WireGuard

AP4/onfarbo41/ansible/hosts

@@ -0,0 +1,4 @@
+[localhost]
+
+[onfarbo]
+onfarbo41

AP4/onfarbo41/ansible/playbook.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour onfarbo
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - onfarbo

AP4/onfarbo41/ansible/roles/onfarbo/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

AP4/onfarbo41/ansible/roles/onfarbo/files/dokuwiki.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+chemin=/var/www/html/doku
+
+apt install -y apache2 php php-mbstring php-gd php-xml
+cd /root
+[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz
+
+if [ $? !=0 ]; then
+	echo "$0 : erreurwget" 1>&2
+	exit 1
+fi
+tar xvfz dokuwiki-stable.tgz
+[ -d "${chemin}" ] || mkdir "${chemin}"
+
+cp -a dokuwiki-2020-07-29/* "${chemin}"
+cd "${chemin}"
+chown -R root:root .
+chmod -R 755 .
+chown -R www-data:www-data data lib conf
+exit 0

AP4/onfarbo41/ansible/roles/onfarbo/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/onfarbo/tasks/main.yml

@@ -0,0 +1,83 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: install utils
+  tags: utils
+  apt:
+    name:
+      - apache2
+      - php
+      - php-common
+      - libapache2-mod-php
+      - php-cli
+      - php-xml
+      - php-mysql
+      - php-curl
+      - mariadb-server
+      - adminer
+      - python3-pymysql
+    state: present
+
+- name: On fait la compilation de adminer
+  tags: compile
+  shell: |
+    php /usr/share/adminer/compile.php
+    mv /usr/share/adminer/adminer-*.php /usr/share/adminer/adminer.php
+    echo "{{ alias }}" | tee /etc/apache2/conf-available/adminer.conf
+    a2enconf adminer.conf
+  notify: restart apache
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://10.121.38.206/adminer.php"
+
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Création du dossier DokuWiki
+  tags: createfile
+  file:
+    path: /root/dokuwiki
+    state: directory
+    mode: 0755
+
+- name: copie du fichier script d'install de dokuwiki
+  tags: sh
+  copy:
+    src: dokuwiki.sh
+    dest: /root/dokuwiki
+
+- name: On rend exécutable le script d'install
+  tags: chmod
+  file:
+    path: /root/dokuwiki/dokuwiki.sh
+    mode: 0755
+
+- name: exécution du script d'install de dokuwiki
+  tags: exec
+  command: bash /root/dokuwiki/dokuwiki.sh
+
+- name: Message d'information pour dokuwiki
+  tags: msg2
+  debug: msg="Le dokuwiki devra être installer depuis l'adresse http://10.121.38.206/doku/install.php"

AP4/onfarbo41/ansible/roles/onfarbo/vars/main.yml

@@ -0,0 +1 @@
+alias: "Alias /adminer.php /usr/share/adminer/adminer.php"

AP4/onfarbo41/gosstest/goss.yaml

@@ -0,0 +1,36 @@
+#Ici, on test MariaDB
+port:
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+
+#Ici, on test ssh
+service:
+  ssh:
+    enabled: true
+    running: true
+group:
+  ssh:
+    exists: true
+    gid: 111
+
+#Ici, on test le serveur web
+http:
+  http://10.121.38.206:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - works
+
+#Ici, on test dokuwiki
+http:
+  http://10.121.38.206/doku/:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - Trace

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.key

@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.pub

@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

AP4/onfarbo41/wireguard/wireguard-confcli/wg0.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.key

@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.pub

@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

AP4/onfarbo41/wireguard/wireguard-confsrv/wg0.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.key

@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.pub

@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.key

@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.pub

@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.key

@@ -0,0 +1 @@
+cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.pub

@@ -0,0 +1 @@
+e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=

AP4/onfarbo41/wireguard/wireguard-script/wg0-a.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

AP4/onfarbo41/wireguard/wireguard-script/wg0-b.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-script/wg0-c.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint C
+[Interface]
+PrivateKey = cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=       #Clé privée du client
+Address = 10.0.0.3/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-script/wireguard-init.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+bash wireguard.sh
+cp endpoint-a.* wg0-a.conf /etc/wireguard
+cd /etc/wireguard
+mv wg0-a.conf wg0.conf
+systemctl start wg-quick@wg0
+systemctl enable wg-quick@wg0

AP4/onfarbo41/wireguard/wireguard-script/wireguard.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+set -u
+set -e
+
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard extremite A
+EndpointA=10.121.38.66 # Adresse extremite A
+PortA=51820             # Port ecoute extremite A
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard extremite B
+EndpointB=192.168.2.14  # Adresse extremite B
+PortB=51820             # Port ecoute extremite B
+AddressCwg=10.0.0.3/32  # Adresse VPN Wireguard extremite C
+EndpointC=192.168.2.15  # Adresse extremite C
+PortC=51820             # Port ecoute extremite C
+
+umask 077 ;
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+
+wg genkey > endpoint-c.key
+wg pubkey < endpoint-c.key > endpoint-c.pub
+
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+PKC=$(cat endpoint-c.key)
+pKC=$(cat endpoint-c.pub)
+
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA       #Clé privée du serveur vpn
+Address = $AddressAwg   #Adresse du serveur vpn
+ListenPort = $PortA
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB        #Clé publique du client
+AllowedIPs = $AddressBwg #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = $pKC        #Clé publique du client
+AllowedIPs = $AddressCwg #Adresse vpn du client
+FINI
+
+
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB       #Clé privée du client
+Address = $AddressBwg   #Adresse du client
+ListenPort = $PortB
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI
+
+
+cat <<FINI > wg0-c.conf
+# local settings for Endpoint C
+[Interface]
+PrivateKey = $PKC       #Clé privée du client
+Address = $AddressCwg   #Adresse du client
+ListenPort = $PortC
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI