Commit 355590ce authored by nono's avatar nono 💻
Browse files

Merge branch 'master' of git.laquadrature.net:lqdn-interne/piops

parents 1742591f 850d94c8
......@@ -78,3 +78,15 @@
path = roles/ansible-backup
url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/ansible-backup.git
branch = master
[submodule "roles/ansible-role-mysql"]
path = roles/ansible-role-mysql
url = https://github.com/robertdebock/ansible-role-mysql.git
branch = master
[submodule "roles/ansible-role-mediawiki"]
path = roles/ansible-role-mediawiki
url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/ansible-role-mediawiki.git
branch = main
[submodule "roles/ansible-backup-lfi"]
path = roles/ansible-backup-lfi
url = https://github.com/lafranceinsoumise/ansible-backup.git
branch = master
......@@ -8,6 +8,7 @@ nextcloud_archive_format: "zip"
nextcloud_trusted_domain:
- "cloud.lqdn.fr"
- "cloud.laquadrature.net"
nextcloud_install_websrv: true
nextcloud_websrv: "nginx"
nextcloud_disable_websrv_default_site: true
......@@ -65,5 +66,6 @@ certbot_create_method: standalone
certbot_certs:
- domains:
- cloud.lqdn.fr
- cloud.laquadrature.net
certbot_auto_renew_options: '--webroot -w /var/www/letsencrypt && systemctl reload nginx'
certbot_auto_renew: true
$ANSIBLE_VAULT;1.1;AES256
64326332303233653632356234346664313534373366626661666261656562663638376135643064
3535623961653965346233323534336337666230323730340a326565663166323463373866396133
39366164393831306338616538616463636238626363333932633866313836666265383036333262
3730663435336162340a353930663063336431373839323066346633356564613465373166336662
36313538396131336362313932313830666630376339333132316130656566383036303161663332
34626436343063333537333336633731396130353865666439376332383861663966323937313362
63333861353064356231363430623335353434656631303839393234366538336365386533396539
64323365626265316237373336356265353365323665343337373036616266623632616439306232
39663832656539666234633864663762383466353231663337323636316630393135323462386432
64643535616238363666643165613036396530653664626161393733356336343836633733313436
34306664636630343765366135646665313639383135323766383437363636376266633235386461
31326461383330623036666331306437333137346238616665323433666163646133306633316265
66613234313333306434393339343661323330626532363266613934373939626431383731653530
61343263653662663233306233656232613162376233373061396337616333343635363034643663
65363166336663646435623235663062623732366166343739363035666132666364356262333866
61666239353963326562643731626431326332663539393337323036326432613039633364323762
36636237363861393435346337666230323338613934653162303466346264346566313237383838
33636662646635366530633536353131666438356339336131393338633130653565346163653364
31633865626662353866313335633937303061366564373535373830353437343332383833636633
32373263313262343664346635376336363162616466313662363032336531623964336466383664
61666462616565383736636435323233616661363365626133633365646266623633613531393365
31643137623634653732626339663463656661623764323335616231313930643063633034356630
62656465663532386237303138616233333834663231666130636537316363396633343731386139
37366634613332633433666664633630353366653866373162396435306134386633623733656465
65343562663337393439646239333733623262356434336639336536306463316634633834373233
34386266613839313465646438313465633161646632616132356561663261643566386261386238
61666364336230383536633135633862353630356632656435653330393839653766633636653537
66653464616162613965616337613236363239383566626261386537353962323233316134643337
30313736313465636637333264626564643364353032663363653662653031333337643338346139
35343534363964343939643561316363333836346532623232353433653638353962613530633663
34653331656463393432623332393336643964393837353566353537663638396361643231633437
62636163643134643162393539613764666339343433623638656431393738656639363265633361
34366161303831353235313666333164393964643131666566623966666264653338613831643939
33633165396536346432306135396131303161613163633438366462303639336562616362623232
34356134613065666533343736353338326137363562666639303737356235313039336236653961
36333363666439396332646364646662383533656134656463353630653161396565303636623630
35303663343734636466646630303863653032633865653665346438383165306333663831613630
34613865346431383165616563386362323061376333623062613438346666616239303338646164
37653864313965336161373933633331636335396435613730653031353065346435383235616132
33323366373830626432316261353262393435356161336334386462313666303733316561373839
34313939663461626433363364373233333466626533313266666465383739643364333936666166
32303435313263616634613935306362336630356164613539366364393633316564323638373738
65663035346261333233376362346462363966356166363733346562666636363134353637373266
63346135663930666636363063396238646335383764346338316365343062663735333863336264
31316633373936393536313434323139373863343331623831303061383234343033653165353666
32353237353437306466333362343839623962323364353563363334373065303832333337633565
66646533656539663838396461316438613337383839333638353930623333393466376664666138
62363861386261646232393365633134396162663134376262626563663265353562323464393534
37356335636438396236666166333837303566326138353538363030636136656665313336646464
62383865616138633265343163303861323464643833363233396266396563663532626434663866
38353631643332633839613139363238353936316635306161643561653863343533623963643332
61353838666430623832303362613566346538663765336562396161353237663834393734323733
37613832316637633031613838356133643037386535343930663032616364353337383135333062
31613934616238363162313539396232323634656565643035306239393864383637373630646535
66363365306366303537613566653233393765626339343764303939663763613764393132663636
30363963333565646666
38353834343666346232373434323366386163346661663535303163303461323834363935623733
3530616461306237303064613166653963323162316162610a346230393832366262336539653134
61396333313666323064653364303465616562373963396262393132656232333433323034353233
3339663962633636380a613637306265326437336632653730373465393139353963383734666164
32343634633634643332653863303666323937363031356366353131353735396333373563316136
30393231326463323039656263613735313266326665303662333361326636663137653363393562
33373861353138333732316632666261623237666338373461666234616535333436303033633838
31373033393661663834306563343133623935643638666133343263613164323930383966366635
33623838323138626566383934313638353939326330646662653337656235316238363730383164
63633666383935653765393133646334363964633064363430396139336538363035383439646664
62316263346233376361653233316661666663386333343031343861346132656434326566623836
64303234626230343331313163343766306366626561363735366362396362363861366331643832
37386164346532306466626130663635303466653464636139623934656538346363356239346334
35363165323735663665346332646539303238383564376233353633346162613339666534626432
64623064633436653430376466623731366634336535363837333964373830353239666664616332
33333663313934306134316363346539383661333963626330353634633361646135353432373931
65313434623763316337643535623565616564353337643863663036323431303530613562326335
39363564636432336363306234393739373664633439363532623932333766373361636362316438
30663666663866663463646365643532313039636631643462336465613966623238306533303765
61336461323532353930303663663838656562666464356330316661333230636461376565393832
63633832613938363938363539613536643538383636326533643762393032633665623733653539
34653636623562323434336339643065616662653035346464343439623736323936333139326232
37346564623766383232393365303564313335653861326639373236623966303766663936386665
65363139323333666437653533376334323933653932343837386133326637336534306130646139
34343736306237663736323330373465663835343830386137636438306662356637623430666366
66343962616265353332323064383931333434343838313532366330653663643330323561323631
30636132636464356631626663643633616236306334306661333039333365393830626461373363
32383566323339623537346332306231383632616134383963656163363332353266646439666265
61323734623663306537373636613466326135373239626138336139666263393331376362366436
62323963653063306339313731316432343837363837613430643834313865393834383236616338
64376261343636646564636563663565313934343364363863386532643030323733643934373661
64356332383435383937376266353561326634336331643062343637363865313465363432363432
64396162306534386130666438666637663062336339356637656264323635633361393762306633
33353262656165646463613365393762363039393965613836663863303131626463356238623137
66343263663064643165663539343937356337383033306432393133373262633539326431663365
39306138616562613135643763623234363163396534646232613363363339636630616438333563
65306166303661666363643563396631643032323831363130393639623236613335323137636464
39373439613562336139643230386239343366393734343462336533643864396131333831396637
36356439613465396630386166333561656437663062306432626134363161616561643835346163
31386163646539613438326661376639623834616433613664636164656531353062386536626334
37313761396231353639386633633630376161323566663635636663326263313534333161666465
66303961616331363464633563613835333435666139623632303762663232613437613232323232
31633261656232646639363936623638303430633332323066303064363362356637316335383036
32383963336433653562353034386562316138393766366630636137633936343964393933383366
33373062323330623134316633643863383336643136366435373230623263326661663238373734
66333236633733653436353235663130653738356132663264343731633866383035376637666164
38626535633731303030366632346430363332613035666563646636636239643062366134306131
62313437623532333930353764643039333933303333626238313462373336316266386438353437
38376362343037303663383966313931316634356264613163633232383333623664383034643139
32626133643863316132623361636535343438386261633231626165663739313537663739636566
62666132616535666564336335343138643035386239363431613530386238316536343866326439
38363032333736303133343561393931313761333864623361643231633166643064613864383862
30366164656130653333313230663236366532326330616130623765643133333838323838633066
65363730393930616437323034373338646163656636613462633638383838343963386465396166
39663462326664616262626265306161646231623031613366663330353938623364383833386464
64313563626531343364366132353931663532333862346430663033643831343862353232663961
64623266393263303038636661393031653335363831613161356436343865643130376432633330
34616165373336316161633533386233313838643136343638616434633063303333353436303366
66616133633532383431643930653561326334306132306635383834366362316132366435303836
34323139373661613164636132666236306230633566663939366437636565303838366666356162
32656433393934363636363261346235363364643339346633656162373261343062623237306265
61643932396237623038666161643361653038333831376630633437663434666337633137646533
63656534336137363361366262393637663133396433636138653437623362356538323439336262
66643861363633633161656632656264393561643765633732336231613837386465343832313937
63313936616363383266356431613431336265633530366338613162653033346262313933396264
31633131376464633335626362356361336435323637666364303839633763663762393665663934
34356335656638383766383534303861383562373536393261376162383433633331363663333563
63383661376434343435386637666466636430326639633464353632623863303535633264343732
38373136666234373331613362386363346235616366613237383364313737643236356436306336
33616235383264393565393337633763323837333666616665343761303836633061663130383364
61393132313030613061636666333037316432663234316466373833313261643432313163316339
37393530623265323766656630346465333430393362353133613735323739373433313062616239
35393939376437376636646339363366626361316339666234323034353435383031333364646462
31333663643930626638313264323062653238336532393062366330383338393166383239353231
39336661363333303734373238616363366432373666623239383363336266393166623436633163
65633434333064396637633865656263636331326365393533623964623434633234373232393865
31346338666536396431393664316335356635646335333435386330653133393139353333396335
34306439333637656162336436323064633139373363373265363864306438306138313037646665
39633231383462653036313164323765623664613266393736386539306562613233636432366532
30316436613636646466666333346262633031336166363439626361353937616139626330663236
30656338303236316439656566373938653666386635383939356138663336376664386338643839
37383038363963643930643964356339623364663737613433373433626162373331623936623330
37336463383135643766656438333362663738383431653933343766616130323133303835393031
33376336373735636238376262663564386637303266363434313266656239646638663531336231
30646337376530323237363565626338316430663932633835386632646163303033643436393632
65383834613232363961666563383663333631386433323661626162333338613561636439383532
34646437363461316539633466373461616236616364616566386634396630303136663733616365
66363737633666393964
---
# vars file for ansible-role-mediawiki
service_url: "wiki.test.lqdn.fr"
sysadmin_email: "logs+test@laquadrature.net"
# Version you want to install
mediawiki_version: "1.37"
mediawiki_version_minor: "1"
# Install path
mediawiki_install_path: "/opt/mediawiki"
mediawiki_name: "test"
mediawiki_admin: "high_witcher"
mediawiki_admin_pass: "{{ vault_test_mediawiki_admin_pass }}"
mediawiki_lang: "fr"
mediawiki_url: "https://{{ service_url }}"
mediawiki_script_path: "/"
# Database parameters
mediawiki_db_admin: "mediawiki"
mediawiki_db_pwd: "{{ vault_test_mediawiki_db_pwd }}"
mediawiki_db_name: "mediawiki"
mediawiki_mysql_root_password: ""
mysql_credential_file:
debian: '/etc/mysql/debian.cnf'
## PHP Config
__php_webserver_daemon: "nginx"
## Cerbot config
certbot_install_method: package
certbot_admin_email: "{{ sysadmin_email }}"
certbot_create_if_missing: True
certbot_create_method: standalone
certbot_certs:
- domains:
- "{{ service_url }}"
certbot_auto_renew_options: '--webroot -w /var/www/letsencrypt && systemctl reload nginx'
certbot_auto_renew: true
## Nginx config
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "{{ service_url }}"
access_log: "/var/log/nginx/{{ service_url }}_access.log"
error_log: "/var/log/nginx/{{ service_url }}_error.log"
state: "present"
root: "{{ mediawiki_install_path }}/mediawiki-{{mediawiki_version}}.{{mediawiki_version_minor}}"
template: "{{ nginx_vhost_template }}"
filename: "{{ service_url }}.https.conf"
index: "index.php index.html"
extra_parameters: |
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include /etc/nginx/fastcgi_params;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 300;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
ssl_certificate /etc/letsencrypt/live/{{ service_url }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_url }}/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "80"
server_name: "{{ service_url }}"
access_log: "/var/log/nginx/{{ service_url }}_access.log"
error_log: "/var/log/nginx/{{ service_url }}_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "{{ service_url }}.http.conf"
extra_parameters: |
location / {
return 302 https://{{ service_url }}$request_uri;
}
monitoring_service_url: "stats.members.lqdn.fr"
# backups
backup_dir: /var/backup
backup_dir_mode: '0777'
backup_dir_owner: root
backup_dir_group: root
backup_max_days: 7
backup_max_months: 1
backup_with_mysql: true
backup_with_postgresql: true
backup_with_mongodb: true
monitoring_service_url: "stats.pi4.lqdn.fr"
# backups
backup_dir: /var/backup
backup_dir_mode: '0777'
backup_dir_owner: root
backup_dir_group: root
backup_max_days: 7
backup_max_months: 1
backup_with_mysql: true
backup_with_postgresql: false
backup_with_mongodb: false
monitoring_service_url: "stats.tau.lqdn.fr"
# backups
backup_dir: /var/backup
backup_dir_mode: '0777'
backup_dir_owner: root
backup_dir_group: root
backup_max_days: 7
backup_max_months: 1
backup_with_mysql: true
backup_with_postgresql: true
backup_with_mongodb: true
monitoring_service_url: "stats.test.lqdn.fr"
server_url: "test.lqdn.fr"
# Firewall
firewall_state: started
......@@ -25,12 +26,115 @@ firewall_disable_ufw: false
# backups
backup_dir: /var/backup
backup_dir_mode: '0777'
backup_dir_owner: root
backup_dir_group: root
backup_max_days: 7
backup_max_months: 1
backup_with_mysql: true
backup_with_postgresql: true
backup_with_mongodb: false
backup_postgres_password: ""
backup_postgres_user: "hedgedocs"
backup_profiles:
- name: don
schedule: 0 4 * * *
action: backup
source: mysql://don
target: "{{backup_target}}/don"
- name: keycloak
schedule: 0 4 * * *
action: backup
source: mysql://keycloak
target: "{{backup_target}}/keycloak"
- name: mysql
schedule: 0 4 * * *
action: backup
source: mysql://mysql
target: "{{backup_target}}/mysql"
- name: mediawiki
schedule: 0 4 * * *
action: backup
source: mysql://mediawiki
target: "{{backup_target}}/mediawiki"
- name: mongodb
schedule: 0 4 * * *
source: mongo://
target: "{{backup_target}}/mongodb"
# Keycloak
keycloak_service_group: "keycloak"
keycloak_service_user: "keycloak"
keycloak_service_name: "keycloak"
keycloak_base_path: "/opt/keycloak"
keycloak_dest: "{{ keycloak_base_path }}"
## General settings
## Keycloak config
keycloak_version: "16.1.0"
keycloak_previous_version: "15.0.2"
keycloak_create_admin: false
keycloak_force_install: true
## Security config
keycloak_log_directory: "/opt/keycloak/keycloak-{{ keycloak_version }}/standalone/log"
## Cerbot config
certbot_install_method: package
certbot_admin_email: "{{ sysadmin_email }}"
certbot_create_if_missing: True
certbot_create_method: standalone
certbot_certs:
- domains:
- sso.{{ server_url }}
certbot_auto_renew_options: '--webroot -w /var/www/letsencrypt && systemctl reload nginx'
certbot_auto_renew: true
## Nginx config
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "sso.{{ server_url }}"
access_log: "/var/log/nginx/keycloak_access.log"
error_log: "/var/log/nginx/keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "sso.{{ server_url }}.https.conf"
extra_parameters: |
location / {
proxy_buffering off;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
location = / {
return 301 "https://sso.{{ server_url }}/auth/realms/lqdn/account";
}
location = /admin {
return 301 "https://sso.{{ server_url }}/auth/admin/";
}
ssl_certificate /etc/letsencrypt/live/sso.{{ server_url }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sso.{{ server_url }}/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "80"
server_name: "sso.{{ server_url }}"
access_log: "/var/log/nginx/keycloak_access.log"
error_log: "/var/log/nginx/keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "sso.{{ server_url }}.http.conf"
extra_parameters: |
location / {
return 302 https://sso.{{ server_url }}$request_uri;
}
......@@ -68,11 +68,16 @@ don:
hosts:
don.test.lqdn.fr:
wiki:
hosts:
wiki.test.lqdn.fr:
# Comment ? ( En test, en prod... )
test:
children:
lqdntest:
wiki:
production:
children:
nextcloud:
......
......@@ -25,10 +25,13 @@
- name: Configuration des accès sur les serveurs de production
hosts: production
remote_user: root
vars:
ansible_python_interpreter: /usr/bin/python3
roles:
- shell-lqdn
tags:
- ssh
- shell
- base
- name: Mise en place des firewall
......@@ -41,7 +44,7 @@
- base
- name: Sauvegardes des bases de données
hosts: production_new
hosts: production
remote_user: root
roles:
- ansible-backup
......
Subproject commit 3057d10ba38575e713e9bc1bc199f3eac4925de8
Subproject commit 75660980fee9b197c9e8a55bc27f04ea542c003f
Subproject commit d7f68d6b586c06229c79997e6a46f083619453de
Subproject commit 3d6fcce6f4ec73ac7204dbc03e68fad400035d40
Subproject commit 82d92167d394cb643778e88e951523efda0c5a94
......@@ -52,14 +52,23 @@
tags:
- security
# - name: Sauvegardes des bases de données
# hosts: test
# remote_user: root
# roles:
# - ansible-backup
# tags:
# - backup
- name: Sauvegardes des bases de données
hosts: test
remote_user: root
roles:
- ansible-backup
- ansible-backup-lfi
tags:
- backup
# - name: Site de don
# hosts: don.test.lqdn.fr
# remote_user: root
......@@ -73,32 +82,45 @@
# tags:
# - testing
# - don
#
# - name: Serveur RP
# hosts: rp.test.lqdn.fr
- name: Wiki LQDN
hosts: test
remote_user: root
roles:
- ansible-role-certbot
- ansible-role-nginx
- ansible-role-php
- ansible-role-mysql
- ansible-role-mediawiki
tags:
- testing
- wiki
# - name: SSO LQDN
# hosts: test
# remote_user: root
# vars_files:
# - group_vars/rp/rp.yml
# roles:
# - ansible-role-certbot
# - ansible-role-nginx
# # - ansible-role-firewall
# - security-lqdn
# - packages-lqdn
# - updates-lqdn
# - rp
# - ansible-role-nginx
# - ansible-role-certbot
# - sso-lqdn
# tags:
# - testing
# - rp
# - sso
# - name: Wordpress LQDN
#
# - name: Forum LQDN
#
# - name: Serveur HedgeDocs
# hosts: md.test.lqdn.fr
# remote_user: root
# vars_files:
# - group_vars/hedgedocs/hedgedocs.yml
# roles:
# - ansible-role-certbot
# - hedgedocs-pad-lqdn
# tags:
# - testing
# - hedgedocs
# - name: Carre LQDN
#
# - name: CiviCRM LQDN
#
# - name: Gitlab LQDN
#
# - name: Matrix LQDN
#
# - name: Peertube LQDN
#
# - name: Zammad LQDN
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment