Cloud-init

supprimé :        55-proxmox/create.sh
	supprimé :        55-proxmox/id_rsa.pub
	supprimé :        55-proxmox/pubkey/id_rsa.pub

sio2/sisr/30-web/default-ssl.conf

@@ -0,0 +1,137 @@
+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		ServerAdmin webmaster@localhost
+		#ServerName wordpress
+		DocumentRoot /var/www/html/
+
+		# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+		# error, crit, alert, emerg.
+		# It is also possible to configure the loglevel for particular
+		# modules, e.g.
+		#LogLevel info ssl:warn
+
+		ErrorLog ${APACHE_LOG_DIR}/error.log
+		CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+		# For most configuration files from conf-available/, which are
+		# enabled or disabled at a global level, it is possible to
+		# include a line for only one particular virtual host. For example the
+		# following line enables the CGI configuration for this host only
+		# after it has been globally disabled with "a2disconf".
+		#Include conf-available/serve-cgi-bin.conf
+
+		#   SSL Engine Switch:
+		#   Enable/Disable SSL for this virtual host.
+		SSLEngine on
+
+		#   A self-signed (snakeoil) certificate can be created by installing
+		#   the ssl-cert package. See
+		#   /usr/share/doc/apache2/README.Debian.gz for more info.
+		#   If both key and certificate are stored in the same file, only the
+		#   SSLCertificateFile directive is needed.
+		SSLCertificateFile /etc/apache2/server.crt
+		SSLCertificateKeyFile /etc/apache2/server.key
+
+		#SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
+		#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+		#   Server Certificate Chain:
+		#   Point SSLCertificateChainFile at a file containing the
+		#   concatenation of PEM encoded CA certificates which form the
+		#   certificate chain for the server certificate. Alternatively
+		#   the referenced file can be the same as SSLCertificateFile
+		#   when the CA certificates are directly appended to the server
+		#   certificate for convinience.
+		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+		#   Certificate Authority (CA):
+		#   Set the CA certificate verification path where to find CA
+		#   certificates for client authentication or alternatively one
+		#   huge file containing all of them (file must be PEM encoded)
+		#   Note: Inside SSLCACertificatePath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCACertificatePath /etc/ssl/certs/
+		#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+		#   Certificate Revocation Lists (CRL):
+		#   Set the CA revocation path where to find CA CRLs for client
+		#   authentication or alternatively one huge file containing all
+		#   of them (file must be PEM encoded)
+		#   Note: Inside SSLCARevocationPath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCARevocationPath /etc/apache2/ssl.crl/
+		#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+		#   Client Authentication (Type):
+		#   Client certificate verification type and depth.  Types are
+		#   none, optional, require and optional_no_ca.  Depth is a
+		#   number which specifies how deeply to verify the certificate
+		#   issuer chain before deciding the certificate is not valid.
+		#SSLVerifyClient require
+		#SSLVerifyDepth  10
+
+		#   SSL Engine Options:
+		#   Set various options for the SSL engine.
+		#   o FakeBasicAuth:
+		#	 Translate the client X.509 into a Basic Authorisation.  This means that
+		#	 the standard Auth/DBMAuth methods can be used for access control.  The
+		#	 user name is the `one line' version of the client's X.509 certificate.
+		#	 Note that no password is obtained from the user. Every entry in the user
+		#	 file needs this password: `xxj31ZMTZzkVA'.
+		#   o ExportCertData:
+		#	 This exports two additional environment variables: SSL_CLIENT_CERT and
+		#	 SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+		#	 server (always existing) and the client (only existing when client
+		#	 authentication is used). This can be used to import the certificates
+		#	 into CGI scripts.
+		#   o StdEnvVars:
+		#	 This exports the standard SSL/TLS related `SSL_*' environment variables.
+		#	 Per default this exportation is switched off for performance reasons,
+		#	 because the extraction step is an expensive operation and is usually
+		#	 useless for serving static content. So one usually enables the
+		#	 exportation for CGI and SSI requests only.
+		#   o OptRenegotiate:
+		#	 This enables optimized SSL connection renegotiation handling when SSL
+		#	 directives are used in per-directory context.
+		#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+		<FilesMatch "\.(cgi|shtml|phtml|php)$">
+				SSLOptions +StdEnvVars
+		</FilesMatch>
+		<Directory /usr/lib/cgi-bin>
+				SSLOptions +StdEnvVars
+		</Directory>
+
+		#   SSL Protocol Adjustments:
+		#   The safe and default but still SSL/TLS standard compliant shutdown
+		#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+		#   the close notify alert from client. When you need a different shutdown
+		#   approach you can use one of the following variables:
+		#   o ssl-unclean-shutdown:
+		#	 This forces an unclean shutdown when the connection is closed, i.e. no
+		#	 SSL close notify alert is send or allowed to received.  This violates
+		#	 the SSL/TLS standard but is needed for some brain-dead browsers. Use
+		#	 this when you receive I/O errors because of the standard approach where
+		#	 mod_ssl sends the close notify alert.
+		#   o ssl-accurate-shutdown:
+		#	 This forces an accurate shutdown when the connection is closed, i.e. a
+		#	 SSL close notify alert is send and mod_ssl waits for the close notify
+		#	 alert of the client. This is 100% SSL/TLS standard compliant, but in
+		#	 practice often causes hanging connections with brain-dead browsers. Use
+		#	 this only for browsers where you know that their SSL implementation
+		#	 works correctly.
+		#   Notice: Most problems of broken clients are also related to the HTTP
+		#   keep-alive facility, so you usually additionally want to disable
+		#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+		#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+		#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+		#   "force-response-1.0" for this.
+		# BrowserMatch "MSIE [2-6]" \
+		#		nokeepalive ssl-unclean-shutdown \
+		#		downgrade-1.0 force-response-1.0
+
+	</VirtualHost>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

sio2/sisr/30-web/wordpress.conf

@@ -0,0 +1,23 @@
+#<VirtualHost *:80>
+  # ServerName wordpress
+ #  redirect permanent / https://192.168.0.34/wordpress
+  # DocumentRoot /var/www/wordpress
+
+  
+  # <Directory /var/www/wordpress/>
+  #	 AllowOverride All
+ #  </Directory>
+
+
+#</VirtualHost>
+<VirtualHost *:80>
+        ServerName wordpress
+        DocumentRoot /var/www/html/
+        <Directory /var/www/html/>
+                AllowOverride all
+                Require all granted
+        </Directory>
+        ErrorLog /var/log/apache2/error.wordpress.log
+        CustomLog /var/log/apache2/access.wordpress.log combined
+	redirect permanent / https://192.168.0.34/
+</VirtualHost>

sio2/sisr/30-web/wp-config.php

@@ -0,0 +1,98 @@
+<?php
+/**
+ * La configuration de base de votre installation WordPress.
+ *
+ * Ce fichier est utilisé par le script de création de wp-config.php pendant
+ * le processus d’installation. Vous n’avez pas à utiliser le site web, vous
+ * pouvez simplement renommer ce fichier en « wp-config.php » et remplir les
+ * valeurs.
+ *
+ * Ce fichier contient les réglages de configuration suivants :
+ *
+ * Réglages MySQL
+ * Préfixe de table
+ * Clés secrètes
+ * Langue utilisée
+ * ABSPATH
+ *
+ * @link https://fr.wordpress.org/support/article/editing-wp-config-php/.
+ *
+ * @package WordPress
+ */
+
+// ** Réglages MySQL - Votre hébergeur doit vous fournir ces informations. ** //
+/** Nom de la base de données de WordPress. */
+define( 'DB_NAME', 'wordpress' );
+
+/** Utilisateur de la base de données MySQL. */
+define( 'DB_USER', 'wordpress_user' );
+
+/** Mot de passe de la base de données MySQL. */
+define( 'DB_PASSWORD', 'qdrhh45' );
+
+/** Adresse de l’hébergement MySQL. */
+define( 'DB_HOST', 'localhost' );
+
+/** Jeu de caractères à utiliser par la base de données lors de la création des tables. */
+define( 'DB_CHARSET', 'utf8' );
+
+/**
+ * Type de collation de la base de données.
+ * N’y touchez que si vous savez ce que vous faites.
+ */
+define( 'DB_COLLATE', '' );
+
+/**#@+
+ * Clés uniques d’authentification et salage.
+ *
+ * Remplacez les valeurs par défaut par des phrases uniques !
+ * Vous pouvez générer des phrases aléatoires en utilisant
+ * {@link https://api.wordpress.org/secret-key/1.1/salt/ le service de clés secrètes de WordPress.org}.
+ * Vous pouvez modifier ces phrases à n’importe quel moment, afin d’invalider tous les cookies existants.
+ * Cela forcera également tous les utilisateurs à se reconnecter.
+ *
+ * @since 2.6.0
+ */
+define( 'AUTH_KEY',         'mettez une phrase unique ici' );
+define( 'SECURE_AUTH_KEY',  'mettez une phrase unique ici' );
+define( 'LOGGED_IN_KEY',    'mettez une phrase unique ici' );
+define( 'NONCE_KEY',        'mettez une phrase unique ici' );
+define( 'AUTH_SALT',        'mettez une phrase unique ici' );
+define( 'SECURE_AUTH_SALT', 'mettez une phrase unique ici' );
+define( 'LOGGED_IN_SALT',   'mettez une phrase unique ici' );
+define( 'NONCE_SALT',       'mettez une phrase unique ici' );
+/**#@-*/
+
+/**
+ * Préfixe de base de données pour les tables de WordPress.
+ *
+ * Vous pouvez installer plusieurs WordPress sur une seule base de données
+ * si vous leur donnez chacune un préfixe unique.
+ * N’utilisez que des chiffres, des lettres non-accentuées, et des caractères soulignés !
+ */
+$table_prefix = 'wp_';
+
+/**
+ * Pour les développeurs : le mode déboguage de WordPress.
+ *
+ * En passant la valeur suivante à "true", vous activez l’affichage des
+ * notifications d’erreurs pendant vos essais.
+ * Il est fortement recommandé que les développeurs d’extensions et
+ * de thèmes se servent de WP_DEBUG dans leur environnement de
+ * développement.
+ *
+ * Pour plus d’information sur les autres constantes qui peuvent être utilisées
+ * pour le déboguage, rendez-vous sur le Codex.
+ *
+ * @link https://fr.wordpress.org/support/article/debugging-in-wordpress/
+ */
+define( 'WP_DEBUG', false );
+
+/* C’est tout, ne touchez pas à ce qui suit ! Bonne publication. */
+
+/** Chemin absolu vers le dossier de WordPress. */
+if ( ! defined( 'ABSPATH' ) )
+  define( 'ABSPATH', dirname( __FILE__ ) . '/' );
+
+/** Réglage des variables de WordPress et de ses fichiers inclus. */
+require_once( ABSPATH . 'wp-settings.php' );

sio2/sisr/35-script/bash/script/crsamba1

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+fich='user.txt'
+while read ligne
+do
+  echo  "${ligne}"
+done < "${fich}"
+exit 0
+

sio2/sisr/35-script/bash/script/crsamba2

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+if [[ $# != 1 ]]; then
+	echo "usage : $0 <fichier>"
+	exit 1
+fi
+fich="$1"
+while read ligne
+do
+  echo  "${ligne}"
+done < "${fich}"
+exit 0
+
+

sio2/sisr/35-script/bash/script/crsamba3

@@ -0,0 +1,19 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+if [[ $# != 1 ]]; then
+	echo "usage : $0 <fichier>"
+	exit 1
+fi
+fich="$1"
+if ! [[ -r "${fich}" ]]; then
+	echo "$0 : erreur ouverture fichier ${fich}"
+        exit 2
+fi
+while read ligne
+do
+  echo  "${ligne}"
+done < "${fich}"
+exit 0
+
+

sio2/sisr/35-script/bash/script/crsamba4

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+if [[ $# != 1 ]]; then
+	echo "usage : $0 <fichier>"
+	exit 1
+fi
+fich="$1"
+if ! [[ -r "${fich}" ]]; then
+	echo "$0 : erreur ouverture fichier ${fich}"
+        exit 2
+fi
+while read ligne
+do
+	login=$(echo  "${ligne}" |cut -f1 -d':')
+	nom=$(echo  "${ligne}" |cut -f2 -d':')
+	echo "$login"
+	echo "$nom"
+done < "${fich}"
+exit 0
+
+

sio2/sisr/35-script/bash/script/crsamba5

@@ -0,0 +1,28 @@
+#!/bin/bash
+#set -o errexit
+set -o nounset
+if [[ $# != 1 ]]; then
+	echo "usage : $0 <fichier>"
+	exit 1
+fi
+fich="$1"
+if ! [[ -r "${fich}" ]]; then
+	echo "$0 : erreur ouverture fichier ${fich}"
+        exit 2
+fi
+while read ligne
+do
+	login=$(echo  "${ligne}" |cut -f1 -d':')
+	nom=$(echo  "${ligne}" |cut -f2 -d':')
+        getent passwd "${login}" >> /dev/null	
+        if [[ $? != 0 ]] ; then	 
+	  useradd -m -d /home/${login} -c "${nom}" -s /bin/bash ${login}
+          	  
+        else 
+	  echo "utilisateur ${login} existant"
+	fi
+done < "${fich}"
+
+exit 0
+
+

sio2/sisr/35-script/bash/script/crsamba7

@@ -0,0 +1,31 @@
+#!/bin/bash
+#set -o errexit
+set -o nounset
+PATH=${PATH}:/usr/sbin
+if [[ $# != 1 ]]; then
+	echo "usage : $0 <fichier>"
+	exit 1
+fi
+fich="$1"
+if ! [[ -r "${fich}" ]]; then
+	echo "$0 : erreur ouverture fichier ${fich}"
+        exit 2
+fi
+while read ligne
+do
+	login=$(echo  "${ligne}" |cut -f1 -d':')
+	nom=$(echo "${ligne}" |cut -f2 -d':')
+        getent passwd "${login}" >> /dev/null
+        if [[ $? != 0 ]] ; then
+	  useradd -m -d /home/${login} -c "${nom}" -s /bin/bash ${login}
+	  pw=$(pwgen 4 1)
+          echo "${login}:${pw}"|chpasswd
+	  echo "${login}:${pw}" >> "${fich}.pwd"
+	else
+	   echo "$0 : utilisateur ${login} existant"
+	fi 
+done < "${fich}"
+
+exit 0
+
+

sio2/sisr/35-script/bash/script/fichier.pwd

@@ -0,0 +1 @@
+

sio2/sisr/35-script/bash/script/restoration

@@ -0,0 +1,17 @@
+#!/bin/bash
+DAT=$(date "+%u")
+DEST=/home/sv/d/"${DAT}"
+HOST=root@192.168.0.29
+ssh "${HOST}" apt install -y rsync apache2 mariadb-server php 
+ssh "${HOST}" "mysql CREATE DATABASES wordpress;" #a refaire
+ssh "${HOST}" "mysql -u wordpress_user -pqdrhh45 wordpress < "${DEST}"/wordpress.sql" #a refaire
+scp -r "${DEST}"/wordpress "${HOST}":/var/www/html/
+scp "${DEST}"/default-ssl.conf "${HOST}":/etc/apache2/sites-available/
+scp "${DEST}"/wordpress.conf "${HOST}":/etc/apache2/sites-available/
+scp "${DEST}"/server.key "${HOST}":/etc/apache2/
+scp "${DEST}"/server.crt "${HOST}":/etc/apache2/
+#rsync -az "${DEST}"/wordpress "${HOST}":/var/www/html/
+#rsync -az "${DEST}"/default-ssl.conf "${HOST}":/etc/apache2/sites-available/
+#rsync -az "${DEST}"/wordpress.conf "${HOST}":/etc/apache2/sites-available/
+#rsync -az "${DEST}"/server.key "${HOST}":/etc/apache2/
+#rsync -az "${DEST}"/server.crt "${HOST}":/etc/apache2/

sio2/sisr/35-script/bash/script/rmsamba

@@ -0,0 +1,28 @@
+#!/bin/bash
+#set -o errexit
+set -o nounset
+if [ $# != 1 ]
+then
+	echo "usage : $0 <fichier>"
+	exit 1
+fi
+fich="$1"
+if ! [[ -r "${fich}" ]]; then
+	echo "$0 : erreur ouverture fichier ${fich}"
+        exit 2
+fi
+while read -r ligne
+do
+	login=$(echo  "${ligne}" |cut -f1 -d':')
+
+	echo "${login}"
+        getent passwd "${login}" >> /dev/null	
+        if [[ $? = 0 ]]	
+	then	 
+ 	  userdel -r "${login}"
+	fi
+done < "${fich}"
+
+exit 0
+
+

sio2/sisr/35-script/bash/script/sauv

@@ -0,0 +1,15 @@
+#!/bin/bash
+DAT=$(date "+%u")
+DEST=/home/sv
+DEST2="${DEST}/d/${DAT}"
+[ -d  "${DEST}/d"  ] || mkdir -p "${DEST}/d"
+[ -d  "${DEST}/d/${DAT}"  ] || mkdir -p "${DEST}/d/${DAT}"
+HOST=sauv@192.168.0.34
+ssh "${HOST}" "mysqldump -u wordpress_user -pqdrhh45 wordpress|gzip -" >"${DEST2}"/wordpress.sql.gz
+
+rsync -av -e ssh "${HOST}":/var/www/html/wordpress "${DEST2}"
+rsync -av -e ssh "${HOST}":/etc/apache2/sites-available/default-ssl.conf "${DEST2}"/default-ssl.conf
+rsync -av -e ssh "${HOST}":/etc/apache2/sites-available/wordpress.conf "${DEST2}"/wordpress.conf
+rsync -av -e ssh "${HOST}":/etc/apache2/server.key "${DEST2}"/server.key
+rsync -av -e ssh "${HOST}":/etc/apache2/server.crt "${DEST2}"/server.crt
+

sio2/sisr/35-script/bash/script/user.txt

@@ -0,0 +1,4 @@
+lucien
+claudine
+robert
+marcelle

sio2/sisr/35-script/bash/script/user2.txt

@@ -0,0 +1,4 @@
+lucien:Lucien Dubois
+claudine:Claudine Duparc
+robert:Robert Macaire
+marcelle:Marcelle Desforets

sio2/sisr/35-script/bash/script/user2.txt.pwd

@@ -0,0 +1,26 @@
+:
+:
+:
+:
+:
+:
+:
+:
+:
+:
+:
+:
+lucien:1XfC
+claudine:PT2M
+robert:K4PJ
+marcelle:i4WH
+claudine:7Giq
+robert:VO4u
+marcelle:3b8S
+claudine:7qzL
+robert:NvV6
+marcelle:7QnY
+lucien:e5Hz
+claudine:j9Un
+robert:ZnJ6
+marcelle:B7nR

sio2/sisr/35-script/python/log.py

@@ -0,0 +1,19 @@
+#/usr/bin/python3
+import re
+import sys
+group = {}
+regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)'
+for line in sys.stdin:
+   line = line.rstrip ( )
+   match = re.match (regexp, line) 
+   if match:
+     print (match.group(1)," ",match.group(8))
+     ip = match.group(1)
+     vol = match.group(8)
+     if ip in group:
+        group[ip] = group[ip] + vol
+     else:
+        group[ip] = vol
+for key in group.keys():
+   print (key, " ", group[key])
+

sio2/sisr/35-script/python/passusr.py

@@ -0,0 +1,38 @@
+#!/usr/bin/python3
+import sys
+import subprocess
+import os
+nbarg = len(sys.argv)
+if nbarg != 2:
+       print ("Nombre d'argument invalide")
+       exit (1) 
+filename = sys.argv[1]
+try:
+    fh = open(filename, "r")
+except:
+    print ("Fichier ", filename," inconnu")
+    exit (2)
+else:
+    line = fh.readline ()
+    while line:
+        nouvline = line.rstrip()
+        login,nomlong = nouvline.split(':')
+        cmd = "sudo useradd -m -d /home/"+login+" -c \'"+ nomlong+"\' -s /bin/bash "+ login
+        res = os.system ("getent passwd "+login)
+        if res != 0:
+            passw = ["pwgen", "4","1"]  
+            os.system (cmd)
+            mdp = subprocess.run(passw,capture_output=True)
+            mdp2 = mdp.stdout.decode("utf-8")
+            mdp3 = mdp2.rstrip()
+            print (mdp3)
+            ch3 = "echo "+login+":"+mdp3+"|sudo chpasswd"
+            print (ch3)
+            os.system (ch3)
+            os.system ("sudo echo "+login+":"+mdp3+" >> "+filename+".pwd")
+        else:
+            print ("Utilisateur "+login+" déjà éxistant")
+            os.system ("sudo userdel -r "+login)
+        line = fh.readline()
+
+    fh.close()

sio2/sisr/35-script/python/user.txt

@@ -0,0 +1,2 @@
+adupont:Albert Dupont
+jduroy:Jeannette Duroy

sio2/sisr/35-script/python/user.txt.pwd

@@ -0,0 +1,4 @@
+adupont:0PSg
+jduroy:2Sdc
+adupont:Ksw4
+jduroy:C0px

sio2/sisr/40-vlan/ipsec.conf

@@ -0,0 +1,23 @@
+config setup
+        charondebug="all"
+        uniqueids=yes
+        strictcrlpolicy=no
+conn %default
+conn tunnel #
+        left=10.0.0.2
+        leftsubnet=192.168.2.0/24
+        right=10.0.0.1
+        rightsubnet=192.168.1.0/24
+        ike=aes256-sha2_256-modp1024!
+        esp=aes256-sha2_256!
+        keyingtries=0
+        ikelifetime=1h
+        lifetime=8h
+        dpddelay=30
+        dpdtimeout=120
+        dpdaction=restart
+        authby=secret
+        auto=start
+        keyexchange=ikev2
+        type=tunnel
+

sio2/sisr/40-vlan/ipsec.secrets

@@ -0,0 +1,5 @@
+# This file holds shared secrets or RSA private keys for authentication.
+
+# RSA private key for this host, authenticating it to any other host
+# which knows the public part.
+10.0.0.2 10.0.0.1 : PSK 'root'

sio2/sisr/45-ansible/dokuw/invent

@@ -0,0 +1 @@
+doku

sio2/sisr/45-ansible/dokuw/local.yml

@@ -0,0 +1,4 @@
+- hosts: all
+  roles:
+  - web
+  - doku

sio2/sisr/45-ansible/dokuw/roles/doku/tasks/main.yml

@@ -0,0 +1,59 @@
+- name: recuperation dokuwiki-stable.tgz depuis machine depl
+  get_url:
+    url: http://depl.sio.lan/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: Extraction archive
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html/
+    remote_src: yes
+
+- name: stat rept
+  stat:
+    path: /var/www/html/dokuwiki-2020-07-29
+  register: rept_stat
+
+- name: Renommage de dokuwiki-stable
+  command: mv /var/www/html/dokuwiki-2020-07-29 /var/www/html/doku
+  when: rept_stat.stat.exists
+
+- name: Droit root recursive
+  file: 
+    path: /var/www/html/doku
+    state: directory
+    recurse: yes
+    owner: root
+    group: root
+
+- name: droit 755
+  file:
+    path: /var/www/html/doku
+    state: directory
+    mode: '0755'
+    recurse: yes
+
+- name: droit apache data
+  file: 
+    path: /var/www/html/doku/data
+    state: directory
+    owner: www-data
+    group: www-data
+    recurse: yes
+
+- name: droit apache lib
+  file: 
+    path: /var/www/html/doku/lib
+    state: directory 
+    owner: www-data
+    group: www-data
+    recurse: yes
+
+- name: droit apache conf
+  file: 
+    path: /var/www/html/doku/conf
+    state: directory 
+    owner: www-data
+    group: www-data
+    recurse: yes
+

sio2/sisr/45-ansible/dokuw/roles/web/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: installation apache2
+  apt:
+    name: apache2
+    state: present
+
+- name: installation php
+  apt:
+    name: php
+    state: present
+
+- name: installation php-mbstring
+  apt:
+    name: php-mbstring
+    state: present
+
+- name: installation php-gd
+  apt:
+    name: php-gd
+    state: present
+
+- name: installation php-xml
+  apt:
+    name: php-xml
+    state: present
+

sio2/sisr/45-ansible/testansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

sio2/sisr/45-ansible/tpansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

sio2/sisr/45-ansible/tpansible/index.html

@@ -0,0 +1 @@
+Salut

sio2/sisr/45-ansible/tpansible/squid.yml

@@ -0,0 +1,31 @@
+- hosts: adm
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 128 
+  
+  tasks:
+  - name: Installation squid
+    apt:
+      name: squid
+      state: present 
+  
+  - name: Copie squid.conf squid.conf.j2
+    template:
+      src: squid.conf.j2
+      dest: /etc/squid/squid.conf
+    notify:
+    - restart squid
+ 
+#  - name: On ajoute http_access allow localnet
+#    replace:
+#      path: /etc/squid/squid.conf
+#      regexp: '^#http_access allow localnet'
+#      replace: 'http_access allow localnet'
+#    notify:
+#    - restart squid 
+ 
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted  

sio2/sisr/45-ansible/tpansible/syslog-cli.yml

@@ -0,0 +1,29 @@
+- hosts: web
+  tasks:
+  
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify:
+    - restart journald  
+  
+  - name: Ajoute l'indication de serveur syslog distant si elle n'est pas presente
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @192.168.0.23:514'
+      create: yes
+    notify:
+    - restart rsyslog
+  
+  handlers:
+  - name: restart journald
+    service:
+      name: systemd-journald.service
+      state: restarted  
+
+  - name: restart syslog
+    service:
+      name: rsyslog
+      state: restarted

sio2/sisr/45-ansible/tpansible/syslog.yml

@@ -0,0 +1,37 @@
+- hosts: adm
+  tasks:
+ 
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify:
+    - restart rsyslog
+
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify:
+    - restart rsyslog
+ 
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify:
+    - restart journald
+ 
+  handlers:  
+    - name: restart rsyslog
+      service:
+        name: rsyslog
+        state: restarted
+
+    - name: restart journald
+      service:
+        name: systemd-journald.service
+        state: restarted

sio2/sisr/45-ansible/tpansible/web.yml

@@ -0,0 +1,18 @@
+- hosts: web
+  tasks:
+  - name: Installation apache2
+    apt:
+      name: apache2
+      state: present
+  - name: Installation php  
+    apt:
+      name: php
+      state: present
+  - name: Installation php-mbstring 
+    apt:
+      name: php-mbstring
+      state: present
+  - name: Copie index.html
+    copy:
+      src: index.html
+      dest: /var/www/html/

sio2/sisr/50-wireguard/wg-private.key

@@ -0,0 +1 @@
+SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=

sio2/sisr/50-wireguard/wg-public.key

@@ -0,0 +1 @@
+pKM5noo3ZF3v3t3fBJBYzvFt61ItJxIkEHC0uXkCgAU=

sio2/sisr/50-wireguard/wg0.conf

@@ -0,0 +1,14 @@
+# générer des clés : cd /etc/wireguard; umask 077 ; wg genkey | tee private.key | wg pubkey > public.key 
+[Interface]
+Address = 10.0.2.1/24 # Adresses autorisées dans le VPN
+Listenport = 51820
+
+# clé privée de machine A (actuelle)
+PrivateKey = SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=
+# UDP service port; 51820 is a common choice for WireGuard
+ListenPort = 51820
+
+[Peer]
+# clé publique de machine B (l'autre)
+PublicKey = qhiQishoQMM6Y/g7OnUeLNX5T2p0FQx2oq+F/qKQfVc=
+AllowedIPs = 10.0.2.1/24 # le peer peut acceder au serveur

sio2/sisr/55-proxmox/clone.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+num1="$1"
+num2="$2"
+nom="$3" 
+ip="$4"
+
+qm clone "${num1}" "${num2}" --name "${nom}"
+qm set "${num2}" --sshkeys id_rsa.pub
+qm set "${num2}" --ipconfig0 ip="${ip}",gw=192.168.0.1
+qm resize "${num2}" scsi0 8G
+qm start "${num2}"

sio2/sisr/55-proxmox/create.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+num="$1"
+#récupération de l'image Openstack Debian 11 au format qcow2
+cd /var/lib/vz/template/qemu/
+export http_proxy=http://10.121.38.1:8080
+export https_proxy=http://10.121.38.1:8080
+wget --no-check-certificate  https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2
+#Création de la VM a partir de l'image
+qm create "${num}" --memory 1024 --net0 virtio,bridge=vmbr0
+qm importdisk "${num}" /var/lib/vz/template/qemu/debian-11-generic-amd64.qcow2 local-lvm
+#Paramètrage de la machine
+qm set "${num}" --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-"${num}"-disk-0 # on associe le disque scsi0 au LV vm-9000-disk-0
+qm set "${num}" --boot c --bootdisk scsi0 # on définit le disque scsi0 comme disque de démarrage
+qm set "${num}" --ide2 local-lvm:cloudinit # on joint le volume CDROM cloudinit utilisé pour le démarrage
+qm set "${num}" --serial0 socket --vga serial0 # on définit une console série qu'on utilise comme affichage
+qm template "${num}"  # on définit la VM 9000 comme template

sio2/sisr/55-proxmox/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCh2egCAcgBM+XXtvBfg6QYHB5+c0jqN1gzcfcs/2SaP/FTWk6u5mv+E9igbpMHrQKkH8z0ocNgKhV8nAHbtbCFa9UOF7kUESSnMWb6gt9qSiVY3PHb9iQHAbpQkqWgCgUKUTp7UEFLPd1QaCAFvbv43nGZGAFod/lX5h3HQV5goAyWgwairJbFSekkEvAF6hDFzaTSZaoi8tRRKDBDZVmTsL4v4ywM6/SIl/8COK0FJmEwIjU8jSOUAQtmbwXH70Zbegh30Osg8xLdnNrWJCKC9onf0V8s8djongk7wgj0KTBTrpPf26f9imY6Is24paHTGAFEfaqjhPyIz+i2hZKKMT5K5j0QYKOsThiReJs59cJIJpPgysbKnkNNMbhHtSL0XENmlhXzsKgfVVwTcvopE7+yoe1suCsqBrWtUw9o8RpHmzFrLH9HHJ5Ts1JCyMnTg10LzXlyK2ukWMbb0+qc0PMJrANTmpf77mJulkblQaOKSV38S5awS44NCZPRIbs= sio@lab213-23

sio2/sisr/55-proxmox/pubkey/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCh2egCAcgBM+XXtvBfg6QYHB5+c0jqN1gzcfcs/2SaP/FTWk6u5mv+E9igbpMHrQKkH8z0ocNgKhV8nAHbtbCFa9UOF7kUESSnMWb6gt9qSiVY3PHb9iQHAbpQkqWgCgUKUTp7UEFLPd1QaCAFvbv43nGZGAFod/lX5h3HQV5goAyWgwairJbFSekkEvAF6hDFzaTSZaoi8tRRKDBDZVmTsL4v4ywM6/SIl/8COK0FJmEwIjU8jSOUAQtmbwXH70Zbegh30Osg8xLdnNrWJCKC9onf0V8s8djongk7wgj0KTBTrpPf26f9imY6Is24paHTGAFEfaqjhPyIz+i2hZKKMT5K5j0QYKOsThiReJs59cJIJpPgysbKnkNNMbhHtSL0XENmlhXzsKgfVVwTcvopE7+yoe1suCsqBrWtUw9o8RpHmzFrLH9HHJ5Ts1JCyMnTg10LzXlyK2ukWMbb0+qc0PMJrANTmpf77mJulkblQaOKSV38S5awS44NCZPRIbs= sio@lab213-23