Merge branch 'retour'
This commit is contained in:
commit
15dc6226c5
@ -275,7 +275,7 @@ retry_files_enabled = False
|
|||||||
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
|
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
|
||||||
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
|
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
|
||||||
# for more secure ways to fix this than enabling this option.
|
# for more secure ways to fix this than enabling this option.
|
||||||
#allow_world_readable_tmpfiles = False
|
allow_world_readable_tmpfiles = True
|
||||||
|
|
||||||
# controls the compression level of variables sent to
|
# controls the compression level of variables sent to
|
||||||
# worker processes. At the default of 0, no compression
|
# worker processes. At the default of 0, no compression
|
||||||
|
@ -3,3 +3,7 @@ sssd_configure: true
|
|||||||
ldap_search_base: "dc=ducamps,dc=win"
|
ldap_search_base: "dc=ducamps,dc=win"
|
||||||
ldap_uri: "ldaps://ldap.ducamps.win"
|
ldap_uri: "ldaps://ldap.ducamps.win"
|
||||||
ldap_sudo_search_base: "ou=sudoers,dc=ducamps,dc=win"
|
ldap_sudo_search_base: "ou=sudoers,dc=ducamps,dc=win"
|
||||||
|
ldap_default_bind_dn : "uid=vaultserviceaccount,cn=users,dc=ducamps,dc=win"
|
||||||
|
ldap_password : "{{lookup('hashi_vault', 'secret=secrets/data/ansible/other:vaulserviceaccount')}}"
|
||||||
|
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ dhcpd_hosts:
|
|||||||
|
|
||||||
- hostname: 'oscar'
|
- hostname: 'oscar'
|
||||||
address: '192.168.1.40'
|
address: '192.168.1.40'
|
||||||
ethernet: '84:39:be:12:05:69'
|
ethernet: '7C:83:34:B3:49:9A'
|
||||||
|
|
||||||
- hostname: 'VMAS-HML'
|
- hostname: 'VMAS-HML'
|
||||||
address: '192.168.1.50'
|
address: '192.168.1.50'
|
||||||
|
@ -1,18 +1,19 @@
|
|||||||
---
|
---
|
||||||
ansible_host: "192.168.1.41"
|
ansible_host: "192.168.1.41"
|
||||||
ansible_python_interpreter: "/usr/bin/python3"
|
ansible_python_interpreter: "/usr/bin/python3"
|
||||||
wireguard_address: "10.0.0.5/24"
|
wireguard_address: "10.0.0.6/24"
|
||||||
wireguard_allowed_ips: "10.0.0.5/32,192.168.1.0/24"
|
wireguard_byhost_allowed_ips:
|
||||||
|
merlin: 10.0.0.6,192.168.1.41
|
||||||
perrsistent_keepalive: "30"
|
perrsistent_keepalive: "30"
|
||||||
wireguard_endpoint: ""
|
wireguard_endpoint: ""
|
||||||
|
|
||||||
wireguard_postup:
|
wireguard_postup:
|
||||||
- iptables -A FORWARD -i wg0 -j ACCEPT
|
- iptables -A FORWARD -i wg0 -j ACCEPT
|
||||||
- iptables -A FORWARD -o wg0 -j ACCEPT
|
- iptables -A FORWARD -o wg0 -j ACCEPT
|
||||||
- iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
|
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
|
||||||
wireguard_postdown:
|
wireguard_postdown:
|
||||||
- iptables -D FORWARD -i wg0 -j ACCEPT
|
- iptables -D FORWARD -i wg0 -j ACCEPT
|
||||||
- iptables -D FORWARD -o wg0 -j ACCEPT
|
- iptables -D FORWARD -o wg0 -j ACCEPT
|
||||||
- iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
|
- iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
|
||||||
|
@ -1,16 +1,57 @@
|
|||||||
---
|
---
|
||||||
wireguard_address: "10.0.0.2/24"
|
wireguard_address: "10.0.0.2/24"
|
||||||
wireguard_allowed_ips: "10.0.0.2/32,192.168.1.0/24"
|
wireguard_byhost_allowed_ips:
|
||||||
|
merlin: 10.0.0.2,192.168.1.40,192.168.1.0/24
|
||||||
perrsistent_keepalive: "30"
|
perrsistent_keepalive: "30"
|
||||||
wireguard_endpoint: ""
|
wireguard_endpoint: ""
|
||||||
|
|
||||||
wireguard_postup:
|
wireguard_postup:
|
||||||
- iptables -A FORWARD -i wg0 -j ACCEPT
|
- iptables -A FORWARD -i wg0 -j ACCEPT
|
||||||
- iptables -A FORWARD -o wg0 -j ACCEPT
|
- iptables -A FORWARD -o wg0 -j ACCEPT
|
||||||
- iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
|
- iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
|
||||||
|
|
||||||
wireguard_postdown:
|
wireguard_postdown:
|
||||||
- iptables -D FORWARD -i wg0 -j ACCEPT
|
- iptables -D FORWARD -i wg0 -j ACCEPT
|
||||||
- iptables -D FORWARD -o wg0 -j ACCEPT
|
- iptables -D FORWARD -o wg0 -j ACCEPT
|
||||||
- iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
|
- iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
|
||||||
consul_snapshot: True
|
consul_snapshot: True
|
||||||
|
|
||||||
|
partition_table:
|
||||||
|
- device: "/dev/sda"
|
||||||
|
label: gpt
|
||||||
|
settings:
|
||||||
|
- number: 1
|
||||||
|
part_end: 300MB
|
||||||
|
flags: [boot, esp]
|
||||||
|
fstype: vfat
|
||||||
|
format: yes
|
||||||
|
- number: 2
|
||||||
|
part_start: 512MB
|
||||||
|
part_end: 1524MB
|
||||||
|
flags: []
|
||||||
|
fstype: swap
|
||||||
|
format: yes
|
||||||
|
- number: 3
|
||||||
|
part_start: 1524MB
|
||||||
|
flags: [lvm]
|
||||||
|
fstype: ext4
|
||||||
|
format: yes
|
||||||
|
#- device: "/dev/sdb"
|
||||||
|
#settings:
|
||||||
|
#- number: 1
|
||||||
|
#name: home
|
||||||
|
#fstype: ext4
|
||||||
|
#format:
|
||||||
|
mount_table:
|
||||||
|
- device: "/dev/sda"
|
||||||
|
settings:
|
||||||
|
- number: 3
|
||||||
|
mountpath: /mnt
|
||||||
|
fstype: ext4
|
||||||
|
- number: 1
|
||||||
|
mountpath: /mnt/boot
|
||||||
|
fstype: vfat
|
||||||
|
|
||||||
|
#need vfat boot partition with esp label
|
||||||
|
provissionning_UEFI_Enable: True
|
||||||
|
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
|
remote_user: root
|
||||||
|
vars:
|
||||||
|
ansible_password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/user:root') }}"
|
||||||
roles:
|
roles:
|
||||||
- ansible_bootstrap
|
- ansible_bootstrap
|
||||||
|
@ -18,7 +18,6 @@ gerard
|
|||||||
|
|
||||||
[database]
|
[database]
|
||||||
oscar
|
oscar
|
||||||
merlin
|
|
||||||
|
|
||||||
[rsyncd]
|
[rsyncd]
|
||||||
oscar
|
oscar
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
remote_user: root
|
remote_user: root
|
||||||
|
vars:
|
||||||
|
provissionning_default_root: "{{ lookup('hashi_vault','secret=secrets/data/ansible/user:root') }}"
|
||||||
roles:
|
roles:
|
||||||
- ansible-arch-provissionning
|
- ansible-arch-provissionning
|
||||||
|
|
||||||
@ -11,5 +13,5 @@
|
|||||||
roles:
|
roles:
|
||||||
- ansible_bootstrap
|
- ansible_bootstrap
|
||||||
|
|
||||||
- remote_user: "{{ user.name }}"
|
#- remote_user: "{{ user.name }}"
|
||||||
import_playbook: site.yml
|
#import_playbook: site.yml
|
||||||
|
Loading…
Reference in New Issue
Block a user