maj goss fichier

goss/s-kea1.yaml

@@ -1,90 +0,0 @@
-file:
-  /etc/kea/kea-ctrl-agent.conf:
-    exists: true
-    mode: "0644"
-    size: 2470
-    owner: _kea
-    group: root
-    filetype: file
-    contains: []
-  /etc/kea/kea-dhcp4.conf:
-    exists: true
-    mode: "0644"
-    size: 11346
-    owner: _kea
-    group: root
-    filetype: file
-    contains: []
-  /tmp/kea4-ctrl-socket:
-    exists: true
-    mode: "0755"
-    size: 0
-    owner: _kea
-    group: _kea
-    filetype: socket
-    contains: []
-  /usr/local/lib/kea:
-    exists: true
-    mode: "0755"
-    size: 4096
-    owner: root
-    group: root
-    filetype: directory
-    contains: []
-package:
-  isc-kea-common:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  isc-kea-ctrl-agent:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  isc-kea-dhcp4:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  isc-kea-hooks:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  libmariadb3:
-    installed: true
-    versions:
-    - 1:10.11.4-1~deb12u1
-  mariadb-common:
-    installed: true
-    versions:
-    - 1:10.11.4-1~deb12u1
-  mysql-common:
-    installed: true
-    versions:
-    - 5.8+1.1.0
-port:
-  tcp:8000:
-    listening: true
-    ip:
-    - 172.16.64.20
-service:
-  isc-kea-ctrl-agent.service:
-    enabled: true
-    running: true
-  isc-kea-dhcp4-server.service:
-    enabled: true
-    running: true
-interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.20/24
-    mtu: 1500
-  enp0s8:
-    exists: true
-    addrs:
-    - 172.16.0.20/24
-    mtu: 1500
-  enp0s9:
-    exists: true
-    addrs:
-    - 172.16.64.20/24
-    mtu: 1500

goss/s-kea2.yaml

@@ -1,90 +0,0 @@
-file:
-  /etc/kea/kea-ctrl-agent.conf:
-    exists: true
-    mode: "0644"
-    size: 2470
-    owner: _kea
-    group: root
-    filetype: file
-    contains: []
-  /etc/kea/kea-dhcp4.conf:
-    exists: true
-    mode: "0644"
-    size: 11346
-    owner: _kea
-    group: root
-    filetype: file
-    contains: []
-  /tmp/kea4-ctrl-socket:
-    exists: true
-    mode: "0755"
-    size: 0
-    owner: _kea
-    group: _kea
-    filetype: socket
-    contains: []
-  /usr/local/lib/kea:
-    exists: true
-    mode: "0755"
-    size: 4096
-    owner: root
-    group: root
-    filetype: directory
-    contains: []
-package:
-  isc-kea-common:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  isc-kea-ctrl-agent:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  isc-kea-dhcp4:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  isc-kea-hooks:
-    installed: true
-    versions:
-    - 2.4.1-isc20231123184533
-  libmariadb3:
-    installed: true
-    versions:
-    - 1:10.11.4-1~deb12u1
-  mariadb-common:
-    installed: true
-    versions:
-    - 1:10.11.4-1~deb12u1
-  mysql-common:
-    installed: true
-    versions:
-    - 5.8+1.1.0
-port:
-  tcp:8000:
-    listening: true
-    ip:
-    - 172.16.64.21
-service:
-  isc-kea-ctrl-agent.service:
-    enabled: true
-    running: true
-  isc-kea-dhcp4-server.service:
-    enabled: true
-    running: true
-interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.21/24
-    mtu: 1500
-  enp0s8:
-    exists: true
-    addrs:
-    - 172.16.0.21/24
-    mtu: 1500
-  enp0s9:
-    exists: true
-    addrs:
-    - 172.16.64.21/24
-    mtu: 1500

goss/s-mon.yaml

@@ -1,62 +1,92 @@
-file:
-    /etc/systemd/system/systemd-journal-remote.service:
-        exists: true
-        mode: "0644"
-        owner: root
-        group: root
-        filetype: file
-        contents: []
-    /var/log/journal/remote:
-        exists: true
-        mode: "0755"
-        owner: systemd-journal-remote
-        group: systemd-journal-remote
-        filetype: directory
-        contents: []
 package:
-    apache2:
-        installed: true
-        versions:
-            - 2.4.57-2
-    mariadb-server:
-        installed: true
-        versions:
-            - 1:10.11.4-1~deb12u1
-    systemd-journal-remote:
-        installed: true
-        versions:
-            - 252.19-1~deb12u1
+  apache2:
+    installed: true
+  zabbix-server-mysql:
+    installed: true
+  zabbix-frontend-php:
+    installed: true
+  zabbix-apache-conf:
+    installed: true
+  zabbix-sql-scripts:
+    installed: true
+  zabbix-agent:
+    installed: true
+  mariadb-server:
+    installed: true
+  python3-pymysql:
+    installed: true
+  systemd-journal-remote:
+    installed: true
+file:
+  /etc/systemd/system/systemd-journal-remote.service:
+    exist: true
+    mode: "0777"
+    filetype: directory
+  /var/log/journal/remote:
+    exist: true
+    mode: "0777"
+    filetype: directory
+port:
+  tcp:80:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+  tcp:10050:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:10051:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:19532:
+    listening: true
+    ip:
+      - '*'
 service:
-    apache2:
-        enabled: true
-        running: true
-    mariadb.service:
-        enabled: true
-        running: true
-    systemd-journal-remote.socket:
-        enabled: true
-        running: true
-    zabbix-agent:
-        enabled: true
-        running: true
-    zabbix-server:
-        enabled: true
-        running: true
+  apache2:
+    enabled: true
+    running: true
+  zabbix-server:
+    enabled: true
+    running: true
+  zabbix-agent:
+    enabled: true
+    running: true
+  systemd-journal-remote.socket:
+    enabled: true
+    running: true
+command:
+  sysctl net.ipv4.ip_forward:
+    exit-status: 0
+    stdout:
+    - net.ipv4.ip_forward = 0
+    stderr: []
+    timeout: 10000
+process:
+  apache2:
+    running: true
+  zabbix_server:
+    running: true
+  mariadb:
+    running: true
 interface:
-    enp0s3:
-        exists: true
-        addrs:
-            - 192.168.99.8/24
-        mtu: 1500
-    enp0s8:
-        exists: true
-        addrs:
-            - 172.16.0.8/24
-        mtu: 1500
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.8/24
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.8/24
 http:
-    http://s-mon.gsb.lan/zabbix:
-        status: 200
-        allow-insecure: false
-        no-follow-redirects: false
-        timeout: 5000
-        body: []
+  http://localhost/zabbix:
+    status: 401
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body: []

goss/s-nxc.yaml

@@ -2,144 +2,118 @@ file:
   /root/nxc:
     exists: true
     mode: "0755"
-      #size: 4096
-      #owner: root
-      #group: root
+    size: 4096
+    owner: root
+    group: root
     filetype: directory
     contains: []
-
   /root/nxc/certs:
     exists: true
     mode: "0755"
-      #size: 4096
-      #owner: root
-      #group: root
+    size: 4096
+    owner: root
+    group: root
     filetype: directory
     contains: []
-
   /root/nxc/config:
     exists: true
     mode: "0755"
-      #size: 4096
-      #owner: root
-      #group: root
+    size: 4096
+    owner: root
+    group: root
     filetype: directory
     contains: []
-
   /root/nxc/config/dynamic.yml:
     exists: true
     mode: "0644"
-      #size: 415
-      #owner: root
-      #group: root
+    size: 415
+    owner: root
+    group: root
     filetype: file
     contains: []
-
   /root/nxc/config/static.yml:
     exists: true
     mode: "0644"
-      #size: 452
-      #owner: root
-      #group: root
+    size: 452
+    owner: root
+    group: root
     filetype: file
     contains: []
-
   /root/nxc/docker-compose.yml:
     exists: true
     mode: "0644"
-      #size: 2135
-      #owner: root
-      #group: root
+    size: 2135
+    owner: root
+    group: root
     filetype: file
     contains: []
-
   /root/nxc/nxc-debug.sh:
     exists: true
     mode: "0755"
-      #size: 64
-      #owner: root
-      #group: root
+    size: 64
+    owner: root
+    group: root
     filetype: file
     contains: []
-
   /root/nxc/nxc-prune.sh:
     exists: true
     mode: "0755"
-      #size: 110
-      #owner: root
-      #group: root
+    size: 110
+    owner: root
+    group: root
     filetype: file
     contains: []
-
   /root/nxc/nxc-start.sh:
     exists: true
     mode: "0755"
-      #size: 34
-      #owner: root
-      #group: root
+    size: 34
+    owner: root
+    group: root
     filetype: file
     contains: []
-
   /root/nxc/nxc-stop.sh:
     exists: true
     mode: "0755"
-      #size: 32
-      #owner: root
-      #group: root
+    size: 32
+    owner: root
+    group: root
     filetype: file
     contains: []
-
   /usr/local/bin/mkcert:
     exists: true
     mode: "0755"
-      #size: 4788866
-      #owner: root
-      #group: root
+    size: 4788866
+    owner: root
+    group: root
     filetype: file
     contains: []
-
 addr:
-  tcp://s-nxc.gsb.lan:443:
+  tcp://s-nxc.gsb.lan:8081:
     reachable: true
     timeout: 500
-
 port:
   tcp:22:
     listening: true
     ip:
     - 0.0.0.0
-
   tcp:80:
     listening: true
     ip: []
-
   tcp:443:
     listening: true
     ip: []
-
-      #tcp:8081:
-      #listening: true
-      #ip:
-      #- 0.0.0.0
-
+  tcp:8081:
+    listening: true
+    ip:
+    - 0.0.0.0
 interface:
   enp0s3:
     exists: true
     addrs:
     - 192.168.99.7/24
     mtu: 1500
-
   enp0s8:
     exists: true
     addrs:
     - 172.16.0.7/24
     mtu: 1500
-
-http:
-  https://s-nxc.gsb.lan:
-    status: 200
-    allow-insecure: true
-    no-follow-redirects: false
-    timeout: 5000
-    body:
-      - Nextcloud

roles/docker/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: on verifie si docker est installe
   stat:
     path: /usr/bin/docker
-  #command: which docker
+# command: which docker
   register: docker_present
 
 - name: Execution du script getdocker si docker n'est pas deja installe

roles/gotify/tasks/main.yml

@@ -1,50 +0,0 @@
----
-    - name: Mise a jour apt cache
-      apt:
-        update_cache: yes
-
-    - name: Creation /etc/gotify
-      ansible.builtin.file:
-        path: /etc/gotify
-        state: directory
-        mode: '0755'
-
-    - name: Creation /opt/gotify
-      ansible.builtin.file:
-        path: /opt/gotify
-        state: directory
-        mode: '0755'
-
-    - name: installation de gotify
-      get_url:
-        url: "https://github.com/gotify/server/releases/latest/download/gotify-linux-amd64.zip"
-        dest: "/tmp/gotify.zip"
-
-    - name: Extraction de Gotify
-      ansible.builtin.unarchive:
-        src: "/tmp/gotify.zip"
-        dest: "/opt/gotify"
-      become: yes
-
-    - name: Creation du fichier systemd
-      template:
-        src: "gotify.service.j2"
-        dest: "/etc/systemd/system/gotify.service"
-      become: yes
-
-    - name: Reload systemd
-      systemd:
-        daemon_reload: yes
-
-    - name: Creation du fichier conf gotify
-      template:
-        src: "config.yml.j2"
-        dest: "/etc/gotify/config.yml"
-      become: yes
-
-    - name: Demarage du gotify
-      systemd:
-        name: gotify
-        state: started
-        enabled: yes
-

roles/gotify/templates/config.yml.j2

@@ -1,4 +0,0 @@
-server:
-  keepaliveperiodseconds: 0
-  listenaddr: "" # the address to bind on, leave empty to bind on all addresses
-  port: 8008

roles/gotify/templates/gotify.service.j2

@@ -1,13 +0,0 @@
-[Unit]
-Description=Gotify Server
-After=network.target
-
-[Service]
-Type=simple
-User=root
-ExecStart=/opt/gotify/gotify-linux-amd64
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-

roles/kea-master/templates/kea-ctrl-agent-j1.conf

@@ -0,0 +1,66 @@
+// This is an example of a configuration for Control-Agent (CA) listening
+// for incoming HTTP traffic. This is necessary for handling API commands,
+// in particular lease update commands needed for HA setup.
+{
+    "Control-agent":
+    {
+        // We need to specify where the agent should listen to incoming HTTP
+        // queries.
+        "http-host": "172.16.64.1",
+
+        // This specifies the port CA will listen on.
+        "http-port": 8000,
+
+        "control-sockets":
+        {
+            // This is how the Agent can communicate with the DHCPv4 server.
+            "dhcp4":
+            {
+                "comment": "socket to DHCPv4 server",
+                "socket-type": "unix",
+                "socket-name": "/tm/kea4-ctrl-socket"
+            },
+
+            // Location of the DHCPv6 command channel socket.
+           # "dhcp6":
+           # {
+           #     "socket-type": "unix",
+           #     "socket-name": "/tmp/kea6-ctrl-socket"
+           # },
+
+            // Location of the D2 command channel socket.
+           # "d2":
+           # {
+           #     "socket-type": "unix",
+           #     "socket-name": "/tmp/kea-ddns-ctrl-socket",
+           #     "user-context": { "in-use": false }
+           # }
+        },
+
+        // Similar to other Kea components, CA also uses logging.
+        "loggers": [
+            {
+                "name": "kea-ctrl-agent",
+                "output_options": [
+                    {
+                        "output": "stdout",
+
+                        // Several additional parameters are possible in addition
+                        // to the typical output. Flush determines whether logger
+                        // flushes output to a file. Maxsize determines maximum
+                        // filesize before the file is rotated. maxver
+                        // specifies the maximum number of rotated files being
+                        // kept.
+                        "flush": true,
+                        "maxsize": 204800,
+                        "maxver": 4,
+                        // We use pattern to specify custom log message layout
+                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
+                    }
+                ],
+                "severity": "INFO",
+                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
+            }
+        ]
+    }
+}

roles/kea-master/templates/kea-dhcp4-j1.conf

@@ -0,0 +1,226 @@
+// This is an example configuration of the Kea DHCPv4 server 1:
+//
+// - uses High Availability hook library and Lease Commands hook library
+//   to enable High Availability function for the DHCP server. This config
+//   file is for the primary (the active) server.
+// - uses memfile, which stores lease data in a local CSV file
+// - it assumes a single /24 addressing over a link that is directly reachable
+//   (no DHCP relays)
+// - there is a handful of IP reservations
+//
+// It is expected to run with a standby (the passive) server, which has a very similar
+// configuration. The only difference is that "this-server-name" must be set to "server2" on the
+// other server. Also, the interface configuration depends on the network settings of the
+// particular machine.
+
+{
+
+"Dhcp4": {
+
+    // Add names of your network interfaces to listen on.
+    "interfaces-config": {
+        // The DHCPv4 server listens on this interface. When changing this to
+        // the actual name of your interface, make sure to also update the
+        // interface parameter in the subnet definition below.
+        "interfaces": [ "enp0s8" ]
+    },
+
+    // Control socket is required for communication between the Control
+    // Agent and the DHCP server. High Availability requires Control Agent
+    // to be running because lease updates are sent over the RESTful
+    // API between the HA peers.
+    "control-socket": {
+        "socket-type": "unix",
+        "socket-name": "/tmp/kea4-ctrl-socket"
+    },
+
+    // Use Memfile lease database backend to store leases in a CSV file.
+    // Depending on how Kea was compiled, it may also support SQL databases
+    // (MySQL and/or PostgreSQL). Those database backends require more
+    // parameters, like name, host and possibly user and password.
+    // There are dedicated examples for each backend. See Section 7.2.2 "Lease
+    // Storage" for details.
+    "lease-database": {
+        // Memfile is the simplest and easiest backend to use. It's an in-memory
+        // database with data being written to a CSV file. It is very similar to
+        // what ISC DHCP does.
+        "type": "memfile"
+    },
+
+    // Let's configure some global parameters. The home network is not very dynamic
+    // and there's no shortage of addresses, so no need to recycle aggressively.
+    "valid-lifetime": 43200, // leases will be valid for 12h
+    "renew-timer": 21600, // clients should renew every 6h
+    "rebind-timer": 32400, // clients should start looking for other servers after 9h
+
+    // Kea will clean up its database of expired leases once per hour. However, it
+    // will keep the leases in expired state for 2 days. This greatly increases the
+    // chances for returning devices to get the same address again. To guarantee that,
+    // use host reservation.
+    // If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are
+    // not 0, when the client sends a release message the lease is expired
+    // instead of being deleted from lease storage.
+    "expired-leases-processing": {
+        "reclaim-timer-wait-time": 3600,
+        "hold-reclaimed-time": 172800,
+        "max-reclaim-leases": 0,
+        "max-reclaim-time": 0
+    },
+
+    // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
+    // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
+    // The latter implements high availability feature for Kea. Note the library name
+    // should be the same, but the path is OS specific.
+    "hooks-libraries": [
+        // The lease_cmds library must be loaded because HA makes use of it to
+        // deliver lease updates to the server as well as synchronize the
+        // lease database after failure.
+        {
+            "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
+        },
+
+        {
+            // The HA hook library should be loaded.
+            "library": "/usr/local/lib/kea/hooks/libdhcp_ha.so",
+            "parameters": {
+                // Each server should have the same HA configuration, except for the
+                // "this-server-name" parameter.
+                "high-availability": [ {
+                    // This parameter points to this server instance. The respective
+                    // HA peers must have this parameter set to their own names.
+                    "this-server-name": "kea1",
+                    // The HA mode is set to hot-standby. In this mode, the active server handles
+                    // all the traffic. The standby takes over if the primary becomes unavailable.
+                    "mode": "hot-standby",
+                    // Heartbeat is to be sent every 10 seconds if no other control
+                    // commands are transmitted.
+                    "heartbeat-delay": 10000,
+                    // Maximum time for partner's response to a heartbeat, after which
+                    // failure detection is started. This is specified in milliseconds.
+                    // If we don't hear from the partner in 60 seconds, it's time to
+                    // start worrying.
+                    "max-response-delay": 30000,
+                    // The following parameters control how the server detects the
+                    // partner's failure. The ACK delay sets the threshold for the
+                    // 'secs' field of the received discovers. This is specified in
+                    // milliseconds.
+                    "max-ack-delay": 5000,
+                    // This specifies the number of clients which send messages to
+                    // the partner but appear to not receive any response.
+                    "max-unacked-clients": 0,
+                    // This specifies the maximum timeout (in milliseconds) for the server
+                    // to complete sync. If you have a large deployment (high tens or
+                    // hundreds of thousands of clients), you may need to increase it
+                    // further. The default value is 60000ms (60 seconds).
+                    "sync-timeout": 60000,
+                    "peers": [
+                        // This is the configuration of this server instance.
+                        {
+                            "name": "kea1",
+                            // This specifies the URL of this server instance. The
+                            // Control Agent must run along with this DHCPv4 server
+                            // instance and the "http-host" and "http-port" must be
+                            // set to the corresponding values.
+                            "url": "http://172.16.64.1:8000/",
+                            // This server is primary. The other one must be
+                            // secondary.
+                            "role": "primary"
+                        },
+                        // This is the configuration of the secondary server.
+                        {
+                            "name": "kea2",
+                            // Specifies the URL on which the partner's control
+                            // channel can be reached. The Control Agent is required
+                            // to run on the partner's machine with "http-host" and
+                            // "http-port" values set to the corresponding values.
+                            "url": "http://172.16.64.2:8000/",
+                            // The other server is secondary. This one must be
+                            // primary.
+                            "role": "standby"
+                        }
+                    ]
+                } ]
+            }
+        }
+    ],
+
+    // This example contains a single subnet declaration.
+    "subnet4": [
+        {
+            // Subnet prefix.
+            "subnet": "172.16.64.0/24",
+
+            // There are no relays in this network, so we need to tell Kea that this subnet
+            // is reachable directly via the specified interface.
+            "interface": "enp0s8",
+
+            // Specify a dynamic address pool.
+            "pools": [
+                {
+                    "pool": "172.16.64.100-172.16.64.150"
+                }
+            ],
+
+            // These are options that are subnet specific. In most cases, you need to define at
+            // least routers option, as without this option your clients will not be able to reach
+            // their default gateway and will not have Internet connectivity. If you have many
+            // subnets and they share the same options (e.g. DNS servers typically is the same
+            // everywhere), you may define options at the global scope, so you don't repeat them
+            // for every network.
+            "option-data": [
+                {
+                    // For each IPv4 subnet you typically need to specify at least one router.
+                    "name": "routers",
+                    "data": "172.16.64.1"
+                },
+                {
+                    // Using cloudflare or Quad9 is a reasonable option. Change this
+                    // to your own DNS servers is you have them. Another popular
+                    // choice is 8.8.8.8, owned by Google. Using third party DNS
+                    // service raises some privacy concerns.
+                    "name": "domain-name-servers",
+                    "data": "172.16.64.1"
+                }
+            ],
+
+            // Some devices should get a static address. Since the .100 - .199 range is dynamic,
+            // let's use the lower address space for this. There are many ways how reservation
+            // can be defined, but using MAC address (hw-address) is by far the most popular one.
+            // You can use client-id, duid and even custom defined flex-id that may use whatever
+            // parts of the packet you want to use as identifiers. Also, there are many more things
+            // you can specify in addition to just an IP address: extra options, next-server, hostname,
+            // assign device to client classes etc. See the Kea ARM, Section 8.3 for details.
+            // The reservations are subnet specific.
+            #"reservations": [
+            #    {
+            #        "hw-address": "1a:1b:1c:1d:1e:1f",
+            #        "ip-address": "192.168.1.10"
+            #    },
+            #    {
+            #        "client-id": "01:11:22:33:44:55:66",
+            #        "ip-address": "192.168.1.11"
+            #    }
+            #]
+        }
+    ],
+	// fichier de logs
+     "loggers": [
+     {
+        // This section affects kea-dhcp4, which is the base logger for DHCPv4 component. It tells
+        // DHCPv4 server to write all log messages (on severity INFO or higher) to a file. The file
+        // will be rotated once it grows to 2MB and up to 4 files will be kept. The debuglevel
+        // (range 0 to 99) is used only when logging on DEBUG level.
+        "name": "kea-dhcp4",
+        "output_options": [
+            {
+                "output": "stdout",
+                "maxsize": 2048000,
+                "maxver": 4
+            }
+        ],
+        "severity": "INFO",
+        "debuglevel": 0
+    }
+  ]
+}
+}

roles/kea-slave/templates/kea-ctrl-agent-j1.conf

@@ -0,0 +1,66 @@
+// This is an example of a configuration for Control-Agent (CA) listening
+// for incoming HTTP traffic. This is necessary for handling API commands,
+// in particular lease update commands needed for HA setup.
+{
+    "Control-agent":
+    {
+        // We need to specify where the agent should listen to incoming HTTP
+        // queries.
+        "http-host": "172.16.64.1",
+
+        // This specifies the port CA will listen on.
+        "http-port": 8000,
+
+        "control-sockets":
+        {
+            // This is how the Agent can communicate with the DHCPv4 server.
+            "dhcp4":
+            {
+                "comment": "socket to DHCPv4 server",
+                "socket-type": "unix",
+                "socket-name": "/tm/kea4-ctrl-socket"
+            },
+
+            // Location of the DHCPv6 command channel socket.
+           # "dhcp6":
+           # {
+           #     "socket-type": "unix",
+           #     "socket-name": "/tmp/kea6-ctrl-socket"
+           # },
+
+            // Location of the D2 command channel socket.
+           # "d2":
+           # {
+           #     "socket-type": "unix",
+           #     "socket-name": "/tmp/kea-ddns-ctrl-socket",
+           #     "user-context": { "in-use": false }
+           # }
+        },
+
+        // Similar to other Kea components, CA also uses logging.
+        "loggers": [
+            {
+                "name": "kea-ctrl-agent",
+                "output_options": [
+                    {
+                        "output": "stdout",
+
+                        // Several additional parameters are possible in addition
+                        // to the typical output. Flush determines whether logger
+                        // flushes output to a file. Maxsize determines maximum
+                        // filesize before the file is rotated. maxver
+                        // specifies the maximum number of rotated files being
+                        // kept.
+                        "flush": true,
+                        "maxsize": 204800,
+                        "maxver": 4,
+                        // We use pattern to specify custom log message layout
+                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
+                    }
+                ],
+                "severity": "INFO",
+                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
+            }
+        ]
+    }
+}

roles/kea-slave/templates/kea-dhcp4-j1.conf

@@ -0,0 +1,226 @@
+// This is an example configuration of the Kea DHCPv4 server 1:
+//
+// - uses High Availability hook library and Lease Commands hook library
+//   to enable High Availability function for the DHCP server. This config
+//   file is for the primary (the active) server.
+// - uses memfile, which stores lease data in a local CSV file
+// - it assumes a single /24 addressing over a link that is directly reachable
+//   (no DHCP relays)
+// - there is a handful of IP reservations
+//
+// It is expected to run with a standby (the passive) server, which has a very similar
+// configuration. The only difference is that "this-server-name" must be set to "server2" on the
+// other server. Also, the interface configuration depends on the network settings of the
+// particular machine.
+
+{
+
+"Dhcp4": {
+
+    // Add names of your network interfaces to listen on.
+    "interfaces-config": {
+        // The DHCPv4 server listens on this interface. When changing this to
+        // the actual name of your interface, make sure to also update the
+        // interface parameter in the subnet definition below.
+        "interfaces": [ "enp0s8" ]
+    },
+
+    // Control socket is required for communication between the Control
+    // Agent and the DHCP server. High Availability requires Control Agent
+    // to be running because lease updates are sent over the RESTful
+    // API between the HA peers.
+    "control-socket": {
+        "socket-type": "unix",
+        "socket-name": "/tmp/kea4-ctrl-socket"
+    },
+
+    // Use Memfile lease database backend to store leases in a CSV file.
+    // Depending on how Kea was compiled, it may also support SQL databases
+    // (MySQL and/or PostgreSQL). Those database backends require more
+    // parameters, like name, host and possibly user and password.
+    // There are dedicated examples for each backend. See Section 7.2.2 "Lease
+    // Storage" for details.
+    "lease-database": {
+        // Memfile is the simplest and easiest backend to use. It's an in-memory
+        // database with data being written to a CSV file. It is very similar to
+        // what ISC DHCP does.
+        "type": "memfile"
+    },
+
+    // Let's configure some global parameters. The home network is not very dynamic
+    // and there's no shortage of addresses, so no need to recycle aggressively.
+    "valid-lifetime": 43200, // leases will be valid for 12h
+    "renew-timer": 21600, // clients should renew every 6h
+    "rebind-timer": 32400, // clients should start looking for other servers after 9h
+
+    // Kea will clean up its database of expired leases once per hour. However, it
+    // will keep the leases in expired state for 2 days. This greatly increases the
+    // chances for returning devices to get the same address again. To guarantee that,
+    // use host reservation.
+    // If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are
+    // not 0, when the client sends a release message the lease is expired
+    // instead of being deleted from lease storage.
+    "expired-leases-processing": {
+        "reclaim-timer-wait-time": 3600,
+        "hold-reclaimed-time": 172800,
+        "max-reclaim-leases": 0,
+        "max-reclaim-time": 0
+    },
+
+    // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
+    // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
+    // The latter implements high availability feature for Kea. Note the library name
+    // should be the same, but the path is OS specific.
+    "hooks-libraries": [
+        // The lease_cmds library must be loaded because HA makes use of it to
+        // deliver lease updates to the server as well as synchronize the
+        // lease database after failure.
+        {
+            "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
+        },
+
+        {
+            // The HA hook library should be loaded.
+            "library": "/usr/local/lib/kea/hooks/libdhcp_ha.so",
+            "parameters": {
+                // Each server should have the same HA configuration, except for the
+                // "this-server-name" parameter.
+                "high-availability": [ {
+                    // This parameter points to this server instance. The respective
+                    // HA peers must have this parameter set to their own names.
+                    "this-server-name": "kea1",
+                    // The HA mode is set to hot-standby. In this mode, the active server handles
+                    // all the traffic. The standby takes over if the primary becomes unavailable.
+                    "mode": "hot-standby",
+                    // Heartbeat is to be sent every 10 seconds if no other control
+                    // commands are transmitted.
+                    "heartbeat-delay": 10000,
+                    // Maximum time for partner's response to a heartbeat, after which
+                    // failure detection is started. This is specified in milliseconds.
+                    // If we don't hear from the partner in 60 seconds, it's time to
+                    // start worrying.
+                    "max-response-delay": 30000,
+                    // The following parameters control how the server detects the
+                    // partner's failure. The ACK delay sets the threshold for the
+                    // 'secs' field of the received discovers. This is specified in
+                    // milliseconds.
+                    "max-ack-delay": 5000,
+                    // This specifies the number of clients which send messages to
+                    // the partner but appear to not receive any response.
+                    "max-unacked-clients": 0,
+                    // This specifies the maximum timeout (in milliseconds) for the server
+                    // to complete sync. If you have a large deployment (high tens or
+                    // hundreds of thousands of clients), you may need to increase it
+                    // further. The default value is 60000ms (60 seconds).
+                    "sync-timeout": 60000,
+                    "peers": [
+                        // This is the configuration of this server instance.
+                        {
+                            "name": "kea1",
+                            // This specifies the URL of this server instance. The
+                            // Control Agent must run along with this DHCPv4 server
+                            // instance and the "http-host" and "http-port" must be
+                            // set to the corresponding values.
+                            "url": "http://172.16.64.1:8000/",
+                            // This server is primary. The other one must be
+                            // secondary.
+                            "role": "primary"
+                        },
+                        // This is the configuration of the secondary server.
+                        {
+                            "name": "kea2",
+                            // Specifies the URL on which the partner's control
+                            // channel can be reached. The Control Agent is required
+                            // to run on the partner's machine with "http-host" and
+                            // "http-port" values set to the corresponding values.
+                            "url": "http://172.16.64.2:8000/",
+                            // The other server is secondary. This one must be
+                            // primary.
+                            "role": "standby"
+                        }
+                    ]
+                } ]
+            }
+        }
+    ],
+
+    // This example contains a single subnet declaration.
+    "subnet4": [
+        {
+            // Subnet prefix.
+            "subnet": "172.16.64.0/24",
+
+            // There are no relays in this network, so we need to tell Kea that this subnet
+            // is reachable directly via the specified interface.
+            "interface": "enp0s8",
+
+            // Specify a dynamic address pool.
+            "pools": [
+                {
+                    "pool": "172.16.64.100-172.16.64.150"
+                }
+            ],
+
+            // These are options that are subnet specific. In most cases, you need to define at
+            // least routers option, as without this option your clients will not be able to reach
+            // their default gateway and will not have Internet connectivity. If you have many
+            // subnets and they share the same options (e.g. DNS servers typically is the same
+            // everywhere), you may define options at the global scope, so you don't repeat them
+            // for every network.
+            "option-data": [
+                {
+                    // For each IPv4 subnet you typically need to specify at least one router.
+                    "name": "routers",
+                    "data": "172.16.64.1"
+                },
+                {
+                    // Using cloudflare or Quad9 is a reasonable option. Change this
+                    // to your own DNS servers is you have them. Another popular
+                    // choice is 8.8.8.8, owned by Google. Using third party DNS
+                    // service raises some privacy concerns.
+                    "name": "domain-name-servers",
+                    "data": "172.16.64.1"
+                }
+            ],
+
+            // Some devices should get a static address. Since the .100 - .199 range is dynamic,
+            // let's use the lower address space for this. There are many ways how reservation
+            // can be defined, but using MAC address (hw-address) is by far the most popular one.
+            // You can use client-id, duid and even custom defined flex-id that may use whatever
+            // parts of the packet you want to use as identifiers. Also, there are many more things
+            // you can specify in addition to just an IP address: extra options, next-server, hostname,
+            // assign device to client classes etc. See the Kea ARM, Section 8.3 for details.
+            // The reservations are subnet specific.
+            #"reservations": [
+            #    {
+            #        "hw-address": "1a:1b:1c:1d:1e:1f",
+            #        "ip-address": "192.168.1.10"
+            #    },
+            #    {
+            #        "client-id": "01:11:22:33:44:55:66",
+            #        "ip-address": "192.168.1.11"
+            #    }
+            #]
+        }
+    ],
+	// fichier de logs
+     "loggers": [
+     {
+        // This section affects kea-dhcp4, which is the base logger for DHCPv4 component. It tells
+        // DHCPv4 server to write all log messages (on severity INFO or higher) to a file. The file
+        // will be rotated once it grows to 2MB and up to 4 files will be kept. The debuglevel
+        // (range 0 to 99) is used only when logging on DEBUG level.
+        "name": "kea-dhcp4",
+        "output_options": [
+            {
+                "output": "stdout",
+                "maxsize": 2048000,
+                "maxver": 4
+            }
+        ],
+        "severity": "INFO",
+        "debuglevel": 0
+    }
+  ]
+}
+}

roles/nxc-traefik/files/docker-compose.yml

@@ -53,8 +53,8 @@ services:
     image: nextcloud
     container_name: app
     restart: always
-      #ports:
-      #- 8081:80
+    ports:
+      - 8081:80
     #links:
     depends_on:
       - db

roles/wireguard-r/README.md

@@ -24,10 +24,7 @@ bash r-vp1-post.sh
 ```
 ## Sur **r-vp2**:
 
-Lancer le playbook : *ansible-playbook -i localhost, -c local* r-vp2.yml sur **r-vp2**
-
-Puis lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
-
+Lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
 ### 🛠️ Lancer le script
 ```bash
 cd /tools/ansible/gsb2023/Scripts
@@ -37,11 +34,7 @@ bash r-vp2-post.sh
 ```
 ## Fin
 
-Pour finir redemarer les machines.
+redemarer les machines
 ```bash
 reboot
 ```
-Veuillez maintenant vous rendre dans le dossier du role ferm : 
-*gsb2024/roles/fw-ferm*
-
-*Modification : jm*

roles/zabbix-cli/defaults/main.yml

@@ -1,3 +1,2 @@
 SERVER: "127.0.0.1"
-SERVERACTIVE: "192.168.99.8"
-TOKENAPI: "f72473b7e5402a5247773e456f3709dcdd5e41792360108fc3451bbfeed8eafe"
+SERVERACTIVE: "172.16.0.8"

roles/zabbix-cli/tasks/main.yml

@@ -28,11 +28,3 @@
         state: restarted
         enabled: yes
 
-    - name: mise ne place script hostcreate
-      template:
-        src: hostcreate.sh.j2
-        dest: /tmp/hostcreate.sh
-
-    - name: lancement script hostcreate
-      command: bash /tmp/hostcreate.sh
-

roles/zabbix-cli/templates/hostcreate.sh.j2

@@ -1 +0,0 @@
-curl -X POST -H "Content-Type: application/json" -d '{ "jsonrpc":"2.0","method":"host.create","params": {"host": "{{ ansible_hostname }}","groups": [{"groupid": "6"}],"templates": [{"templateid": "10343"}],"inventory_mode": 0,"inventory": {"type": 0}},"auth": "{{ TOKENAPI }}","id": 1}' http://{{ SERVERACTIVE }}/zabbix/api_jsonrpc.php

s-backup.yml

@@ -7,7 +7,6 @@
     - goss
 #   - proxy3
     - zabbix-cli
-    - gotify
 #   - ssh-cli
     # - syslog-cli
     - smb-backup

wireguard/README.md

@@ -1,18 +0,0 @@
-# **Explication :** 
-
-Le dossier Wireguard comprend tous les tests de ping à effectuer une fois l'installation complète complète de wireguard. 
-
-Les dossiers présent dans ce dossier contiennent les routes qui doivent être présent sur nos différentes machines. Vous pouvez comparer les interface avec un "ip a" en cas de disfonctionnement. 
-
-# **Etapes pour lancer les tests:**
-
-Pour tester le bon fonctionnement du VPN et faire la phase de test, rendez vous sur la machine ou vous voulez faire les tests de ping (nous allons prendre ping-sinfra.sh comme exemple)
-
-* Mettez vous dans le dossier tools/ansible/gsb2024/wireguard
-
-* Lancer le script de s-infra : bash ping-sinfra.sh 
-
-Une fois lancer une série de ping vont se lancer automatiquement, si tout est bon le scipt devrait arrivé à sa fin. 
-Si toutefois un ping ne passe pas, le scipt vaa bloquer sur le ping qui est en cours d'éxécution ! 
-
-*Modification : jm*