fix: fixed multiple issues in the values.yaml of peertube package

README.md

@@ -53,7 +53,7 @@ On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer
 
 ```shell
 gsb2023>
-cd pre
+cd scripts
 $ mkvm -r s-adm
 
 ```

lisezmoi.txt

@@ -7,7 +7,7 @@ Ce document décrit les divers élements du projet GSB du BTS SIO utilisé pour
 Le projet GSB décrit les diférents playbooks permttant d'installer les
 machines du projet GSB
 
-Les répertoires :
+Les répertoires : 
 
 - roles : les roles
 - goss : les outils de test

r-vp1-fw.yml

@@ -0,0 +1,13 @@
+---
+- hosts: localhost
+  connection: local
+
+  vars:
+   - ip1: 192.168.0.51
+   - remip: 192.168.0.52
+   - mynet: 192.168.1.0
+   - remnet: 172.16.128.0
+
+  roles:
+   - fw-ferm
+   

r-vp1.yml

@@ -12,10 +12,8 @@
    - base
    - goss
 #   - snmp-agent
-#   - firewall-vpn-r
    - post
    - wireguard-r
-   - fw-ferm
    - ssh-cli
    - syslog-cli
    

r-vp2-fw.yml

@@ -0,0 +1,12 @@
+---
+- hosts: localhost
+  connection: local
+
+  vars:
+   - ip1: 192.168.0.52
+   - remip: 192.168.0.51
+   - mynet: 172.16.128.0
+   - remnet: 192.168.1.0
+
+  roles:
+   - fw-ferm

r-vp2.yml

@@ -15,10 +15,7 @@
    - dns-agence
    - ssh-root-access
 #   - snmp-agent
-#   - firewall-vpn-l
    - wireguard-l
-#   - x509-l
-   - fw-ferm
+   - post
    - ssh-cli
    - syslog-cli
-   - post

roles/base/templates/hosts.j2

@@ -28,7 +28,7 @@
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
 192.168.99.102  r-vp2.gsb.adm
-
+192.168.99.120  s-peertube.gsb.adm
 
 192.168.99.8	syslog.gsb.adm
 

roles/base/templates/hosts.s-proxy.j2

@@ -27,6 +27,6 @@
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
 192.168.99.102  r-vp2.gsb.adm
-
+192.168.99.120  s-peertube.gsb.adm
 192.168.99.8	syslog.gsb.adm
 

roles/dns-ag-cs/files/named.conf.options

@@ -1,23 +0,0 @@
-// 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
-
-options {
-        directory "/var/cache/bind";
-
-        // If there is a firewall between you and nameservers you want
-        // to talk to, you may need to fix the firewall to allow multiple
-        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
-
-        // If your ISP provided one or more IP addresses for stable
-        // nameservers, you probably want to use them as forwarders.
-        // Uncomment the following block, and insert the addresses replacing
-        // the all-0's placeholder.
-
-        forwarders {
-                172.16.0.1;
-
-         };
-
-        auth-nxdomain no;    # conform to RFC1035
-        listen-on-v6 { any; };
-};
-

roles/dns-ag-cs/handlers/main.yml

@@ -1,4 +0,0 @@
----
-  - name: restart bind9
-    service: name=bind9 state=restarted
-

roles/dns-ag-cs/tasks/main.yml

@@ -1,11 +0,0 @@
----
-
-- name: Installation bind9
-  apt:  name=bind9 state=present update_cache=yes
-
-- name: Copie named.conf.options
-  copy: src=named.conf.options dest=/etc/bind
-  notify:
-    - restart bind9
-
-

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023012500      ; Serial
+                        2023051000      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -35,4 +35,6 @@ s-web1          IN      A       192.168.101.1
 s-web2          IN      A       192.168.101.2
 s-lb.gsb.lan    IN      A       192.168.100.10
 ns   	        IN      CNAME   s-infra.gsb.lan.
-wpad		IN	CNAME	s-infra.gsb.lan.	
+wpad		IN	CNAME	s-infra.gsb.lan.
+s-peertube	IN	A	192.168.100.20
+peertube 	IN 	CNAME 	s-peertube

roles/dns-master/files/db.gsb.lan.rev

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023012500      ; Serial
+                        2023040501      ; Serial
                         7200            ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -27,5 +27,4 @@ $TTL    604800
 100.10   IN      PTR      s-lb.gsb.lan
 11.0	  IN	  PTR	  s-elk.gsb.lan.
 17.0	  IN	  PTR	  s-gestsup.lan
-254.0     IN      PTR     r-int.gsb.lan.
-
+254.0     IN      PTR     r-int.gsb.lan.

roles/fog/tasks/main.yml

@@ -22,5 +22,5 @@
   command: "cp /root/tools/ansible/roles/fog/files/fogsettings /opt/fog/"
 
 - name: fichier fogsettings en .fogsettings
-command: "mv /opt/fog/fogsettings /opt/fog/.fogsettings"
+  command: "mv /opt/fog/fogsettings /opt/fog/.fogsettings"
 

roles/fw-ferm/files/ferm-vp1.conf

@@ -1,47 +0,0 @@
-# -*- shell-script -*-
-
-@def $DEV_VPN= wg0;
-
-table filter {
-    chain INPUT {
-        policy DROP;
-
-        # connection tracking
-        mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-
-        # allow local connections
-        interface lo ACCEPT;
-        interface $DEV_VPN{
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        # disallow ssh
-        saddr proto tcp dport ssh DROP;
-        }
-    }#FIN INPUT
-
-    # outgoing connections are not limited
-    chain OUTPUT {
-        policy ACCEPT;
-        interface $DEV_VPN{
-        # allow ssh
-        daddr proto tcp dport ssh ACCEPT;
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        }
-     }#FIN OUTPUT
-
-    chain FORWARD {
-        policy ACCEPT;
-
-        # connection tracking
-        mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-
-        # connections from the internal net to the internet or to other
-        # internal nets are allowed
-        interface $DEV_VPN ACCEPT;
-
-        # the rest is dropped by the above policy
-    }#FIN FO
-}

roles/fw-ferm/files/ferm.conf.r-vp1

@@ -4,10 +4,12 @@
 
 @def $DEV_PRIVATE = enp0s8;
 @def $DEV_WORLD = enp0s9;
+@def $DEV_WORLD = enp0s9;
 @def $DEV_VPN= wg0;
 @def $NET_PRIVATE = 172.16.0.0/24;
 
 table filter {
+
     chain (INPUT OUTPUT){
         # allow VPN
 	proto udp dport 51820 ACCEPT;
@@ -28,7 +30,7 @@ table filter {
 
         # allow SSH connections from the private network and from some
         # well-known internet hosts
-        saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT;
+        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
 
         # we provide DNS and SMTP services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
@@ -36,30 +38,21 @@ table filter {
             proto udp dport bootps ACCEPT;
         }
 
-        # interface réseau
-        interface $DEV_WORLD {
-
-        }
-
         # the rest is dropped by the above policy
+
     }#FIN INPUT
 
     # outgoing connections are not limited
-    chain OUTPUT {policy ACCEPT;
+
+    chain OUTPUT {
+        policy ACCEPT;
+
     }#FIN OUTPUT
 
     chain FORWARD {
         policy ACCEPT;
 
-        interface $DEV_VPN{
-            # respond to ping
-            proto icmp icmp-type echo-request ACCEPT;
-            # disallow ssh
-            saddr($DEV_VPN) proto tcp dport ssh DROP;
-            # allow ssh
-            daddr($DEV_VPN) proto tcp dport ssh ACCEPT;
-
-        }
+        proto icmp icmp-type echo-request ACCEPT;
         # connection tracking
         mod state state INVALID DROP;
         mod state state (ESTABLISHED RELATED) ACCEPT;
@@ -68,6 +61,9 @@ table filter {
         # internal nets are allowed
         interface $DEV_PRIVATE ACCEPT;
 
+	interface $DEV_VPN daddr $NET_PRIVATE {
+ 	proto tcp dport ssh DROP;
+        }
         # the rest is dropped by the above policy
     }
 }

roles/fw-ferm/files/ferm.conf.r-vp2

@@ -27,19 +27,15 @@ table filter {
 
         # allow SSH connections from the private network and from some
         # well-known internet hosts
-        saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT;
+        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
 
         # we provide DNS and SMTP services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT;
         }
-        interface $DEV_VPN{
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        # disallow ssh
-        saddr proto tcp dport ssh ACCEPT;
-        }
+
+
         # interface réseau
         interface $DEV_WORLD {
 
@@ -49,17 +45,13 @@ table filter {
     }#FIN INPUT
 
     # outgoing connections are not limited
-    chain OUTPUT {policy ACCEPT;
-        interface $DEV_VPN{
-        # allow ssh
-        daddr proto tcp dport ssh DROP;
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        }
+    chain OUTPUT {
+	policy ACCEPT;
 }
     chain FORWARD {
         policy ACCEPT;
 
+	proto icmp icmp-type echo-request ACCEPT;
         # connection tracking
         mod state state INVALID DROP;
         mod state state (ESTABLISHED RELATED) ACCEPT;
@@ -68,6 +60,9 @@ table filter {
         # internal nets are allowed
         interface $DEV_PRIVATE ACCEPT;
 
+	interface $DEV_VPN daddr $NET_PRIVATE {
+	proto tcp dport ssh DROP;
+	}
         # the rest is dropped by the above policy
     }
 }

roles/nxc-traefik/README.md

@@ -35,3 +35,24 @@ Nextcloud est alors fonctionnel avec le proxy inverse **traefik** assurant la re
 ATTENTION : Après avoir relancé la VM, executez le script "nxc-start.sh" afin d'installer les piles applicatives.
  
 Une fois le script terminé, le site est disponible ici : https://s-nxc.gsb.lan
+
+
+## 5. Ajout authentification LDAP
+
+Pour ajouter l'authentification LDAP au Nextcloud, il faut :
+* Une fois l'installation de Nextcloud terminé, cliquez sur le profil et Application
+* Dans vos applications, descendre et activer "LDAP user and group backend"
+* Puis cliquer sur le profil, puis Paramètres d'administration et dans Administration cliquer sur Intégration LDAP/AD
+* Une fois sur la page d'intégration LDAP/AD :
+    * Dans Hôte mettre : 
+        > ldap://s-win.gsb.lan
+    * Cliquer sur Détecter le port (normalement le port 389 apparait)
+    * Dans DN Utilisateur mettre :
+        > CN=nextcloud,CN=Users,DC=GSB,DC=LAN
+    * Mot de passe : 
+        > Azerty1+
+    * Et dans Un DN de base par ligne : 
+        > DC=GSB,DC=LAN
+* Après la configuration passe OK
+* Une fois la configuration finie, cliquer 3 fois sur continuer
+* Une fois arrivé sur Groupes, vous pouvez vous déconnecter du compte Admin et vous connecter avec un compte qui est dans l'AD.

roles/peertube-k3s/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+  - name: mise a jour de resolv.conf...
+    copy:
+      src: /root/tools/ansible/gsb2023/roles/peertube/files/resolv.conf
+      dest: /etc/
+      mode: '0644'
+        
+  - name: installation de docker...
+    shell: curl https://releases.rancher.com/install-docker/20.10.sh | sh
+
+  - name: attente de l'installation de docker...
+    wait_for:
+      timeout: 30
+      host: localhost
+
+  - name: installation de k3s...
+    shell: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--node-ip=192.168.100.20 --flannel-iface=enp0s8" sh -s - --docker
+
+  - name: attente de l'installation de k3s...
+    wait_for:
+      timeout: 25
+      host: localhost

roles/peertube/files/finish

@@ -0,0 +1,9 @@
+MYHOST=peertube.gsb.lan;
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml;
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.cert -subj /CN="${MYHOST}"/O="${MYHOST}" -addext "subjectAltName = DNS:${MYHOST}";
+kubectl create secret tls tls-peertube --key tls.key --cert tls.cert;
+helm repo add postgresql https://charts.bitnami.com/bitnami;
+helm repo add redis https://charts.bitnami.com/bitnami;
+helm repo add mail https://bokysan.github.io/docker-postfix;
+helm install --create-namespace -n peertube peertube-gsb /root/tools/peertube/helm/ ;
+kubectl config view --raw > ~/.kube/config

roles/peertube/files/resolv.conf

@@ -0,0 +1,4 @@
+domain gsb.lan
+search gsb.lan
+nameserver 172.16.0.1
+nameserver 192.168.99.99

roles/peertube/files/values.yaml

@@ -0,0 +1,139 @@
+replicaCount: 1
+image:
+  repository: chocobozzz/peertube
+  pullPolicy: IfNotPresent
+  tag: "v5.0.1-bullseye"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: false
+  annotations: {}
+  name: ""
+podAnnotations: {}
+podSecurityContext: {}
+securityContext: {}
+
+service:
+  type: ClusterIP
+  port: 9000
+  nginxPort: 9001
+
+## default config for postgresql should work, but feel free to modify it if required.
+# must stay consistent with peertube configuration, otherwise peertube will crash
+postgresql:
+  enabled: true
+  primary:
+    persistence:
+      enabled: true
+      existingClaim: "pvc-postgres"
+  global:
+    postgresql:
+      auth:
+        postgrePassword: "admin"
+        username: "user"
+        password: "user"
+        database: "peertube"
+
+## the main list of variables tha will be applied in the peertube container
+# any error or misconfiguration will make peertube crash.
+peertube:
+  env:
+    dbUser: user # must be consistent with postgresql configuration
+    dbPasswd: user # must be consistent with postgresql configuration
+    dbSsl: false # disabled by default WARNING: ssl connection feature not tested, use at your own risk
+    dbHostname: peertube-gsb-postgresql # must be consistent with postgresql configuration
+    webHostname: peertube.gsb.lan # must be changed to your local setup
+    secret: b2753b0f37444974de0e81f04815e6a889fcf8960bd203a01b624d8fa8a37683
+    smtpHostname: peertube-gsb-mail # must be consistent with mail configuration
+    smtpPort: 587 # must be consistent with mail configuration
+    smtpFrom: noreply@lan.lan # not configured by default, add something meaningfull if you want
+    smtpTls: false # disabled by default WARNING: tls connection feature not tested, use at your own risk
+    smtpDisableStartTls: false # unless crashes related to tls/ssl, this should be unchanged
+    adminEmail: root@localhost.lan # use this if you want peopleto be able to reach you 
+    redisHostname: peertube-gsb-redis-master # must be consistent with redis configuration
+    redisAuth: peertube # must be consistent with redis configuration
+  app:
+    userCanRegister: true # control if people can register by themselves
+    rootPasswd: rootroot # CHANGE THIS! the default admin username is 'root' this variable define the password
+## the next section configure at wich quality videos will be transcoded 
+    transcoding360: true
+    transcoding480: true
+    transcoding720: true
+    transcoding1080: false
+    transcoding2160: false
+
+## the configuration of the postfix server called 'mail' here 
+# change these settings if you know what you are doing
+mail:
+  enbled: true
+  config:
+    general:
+      ALLOWED_SENDER_DOMAINS: "yes" 
+      DKIM_AUTOGENERATE: "yes"
+    opendkim:
+      RequireSafeKeys: "no"
+    postfix:
+       smtp_tls_security_level: "secure" # works by default, any other tls level is untested
+  persistence:
+    enabled: false
+  service:
+    port: 587
+
+## the configuration of the redis server
+redis:
+  master:
+    persistence:
+      enabled: true
+      existingClaim: "pvc-redis"
+  replica:
+    persistence:
+      enabled: true
+      existingClaim: "pvc-redis"
+  auth:
+    enbled: true
+    password: "peertube"
+
+## ingress configuration is very specific this part must be configured or else you'll get 503 or 404 errors
+ingress:
+  enabled: true
+  className: ""
+  annotations: 
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/proxy-body-size: 6G # this caps the size of imported videos, if set low this might prevent you from uploading videos
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: peertube.gsb.lan
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - secretName: tls-peertube
+    - hosts:
+      - peertube.gsb.lan
+
+resources: {}
+autoscaling:
+  enabled: false
+  minimumReplicas: 3
+  maximumReplicas: 20
+  targetCPUUtilizationPercentage: 90
+  targetMemoryUtilizationPercentage: 75
+  windowSeconds: 120
+  minCPUPercentage: 20
+  minMemoryPercentage: 30
+
+## this section should be configured to match your needs and available ressources
+persistence:
+  enabled: true
+  reclaimPolicy: Retain
+  redisVolumeStorage: 1Gi
+  peertubeVolumeStorage: 5Gi
+  postgresqlVolumeStorage: 1Gi
+  accessMode: ReadWriteOnce 
+
+nodeSelector: {}
+tolerations: []
+affinity: {}

roles/peertube/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+  - name: création du répertoire du dépot peertube...
+    file:
+      path: /root/tools/peertube
+      state: directory
+      mode: '0755'
+
+  - name: clonage du dépot peertube...
+    git:
+      repo: https://github.com/Elam-Monnot/Peertube-helm.git
+      dest: /root/tools/peertube
+      clone: yes
+      force: yes
+
+  - name: copie de values.yaml...
+    copy:
+      src: /root/tools/ansible/gsb2023/roles/peertube/files/values.yaml
+      dest: /root/tools/peertube/helm/
+      mode: '0644'
+
+  - name: copie du script finish...
+    copy:
+      src: /root/tools/ansible/gsb2023/roles/peertube/files/finish
+      dest: /root
+      mode: '0644'
+
+  - name: installation de helm...
+    shell: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

roles/post-lb/files/resolv.conf

@@ -0,0 +1,4 @@
+search gsb.lan
+domain gsb.lan
+nameserver 172.16.0.1
+

roles/post/files/interfaces.r-int

@@ -34,4 +34,4 @@ iface enp0s10 inet static
 allow-hotplug enp0s16
 iface enp0s16 inet static
 	address 172.16.0.254/24
-	
+	post-up sleep 10 && systemctl restart isc-dhcp-server	

roles/post/files/interfaces.r-vp1-cs

@@ -1,26 +0,0 @@
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-# The loopback network interface
-#auto lo
-#iface lo inet loopback
-
-#cote N-adm
-allow-hotplug enp0s3
-iface enp0s3 inet dhcp
-	
-# reseau entre vpn
-allow-hotplug enp0s8
-iface enp0s8 inet static
-	address 192.168.0.51
-	netmask 255.255.255.0
-
-# reseau interne n-linkv
-allow-hotplug enp0s9
-iface enp0s9 inet static
-	address 192.168.1.2
-	netmask 255.255.255.0
-	up route add -net 172.16.128.0/24 gw 192.168.1.2
-	up route add default gw 192.168.1.1
-#	post-up /bin/bash /root/iptables-vpn
-	post-up /etc/init.d/ipsec restart

roles/post/files/interfaces.r-vp2-cs

@@ -1,25 +0,0 @@
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-# The loopback network interface
-#auto lo
-#iface lo inet loopback
-
-# cote N-adm
-allow-hotplug enp0s3
-iface enp0s3 inet dhcp
-
-# cote Agence
-allow-hotplug enp0s8
-iface enp0s8 inet static
-	address 172.16.128.254
-	netmask 255.255.255.0
-
-# cote VPN
-allow-hotplug enp0s9
-iface enp0s9 inet static
-	address 192.168.0.52
-	netmask 255.255.255.0
-	up route add -net 192.168.1.0/24 gw 172.16.128.254
-#	post-up /bin/bash /root/iptables-vpn
-	post-up /etc/init.d/ipsec restart

roles/post/files/interfaces.s-peertube

@@ -0,0 +1,17 @@
+### 0.1 - putconf - jeudi 30 mars 2023, 8:11:30 (UTC+0100)
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# carte n-adm
+allow-hotplug enp0s3
+iface enp0s3 inet static
+	address 192.168.99.120/24
+	gateway 192.168.99.99
+
+# Réseau n-dmz
+allow-hotplug enp0s8
+iface enp0s8 inet static
+        address 192.168.100.20/24
+	post-up systemctl start k3s 

roles/post/tasks/main.yml

@@ -21,4 +21,3 @@
 
 #- name: Reboot
 #  shell: reboot
-

roles/r-int/tasks/main.yml

@@ -17,3 +17,13 @@
 
   #- name: extraction fog.tar.gz
   #unarchive: src=/tmp/fog.tar.gz  dest=/var/www/ copy=no
+
+#- name: delais 2 secondes isc-dhcp-service
+#  become: yes
+#  lineinfile:
+#    path: /etc/init.d/isc-dhcp-server
+#    insertafter: '^\s+start\)$'
+#    line: "                sleep 2"
+#    firstmatch: yes
+#    state: present
+#    backup: yes

roles/wireguard-l/README.md

@@ -1,5 +1,5 @@
-#ajout du sleep 5
+# ajout du sleep 5
 
-éditer "/etc/init.d/isc-dhcp-server"
-aller au "case \"$1\" in" et rajouter "sleep 5" avant le "if"
+~~éditer "/etc/init.d/isc-dhcp-server"~~
+~~aller au "case \"$1\" in" et rajouter "sleep 5" avant le "if"~~
 

roles/wireguard-l/tasks/main.yml

@@ -14,7 +14,15 @@
     name: wireguard-tools
     state: present
 
-
+- name: delais 2 secondes isc-dhcp-service
+  become: yes
+  lineinfile:
+    path: /etc/init.d/isc-dhcp-server
+    insertafter: '^\s+start\)$'
+    line: "                sleep 2"
+    firstmatch: yes
+    state: present
+    backup: yes
 
 #- name: renommage du fichier de configuration
 #  command: "mv /etc/wireguard/wg0-b.conf /etc/wireguard/wg0.conf"

s-peertube.yml

@@ -0,0 +1,11 @@
+---
+- hosts: localhost
+  connection: local
+
+  roles:
+    - base
+    - post
+    - snmp-agent
+    - ssh-cli
+    - peertube-k3s
+    - peertube

scripts/addint.s-peertube

@@ -0,0 +1,18 @@
+#!/bin/bash
+nom=s-peertube
+
+# N-adm (enp0s3)
+
+VBoxManage modifyvm $nom --nic1 intnet
+VBoxManage modifyvm $nom --intnet1 "n-adm"
+VBoxManage modifyvm $nom --nictype1 82540EM
+VBoxManage modifyvm $nom --cableconnected1 on
+VBoxManage modifyvm $nom --nicpromisc1 allow-all
+
+# N-dmz (enp0s8)
+
+VBoxManage modifyvm $nom --nic2 intnet
+VBoxManage modifyvm $nom --intnet2 "n-dmz"
+VBoxManage modifyvm $nom --nictype2 82540EM
+VBoxManage modifyvm $nom --cableconnected2 on
+VBoxManage modifyvm $nom --nicpromisc2 allow-all

scripts/mkvm

@@ -110,6 +110,8 @@ elif [[ "${vm}" == "s-lb-bd" ]] ; then
         create_if "${vm}" "n-adm" "n-dmz-db"
 elif [[ "${vm}" == "s-nas" ]] ; then
         create_if "${vm}" "n-adm" "n-dmz-db"
+elif [[ "${vm}" == "s-peertube" ]] ; then
+	./addint.s-peertube
 elif [[ "${vm}" == "r-vp1" ]] ; then
 	./addint.r-vp1
 elif [[ "${vm}" == "r-vp2" ]] ; then

scripts/r-vp2-post.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 #recuperation du fichier de config
-wget http://r-vp1.gsb.adm:8800/wg0-b.conf
+wget http://r-vp1.gsb.adm:8000/wg0-b.conf
 #renomage fichier et mv
 mv ./wg0-b.conf /etc/wireguard/wg0.conf
 #activation interface wg0

windows/mkusr-backup.cmd

@@ -1,3 +1,4 @@
+@echo off
 net group gg-backup /ADD
 call mkusr uBackup "u-backup" gg-backup
 icacls "C:\gsb\partages\public" /Grant:r uBackup:M /T

windows/mkusr-compta.cmd

@@ -1,4 +1,5 @@
+@echo off
 call mkusr aDupont "Albert Dupon" gg-compta
 call mkusr cSeum "Claire Seum" gg-compta
 call mkusr nPaul "Nicolas Paul" gg-compta
-call mkusr atour "Alexandre Tour" gg-compta
+call mkusr atour "Alexandre Tour" gg-compta

windows/mkusr-nextcloud.cmd

@@ -0,0 +1,2 @@
+@echo off
+call mkusr nextcloud "nextcloud" nextcloud