50-wireguard/

sio2/sisr/45-ansible/dokuw/invent

@@ -0,0 +1 @@
+doku

sio2/sisr/45-ansible/dokuw/local.yml

@@ -0,0 +1,4 @@
+- hosts: all
+  roles:
+  - web
+  - doku

sio2/sisr/45-ansible/dokuw/roles/doku/tasks/main.yml

@@ -0,0 +1,59 @@
+- name: recuperation dokuwiki-stable.tgz depuis machine depl
+  get_url:
+    url: http://depl.sio.lan/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: Extraction archive
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html/
+    remote_src: yes
+
+- name: stat rept
+  stat:
+    path: /var/www/html/dokuwiki-2020-07-29
+  register: rept_stat
+
+- name: Renommage de dokuwiki-stable
+  command: mv /var/www/html/dokuwiki-2020-07-29 /var/www/html/doku
+  when: rept_stat.stat.exists
+
+- name: Droit root recursive
+  file: 
+    path: /var/www/html/doku
+    state: directory
+    recurse: yes
+    owner: root
+    group: root
+
+- name: droit 755
+  file:
+    path: /var/www/html/doku
+    state: directory
+    mode: '0755'
+    recurse: yes
+
+- name: droit apache data
+  file: 
+    path: /var/www/html/doku/data
+    state: directory
+    owner: www-data
+    group: www-data
+    recurse: yes
+
+- name: droit apache lib
+  file: 
+    path: /var/www/html/doku/lib
+    state: directory 
+    owner: www-data
+    group: www-data
+    recurse: yes
+
+- name: droit apache conf
+  file: 
+    path: /var/www/html/doku/conf
+    state: directory 
+    owner: www-data
+    group: www-data
+    recurse: yes
+

sio2/sisr/45-ansible/dokuw/roles/web/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: installation apache2
+  apt:
+    name: apache2
+    state: present
+
+- name: installation php
+  apt:
+    name: php
+    state: present
+
+- name: installation php-mbstring
+  apt:
+    name: php-mbstring
+    state: present
+
+- name: installation php-gd
+  apt:
+    name: php-gd
+    state: present
+
+- name: installation php-xml
+  apt:
+    name: php-xml
+    state: present
+

sio2/sisr/45-ansible/tpansible/squid.yml

@@ -0,0 +1,31 @@
+- hosts: adm
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 128 
+  
+  tasks:
+  - name: Installation squid
+    apt:
+      name: squid
+      state: present 
+  
+  - name: Copie squid.conf squid.conf.j2
+    template:
+      src: squid.conf.j2
+      dest: /etc/squid/squid.conf
+    notify:
+    - restart squid
+ 
+#  - name: On ajoute http_access allow localnet
+#    replace:
+#      path: /etc/squid/squid.conf
+#      regexp: '^#http_access allow localnet'
+#      replace: 'http_access allow localnet'
+#    notify:
+#    - restart squid 
+ 
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted  

sio2/sisr/50-wireguard/wg-private.key

@@ -0,0 +1 @@
+SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=

sio2/sisr/50-wireguard/wg-public.key

@@ -0,0 +1 @@
+pKM5noo3ZF3v3t3fBJBYzvFt61ItJxIkEHC0uXkCgAU=

sio2/sisr/50-wireguard/wg0.conf

@@ -0,0 +1,14 @@
+# générer des clés : cd /etc/wireguard; umask 077 ; wg genkey | tee private.key | wg pubkey > public.key 
+[Interface]
+Address = 10.0.2.1/24 # Adresses autorisées dans le VPN
+Listenport = 51820
+
+# clé privée de machine A (actuelle)
+PrivateKey = SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=
+# UDP service port; 51820 is a common choice for WireGuard
+ListenPort = 51820
+
+[Peer]
+# clé publique de machine B (l'autre)
+PublicKey = qhiQishoQMM6Y/g7OnUeLNX5T2p0FQx2oq+F/qKQfVc=
+AllowedIPs = 10.0.2.1/24 # le peer peut acceder au serveur