noe.raphanaud/siotp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: noe.raphanaud:master
Branches Tags
noe.raphanaud:master
noe.raphanaud:v0.50
noe.raphanaud:v45
noe.raphanaud:v40
noe.raphanaud:v37
noe.raphanaud:v35
noe.raphanaud:v30
noe.raphanaud:v25
noe.raphanaud:v20
noe.raphanaud:v15
noe.raphanaud:v0.10
noe.raphanaud:v0.7
noe.raphanaud:v0.6
noe.raphanaud:v0.5
noe.raphanaud:v.0.4
noe.raphanaud:v.0.3
noe.raphanaud:v.0.25
noe.raphanaud:v.0.2
noe.raphanaud:v.0.1
noe.raphanaud:v0.0.1
..
compare: noe.raphanaud:v25
Branches Tags
noe.raphanaud:master
noe.raphanaud:v0.50
noe.raphanaud:v45
noe.raphanaud:v40
noe.raphanaud:v37
noe.raphanaud:v35
noe.raphanaud:v30
noe.raphanaud:v25
noe.raphanaud:v20
noe.raphanaud:v15
noe.raphanaud:v0.10
noe.raphanaud:v0.7
noe.raphanaud:v0.6
noe.raphanaud:v0.5
noe.raphanaud:v.0.4
noe.raphanaud:v.0.3
noe.raphanaud:v.0.25
noe.raphanaud:v.0.2
noe.raphanaud:v.0.1
noe.raphanaud:v0.0.1

No commits in common. "master" and "v25" have entirely different histories.
master ... v25

40 changed files with 0 additions and 831 deletions
Show Stats Expand all files Collapse all files

137
sio2/sisr/30-web/default-ssl.conf
View File

@ -1,137 +0,0 @@
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
#ServerName wordpress
DocumentRoot /var/www/html/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
# BrowserMatch "MSIE [2-6]" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

23
sio2/sisr/30-web/wordpress.conf
View File

@ -1,23 +0,0 @@
#<VirtualHost *:80>
# ServerName wordpress
# redirect permanent / https://192.168.0.34/wordpress
# DocumentRoot /var/www/wordpress
# <Directory /var/www/wordpress/>
# AllowOverride All
# </Directory>
#</VirtualHost>
<VirtualHost *:80>
ServerName wordpress
DocumentRoot /var/www/html/
<Directory /var/www/html/>
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.wordpress.log
CustomLog /var/log/apache2/access.wordpress.log combined
redirect permanent / https://192.168.0.34/
</VirtualHost>

98
sio2/sisr/30-web/wp-config.php
View File

@ -1,98 +0,0 @@
<?php
/**
* La configuration de base de votre installation WordPress.
*
* Ce fichier est utilisé par le script de création de wp-config.php pendant
* le processus dinstallation. Vous navez pas à utiliser le site web, vous
* pouvez simplement renommer ce fichier en « wp-config.php » et remplir les
* valeurs.
*
* Ce fichier contient les réglages de configuration suivants :
*
* Réglages MySQL
* Préfixe de table
* Clés secrètes
* Langue utilisée
* ABSPATH
*
* @link https://fr.wordpress.org/support/article/editing-wp-config-php/.
*
* @package WordPress
*/
// ** Réglages MySQL - Votre hébergeur doit vous fournir ces informations. ** //
/** Nom de la base de données de WordPress. */
define( 'DB_NAME', 'wordpress' );
/** Utilisateur de la base de données MySQL. */
define( 'DB_USER', 'wordpress_user' );
/** Mot de passe de la base de données MySQL. */
define( 'DB_PASSWORD', 'qdrhh45' );
/** Adresse de lhébergement MySQL. */
define( 'DB_HOST', 'localhost' );
/** Jeu de caractères à utiliser par la base de données lors de la création des tables. */
define( 'DB_CHARSET', 'utf8' );
/**
* Type de collation de la base de données.
* Ny touchez que si vous savez ce que vous faites.
*/
define( 'DB_COLLATE', '' );
/**#@+
* Clés uniques dauthentification et salage.
*
* Remplacez les valeurs par défaut par des phrases uniques !
* Vous pouvez générer des phrases aléatoires en utilisant
* {@link https://api.wordpress.org/secret-key/1.1/salt/ le service de clés secrètes de WordPress.org}.
* Vous pouvez modifier ces phrases à nimporte quel moment, afin dinvalider tous les cookies existants.
* Cela forcera également tous les utilisateurs à se reconnecter.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', 'mettez une phrase unique ici' );
define( 'SECURE_AUTH_KEY', 'mettez une phrase unique ici' );
define( 'LOGGED_IN_KEY', 'mettez une phrase unique ici' );
define( 'NONCE_KEY', 'mettez une phrase unique ici' );
define( 'AUTH_SALT', 'mettez une phrase unique ici' );
define( 'SECURE_AUTH_SALT', 'mettez une phrase unique ici' );
define( 'LOGGED_IN_SALT', 'mettez une phrase unique ici' );
define( 'NONCE_SALT', 'mettez une phrase unique ici' );
/**#@-*/
/**
* Préfixe de base de données pour les tables de WordPress.
*
* Vous pouvez installer plusieurs WordPress sur une seule base de données
* si vous leur donnez chacune un préfixe unique.
* Nutilisez que des chiffres, des lettres non-accentuées, et des caractères soulignés !
*/
$table_prefix = 'wp_';
/**
* Pour les développeurs : le mode déboguage de WordPress.
*
* En passant la valeur suivante à "true", vous activez laffichage des
* notifications derreurs pendant vos essais.
* Il est fortement recommandé que les développeurs dextensions et
* de thèmes se servent de WP_DEBUG dans leur environnement de
* développement.
*
* Pour plus dinformation sur les autres constantes qui peuvent être utilisées
* pour le déboguage, rendez-vous sur le Codex.
*
* @link https://fr.wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', false );
/* Cest tout, ne touchez pas à ce qui suit ! Bonne publication. */
/** Chemin absolu vers le dossier de WordPress. */
if ( ! defined( 'ABSPATH' ) )
define( 'ABSPATH', dirname( __FILE__ ) . '/' );
/** Réglage des variables de WordPress et de ses fichiers inclus. */
require_once( ABSPATH . 'wp-settings.php' );

10
sio2/sisr/35-script/bash/script/crsamba1
View File

@ -1,10 +0,0 @@
#!/bin/bash
set -o errexit
set -o nounset
fich='user.txt'
while read ligne
do
echo "${ligne}"
done < "${fich}"
exit 0

15
sio2/sisr/35-script/bash/script/crsamba2
View File

@ -1,15 +0,0 @@
#!/bin/bash
set -o errexit
set -o nounset
if [[ $# != 1 ]]; then
echo "usage : $0 <fichier>"
exit 1
fi
fich="$1"
while read ligne
do
echo "${ligne}"
done < "${fich}"
exit 0

19
sio2/sisr/35-script/bash/script/crsamba3
View File

@ -1,19 +0,0 @@
#!/bin/bash
set -o errexit
set -o nounset
if [[ $# != 1 ]]; then
echo "usage : $0 <fichier>"
exit 1
fi
fich="$1"
if ! [[ -r "${fich}" ]]; then
echo "$0 : erreur ouverture fichier ${fich}"
exit 2
fi
while read ligne
do
echo "${ligne}"
done < "${fich}"
exit 0

22
sio2/sisr/35-script/bash/script/crsamba4
View File

@ -1,22 +0,0 @@
#!/bin/bash
set -o errexit
set -o nounset
if [[ $# != 1 ]]; then
echo "usage : $0 <fichier>"
exit 1
fi
fich="$1"
if ! [[ -r "${fich}" ]]; then
echo "$0 : erreur ouverture fichier ${fich}"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}" |cut -f1 -d':')
nom=$(echo "${ligne}" |cut -f2 -d':')
echo "$login"
echo "$nom"
done < "${fich}"
exit 0

28
sio2/sisr/35-script/bash/script/crsamba5
View File

@ -1,28 +0,0 @@
#!/bin/bash
#set -o errexit
set -o nounset
if [[ $# != 1 ]]; then
echo "usage : $0 <fichier>"
exit 1
fi
fich="$1"
if ! [[ -r "${fich}" ]]; then
echo "$0 : erreur ouverture fichier ${fich}"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}" |cut -f1 -d':')
nom=$(echo "${ligne}" |cut -f2 -d':')
getent passwd "${login}" >> /dev/null
if [[ $? != 0 ]] ; then
useradd -m -d /home/${login} -c "${nom}" -s /bin/bash ${login}
else
echo "utilisateur ${login} existant"
fi
done < "${fich}"
exit 0

31
sio2/sisr/35-script/bash/script/crsamba7
View File

@ -1,31 +0,0 @@
#!/bin/bash
#set -o errexit
set -o nounset
PATH=${PATH}:/usr/sbin
if [[ $# != 1 ]]; then
echo "usage : $0 <fichier>"
exit 1
fi
fich="$1"
if ! [[ -r "${fich}" ]]; then
echo "$0 : erreur ouverture fichier ${fich}"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}" |cut -f1 -d':')
nom=$(echo "${ligne}" |cut -f2 -d':')
getent passwd "${login}" >> /dev/null
if [[ $? != 0 ]] ; then
useradd -m -d /home/${login} -c "${nom}" -s /bin/bash ${login}
pw=$(pwgen 4 1)
echo "${login}:${pw}"|chpasswd
echo "${login}:${pw}" >> "${fich}.pwd"
else
echo "$0 : utilisateur ${login} existant"
fi
done < "${fich}"
exit 0

1
sio2/sisr/35-script/bash/script/fichier.pwd
View File

@ -1 +0,0 @@

17
sio2/sisr/35-script/bash/script/restoration
View File

@ -1,17 +0,0 @@
#!/bin/bash
DAT=$(date "+%u")
DEST=/home/sv/d/"${DAT}"
HOST=root@192.168.0.29
ssh "${HOST}" apt install -y rsync apache2 mariadb-server php
ssh "${HOST}" "mysql CREATE DATABASES wordpress;" #a refaire
ssh "${HOST}" "mysql -u wordpress_user -pqdrhh45 wordpress < "${DEST}"/wordpress.sql" #a refaire
scp -r "${DEST}"/wordpress "${HOST}":/var/www/html/
scp "${DEST}"/default-ssl.conf "${HOST}":/etc/apache2/sites-available/
scp "${DEST}"/wordpress.conf "${HOST}":/etc/apache2/sites-available/
scp "${DEST}"/server.key "${HOST}":/etc/apache2/
scp "${DEST}"/server.crt "${HOST}":/etc/apache2/
#rsync -az "${DEST}"/wordpress "${HOST}":/var/www/html/
#rsync -az "${DEST}"/default-ssl.conf "${HOST}":/etc/apache2/sites-available/
#rsync -az "${DEST}"/wordpress.conf "${HOST}":/etc/apache2/sites-available/
#rsync -az "${DEST}"/server.key "${HOST}":/etc/apache2/
#rsync -az "${DEST}"/server.crt "${HOST}":/etc/apache2/

28
sio2/sisr/35-script/bash/script/rmsamba
View File

@ -1,28 +0,0 @@
#!/bin/bash
#set -o errexit
set -o nounset
if [ $# != 1 ]
then
echo "usage : $0 <fichier>"
exit 1
fi
fich="$1"
if ! [[ -r "${fich}" ]]; then
echo "$0 : erreur ouverture fichier ${fich}"
exit 2
fi
while read -r ligne
do
login=$(echo "${ligne}" |cut -f1 -d':')
echo "${login}"
getent passwd "${login}" >> /dev/null
if [[ $? = 0 ]]
then
userdel -r "${login}"
fi
done < "${fich}"
exit 0

15
sio2/sisr/35-script/bash/script/sauv
View File

@ -1,15 +0,0 @@
#!/bin/bash
DAT=$(date "+%u")
DEST=/home/sv
DEST2="${DEST}/d/${DAT}"
[ -d "${DEST}/d" ] || mkdir -p "${DEST}/d"
[ -d "${DEST}/d/${DAT}" ] || mkdir -p "${DEST}/d/${DAT}"
HOST=sauv@192.168.0.34
ssh "${HOST}" "mysqldump -u wordpress_user -pqdrhh45 wordpress|gzip -" >"${DEST2}"/wordpress.sql.gz
rsync -av -e ssh "${HOST}":/var/www/html/wordpress "${DEST2}"
rsync -av -e ssh "${HOST}":/etc/apache2/sites-available/default-ssl.conf "${DEST2}"/default-ssl.conf
rsync -av -e ssh "${HOST}":/etc/apache2/sites-available/wordpress.conf "${DEST2}"/wordpress.conf
rsync -av -e ssh "${HOST}":/etc/apache2/server.key "${DEST2}"/server.key
rsync -av -e ssh "${HOST}":/etc/apache2/server.crt "${DEST2}"/server.crt

4
sio2/sisr/35-script/bash/script/user.txt
View File

@ -1,4 +0,0 @@
lucien
claudine
robert
marcelle

4
sio2/sisr/35-script/bash/script/user2.txt
View File

@ -1,4 +0,0 @@
lucien:Lucien Dubois
claudine:Claudine Duparc
robert:Robert Macaire
marcelle:Marcelle Desforets

26
sio2/sisr/35-script/bash/script/user2.txt.pwd
View File

@ -1,26 +0,0 @@
:
:
:
:
:
:
:
:
:
:
:
:
lucien:1XfC
claudine:PT2M
robert:K4PJ
marcelle:i4WH
claudine:7Giq
robert:VO4u
marcelle:3b8S
claudine:7qzL
robert:NvV6
marcelle:7QnY
lucien:e5Hz
claudine:j9Un
robert:ZnJ6
marcelle:B7nR

19
sio2/sisr/35-script/python/log.py
View File

@ -1,19 +0,0 @@
#/usr/bin/python3
import re
import sys
group = {}
regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)'
for line in sys.stdin:
line = line.rstrip ( )
match = re.match (regexp, line)
if match:
print (match.group(1)," ",match.group(8))
ip = match.group(1)
vol = match.group(8)
if ip in group:
group[ip] = group[ip] + vol
else:
group[ip] = vol
for key in group.keys():
print (key, " ", group[key])

38
sio2/sisr/35-script/python/passusr.py
View File

@ -1,38 +0,0 @@
#!/usr/bin/python3
import sys
import subprocess
import os
nbarg = len(sys.argv)
if nbarg != 2:
print ("Nombre d'argument invalide")
exit (1)
filename = sys.argv[1]
try:
fh = open(filename, "r")
except:
print ("Fichier ", filename," inconnu")
exit (2)
else:
line = fh.readline ()
while line:
nouvline = line.rstrip()
login,nomlong = nouvline.split(':')
cmd = "sudo useradd -m -d /home/"+login+" -c \'"+ nomlong+"\' -s /bin/bash "+ login
res = os.system ("getent passwd "+login)
if res != 0:
passw = ["pwgen", "4","1"]
os.system (cmd)
mdp = subprocess.run(passw,capture_output=True)
mdp2 = mdp.stdout.decode("utf-8")
mdp3 = mdp2.rstrip()
print (mdp3)
ch3 = "echo "+login+":"+mdp3+"|sudo chpasswd"
print (ch3)
os.system (ch3)
os.system ("sudo echo "+login+":"+mdp3+" >> "+filename+".pwd")
else:
print ("Utilisateur "+login+" déjà éxistant")
os.system ("sudo userdel -r "+login)
line = fh.readline()
fh.close()

2
sio2/sisr/35-script/python/user.txt
View File

@ -1,2 +0,0 @@
adupont:Albert Dupont
jduroy:Jeannette Duroy

4
sio2/sisr/35-script/python/user.txt.pwd
View File

@ -1,4 +0,0 @@
adupont:0PSg
jduroy:2Sdc
adupont:Ksw4
jduroy:C0px

23
sio2/sisr/40-vlan/ipsec.conf
View File

@ -1,23 +0,0 @@
config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn %default
conn tunnel #
left=10.0.0.2
leftsubnet=192.168.2.0/24
right=10.0.0.1
rightsubnet=192.168.1.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
authby=secret
auto=start
keyexchange=ikev2
type=tunnel

5
sio2/sisr/40-vlan/ipsec.secrets
View File

@ -1,5 +0,0 @@
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
10.0.0.2 10.0.0.1 : PSK 'root'

1
sio2/sisr/45-ansible/dokuw/invent
View File

@ -1 +0,0 @@
doku

4
sio2/sisr/45-ansible/dokuw/local.yml
View File

@ -1,4 +0,0 @@
- hosts: all
roles:
- web
- doku

59
sio2/sisr/45-ansible/dokuw/roles/doku/tasks/main.yml
View File

@ -1,59 +0,0 @@
- name: recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl.sio.lan/store/dokuwiki-stable.tgz
dest: /tmp
- name: Extraction archive
unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
remote_src: yes
- name: stat rept
stat:
path: /var/www/html/dokuwiki-2020-07-29
register: rept_stat
- name: Renommage de dokuwiki-stable
command: mv /var/www/html/dokuwiki-2020-07-29 /var/www/html/doku
when: rept_stat.stat.exists
- name: Droit root recursive
file:
path: /var/www/html/doku
state: directory
recurse: yes
owner: root
group: root
- name: droit 755
file:
path: /var/www/html/doku
state: directory
mode: '0755'
recurse: yes
- name: droit apache data
file:
path: /var/www/html/doku/data
state: directory
owner: www-data
group: www-data
recurse: yes
- name: droit apache lib
file:
path: /var/www/html/doku/lib
state: directory
owner: www-data
group: www-data
recurse: yes
- name: droit apache conf
file:
path: /var/www/html/doku/conf
state: directory
owner: www-data
group: www-data
recurse: yes

25
sio2/sisr/45-ansible/dokuw/roles/web/tasks/main.yml
View File

@ -1,25 +0,0 @@
- name: installation apache2
apt:
name: apache2
state: present
- name: installation php
apt:
name: php
state: present
- name: installation php-mbstring
apt:
name: php-mbstring
state: present
- name: installation php-gd
apt:
name: php-gd
state: present
- name: installation php-xml
apt:
name: php-xml
state: present

6
sio2/sisr/45-ansible/testansible/hosts
View File

@ -1,6 +0,0 @@
[adm]
infra
[web]
web1
web2

6
sio2/sisr/45-ansible/tpansible/hosts
View File

@ -1,6 +0,0 @@
[adm]
infra
[web]
web1
web2

1
sio2/sisr/45-ansible/tpansible/index.html
View File

@ -1 +0,0 @@
Salut

31
sio2/sisr/45-ansible/tpansible/squid.yml
View File

@ -1,31 +0,0 @@
- hosts: adm
vars:
- proxy_port: 8080
- proxy_mem: 128
tasks:
- name: Installation squid
apt:
name: squid
state: present
- name: Copie squid.conf squid.conf.j2
template:
src: squid.conf.j2
dest: /etc/squid/squid.conf
notify:
- restart squid
# - name: On ajoute http_access allow localnet
# replace:
# path: /etc/squid/squid.conf
# regexp: '^#http_access allow localnet'
# replace: 'http_access allow localnet'
# notify:
# - restart squid
handlers:
- name: restart squid
service:
name: squid
state: restarted

29
sio2/sisr/45-ansible/tpansible/syslog-cli.yml
View File

@ -1,29 +0,0 @@
- hosts: web
tasks:
- name: decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify:
- restart journald
- name: Ajoute l'indication de serveur syslog distant si elle n'est pas presente
lineinfile:
path: /etc/rsyslog.conf
line: '*.* @192.168.0.23:514'
create: yes
notify:
- restart rsyslog
handlers:
- name: restart journald
service:
name: systemd-journald.service
state: restarted
- name: restart syslog
service:
name: rsyslog
state: restarted

37
sio2/sisr/45-ansible/tpansible/syslog.yml
View File

@ -1,37 +0,0 @@
- hosts: adm
tasks:
- name: decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#module\(load="imudp"\)'
replace: 'module(load="imudp")'
notify:
- restart rsyslog
- name: decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#input\(type="imudp" port="514"\)'
replace: 'input(type="imudp" port="514")'
notify:
- restart rsyslog
- name: decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify:
- restart journald
handlers:
- name: restart rsyslog
service:
name: rsyslog
state: restarted
- name: restart journald
service:
name: systemd-journald.service
state: restarted

18
sio2/sisr/45-ansible/tpansible/web.yml
View File

@ -1,18 +0,0 @@
- hosts: web
tasks:
- name: Installation apache2
apt:
name: apache2
state: present
- name: Installation php
apt:
name: php
state: present
- name: Installation php-mbstring
apt:
name: php-mbstring
state: present
- name: Copie index.html
copy:
src: index.html
dest: /var/www/html/

1
sio2/sisr/50-wireguard/wg-private.key
View File

@ -1 +0,0 @@
SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=

1
sio2/sisr/50-wireguard/wg-public.key
View File

@ -1 +0,0 @@
pKM5noo3ZF3v3t3fBJBYzvFt61ItJxIkEHC0uXkCgAU=

14
sio2/sisr/50-wireguard/wg0.conf
View File

@ -1,14 +0,0 @@
# générer des clés : cd /etc/wireguard; umask 077 ; wg genkey | tee private.key | wg pubkey > public.key
[Interface]
Address = 10.0.2.1/24 # Adresses autorisées dans le VPN
Listenport = 51820
# clé privée de machine A (actuelle)
PrivateKey = SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=
# UDP service port; 51820 is a common choice for WireGuard
ListenPort = 51820
[Peer]
# clé publique de machine B (l'autre)
PublicKey = qhiQishoQMM6Y/g7OnUeLNX5T2p0FQx2oq+F/qKQfVc=
AllowedIPs = 10.0.2.1/24 # le peer peut acceder au serveur

11
sio2/sisr/55-proxmox/clone.sh
View File

@ -1,11 +0,0 @@
#!/bin/bash
num1="$1"
num2="$2"
nom="$3"
ip="$4"
qm clone "${num1}" "${num2}" --name "${nom}"
qm set "${num2}" --sshkeys id_rsa.pub
qm set "${num2}" --ipconfig0 ip="${ip}",gw=192.168.0.1
qm resize "${num2}" scsi0 8G
qm start "${num2}"

16
sio2/sisr/55-proxmox/create.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
num="$1"
#récupération de l'image Openstack Debian 11 au format qcow2
cd /var/lib/vz/template/qemu/
export http_proxy=http://10.121.38.1:8080
export https_proxy=http://10.121.38.1:8080
wget --no-check-certificate https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2
#Création de la VM a partir de l'image
qm create "${num}" --memory 1024 --net0 virtio,bridge=vmbr0
qm importdisk "${num}" /var/lib/vz/template/qemu/debian-11-generic-amd64.qcow2 local-lvm
#Paramètrage de la machine
qm set "${num}" --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-"${num}"-disk-0 # on associe le disque scsi0 au LV vm-9000-disk-0
qm set "${num}" --boot c --bootdisk scsi0 # on définit le disque scsi0 comme disque de démarrage
qm set "${num}" --ide2 local-lvm:cloudinit # on joint le volume CDROM cloudinit utilisé pour le démarrage
qm set "${num}" --serial0 socket --vga serial0 # on définit une console série qu'on utilise comme affichage
qm template "${num}" # on définit la VM 9000 comme template

1
sio2/sisr/55-proxmox/id_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCh2egCAcgBM+XXtvBfg6QYHB5+c0jqN1gzcfcs/2SaP/FTWk6u5mv+E9igbpMHrQKkH8z0ocNgKhV8nAHbtbCFa9UOF7kUESSnMWb6gt9qSiVY3PHb9iQHAbpQkqWgCgUKUTp7UEFLPd1QaCAFvbv43nGZGAFod/lX5h3HQV5goAyWgwairJbFSekkEvAF6hDFzaTSZaoi8tRRKDBDZVmTsL4v4ywM6/SIl/8COK0FJmEwIjU8jSOUAQtmbwXH70Zbegh30Osg8xLdnNrWJCKC9onf0V8s8djongk7wgj0KTBTrpPf26f9imY6Is24paHTGAFEfaqjhPyIz+i2hZKKMT5K5j0QYKOsThiReJs59cJIJpPgysbKnkNNMbhHtSL0XENmlhXzsKgfVVwTcvopE7+yoe1suCsqBrWtUw9o8RpHmzFrLH9HHJ5Ts1JCyMnTg10LzXlyK2ukWMbb0+qc0PMJrANTmpf77mJulkblQaOKSV38S5awS44NCZPRIbs= sio@lab213-23

1
sio2/sisr/55-proxmox/pubkey/id_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCh2egCAcgBM+XXtvBfg6QYHB5+c0jqN1gzcfcs/2SaP/FTWk6u5mv+E9igbpMHrQKkH8z0ocNgKhV8nAHbtbCFa9UOF7kUESSnMWb6gt9qSiVY3PHb9iQHAbpQkqWgCgUKUTp7UEFLPd1QaCAFvbv43nGZGAFod/lX5h3HQV5goAyWgwairJbFSekkEvAF6hDFzaTSZaoi8tRRKDBDZVmTsL4v4ywM6/SIl/8COK0FJmEwIjU8jSOUAQtmbwXH70Zbegh30Osg8xLdnNrWJCKC9onf0V8s8djongk7wgj0KTBTrpPf26f9imY6Is24paHTGAFEfaqjhPyIz+i2hZKKMT5K5j0QYKOsThiReJs59cJIJpPgysbKnkNNMbhHtSL0XENmlhXzsKgfVVwTcvopE7+yoe1suCsqBrWtUw9o8RpHmzFrLH9HHJ5Ts1JCyMnTg10LzXlyK2ukWMbb0+qc0PMJrANTmpf77mJulkblQaOKSV38S5awS44NCZPRIbs= sio@lab213-23