $NET_PRIVATE {
|
||||
proto (udp tcp) dport domain ACCEPT;
|
||||
proto udp dport bootps ACCEPT;
|
||||
}
|
||||
|
||||
# interface réseau
|
||||
interface $DEV_WORLD {
|
||||
|
||||
}
|
||||
|
||||
# the rest is dropped by the above policy
|
||||
}#FIN INPUT
|
||||
|
||||
# outgoing connections are not limited
|
||||
chain OUTPUT policy ACCEPT;
|
||||
|
||||
chain FORWARD {
|
||||
policy ACCEPT;
|
||||
|
||||
# connection tracking
|
||||
mod state state INVALID DROP;
|
||||
mod state state (ESTABLISHED RELATED) ACCEPT;
|
||||
|
||||
# connections from the internal net to the internet or to other
|
||||
# internal nets are allowed
|
||||
interface $DEV_PRIVATE ACCEPT;
|
||||
|
||||
# the rest is dropped by the above policy
|
||||
}
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
- name: 00 - cree repertoire wordpress pour export nfs
|
||||
file:
|
||||
path: /exports/wordpress
|
||||
path: /home/wordpress
|
||||
state: directory
|
||||
|
||||
- name: 05 - Install nfs-server
|
||||
@ -12,23 +12,17 @@
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/exports
|
||||
block: |
|
||||
/exports/wordpress 192.168.56.0/255.255.255.0 (rw,no_root_squash,subtree_check)
|
||||
|
||||
|
||||
- name: 15 - Recupere wordpress.tar.gz
|
||||
get_url:
|
||||
url: "https://fr.wordpress.org/latest-fr_FR.tar.gz"
|
||||
dest: /tmp/wordpress-6.1.1-fr_FR.tar.gz
|
||||
/home/wordpress 192.168.102.0/255.255.255.0(rw,no_root_squash,subtree_check)
|
||||
|
||||
- name: 20 - decompresse wordpress
|
||||
unarchive:
|
||||
src: /tmp/wordpress-6.1.1-fr_FR.tar.gz
|
||||
dest: /exports/
|
||||
src: https://fr.wordpress.org/latest-fr_FR.tar.gz
|
||||
dest: /home/
|
||||
remote_src: yes
|
||||
|
||||
- name: 22 - change owner et group pour repertoire wordpress
|
||||
file:
|
||||
path: /exports/wordpress
|
||||
path: /home/wordpress
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: www-data
|
||||
@ -36,13 +30,13 @@
|
||||
|
||||
- name: 30 - genere fichier de config wordpress
|
||||
copy:
|
||||
src: /exports/wordpress/wp-config-sample.php
|
||||
dest: /exports/wordpress/wp-config.php
|
||||
src: /home/wordpress/wp-config-sample.php
|
||||
dest: /home/wordpress/wp-config.php
|
||||
remote_src: yes
|
||||
|
||||
- name: 35 - ajuste variable dbname dans fichier de config wp-config.php
|
||||
replace:
|
||||
path: /exports/wordpress/wp-config.php
|
||||
path: /home/wordpress/wp-config.php
|
||||
regexp: "votre_nom_de_bdd"
|
||||
replace: "wordpressdb"
|
||||
backup: yes
|
||||
@ -50,21 +44,21 @@
|
||||
|
||||
- name: 40 ajuste variable dbusername dans fichier de config wp-config.php
|
||||
replace:
|
||||
path: /exports/wordpress/wp-config.php
|
||||
path: /home/wordpress/wp-config.php
|
||||
regexp: "votre_utilisateur_de_bdd"
|
||||
replace: "wordpressuser"
|
||||
backup: yes
|
||||
|
||||
- name: 45 - ajuste variable mdp dans fichier de config wp-config.php
|
||||
replace:
|
||||
path: /exports/wordpress/wp-config.php
|
||||
path: /home/wordpress/wp-config.php
|
||||
regexp: "votre_mdp_de_bdd"
|
||||
replace: "wordpresspasswd"
|
||||
backup: yes
|
||||
|
||||
- name: 50 - ajuste hostname fichier wp-config.php
|
||||
replace:
|
||||
path: /exports/wordpress/wp-config.php
|
||||
path: /home/wordpress/wp-config.php
|
||||
regexp: "localhost"
|
||||
replace: "192.168.102.253"
|
||||
backup: yes
|
||||
@ -74,4 +68,3 @@
|
||||
name: nfs-server
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
|
||||
@ -6,6 +6,13 @@ s-backup permet de récupérer les dossiers et fichiers présent dans le répert
|
||||
# Lancement du script backup.sh
|
||||
|
||||
Après la fin de l'installation de s-backup et la fin de la configuration de s-win vous pouvez
|
||||
lancer le fichier backup.sh pour récuperer l'intégraliter du fichier partagé gsb.lan de s-win
|
||||
lancer le fichier backupsmb.sh pour récuperer l'intégraliter du fichier partagé gsb.lan de s-win
|
||||
sur la machine s-backup.
|
||||
|
||||
# Crontab
|
||||
|
||||
Une crontab a été ajoutée mais désactivée par défaut ( backupsmb.sh executée tout les jours à 5h00)
|
||||
|
||||
# Pistes
|
||||
|
||||
- Traps à consolider
|
||||
|
||||
Reference in New Issue
Block a user