schema d2 + nettoyage

README.md

@@ -1,6 +1,6 @@
 # vagrant
 
-le 2023-04-25 20h00 - ps
+le 2025-02-02 11h30 - ps
 
 Ce dépôt héberge des **Vagrantfile** dont : 
   * **dns** : Vagrantfile pour 2 serveurs **Bind9** (1 maitre et un esclave), tests **goss** chainés  
@@ -12,11 +12,21 @@ Ce dépôt héberge des **Vagrantfile** dont :
   * **docker-traefik-nextcloud**
   * **docker-traefik-nextcloud-ss-tls**
   * **docker-traefik-nginx**
-  * **docker-elk**
-  * **devstack**
+  * **devstack** : Vagrantfile pour Openstack devstack
+  * **dvlpt** : Vagrantfile pour VM Debian 11 LAMP + phpmyadmin
+  * **glpi** : Vagrantfile pour VM Debian 11 GLPI 10.0.7
   * **guacamole** : Vagrantfile pour Apache Guacamole dockerise sans frontal
+  * **jenkins** : Vagrantfile et script d'installation de Jenkins sur Debian 12 
   * **k8s** : kubernetes 1.26.00 + playbook pour master **k8s-master** et 2 noeuds **node-1** et **node-2**
   * **k3s-awx** : Vagrantfile + script **inst-awx** pour installation  **Ansible AWX** sur **k3s** avec **awx-on-k3s**
-  * **minione**
+  * **kea-dhcp-ha** : Vagrantfile pour serveur DHCP kea - HA avec serveur stork - machines **kea1**, **kea2** et **stork** 
+  * **lldap** : Vagrantfile pour serveur LDAP en mode service **lldap**
+  * **lldap2** : Vagrantfile pour serveur LDAP en mode service **lldap** - integration pour Proxmox
+  * **minione** : Vagrantfile pour Opennebula All In One
+  * **netbox** : Vagrantfile pour Netbox dockerisée
   * **rundeck** : Vagrantfile + playbook pour installation avec Mariadb
+  * **samba-ad-dc** : Vagrantfile + playbook pour **Samba 4.17 ad-dc** sur **Debian 12 Bookworm**
+  * **wazuh** : Vagrantfile + playbook pour serveur **wazuh** 4.10 et client Debian
   * **wp-lb** : Wordpress web1 et web2, lb HaProxy, nfs, db Mariadb - Vagrantfile + playbooks
+  * **zabbix** : Vagrantfile pour VM Debian 12 **zabbix7** Srv et VM Debian 12 **web1** apache, zabbix agent2
+

auth/README.md

@@ -0,0 +1,12 @@
+# Authelia - un outil d'authentification centralisée 2FA
+
+
+## Mise en oeuvre
+
+
+  * lancer la Vagrantfile  avec : 'vagrant up'
+  * se connecter avec : 'vagrant ssh' 
+  puis  sur une machine disposant de docker et de git :
+````shell
+cd 
+````

auth/Vagrantfile

@@ -0,0 +1,87 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname= "auth"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timzzone Europe/Paris
+     apt-get update
+     apt install -y wget curl git vim
+     if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+     fi
+     git clone https://github.com/authelia/authelia.git
+     cd authelia
+     git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
+   SHELL
+end

docker-traefik-nextcloud/Vagrantfile

@@ -12,7 +12,7 @@ Vagrant.configure("2") do |config|
 
   # Every Vagrant development environment requires a box. You can search for
   # boxes at https://vagrantcloud.com/search.
-  config.vm.box = "debian/bullseye64"
+  config.vm.box = "debian/bookworm64"
   config.vm.hostname = "nextcloud-traefik"
 
   # Disable automatic box update checking. If you disable this, then

docker-traefik-nextcloud/provision/setup.sh

@@ -82,7 +82,7 @@ cat > ./config/dynamic.yml <<EOT
 http:
   routers:
     traefik:
-      rule: "Host(`traefik.docker.localhost`)"
+      rule: "Host(\`traefik.docker.localhost\`)"
       service: "api@internal"
       tls:
         domains:
@@ -100,7 +100,7 @@ tls:
 EOT
 
 
-cat > nextcloud.yml  <<'EOT'
+cat > nextcloud.yml  <<EOT
 version: '2'
 
 volumes:
@@ -145,14 +145,14 @@ services:
       - nxc
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.rule=Host(\`mon.nxc\`)"
       - "traefik.http.routers.app.tls=true"
     environment:
       - MYSQL_PASSWORD=Azerty1+
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
       - MYSQL_HOST=db
-'EOT'
+EOT
 
 docker network create proxy
 docker compose -f traefik.yml up -d 

docker/Vagrantfile

@@ -12,7 +12,7 @@ Vagrant.configure("2") do |config|
 
   # Every Vagrant development environment requires a box. You can search for
   # boxes at https://vagrantcloud.com/search.
-  config.vm.box = "debian/bullseye64"
+  config.vm.box = "debian/bookworm64"
   config.vm.hostname = "docker"
 
   # Disable automatic box update checking. If you disable this, then

dvlpt/README.md

@@ -19,7 +19,7 @@
 
 **Acces phpmyadmin** : http://localhost:2080/phpmyadmin
 
-**Acces ssh ** : ssh root@localhost -p 2022
+**Acces ssh** : ssh root@localhost -p 2022
 
 le 2023-05-04
 

dvlpt/Vagrantfile

@@ -66,6 +66,7 @@ Vagrant.configure("2") do |config|
   # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
   # documentation for more information about their specific syntax and use.
    config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
      apt-get update
      export DEBIAN_FRONTEND=noninteractive
      apt-get install -y vim wget curl git apache2 php php-mysql php-gd php-xml mariadb-server phpmyadmin

gitea-docker-traefik/Vagrantfile

@@ -0,0 +1,71 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "gitea-traefik"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "1024"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+   config.vm.provision "shell", path: "provision/setup.sh"
+end
+

gitea-docker-traefik/provision/docker-compose.yml

@@ -0,0 +1,82 @@
+version: '3'
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+  
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+    ports:
+      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+#      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.tls=true"
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+        #      - "traefik.http.routers.app.entrypoints=websecure"
+        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.service=app-service"
+      - "traefik.http.services.app-service.loadbalancer.server.port=80"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+
+

gitea-docker-traefik/provision/setup.sh

@@ -0,0 +1,164 @@
+#!/bin/bash
+apt-get update
+apt-get install -y wget curl git vim
+if ! which docker ; then
+   curl -s -o getdocker.sh https://get.docker.com
+   bash getdocker.sh
+   gpasswd -a vagrant docker
+fi
+mkdir -p gitea && cd gitea
+wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
+chmod +x mkcert
+mv mkcert /usr/local/bin
+sudo apt-get install -y libnss3-tools
+mkdir certs config
+mkcert -install
+mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "gitea.local" "*.gitea.local"
+cat > traefik.yml  <<EOT
+version: '3'
+
+networks:
+  proxy:
+    external: true
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+EOT
+
+cat > ./config/static.yml <<EOT
+global:
+  sendAnonymousUsage: false
+api:
+  dashboard: true
+  insecure: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    watch: true
+    exposedByDefault: false
+  file:
+    filename: /etc/traefik/dynamic.yml
+    watch: true
+
+log:
+  level: INFO
+  format: common
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+EOT
+
+cat > ./config/dynamic.yml <<EOT
+http:
+  routers:
+    traefik:
+#      rule: "Host(`traefik.docker.localhost`)"
+      rule: "Host(`gitea.local`)"
+      service: "api@internal"
+      tls:
+        domains:
+          - main: "docker.localhost"
+            sans:
+              - "*.docker.localhost"
+          - main: "gitea.local"
+            sans:
+              - "*.gitea.local"
+
+tls:
+  certificates:
+    - certFile: "/etc/certs/local-cert.pem"
+      keyFile: "/etc/certs/local-key.pem"
+EOT
+
+
+cat > gitea.yml <<-'EOT'
+version: '2'
+
+volumes:
+  gitea:
+  db:
+
+networks:
+  proxy:
+    external: true
+  app:
+    external: false
+
+services:
+  db:
+    image: mariadb
+    container_name: db
+    restart: always
+#    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - app
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=gitea
+      - MYSQL_USER=gitea
+
+  app:
+    image: gitea/gitea
+    container_name: app
+    restart: always
+      #    ports:
+      #      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - gitea:/var/www/html
+    networks:
+      - proxy
+      - app
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`gitea.local`)"
+      - "traefik.http.routers.app.tls=true"
+      - "traefik.http.services.app.loadbalancer.server.port=3000"
+
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=gitea
+      - MYSQL_USER=gitea
+      - MYSQL_HOST=db:3006
+EOT
+
+docker network create proxy
+docker compose -f traefik.yml up -d 
+docker compose -f gitea.yml up -d 
+ip -br a 
+

gitea-docker/Vagrantfile

@@ -0,0 +1,133 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "gitea"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+   config.vm.network "forwarded_port", guest: 3000, host: 3000
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt-get install -y vim wget curl git 
+     if ! which docker ; then
+        curl -s -o getdocker.sh https://get.docker.com
+        bash getdocker.sh
+        gpasswd -a vagrant docker
+     fi
+     [[ -d ~/gitea ]] || mkdir -p ~/gitea
+     cd ~/gitea
+     cat <<-EOT > ~/gitea/docker-compose.yml
+
+version: "3"
+
+networks:
+  gitea:
+    external: false
+
+services:
+  server:
+    image: gitea/gitea
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=db:3306
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=gitea
+    restart: always
+    networks:
+      - gitea
+    volumes:
+      - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "2222:22"
+    depends_on:
+      - db
+
+  db:
+    image: mariadb
+    restart: always
+    environment:
+      - MYSQL_ROOT_PASSWORD=gitea
+      - MYSQL_USER=gitea
+      - MYSQL_PASSWORD=gitea
+      - MYSQL_DATABASE=gitea
+    networks:
+      - gitea
+    volumes:
+      - ./mysql:/var/lib/mysql
+EOT
+  ( cd ~/gitea ; docker compose pull ; docker compose up -d )
+  SHELL
+end

glpi/README.md

@@ -0,0 +1,37 @@
+# GLPI
+
+**glpi**  installe une VM Debian 12 avec :
+  * **nginx**
+  * **php-fpm** (8.2)  et les paquets associés
+  * **mariadb-server**
+  * **GLPI** 10.0.17
+  * carte réseau en NAT avec redirection du port TCP 2080
+
+## Installation
+
+  vagrant up
+
+### se connecter à la VM :
+  vagrant ssh
+
+
+
+### avec un navigateur :
+
+se connecter à l'URL http://localhost:2080  
+
+lancer l'installation de **GLPI**
+
+  * la base **glpi** est déja créée
+  * mdp root mariadb : Azerty1+ 
+
+## Utilisation
+
+**Acces SSH** :  vagrant ssh
+
+**Acces web** : http://localhost:2080
+
+**Acces ssh** : ssh root@localhost -p 2022
+
+le 2025-01-08
+

glpi/Vagrantfile

@@ -0,0 +1,112 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "glpi"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+   config.vm.network "forwarded_port", guest: 22, host: 2022
+   config.vm.network "forwarded_port", guest: 80, host: 2080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "1024"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+#     export http_proxy=http://10.121.38.1:8080
+#     export https_proxy=http://10.121.38.1:8080
+     export GLPIVER=10.0.17
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     export DEBIAN_FRONTEND=noninteractive
+     apt-get install -y vim wget curl git nginx php-fpm php-mysql php-ldap php-gd php-intl php-mbstring php-xml php-curl php-zip mariadb-server
+     ( 
+     cd /var/www/html 
+     wget -4 -nc https://github.com/glpi-project/glpi/releases/download/${GLPIVER}/glpi-${GLPIVER}.tgz
+     tar xvfz glpi-${GLPIVER}.tgz
+     chown -R root:root glpi
+     cd glpi
+     chown -R www-data:www-data files config 
+cat  > /etc/nginx/sites-enabled/glpi <<- "EOT" 
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+	root /var/www/html/glpi;
+        index index.php index.html 
+	server_name _;
+	location / {
+		try_files $uri $uri/ =404;
+	}
+
+	location ~ \.php$ {
+		include snippets/fastcgi-php.conf;
+        	fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+	}
+    }
+EOT
+rm /etc/nginx/sites-enabled/default
+sudo mysqladmin password "Azerty1+"
+sudo mysqladmin create glpi
+) 
+
+
+     systemctl restart nginx php8.2-fpm
+     echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
+     systemctl restart ssh
+     echo 'connexion SSH avec vagrant : vagrant ssh'
+     echo 'connexion GLPI web : http://localhost:2080'
+   SHELL
+end

jenkins/README.md

@@ -0,0 +1,12 @@
+# Jenkins
+
+## Présentation
+
+Le script **install-jenkins.sh** installe l'application CI/CD **jenkins** sur Debian 12 avec openJDK 17 à partir du dépot jenkins.
+
+Il installe également les applications **git** et **ansible**.
+
+Jenkins est accessible  sur le port 8080 
+
+Le script fonctionne sur une VM KVM ou sur un conteneur LXC.
+

jenkins/Vagrantfile

@@ -0,0 +1,71 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "jenkins"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "2048"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell",
+      inline: "timedatectl set-timezone Europe/Paris ; apt-get update ; apt-get install -y vim curl wget"
+   config.vm.provision "shell", path: "provision/install-jenkins.sh"
+end
+

jenkins/jenkins-proxy.d2

@@ -0,0 +1,9 @@
+direction: right
+client.shape: cloud
+client -> jenkins: " :443"
+jenkins: {
+  caddy
+  jenkins
+  caddy -> jenkins: ":8080"
+}
+

jenkins/provision/Caddyfile

@@ -0,0 +1,11 @@
+192.168.1.30:443 {
+   tls internal
+   reverse_proxy localhost:8080
+} 
+
+jenkins:443 {
+   tls internal
+   reverse_proxy localhost:8080
+} 
+
+

jenkins/provision/install-caddy.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+sudo apt-get update
+sudo apt-get install -y  caddy
+
+

jenkins/provision/install-jenkins.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+sudo apt-get update
+sudo apt-get install -y  gnupg openjdk-17-jdk
+
+curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
+
+echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \   https://pkg.jenkins.io/debian-stable binary/ | sudo tee \   /etc/apt/sources.list.d/jenkins.list > /dev/null
+
+sudo apt-get update
+sudo apt-get install -y jenkins
+
+sudo systemctl start jenkins
+sudo systemctl enable jenkins
+
+sudo systemctl status jenkins
+
+sudo apt-get install -y git ansible
+

k3s-awx/Vagrantfile

@@ -12,7 +12,7 @@ Vagrant.configure("2") do |config|
 
   # Every Vagrant development environment requires a box. You can search for
   # boxes at https://vagrantcloud.com/search.
-  config.vm.box = "debian/bullseye64"
+  config.vm.box = "debian/bookworm64"
   config.vm.hostname = "k3s-awx"
 
   # Disable automatic box update checking. If you disable this, then
@@ -33,12 +33,12 @@ Vagrant.configure("2") do |config|
 
   # Create a private network, which allows host-only access to the machine
   # using a specific IP.
-  config.vm.network "private_network", ip: "192.168.56.10"
+#  config.vm.network "private_network", ip: "192.168.56.10"
 
   # Create a public network, which generally matched to bridged network.
   # Bridged networks make the machine appear as another physical device on
   # your network.
-  # config.vm.network "public_network"
+   config.vm.network "public_network"
 
   # Share an additional folder to the guest VM. The first argument is
   # the path on the host to the actual folder. The second argument is
@@ -55,7 +55,8 @@ Vagrant.configure("2") do |config|
   #   vb.gui = true
   #
   #   # Customize the amount of memory on the VM:
-     vb.memory = "3072"
+     vb.memory = "6144"
+     vb.cpus = 2
    end
   #
   # View the documentation for the provider you are using for more
@@ -65,6 +66,7 @@ Vagrant.configure("2") do |config|
   # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
   # documentation for more information about their specific syntax and use.
    config.vm.provision "shell", inline: <<-SHELL
+     timdatectl set-timezone Europe/Paris
      apt-get update
      apt-get install -y curl vim git make
    SHELL

kea-dhcp-ha/README.md

@@ -0,0 +1,48 @@
+# Serveur kea DHCP HA avec serveur Stork
+
+## Présentation
+
+Cette `Vagrantfile` permet d'installer :
+  * un serveur DHCP **kea1** en mode HA (primary) 
+  * un serveur DHCP **kea2** en mode HA (secondary)
+  * un serveur de suivi/administration web **stork** pour kea 
+
+
+
+La Vagrantfile utilise les playbooks ansible suivants :
+  * **provision/setup-stork.yml** qui:
+    * installe les dépots ISC pour stork
+    * installe les paquets **postgresql**, **postgresql-contrib**, **stork-server** 
+    * crée la base de données stork et genère le fichiers de configuration de **stork-server**  
+    * relance le service **isc-stork-server** 
+  * **provision/setup-kea.yml** qui:
+    * installe les dépots ISC pour kea
+    * installe les paquets **isc-kea-dhcp4-server**, **isc-kea-ctrl-agent**, **isc-kea-hooks** 
+    * installe les dépots ISC pour stork
+    * installe le paquet **stork-agent**
+    * genére les fichiers de configuration pour chacun des services
+    * relance les services
+    * enregistre (`stork-agent register`) le serveur auprès du serveur stork 
+
+## Les services et ports 
+  * serveur **stork** : 
+    * service **stork-server:8080** 
+  * serveur **kea1** et **kea2** : 
+    * service **isc-kea-dhcp4-server:8000** (utilisé par la HA)
+    * service **kea-ctrl-agent:8001**
+    * service **isc-stork-agent:8080**
+
+## Utilisation de la Vagrantfile
+  
+````shell
+   vagrant up stork
+   vagrant up kea1
+   vagrant up kea2
+```` 
+On peut alors se connecter au serveur **stork** avec un navigateur : http://adresse:8080
+(admin/admin)
+
+Une fois connecté, on doit autoriser chacun des deux serveurs **kea1** et **kea2** inscrits
+
+
+

kea-dhcp-ha/Vagrantfile

@@ -0,0 +1,85 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # Base VM OS configuration.
+  config.vm.box = "debian/bookworm64"
+  config.ssh.insert_key = false
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+
+  # General VirtualBox VM configuration.
+  config.vm.provider :virtualbox do |v|
+    v.memory = 1024
+    v.cpus = 1
+    v.linked_clone = true
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # stork.
+  config.vm.define "stork" do |stork|
+    stork.vm.hostname = "stork"
+    stork.vm.network :private_network, ip: "192.168.56.5"
+    stork.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    stork.vm.provision "ansible" do |ansible|
+      ansible.extra_vars = {
+        stork_db_name: "stork",
+        stork_db_user: "stork-server",
+        stork_db_passwd: "stork-passwd",
+      }
+      ansible.playbook = "provision/setup-stork.yml"
+    end
+  end
+
+  # Kea DHCP server 1.
+  config.vm.define "kea1" do |kea1|
+    kea1.vm.hostname = "kea1"
+    kea1.vm.network :private_network, ip: "192.168.56.2"
+    kea1.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 512]
+    end
+    kea1.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    kea1.vm.provision "ansible" do |ansible|
+      ansible.extra_vars = {
+        srv_name: "kea1",
+        srv_ip: "192.168.56.2",
+      }
+      ansible.playbook = "provision/setup-kea.yml"
+    end
+  end
+
+  # Kea DHCP server 2.
+  config.vm.define "kea2" do |kea2|
+    kea2.vm.hostname = "kea2"
+    kea2.vm.network :private_network, ip: "192.168.56.3"
+    kea2.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 512]
+    end
+    kea2.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    kea2.vm.provision "ansible" do |ansible|
+      ansible.extra_vars = {
+        srv_name: "kea2",
+        srv_ip: "192.168.56.3",
+      }
+      ansible.playbook = "provision/setup-kea.yml"
+    end
+  end
+
+  # client DHCP .
+  config.vm.define "cli" do |cli|
+    cli.vm.hostname = "cli"
+    #cli.vm.network :private_network, ip: "192.168.56.3"
+    cli.vm.network :private_network, type: "dhcp"
+    cli.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 512]
+    end
+    cli.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+  end
+
+
+end
+

kea-dhcp-ha/provision/agent.env.j2

@@ -0,0 +1,46 @@
+### the IP or hostname to listen on for incoming Stork server connections
+STORK_AGENT_HOST={{ srv_ip }}
+
+### the TCP port to listen on for incoming Stork server connections
+# STORK_AGENT_PORT=8080
+
+### listen for commands from the Stork server only, but not for Prometheus requests
+STORK_AGENT_LISTEN_STORK_ONLY=true
+
+### listen for Prometheus requests only, but not for commands from the Stork server
+STORK_AGENT_LISTEN_PROMETHEUS_ONLY=false
+
+### settings for exporting stats to Prometheus
+### the IP or hostname on which the agent exports Kea statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=
+### the port on which the agent exports Kea statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=
+### how often the agent collects stats from Kea, in seconds
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL=
+## enable or disable collecting per-subnet stats from Kea
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true
+### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=
+### the port on which the agent exports BIND 9 statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=
+### how often the agent collects stats from BIND 9, in seconds
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL=
+
+### Stork Server URL used by the agent to send REST commands to the server during agent registration
+STORK_AGENT_SERVER_URL=http://192.168.56.5:8080
+
+### skip TLS certificate verification when the Stork Agent connects
+### to Kea over TLS and Kea uses self-signed certificates
+STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
+
+
+### Logging parameters
+
+### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
+# STORK_LOG_LEVEL=DEBUG
+### disable output colorization
+# CLICOLOR=false
+
+### path to the hook directory
+# STORK_AGENT_HOOK_DIRECTORY=
+

kea-dhcp-ha/provision/ca.cnf.j2

@@ -0,0 +1,62 @@
+// This is an example of a configuration for Control-Agent (CA) listening
+// for incoming HTTP traffic. This is necessary for handling API commands,
+// in particular lease update commands needed for HA setup.
+{
+    "Control-agent":
+    {
+        // We need to specify where the agent should listen to incoming HTTP
+        // queries.
+        "http-host": "{{ srv_ip }}",
+        // This specifies the port CA will listen on.
+        "http-port": 8000,
+        "control-sockets":
+        {
+            // This is how the Agent can communicate with the DHCPv4 server.
+            "dhcp4":
+            {
+                "comment": "socket to DHCPv4 server",
+                "socket-type": "unix",
+                "socket-name": "/tmp/kea4-ctrl-socket"
+            },
+            // Location of the DHCPv6 command channel socket.
+            "dhcp6":
+            {
+                "socket-type": "unix",
+                "socket-name": "/tmp/kea6-ctrl-socket"
+            },
+            // Location of the D2 command channel socket.
+            "d2":
+            {
+                "socket-type": "unix",
+                "socket-name": "/tmp/kea-ddns-ctrl-socket",
+                "user-context": { "in-use": false }
+            }
+        },
+
+        // Similar to other Kea components, CA also uses logging.
+        "loggers": [
+            {
+                "name": "kea-ctrl-agent",
+                "output-options": [
+                    {
+                        "output": "/var/log/kea-ctrl-agent.log",
+                        // Several additional parameters are possible in addition
+                        // to the typical output. Flush determines whether logger
+                        // flushes output to a file. Maxsize determines maximum
+                        // filesize before the file is rotated. maxver
+                        // specifies the maximum number of rotated files being
+                        // kept.
+                        "flush": true,
+                        "maxsize": 204800,
+                        "maxver": 4,
+                        // We use pattern to specify custom log message layout
+                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
+                    }
+                ],
+                "severity": "INFO",
+                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
+            }
+        ]
+    }
+}
+

kea-dhcp-ha/provision/kea-ctrl-agent.conf

@@ -0,0 +1,105 @@
+// This is a basic configuration for the Kea Control Agent.
+//
+// This is just a very basic configuration. Kea comes with large suite (over 30)
+// of configuration examples and extensive Kea User's Guide. Please refer to
+// those materials to get better understanding of what this software is able to
+// do. Comments in this configuration file sometimes refer to sections for more
+// details. These are section numbers in Kea User's Guide. The version matching
+// your software should come with your Kea package, but it is also available
+// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
+// the stable version is https://kea.readthedocs.io/).
+//
+// This configuration file contains only Control Agent's configuration.
+// If configurations for other Kea services are also included in this file they
+// are ignored by the Control Agent.
+{
+
+// This is a basic configuration for the Kea Control Agent.
+// RESTful interface to be available at http://127.0.0.1:8000/
+"Control-agent": {
+    "http-host": "127.0.0.1",
+    // If enabling HA and multi-threading, the 8000 port is used by the HA
+    // hook library http listener. When using HA hook library with
+    // multi-threading to function, make sure the port used by dedicated
+    // listener is different (e.g. 8001) than the one used by CA. Note
+    // the commands should still be sent via CA. The dedicated listener
+    // is specifically for HA updates only.
+    "http-port": 8000,
+
+    // Specify location of the files to which the Control Agent
+    // should connect to forward commands to the DHCPv4, DHCPv6
+    // and D2 servers via unix domain sockets.
+    "control-sockets": {
+        "dhcp4": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea4-ctrl-socket"
+        },
+        "dhcp6": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea6-ctrl-socket"
+        },
+        "d2": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea-ddns-ctrl-socket"
+        }
+    },
+
+    // Specify hooks libraries that are attached to the Control Agent.
+    // Such hooks libraries should support 'control_command_receive'
+    // hook point. This is currently commented out because it has to
+    // point to the existing hooks library. Otherwise the Control
+    // Agent will fail to start.
+    "hooks-libraries": [
+//  {
+//      "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
+//      "parameters": {
+//          "param1": "foo"
+//      }
+//  }
+    ],
+
+// Logging configuration starts here. Kea uses different loggers to log various
+// activities. For details (e.g. names of loggers), see Chapter 18.
+    "loggers": [
+    {
+        // This specifies the logging for Control Agent daemon.
+        "name": "kea-ctrl-agent",
+        "output_options": [
+            {
+                // Specifies the output file. There are several special values
+                // supported:
+                // - stdout (prints on standard output)
+                // - stderr (prints on standard error)
+                // - syslog (logs to syslog)
+                // - syslog:name (logs to syslog using specified name)
+                // Any other value is considered a name of the file
+                "output": "stdout",
+
+                // Shorter log pattern suitable for use with systemd,
+                // avoids redundant information
+                "pattern": "%-5p %m\n"
+
+                // This governs whether the log output is flushed to disk after
+                // every write.
+                // "flush": false,
+
+                // This specifies the maximum size of the file before it is
+                // rotated.
+                // "maxsize": 1048576,
+
+                // This specifies the maximum number of rotated files to keep.
+                // "maxver": 8
+            }
+        ],
+        // This specifies the severity of log messages to keep. Supported values
+        // are: FATAL, ERROR, WARN, INFO, DEBUG
+        "severity": "INFO",
+
+        // If DEBUG level is specified, this value is used. 0 is least verbose,
+        // 99 is most verbose. Be cautious, Kea can generate lots and lots
+        // of logs if told to do so.
+        "debuglevel": 0
+    }
+  ]
+}
+}

kea-dhcp-ha/provision/kea-ctrl-agent.conf.j2

@@ -0,0 +1,98 @@
+// This is a basic configuration for the Kea Control Agent.
+//
+// This is just a very basic configuration. Kea comes with large suite (over 30)
+// of configuration examples and extensive Kea User's Guide. Please refer to
+// those materials to get better understanding of what this software is able to
+// do. Comments in this configuration file sometimes refer to sections for more
+// details. These are section numbers in Kea User's Guide. The version matching
+// your software should come with your Kea package, but it is also available
+// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
+// the stable version is https://kea.readthedocs.io/).
+//
+// This configuration file contains only Control Agent's configuration.
+// If configurations for other Kea services are also included in this file they
+// are ignored by the Control Agent.
+{
+
+// This is a basic configuration for the Kea Control Agent.
+// RESTful interface to be available at http://127.0.0.1:8000/
+"Control-agent": {
+    "http-host": "{{ srv_ip }}",
+    // If enabling HA and multi-threading, the 8000 port is used by the HA
+    // hook library http listener. When using HA hook library with
+    // multi-threading to function, make sure the port used by dedicated
+    // listener is different (e.g. 8001) than the one used by CA. Note
+    // the commands should still be sent via CA. The dedicated listener
+    // is specifically for HA updates only.
+    "http-port": 8001,
+
+    // Specify location of the files to which the Control Agent
+    // should connect to forward commands to the DHCPv4, DHCPv6
+    // and D2 servers via unix domain sockets.
+    "control-sockets": {
+        "dhcp4": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea4-ctrl-socket"
+        }
+    },
+
+    // Specify hooks libraries that are attached to the Control Agent.
+    // Such hooks libraries should support 'control_command_receive'
+    // hook point. This is currently commented out because it has to
+    // point to the existing hooks library. Otherwise the Control
+    // Agent will fail to start.
+    "hooks-libraries": [
+//  {
+//      "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
+//      "parameters": {
+//          "param1": "foo"
+//      }
+//  }
+    ],
+
+// Logging configuration starts here. Kea uses different loggers to log various
+// activities. For details (e.g. names of loggers), see Chapter 18.
+    "loggers": [
+    {
+        // This specifies the logging for Control Agent daemon.
+        "name": "kea-ctrl-agent",
+        "output-options": [
+            {
+                // Specifies the output file. There are several special values
+                // supported:
+                // - stdout (prints on standard output)
+                // - stderr (prints on standard error)
+                // - syslog (logs to syslog)
+                // - syslog:name (logs to syslog using specified name)
+                // Any other value is considered a name of the file
+                "output": "stdout",
+
+                // Shorter log pattern suitable for use with systemd,
+                // avoids redundant information
+                "pattern": "%-5p %m\n"
+
+                // This governs whether the log output is flushed to disk after
+                // every write.
+                // "flush": false,
+
+                // This specifies the maximum size of the file before it is
+                // rotated.
+                // "maxsize": 1048576,
+
+                // This specifies the maximum number of rotated files to keep.
+                // "maxver": 8
+            }
+        ],
+        // This specifies the severity of log messages to keep. Supported values
+        // are: FATAL, ERROR, WARN, INFO, DEBUG
+        "severity": "INFO",
+
+        // If DEBUG level is specified, this value is used. 0 is least verbose,
+        // 99 is most verbose. Be cautious, Kea can generate lots and lots
+        // of logs if told to do so.
+        "debuglevel": 0
+    }
+  ]
+}
+}
+

kea-dhcp-ha/provision/kea-dhcp4.conf.j2

@@ -0,0 +1,534 @@
+// This is a basic configuration for the Kea DHCPv4 server. Subnet declarations
+// are mostly commented out and no interfaces are listed. Therefore, the servers
+// will not listen or respond to any queries.
+// The basic configuration must be extended to specify interfaces on which
+// the servers should listen. There are a number of example options defined.
+// These probably don't make any sense in your network. Make sure you at least
+// update the following, before running this example in your network:
+// - change the network interface names
+// - change the subnets to match your actual network
+// - change the option values to match your network
+//
+// This is just a very basic configuration. Kea comes with large suite (over 30)
+// of configuration examples and extensive Kea User's Guide. Please refer to
+// those materials to get better understanding of what this software is able to
+// do. Comments in this configuration file sometimes refer to sections for more
+// details. These are section numbers in Kea User's Guide. The version matching
+// your software should come with your Kea package, but it is also available
+// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
+// the stable version is https://kea.readthedocs.io/).
+//
+// This configuration file contains only DHCPv4 server's configuration.
+// If configurations for other Kea services are also included in this file they
+// are ignored by the DHCPv4 server.
+{
+
+// DHCPv4 configuration starts here. This section will be read by DHCPv4 server
+// and will be ignored by other components.
+"Dhcp4": {
+    // Add names of your network interfaces to listen on.
+    "interfaces-config": {
+        // See section 8.2.4 for more details. You probably want to add just
+        // interface name (e.g. "eth0" or specific IPv4 address on that
+        // interface name (e.g. "eth0/192.0.2.1").
+        "interfaces": [ "eth1" ]
+
+        // Kea DHCPv4 server by default listens using raw sockets. This ensures
+        // all packets, including those sent by directly connected clients
+        // that don't have IPv4 address yet, are received. However, if your
+        // traffic is always relayed, it is often better to use regular
+        // UDP sockets. If you want to do that, uncomment this line:
+        // "dhcp-socket-type": "udp"
+    },
+
+    // Kea supports control channel, which is a way to receive management
+    // commands while the server is running. This is a Unix domain socket that
+    // receives commands formatted in JSON, e.g. config-set (which sets new
+    // configuration), config-reload (which tells Kea to reload its
+    // configuration from file), statistic-get (to retrieve statistics) and many
+    // more. For detailed description, see Sections 8.8, 16 and 15.
+    "control-socket": {
+        "socket-type": "unix",
+        "socket-name": "/run/kea/kea4-ctrl-socket"
+    },
+
+    // Use Memfile lease database backend to store leases in a CSV file.
+    // Depending on how Kea was compiled, it may also support SQL databases
+    // (MySQL and/or PostgreSQL). Those database backends require more
+    // parameters, like name, host and possibly user and password.
+    // There are dedicated examples for each backend. See Section 7.2.2 "Lease
+    // Storage" for details.
+    "lease-database": {
+        // Memfile is the simplest and easiest backend to use. It's an in-memory
+        // C++ database that stores its state in CSV file.
+        "type": "memfile",
+        "lfc-interval": 3600
+    },
+
+    // Kea allows storing host reservations in a database. If your network is
+    // small or you have few reservations, it's probably easier to keep them
+    // in the configuration file. If your network is large, it's usually better
+    // to use database for it. To enable it, uncomment the following:
+    // "hosts-database": {
+    //     "type": "mysql",
+    //     "name": "kea",
+    //     "user": "kea",
+    //     "password": "kea",
+    //     "host": "localhost",
+    //     "port": 3306
+    // },
+    // See Section 7.2.3 "Hosts storage" for details.
+
+    // Setup reclamation of the expired leases and leases affinity.
+    // Expired leases will be reclaimed every 10 seconds. Every 25
+    // seconds reclaimed leases, which have expired more than 3600
+    // seconds ago, will be removed. The limits for leases reclamation
+    // are 100 leases or 250 ms for a single cycle. A warning message
+    // will be logged if there are still expired leases in the
+    // database after 5 consecutive reclamation cycles.
+    "expired-leases-processing": {
+        "reclaim-timer-wait-time": 10,
+        "flush-reclaimed-timer-wait-time": 25,
+        "hold-reclaimed-time": 3600,
+        "max-reclaim-leases": 100,
+        "max-reclaim-time": 250,
+        "unwarned-reclaim-cycles": 5
+    },
+
+    // Global timers specified here apply to all subnets, unless there are
+    // subnet specific values defined in particular subnets.
+    "renew-timer": 900,
+    "rebind-timer": 1800,
+    "valid-lifetime": 3600,
+
+    // Many additional parameters can be specified here:
+    // - option definitions (if you want to define vendor options, your own
+    //                       custom options or perhaps handle standard options
+    //                       that Kea does not support out of the box yet)
+    // - client classes
+    // - hooks
+    // - ddns information (how the DHCPv4 component can reach a DDNS daemon)
+    //
+    // Some of them have examples below, but there are other parameters.
+    // Consult Kea User's Guide to find out about them.
+
+    // These are global options. They are going to be sent when a client
+    // requests them, unless overwritten with values in more specific scopes.
+    // The scope hierarchy is:
+    // - global (most generic, can be overwritten by class, subnet or host)
+    // - class (can be overwritten by subnet or host)
+    // - subnet (can be overwritten by host)
+    // - host (most specific, overwrites any other scopes)
+    //
+    // Not all of those options make sense. Please configure only those that
+    // are actually useful in your network.
+    //
+    // For a complete list of options currently supported by Kea, see
+    // Section 7.2.8 "Standard DHCPv4 Options". Kea also supports
+    // vendor options (see Section 7.2.10) and allows users to define their
+    // own custom options (see Section 7.2.9).
+    "option-data": [
+        // When specifying options, you typically need to specify
+        // one of (name or code) and data. The full option specification
+        // covers name, code, space, csv-format and data.
+        // space defaults to "dhcp4" which is usually correct, unless you
+        // use encapsulate options. csv-format defaults to "true", so
+        // this is also correct, unless you want to specify the whole
+        // option value as long hex string. For example, to specify
+        // domain-name-servers you could do this:
+        // {
+        //     "name": "domain-name-servers",
+        //     "code": 6,
+        //     "csv-format": "true",
+        //     "space": "dhcp4",
+        //     "data": "192.0.2.1, 192.0.2.2"
+        // }
+        // but it's a lot of writing, so it's easier to do this instead:
+        {
+            "name": "domain-name-servers",
+            "data": "192.0.2.1, 192.0.2.2"
+        },
+
+        // Typically people prefer to refer to options by their names, so they
+        // don't need to remember the code names. However, some people like
+        // to use numerical values. For example, option "domain-name" uses
+        // option code 15, so you can reference to it either by
+        // "name": "domain-name" or "code": 15.
+        {
+            "code": 15,
+            "data": "example.org"
+        },
+
+        // Domain search is also a popular option. It tells the client to
+        // attempt to resolve names within those specified domains. For
+        // example, name "foo" would be attempted to be resolved as
+        // foo.mydomain.example.com and if it fails, then as foo.example.com
+        {
+            "name": "domain-search",
+            "data": "mydomain.example.com, example.com"
+        },
+
+        // String options that have a comma in their values need to have
+        // it escaped (i.e. each comma is preceded by two backslashes).
+        // That's because commas are reserved for separating fields in
+        // compound options. At the same time, we need to be conformant
+        // with JSON spec, that does not allow "\,". Therefore the
+        // slightly uncommon double backslashes notation is needed.
+
+        // Legal JSON escapes are \ followed by "\/bfnrt character
+        // or \u followed by 4 hexadecimal numbers (currently Kea
+        // supports only \u0000 to \u00ff code points).
+        // CSV processing translates '\\' into '\' and '\,' into ','
+        // only so for instance '\x' is translated into '\x'. But
+        // as it works on a JSON string value each of these '\'
+        // characters must be doubled on JSON input.
+        {
+            "name": "boot-file-name",
+            "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
+        },
+
+        // Options that take integer values can either be specified in
+        // dec or hex format. Hex format could be either plain (e.g. abcd)
+        // or prefixed with 0x (e.g. 0xabcd).
+        {
+            "name": "default-ip-ttl",
+            "data": "0xf0"
+        }
+
+        // Note that Kea provides some of the options on its own. In particular,
+        // it sends IP Address lease type (code 51, based on valid-lifetime
+        // parameter, Subnet mask (code 1, based on subnet definition), Renewal
+        // time (code 58, based on renew-timer parameter), Rebind time (code 59,
+        // based on rebind-timer parameter).
+    ],
+
+    // Other global parameters that can be defined here are option definitions
+    // (this is useful if you want to use vendor options, your own custom
+    // options or perhaps handle options that Kea does not handle out of the box
+    // yet).
+
+    // You can also define classes. If classes are defined, incoming packets
+    // may be assigned to specific classes. A client class can represent any
+    // group of devices that share some common characteristic, e.g. Windows
+    // devices, iphones, broken printers that require special options, etc.
+    // Based on the class information, you can then allow or reject clients
+    // to use certain subnets, add special options for them or change values
+    // of some fixed fields.
+    "client-classes": [
+        {
+            // This specifies a name of this class. It's useful if you need to
+            // reference this class.
+            "name": "voip",
+
+            // This is a test. It is an expression that is being evaluated on
+            // each incoming packet. It is supposed to evaluate to either
+            // true or false. If it's true, the packet is added to specified
+            // class. See Section 12 for a list of available expressions. There
+            // are several dozens. Section 8.2.14 for more details for DHCPv4
+            // classification and Section 9.2.19 for DHCPv6.
+            "test": "substring(option[60].hex,0,6) == 'Aastra'",
+
+            // If a client belongs to this class, you can define extra behavior.
+            // For example, certain fields in DHCPv4 packet will be set to
+            // certain values.
+            "next-server": "192.0.2.254",
+            "server-hostname": "hal9000",
+            "boot-file-name": "/dev/null"
+
+            // You can also define option values here if you want devices from
+            // this class to receive special options.
+        }
+    ],
+
+    // Another thing possible here are hooks. Kea supports a powerful mechanism
+    // that allows loading external libraries that can extract information and
+    // even influence how the server processes packets. Those libraries include
+    // additional forensic logging capabilities, ability to reserve hosts in
+    // more flexible ways, and even add extra commands. For a list of available
+    // hook libraries, see https://gitlab.isc.org/isc-projects/kea/wikis/Hooks-available.
+    "hooks-libraries": [
+        // The lease_cmds library must be loaded because HA makes use of it to
+        // deliver lease updates to the server as well as synchronize the
+        // lease database after failure.
+        {
+            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
+        },
+      {
+
+            // The HA hooks library should be loaded.
+            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
+            "parameters": {
+                // Each server should have the same HA configuration, except for the
+                // "this-server-name" parameter.
+                "high-availability": [ {
+                    // This parameter points to this server instance. The respective
+                    // HA peers must have this parameter set to their own names.
+                    "this-server-name": "{{ srv_name }}",
+                    // The HA mode is set to hot-standby. In this mode, the active server handles
+                    // all the traffic. The standby takes over if the primary becomes unavailable.
+                    "mode": "hot-standby",
+                    // Heartbeat is to be sent every 10 seconds if no other control
+                    // commands are transmitted.
+                    "heartbeat-delay": 10000,
+                    // Maximum time for partner's response to a heartbeat, after which
+                    // failure detection is started. This is specified in milliseconds.
+                    // If we don't hear from the partner in 60 seconds, it's time to
+                    // start worrying.
+                    "max-response-delay": 60000,
+                    // The following parameters control how the server detects the
+                    // partner's failure. The ACK delay sets the threshold for the
+                    // 'secs' field of the received discovers. This is specified in
+                    // milliseconds.
+                    "max-ack-delay": 5000,
+                    // This specifies the number of clients which send messages to
+                    // the partner but appear to not receive any response.
+                    "max-unacked-clients": 5,
+
+                    // This specifies the maximum timeout (in milliseconds) for the server
+                    // to complete sync. If you have a large deployment (high tens or
+                    // hundreds of thousands of clients), you may need to increase it
+                    // further. The default value is 60000ms (60 seconds).
+                    "sync-timeout": 60000,
+                    "peers": [
+                        // This is the configuration of this server instance.
+                        {
+                            "name": "kea1",
+                            // This specifies the URL of our server instance. The
+                            // Control Agent must run along with our DHCPv4 server
+                            // instance and the "http-host" and "http-port" must be
+                            // set to the corresponding values.
+                            "url": "http://192.168.56.2:8000/",
+                            // This server is primary. The other one must be
+                            // secondary.
+                            "role": "primary"
+                        },
+                        // This is the configuration of our HA peer.
+                        {
+                            "name": "kea2",
+                            // Specifies the URL on which the partner's control
+                            // channel can be reached. The Control Agent is required
+                            // to run on the partner's machine with "http-host" and
+                            // "http-port" values set to the corresponding values.
+                            "url": "http://192.168.56.3:8000/",
+                            // The partner is a secondary. Our is primary.
+                            "role": "standby"
+                        }
+                    ]
+                } ]
+            }
+        }
+
+    ],
+    //       // Forensic Logging library generates forensic type of audit trail
+    //       // of all devices serviced by Kea, including their identifiers
+    //       // (like MAC address), their location in the network, times
+    //       // when they were active etc.
+    //       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_legal_log.so",
+    //       "parameters": {
+    //           "path": "/var/lib/kea",
+    //           "base-name": "kea-forensic4"
+    //       }
+    //   },
+    //   {
+    //       // Flexible identifier (flex-id). Kea software provides a way to
+    //       // handle host reservations that include addresses, prefixes,
+    //       // options, client classes and other features. The reservation can
+    //       // be based on hardware address, DUID, circuit-id or client-id in
+    //       // DHCPv4 and using hardware address or DUID in DHCPv6. However,
+    //       // there are sometimes scenario where the reservation is more
+    //       // complex, e.g. uses other options that mentioned above, uses part
+    //       // of specific options or perhaps even a combination of several
+    //       // options and fields to uniquely identify a client. Those scenarios
+    //       // are addressed by the Flexible Identifiers hook application.
+    //       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_flex_id.so",
+    //       "parameters": {
+    //           "identifier-expression": "relay4[2].hex"
+    //       }
+    //   }
+    // ],
+
+    // Below an example of a simple IPv4 subnet declaration. Uncomment to enable
+    // it. This is a list, denoted with [ ], of structures, each denoted with
+    // { }. Each structure describes a single subnet and may have several
+    // parameters. One of those parameters is "pools" that is also a list of
+    // structures.
+    "subnet4": [
+        {
+            // This defines the whole subnet. Kea will use this information to
+            // determine where the clients are connected. This is the whole
+            // subnet in your network. This is mandatory parameter for each
+            // subnet.
+            "id": 1,
+            "subnet": "192.168.56.0/24",
+	    "interface" : "eth1", 
+
+            // Pools define the actual part of your subnet that is governed
+            // by Kea. Technically this is optional parameter, but it's
+            // almost always needed for DHCP to do its job. If you omit it,
+            // clients won't be able to get addresses, unless there are
+            // host reservations defined for them.
+            "pools": [ { "pool": "192.168.56.120 - 192.168.56.130" } ],
+
+            // These are options that are subnet specific. In most cases,
+            // you need to define at least routers option, as without this
+            // option your clients will not be able to reach their default
+            // gateway and will not have Internet connectivity.
+            "option-data": [
+                {
+                    // For each IPv4 subnet you most likely need to specify at
+                    // least one router.
+                    "name": "routers",
+                    "data": "192.168.56.1"
+                }
+            ],
+
+            // Kea offers host reservations mechanism. Kea supports reservations
+            // by several different types of identifiers: hw-address
+            // (hardware/MAC address of the client), duid (DUID inserted by the
+            // client), client-id (client identifier inserted by the client) and
+            // circuit-id (circuit identifier inserted by the relay agent).
+            //
+            // Kea also support flexible identifier (flex-id), which lets you
+            // specify an expression that is evaluated for each incoming packet.
+            // Resulting value is then used for as an identifier.
+            //
+            // Note that reservations are subnet-specific in Kea. This is
+            // different than ISC DHCP. Keep that in mind when migrating
+            // your configurations.
+            "reservations": [
+
+                // This is a reservation for a specific hardware/MAC address.
+                // It's a rather simple reservation: just an address and nothing
+                // else.
+                {
+                    "hw-address": "1a:1b:1c:1d:1e:1f",
+                    "ip-address": "192.168.56.201"
+                },
+
+                // This is a reservation for a specific client-id. It also shows
+                // the this client will get a reserved hostname. A hostname can
+                // be defined for any identifier type, not just client-id.
+                {
+                    "client-id": "01:11:22:33:44:55:66",
+                    "ip-address": "192.168.56.202",
+                    "hostname": "special-snowflake"
+                },
+
+                // The third reservation is based on DUID. This reservation defines
+                // a special option values for this particular client. If the
+                // domain-name-servers option would have been defined on a global,
+                // subnet or class level, the host specific values take preference.
+                {
+                    "duid": "01:02:03:04:05",
+                    "ip-address": "192.168.56.203",
+                    "option-data": [ {
+                        "name": "domain-name-servers",
+                        "data": "10.1.1.202, 10.1.1.203"
+                    } ]
+                },
+
+                // The fourth reservation is based on circuit-id. This is an option
+                // inserted by the relay agent that forwards the packet from client
+                // to the server.  In this example the host is also assigned vendor
+                // specific options.
+                //
+                // When using reservations, it is useful to configure
+                // reservations-global, reservations-in-subnet,
+                // reservations-out-of-pool (subnet specific parameters)
+                // and host-reservation-identifiers (global parameter).
+                {
+                    "client-id": "01:12:23:34:45:56:67",
+                    "ip-address": "192.168.56.204",
+                    "option-data": [
+                        {
+                            "name": "vivso-suboptions",
+                            "data": "4491"
+                        },
+                        {
+                            "name": "tftp-servers",
+                            "space": "vendor-4491",
+                            "data": "10.1.1.202, 10.1.1.203"
+                        }
+                    ]
+                },
+                // This reservation is for a client that needs specific DHCPv4
+                // fields to be set. Three supported fields are next-server,
+                // server-hostname and boot-file-name
+                {
+                    "client-id": "01:0a:0b:0c:0d:0e:0f",
+                    "ip-address": "192.168.56.205",
+                    "next-server": "192.168.56.206",
+                    "server-hostname": "hal9000",
+                    "boot-file-name": "/dev/null"
+                },
+                // This reservation is using flexible identifier. Instead of
+                // relying on specific field, sysadmin can define an expression
+                // similar to what is used for client classification,
+                // e.g. substring(relay[0].option[17],0,6). Then, based on the
+                // value of that expression for incoming packet, the reservation
+                // is matched. Expression can be specified either as hex or
+                // plain text using single quotes.
+                //
+                // Note: flexible identifier requires flex_id hook library to be
+                // loaded to work.
+                {
+                    "flex-id": "'s0mEVaLue'",
+                    "ip-address": "192.168.56.207"
+                }
+                // You can add more reservations here.
+            ]
+            // You can add more subnets there.
+        }
+    ],
+
+    // There are many, many more parameters that DHCPv4 server is able to use.
+    // They were not added here to not overwhelm people with too much
+    // information at once.
+
+    // Logging configuration starts here. Kea uses different loggers to log various
+    // activities. For details (e.g. names of loggers), see Chapter 18.
+    "loggers": [
+    {
+        // This section affects kea-dhcp4, which is the base logger for DHCPv4
+        // component. It tells DHCPv4 server to write all log messages (on
+        // severity INFO or more) to a file.
+        "name": "kea-dhcp4",
+        "output_options": [
+            {
+                // Specifies the output file. There are several special values
+                // supported:
+                // - stdout (prints on standard output)
+                // - stderr (prints on standard error)
+                // - syslog (logs to syslog)
+                // - syslog:name (logs to syslog using specified name)
+                // Any other value is considered a name of the file
+                "output": "stdout",
+
+                // Shorter log pattern suitable for use with systemd,
+                // avoids redundant information
+                "pattern": "%-5p %m\n",
+
+                // This governs whether the log output is flushed to disk after
+                // every write.
+                // "flush": false,
+
+                // This specifies the maximum size of the file before it is
+                // rotated.
+                // "maxsize": 1048576,
+
+                // This specifies the maximum number of rotated files to keep.
+                // "maxver": 8
+            }
+        ],
+        // This specifies the severity of log messages to keep. Supported values
+        // are: FATAL, ERROR, WARN, INFO, DEBUG
+        "severity": "INFO",
+
+        // If DEBUG level is specified, this value is used. 0 is least verbose,
+        // 99 is most verbose. Be cautious, Kea can generate lots and lots
+        // of logs if told to do so.
+        "debuglevel": 0
+    }
+  ]
+}
+}

kea-dhcp-ha/provision/server.env.j2

@@ -0,0 +1,53 @@
+### database settings
+### the address of a PostgreSQL database
+# STORK_DATABASE_HOST=
+### the port of a PostgreSQL database
+# STORK_DATABASE_PORT=
+### the name of a database
+STORK_DATABASE_NAME={{ stork_db_name }}
+### the username for connecting to the database
+STORK_DATABASE_USER_NAME={{ stork_db_user }}
+### the SSL mode for connecting to the database
+### possible values: disable, require, verify-ca, or verify-full
+# STORK_DATABASE_SSLMODE=
+### the location of the SSL certificate used by the server to connect to the database
+# STORK_DATABASE_SSLCERT=
+### the location of the SSL key used by the server to connect to the database
+# STORK_DATABASE_SSLKEY=
+### the location of the root certificate file used to verify the database server's certificate
+# STORK_DATABASE_SSLROOTCERT=
+### the password for the username connecting to the database
+### empty password is set to avoid prompting a user for database password
+STORK_DATABASE_PASSWORD={{ stork_db_passwd}}
+
+### REST API settings
+### the IP address on which the server listens
+# STORK_REST_HOST=
+### the port number on which the server listens
+# STORK_REST_PORT=
+### the file with a certificate to use for secure connections
+# STORK_REST_TLS_CERTIFICATE=
+### the file with a private key to use for secure connections
+# STORK_REST_TLS_PRIVATE_KEY=
+### the certificate authority file used for mutual TLS authentication
+# STORK_REST_TLS_CA_CERTIFICATE=
+### the directory with static files served in the UI
+STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www
+### the base URL of the UI - to be used only if the UI is served from a subdirectory
+# STORK_REST_BASE_URL=
+
+### enable Prometheus /metrics HTTP endpoint for exporting metrics from
+### the server to Prometheus. It is recommended to secure this endpoint
+### (e.g. using HTTP proxy).
+# STORK_SERVER_ENABLE_METRICS=true
+
+### Logging parameters
+
+### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
+# STORK_LOG_LEVEL=DEBUG
+### disable output colorization
+# CLICOLOR=false
+
+### path to the hook directory
+# STORK_SERVER_HOOK_DIRECTORY=
+

kea-dhcp-ha/provision/setup-kea.yml

@@ -0,0 +1,93 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: Preparation  
+    ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-6/setup.deb.sh' | sudo -E bash
+
+  - name: Update apt
+    ansible.builtin.apt:
+      update_cache: yes
+
+  - name: Installation isc-kea-dhcp4
+    ansible.builtin.apt:
+      name: isc-kea-dhcp4-server
+      state: present
+
+  - name: Installation isc-kea-ctrl-agent
+    ansible.builtin.apt:
+      name: isc-kea-ctrl-agent
+      state: present
+
+  - name: Installation isc-kea-hooks
+    ansible.builtin.apt:
+      name: isc-kea-hooks
+      state: present
+
+  - name: Generation du fichier de configuration kea-ctrl-agent
+    ansible.builtin.template:
+      src: kea-ctrl-agent.conf.j2
+      dest: /etc/kea/kea-ctrl-agent.conf
+      backup: yes
+    notify:
+        - relance isc-kea-ctrl-agent
+
+  - name: Generation du fichier de configuration kea-dhcp4.conf
+    ansible.builtin.template:
+      src: kea-dhcp4.conf.j2
+      dest: /etc/kea/kea-dhcp4.conf
+      backup: yes
+    notify:
+    - relance isc-kea-dhcp4-server
+
+      #  - name: change adresse IP dans /etc/kea/kea-ctrl-agent.conf
+      #    ansible.builtin.replace:
+      #      path: /etc/kea/kea-ctrl-agent.conf
+      #      regexp: '"http-host": "127.0.0.1",'
+      #      replace: '"http-host": "{{ srv_ip }}",'
+      #      backup: yes
+      #
+  - name: Preparation depot stork agent 
+    ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash
+
+  - name: Update apt
+    ansible.builtin.apt:
+      update_cache: yes
+
+  - name: Installation isc-stork-agent
+    ansible.builtin.apt:
+      name: isc-stork-agent
+      state: present
+
+  - name: Generation du fichier agent.env pour stork-agent 
+    ansible.builtin.template:
+      src: agent.env.j2
+      dest: /etc/stork/agent.env
+      backup: yes
+    notify:
+      - relance isc-stork-agent
+        
+  - name: Preparation stork agent 
+    ansible.builtin.shell: sudo su stork-agent -s /bin/sh -c "stork-agent register --non-interactive --agent-host {{ srv_ip }} --server-url http://192.168.56.5:8080"
+
+  handlers:
+  - name: relance isc-kea-ctrl-agent
+    ansible.builtin.service:
+      name: isc-kea-ctrl-agent
+      state: restarted
+      enabled: yes
+
+  - name: relance isc-stork-agent
+    ansible.builtin.service:
+      name: isc-stork-agent
+      state: restarted
+      enabled: yes
+
+
+  - name: relance isc-kea-dhcp4-server
+    ansible.builtin.service:
+      name: isc-kea-dhcp4-server
+      state: restarted
+      enabled: yes
+
+

kea-dhcp-ha/provision/setup-stork.yml

@@ -0,0 +1,47 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: Preparation depots 
+    ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash
+
+  - name: Update apt
+    ansible.builtin.apt:
+      update_cache: yes
+
+  - name: Installation isc-stork-server postgresql et postgresql-contrib
+    ansible.builtin.apt:
+      pkg:
+      - isc-stork-server
+      - postgresql
+      - postgresql-contrib
+
+        #  - name: Lance la commande de création de la base de donnees stork
+        # ansible.builtin.shell: sudo postgresql-setup --initdb 
+
+  - name : lancement postgres
+    ansible.builtin.service:
+      name:  postgresql
+      state: restarted
+      enabled: yes
+
+  - name: Lance la commande de création de la base de donnees stork
+    ansible.builtin.shell: su postgres --command "stork-tool db-create --db-name {{ stork_db_name }} --db-user {{ stork_db_user }} --db-password {{ stork_db_passwd }}"
+
+  - name: Generation du fichier de configuration server.env
+    ansible.builtin.template:
+      src: server.env.j2
+      dest: /etc/stork/server.env
+    notify:
+      - Restart isc-stork-server.service
+
+
+  handlers:
+  - name: Restart isc-stork-server.service
+    ansible.builtin.service:
+      name: isc-stork-server.service
+      state: restarted
+      enabled: yes
+
+
+

lamp-ds/Vagrantfile

@@ -0,0 +1,90 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "lamp"
+
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+   config.vm.network "forwarded_port", guest: 80, host: 2080
+   config.vm.network "forwarded_port", guest: 22, host: 2022
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  #config.vm.synced_folder ".", "/vagrant", disabled: false
+  config.vm.synced_folder ".", "/var/www/html", disabled: false
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  config.vm.provision "shell", inline: <<-SHELL
+    #  export http_proxy=http://10.121.38.1:8080
+    #  export https_proxy=http://10.121.38.1:8080
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl git apache2 php mariadb-server 
+     DEBIAN_FRONTEND=noninteractive apt-get -yq install phpmyadmin
+     cp /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
+     a2enconf phpmyadmin.conf
+     systemctl reload apache2.service
+
+   SHELL
+end

lldap/Vagrantfile

@@ -0,0 +1,92 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "ldap"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+  config.vm.network "private_network", ip: "192.168.56.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl git gpg
+     echo 'deb http://download.opensuse.org/repositories/home:/Masgalor:/LLDAP/Debian_12/ /' | sudo tee /etc/apt/sources.list.d/home:Masgalor:LLDAP.list
+     curl -fsSL https://download.opensuse.org/repositories/home:Masgalor:LLDAP/Debian_12/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_Masgalor_LLDAP.gpg > /dev/null
+     apt-get update
+     apt-get install -y lldap lldap-set-password jq
+     echo 'ldap_base_dn = "dc=labo,dc=lan"' >> /etc/lldap/lldap_config.toml 
+     echo 'ldap_user_pass = "Azerty1+"' >> /etc/lldap/lldap_config.toml 
+     systemctl enable lldap
+     systemctl restart lldap
+     git clone https://github.com/Zepmann/lldap-cli.git
+     sed -i 's/^lldapConfig=.*/lldapConfig=\"\/etc\/lldap\/lldap_config.toml\"/' lldap-cli/lldap-cli
+     cd lldap-cli && lldap-cli user add pdubois pdubois@jetable.org -p Azerty1+
+     cd lldap-cli && lldap-cli user add pdubois pdubois@jetable.org -p Azerty1+
+  SHELL
+end

lldap2/Vagrantfile

@@ -0,0 +1,100 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "ldap"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+  #config.vm.network "private_network", ip: "192.168.56.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl git gpg
+     echo 'deb http://download.opensuse.org/repositories/home:/Masgalor:/LLDAP/Debian_12/ /' | sudo tee /etc/apt/sources.list.d/home:Masgalor:LLDAP.list
+     curl -fsSL https://download.opensuse.org/repositories/home:Masgalor:LLDAP/Debian_12/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_Masgalor_LLDAP.gpg > /dev/null
+     apt-get update
+     apt-get install -y lldap lldap-set-password jq
+     sed -i 's/^#ldap_base_dn =.*/ldap_base_dn = "dc=labo,dc=lan"/' /etc/lldap/lldap_config.toml 
+     sed -i 's/^#ldap_user_pass =.*/ldap_user_pass= "Azerty1+"/' /etc/lldap/lldap_config.toml 
+     systemctl enable --now lldap
+     [[ -d lldap-cli ]] || git clone https://github.com/Zepmann/lldap-cli.git
+     sed -i 's:.*lldapConfig=.*:lldapConfig="/etc/lldap/lldap_config.toml":' lldap-cli/lldap-cli
+     bash lldap-cli/lldap-cli group add sio2025
+     bash lldap-cli/lldap-cli user add pdubois pdubois@jetable.org -p Azerty1+
+     bash lldap-cli/lldap-cli user group add pdubois sio2025
+     bash lldap-cli/lldap-cli group add sio2026
+     bash lldap-cli/lldap-cli user add jleroy jleroy@jetable.org -p Azerty1+
+     bash lldap-cli/lldap-cli user group add jleroy sio2026
+     bash lldap-cli/lldap-cli user add ldupont ldupont@jetable.org -p Azerty1+
+     bash lldap-cli/lldap-cli user group add ldupont  sio2026
+     bash lldap-cli/lldap-cli user add bind_user bind_user@jetable.org -p Azerty1+
+     bash lldap-cli/lldap-cli user group add bind_user lldap_strict_readonly
+     ip -br a
+  SHELL
+end

nagios4/Vagrantfile

@@ -12,7 +12,9 @@ Vagrant.configure("2") do |config|
 
   # Every Vagrant development environment requires a box. You can search for
   # boxes at https://vagrantcloud.com/search.
-  config.vm.box = "debian/bullseye64"
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "nagios4"
+
 
   # Disable automatic box update checking. If you disable this, then
   # boxes will only be checked for updates when the user runs
@@ -65,12 +67,15 @@ Vagrant.configure("2") do |config|
   # documentation for more information about their specific syntax and use.
    config.vm.provision "shell", inline: <<-SHELL
       apt-get update
-      apt-get install -y curl wget
-      apt-get install -y nagios4
+      apt-get install -y vim curl wget apache2 php nagios4 nagios-plugins-contrib
       cp /etc/nagios4/apache2.conf /etc/apache2/sites-available/nagios4.conf
       a2ensite nagios4.conf
       a2enmod rewrite cgi
+#      sed -i 's/Require all/#Require all/' /etc/apache2/conf-enabled/nagios4-cgi.conf
+#      sed -i 's/#Require\tvalid-user/Require\tvalid-user/' /etc/apache2/conf-enabled/nagios4-cgi.conf
       systemctl reload apache2
+#      htdigest -b -c /etc/nagios4/htdigest.users "Nagios4" nagiosadmin admin
 
    SHELL
 end
+

netbox/Vagrantfile

@@ -0,0 +1,94 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "netbox"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "2048"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl git
+     if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+     fi
+     git clone -b release https://github.com/netbox-community/netbox-docker.git
+     cd netbox-docker
+     cat > docker-compose.override.yml <<EOT
+services:
+  netbox:
+    ports:
+      - "8000:8080"
+EOT
+     docker compose pull
+     docker compose up -d
+   SHELL
+end

restic-minio/README.md

@@ -0,0 +1,38 @@
+# Serveur Wazuh All in One et machine wazuh-agent debian 12 
+
+## Présentation
+
+Cette `Vagrantfile` permet d'installer :
+  * un serveur Wazuh **wazuh** All-In-One ( indexer + manager + Dashboard) - Ubuntu 24.04
+  * un serveur Linux  **wazuh-cli** ( wazuh-agent ) - Debian 12.9
+
+La Vagrantfile utilise les playbooks ansible suivants :
+  * **provision/setup-wazuh.yml** qui:
+    * coupe le service **unattended-upgrades**
+    * recupère le script **wazuh-install.sh** et le lance 
+  * **provision/setup-wazuh-cli.yml** qui:
+    * installe les dépots pour wazuh
+    * installe le paquet **wazuh-agent** en enregistrant la machine **wazuh-cli**
+    * relance le service **wazuh-agent**
+
+## Utilisation de la Vagrantfile
+
+L'installation du serveur **wazuh** est assez longue ( ~ 15 minutes ). 
+  
+````shell
+   vagrant up wazuh
+   vagrant up wazuhcli
+```` 
+
+Le mot de passe du compte **admin** se trouve dans le fichier `wazuh-install-files/wazuh-passwords.txt`, lui-même contenu dans le ficher `wazuh-install-files.tar` à extraire avec la commande :
+
+````shell
+   sudo tar xvf wazuh-install-file.tar
+```` 
+On peut alors se connecter au serveur **wazuh** avec un navigateur : http://adresse
+(admin/mdp)
+
+Une fois connecté, on doit autoriser chacun des deux serveurs **kea1** et **kea2** inscrits
+
+
+

restic-minio/Vagrantfile

@@ -0,0 +1,47 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # Base VM OS configuration.
+  config.vm.box = "debian/bookworm64"
+  config.ssh.insert_key = false
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+
+  # General VirtualBox VM configuration.
+  config.vm.provider :virtualbox do |v|
+    v.memory = 1024
+    v.cpus = 1
+    v.linked_clone = true
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+    v.check_guest_additions = false
+  end
+
+  # Minio.
+  config.vm.define "minio" do |minio|
+    minio.vm.box = "debian/bookworm64"
+    minio.vm.hostname = "minio"
+    minio.vm.network :private_network, ip: "192.168.56.5"
+    minio.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 1024]
+      v.cpus = 1
+    end
+    minio.vm.provision "shell",
+      inline: "timedatectl set-timezone Europe/Paris ; apt-get update ; apt-get install -y vim curl wget"
+    minio.vm.provision "shell", path: "provision/install-minio.sh"
+  end
+
+  # Restic.
+  config.vm.define "restic" do |restic|
+    restic.vm.hostname = "restic"
+    restic.vm.network :private_network, ip: "192.168.56.2"
+    restic.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 1024]
+    end
+    restic.vm.provision "shell",
+      inline: "timedatectl set-timezone Europe/Paris ; apt-get update ; apt-get install -y vim curl wget"
+    restic.vm.provision "shell", path: "provision/install-restic.sh"
+    end
+
+end
+

restic-minio/provision/install-minio.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+sudo apt-get update
+
+wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio_20250203210304.0.0_amd64.deb -O minio.deb
+sudo dpkg -i minio.deb
+
+
+sudo groupadd -r minio
+sudo useradd -M -r -g minio minio
+
+
+echo -e "mkdir ~/minio\nminio server ~/minio --console-address :9001"
+

restic-minio/provision/install-restic.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+sudo apt-get update
+
+apt install restic
+
+wget https://dl.min.io/client/mc/release/linux-amd64/mc
+chmod +x mc
+sudo mv mc /usr/local/bin/mc
+
+

salut

@@ -1 +0,0 @@
-salut

samba-ad-dc/Vagrantfile

@@ -0,0 +1,78 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "dc1"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+  config.vm.network "private_network", ip: "192.168.56.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  config.vm.provision "ansible" do |ansible|
+    ansible.playbook = "playbook.yml"
+  end
+end

samba-ad-dc/playbook.yml

@@ -0,0 +1,186 @@
+---
+- hosts: all
+  become: true
+
+  vars:
+    samba_dc_dns_domain: "ad.sio.lan"
+    samba_dc_hostname: "dc1.ad.sio.lan"
+    samba_dc_hostname_short: "dc1"
+    samba_dc_ip: "192.168.56.10"
+    samba_dc_net: "192.168.56.0/24"
+    samba_dc_realm: "AD.SIO.LAN"
+    samba_dc_workgroup: "AD"
+    samba_dc_domain: "AD"
+    samba_dc_admin_password: "Azerty1+"
+    samba_dc_dns_backend: "SAMBA_INTERNAL" # ou bien "BIND9_DLZ" 
+
+  pre_tasks:
+    - name: Set timezone to Europe/Paris
+      timezone:
+        name: Europe/Paris
+
+    - name: Update apt cache if needed.
+      apt:
+        update_cache: true
+        cache_valid_time: 3600
+  
+  tasks:
+    - name: Pre - set hostname {{ samba_dc_hostname }}
+      copy:
+        content: |
+          {{ samba_dc_hostname }}
+        dest: /etc/hostname
+
+    - name: Pre - set /etc/hosts
+      copy:
+        content: |
+          127.0.0.1 localhost
+          {{ samba_dc_ip }} {{ samba_dc_hostname }} {{ samba_dc_hostname_short }}
+        dest: /etc/hosts
+
+    - name: Pre - "Installe paquets de base"
+      ansible.builtin.apt:
+        state: present
+        name:
+          - acl
+          - git
+          - curl
+          - wget
+          - sudo
+          - unzip
+          - vim
+          - gnupg
+          - tmux
+          - dnsutils
+          - apt-transport-https
+          - chrony
+
+    - name: Samba - "Installe paquets Samba"
+      ansible.builtin.apt:
+        state: present
+        name:
+          - samba
+          - winbind
+          - libnss-winbind
+          - krb5-user
+          - smbclient
+          - ldb-tools
+          - python3-cryptography
+
+    - name: Samba - Configuration Kerberos
+      copy:
+        content: |
+          [libdefaults]
+            default_realm = {{ samba_dc_realm }}
+            dns_lookup_kdc = true
+            dns_lookup_realm = false
+        dest: /etc/krb5.conf
+
+    - name: Samba - Nettoie smb.conf
+      file:
+        path: "/etc/samba/smb.conf"
+        state: absent
+
+    - name: Samba - Configure DC
+      command: samba-tool domain provision --realm={{ samba_dc_realm }} --domain {{ samba_dc_domain }} --server-role=dc
+
+    - name: Samba - Mdp Administrator
+      command:  samba-tool user setpassword administrator --newpassword={{ samba_dc_admin_password }}
+
+    - name: Samba - Set dns forwarder .
+      lineinfile:
+        dest: "/etc/samba/smb.conf"
+        regexp: "dns forwarder =.*"
+        line: "dns forwarder = 9.9.9.9"
+        state: present
+
+    - name: Samba - set resolv.conf
+      copy:
+        content: |
+          search {{ samba_dc_dns_domain }}
+          nameserver 127.0.0.1
+        dest: /etc/resolv.conf
+
+    - name: Samba - rm krb5.conf dans samba
+      file:
+        path: /var/lib/samba/private/krb5.conf
+        state: absent
+
+    - name: Samba - ln krb5.conf de samba vers standard
+      file:
+        src: /etc/krb5.conf
+        dest: /var/lib/samba/private/krb5.conf
+        force: true
+        state: link
+
+    - name: SAmba - unmask and enable samba-ad-dc
+      ansible.builtin.systemd:
+        name: samba-ad-dc
+        masked: false
+        enabled: true
+
+    - name: Samba - mask samba
+      ansible.builtin.systemd:
+        name: samba
+        masked: true
+        enabled: false
+
+    - name: Samba - mask winbind
+      ansible.builtin.systemd:
+        name: winbind
+        masked: true
+        enabled: false
+
+    - name: Samba - mask smbd
+      ansible.builtin.systemd:
+        name: smbd
+        masked: true
+        enabled: false
+
+    - name: Samba - mask nmbd
+      ansible.builtin.systemd:
+        name: nmbd
+        masked: true
+        enabled: false
+
+    - name: Samba - reboot
+      reboot:
+
+    - name: Samba - set resolv.conf
+      copy:
+        content: |
+          search {{ samba_dc_dns_domain }}
+          nameserver 127.0.0.1
+        dest: /etc/resolv.conf
+
+
+    - name: Samba - Test smbclient
+      command: smbclient -L localhost -N
+
+    - name: SAmba - test DNS SRV _ldap sur TCP 
+      command: host -t SRV _ldap._tcp.{{ samba_dc_dns_domain }}
+
+    - name: Samba - test DNS SRV _kerberos sur UDP
+      command: host -t SRV _kerberos._udp.{{ samba_dc_dns_domain }}
+
+    - name: Samba - test DNS A pour dc
+      command:  host -t A {{ samba_dc_hostname }}
+  
+    - name: Chrony - configuration 
+      ansible.builtin.blockinfile:
+        path: /etc/chrony/chrony.conf
+        block: |
+          bindcmdaddress {{ samba_dc_ip }}
+
+          # The source, where we are receiving the time from
+          server 0.pool.ntp.org     iburst
+          server 1.pool.ntp.org     iburst
+          server 2.pool.ntp.org     iburst
+
+          allow {{ samba_dc_net }}
+     
+    - name: Chrony - redemarrage
+      service:
+        name: chrony
+        state: restarted
+

wazuh/README.md

@@ -0,0 +1,38 @@
+# Serveur Wazuh All in One et machine wazuh-agent debian 12 
+
+## Présentation
+
+Cette `Vagrantfile` permet d'installer :
+  * un serveur Wazuh **wazuh** All-In-One ( indexer + manager + Dashboard) - Ubuntu 24.04
+  * un serveur Linux  **wazuh-cli** ( wazuh-agent ) - Debian 12.9
+
+La Vagrantfile utilise les playbooks ansible suivants :
+  * **provision/setup-wazuh.yml** qui:
+    * coupe le service **unattended-upgrades**
+    * recupère le script **wazuh-install.sh** et le lance 
+  * **provision/setup-wazuh-cli.yml** qui:
+    * installe les dépots pour wazuh
+    * installe le paquet **wazuh-agent** en enregistrant la machine **wazuh-cli**
+    * relance le service **wazuh-agent**
+
+## Utilisation de la Vagrantfile
+
+L'installation du serveur **wazuh** est assez longue ( ~ 15 minutes ). 
+  
+````shell
+   vagrant up wazuh
+   vagrant up wazuhcli
+```` 
+
+Le mot de passe du compte **admin** se trouve dans le fichier `wazuh-install-files/wazuh-passwords.txt`, lui-même contenu dans le ficher `wazuh-install-files.tar` à extraire avec la commande :
+
+````shell
+   sudo tar xvf wazuh-install-file.tar
+```` 
+On peut alors se connecter au serveur **wazuh** avec un navigateur : http://adresse
+(admin/mdp)
+
+Une fois connecté, on doit autoriser chacun des deux serveurs **kea1** et **kea2** inscrits
+
+
+

wazuh/Vagrantfile

@@ -0,0 +1,60 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # Base VM OS configuration.
+  config.vm.box = "debian/bookworm64"
+  config.ssh.insert_key = false
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+
+  # General VirtualBox VM configuration.
+  config.vm.provider :virtualbox do |v|
+    v.memory = 1024
+    v.cpus = 1
+    v.linked_clone = true
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+    v.check_guest_additions = false
+  end
+
+  # wazuh.
+  config.vm.define "wazuh" do |wazuh|
+    wazuh.vm.box = "alvistack/ubuntu-24.04"
+    wazuh.vm.hostname = "wazuh"
+    wazuh.vm.network :private_network, ip: "192.168.56.5"
+    wazuh.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 4100]
+      v.cpus = 2
+    end
+    wazuh.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget gnupg"
+    wazuh.vm.provision "ansible" do |ansible|
+      ansible.extra_vars = {
+        wazuh_db_name: "wazuh",
+        wazuh_db_user: "wazuh-server",
+        wazuh_db_passwd: "wazuh-passwd",
+      }
+      ansible.playbook = "provision/setup-wazuh.yml"
+    end
+  end
+
+  # wazuh-cli.
+  config.vm.define "wazuhcli" do |wazucli|
+    wazucli.vm.hostname = "wazuh-cli"
+    wazucli.vm.network :private_network, ip: "192.168.56.2"
+    wazucli.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 1024]
+    end
+    wazucli.vm.provision "shell",
+      inline: "timedatectl set-timezone Europe/Paris ; apt-get update ; apt-get install -y vim curl wget gnupg"
+    wazucli.vm.provision "ansible" do |ansible|
+      ansible.extra_vars = {
+        srv_ip: "192.168.56.5",
+      }
+      ansible.playbook = "provision/setup-wazuh-cli.yml"
+    end
+  end
+
+
+end
+

wazuh/provision/kea-ctrl-agent.conf

@@ -0,0 +1,105 @@
+// This is a basic configuration for the Kea Control Agent.
+//
+// This is just a very basic configuration. Kea comes with large suite (over 30)
+// of configuration examples and extensive Kea User's Guide. Please refer to
+// those materials to get better understanding of what this software is able to
+// do. Comments in this configuration file sometimes refer to sections for more
+// details. These are section numbers in Kea User's Guide. The version matching
+// your software should come with your Kea package, but it is also available
+// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
+// the stable version is https://kea.readthedocs.io/).
+//
+// This configuration file contains only Control Agent's configuration.
+// If configurations for other Kea services are also included in this file they
+// are ignored by the Control Agent.
+{
+
+// This is a basic configuration for the Kea Control Agent.
+// RESTful interface to be available at http://127.0.0.1:8000/
+"Control-agent": {
+    "http-host": "127.0.0.1",
+    // If enabling HA and multi-threading, the 8000 port is used by the HA
+    // hook library http listener. When using HA hook library with
+    // multi-threading to function, make sure the port used by dedicated
+    // listener is different (e.g. 8001) than the one used by CA. Note
+    // the commands should still be sent via CA. The dedicated listener
+    // is specifically for HA updates only.
+    "http-port": 8000,
+
+    // Specify location of the files to which the Control Agent
+    // should connect to forward commands to the DHCPv4, DHCPv6
+    // and D2 servers via unix domain sockets.
+    "control-sockets": {
+        "dhcp4": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea4-ctrl-socket"
+        },
+        "dhcp6": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea6-ctrl-socket"
+        },
+        "d2": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea-ddns-ctrl-socket"
+        }
+    },
+
+    // Specify hooks libraries that are attached to the Control Agent.
+    // Such hooks libraries should support 'control_command_receive'
+    // hook point. This is currently commented out because it has to
+    // point to the existing hooks library. Otherwise the Control
+    // Agent will fail to start.
+    "hooks-libraries": [
+//  {
+//      "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
+//      "parameters": {
+//          "param1": "foo"
+//      }
+//  }
+    ],
+
+// Logging configuration starts here. Kea uses different loggers to log various
+// activities. For details (e.g. names of loggers), see Chapter 18.
+    "loggers": [
+    {
+        // This specifies the logging for Control Agent daemon.
+        "name": "kea-ctrl-agent",
+        "output_options": [
+            {
+                // Specifies the output file. There are several special values
+                // supported:
+                // - stdout (prints on standard output)
+                // - stderr (prints on standard error)
+                // - syslog (logs to syslog)
+                // - syslog:name (logs to syslog using specified name)
+                // Any other value is considered a name of the file
+                "output": "stdout",
+
+                // Shorter log pattern suitable for use with systemd,
+                // avoids redundant information
+                "pattern": "%-5p %m\n"
+
+                // This governs whether the log output is flushed to disk after
+                // every write.
+                // "flush": false,
+
+                // This specifies the maximum size of the file before it is
+                // rotated.
+                // "maxsize": 1048576,
+
+                // This specifies the maximum number of rotated files to keep.
+                // "maxver": 8
+            }
+        ],
+        // This specifies the severity of log messages to keep. Supported values
+        // are: FATAL, ERROR, WARN, INFO, DEBUG
+        "severity": "INFO",
+
+        // If DEBUG level is specified, this value is used. 0 is least verbose,
+        // 99 is most verbose. Be cautious, Kea can generate lots and lots
+        // of logs if told to do so.
+        "debuglevel": 0
+    }
+  ]
+}
+}

wazuh/provision/setup-wazuh-cli.yml

@@ -0,0 +1,25 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: Recup clefs depot  
+    ansible.builtin.shell: curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
+
+  - name: Ajoute depot   
+    ansible.builtin.shell: echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+  
+  - name: Update apt
+    ansible.builtin.apt:
+      update_cache: yes
+
+  - name: Installation wazuh-agent et liaison wazuh-server
+    ansible.builtin.shell: "WAZUH_MANAGER={{ srv_ip }} apt-get install wazuh-agent"
+
+  - name: Relance wazuh-agent
+    ansible.builtin.systemd:
+      name: wazuh-agent
+      state: restarted
+      enabled: true
+      daemon_reload: true
+  
+

wazuh/provision/setup-wazuh.yml

@@ -0,0 +1,14 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: Arrete service unattended-upgrades 
+    ansible.builtin.service: 
+      name: unattended-upgrades
+      state: stopped
+
+  - name: Recup script install et lance wazuh-installl.sh en mode AIO - 15 min
+    ansible.builtin.shell: 
+      cmd: curl -s -O https://packages.wazuh.com/4.10/wazuh-install.sh && bash wazuh-install.sh -a
+
+

zabbix/README.md

@@ -0,0 +1,17 @@
+# Zabbix
+
+## Présentation 
+
+Cette Vagrantfile :
+  * créée la VM **zabbix7**, installe **zabbix-server** 7.2, apache2, mariadb-server ainsi que **zabbix-agent**
+  * créée la VM **web1**, installe apache2 ainsi que **zabbix-agent2** (mode active) et l'inscrit sur **zabbix7**
+
+
+## Mode opératoire
+  - vagrant up zabbix7
+  - vagrant up web1
+  - une fois connecté à zabbix7 (Admin/zabbix)
+      ajouter l'hote avec son adresse IP 192.168.56.10 et les templates :
+       linux serveur 
+       serveur web apache zabbix-agent 2
+

zabbix/Vagrantfile

@@ -0,0 +1,119 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.define "zabbix7" do |zabbix7|
+    zabbix7.vm.box = "debian/bookworm64"
+    zabbix7.vm.hostname = "zabbix7"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+     zabbix7.vm.network "private_network", ip: "192.168.56.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  zabbix7.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "1024"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   zabbix7.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update && apt upgrade -y
+     apt-get install -y wget curl vim
+     wget https://repo.zabbix.com/zabbix/7.2/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.2+debian12_all.deb
+     dpkg -i zabbix-release_latest_7.2+debian12_all.deb
+     apt-get update
+     apt-get install -y apache2 mariadb-server
+     apt-get install -y zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agent
+     echo 'create database zabbix character set utf8mb4 collate utf8mb4_bin;' | mysql -u root
+     echo "create user zabbix@localhost identified by 'password';" | mysql -u root 
+     echo 'grant all privileges on zabbix.* to zabbix@localhost;' | mysql -u root 
+     echo 'set global log_bin_trust_function_creators = 1;' | mysql -u root 
+     #zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix
+     zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz|mysql --default-character-set=utf8mb4 -u zabbix -ppassword zabbix
+     #zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz|
+     echo 'set global log_bin_trust_function_creators = 0;' | mysql -u root 
+     sed -i 's/# DBPassword=/DBPassword=password/' /etc/zabbix/zabbix_server.conf
+     systemctl restart zabbix-server zabbix-agent apache2
+     systemctl enable zabbix-server zabbix-agent apache2
+     localectl set-locale LANG=en_US.UTF-8
+     systemctl restart zabbix-server zabbix-agent apache2
+   SHELL
+  end
+
+    config.vm.define "web1" do |srv| #VM No'1
+        srv.vm.box = "debian/bookworm64" #Setting machine type
+        srv.vm.hostname = "web1" #Setting machine type
+        srv.vm.network "private_network", ip: "192.168.56.11"
+        srv.vm.provision "shell", inline: <<-SHELL
+         timedatectl set-timezone Europe/Paris
+         apt-get update
+         apt-get install -y wget curl vim apache2
+         wget https://repo.zabbix.com/zabbix/7.2/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.2+debian12_all.deb
+         dpkg -i zabbix-release_latest_7.2+debian12_all.deb
+         apt update
+         apt install -y zabbix-agent2
+         echo "Server=192.168.56.10" >> /etc/zabbix/zabbix_agent2.conf
+         echo "ServerActive=192.168.56.10" >> /etc/zabbix/zabbix_agent2.conf
+         echo "Hostname=web1" >> /etc/zabbix/zabbix_agent2.conf
+         systemctl restart zabbix-agent2
+         SHELL
+      end
+end