# Zone Interne # LDAP Master (CT108) : 10.0.2.1 | 10.1.0.108 # Mail Backend (CT109) : 10.0.2.10 | 10.1.0.109 # LDAP WebUI (CT110) : 10.0.2.15 | 10.1.0.110 # NextCloud (CT111) : 10.0.2.20 | 10.1.0.111 # Gitea (CT112) : 10.0.2.21 | 10.1.0.112 # Gateway 10.0.2.0/24 -> 10.0.2.254 # Gateway 10.1.0.0/24 -> 10.1.0.254 # Créer les conteneurs, les mets à jours, configure les mises à jours de sécurité automatique, # installe des paquets utile et ceux des services, met en place ferm via notre template. - hosts: localhost connection: local gather_facts: no tasks: - include_vars: /root/src/source_pve.yml - include_vars: /root/src/password_interne.yml - name: Create LXC for LDAP Master (CT108) proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.4' node: alpha cpus: 1 cores: 2 memory: 2048 disk: 16 swap: 1024 storage: local-zfs ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz' password: "{{ pass_ldap_master }}" hostname: LDAPMaster vmid: 108 onboot: yes unprivileged: yes nameserver: '10.0.2.253' netif: '{"net0":"name=eth0,ip=10.0.2.1/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.108/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}' pubkey: "{{ ssh_pub }}" state: present - name: Create LXC for Mail Backend (CT109) proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.4' node: alpha cpus: 1 cores: 2 memory: 2048 disk: 64 swap: 1024 storage: local-zfs ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz' password: "{{ pass_mailback }}" hostname: MailBackend vmid: 109 onboot: yes unprivileged: yes nameserver: '10.0.2.253' netif: '{"net0":"name=eth0,ip=10.0.2.10/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.109/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}' pubkey: "{{ ssh_pub }}" state: present - name: Create LXC for LDAP Web UI (CT110) proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.4' node: alpha cpus: 1 cores: 2 memory: 1024 disk: 16 swap: 1024 storage: local-zfs ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz' password: "{{ pass_ldap_webui }}" hostname: LDAPUI vmid: 110 onboot: yes unprivileged: yes nameserver: '10.0.2.253' netif: '{"net0":"name=eth0,ip=10.0.2.15/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.110/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}' pubkey: "{{ ssh_pub }}" state: present - name: Create LXC for NextCloud (CT110) proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.4' node: alpha cpus: 1 cores: 2 memory: 2048 disk: 16 swap: 1024 storage: local-zfs ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz' password: "{{ pass_nextcloud }}" hostname: NextCloud vmid: 111 onboot: yes unprivileged: yes nameserver: '10.0.2.253' netif: '{"net0":"name=eth0,ip=10.0.2.20/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.111/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}' pubkey: "{{ ssh_pub }}" state: present - name: Create LXC for Gitea (CT111) proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.4' node: alpha cpus: 1 cores: 2 memory: 2048 disk: 16 swap: 1024 storage: local-zfs ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz' password: "{{ pass_gitea }}" hostname: Gitea vmid: 112 onboot: yes unprivileged: yes nameserver: '10.0.2.253' netif: '{"net0":"name=eth0,ip=10.0.2.21/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.112/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}' pubkey: "{{ ssh_pub }}" state: present - name: Start Interne container proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.4' vmid: "{{ item }}" state: started with_items: - '108' - '109' - '110' - '111' - '112' - hosts: zoneinterne tasks: - name: Set timezone for Interne timezone: name: Europe/Paris - name: APT configuration for Interne copy: dest: "/etc/apt/apt.conf.d/01proxy" content: | Acquire::http { Proxy "http://10.0.2.252:9999"; }; - name: WGET configuration for Interne copy: dest: "/root/.wgetrc" content: | http_proxy = http://10.0.2.252:3128/ https_proxy = http://10.0.2.252:3128/ use_proxy = on - name: Apt Update for Interne apt: update_cache: yes - name: Apt Upgrade for Interne apt: upgrade: dist - name: Install utils for Interne apt: pkg: - vim - net-tools - nmap - dnsutils - ferm - unattended-upgrades - apt-listchanges - wget - curl - git - name: Unattended-Upgrades Activation for Interne shell: | echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections dpkg-reconfigure -f noninteractive unattended-upgrades echo 'Unattended-Upgrade::Mail "root";' >> /etc/apt/apt.conf.d/50unattended-upgrades - hosts: ldap tasks: - name: Install requirement for LDAP apt: pkg: - slapd - ldap-utils - gnutls-bin - ssl-cert - name: Copy ferm configuration for LDAP copy: src: /root/src/ferm/ldap_ferm.conf dest: /etc/ferm/ferm.conf owner: root group: root mode: '0640' - name: Restart ferm for LDAP systemd: name: "ferm" state: restarted - hosts: webinterface tasks: - name: Copy ferm configuration for Web copy: src: /root/src/ferm/webinterface_ferm.conf dest: /etc/ferm/ferm.conf owner: root group: root mode: '0640' - name: Restart ferm for Web systemd: name: "ferm" state: restarted - hosts: mail tasks: - name: Copy ferm configuration for Mail copy: src: /root/src/ferm/mail_ferm.conf dest: /etc/ferm/ferm.conf owner: root group: root mode: '0640' - name: Restart ferm for Mail systemd: name: "ferm" state: restarted