modif save

goss.yaml

@@ -0,0 +1,25 @@
+port:
+  tcp:22:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp6:22:
+    listening: true
+    ip:
+    - '::'
+service:
+  sshd:
+    enabled: true
+    running: true
+user:
+  sshd:
+    exists: true
+    uid: 101
+    gid: 65534
+    groups:
+    - nogroup
+    home: /run/sshd
+    shell: /usr/sbin/nologin
+process:
+  sshd:
+    running: true

goss/s-nxc.yaml

@@ -98,10 +98,10 @@ file:
     filetype: file
     contains: []
 
-addr:
-  tcp://s-nxc.gsb.lan:443:
-    reachable: true
-    timeout: 500
+      #addr:
+      #tcp://s-nxc.gsb.lan:443:
+      #reachable: true
+      #timeout: 500
 
 port:
   tcp:22:

roles/nxc-traefik/files/savenextcloud.sh

@@ -18,12 +18,5 @@ docker compose exec -u www-data app php occ maintenance:mode --off
 # création d'une archive
 tar cvfz nxc.tgz nextcloud-sqlbkp.bak nextcloud-dirbkp
 
-# envoie sur s-backup
-BACKUP=/home/backup/s-nxc
 
-# Préparation des dossiers qui vont accueillir les données à sauvegarder (-e lance le répertoire si il existe)
-[[ -e "${BACKUP}" ]] || mkdir -p "${BACKUP}"
-
-# Sauvegarde du fichier nxc.tgz vers la machine s-backup
-scp root@s-nxc:/root/nxc/nxc.tgz "${BACKUP}/"
 

roles/ssh-backup-key-gen/README.md

@@ -0,0 +1 @@
+###Génération de clé publique et privée###

roles/ssh-backup-key-gen/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: on genere une cle privee pour s-backup
+  openssh_keypair:
+    path: /root/id_rsa_sbackup
+    type: rsa
+    state: present
+
+- name: copie cle publique dans gsbstore
+  copy:
+    src: /root/id_rsa_sbackup.pub
+    dest: /var/www/html/gsbstore
+    mode: 0644
+    remote_src: yes
+
+- name: copie cle privee dans gsbstore
+  copy:
+    src: /root/id_rsa_sbackup
+    dest: /var/www/html/gsbstore
+    mode: 0600
+    remote_src: yes

roles/ssh-backup-key-private/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: creation .ssh
+  file:
+    path: ~/.ssh
+    state: directory
+    mode: 0700
+
+- name: recuperation de la cle privee generee par s-adm
+  get_url:
+    url: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup
+    dest: /root/.ssh/id_rsa_sbackup
+    mode: 0600
+

roles/ssh-backup-key-pub/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: recuperation de la cle publique generee par s-adm
+  ansible.posix.authorized_key:
+    user: root
+    state: present
+    key: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup.pub

roles/zabbix-cli/tasks/main.yml

@@ -28,11 +28,11 @@
         state: restarted
         enabled: yes
 
-    - name: mise ne place script hostcreate
+    - name: mise en place script hostcreate
       template:
         src: hostcreate.sh.j2
         dest: /tmp/hostcreate.sh
 
-    - name: lancement script hostcreate
-      command: bash /tmp/hostcreate.sh
+          #- name: lancement script hostcreate
+          #command: bash /tmp/hostcreate.sh
 

roles/zabbix-srv/tasks/main.yml

@@ -29,65 +29,41 @@
       name: mariadb
       state: started
 
-  - name: 6. Créer la base de données
-    community.mysql.mysql_db:
-      name: zabbix
-      encoding: utf8mb4
-      collation: utf8mb4_bin
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  - name: 7. Creer un utilisateur et  lui attribuer tous les droits
-    community.mysql.mysql_user:
-      name: zabbix
-      password: password
-      priv: '*.*:ALL,GRANT'
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  - name: 8. Modifier une variable pour importer un schema
+  - name: 6. Modifier la variable trust function creators pour importer la base données
     community.mysql.mysql_variables:
       variable: log_bin_trust_function_creators
       value: 1
       mode: global
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 9. Importer le schema initial
+  - name: 7. Importer la base de données
     community.mysql.mysql_db:
       state: import
       name: zabbix
       encoding: utf8mb4
-      login_user: zabbix
-      login_password: password
-      target: /usr/share/zabbix-sql-scripts/mysql/server.sql.gz
+      target: http://s-adm.gsb.adm/gsbstore/zabbix.sql.gz
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 10. Modifier la variable pour le schema
+  - name: 8. Remettre a zero la variable trust function creators
     community.mysql.mysql_variables:
       variable: log_bin_trust_function_creators
       value: 0
       mode: global
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 11. Configurer le mdp de la db
-    replace:
-     path: /etc/zabbix/zabbix_server.conf
-     regexp: '^# DBPassword='
-     replace: 'DBPassword=password'
-
-  - name: 12. Lancer le service zabbix-server
+  - name: 9. Lancer le service zabbix-server
     service:
      name: zabbix-server
      state: restarted
      enabled: yes
 
-  - name: 13. Lancer le service zabbix-agent
+  - name: 10. Lancer le service zabbix-agent
     service:
      name: zabbix-agent
      state: restarted
      enabled: yes
 
-  - name: 14. Lancer le service apache2
+  - name: 11. Lancer le service apache2
     service:
      name: apache2
      state: restarted

s-adm.yml

@@ -7,6 +7,7 @@
     - s-ssh
     - dnsmasq
     - squid
+    - ssh-backup-key-gen
 #    - local-store
     - zabbix-cli
     ## - syslog-cli

s-backup.yml

@@ -9,12 +9,12 @@
   roles:
     - base
     - goss
-    - proxy3
     - zabbix-cli
     - gotify
     - stork-server
     - ssh-cli
-    - syslog-cli
+      #- syslog-cli
     - smb-backup
     - dns-slave
     - post
+    - ssh-backup-key-private

s-nxc.yml

@@ -10,3 +10,4 @@
     # - syslog-cli
     - snmp-agent
     - post
+    - ssh-backup-key-pub