LecygneNoir
/
ansible-configz
mirror of https://github.com/theonlydoo/configz
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
150 Commits
1 Branch
608 KiB
Tree: 5e75dee921
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5e75dee921'
${ noResults }
ansible-configz/README.md

190 lines
7.2 KiB
Raw Normal View History

add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
Initial commit
10 years ago
readme modified
10 years ago
LecygneNoir: let's do it
10 years ago
add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
some documentation
9 years ago
ownCloud + NGINX + DOC
9 years ago
moar doc
9 years ago
sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README)
6 years ago
add update playbook to allow updating host through ansible
9 years ago
doc README.md
9 years ago
ownCloud + NGINX + DOC
9 years ago
moar doc
9 years ago
add information about rudder-node role
7 years ago
ownCloud + NGINX + DOC
9 years ago
dispatch xymon role into two role client and server to made deployment easier
7 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
dispatch xymon role into two role client and server to made deployment easier
7 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
Add possibility to use beta version for openvzdiff-backup - see README
8 years ago
add information about rudder-node role
7 years ago
ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc)
6 years ago
ssh-curve ajout du role ssh-curve + doc
6 years ago
some documentation
9 years ago
add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
add information about rudder-node role
7 years ago
some documentation
9 years ago
sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README)
6 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
edit README to add update vars example
9 years ago
add information about rudder-node role
7 years ago
edit README to add update vars example
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
IRC bouncer corrected
9 years ago
Tweak on BNC config
9 years ago
redocumentation
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
add information about rudder-node role
7 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
add information about rudder-node role
7 years ago
some documentation
9 years ago
ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc)
6 years ago
ssh-curve ajout du role ssh-curve + doc
6 years ago
some documentation
9 years ago
 
  1. ## configz

  2. =======
  3. 

  4. Yet another ansible's playbook repository
  5. 

  6. ## playbooks

  7. ======
  8. * postint.yml
  9.  * run common role to install you packages, deploy ssh, keys, ...
  10. * posting-full.yml
  11.  * use roles common, xymon-client and rudder-node to have a fully compliant server 
  12. 

  13. ## roles

  14. ======
  15. 

  16. * Common
  17.  * provides **common** configuration
  18.  * https://github.com/nojhan/liquidprompt <3
  19. * SSH keys
  20.  * provides ssh keys deployement and blacklist
  21.  * possibility to use dictionnaries to list keys
  22.  * possibility to deploy different pools of keys on different servers with ansible hash_behaviour = merge
  23. * Update
  24.  * allow install all update on  hosts (tag normal)
  25.  * allow update specific packages from list (tags packages)
  26.    * use host_vars, group_vars or default vars to update packages list
  27. * Wallabag
  28.  * provides **Wallabag** configuration
  29.  * Imported with <3 from https://github.com/al3x/sovereign/
  30.  * **Not yet READY**
  31. * Prosody
  32.  * Provides XMPP (Jabber) server
  33.  * Imported with <3 from https://github.com/al3x/sovereign/
  34.  * **Not yet READY**
  35. * IRCBouncer
  36.  * Provides a ZNC Config
  37.  * Imported with <3 from https://github.com/al3x/sovereign/
  38. * Mail
  39.  * provides a complete **mail** server for a given domain name and the vdomain capability for other domains.
  40.  * **Note** : This role starts in order : common, mariadb, and mail. If you don't want one of them, please comment out.
  41.  * **Note2** : If you already have a SQL server, **it wont erase the original config**, but it needs a ``~/.my.cnf``.
  42.  * **TODO** :
  43.      * Razor/Pyzor
  44.      * Roundcube
  45.      * Simplify template copy
  46.      * Postgrey
  47. * MariaDB
  48.  * provides a lambda **MariaDB** server peered on ``127.0.0.1:3306`` with ``root`` MySQL password on ``~/.my.cnf``
  49. * ownCloud
  50.  * provides a simple instance of **ownCloud**, with ``NGINX, PHP5-FPM, and MariaDB``
  51. * xymon-client and xymon-server
  52.  * https://www.xymon.com/
  53.  * Provide installation of xymon server and xymon client monitoring system
  54.  * Available for Debian (6 to 8) and Centos (6 to 7). **WARN** : xymon-server only for Debian (Centos dependencies are really hard to automate)
  55.  * Configure apache for xymon-server
  56.  * Configure xymon client and add the client in xymon server configuration to allow fetch data
  57.  * **Note** : Using xymon-client tag/role needs a working xymon-server (whenever the server was installed with the playbook or not)
  58.  * Cloud be (theoretically, to be tested) used to update xymon server binaries to last stable release
  59. * ovzdb
  60.  * http://projets.developpeur-neurasthenique.fr/projects/openvz-diff-backups
  61.  * Install openvz-diff-backup to an openvz host to backup container
  62.  * enable update of openvz-diff-backup thanks to 0.9.4 version
  63.  * enable backup AND upload feature via cron
  64.  * enable purge feature via cron
  65.  * enable customization of configuration file
  66.  * use standard installation method (conf in /etc, link binary to /usr/local/bin)
  67.  * provide bonus hook to create files when problems occurs (additionnally to send emails), allowing monitoring with standard tool (ie xymon and else)
  68.  * Possibility to use beta version in file directory: hard coded for the moment, name the file openvz-diff-backups_v0.9.8-beta.tar.gz and use -e beta=true on command line
  69. * rudder-node
  70.  * https://www.rudder-project.org
  71.  * allow to configure a debian/ubuntu rudder node to report to a rudder server
  72.  * you need a working rudder-server (https://www.rudder-project.org/doc-4.1/_install_rudder_server.html)
  73.  * use rudder_server variable to configure your rudderserver IP (rudder advice to use IP addresses instead of DNS)
  74. * unbound
  75.  * Possibility to deploy unbound as a local resolver, with forwading zone to your local DNS server (ie .lan, .home, ...)
  76.  * You need to add unbound variables (see below)
  77. * ssh-curve : based from https://blog.arnaudminable.net/secure-shell-mon-amour-dechu/
  78.  * DISCLAIMER : using this role WILL trigger "breaking attempt messages" with SSH as server keys are changed, do not forget to clean your know_hosts file(s)
  79.  * needs debian jessie or later, centos 7 or later
  80.  * configure ssh to use exclusively actual most secure cipher and algorithms
  81.  * allow ssh port, listen address, password authent customization
  82.  * generate ed25519 keys for server instead of RSA
  83.  * configure ssh client to use strong algorithms
  84.  * will create compatibility problem with old ssh versions (openwrt, old putty, debian wheezy)
  85. 

  86. ## example host file

  87. =====
  88. 

  89. ```yaml
  90. 

  91. ---
  92. admin_ssh_keys: 
  93.  0: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian
  94. 

  95. default_packages_debian: htop
  96. 

  97. description: machine test
  98. 

  99. # NTP

  100. ntp_servers:
  101.   - 0.pool.ntp.org
  102.   - 1.pool.ntp.org
  103.   - 2.pool.ntp.org
  104. disable_ipv6: true
  105. 

  106. # Update

  107. deb_packages_to_update:
  108.   - apache2
  109. 

  110. centos_packages_to_update:
  111.   - httpd
  112. 

  113. # Mail

  114. domain: test.net
  115. 

  116. # MariaDB

  117. mariadb_version: 10.0
  118. mysql_root_password: changeme
  119. mysql_host: localhost
  120. 

  121. # ircbouncer

  122. znc_version: 1.4
  123. irc_nick: (required)
  124. irc_ident: (required)
  125. irc_realname: (required)
  126. irc_quitmsg: (required)
  127. irc_password_hash: (required) # http://wiki.znc.in/Configuration#Pass
  128. irc_password_salt: (required) # http://wiki.znc.in/Configuration#Pass
  129. irc_timezone: "Europe/Paris" #Example: "Europe/Paris"
  130. network_address: irc.my.network.net
  131. network_port: 6697
  132. network_channel: 1337Chan
  133. 

  134. # xmpp

  135. prosody_admin: "admin@test.net"
  136. prosody_virtual_domain: "test.net"
  137. prosody_accounts: admin@test.net
  138. 

  139. #Wallabag

  140. wallabag_version: 1.8.1
  141. wallabag_domain: "read.{{ domain }}"
  142. wallabag_salt: (required)
  143. wallabag_db_username: wallabag
  144. wallabag_db_password: (required)
  145. wallabag_db_database: wallabag
  146. 

  147. 

  148. #xymon

  149. xymon_server: yyy.yyy.yyy.yyy # server IP address (mandatory)
  150. xymon_htname: admin # server user for webinterface use
  151. xymon_htpasswd: mysecurepasswd # server password for webinterface use
  152. ## xymon per client configuration (ie usually done in host_var)##

  153. monitoring_file: dns ## Where to store the host in hosts.d xymon server directory (optionnal)
  154. monitoring_section: dns ## Name of the page to use in xymon server webpage tree view (optionnal)
  155. monitoring_ip: xxx.xxx.xxx.xxx ## IP address of the client to add in server (mandatory)
  156. xymon_checks: "#" ## Checks to use for this client. Default '#' do a simple ping check
  157. 

  158. #ovzdb

  159. ## You can duplicate backup locally and remotely

  160. ## by using openvz host as backup_server and

  161. ## remote server as upload_server

  162. ## I advice to customize cron hour to have

  163. ## backup, then purge, then upload

  164. backup_server: xxx.xxx.xxx.xxx
  165. backup_dir: "/var/lib/vz/backups/OpenVZ/"
  166. backup_minute: 10
  167. backup_hour: 02
  168. purge_minute: 10
  169. purge_hour: 03
  170. upload_server: yyy.yyy.yyy.yyy
  171. upload_dir: "/var/lib/vz/backups/OpenVZ/"
  172. upload_minute: 10
  173. upload_hour: 05
  174. admin_email: "your_email@example.com"
  175. 

  176. # rudder-node

  177. rudder_server: 192.168.0.100
  178. # vim: set textwidth=0 ft=yaml:

  179. 

  180. unbound_local_zone: "lan"
  181. unbound_forward_dns: XXX.XXX.XXX.XXX
  182. 

  183. # ssh-curve

  184. # ssh_port: (default 22)

  185. # ssh_ipv4_listen: (default "0.0.0.0")

  186. # ssh_ipv6_listen: (default "::")

  187. # ssh_authorizedkeysfile: (default ".ssh/authorized_keys")

  188. # ssh_pwd_authent: (default "no")

  189. 

  190. ```