resolv conflict

2019-04-14 19:52:28 +02:00 · 2019-04-14 19:52:28 +02:00 · 218e0f3afa
commit 218e0f3afa
parent 2b87218b07 d55b031e5c
23 changed files with 289 additions and 73 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 *.retry
 .vaultpassword
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
 [submodule "library/ansible-aur"]
 	path = library/ansible-aur
 	url = https://github.com/pigmonkey/ansible-aur.git
--- a/README.md
+++ b/README.md
@ -3,13 +3,16 @@
 ## commande ansible
 ***launch playbook on staging***
-`ansible-playbook -i staging site.yml --ask-become-pass`
+`ansible-playbook -i staging site.yml  --vault-password-file=.vaultpassword`
 ***init new role architecture***
 `ansible-galaxy user_config init `
 ***launch ansible bootstrap***
-` ansible-playbook -i staging bootstrap.yml -u root --ask-pass`
+` ansible-playbook -i nas, bootstrap.yml -u root --ask-pass`
 ***encrypt string***
 `ansible-vault encrypt_string`
 ## Prerequis
@ -35,11 +38,15 @@
  - create user
  - copy clé RSA
- [ ] autofs role
+- [x] samba automount role
    - géré les credential en fichier
    - initialisé les variable pour les diferent périphérique
- [ ] VM server
+- [x] davfs mount
 - [x] VM server
 - [x] syncthing role
 ### Workstation roles
@ -50,32 +57,35 @@
  - install ansible aur module
  - clone ansible repo
- [ ] workstation role
+- [x] workstation role
-  - install wm software
+- -need to check for nvidia drver
-  - install worstation software (firefox keepass,pulseaudio,ncmpcc)
+- [x] cups
 - [x] bluetooth et tlp pour laptop
- [ ] grubtheme
+- [x] grubtheme
 - [ ] syncthing role
 ### Server Roles
- [server role]
+  - terminfo
  - cron
  - ssmtp
  - controle du reboot
- [ ] rsyncd role
+- server role
  - [x] cron
  - [x] ssmtp
 - [ ] backup role?
- [ ] ssmtp role
+- [x] rsyncd role
 - [x] failtoban role
 - [ ] nginx/php role
  - install
  - config
 - [ ] dns role
    -slave/primary
 - [ ] mariadb role
  - install
  - config
@ -83,6 +93,7 @@
 - [ ] tt-rss role
  - depend nginx & madiadb role
  - fail2ban jail
 - [ ] gitea role
  - depend of mariadb role
@ -90,6 +101,11 @@
 - [ ] dns role
    -slave/primary
 - [ ] backup role?
  - controle du reboot
 #### global improvment
 - voir pour compatibiliser debian
--- a/bootstrap.yml
+++ b/bootstrap.yml
@ -1,5 +1,5 @@
 ---
- hosts: nas
+- hosts: all
  gather_facts: no
  roles:
  - ansible_bootstrap
--- a/global.yml
+++ b/global.yml
@ -0,0 +1,6 @@
 ---
 - hosts: all
  roles:
    - system
    - autofs
    - syncthing
--- a/group_vars/all
+++ b/group_vars/all
@ -1,2 +0,0 @@
 ##ansible_python_interpreter: /usr/bin/python2
 username: 'vincent'
--- a/group_vars/all/all
+++ b/group_vars/all/all
@ -0,0 +1,8 @@
 ##ansible_python_interpreter: /usr/bin/python2
 user:
    name: vincent
    uid: 1024
    mail: vincent@ducamps.win
 domain:
    name: ducamps.win
--- a/group_vars/all/all_vault
+++ b/group_vars/all/all_vault
@ -0,0 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
 36336139353839303537376234623535363838613761633137633166636261353862643935393563
 6363356531376261333364306238343961343435336637380a623134636661326262623635326266
 62623433343939353866373365343966656533376230323835313131326130326265316364336537
 6332306265643336630a326530656536373662613636353735666164326461333232363534316564
 36643333636464663734666364366436366235326136313134393965626636643034396662383261
 34363236653530326635303239643166313966363062333534616332383736626430346633396438
 61353964643930353731316664393534356366373563326337303964323366333733386134646337
 31303736383735366662323637336635656161376337313563386438376136653365656433663336
 3530
--- a/group_vars/server
+++ b/group_vars/server
@ -0,0 +1,88 @@
 systemd_mounts: 
    diskstation_git:
        share: 192.168.1.10:/volume1/git
        mount: /mnt/diskstation/git
        type: nfs
        options:
            - " "
        automount: true
    backup_disk:
        share: /dev/sda1
        mount: /mnt/backup
        type: ntfs-3g
        options:
            - uid=1024
            - guid=100
        automount: true    
 systemd_mounts_enabled:
    - diskstation_git
    - backup_disk  
 syncthing_address: "{{inventory_hostname}}:8384"    
 syncthing_gui_user: "{{user.name}}"
 syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2
 notification_mail: "{{ user.mail }}"
 ssmtp_mailhub: smtp.{{ domain.name }}:587
 ssmtp_hostname: "{{ domain.name }}"
 ssmtp_auth_user: "{{ user.mail }}"
 ssmtp_auth_pass: "{{ vault_default_password }}"
 rsynclocations:
    - name: backup nas
      location: /mnt/backup
      readonly: "no"
 rsynchostalloawed: 192.168.1.10
 fail2ban_destmail: "{{ user.mail }}"
 fail2ban_sendmail: "{{ user.mail }}"
 Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}"
 Gandi_Domain: "{{ domain.name }}"
 Gandi_Record: www
 nginx_vhosts:
    - listen: "80"
      server_name: "localhost"
      root: "/usr/share/nginx/html/"
      error_page: "404              /404/404.html"
      filename: "default.conf"
      state: "present"
      template: "{{ nginx_vhost_template }}"
      extra_parameters: |
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
        location =/ {
             rewrite ^ /starter;
        }
        location / {
           index index.php index.html index.htm ;
           default_type text/html;
        }
        location ~ \.php$ {
           # try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_read_timeout 800;
            fastcgi_index index.php;
            include fastcgi_params;
        }
 nginx_realIP_Proxy: 192.168.1.10/24
 php_extention_enable:
    - iconv
    - mysqli
    - pdo_mysql
    - soap
--- a/group_vars/workstation
+++ b/group_vars/workstation
@ -4,73 +4,72 @@ systemd_mounts:
        mount: /mnt/diskstation/media
        type: cifs
        options:
            - rw
            - credentials=/etc/creds/.diskstation_credentials
-            - uid=1000
+            - uid=1024
            - gid=100
        automount: true
    diskstation_music:
        share: //diskstation/music
        mount: /mnt/diskstation/music
        type: cifs
        options:
            - rw
            - credentials=/etc/creds/.diskstation_credentials
-            - uid=1000
+            - uid=1024
            - gid=100
        automount: true
-
+    diskstation_home:
-    diskstation_ebook:
+        share: //diskstation/homes/admin
-        share: //diskstation/ebook
+        mount: /mnt/diskstation/home
        mount: /mnt/diskstation/ebook
        type: cifs
        options:
            - rw
            - credentials=/etc/creds/.diskstation_credentials
-            - uid=1000
+            - uid=1024
            - gid=100
        automount: true        
    diskstation_photo:
        share: //diskstation/photo
        mount: /mnt/diskstation/photo
        type: cifs
        options:
            -rw
            - credentials=/etc/creds/.diskstation_credentials
-            - uid=1000
+            - uid=1024
            - gid=100
        automount: true
-    diskstation_home:
+    diskstation_ebook:
-        share: //diskstation/home
+        share: //diskstation/ebook
-        mount: /mnt/diskstation/home
+        mount: /mnt/diskstation/ebook
        type: cifs
        options:
            - rw
            - credentials=/etc/creds/.diskstation_credentials
-            - uid=1000
+            - uid=1024
            - gid=100
        automount: true
-    diskstation_keepass:
+    davfs_share:
-        share: https://diskstation.ducamps.win\:5006/home/keepass
+        share: https://diskstation.ducamps.win:5006/home/keepass
        mount: /mnt/diskstation/keepass
        type: davfs
        options:
-            - rw
+            - uid=1024
-            - uid=1000
+        automount:  true
        automount: true
 share_credential_file:
    samba_dikstation:
        path: /etc/creds/.diskstation_credentials
        content:
            - username=admin
            - password=XiEhusW6
            - domain=WORKGROUP
    davfs:
        path: /etc/creds/.diskstation_credentials
        content:
            - https://diskstation.ducamps.win:5006/home/keepass admin XiEhusW6
 systemd_mounts_enabled:
    - diskstation_media
    - diskstation_music
    - diskstation_ebook
    - davfs_share
    - diskstation_photo
    - diskstation_home
-    - diskstation_keepass
+    
 credentials_files:
    1:
        type: smb
        path: /etc/creds/.diskstation_credentials
        username: admin
        password: "{{ vault_default_password }}"
    2:
        type: davfs
        path: /etc/davfs2/secrets
        adress: https://diskstation.ducamps.win:5006/home/keepass
        username: admin
        password: "{{ vault_default_password }}"
--- a/host_vars/fixe-pc
+++ b/host_vars/fixe-pc
@ -1,2 +1,6 @@
 ##ansible_python_interpreter: /usr/bin/python2
 music_directory: '/mnt/diskstation/music'
 gpu:
    nvidia: true
    bumblebee: false
--- a/host_vars/pi2
+++ b/host_vars/pi2
@ -1,6 +0,0 @@
 $ANSIBLE_VAULT;1.1;AES256
 61393533323364663463346439613732316134373930616464613930383831653263633831303261
 6162336166663662373062653038643136376137303336390a616231396334333137313065323635
 31616164393831373838376532616532316136306639383832666234666565336330313336313163
 3836626539323630620a343036373533306635373032626466333132326635633937343562323461
 37343534386430313439356432366134353666633865383838373234373437653965
--- a/host_vars/zen-pc
+++ b/host_vars/zen-pc
@ -0,0 +1,3 @@
 gpu:
    nvidia: true
    bumblebee: true
--- a/library/ansible-aur
+++ b/library/ansible-aur
@ -0,0 +1 @@
 Subproject commit 9761bfd931b2f8abb830ad48a8fefd87c12e723f
--- a/2
+++ b/2
@ -5,3 +5,5 @@ pi2
 fixe-pc
 zen-pc
 [laptop]
 zen-pc
--- a/roles/ssmtp/defaults/main.yml
+++ b/roles/ssmtp/defaults/main.yml
@ -0,0 +1,5 @@
 notification_mail: vincent@ducamps.win
 ssmtp_mailhub: smtp.ducamps.win:587
 ssmtp_hostname: ducamps.win
 ssmtp_auth_user: vincent@ducamps.win
 ssmtp_auth_pass: the_mandrill_api_key
--- a/roles/ssmtp/tasks/main.yml
+++ b/roles/ssmtp/tasks/main.yml
@ -0,0 +1,35 @@
 - name: Install SSMTP
  aur: name=ssmtp skip_installed=yes
  become_user: aur_builder
 - name: Set up ssmtp.conf
  template:
   src: ssmtp_conf.j2
   dest: /etc/ssmtp/ssmtp.conf
   owner: root
   group: mail
   mode: 0640
  become: yes
 - name: Set up revaliases
  template: 
    src: revaliases.j2 
    dest: /etc/ssmtp/revaliases
    owner: root
    group: mail
    mode: 0640
  become: yes
 - name: set right on /usr/sbin/ssmtp
  file:
      path: /usr/sbin/ssmtp # required. Path to the file being managed.
      group: mail # not required. Name of the group that should own the file/directory, as would be fed to I(chown).
      mode: 2711 # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number.  Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)).
      owner: root # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
  become: yes      
 #sudo chown root:mail /usr/sbin/ssmtp /etc/ssmtp{,/{ssmtp.conf,revaliases}}
 #sudo chmod 2711 /usr/sbin/ssmtp
 #sudo chmod o-rwx /etc/ssmtp /etc/ssmtp/ssmtp.conf;
--- a/roles/ssmtp/templates/revaliases.j2
+++ b/roles/ssmtp/templates/revaliases.j2
@ -0,0 +1,3 @@
 root:{{ notification_mail }}:{{ ssmtp_mailhub }}
 {{ user.name }}:{{ notification_mail }}:{{ ssmtp_mailhub }}
--- a/roles/ssmtp/templates/ssmtp_conf.j2
+++ b/roles/ssmtp/templates/ssmtp_conf.j2
@ -0,0 +1,12 @@
 # ---- basic config
 root={{notification_mail}}
 AuthMethod=LOGIN
 UseSTARTTLS=Yes
 UseTLS=NO
 hostname={{ssmtp_hostname}}
 FromLineOverride=Yes
 AuthUser={{ ssmtp_auth_user }}
 mailhub={{ ssmtp_mailhub }}
 AuthPass={{ ssmtp_auth_pass }}
--- a/server.yml
+++ b/server.yml
@ -1,10 +1,23 @@
 ---
 - hosts: server
  tasks:
  - name: install terminfo
    pacman:
      state: present # not required. choices: absent;latest;present. Desired state of the package.
      name: 
        - termite-terminfo # not required. Name or list of names of the packages to install, upgrade, or remove.
    become: yes
  roles:
  - system
  - autofs
  - dns
  - ssmtp
  - cronie
  - rsyncd
  - gandi-dyn-dns
  - fail2ban
  - dns
  - {role: nginx, become: yes }
  - php
  - tt-rss
  - gitea
  - user_config
--- a/site.yml
+++ b/site.yml
@ -1,3 +1,4 @@
 ---
 - import_playbook: global.yml
 - import_playbook: server.yml
 - import_playbook: workstation.yml
--- a/9
+++ b/9
@ -1,5 +1,12 @@
 ---
 [workstation]
-nas
+arch2
 debian
 [laptop]
 arch2
 [server]
 nas
--- a/workstation.yml
+++ b/workstation.yml
@ -1,10 +1,17 @@
 ---
 - hosts: workstation
  roles:
  - system
  - user_config
  - ansible-manager
  - autofs
  - mpd
  - virt
  - workstation
  - cups
  - grub_themes
  - nvidia
 - hosts: laptop
  roles:
  - laptop
  - bluetooth
-    #  - Windows_manager
+#  - Windows_manager
		`@ -1,2 +0,0 @@`
			`##ansible_python_interpreter: /usr/bin/python2`
			`username: 'vincent'`
		`@ -0,0 +1 @@`
							`Subproject commit 9761bfd931b2f8abb830ad48a8fefd87c12e723f`
		`@ -0,0 +1,3 @@`

							`root:{{ notification_mail }}:{{ ssmtp_mailhub }}`
							`{{ user.name }}:{{ notification_mail }}:{{ ssmtp_mailhub }}`