maj scipt python wireguard

goss/s-itil.yaml

@@ -1,59 +1,87 @@
-#package:
-# systemd-journal-remote:
-#   installed: true
 file:
-  /var/www/html/glpi:
-    exists: true
-    mode: "0755"
-    owner: www-data
-    group: www-data
-    filetype: directory
-
-  /var/www/html/glpicli:
-    exists: true
-    mode: "0775"
-    owner: www-data
-    group: www-data
-    filetype: directory
-
-  /var/www/html/glpi/plugins:
-    exists: true
-    mode: "0777"
-    filetype: directory
-
-  /var/www/html/glpicli/GLPI-Agent-1.7-x64.msi:
-    exists: true
-    #mode: "0777"
-    filetype: file
-
-  /var/www/html/index.nginx-debian.html:
-    exists: true
-    mode: "0775"
-    owner: www-data
-    group: www-data
-    filetype: file
-service:
-  mariadb:
-    enabled: true
-    running: true
-
-  nginx:
-    enabled: true
-    running: true
-
-  zabbix-agent:
-    enable: true
-    running: true
-  
-  systemd-journal-upload.service:
-    enabled: true
-    running: true
+    /etc/nginx/sites-enabled/default:
+        exists: false
+        contents: []
+    /etc/nginx/sites-enabled/glpi:
+        exists: true
+        mode: "0644"
+        owner: root
+        group: root
+        filetype: file
+        contents: []
+    /var/www/html/glpi:
+        exists: true
+        mode: "0755"
+        owner: www-data
+        group: www-data
+        filetype: directory
+        contents: []
+    /var/www/html/glpicli:
+        exists: true
+        mode: "0775"
+        owner: www-data
+        group: www-data
+        filetype: directory
+        contents: []
+    /var/www/html/glpicli/GLPI-Agent-1.7-x64.msi:
+        exists: true
+        mode: "0644"
+        owner: root
+        group: root
+        filetype: file
+        contents: []
 port:
-  tcp:10050:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp:10050:
-    listening: true
-    ip:
-    - '::'
+    tcp:22:
+        listening: true
+        ip:
+            - 0.0.0.0
+    tcp:80:
+        listening: true
+        ip:
+            - 0.0.0.0
+    tcp:3306:
+        listening: true
+        ip:
+            - 127.0.0.1
+    tcp:9000:
+        listening: true
+        ip:
+            - 127.0.0.1
+    tcp:10050:
+        listening: true
+        ip:
+            - 0.0.0.0
+service:
+    mariadb.service:
+        enabled: true
+        running: true
+    nginx:
+        enabled: true
+        running: true
+    php8.2-fpm.service:
+        enabled: true
+        running: true
+    ssh:
+        enabled: true
+        running: true
+    systemd-journal-upload:
+        enabled: true
+        running: true
+    zabbix-agent:
+        enabled: true
+        running: true
+http:
+    http://s-itil.gsb.lan/:
+        status: 200
+        allow-insecure: false
+        no-follow-redirects: false
+        timeout: 5000
+        body: []
+        username: glpi
+        password: glpi
+    http://s-itil.gsb.lan/glpicli:
+        status: 200
+        allow-insecure: false
+        no-follow-redirects: false
+        timeout: 5000
+        body: []

roles/base/templates/hosts.j2

@@ -24,6 +24,7 @@
 192.168.99.16	s-fog.gsb.adm
 192.168.99.20	s-kea1.gsb.adm
 192.168.99.21	s-kea2.gsb.adm
+192.168.99.22	s-awx.gsb.adm
 192.168.99.50	s-lb-bd.gsb.adm
 192.168.99.101	s-lb-web1.gsb.adm
 192.168.99.102	s-lb-web2.gsb.adm

roles/base/templates/hosts.s-proxy.j2

@@ -23,6 +23,7 @@
 192.168.99.14	s-nas.gsb.adm
 192.168.99.20	s-kea1.gsb.adm
 192.168.99.21	s-kea2.gsb.adm
+192.168.99.22	s-awx.gsb.adm
 192.168.99.50	s-lb-bd.gsb.adm
 192.168.99.101	s-lb-web1.gsb.adm
 192.168.99.102	s-lb-web2.gsb.adm

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2024011500      ; Serial
+                        2024011800      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -29,6 +29,7 @@ s-elk		IN	A	172.16.0.11
 s-gestsup	IN	A	172.16.0.17
 s-kea1		IN	A	172.16.0.20
 s-kea2		IN	A	172.16.0.21
+s-awx		IN	A	172.16.0.22
 r-int    	IN      A       172.16.0.254
 r-int-lnk    	IN      A       192.168.200.254
 r-ext  		IN      A       192.168.200.253

roles/dns-master/files/db.gsb.lan.rev

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2024011500      ; Serial
+                        2024011800      ; Serial
                         7200            ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -23,6 +23,7 @@ $TTL    604800
 9.0	  IN	  PTR	  s-itil.gsb.lan.
 20.0	  IN	  PTR	  s-kea1.gsb.lan.
 21.0	  IN	  PTR	  s-kea2.gsb.lan.
+22.0	  IN	  PTR	  s-awx.gsb.lan.
 101.1     IN      PTR     s-web1
 101.2     IN      PTR     s-web2
 100.10   IN      PTR      s-lb

roles/docker/tasks/main.yml

@@ -1,16 +1,16 @@
 ---
-- name: Supprime le fichier getdocker.sh si déjà présent
-  file:
-    state: absent
-    path: /tmp/getdocker.sh
+- name: on recupere getdocker
+  get_url:
+    url: http://s-adm.gsb.adm/gsbstore/getdocker.sh
+    dest: /usr/local/bin
 
-- name: Télécharge le script d'installation de docker
-  uri:
-    url: 'https://get.docker.com'
-    method: GET
-    dest: /tmp/getdocker.sh
-    mode: a+x
-  register: result
+- name: on verifie si docker est installe
+  stat:
+    path: /usr/bin/docker
+# command: which docker
+  register: docker_present
 
-- name: Execution du script getdocker
-  shell: bash /tmp/getdocker.sh
+- name: Execution du script getdocker si docker n'est pas deja installe
+  shell: bash /usr/local/bin/getdocker.sh
+  #when: docker_present.stdout.find('/usr/bin/docker') == -1
+  when: not docker_present.stat.exists

roles/fw-ferm/files/ferm.conf.r-vp1

@@ -4,7 +4,6 @@
 
 @def $DEV_PRIVATE = enp0s8;
 @def $DEV_WORLD = enp0s9;
-@def $DEV_WORLD = enp0s9;
 @def $DEV_VPN= wg0;
 @def $NET_PRIVATE = 172.16.0.0/24;
 
@@ -32,7 +31,7 @@ table filter {
         # well-known internet hosts
         saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
 
-        # we provide DNS and SMTP services for the internal net
+        # we provide DNS services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT;

roles/fw-ferm/files/ferm.conf.r-vp2

@@ -29,7 +29,7 @@ table filter {
         # well-known internet hosts
         saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
 
-        # we provide DNS and SMTP services for the internal net
+        # we provide DNS services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT;

roles/lb-nfs-server/tasks/main.yml

@@ -16,7 +16,7 @@
 
 - name: 20 - decompresse wordpress
   unarchive:
-    src: https://fr.wordpress.org/latest-fr_FR.tar.gz
+    src: http://s-adm.gsb.adm/gsbstore/wordpress-6.4.2-fr_FR.tar.gz
     dest: /home/
     remote_src: yes
 

roles/lb-web/defaults/main.yml

@@ -1,2 +1,2 @@
 depl_url: "http://s-adm.gsb.adm/gsbstore/"
-depl_wordpress: "wordpress-6.1.1-fr_FR.tar.gz"
+depl_wordpress: "wordpress-6.4.2-fr_FR.tar.gz"

roles/nxc-traefik/tasks/main.yml

@@ -69,8 +69,14 @@
   args:
     chdir: /root/nxc
 
-- name: Creation reseau docker proxy
+- name: vérification si le réseau proxy existe
+  command: docker network ls --filter name=proxy
+  register:  net_proxy
+
+- name: création du réseau proxy
   command: docker network create proxy
+#  when: net_proxy.stdout.find('proxy') == -1
+  when: "'proxy' not in net_proxy.stdout"
 
     #- name: Démarrage du docker-compose...
     #command: /bin/bash docker-compose up -d

roles/post-lb/files/interfaces.s-lb-web2

@@ -7,15 +7,15 @@ iface lo inet loopback
 # carte n-adm
 allow-hotplug enp0s3
 iface enp0s3 inet static
-	address 192.168.99.101/24
+	address 192.168.99.102/24
 
 # Réseau n-dmz-lb
 allow-hotplug enp0s8
 iface enp0s8 inet static
-        address 192.168.101.1/24
+        address 192.168.101.2/24
 
 # réseau n-dmz-db
 allow-hotplug enp0s9
 iface enp0s9 inet static
-        address 192.168.102.1/24
+        address 192.168.102.2/24
 	post-up mount -o rw 192.168.102.253:/home/wordpress /var/www/html

roles/post/files/interfaces.s-awx

@@ -0,0 +1,23 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+#source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# cote n-adm
+allow-hotplug enp0s3
+iface enp0s3 inet static
+	address 192.168.99.22/24
+	gateway 192.168.99.99	 
+
+# Cote n-infra
+allow-hotplug enp0s8
+iface enp0s8 inet static
+	address 172.16.0.22/24
+	up ip route add 172.16.64.0/24 via 172.16.0.254
+	up ip route add 172.16.128.0/24 via 172.16.0.254
+	up ip route add 192.168.0.0/16 via 172.16.0.254
+	up ip route add 192.168.200.0/24 via 172.16.0.254

roles/wireguard-r/README.md

@@ -1,13 +1,21 @@
+## **Explication de l'installation du VPN :** 
+Le processus d'installation s'articule en trois phases distinctes. Tout d'abord, l'installation commence par le playbook **r-vp1**. Ensuite, dans une seconde étape, le playbook r-vp2 est déployé. Enfin, la dernière phase concerne la mise en place de notre filtrage à l'aide de **ferm**.
+
+## **Explication des dossiers pour Wireguard :**
+
+Le dossier wireguard-r = r-vp1
+           wireguard-l = r-vp2
 
 # <p align="center">Procédure d'installation </p>
 
-de **r-vp1** et de copie du fichier wg0-b.conf.
-
 ***
 ## Sur **r-vp1**:
-Attendre la fin de l'installation. Ensuite lancer un serveur http avec python3 pour récuperer le fichier wg0-b.conf sur **r-vp2** . 
 
-### 🛠️ Lancer le script
+Lancer le playbook : *ansible-playbook -i localhost, -c local* r-vp1.yml sur **r-vp1**
+
+Attendre la fin de l'installation. Ensuite lancer le scipt r-vp1-post.sh
+
+### 🛠️ Lancer le script r-vp1-post.sh
 ```bash
 cd /tools/ansible/gsb2023/Scripts
 ```

roles/zabbix-cli/README.md

@@ -4,11 +4,21 @@ Rôle du Zabbix client pour la supervision des différentes machines en active
 
 ## Tables des matières
     1. [Que fait le rôle Zabbix ?]
-
+    2. [Installation et configuration de Zabbix-agent]
+    3. [Partie windows]
 
 ## Que fait le rôle Zabbix ?
-Il permet de configurer les agents zabbix en active sur le serveur à définir dans defaults.
+Il permet de configurer les agents zabbix en active sur le serveur.
 
 ### Installation et configuration de Zabbix-agent
+Le rôle Zabbix-cli va installer Zabbix-agent sur les serveurs Debian. Vous pouvez modifier les paramètres dans le fichier 'defaults'. Il s'agit d'une configuration en mode actif, ce qui signifie que du côté du serveur, il suffit de définir les hôtes avec leur nom, le type d'OS, et pour notre cas, préciser qu'il s'agit d'une machine virtuelle sur le serveur Zabbix.
+### Partie Windows !
+Le fonctionnement de Zabbix-agent n'est pas différent de celui sur Linux. Cependant, lorsque vous êtes sur le site de Zabbix pour installer l'agent, veillez à choisir la version classique de Zabbix-agent plutôt que la version 2, car elle requiert plus de ressources pour une faible supervision supplémentaire.
 
-Le rôle Zabbix-cli va installer zabbix-agent pour les serveurs, zabbix-agent pour superviser, zabbix-agent sera notre outil de supervision côté serveurs.
+En ce qui concerne la configuration lors de l'installation de l'agent Zabbix, il vous demandera de saisir des informations telles que, par exemple, 'IP du serveur'. Vous n'êtes pas obligé de fournir ces informations, car tout peut être modifié ultérieurement.
+
+Le fichier de configuration est le même que celui utilisé dans Linux. Si vous avez effectué l'installation par défaut de l'agent Zabbix, vous trouverez les fichiers de configuration dans le répertoire C:\Program Files\Zabbix Agent, et le nom du fichier de configuration est "zabbix_agentd.conf".
+
+Avant toute configuration après l'installation de Zabbix Agent, pensez bien à aller dans le Gestionnaire des tâches, puis dans Services. Tout en bas, vous trouverez 'Zabbix Agent' qui est en cours d'exécution. Arrêtez-le, puis vous pourrez modifier la configuration sans aucun problème.
+
+Dans la configuration pour activer Zabbix Agent en active, il vous suffit de modifier la valeur 'server' en la remplaçant par 127.0.0.1, et la valeur 'serveractif' par l'adresse IP de votre serveur Zabbix, dans notre cas 172.16.0.8. N'oubliez pas de modifier la valeur du 'hostname', car c'est celle-ci que vous devrez saisir dans les hôtes du serveur Zabbix pour que la supervision remonte. Pensez également à redémarrer le service une fois que Zabbix Agent est configuré.

roles/zabbix-cli/defaults/main.yml

@@ -0,0 +1,2 @@
+SERVER: "127.0.0.1"
+SERVERACTIVE: "172.16.0.8"

roles/zabbix-cli/tasks/main.yml

@@ -17,20 +17,14 @@
         name: zabbix-agent
         state: present
 
+    - name: Mise en place du fichier conf zabbix agent (active)
+      template:
+        src: zabbix_agentd.conf.j2
+        dest: /etc/zabbix/zabbix_agentd.conf
+
     - name: Enable Zabbix agent service
       service:
         name: zabbix-agent
         state: restarted
         enabled: yes
 
-    - name: Replace Zabbix agent config
-      replace:
-        path: /etc/zabbix/zabbix_agentd.conf
-        regexp: '{{ item.regexp }}'
-        replace: '{{ item.replace }}'
-        backup: true
-      loop:
-        - { regexp: '^(Server\s*=\s*).*$', replace: 'Server = 127.0.0.1' }
-        - { regexp: '^(ServerActive\s*=\s*).*$', replace: 'ServerActive = 192.168.99.8' }
-        - { regexp: '^(Hostname\s*=\s*).*$', replace: 'Hostname = {{ ansible_hostname }}' }
-        - { regexp: '^(Include\s*=\s*).*$', replace: 'Include = /etc/zabbix/zabbix_agentd.d/*.conf' }

roles/zabbix-cli/templates/zabbix_agentd.conf.j2

@@ -0,0 +1,554 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+PidFile=/run/zabbix/zabbix_agentd.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_agentd.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: AllowKey
+#	Allow execution of item keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with DenyKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#	Deny execution of items keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with AllowKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
+#
+# Mandatory: no
+# Default:
+# DenyKey=system.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
+#	Internal alias for AllowKey/DenyKey parameters depending on value:
+#	0 - DenyKey=system.run[*]
+#	1 - AllowKey=system.run[*]
+#
+# Mandatory: no
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+
+Server = {{ SERVER }}
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+#	Zabbix server/proxy address or cluster configuration to get active checks from.
+#	Server/proxy address is IP address or DNS name and optional port separated by colon.
+#	Cluster configuration is one or more server addresses separated by semicolon.
+#	Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
+#	More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
+#	If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
+#	Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example for Zabbix proxy:
+#		ServerActive=127.0.0.1:10051
+#	Example for multiple servers:
+#		ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#	Example for high availability:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
+#	Example for high availability with two clusters and one server:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive = {{ SERVERACTIVE }}
+
+### Option: Hostname
+#	List of comma delimited unique, case sensitive hostnames.
+#	Required for active checks and must match hostnames as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+Hostname = {{ ansible_hostname }}
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 2034 bytes.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-2034 bytes
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 65535 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: HostInterface
+#	Optional parameter that defines host interface.
+#	Host interface is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+#	Optional parameter that defines an item used for getting host interface.
+#	Host interface is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 1-86400
+# Default:
+# RefreshActiveChecks=5
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+### Option: HeartbeatFrequency
+#	Frequency of heartbeat messages in seconds.
+#	Used for monitoring availability of active checks.
+#	0 - heartbeat messages disabled.
+#
+# Mandatory: no
+# Range: 0-3600
+# Default: 60
+# HeartbeatFrequency=
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+# NOTE: This option is overriden by settings in systemd service file!
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+Include = /etc/zabbix/zabbix_agentd.d/*.conf
+
+# Include=/usr/local/etc/zabbix_agentd.userparams.conf
+# Include=/usr/local/etc/zabbix_agentd.conf.d/
+# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+### Option: UserParameterDir
+#	Directory to execute UserParameter commands from. Only one entry is allowed.
+#	When executing UserParameter commands the agent will change the working directory to the one
+#	specified in the UserParameterDir option.
+#	This way UserParameter commands can be specified using the relative ./ prefix.
+#
+# Mandatory: no
+# Default:
+# UserParameterDir=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_agentd --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#		Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#		Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=

s-adm.yml

@@ -8,7 +8,7 @@
     - dnsmasq
     - squid
 #    - local-store
-#    #- zabbix-cli
+    - zabbix-cli
     ## - syslog-cli
     - post
 #    - goss

s-appli.yml

@@ -8,7 +8,7 @@
     - appli
     - ssh-cli
     # - syslog-cli
-    #- zabbix-cli
+    - zabbix-cli
     - ssl-apache
     - post
 

s-backup.yml

@@ -6,7 +6,7 @@
     - base
     - goss
 #   - proxy3
-    #- zabbix-cli
+    - zabbix-cli
 #   - ssh-cli
     # - syslog-cli
     - smb-backup

s-infra.yml

@@ -4,7 +4,7 @@
   #  include: config.yml
   roles:
     - base
-    #- zabbix-cli 
+    - zabbix-cli 
     - goss  
     - dns-master
     - webautoconf

s-mess.yml

@@ -7,5 +7,5 @@
     - docker-nextcloud
     - ssh-cli
     # - syslog-cli
-    - snmp-agent
+    - zabbix-cli
     - post

s-proxy.yml

@@ -6,7 +6,7 @@
     - base
     - goss
     - squid
-    #- zabbix-cli
+    - zabbix-cli
     - ssh-cli
     # - syslog-cli
     - post

scripts/r-vp1-post.sh

@@ -1,5 +1,32 @@
-#!/bin/bash
+!/bin/bash
+
+#Ancien scipt 2023
 #stoper le fw
-systemctl stop ferm
+#systemctl stop ferm
 #ouverture du service web pour copie distante
+#cd /root/confwg/ && python3 -m http.server 8000 &
+
+
+
+#Script 2024
+
+# Fonction pour arrêter le serveur web
+stop_server() {
+    echo "Arrêt du serveur et démarrage de ferm..."
+    pkill -f "python3 -m http.server"
+}
+
+# Stopper le ferm
+systemctl stop ferm
+
+# Ouverture du service web pour copie distante
 cd /root/confwg/ && python3 -m http.server 8000 &
+
+echo "Ouverture du serveur"
+
+# Timer pour récupéré le fichier avant de fermer le serveur python
+sleep 120
+
+#Appel de la fonction stop-serveur
+stop_server
+

wireguard/ping-sinfra.sh

@@ -18,4 +18,4 @@ echo ping  r-vp2 interface interface interne
 ping -c3 172.16.128.254
 
 echo ping  s-agence
-ping -c3 172.16.128.11
+ping -c3 172.16.128.10