coimbrap
/
projet_serveur_krkn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
projet_serveur_krkn/deploiement/sources/zone_interne/ct_interne.yml

254 lines
6.9 KiB
YAML
Raw Blame History

# Zone Interne
# LDAP Master (CT108) : 10.0.2.1 | 10.1.0.108
# Mail Backend (CT109) : 10.0.2.10 | 10.1.0.109
# LDAP WebUI (CT110) : 10.0.2.15 | 10.1.0.110
# NextCloud (CT111) : 10.0.2.20 | 10.1.0.111
# Gitea (CT112) : 10.0.2.21 | 10.1.0.112
# Gateway 10.0.2.0/24 -> 10.0.2.254
# Gateway 10.1.0.0/24 -> 10.1.0.254
# Créer les conteneurs, les mets à jours, configure les mises à jours de sécurité automatique,
# installe des paquets utile et ceux des services, met en place ferm via notre template.
- hosts: localhost
connection: local
gather_facts: no
tasks:
- include_vars: /root/src/source_pve.yml
- include_vars: /root/src/password_interne.yml
- name: Create LXC for LDAP Master (CT108)
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.4'
node: alpha
cpus: 1
cores: 2
memory: 2048
disk: 16
swap: 1024
storage: local-zfs
ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
password: "{{ pass_ldap_master }}"
hostname: LDAPMaster
vmid: 108
onboot: yes
unprivileged: yes
nameserver: '10.0.2.253'
netif: '{"net0":"name=eth0,ip=10.0.2.1/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.108/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
pubkey: "{{ ssh_pub }}"
state: present
- name: Create LXC for Mail Backend (CT109)
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.4'
node: alpha
cpus: 1
cores: 2
memory: 2048
disk: 64
swap: 1024
storage: local-zfs
ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
password: "{{ pass_mailback }}"
hostname: MailBackend
vmid: 109
onboot: yes
unprivileged: yes
nameserver: '10.0.2.253'
netif: '{"net0":"name=eth0,ip=10.0.2.10/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.109/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
pubkey: "{{ ssh_pub }}"
state: present
- name: Create LXC for LDAP Web UI (CT110)
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.4'
node: alpha
cpus: 1
cores: 2
memory: 1024
disk: 16
swap: 1024
storage: local-zfs
ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
password: "{{ pass_ldap_webui }}"
hostname: LDAPUI
vmid: 110
onboot: yes
unprivileged: yes
nameserver: '10.0.2.253'
netif: '{"net0":"name=eth0,ip=10.0.2.15/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.110/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
pubkey: "{{ ssh_pub }}"
state: present
- name: Create LXC for NextCloud (CT110)
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.4'
node: alpha
cpus: 1
cores: 2
memory: 2048
disk: 16
swap: 1024
storage: local-zfs
ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
password: "{{ pass_nextcloud }}"
hostname: NextCloud
vmid: 111
onboot: yes
unprivileged: yes
nameserver: '10.0.2.253'
netif: '{"net0":"name=eth0,ip=10.0.2.20/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.111/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
pubkey: "{{ ssh_pub }}"
state: present
- name: Create LXC for Gitea (CT111)
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.4'
node: alpha
cpus: 1
cores: 2
memory: 2048
disk: 16
swap: 1024
storage: local-zfs
ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
password: "{{ pass_gitea }}"
hostname: Gitea
vmid: 112
onboot: yes
unprivileged: yes
nameserver: '10.0.2.253'
netif: '{"net0":"name=eth0,ip=10.0.2.21/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.112/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
pubkey: "{{ ssh_pub }}"
state: present
- name: Start Interne container
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.4'
vmid: "{{ item }}"
state: started
with_items:
- '108'
- '109'
- '110'
- '111'
- '112'
- hosts: zoneinterne
tasks:
- name: Set timezone for Interne
timezone:
name: Europe/Paris
- name: APT configuration for Interne
copy:
dest: "/etc/apt/apt.conf.d/01proxy"
content: |
Acquire::http {
Proxy "http://10.0.2.252:9999";
};
- name: WGET configuration for Interne
copy:
dest: "/root/.wgetrc"
content: |
http_proxy = http://10.0.2.252:3128/
https_proxy = http://10.0.2.252:3128/
use_proxy = on
- name: Apt Update for Interne
apt:
update_cache: yes
- name: Apt Upgrade for Interne
apt:
upgrade: dist
- name: Install utils for Interne
apt:
pkg:
- vim
- net-tools
- nmap
- dnsutils
- ferm
- unattended-upgrades
- apt-listchanges
- wget
- curl
- git
- name: Unattended-Upgrades Activation for Interne
shell: |
echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
dpkg-reconfigure -f noninteractive unattended-upgrades
echo 'Unattended-Upgrade::Mail "root";' >> /etc/apt/apt.conf.d/50unattended-upgrades
- hosts: ldap
tasks:
- name: Install requirement for LDAP
apt:
pkg:
- slapd
- ldap-utils
- gnutls-bin
- ssl-cert
- name: Copy ferm configuration for LDAP
copy:
src: /root/src/ferm/ldap_ferm.conf
dest: /etc/ferm/ferm.conf
owner: root
group: root
mode: '0640'
- name: Restart ferm for LDAP
systemd:
name: "ferm"
state: restarted
- hosts: webinterface
tasks:
- name: Copy ferm configuration for Web
copy:
src: /root/src/ferm/webinterface_ferm.conf
dest: /etc/ferm/ferm.conf
owner: root
group: root
mode: '0640'
- name: Restart ferm for Web
systemd:
name: "ferm"
state: restarted
- hosts: mail
tasks:
- name: Copy ferm configuration for Mail
copy:
src: /root/src/ferm/mail_ferm.conf
dest: /etc/ferm/ferm.conf
owner: root
group: root
mode: '0640'
- name: Restart ferm for Mail
systemd:
name: "ferm"
state: restarted
Reference in New Issue View Git Blame Copy Permalink