LecygneNoir
/
ansible-configz
mirror of https://github.com/theonlydoo/configz
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
163 Commits
1 Branch
274 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ansible-configz/README.md

205 lines
7.6 KiB
Raw Permalink Normal View History

add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
Initial commit
10 years ago
readme modified
10 years ago
LecygneNoir: let's do it
10 years ago
add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
some documentation
9 years ago
ownCloud + NGINX + DOC
9 years ago
moar doc
9 years ago
sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README)
6 years ago
add update playbook to allow updating host through ansible
9 years ago
doc README.md
9 years ago
ownCloud + NGINX + DOC
9 years ago
moar doc
9 years ago
add information about rudder-node role
7 years ago
ownCloud + NGINX + DOC
9 years ago
dispatch xymon role into two role client and server to made deployment easier
7 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
add doc for using xymon_disabled_sondes
6 years ago
dispatch xymon role into two role client and server to made deployment easier
7 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
Update openvz-diff-backup to stable version for initial installation 🎉
4 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
add information about rudder-node role
7 years ago
ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc)
6 years ago
ssh-curve ajout du role ssh-curve + doc
6 years ago
ajout d'un role pour configurer des nodes prometheus (config node exporter basique)
6 years ago
some documentation
9 years ago
add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
add information about rudder-node role
7 years ago
some documentation
9 years ago
sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README)
6 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
edit README to add update vars example
9 years ago
add information about rudder-node role
7 years ago
edit README to add update vars example
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
IRC bouncer corrected
9 years ago
Tweak on BNC config
9 years ago
redocumentation
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
xymon-client: disabling checks works only on deb >=8
6 years ago
add doc for using xymon_disabled_sondes
6 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
add information about rudder-node role
7 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
add information about rudder-node role
7 years ago
some documentation
9 years ago
ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc)
6 years ago
ssh-curve ajout du role ssh-curve + doc
6 years ago
some documentation
9 years ago
 
  1. ## configz

  2. =======
  3. 

  4. Yet another ansible's playbook repository
  5. 

  6. ## playbooks

  7. ======
  8. * postint.yml
  9.  * run common role to install you packages, deploy ssh, keys, ...
  10. * posting-full.yml
  11.  * use roles common, xymon-client and rudder-node to have a fully compliant server 
  12. 

  13. ## roles

  14. ======
  15. 

  16. * Common
  17.  * provides **common** configuration
  18.  * https://github.com/nojhan/liquidprompt <3
  19. * SSH keys
  20.  * provides ssh keys deployement and blacklist
  21.  * possibility to use dictionnaries to list keys
  22.  * possibility to deploy different pools of keys on different servers with ansible hash_behaviour = merge
  23. * Update
  24.  * allow install all update on  hosts (tag normal)
  25.  * allow update specific packages from list (tags packages)
  26.    * use host_vars, group_vars or default vars to update packages list
  27. * Wallabag
  28.  * provides **Wallabag** configuration
  29.  * Imported with <3 from https://github.com/al3x/sovereign/
  30.  * **Not yet READY**
  31. * Prosody
  32.  * Provides XMPP (Jabber) server
  33.  * Imported with <3 from https://github.com/al3x/sovereign/
  34.  * **Not yet READY**
  35. * IRCBouncer
  36.  * Provides a ZNC Config
  37.  * Imported with <3 from https://github.com/al3x/sovereign/
  38. * Mail
  39.  * provides a complete **mail** server for a given domain name and the vdomain capability for other domains.
  40.  * **Note** : This role starts in order : common, mariadb, and mail. If you don't want one of them, please comment out.
  41.  * **Note2** : If you already have a SQL server, **it wont erase the original config**, but it needs a ``~/.my.cnf``.
  42.  * **TODO** :
  43.      * Razor/Pyzor
  44.      * Roundcube
  45.      * Simplify template copy
  46.      * Postgrey
  47. * MariaDB
  48.  * provides a lambda **MariaDB** server peered on ``127.0.0.1:3306`` with ``root`` MySQL password on ``~/.my.cnf``
  49. * ownCloud
  50.  * provides a simple instance of **ownCloud**, with ``NGINX, PHP5-FPM, and MariaDB``
  51. * xymon-client and xymon-server
  52.  * https://www.xymon.com/
  53.  * Provide installation of xymon server and xymon client monitoring system
  54.  * Available for Debian (6 to 8) and Centos (6 to 7). **WARN** : xymon-server only for Debian (Centos dependencies are really hard to automate)
  55.  * Configure apache for xymon-server
  56.  * Configure xymon client and add the client in xymon server configuration to allow fetch data
  57.  * Allow to disable and drop sonde from client
  58.  * **Note** : Using xymon-client tag/role needs a working xymon-server (whenever the server was installed with the playbook or not)
  59.  * Cloud be (theoretically, to be tested) used to update xymon server binaries to last stable release
  60. * ovzdb
  61.  * https://www.openvz-diff-backups.fr/
  62.  * Install openvz-diff-backup to an openvz host to backup container
  63.  * enable update of openvz-diff-backup thanks to 0.9.4 version
  64.  * enable backup AND upload feature via cron
  65.  * enable purge feature via cron
  66.  * enable customization of configuration file
  67.  * use standard installation method (conf in /etc, link binary to /usr/local/bin)
  68.  * provide bonus hook to create files when problems occurs (additionnally to send emails), allowing monitoring with standard tool (ie xymon and else)
  69. * rudder-node
  70.  * https://www.rudder-project.org
  71.  * allow to configure a debian/ubuntu rudder node to report to a rudder server
  72.  * you need a working rudder-server (https://www.rudder-project.org/doc-4.1/_install_rudder_server.html)
  73.  * use rudder_server variable to configure your rudderserver IP (rudder advice to use IP addresses instead of DNS)
  74. * unbound
  75.  * Possibility to deploy unbound as a local resolver, with forwading zone to your local DNS server (ie .lan, .home, ...)
  76.  * You need to add unbound variables (see below)
  77. * ssh-curve : based from https://blog.arnaudminable.net/secure-shell-mon-amour-dechu/
  78.  * DISCLAIMER : using this role WILL trigger "breaking attempt messages" with SSH as server keys are changed, do not forget to clean your know_hosts file(s)
  79.  * needs debian jessie or later, centos 7 or later
  80.  * configure ssh to use exclusively actual most secure cipher and algorithms
  81.  * allow ssh port, listen address, password authent customization
  82.  * generate ed25519 keys for server instead of RSA
  83.  * configure ssh client to use strong algorithms
  84.  * will create compatibility problem with old ssh versions (openwrt, old putty, debian wheezy)
  85. * prometheus_nodexporter : allow configuration for node with prometheus node-exporter
  86.  * debian 9 and centos 7 compatible
  87.  * You can configure prometheus_exporter_listen_address (default 0.0.0.0) and prometheus_exporter_listen_port (default 9100)
  88.  * use file_sd_configs on prometheus server with prometheus_sd_directory (default to /etc/prometheus/nodes/) :
  89. ```
  90.    - job_name: 'node'
  91.     file_sd_configs:
  92.       - files:
  93.         - '{{ prometheus_sd_directory }}/*.json'
  94.         - '{{ prometheus_sd_directory }}/*.yml'
  95.         - '{{ prometheus_sd_directory }}/*.yaml'
  96. ```
  97. 

  98. ## example host file

  99. =====
  100. 

  101. ```yaml
  102. 

  103. ---
  104. admin_ssh_keys: 
  105.  0: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian
  106. 

  107. default_packages_debian: htop
  108. 

  109. description: machine test
  110. 

  111. # NTP

  112. ntp_servers:
  113.   - 0.pool.ntp.org
  114.   - 1.pool.ntp.org
  115.   - 2.pool.ntp.org
  116. disable_ipv6: true
  117. 

  118. # Update

  119. deb_packages_to_update:
  120.   - apache2
  121. 

  122. centos_packages_to_update:
  123.   - httpd
  124. 

  125. # Mail

  126. domain: test.net
  127. 

  128. # MariaDB

  129. mariadb_version: 10.0
  130. mysql_root_password: changeme
  131. mysql_host: localhost
  132. 

  133. # ircbouncer

  134. znc_version: 1.4
  135. irc_nick: (required)
  136. irc_ident: (required)
  137. irc_realname: (required)
  138. irc_quitmsg: (required)
  139. irc_password_hash: (required) # http://wiki.znc.in/Configuration#Pass
  140. irc_password_salt: (required) # http://wiki.znc.in/Configuration#Pass
  141. irc_timezone: "Europe/Paris" #Example: "Europe/Paris"
  142. network_address: irc.my.network.net
  143. network_port: 6697
  144. network_channel: 1337Chan
  145. 

  146. # xmpp

  147. prosody_admin: "admin@test.net"
  148. prosody_virtual_domain: "test.net"
  149. prosody_accounts: admin@test.net
  150. 

  151. #Wallabag

  152. wallabag_version: 1.8.1
  153. wallabag_domain: "read.{{ domain }}"
  154. wallabag_salt: (required)
  155. wallabag_db_username: wallabag
  156. wallabag_db_password: (required)
  157. wallabag_db_database: wallabag
  158. 

  159. 

  160. #xymon

  161. xymon_server: yyy.yyy.yyy.yyy # server IP address (mandatory)
  162. xymon_htname: admin # server user for webinterface use
  163. xymon_htpasswd: mysecurepasswd # server password for webinterface use
  164. ## xymon per client configuration (ie usually done in host_var)##

  165. monitoring_file: dns ## Where to store the host in hosts.d xymon server directory (optionnal)
  166. monitoring_section: dns ## Name of the page to use in xymon server webpage tree view (optionnal)
  167. monitoring_ip: xxx.xxx.xxx.xxx ## IP address of the client to add in server (mandatory)
  168. xymon_checks: "#" ## Checks to use for this client. Default '#' do a simple ping check
  169. xymon_disabled_sondes: ## Allow to disable checks on clients (DEBIAN >= 8 only)
  170.   - ntpq
  171.   - libs
  172. 

  173. #ovzdb

  174. ## You can duplicate backup locally and remotely

  175. ## by using openvz host as backup_server and

  176. ## remote server as upload_server

  177. ## I advice to customize cron hour to have

  178. ## backup, then purge, then upload

  179. backup_server: xxx.xxx.xxx.xxx
  180. backup_dir: "/var/lib/vz/backups/OpenVZ/"
  181. backup_minute: 10
  182. backup_hour: 02
  183. purge_minute: 10
  184. purge_hour: 03
  185. upload_server: yyy.yyy.yyy.yyy
  186. upload_dir: "/var/lib/vz/backups/OpenVZ/"
  187. upload_minute: 10
  188. upload_hour: 05
  189. admin_email: "your_email@example.com"
  190. 

  191. # rudder-node

  192. rudder_server: 192.168.0.100
  193. # vim: set textwidth=0 ft=yaml:

  194. 

  195. unbound_local_zone: "lan"
  196. unbound_forward_dns: XXX.XXX.XXX.XXX
  197. 

  198. # ssh-curve

  199. # ssh_port: (default 22)

  200. # ssh_ipv4_listen: (default "0.0.0.0")

  201. # ssh_ipv6_listen: (default "::")

  202. # ssh_authorizedkeysfile: (default ".ssh/authorized_keys")

  203. # ssh_pwd_authent: (default "no")

  204. 

  205. ```