diff --git a/ansible/README.md b/ansible/README.md index d6495d9..38f6266 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -40,4 +40,6 @@ Good docs on the topic: * [Explains postfix on Host+ssmtp in Docker in detail, poorly written](https://medium.com/@thilinaviraj950/configure-and-use-host-base-postfix-to-send-emails-from-a-container-18cd279fc460) * [Another one](https://www.michelebologna.net/2019/send-an-email-from-a-docker-container/) -I needed to add Docker's network (`172.0.0.0/8`) to `mynetworks` in `/etc/postfix/main.cf`. Also `inet_interfaces` would have had to be changed if Arthur didn't put it to `all`. Now works. \ No newline at end of file +I needed to add Docker's network (`172.0.0.0/8`) to `mynetworks` in `/etc/postfix/main.cf`. Also `inet_interfaces` would have had to be changed if Arthur didn't put it to `all`. + +**Now solved.** \ No newline at end of file diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml index c517703..ce943de 100644 --- a/ansible/group_vars/all/vars.yml +++ b/ansible/group_vars/all/vars.yml @@ -21,22 +21,56 @@ sites: # mysql_username: rdb # mysql_password: "{{ vault_rdb_mysql_password }}" - - slug: arvuhez # Shorthand name to use as directory/file name + # - slug: arvuhez # Shorthand name to use as directory/file name + # # The site URL (without www) + # url: arvuhez.org + # # Ask nginx to redirect url to www + # # Else, we redirect www to url + # redirect_to_www: no + # # What kind of site is that? + # type: wordpress + # # Subnet addresses + # subnet_cidr_address: 172.27.2.0/24 + # subnet_gateway_ip: 172.27.2.1 + # subnet_site_ip: 172.27.2.2 + + # mysql_database: arvuhez + # mysql_username: arvuhez + # mysql_password: "{{ vault_arvuhez_mysql_password }}" + + # - slug: zinzoscope # Shorthand name to use as directory/file name + # # The site URL (without www) + # url: zinz.luxeylab.net + # # Ask nginx to redirect url to www + # # Else, we redirect www to url + # redirect_to_www: no + # # What kind of site is that? + # type: wordpress + # # Subnet addresses + # subnet_cidr_address: 172.27.3.0/24 + # subnet_gateway_ip: 172.27.3.1 + # subnet_site_ip: 172.27.3.2 + + # mysql_database: zinzoscope + # mysql_username: zinzoscope + # mysql_password: "{{ vault_zinzoscope_mysql_password }}" + + - slug: lexperimental # Shorthand name to use as directory/file name # The site URL (without www) - url: arvuhez.org + url: lexperimental.fr # Ask nginx to redirect url to www # Else, we redirect www to url redirect_to_www: no # What kind of site is that? type: wordpress # Subnet addresses - subnet_cidr_address: 172.27.1.0/24 - subnet_gateway_ip: 172.27.1.1 - subnet_site_ip: 172.27.1.2 + subnet_cidr_address: 172.27.4.0/24 + subnet_gateway_ip: 172.27.4.1 + subnet_site_ip: 172.27.4.2 - mysql_database: rdb - mysql_username: rdb - mysql_password: "{{ vault_rdb_mysql_password }}" + mysql_database: lexperimental + mysql_username: lexperimental + mysql_password: "{{ vault_lexperimental_mysql_password }}" mysql_root_password: "{{ vault_mysql_root_password }}" adrien_serenity_password: "{{ vault_adrien_serenity_password }}" \ No newline at end of file diff --git a/ansible/group_vars/all/vault.yml b/ansible/group_vars/all/vault.yml index c99ce33..9954164 100644 --- a/ansible/group_vars/all/vault.yml +++ b/ansible/group_vars/all/vault.yml @@ -1,18 +1,27 @@ $ANSIBLE_VAULT;1.1;AES256 -32333161663031336337306564336431336432656334323931653564353263623063353463316239 -3539633636383265623233323663383432396531323839660a366266393837333362376166303633 -63303836343433303830323630656532666466333231633431383265303637353231646635636231 -3666373032653565370a386534313865383632373137396466333765623939346535323364653337 -37346534626235666438643863343565626338396662333238373265343236373138663034653830 -62343766393834393933303364623365323263386338643939396238653163353266366165326266 -65303063333038656239373363323333356233366231396664323263653937623765633139383933 -39326632663733393839636563333633666236656531353863633837396539393131353165333435 -35323432353062363465323931613236623966396132636435663061356531646363343436313536 -39336135326232626139353534353338613836353330623431363439666134353664613330393333 -33663536376431393030643335306138353931393266343736636630653861306237663866643465 -64383831366463366539666265363166653739316635666663356630353964396432393031333364 -36366435393139313034373030343161663139623339316662653239393734346363383132383163 -31326134613238343862663733386361303532336236613961346534356434623535383837666433 -63313865653161313936313661336161666533636464623466343530376461383865306465653265 -31643566383336376662613139616164623263353837323935316634636334306237643331663437 -30363862666538323434316634613833366338316262663338656535376565353264 +66633138343934393133313432636535393566633962343761623535333534663239306465303932 +3234353334646338653032336438373732373463613738660a353632626633386234646631356330 +62386333366433326630616566396663643733323362393031653833333664633061653463366239 +3232623432326530310a613665306565623337643237323435616134353331633130386164373338 +35656438653730313730303562323239666166383432636332323063633238393936613766353664 +64653231663132343066643936333465376664666330373935323562323934616462386138373434 +31336265636134326233313564303666323639383130653130363539636633323262646663333138 +30396639393732333130363934666661633136623833626136643735373436393430663366386463 +63356330396536323066326435663131373464303135326630333264353632636563303435626237 +35383834663032656237643862383632633838353565356162383061353534303062376236663131 +64616366653663303336386237313737613137366435353030383663613437646261396533353366 +36373331383931383530363663643961623261616138653930623632646135383361393066343732 +30666532383766383535616665303065333065306437363534653166356432373262383136636534 +66343439626366633862363431643161313564326532663933366661396361646137616366306533 +61393062356166613533373363356239663533313032636261303130383634613161666438376465 +34333138646332343139656133356532613065303166356334353036623263343330393134303235 +30373966613838646432353061366134643465346165633638666130383236353664343362376364 +31663164663433613031336161373032303039313565306563646231313162663132316464323035 +35343836313232626238623933353930313064343565333466376630306566616630643632376433 +62373863353932623331303730366238363838376361343763396530326166343137343865323437 +63643835313261656465653937643263663932623138363861626463616438313935313363316430 +63363932353931383330326539353066353162373165653765346262666163356138663062353837 +33643434343637366237646636653331353038653264646237356338386266616262623766633230 +31346334326230356265313438353437393563336133393839633464373831653334356535343136 +62343433373736356130353236653963646532336164366639343963666666363066346133393165 +3136353565303762353234323430666263376661323266373766 diff --git a/ansible/inventory b/ansible/inventory index 31b6872..96b6151 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -1,4 +1,4 @@ -serenity ansible_host=92.243.8.85 ansible_user=adrien ansible_become_pass="{{ vault_adrien_serenity_password }}" +serenity ansible_host=92.243.8.85 ansible_user=adrien ansible_become_pass="{{ adrien_serenity_password }}" [py3-hosts] serenity diff --git a/ansible/roles/build/tasks/wordpress.yml b/ansible/roles/build/tasks/wordpress.yml index dc60fad..5566d64 100644 --- a/ansible/roles/build/tasks/wordpress.yml +++ b/ansible/roles/build/tasks/wordpress.yml @@ -41,5 +41,5 @@ name: "{{ item.mysql_username }}" password: "{{ item.mysql_password }}" # Grants - priv: "{{ item.mysql_database }}:all" + priv: "{{ item.mysql_database }}.*:all" state: present diff --git a/ansible/roles/build/templates/nginx-wordpress.j2 b/ansible/roles/build/templates/nginx-wordpress.j2 index 30bddda..6fa86f7 100644 --- a/ansible/roles/build/templates/nginx-wordpress.j2 +++ b/ansible/roles/build/templates/nginx-wordpress.j2 @@ -10,11 +10,11 @@ server { include snippets/letsencrypt.conf; location / { - {% if item.redirect_to_www %} - return 301 https://www.{{ item.url }}$request_uri; - {% else %} - return 301 https://{{ item.url }}$request_uri; - {% endif %} +{% if item.redirect_to_www %} + return 301 https://www.{{ item.url }}$request_uri; +{% else %} + return 301 https://{{ item.url }}$request_uri; +{% endif %} } } @@ -26,17 +26,17 @@ server { access_log /var/log/nginx/{{ item.slug }}-access.log; error_log /var/log/nginx/error.log; - {% if item.redirect_to_www %} - # Redirect non-www to www - if ($host = {{ item.url }}) { - rewrite ^ https://www.{{ item.url }}$request_uri permanent; - } - {% else %} - # Redirect www to non-www - if ($host = www.{{ item.url }}) { - rewrite ^ https://{{ item.url }}$request_uri permanent; - } - {% endif %} +{% if item.redirect_to_www %} + # Redirect non-www to www + if ($host = {{ item.url }}) { + rewrite ^ https://www.{{ item.url }}$request_uri permanent; + } +{% else %} + # Redirect www to non-www + if ($host = www.{{ item.url }}) { + rewrite ^ https://{{ item.url }}$request_uri permanent; + } +{% endif %} # Let's Encrypt include snippets/letsencrypt.conf; diff --git a/jitsi/ansible/ansible.cfg b/jitsi/ansible/ansible.cfg new file mode 100644 index 0000000..a1a218c --- /dev/null +++ b/jitsi/ansible/ansible.cfg @@ -0,0 +1,13 @@ +[defaults] +# To forward my SSH key to remote hosts, and be able to pull from gitlab +transport = ssh + +[ssh_connection] + +# ForwardAgent to forward my SSH key to remote hosts, and be able to pull from gitlab +# ControlMaster to avoid a bug when cloning: https://github.com/ansible/ansible/issues/13876 +# ControlPersist for SSH multiplexing "-o ControlPersist=60s" <- Causes user not being added to docker group T_T +ssh_args = -o ForwardAgent=yes -o ControlMaster=auto + +# For speed +pipelining=True diff --git a/jitsi/ansible/facts b/jitsi/ansible/facts new file mode 100644 index 0000000..b6557c1 --- /dev/null +++ b/jitsi/ansible/facts @@ -0,0 +1,610 @@ + __________________ +< PLAY [discovery] > + ------------------ + \ ^__^ + \ (oo)\_______ + (__)\ )\/\ + ||----w | + || || + + ________________________ +< TASK [Gathering Facts] > + ------------------------ + \ ^__^ + \ (oo)\_______ + (__)\ )\/\ + ||----w | + || || + +ok: [discovery] + ______________ +< TASK [debug] > + -------------- + \ ^__^ + \ (oo)\_______ + (__)\ )\/\ + ||----w | + || || + +ok: [discovery] => { + "ansible_facts": { + "_facts_gathered": true, + "all_ipv4_addresses": [ + "92.243.19.121" + ], + "all_ipv6_addresses": [ + "2001:4b98:dc0:43:216:3eff:fe57:c7c", + "fe80::216:3eff:fe57:c7c" + ], + "ansible_local": {}, + "apparmor": { + "status": "enabled" + }, + "architecture": "x86_64", + "bios_date": "", + "bios_version": "", + "cmdline": { + "console": "hvc0", + "loglevel": "5", + "net.ifnames": "0", + "nomce": true, + "ro": true, + "root": "LABEL=debian-buster" + }, + "date_time": { + "date": "2020-04-09", + "day": "09", + "epoch": "1586448390", + "hour": "18", + "iso8601": "2020-04-09T16:06:30Z", + "iso8601_basic": "20200409T180630161764", + "iso8601_basic_short": "20200409T180630", + "iso8601_micro": "2020-04-09T16:06:30.161920Z", + "minute": "06", + "month": "04", + "second": "30", + "time": "18:06:30", + "tz": "CEST", + "tz_offset": "+0200", + "weekday": "Thursday", + "weekday_number": "4", + "weeknumber": "14", + "year": "2020" + }, + "default_ipv4": { + "address": "92.243.19.121", + "alias": "eth0", + "broadcast": "92.243.19.255", + "gateway": "92.243.19.254", + "interface": "eth0", + "macaddress": "00:16:3e:57:0c:7c", + "mtu": 1500, + "netmask": "255.255.252.0", + "network": "92.243.16.0", + "type": "ether" + }, + "default_ipv6": { + "address": "2001:4b98:dc0:43:216:3eff:fe57:c7c", + "gateway": "fe80::216:3eff:feea:dd92", + "interface": "eth0", + "macaddress": "00:16:3e:57:0c:7c", + "mtu": 1500, + "prefix": "64", + "scope": "global", + "type": "ether" + }, + "device_links": { + "ids": {}, + "labels": { + "xvda1": [ + "debian-buster" + ], + "xvdz": [ + "swap" + ] + }, + "masters": {}, + "uuids": { + "xvda1": [ + "01e4a304-e4a0-4b1d-adbc-866afe76158e" + ], + "xvdz": [ + "bb771606-7c58-4be2-803a-234b6fa9c032" + ] + } + }, + "devices": { + "xvda": { + "holders": [], + "host": "", + "links": { + "ids": [], + "labels": [], + "masters": [], + "uuids": [] + }, + "model": null, + "partitions": { + "xvda1": { + "holders": [], + "links": { + "ids": [], + "labels": [ + "debian-buster" + ], + "masters": [], + "uuids": [ + "01e4a304-e4a0-4b1d-adbc-866afe76158e" + ] + }, + "sectors": "104855519", + "sectorsize": 512, + "size": "50.00 GB", + "start": "2048", + "uuid": "01e4a304-e4a0-4b1d-adbc-866afe76158e" + } + }, + "removable": "0", + "rotational": "0", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "none", + "sectors": "104857600", + "sectorsize": "512", + "size": "50.00 GB", + "support_discard": "0", + "vendor": null, + "virtual": 1 + }, + "xvdz": { + "holders": [], + "host": "", + "links": { + "ids": [], + "labels": [ + "swap" + ], + "masters": [], + "uuids": [ + "bb771606-7c58-4be2-803a-234b6fa9c032" + ] + }, + "model": null, + "partitions": {}, + "removable": "0", + "rotational": "0", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "none", + "sectors": "1482752", + "sectorsize": "512", + "size": "724.00 MB", + "support_discard": "0", + "vendor": null, + "virtual": 1 + } + }, + "distribution": "Debian", + "distribution_file_parsed": true, + "distribution_file_path": "/etc/os-release", + "distribution_file_variety": "Debian", + "distribution_major_version": "10", + "distribution_release": "buster", + "distribution_version": "10", + "dns": { + "nameservers": [ + "155.133.140.130", + "155.133.140.129", + "2001:4b98:dc6:255::129" + ], + "options": { + "attempts": "3", + "rotate": true, + "timeout": "1" + } + }, + "domain": "", + "effective_group_id": 0, + "effective_user_id": 0, + "env": { + "HOME": "/root", + "LANG": "en_US.UTF-8", + "LC_CTYPE": "fr_FR.UTF-8", + "LOGNAME": "root", + "MAIL": "/var/mail/root", + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "PWD": "/home/adrien", + "SHELL": "/bin/bash", + "SUDO_COMMAND": "/bin/sh -c echo BECOME-SUCCESS-jogxnlsbhumrfjsvpnlkcmumvohyokvj ; /usr/bin/python3", + "SUDO_GID": "100", + "SUDO_UID": "1000", + "SUDO_USER": "adrien", + "TERM": "unknown", + "USER": "root" + }, + "eth0": { + "active": true, + "device": "eth0", + "features": { + "esp_hw_offload": "off [fixed]", + "esp_tx_csum_hw_offload": "off [fixed]", + "fcoe_mtu": "off [fixed]", + "generic_receive_offload": "on", + "generic_segmentation_offload": "on", + "highdma": "off [fixed]", + "hw_tc_offload": "off [fixed]", + "l2_fwd_offload": "off [fixed]", + "large_receive_offload": "off [fixed]", + "loopback": "off [fixed]", + "netns_local": "off [fixed]", + "ntuple_filters": "off [fixed]", + "receive_hashing": "off [fixed]", + "rx_all": "off [fixed]", + "rx_checksumming": "on [fixed]", + "rx_fcs": "off [fixed]", + "rx_gro_hw": "off [fixed]", + "rx_udp_tunnel_port_offload": "off [fixed]", + "rx_vlan_filter": "off [fixed]", + "rx_vlan_offload": "off [fixed]", + "rx_vlan_stag_filter": "off [fixed]", + "rx_vlan_stag_hw_parse": "off [fixed]", + "scatter_gather": "on", + "tcp_segmentation_offload": "on", + "tls_hw_record": "off [fixed]", + "tls_hw_rx_offload": "off [fixed]", + "tls_hw_tx_offload": "off [fixed]", + "tx_checksum_fcoe_crc": "off [fixed]", + "tx_checksum_ip_generic": "off [fixed]", + "tx_checksum_ipv4": "on [fixed]", + "tx_checksum_ipv6": "on", + "tx_checksum_sctp": "off [fixed]", + "tx_checksumming": "on", + "tx_esp_segmentation": "off [fixed]", + "tx_fcoe_segmentation": "off [fixed]", + "tx_gre_csum_segmentation": "off [fixed]", + "tx_gre_segmentation": "off [fixed]", + "tx_gso_partial": "off [fixed]", + "tx_gso_robust": "on [fixed]", + "tx_ipxip4_segmentation": "off [fixed]", + "tx_ipxip6_segmentation": "off [fixed]", + "tx_lockless": "off [fixed]", + "tx_nocache_copy": "off", + "tx_scatter_gather": "on", + "tx_scatter_gather_fraglist": "off [fixed]", + "tx_sctp_segmentation": "off [fixed]", + "tx_tcp6_segmentation": "on", + "tx_tcp_ecn_segmentation": "off [fixed]", + "tx_tcp_mangleid_segmentation": "off", + "tx_tcp_segmentation": "on", + "tx_udp_segmentation": "off [fixed]", + "tx_udp_tnl_csum_segmentation": "off [fixed]", + "tx_udp_tnl_segmentation": "off [fixed]", + "tx_vlan_offload": "off [fixed]", + "tx_vlan_stag_hw_insert": "off [fixed]", + "udp_fragmentation_offload": "off", + "vlan_challenged": "off [fixed]" + }, + "hw_timestamp_filters": [], + "ipv4": { + "address": "92.243.19.121", + "broadcast": "92.243.19.255", + "netmask": "255.255.252.0", + "network": "92.243.16.0" + }, + "ipv6": [ + { + "address": "2001:4b98:dc0:43:216:3eff:fe57:c7c", + "prefix": "64", + "scope": "global" + }, + { + "address": "fe80::216:3eff:fe57:c7c", + "prefix": "64", + "scope": "link" + } + ], + "macaddress": "00:16:3e:57:0c:7c", + "module": "xen_netfront", + "mtu": 1500, + "pciid": "vif-0", + "promisc": false, + "timestamping": [ + "rx_software", + "software" + ], + "type": "ether" + }, + "fibre_channel_wwn": [], + "fips": false, + "form_factor": "", + "fqdn": "discovery", + "gather_subset": [ + "all" + ], + "hostname": "discovery", + "hostnqn": "", + "interfaces": [ + "eth0", + "lo" + ], + "is_chroot": false, + "iscsi_iqn": "", + "kernel": "4.19.0-5-amd64", + "kernel_version": "#1 SMP Debian 4.19.37-5 (2019-06-19)", + "lo": { + "active": true, + "device": "lo", + "features": { + "esp_hw_offload": "off [fixed]", + "esp_tx_csum_hw_offload": "off [fixed]", + "fcoe_mtu": "off [fixed]", + "generic_receive_offload": "on", + "generic_segmentation_offload": "on", + "highdma": "on [fixed]", + "hw_tc_offload": "off [fixed]", + "l2_fwd_offload": "off [fixed]", + "large_receive_offload": "off [fixed]", + "loopback": "on [fixed]", + "netns_local": "on [fixed]", + "ntuple_filters": "off [fixed]", + "receive_hashing": "off [fixed]", + "rx_all": "off [fixed]", + "rx_checksumming": "on [fixed]", + "rx_fcs": "off [fixed]", + "rx_gro_hw": "off [fixed]", + "rx_udp_tunnel_port_offload": "off [fixed]", + "rx_vlan_filter": "off [fixed]", + "rx_vlan_offload": "off [fixed]", + "rx_vlan_stag_filter": "off [fixed]", + "rx_vlan_stag_hw_parse": "off [fixed]", + "scatter_gather": "on", + "tcp_segmentation_offload": "on", + "tls_hw_record": "off [fixed]", + "tls_hw_rx_offload": "off [fixed]", + "tls_hw_tx_offload": "off [fixed]", + "tx_checksum_fcoe_crc": "off [fixed]", + "tx_checksum_ip_generic": "on [fixed]", + "tx_checksum_ipv4": "off [fixed]", + "tx_checksum_ipv6": "off [fixed]", + "tx_checksum_sctp": "on [fixed]", + "tx_checksumming": "on", + "tx_esp_segmentation": "off [fixed]", + "tx_fcoe_segmentation": "off [fixed]", + "tx_gre_csum_segmentation": "off [fixed]", + "tx_gre_segmentation": "off [fixed]", + "tx_gso_partial": "off [fixed]", + "tx_gso_robust": "off [fixed]", + "tx_ipxip4_segmentation": "off [fixed]", + "tx_ipxip6_segmentation": "off [fixed]", + "tx_lockless": "on [fixed]", + "tx_nocache_copy": "off [fixed]", + "tx_scatter_gather": "on [fixed]", + "tx_scatter_gather_fraglist": "on [fixed]", + "tx_sctp_segmentation": "on", + "tx_tcp6_segmentation": "on", + "tx_tcp_ecn_segmentation": "on", + "tx_tcp_mangleid_segmentation": "on", + "tx_tcp_segmentation": "on", + "tx_udp_segmentation": "off [fixed]", + "tx_udp_tnl_csum_segmentation": "off [fixed]", + "tx_udp_tnl_segmentation": "off [fixed]", + "tx_vlan_offload": "off [fixed]", + "tx_vlan_stag_hw_insert": "off [fixed]", + "udp_fragmentation_offload": "off", + "vlan_challenged": "on [fixed]" + }, + "hw_timestamp_filters": [], + "ipv4": { + "address": "127.0.0.1", + "broadcast": "host", + "netmask": "255.0.0.0", + "network": "127.0.0.0" + }, + "ipv6": [ + { + "address": "::1", + "prefix": "128", + "scope": "host" + } + ], + "mtu": 65536, + "promisc": false, + "timestamping": [ + "tx_software", + "rx_software", + "software" + ], + "type": "loopback" + }, + "lsb": { + "codename": "buster", + "description": "Debian GNU/Linux 10 (buster)", + "id": "Debian", + "major_release": "10", + "release": "10" + }, + "machine": "x86_64", + "machine_id": "0dab42506f864d22a0b29ef98680eb7d", + "memfree_mb": 871, + "memory_mb": { + "nocache": { + "free": 1809, + "used": 174 + }, + "real": { + "free": 871, + "total": 1983, + "used": 1112 + }, + "swap": { + "cached": 0, + "free": 723, + "total": 723, + "used": 0 + } + }, + "memtotal_mb": 1983, + "module_setup": true, + "mounts": [ + { + "block_available": 11896660, + "block_size": 4096, + "block_total": 12884851, + "block_used": 988191, + "device": "/dev/xvda1", + "fstype": "ext4", + "inode_available": 3232800, + "inode_total": 3276800, + "inode_used": 44000, + "mount": "/", + "options": "rw,noatime,errors=remount-ro", + "size_available": 48728719360, + "size_total": 52776349696, + "uuid": "01e4a304-e4a0-4b1d-adbc-866afe76158e" + }, + { + "block_available": 0, + "block_size": 4096, + "block_total": 0, + "block_used": 0, + "device": "/etc/auto.gandi", + "fstype": "autofs", + "inode_available": 0, + "inode_total": 0, + "inode_used": 0, + "mount": "/srv", + "options": "rw,relatime,fd=6,pgrp=456,timeout=2592000,minproto=5,maxproto=5,indirect,pipe_ino=14047", + "size_available": 0, + "size_total": 0, + "uuid": "N/A" + } + ], + "nodename": "discovery", + "os_family": "Debian", + "pkg_mgr": "apt", + "proc_cmdline": { + "console": [ + "ttyS0", + "hvc0" + ], + "loglevel": "5", + "net.ifnames": "0", + "nomce": true, + "ro": true, + "root": "LABEL=debian-buster" + }, + "processor": [ + "0", + "GenuineIntel", + "Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz", + "1", + "GenuineIntel", + "Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz" + ], + "processor_cores": 2, + "processor_count": 2, + "processor_threads_per_core": 1, + "processor_vcpus": 2, + "product_name": "", + "product_serial": "", + "product_uuid": "", + "product_version": "", + "python": { + "executable": "/usr/bin/python3", + "has_sslcontext": true, + "type": "cpython", + "version": { + "major": 3, + "micro": 3, + "minor": 7, + "releaselevel": "final", + "serial": 0 + }, + "version_info": [ + 3, + 7, + 3, + "final", + 0 + ] + }, + "python_version": "3.7.3", + "real_group_id": 0, + "real_user_id": 0, + "selinux": { + "status": "Missing selinux Python library" + }, + "selinux_python_present": false, + "service_mgr": "systemd", + "ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDlD/fvsGCIPE5yqHrbkAWHpyYYmZxg4MT5K46St7yVy5/j+WWQcvY6eypSwZR7kbxqytQ2G43kZWpobXt9rEX8=", + "ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIJsvcDTwcMXFkHgwGh5zy/Z6DROX+N+A3hcnF8WJM8cm", + "ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCfuxAxZVttU3sDZp4/ENcouB1/YxcgX+3rN8kw3FCC4KB/F+uYNgNwiRR2uC8p2oVDHl3YrCFg54+Sz3QQ1yzrVsMBlts2uEgiuefxe0hhGPdzv/QluoGssPwsWdWi0jLKG4hNSwjq2syKGl90RB4JqzyRUsXaWL3r0aO/3mTXK2u38t8+dIsoJ5oiifVybsPfqCvqvNhLPpTAWnaOHiksOim1AFvjNSNT/NOajOGQORExnkLXMJ2UQWqCHbLJaHjvhhPUhdE/+T3p91Epe1J9FVXSJOoffDesUeWRF8NBg65WfBnc+A1u1uYquLQE2CkluWIfDSKDY/rKjmvw7Z/J", + "swapfree_mb": 723, + "swaptotal_mb": 723, + "system": "Linux", + "system_capabilities": [ + "cap_chown", + "cap_dac_override", + "cap_dac_read_search", + "cap_fowner", + "cap_fsetid", + "cap_kill", + "cap_setgid", + "cap_setuid", + "cap_setpcap", + "cap_linux_immutable", + "cap_net_bind_service", + "cap_net_broadcast", + "cap_net_admin", + "cap_net_raw", + "cap_ipc_lock", + "cap_ipc_owner", + "cap_sys_module", + "cap_sys_rawio", + "cap_sys_chroot", + "cap_sys_ptrace", + "cap_sys_pacct", + "cap_sys_admin", + "cap_sys_boot", + "cap_sys_nice", + "cap_sys_resource", + "cap_sys_time", + "cap_sys_tty_config", + "cap_mknod", + "cap_lease", + "cap_audit_write", + "cap_audit_control", + "cap_setfcap", + "cap_mac_override", + "cap_mac_admin", + "cap_syslog", + "cap_wake_alarm", + "cap_block_suspend", + "cap_audit_read+ep" + ], + "system_capabilities_enforced": "True", + "system_vendor": "", + "uptime_seconds": 2542, + "user_dir": "/root", + "user_gecos": "root", + "user_gid": 0, + "user_id": "root", + "user_shell": "/bin/bash", + "user_uid": 0, + "userspace_architecture": "x86_64", + "userspace_bits": "64", + "virtualization_role": "guest", + "virtualization_type": "xen" + } +} + ____________ +< PLAY RECAP > + ------------ + \ ^__^ + \ (oo)\_______ + (__)\ )\/\ + ||----w | + || || + +discovery : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + diff --git a/jitsi/ansible/install.yml b/jitsi/ansible/install.yml new file mode 100644 index 0000000..e9bb336 --- /dev/null +++ b/jitsi/ansible/install.yml @@ -0,0 +1,6 @@ +--- +- hosts: discovery + become: true + roles: + - common + - docker \ No newline at end of file diff --git a/jitsi/ansible/inventory b/jitsi/ansible/inventory new file mode 100644 index 0000000..baff55a --- /dev/null +++ b/jitsi/ansible/inventory @@ -0,0 +1,7 @@ +discovery ansible_host=92.243.19.121 ansible_user=adrien + +[py3-hosts] +discovery + +[py3-hosts:vars] +ansible_python_interpreter=/usr/bin/python3 diff --git a/jitsi/ansible/roles/common/tasks/main.yml b/jitsi/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..5cf2de0 --- /dev/null +++ b/jitsi/ansible/roles/common/tasks/main.yml @@ -0,0 +1,46 @@ +--- + +- name: "Check that host runs Debian buster/sid on x86_64" + assert: + that: + - "ansible_architecture == 'aarch64' or ansible_architecture == 'x86_64'" + - "ansible_os_family == 'Debian'" + + +- name: "Upgrade system" + apt: + upgrade: dist # Should we do a full uprade instead of a dist one? + update_cache: yes + cache_valid_time: 3600 + autoclean: yes + autoremove: yes + +- name: "Install base tools" + apt: + state: present + update_cache: no + name: + - atop + - bmon + - curl + - dnsutils + - fail2ban + - git + - htop + - iftop + - iotop + - iproute2 + - iptables + - iptables-persistent + - iputils-ping + - less + - net-tools + - nginx + - screen + - strace + - sudo + - tar + - tcpdump + - unzip + - vim + diff --git a/jitsi/ansible/roles/docker/tasks/main.yml b/jitsi/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000..70d0728 --- /dev/null +++ b/jitsi/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,49 @@ +--- + +- name: "Check that host runs Debian buster/sid on x86_64" + assert: + that: + - "ansible_architecture == 'aarch64' or ansible_architecture == 'x86_64'" + - "ansible_os_family == 'Debian'" + +- name: Remove stale Docker versions + apt: + state: absent + name: + - docker + - docker-engine + - docker.io + - containerd + - runc + +- name: Install Docker prerequisities + apt: + state: present + update_cache: yes + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + +- name: Add Docker's GPG key to apt + apt_key: + url: https://download.docker.com/linux/debian/gpg + +- name: Add Docker's repository to apt + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/debian buster stable + state: present + +- name: Install Docker + apt: + state: present + update_cache: yes + name: + - docker-ce + - docker-ce-cli + - containerd.io + +# For docker-compose it's a bit lame: +# sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ No newline at end of file diff --git a/jitsi/ansible/roles/jitsi/tasks/main.yml b/jitsi/ansible/roles/jitsi/tasks/main.yml new file mode 100644 index 0000000..209558a --- /dev/null +++ b/jitsi/ansible/roles/jitsi/tasks/main.yml @@ -0,0 +1,10 @@ +- name: Create output directory + file: + name: /jitsi + state: directory + owner: adrien + group: adrien + +- name: Clone deuxfleurs repo to remote + git: + src: diff --git a/sites/arvuhez/README.md b/sites/arvuhez.old/README.md similarity index 100% rename from sites/arvuhez/README.md rename to sites/arvuhez.old/README.md diff --git a/sites/arvuhez/docker-compose.yml b/sites/arvuhez.old/docker-compose.yml similarity index 100% rename from sites/arvuhez/docker-compose.yml rename to sites/arvuhez.old/docker-compose.yml diff --git a/sites/lexperimental/docker-compose.yml b/sites/lexperimental.old/docker-compose.yml similarity index 100% rename from sites/lexperimental/docker-compose.yml rename to sites/lexperimental.old/docker-compose.yml diff --git a/sites/lexperimental/lexperimental.fr b/sites/lexperimental.old/lexperimental.fr similarity index 100% rename from sites/lexperimental/lexperimental.fr rename to sites/lexperimental.old/lexperimental.fr diff --git a/sites/rennes-des-bois/README.md b/sites/rennes-des-bois.old/README.md similarity index 100% rename from sites/rennes-des-bois/README.md rename to sites/rennes-des-bois.old/README.md diff --git a/sites/rennes-des-bois/docker-compose.yml b/sites/rennes-des-bois.old/docker-compose.yml similarity index 100% rename from sites/rennes-des-bois/docker-compose.yml rename to sites/rennes-des-bois.old/docker-compose.yml