infra-ansible issueshttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues2020-03-14T08:45:05Zhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/1Rename this project2020-03-14T08:45:05ZHgORename this projectProposals :
- ansible-playbooks
- infra-ansible-playbooks
- infra-ansible
- something else ?Proposals :
- ansible-playbooks
- infra-ansible-playbooks
- infra-ansible
- something else ?HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/2Create an Ansible playbook to install Nextcloud on new servers2021-11-03T11:27:08ZHgOCreate an Ansible playbook to install Nextcloud on new serversHave a look at https://help.nextcloud.com/t/ansible-playbook-to-create-nextcloud-server/3023/12
Other playbooks elsewhere:
- https://github.com/ReinerNippes/nextcloud (apache / nginx, mariadb / postgres, redis, debian stretch / buster, ...Have a look at https://help.nextcloud.com/t/ansible-playbook-to-create-nextcloud-server/3023/12
Other playbooks elsewhere:
- https://github.com/ReinerNippes/nextcloud (apache / nginx, mariadb / postgres, redis, debian stretch / buster, ...)
- https://git.coop/webarch/nextcloud-server (apache, mariadb, debian stretch)
- https://github.com/nkakouros-original/ansible-role-nextcloud (only nextcloud)HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/3Provisioning via LXC2020-03-11T17:55:30ZHgOProvisioning via LXCWe should have a playbook that let us spawn linux containers (LXC) and configure them through Ansible.
That way, we would be able to easily setup a lab for Neutrinet.We should have a playbook that let us spawn linux containers (LXC) and configure them through Ansible.
That way, we would be able to easily setup a lab for Neutrinet.HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/4Remove firewall config2020-05-23T20:26:15ZHgORemove firewall configAs the firewall will be managed by PFSense, we don't need to setup the firewall with Ansible for now. Maybe later we will need some tasks to configure PFSense, but it's not a priority.As the firewall will be managed by PFSense, we don't need to setup the firewall with Ansible for now. Maybe later we will need some tasks to configure PFSense, but it's not a priority.HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/5Use dynamic IPs2020-05-23T18:01:08ZHgOUse dynamic IPsBy default, lxd create a default profile with some random network bridge.
Therefore, ssh connection to the containers won't work for users in most cases.
Instead of trying to setup static IP, another approach would be to configure the ...By default, lxd create a default profile with some random network bridge.
Therefore, ssh connection to the containers won't work for users in most cases.
Instead of trying to setup static IP, another approach would be to configure the hosts file of the user and connect through the container's hostname.HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/6Minimal provisioning for VM created with Proxmox2020-05-24T12:38:47ZHgOMinimal provisioning for VM created with Proxmox- [x] Install sudo (requires root password to connect through `su`)
- [x] Add current user to sudoers
- [x] Reset ssh connection
- [x] Install qemu-guest-agent, which enables features in Proxmox
- [x] Create documentation for manual setu...- [x] Install sudo (requires root password to connect through `su`)
- [x] Add current user to sudoers
- [x] Reset ssh connection
- [x] Install qemu-guest-agent, which enables features in Proxmox
- [x] Create documentation for manual setup
- [x] Add a line in host file with user and root password
- [x] Configure SSH client configHgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/7Prevent password removal of root for Proxmox servers2021-05-29T12:27:32ZHgOPrevent password removal of root for Proxmox serversServers where we want to keep root password :
- nam
- bourServers where we want to keep root password :
- nam
- bourhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/8Fine-grained users and SSH keys management2021-01-16T18:52:58ZHgOFine-grained users and SSH keys managementWe want to be able to create users on certain hosts or groups.
We should be able to define the user's groups (e.g. if the user is part of sudoers), the user's status (present / absent), and of course their SSH public keys.
In the Ansib...We want to be able to create users on certain hosts or groups.
We should be able to define the user's groups (e.g. if the user is part of sudoers), the user's status (present / absent), and of course their SSH public keys.
In the Ansible structure, the user's SSH keys are stored inside a repository. This repository also contains a `main.yml` config file with the list of groups and the user's status.HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/9Create an Ansible playbook to install Discourse2021-01-17T20:17:56ZHgOCreate an Ansible playbook to install DiscourseWe want to manage the Discourse install with Ansible.
We should be able to configure Discourse with :
- list of plugins
- upgrades channel (stable, tests-passed, ...)
- smtp parameters
- database parameters (local or remote?)
Discourse...We want to manage the Discourse install with Ansible.
We should be able to configure Discourse with :
- list of plugins
- upgrades channel (stable, tests-passed, ...)
- smtp parameters
- database parameters (local or remote?)
Discourse should be behind a reverse proxy such as Nginx, that way we can display maintenance pages.
Because Discourse upgrades are managed through the admin panel, there is no need to support this for now.https://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/10Nettoyer le playbook commun2021-05-23T12:52:06ZHgONettoyer le playbook communPasser en revue le playbook `commun` pour voir ce qu'on garde et ce qui est devenu obsolète.
- [x] Dépôts logiciels
- [x] Config serveur OpenSSH
- [x] sshguard
- [x] supervisor
- [x] Config des locales, timezones et NTP
- [x] Outils com...Passer en revue le playbook `commun` pour voir ce qu'on garde et ce qui est devenu obsolète.
- [x] Dépôts logiciels
- [x] Config serveur OpenSSH
- [x] sshguard
- [x] supervisor
- [x] Config des locales, timezones et NTP
- [x] Outils communs
- [x] unbound
- [x] Gestion des utilisateurs et clés SSH
- [x] zshHgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/11Rôle php-fpm2021-05-30T15:54:04ZHgORôle php-fpmAvoir un rôle pour installer une application web en PHP
- [x] Installation de PHP
- [x] Ajout de modules PHP
- [x] Configuration de la pool php-fpm pour un utilisateur donnéAvoir un rôle pour installer une application web en PHP
- [x] Installation de PHP
- [x] Ajout de modules PHP
- [x] Configuration de la pool php-fpm pour un utilisateur donnéhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/12Rôle Caddy22021-05-25T15:52:28ZHgORôle Caddy2Rôle pour installer Caddy2 et configurer un virtual host pour une application web
- [x] Installation de Caddy2
- [x] Configuration d'un virtual host
- [x] Gestion des logsRôle pour installer Caddy2 et configurer un virtual host pour une application web
- [x] Installation de Caddy2
- [x] Configuration d'un virtual host
- [x] Gestion des logshttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/13Playbook PostgreSQL2021-10-27T21:19:56ZHgOPlaybook PostgreSQLPlaybook pour installer un PostgreSQL en HA avec `patroni` et `etcd`
- [ ] Installation de Patroni
- [x] Installation de etcd
- [x] Installation de PostgreSQLPlaybook pour installer un PostgreSQL en HA avec `patroni` et `etcd`
- [ ] Installation de Patroni
- [x] Installation de etcd
- [x] Installation de PostgreSQLHgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/14Rôle relay smtp2021-05-04T17:12:02ZHgORôle relay smtpRôle permettant à une machine d'envoyer des mails via un serveur SMTP distant
Par exemple, en installant un `postfix` configuré en MTA (mail transfert agent)Rôle permettant à une machine d'envoyer des mails via un serveur SMTP distant
Par exemple, en installant un `postfix` configuré en MTA (mail transfert agent)https://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/15Playbook Keycloak2022-01-29T15:07:50ZHgOPlaybook KeycloakPlaybook pour installer un keycloak en HA
La configuration du SSO fera l'objet d'un NeutritonPlaybook pour installer un keycloak en HA
La configuration du SSO fera l'objet d'un Neutritonhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/16Ajout clé SSH de célo2021-05-23T16:17:22ZHgOAjout clé SSH de céloHgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/17Rôle web-app2021-05-25T15:51:24ZHgORôle web-appPour déployer une application web vide
- [x] Créer l'utilisateur de la web app
- [x] Créer le dossier web dans `/var/www`
- [x] Configurer un vhost pour caddy2
- [ ] (optionnel) Configurer un pool pour php-fpm
- [x] Utiliser le rôle pou...Pour déployer une application web vide
- [x] Créer l'utilisateur de la web app
- [x] Créer le dossier web dans `/var/www`
- [x] Configurer un vhost pour caddy2
- [ ] (optionnel) Configurer un pool pour php-fpm
- [x] Utiliser le rôle pour la VM web-static
Note: Supposer que caddy2 est installé.HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/18Playbook DokuWiki2021-07-26T13:36:34ZHgOPlaybook DokuWiki- [x] Importer le rôle web-app
- [x] Configurer php-fpm
- [x] Configurer caddy2
- [ ] Installer dokuwiki
- [ ] (optionnel) Mettre à jour dokuwiki- [x] Importer le rôle web-app
- [x] Configurer php-fpm
- [x] Configurer caddy2
- [ ] Installer dokuwiki
- [ ] (optionnel) Mettre à jour dokuwikihttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/19Gestion de php-fpm via le rôle web_app2021-05-30T15:40:05ZHgOGestion de php-fpm via le rôle web_appHgOHgOhttps://gitlab.domainepublic.net/Neutrinet/infra-ansible/-/issues/20Ajout de tout les machine que nous gerons2021-07-19T12:00:14ZTharyrokAjout de tout les machine que nous geronsAjour de toutes les vm que nous avons et configuration correcte des reverses dnsAjour de toutes les vm que nous avons et configuration correcte des reverses dnsTharyrokTharyrok