adrien/automation
adrien/automation
1
1
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'master' of git.deuxfleurs.fr:adrien/automation

Browse source
This commit is contained in:
Adrien Luxey 2020-04-27 11:06:00 +02:00
commit db583c2f71
28 changed files with 1964 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
ansible/README.md Normal file
View file

@ -0,0 +1,45 @@
## Required packages on remote
Python (installed with `pip` for user `adrien`):
* docker
* docker-compose
* pymysql
TODO: Ansible task to install that before the rest
## Configure mailing
When I send mails from the container with `php`, with current `msmtp` config, it fails if the recipient isn't `@luxeylab.net`.
Host `mail.log`:
# mail('adrien@yopmai.com'...) in container
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: connect from unknown[172.27.1.2]
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: NOQUEUE: reject: RCPT from unknown[172.27.1.2]: 454 4.7.1 <adrien@yopmail.com>: Relay access denied; from=<php@www.rennesdesbois.fr> to=<adrien@yopmail.com> proto=ESMTP helo=<localhost>
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: lost connection after DATA from unknown[172.27.1.2]
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: disconnect from unknown[172.27.1.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4
# mail('adrien@yopmai.com'...) on host
Apr 2 09:10:33 Serenity postfix/cleanup[27364]: 5DB1D3CCDA: message-id=<20200402071033.5DB1D3CCDA@luxeylab.net>
Apr 2 09:10:33 Serenity postfix/qmgr[2066]: 5DB1D3CCDA: from=<adrien@luxeylab.net>, size=286, nrcpt=1 (queue active)
Apr 2 09:10:33 Serenity postfix/smtp[27366]: 5DB1D3CCDA: to=<adrien@yopmail.com>, relay=smtp.yopmail.com[87.98.164.155]:25, delay=0.68, delays=0.35/0/0.23/0.09, dsn=2.0.0, status=sent (250 mail saved)
Apr 2 09:10:33 Serenity postfix/qmgr[2066]: 5DB1D3CCDA: removed
# mail('adrien@luxeylab.net'...) in container
Apr 2 08:08:12 Serenity postfix/smtpd[2647]: connect from unknown[172.27.1.2]
Apr 2 08:08:12 Serenity postfix/smtpd[2647]: 6BA723CCD8: client=unknown[172.27.1.2]
Apr 2 08:08:12 Serenity postfix/cleanup[5829]: 6BA723CCD8: message-id=<>
Apr 2 08:08:12 Serenity postfix/smtpd[2647]: disconnect from unknown[172.27.1.2] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 2 08:08:12 Serenity postfix/qmgr[2066]: 6BA723CCD8: from=<php@www.rennesdesbois.fr>, size=290, nrcpt=1 (queue active)
Apr 2 08:08:13 Serenity postfix/smtp[5831]: 6BA723CCD8: to=<adrien.luxey@gmail.com>, orig_to=<adrien@luxeylab.net>, relay=gmail-smtp-in.l.google.com[74.125.133.26]:25, delay=0.79, delays=0.23/0.03/0.11/0.42, dsn=2.0.0, status=sent (250 2.0.0 OK 1585807693 130si4035771wma.123 - gsmtp)
Apr 2 08:08:13 Serenity postfix/qmgr[2066]: 6BA723CCD8: removed
Good docs on the topic:
* [Explains postfix on Host+ssmtp in Docker in detail, poorly written](https://medium.com/@thilinaviraj950/configure-and-use-host-base-postfix-to-send-emails-from-a-container-18cd279fc460)
* [Another one](https://www.michelebologna.net/2019/send-an-email-from-a-docker-container/)
I needed to add Docker's network (`172.0.0.0/8`) to `mynetworks` in `/etc/postfix/main.cf`. Also `inet_interfaces` would have had to be changed if Arthur didn't put it to `all`.
**Now solved.**

2
ansible/ansible.cfg
View file

@ -2,8 +2,6 @@
# To forward my SSH key to remote hosts, and be able to pull from gitlab # To forward my SSH key to remote hosts, and be able to pull from gitlab
transport = ssh transport = ssh
ask_vault_pass = True
[ssh_connection] [ssh_connection]
# ForwardAgent to forward my SSH key to remote hosts, and be able to pull from gitlab # ForwardAgent to forward my SSH key to remote hosts, and be able to pull from gitlab

2
ansible/build.yml
View file

@ -1,5 +1,5 @@
--- ---
- hosts: all - hosts: serenity
gather_facts: no gather_facts: no
roles: roles:
- build - build

5
ansible/deploy.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: serenity
gather_facts: no
roles:
- deploy

77
ansible/group_vars/all/vars.yml
View file

@ -4,16 +4,73 @@ www_path: /vault/www
sites_path: /vault/sites sites_path: /vault/sites
sites: sites:
- slug: rdb # Shorthand name to use as directory/file name # - slug: rdb # Shorthand name to use as directory/file name
# The complete site URL # # The site URL (without www)
url: www.rennesdesbois.fr # url: rennesdesbois.fr
# What kind of service is that? # # Ask nginx to redirect url to www
# # Else, we redirect www to url
# redirect_to_www: yes
# # What kind of site is that?
# type: wordpress
# # Subnet addresses
# subnet_cidr_address: 172.27.1.0/24
# subnet_gateway_ip: 172.27.1.1
# subnet_site_ip: 172.27.1.2
# mysql_database: rdb
# mysql_username: rdb
# mysql_password: "{{ vault_rdb_mysql_password }}"
# - slug: arvuhez # Shorthand name to use as directory/file name
# # The site URL (without www)
# url: arvuhez.org
# # Ask nginx to redirect url to www
# # Else, we redirect www to url
# redirect_to_www: no
# # What kind of site is that?
# type: wordpress
# # Subnet addresses
# subnet_cidr_address: 172.27.2.0/24
# subnet_gateway_ip: 172.27.2.1
# subnet_site_ip: 172.27.2.2
# mysql_database: arvuhez
# mysql_username: arvuhez
# mysql_password: "{{ vault_arvuhez_mysql_password }}"
# - slug: zinzoscope # Shorthand name to use as directory/file name
# # The site URL (without www)
# url: zinz.luxeylab.net
# # Ask nginx to redirect url to www
# # Else, we redirect www to url
# redirect_to_www: no
# # What kind of site is that?
# type: wordpress
# # Subnet addresses
# subnet_cidr_address: 172.27.3.0/24
# subnet_gateway_ip: 172.27.3.1
# subnet_site_ip: 172.27.3.2
# mysql_database: zinzoscope
# mysql_username: zinzoscope
# mysql_password: "{{ vault_zinzoscope_mysql_password }}"
- slug: lexperimental # Shorthand name to use as directory/file name
# The site URL (without www)
url: lexperimental.fr
# Ask nginx to redirect url to www
# Else, we redirect www to url
redirect_to_www: no
# What kind of site is that?
type: wordpress type: wordpress
# Subnet addresses # Subnet addresses
subnet_cidr_address: 172.27.1.0/24 subnet_cidr_address: 172.27.4.0/24
subnet_gateway_ip: 172.27.1.1 subnet_gateway_ip: 172.27.4.1
subnet_site_ip: 172.27.1.2 subnet_site_ip: 172.27.4.2
mysql_database: rdb mysql_database: lexperimental
mysql_username: rdb mysql_username: lexperimental
mysql_password: "{{ vault_rdb_mysql_password }}" mysql_password: "{{ vault_lexperimental_mysql_password }}"
mysql_root_password: "{{ vault_mysql_root_password }}"
adrien_serenity_password: "{{ vault_adrien_serenity_password }}"

37
ansible/group_vars/all/vault.yml
View file

@ -1,12 +1,27 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
31616336646162653732636532313464313632303932376532636465323836663938356630663236 66633138343934393133313432636535393566633962343761623535333534663239306465303932
3761366235343066333133623030623532636566306433650a313433303236623333663837326231 3234353334646338653032336438373732373463613738660a353632626633386234646631356330
66613662623261373136386439353839633564356663316564613238353861396265386266353461 62386333366433326630616566396663643733323362393031653833333664633061653463366239
3637666538346465370a313465643665333264646639353638623139383235336437373162613965 3232623432326530310a613665306565623337643237323435616134353331633130386164373338
61393237613832613661353266636664616661373362626265656136393539663938303463386563 35656438653730313730303562323239666166383432636332323063633238393936613766353664
32616331643533646631613331383930363831383763636638326264346366363837353133626531 64653231663132343066643936333465376664666330373935323562323934616462386138373434
32316539393837333035643833383239386166393061626630623939653232316161653538313938 31336265636134326233313564303666323639383130653130363539636633323262646663333138
64316437343738306537306434663365653135353566363133396532306563306531656534653761 30396639393732333130363934666661633136623833626136643735373436393430663366386463
34303963303231353061653933656335396339343138663335366435663461353931393531616239 63356330396536323066326435663131373464303135326630333264353632636563303435626237
31313564346234353765343631653530343632616539383433303634333338323633633638326132 35383834663032656237643862383632633838353565356162383061353534303062376236663131
643561303631356266313864623937313062 64616366653663303336386237313737613137366435353030383663613437646261396533353366
36373331383931383530363663643961623261616138653930623632646135383361393066343732
30666532383766383535616665303065333065306437363534653166356432373262383136636534
66343439626366633862363431643161313564326532663933366661396361646137616366306533
61393062356166613533373363356239663533313032636261303130383634613161666438376465
34333138646332343139656133356532613065303166356334353036623263343330393134303235
30373966613838646432353061366134643465346165633638666130383236353664343362376364
31663164663433613031336161373032303039313565306563646231313162663132316464323035
35343836313232626238623933353930313064343565333466376630306566616630643632376433
62373863353932623331303730366238363838376361343763396530326166343137343865323437
63643835313261656465653937643263663932623138363861626463616438313935313363316430
63363932353931383330326539353066353162373165653765346262666163356138663062353837
33643434343637366237646636653331353038653264646237356338386266616262623766633230
31346334326230356265313438353437393563336133393839633464373831653334356535343136
62343433373736356130353236653963646532336164366639343963666666363066346133393165
3136353565303762353234323430666263376661323266373766

8
ansible/inventory
View file

@ -1 +1,7 @@
serenity ansible_host=92.243.8.85 ansible_user=adrien ansible_become_pass="{{ vault_adrien_serenity_password }}" serenity ansible_host=92.243.8.85 ansible_user=adrien ansible_become_pass="{{ adrien_serenity_password }}"
[py3-hosts]
serenity
[py3-hosts:vars]
ansible_python_interpreter=/usr/bin/python3

1000
ansible/mail.log Normal file
View file

File diff suppressed because it is too large Load diff

1
ansible/roles/build/tasks/main.yml
View file

@ -4,6 +4,7 @@
include_tasks: wordpress.yml include_tasks: wordpress.yml
loop: "{{ sites }}" loop: "{{ sites }}"
when: item.type == "wordpress" when: item.type == "wordpress"
tags: wordpress

20
ansible/roles/build/tasks/wordpress.yml
View file

@ -25,7 +25,21 @@
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module # https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04 # https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
# Maybe using shell directly? e.g. # Maybe using shell directly? e.g.
# $ certbot certonly --webroot -w /var/www/letsencrypt -d {{ item.url }} # certbot certonly --webroot -w /var/www/letsencrypt -d <url>
# MySQL equivalent:
- name: Add user to database # create user <user>@<ip> identified by <pass>;
# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ item.mysql_username }}@{{ item.subnet_site_ip }} and grant all privileges on {{ item.mysql_database }}"
mysql_user:
# Credentials to log in MySQL
login_host: localhost
login_user: root
login_password: "{{ mysql_root_password }}"
# Credentials of the new db user
host: "{{ item.subnet_site_ip }}"
name: "{{ item.mysql_username }}"
password: "{{ item.mysql_password }}"
# Grants
priv: "{{ item.mysql_database }}.*:all"
state: present

4
ansible/roles/build/templates/docker-compose.yml.j2
View file

@ -12,8 +12,8 @@ services:
WORDPRESS_DB_USER: "{{ item.mysql_username }}" WORDPRESS_DB_USER: "{{ item.mysql_username }}"
WORDPRESS_DB_PASSWORD: "{{ item.mysql_password }}" WORDPRESS_DB_PASSWORD: "{{ item.mysql_password }}"
WORDPRESS_DB_NAME: "{{ item.mysql_database }}" WORDPRESS_DB_NAME: "{{ item.mysql_database }}"
# volumes: volumes:
# - "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content" - "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content"
networks: networks:
net: net:
ipv4_address: "{{ item.subnet_site_ip }}" ipv4_address: "{{ item.subnet_site_ip }}"

22
ansible/roles/build/templates/nginx-wordpress.j2
View file

@ -4,24 +4,40 @@
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name {{ item.url }}; server_name {{ item.url }} www.{{ item.url }};
# Let's Encrypt # Let's Encrypt
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
location / { location / {
return 301 https://$server_name$request_uri; {% if item.redirect_to_www %}
return 301 https://www.{{ item.url }}$request_uri;
{% else %}
return 301 https://{{ item.url }}$request_uri;
{% endif %}
} }
} }
server { server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
server_name {{ item.url }}; server_name {{ item.url }} www.{{ item.url }};
access_log /var/log/nginx/{{ item.slug }}-access.log; access_log /var/log/nginx/{{ item.slug }}-access.log;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
{% if item.redirect_to_www %}
# Redirect non-www to www
if ($host = {{ item.url }}) {
rewrite ^ https://www.{{ item.url }}$request_uri permanent;
}
{% else %}
# Redirect www to non-www
if ($host = www.{{ item.url }}) {
rewrite ^ https://{{ item.url }}$request_uri permanent;
}
{% endif %}
# Let's Encrypt # Let's Encrypt
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;

7
ansible/roles/deploy/tasks/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Deploy Wordpress sites
include_tasks: wordpress.yml
loop: "{{ sites }}"
when: item.type == "wordpress"
tags: wordpress

23
ansible/roles/deploy/tasks/wordpress.yml Normal file
View file

@ -0,0 +1,23 @@
- name: "Launch the site's containers"
docker_compose:
project_src: "{{ sites_path }}/{{ item.slug }}"
state: present
build: yes
restarted: yes
- name: "Symlink nginx configuration to sites-enabled"
file:
src: "/etc/nginx/sites-available/{{ item.url }}"
dest: "/etc/nginx/sites-enabled/{{ item.url }}"
state: link
become: yes
- name: Verify nginx configuration
command: "nginx -t"
become: yes
- name: Restart nginx service
service:
name: nginx
state: restarted
become: yes

3
ansible/sites.yml Normal file
View file

@ -0,0 +1,3 @@
---
- import_playbook: build.yml
- import_playbook: deploy.yml

13
jitsi/ansible/ansible.cfg Normal file
View file

@ -0,0 +1,13 @@
[defaults]
# To forward my SSH key to remote hosts, and be able to pull from gitlab
transport = ssh
[ssh_connection]
# ForwardAgent to forward my SSH key to remote hosts, and be able to pull from gitlab
# ControlMaster to avoid a bug when cloning: https://github.com/ansible/ansible/issues/13876
# ControlPersist for SSH multiplexing "-o ControlPersist=60s" <- Causes user not being added to docker group T_T
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto
# For speed
pipelining=True

610
jitsi/ansible/facts Normal file
View file

@ -0,0 +1,610 @@
__________________
< PLAY [discovery] >
------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [discovery]
______________
< TASK [debug] >
--------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [discovery] => {
"ansible_facts": {
"_facts_gathered": true,
"all_ipv4_addresses": [
"92.243.19.121"
],
"all_ipv6_addresses": [
"2001:4b98:dc0:43:216:3eff:fe57:c7c",
"fe80::216:3eff:fe57:c7c"
],
"ansible_local": {},
"apparmor": {
"status": "enabled"
},
"architecture": "x86_64",
"bios_date": "",
"bios_version": "",
"cmdline": {
"console": "hvc0",
"loglevel": "5",
"net.ifnames": "0",
"nomce": true,
"ro": true,
"root": "LABEL=debian-buster"
},
"date_time": {
"date": "2020-04-09",
"day": "09",
"epoch": "1586448390",
"hour": "18",
"iso8601": "2020-04-09T16:06:30Z",
"iso8601_basic": "20200409T180630161764",
"iso8601_basic_short": "20200409T180630",
"iso8601_micro": "2020-04-09T16:06:30.161920Z",
"minute": "06",
"month": "04",
"second": "30",
"time": "18:06:30",
"tz": "CEST",
"tz_offset": "+0200",
"weekday": "Thursday",
"weekday_number": "4",
"weeknumber": "14",
"year": "2020"
},
"default_ipv4": {
"address": "92.243.19.121",
"alias": "eth0",
"broadcast": "92.243.19.255",
"gateway": "92.243.19.254",
"interface": "eth0",
"macaddress": "00:16:3e:57:0c:7c",
"mtu": 1500,
"netmask": "255.255.252.0",
"network": "92.243.16.0",
"type": "ether"
},
"default_ipv6": {
"address": "2001:4b98:dc0:43:216:3eff:fe57:c7c",
"gateway": "fe80::216:3eff:feea:dd92",
"interface": "eth0",
"macaddress": "00:16:3e:57:0c:7c",
"mtu": 1500,
"prefix": "64",
"scope": "global",
"type": "ether"
},
"device_links": {
"ids": {},
"labels": {
"xvda1": [
"debian-buster"
],
"xvdz": [
"swap"
]
},
"masters": {},
"uuids": {
"xvda1": [
"01e4a304-e4a0-4b1d-adbc-866afe76158e"
],
"xvdz": [
"bb771606-7c58-4be2-803a-234b6fa9c032"
]
}
},
"devices": {
"xvda": {
"holders": [],
"host": "",
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": []
},
"model": null,
"partitions": {
"xvda1": {
"holders": [],
"links": {
"ids": [],
"labels": [
"debian-buster"
],
"masters": [],
"uuids": [
"01e4a304-e4a0-4b1d-adbc-866afe76158e"
]
},
"sectors": "104855519",
"sectorsize": 512,
"size": "50.00 GB",
"start": "2048",
"uuid": "01e4a304-e4a0-4b1d-adbc-866afe76158e"
}
},
"removable": "0",
"rotational": "0",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "none",
"sectors": "104857600",
"sectorsize": "512",
"size": "50.00 GB",
"support_discard": "0",
"vendor": null,
"virtual": 1
},
"xvdz": {
"holders": [],
"host": "",
"links": {
"ids": [],
"labels": [
"swap"
],
"masters": [],
"uuids": [
"bb771606-7c58-4be2-803a-234b6fa9c032"
]
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "0",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "none",
"sectors": "1482752",
"sectorsize": "512",
"size": "724.00 MB",
"support_discard": "0",
"vendor": null,
"virtual": 1
}
},
"distribution": "Debian",
"distribution_file_parsed": true,
"distribution_file_path": "/etc/os-release",
"distribution_file_variety": "Debian",
"distribution_major_version": "10",
"distribution_release": "buster",
"distribution_version": "10",
"dns": {
"nameservers": [
"155.133.140.130",
"155.133.140.129",
"2001:4b98:dc6:255::129"
],
"options": {
"attempts": "3",
"rotate": true,
"timeout": "1"
}
},
"domain": "",
"effective_group_id": 0,
"effective_user_id": 0,
"env": {
"HOME": "/root",
"LANG": "en_US.UTF-8",
"LC_CTYPE": "fr_FR.UTF-8",
"LOGNAME": "root",
"MAIL": "/var/mail/root",
"PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PWD": "/home/adrien",
"SHELL": "/bin/bash",
"SUDO_COMMAND": "/bin/sh -c echo BECOME-SUCCESS-jogxnlsbhumrfjsvpnlkcmumvohyokvj ; /usr/bin/python3",
"SUDO_GID": "100",
"SUDO_UID": "1000",
"SUDO_USER": "adrien",
"TERM": "unknown",
"USER": "root"
},
"eth0": {
"active": true,
"device": "eth0",
"features": {
"esp_hw_offload": "off [fixed]",
"esp_tx_csum_hw_offload": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "off [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "off [fixed]",
"netns_local": "off [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off [fixed]",
"rx_checksumming": "on [fixed]",
"rx_fcs": "off [fixed]",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "off [fixed]",
"rx_vlan_offload": "off [fixed]",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tls_hw_record": "off [fixed]",
"tls_hw_rx_offload": "off [fixed]",
"tls_hw_tx_offload": "off [fixed]",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "off [fixed]",
"tx_checksum_ipv4": "on [fixed]",
"tx_checksum_ipv6": "on",
"tx_checksum_sctp": "off [fixed]",
"tx_checksumming": "on",
"tx_esp_segmentation": "off [fixed]",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "on [fixed]",
"tx_ipxip4_segmentation": "off [fixed]",
"tx_ipxip6_segmentation": "off [fixed]",
"tx_lockless": "off [fixed]",
"tx_nocache_copy": "off",
"tx_scatter_gather": "on",
"tx_scatter_gather_fraglist": "off [fixed]",
"tx_sctp_segmentation": "off [fixed]",
"tx_tcp6_segmentation": "on",
"tx_tcp_ecn_segmentation": "off [fixed]",
"tx_tcp_mangleid_segmentation": "off",
"tx_tcp_segmentation": "on",
"tx_udp_segmentation": "off [fixed]",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "off [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "off",
"vlan_challenged": "off [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "92.243.19.121",
"broadcast": "92.243.19.255",
"netmask": "255.255.252.0",
"network": "92.243.16.0"
},
"ipv6": [
{
"address": "2001:4b98:dc0:43:216:3eff:fe57:c7c",
"prefix": "64",
"scope": "global"
},
{
"address": "fe80::216:3eff:fe57:c7c",
"prefix": "64",
"scope": "link"
}
],
"macaddress": "00:16:3e:57:0c:7c",
"module": "xen_netfront",
"mtu": 1500,
"pciid": "vif-0",
"promisc": false,
"timestamping": [
"rx_software",
"software"
],
"type": "ether"
},
"fibre_channel_wwn": [],
"fips": false,
"form_factor": "",
"fqdn": "discovery",
"gather_subset": [
"all"
],
"hostname": "discovery",
"hostnqn": "",
"interfaces": [
"eth0",
"lo"
],
"is_chroot": false,
"iscsi_iqn": "",
"kernel": "4.19.0-5-amd64",
"kernel_version": "#1 SMP Debian 4.19.37-5 (2019-06-19)",
"lo": {
"active": true,
"device": "lo",
"features": {
"esp_hw_offload": "off [fixed]",
"esp_tx_csum_hw_offload": "off [fixed]",
"fcoe_mtu": "off [fixed]",
"generic_receive_offload": "on",
"generic_segmentation_offload": "on",
"highdma": "on [fixed]",
"hw_tc_offload": "off [fixed]",
"l2_fwd_offload": "off [fixed]",
"large_receive_offload": "off [fixed]",
"loopback": "on [fixed]",
"netns_local": "on [fixed]",
"ntuple_filters": "off [fixed]",
"receive_hashing": "off [fixed]",
"rx_all": "off [fixed]",
"rx_checksumming": "on [fixed]",
"rx_fcs": "off [fixed]",
"rx_gro_hw": "off [fixed]",
"rx_udp_tunnel_port_offload": "off [fixed]",
"rx_vlan_filter": "off [fixed]",
"rx_vlan_offload": "off [fixed]",
"rx_vlan_stag_filter": "off [fixed]",
"rx_vlan_stag_hw_parse": "off [fixed]",
"scatter_gather": "on",
"tcp_segmentation_offload": "on",
"tls_hw_record": "off [fixed]",
"tls_hw_rx_offload": "off [fixed]",
"tls_hw_tx_offload": "off [fixed]",
"tx_checksum_fcoe_crc": "off [fixed]",
"tx_checksum_ip_generic": "on [fixed]",
"tx_checksum_ipv4": "off [fixed]",
"tx_checksum_ipv6": "off [fixed]",
"tx_checksum_sctp": "on [fixed]",
"tx_checksumming": "on",
"tx_esp_segmentation": "off [fixed]",
"tx_fcoe_segmentation": "off [fixed]",
"tx_gre_csum_segmentation": "off [fixed]",
"tx_gre_segmentation": "off [fixed]",
"tx_gso_partial": "off [fixed]",
"tx_gso_robust": "off [fixed]",
"tx_ipxip4_segmentation": "off [fixed]",
"tx_ipxip6_segmentation": "off [fixed]",
"tx_lockless": "on [fixed]",
"tx_nocache_copy": "off [fixed]",
"tx_scatter_gather": "on [fixed]",
"tx_scatter_gather_fraglist": "on [fixed]",
"tx_sctp_segmentation": "on",
"tx_tcp6_segmentation": "on",
"tx_tcp_ecn_segmentation": "on",
"tx_tcp_mangleid_segmentation": "on",
"tx_tcp_segmentation": "on",
"tx_udp_segmentation": "off [fixed]",
"tx_udp_tnl_csum_segmentation": "off [fixed]",
"tx_udp_tnl_segmentation": "off [fixed]",
"tx_vlan_offload": "off [fixed]",
"tx_vlan_stag_hw_insert": "off [fixed]",
"udp_fragmentation_offload": "off",
"vlan_challenged": "on [fixed]"
},
"hw_timestamp_filters": [],
"ipv4": {
"address": "127.0.0.1",
"broadcast": "host",
"netmask": "255.0.0.0",
"network": "127.0.0.0"
},
"ipv6": [
{
"address": "::1",
"prefix": "128",
"scope": "host"
}
],
"mtu": 65536,
"promisc": false,
"timestamping": [
"tx_software",
"rx_software",
"software"
],
"type": "loopback"
},
"lsb": {
"codename": "buster",
"description": "Debian GNU/Linux 10 (buster)",
"id": "Debian",
"major_release": "10",
"release": "10"
},
"machine": "x86_64",
"machine_id": "0dab42506f864d22a0b29ef98680eb7d",
"memfree_mb": 871,
"memory_mb": {
"nocache": {
"free": 1809,
"used": 174
},
"real": {
"free": 871,
"total": 1983,
"used": 1112
},
"swap": {
"cached": 0,
"free": 723,
"total": 723,
"used": 0
}
},
"memtotal_mb": 1983,
"module_setup": true,
"mounts": [
{
"block_available": 11896660,
"block_size": 4096,
"block_total": 12884851,
"block_used": 988191,
"device": "/dev/xvda1",
"fstype": "ext4",
"inode_available": 3232800,
"inode_total": 3276800,
"inode_used": 44000,
"mount": "/",
"options": "rw,noatime,errors=remount-ro",
"size_available": 48728719360,
"size_total": 52776349696,
"uuid": "01e4a304-e4a0-4b1d-adbc-866afe76158e"
},
{
"block_available": 0,
"block_size": 4096,
"block_total": 0,
"block_used": 0,
"device": "/etc/auto.gandi",
"fstype": "autofs",
"inode_available": 0,
"inode_total": 0,
"inode_used": 0,
"mount": "/srv",
"options": "rw,relatime,fd=6,pgrp=456,timeout=2592000,minproto=5,maxproto=5,indirect,pipe_ino=14047",
"size_available": 0,
"size_total": 0,
"uuid": "N/A"
}
],
"nodename": "discovery",
"os_family": "Debian",
"pkg_mgr": "apt",
"proc_cmdline": {
"console": [
"ttyS0",
"hvc0"
],
"loglevel": "5",
"net.ifnames": "0",
"nomce": true,
"ro": true,
"root": "LABEL=debian-buster"
},
"processor": [
"0",
"GenuineIntel",
"Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz",
"1",
"GenuineIntel",
"Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz"
],
"processor_cores": 2,
"processor_count": 2,
"processor_threads_per_core": 1,
"processor_vcpus": 2,
"product_name": "",
"product_serial": "",
"product_uuid": "",
"product_version": "",
"python": {
"executable": "/usr/bin/python3",
"has_sslcontext": true,
"type": "cpython",
"version": {
"major": 3,
"micro": 3,
"minor": 7,
"releaselevel": "final",
"serial": 0
},
"version_info": [
3,
7,
3,
"final",
0
]
},
"python_version": "3.7.3",
"real_group_id": 0,
"real_user_id": 0,
"selinux": {
"status": "Missing selinux Python library"
},
"selinux_python_present": false,
"service_mgr": "systemd",
"ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDlD/fvsGCIPE5yqHrbkAWHpyYYmZxg4MT5K46St7yVy5/j+WWQcvY6eypSwZR7kbxqytQ2G43kZWpobXt9rEX8=",
"ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIJsvcDTwcMXFkHgwGh5zy/Z6DROX+N+A3hcnF8WJM8cm",
"ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCfuxAxZVttU3sDZp4/ENcouB1/YxcgX+3rN8kw3FCC4KB/F+uYNgNwiRR2uC8p2oVDHl3YrCFg54+Sz3QQ1yzrVsMBlts2uEgiuefxe0hhGPdzv/QluoGssPwsWdWi0jLKG4hNSwjq2syKGl90RB4JqzyRUsXaWL3r0aO/3mTXK2u38t8+dIsoJ5oiifVybsPfqCvqvNhLPpTAWnaOHiksOim1AFvjNSNT/NOajOGQORExnkLXMJ2UQWqCHbLJaHjvhhPUhdE/+T3p91Epe1J9FVXSJOoffDesUeWRF8NBg65WfBnc+A1u1uYquLQE2CkluWIfDSKDY/rKjmvw7Z/J",
"swapfree_mb": 723,
"swaptotal_mb": 723,
"system": "Linux",
"system_capabilities": [
"cap_chown",
"cap_dac_override",
"cap_dac_read_search",
"cap_fowner",
"cap_fsetid",
"cap_kill",
"cap_setgid",
"cap_setuid",
"cap_setpcap",
"cap_linux_immutable",
"cap_net_bind_service",
"cap_net_broadcast",
"cap_net_admin",
"cap_net_raw",
"cap_ipc_lock",
"cap_ipc_owner",
"cap_sys_module",
"cap_sys_rawio",
"cap_sys_chroot",
"cap_sys_ptrace",
"cap_sys_pacct",
"cap_sys_admin",
"cap_sys_boot",
"cap_sys_nice",
"cap_sys_resource",
"cap_sys_time",
"cap_sys_tty_config",
"cap_mknod",
"cap_lease",
"cap_audit_write",
"cap_audit_control",
"cap_setfcap",
"cap_mac_override",
"cap_mac_admin",
"cap_syslog",
"cap_wake_alarm",
"cap_block_suspend",
"cap_audit_read+ep"
],
"system_capabilities_enforced": "True",
"system_vendor": "",
"uptime_seconds": 2542,
"user_dir": "/root",
"user_gecos": "root",
"user_gid": 0,
"user_id": "root",
"user_shell": "/bin/bash",
"user_uid": 0,
"userspace_architecture": "x86_64",
"userspace_bits": "64",
"virtualization_role": "guest",
"virtualization_type": "xen"
}
}
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
discovery : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

6
jitsi/ansible/install.yml Normal file
View file

@ -0,0 +1,6 @@
---
- hosts: discovery
become: true
roles:
- common
- docker

7
jitsi/ansible/inventory Normal file
View file

@ -0,0 +1,7 @@
discovery ansible_host=92.243.19.121 ansible_user=adrien
[py3-hosts]
discovery
[py3-hosts:vars]
ansible_python_interpreter=/usr/bin/python3

46
jitsi/ansible/roles/common/tasks/main.yml Normal file
View file

@ -0,0 +1,46 @@
---
- name: "Check that host runs Debian buster/sid on x86_64"
assert:
that:
- "ansible_architecture == 'aarch64' or ansible_architecture == 'x86_64'"
- "ansible_os_family == 'Debian'"
- name: "Upgrade system"
apt:
upgrade: dist # Should we do a full uprade instead of a dist one?
update_cache: yes
cache_valid_time: 3600
autoclean: yes
autoremove: yes
- name: "Install base tools"
apt:
state: present
update_cache: no
name:
- atop
- bmon
- curl
- dnsutils
- fail2ban
- git
- htop
- iftop
- iotop
- iproute2
- iptables
- iptables-persistent
- iputils-ping
- less
- net-tools
- nginx
- screen
- strace
- sudo
- tar
- tcpdump
- unzip
- vim

49
jitsi/ansible/roles/docker/tasks/main.yml Normal file
View file

@ -0,0 +1,49 @@
---
- name: "Check that host runs Debian buster/sid on x86_64"
assert:
that:
- "ansible_architecture == 'aarch64' or ansible_architecture == 'x86_64'"
- "ansible_os_family == 'Debian'"
- name: Remove stale Docker versions
apt:
state: absent
name:
- docker
- docker-engine
- docker.io
- containerd
- runc
- name: Install Docker prerequisities
apt:
state: present
update_cache: yes
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
- name: Add Docker's GPG key to apt
apt_key:
url: https://download.docker.com/linux/debian/gpg
- name: Add Docker's repository to apt
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian buster stable
state: present
- name: Install Docker
apt:
state: present
update_cache: yes
name:
- docker-ce
- docker-ce-cli
- containerd.io
# For docker-compose it's a bit lame:
# sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

10
jitsi/ansible/roles/jitsi/tasks/main.yml Normal file
View file

@ -0,0 +1,10 @@
- name: Create output directory
file:
name: /jitsi
state: directory
owner: adrien
group: adrien
- name: Clone deuxfleurs repo to remote
git:
src:

0
sites/arvuhez/README.md → sites/arvuhez.old/README.md
View file

0
sites/arvuhez/docker-compose.yml → sites/arvuhez.old/docker-compose.yml
View file

0
sites/lexperimental/docker-compose.yml → sites/lexperimental.old/docker-compose.yml
View file

0
sites/lexperimental/lexperimental.fr → sites/lexperimental.old/lexperimental.fr
View file

0
sites/rennes-des-bois/README.md → sites/rennes-des-bois.old/README.md
View file

0
sites/rennes-des-bois/docker-compose.yml → sites/rennes-des-bois.old/docker-compose.yml
View file