inital commit (end)
This commit is contained in:
parent
ca56c39651
commit
0a0fa0b9f1
1
provisioning/group_vars/borg-client/.borgexclude
Normal file
1
provisioning/group_vars/borg-client/.borgexclude
Normal file
@ -0,0 +1 @@
|
|||||||
|
/data/borg/repos
|
19
provisioning/group_vars/borg-client/TODO.txt
Normal file
19
provisioning/group_vars/borg-client/TODO.txt
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
|
||||||
|
Ansible :
|
||||||
|
- Manage ssh (public) keys
|
||||||
|
- create a borg-specific .ssh conf folder in /data/borg/.ssh
|
||||||
|
- run borg with BORG_RSH="/bin/ssh -F configfile"
|
||||||
|
- create borg users everywhere
|
||||||
|
- set up cron job
|
||||||
|
- update the /data/borg/config/borg-conf.env with new hosts ?
|
||||||
|
|
||||||
|
Docker :
|
||||||
|
- something, probably.
|
||||||
|
|
||||||
|
DONE
|
||||||
|
manage multiple backup hosts (stop overwriting the conf', dumbie)
|
||||||
|
- could be done neatly with a yml conf file
|
||||||
|
- maybe also check around ~/.ssh/ssh_config if it could be done ?
|
||||||
|
|
||||||
|
Quickfix : use the same passphrase for a repo on each of its locations (hosts)
|
||||||
|
|
186
provisioning/group_vars/borg-client/borg-backup.sh
Executable file
186
provisioning/group_vars/borg-client/borg-backup.sh
Executable file
@ -0,0 +1,186 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# borg-backup.sh
|
||||||
|
# Script to run regularly to backup a Jean-Cloud machine
|
||||||
|
#
|
||||||
|
# This will create a separate borg repo for every item in the BORG_REPOS variable
|
||||||
|
# And in each location specified in the BORG_HOSTS variable
|
||||||
|
# Use the file borg-conf.env to set these.
|
||||||
|
#
|
||||||
|
# If it finds an item in the BORG_REPOS that isn't yet a borg repository on one
|
||||||
|
# of the BORG_HOSTS, it will init a new repo there.
|
||||||
|
#
|
||||||
|
# Dependencies:
|
||||||
|
# packages: borg > 1.4
|
||||||
|
# scripts: /usr[/local]/bin/driglibash-base
|
||||||
|
# files: /data/borg/config/borg-conf.env
|
||||||
|
# /data/borg/config/.borgexclude
|
||||||
|
|
||||||
|
# Cheatsheet:
|
||||||
|
# ${#array[@]} number of elements in array
|
||||||
|
# ${array[@]} each element in array (separate words)
|
||||||
|
# ${array[i]} i-th element in array
|
||||||
|
|
||||||
|
|
||||||
|
if test -s /usr/local/bin/driglibash-base -a -r /usr/local/bin/driglibash-base ; then
|
||||||
|
. /usr/local/bin/driglibash-base
|
||||||
|
elif test -s /usr/bin/driglibash-base -a -r /usr/bin/driglibash-base ; then
|
||||||
|
. /usr/bin/driglibash-base
|
||||||
|
else
|
||||||
|
die "Could'nt source driglibash. See https://github.com/adrian-amaglio/driglibash/"
|
||||||
|
fi
|
||||||
|
|
||||||
|
BORG_ENV="/data/borg/config/borg-conf.env";
|
||||||
|
|
||||||
|
test -s "$BORG_ENV" && test -r "$BORG_ENV" || die "Couldn't find \"$BORG_ENV\" configuration file!"
|
||||||
|
. "$BORG_ENV"
|
||||||
|
|
||||||
|
mkdir -p "$BORG_BASE_DIR" "$BORG_CACHE_DIR" "$BORG_CONFIG_DIR" "$BORG_TMPDIR" "$BORG_SECURITY_DIR" "$BORG_SECURITY_DIR/passphrases" "$BORG_SECURITY_DIR/repokeys"
|
||||||
|
|
||||||
|
function init_repo() {
|
||||||
|
# args :
|
||||||
|
# $1 : host (local path or ssh where the borg repo is stored)
|
||||||
|
# $2 : path (local dir(s) to be saved in the repo)
|
||||||
|
# $3 : name of the repo on (remote) host
|
||||||
|
# $4 : unique alias to identiy the host
|
||||||
|
|
||||||
|
test "$verbosity" -gt 0 && echo "init_repo( $1 \\ $2 \\ $3)"
|
||||||
|
|
||||||
|
mkdir -p "$BORG_SECURITY_DIR/passphrases/$4/"
|
||||||
|
mkdir -p "$BORG_SECURITY_DIR/repokeys/$4/"
|
||||||
|
|
||||||
|
#create passphrase
|
||||||
|
LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 128 > "$BORG_SECURITY_DIR/passphrases/$4/$3"
|
||||||
|
|
||||||
|
export BORG_PASSPHRASE=$(cat "$BORG_SECURITY_DIR/passphrases/$4/$3")
|
||||||
|
|
||||||
|
#init repo
|
||||||
|
|
||||||
|
test "$verbosity" -gt 1 && echo "borg init ${verbosity:+"--progress"} --make-parent-dirs -e repokey "$1/$3""
|
||||||
|
test "$verbosity" -gt 3 && read -p " Continue ?"
|
||||||
|
|
||||||
|
run borg init ${verbosity:+"--progress"} --make-parent-dirs -e repokey "$1/$3"
|
||||||
|
|
||||||
|
#create first entry
|
||||||
|
|
||||||
|
test "$verbosity" -gt 1 && echo "borg create ${verbosity:+"--progress"} ${BORG_EXCLUDE_FILE:+"--exclude-from $BORG_EXCLUDE_FILE"} "$1/$3"::"init-$(date +%Y-%m-%d_%H-%M-%S)" "$2""
|
||||||
|
test "$verbosity" -gt 3 && read -p " Continue ?"
|
||||||
|
|
||||||
|
run borg create ${verbosity:+"--progress"} ${BORG_EXCLUDE_FILE:+--exclude-from "$BORG_EXCLUDE_FILE"} "$1/$3"::"init-$(date +%Y-%m-%d_%H-%M-%S)" "$2"
|
||||||
|
|
||||||
|
#export repokey in case of repo catastrophic loss
|
||||||
|
|
||||||
|
test "$verbosity" -gt 1 && echo "borg key export "$1/$3" "$BORG_SECURITY_DIR/repokeys/$3""
|
||||||
|
test "$verbosity" -gt 3 && read -p " Continue ?"
|
||||||
|
|
||||||
|
run borg key export "$1/$3" "$BORG_SECURITY_DIR/repokeys/$4/$3"
|
||||||
|
#TODO These keys should be backuped somewhere
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
for alias in "${!host_mode[@]}" ; do
|
||||||
|
|
||||||
|
# Begin parameter validation
|
||||||
|
|
||||||
|
test -n "${host_repo_dir["$alias"]}" && test -d "${host_repo_dir[$alias]}" || pathchk -p -P "${host_repo_dir["$alias"]}" 2>/dev/null && mkdir -p "${host_repo_dir[$alias]}" || die "Config error! Host $alias : "${host_repo_dir["$alias"]}" isn't a valid repo dir."
|
||||||
|
|
||||||
|
if test "${host_mode[$alias]}" = "local" ; then
|
||||||
|
|
||||||
|
host="${host_repo_dir[$alias]}"
|
||||||
|
|
||||||
|
elif test "${host_mode[$alias]}" = "ssh" ; then
|
||||||
|
|
||||||
|
test -n "${host_user["$alias"]}" && echo "${host_user["$alias"]}" | grep -q -E "^[a-z_][a-z0-9_-]*$" || die "Config error! Host $alias : ${host_user["$alias"]} isn't a valid username."
|
||||||
|
|
||||||
|
test -z ${host_host["$alias"]} && die "Config error! Host $alias : you must provide a host in ssh mode!"
|
||||||
|
check_host=false
|
||||||
|
# IPv4 regexp
|
||||||
|
echo ${host_host["$alias"]} | grep -q -E "^([0-2]?[0-9]{1,2}\.){3}[0-2]?[0-9]{1,2}$" && check_host=true
|
||||||
|
# IPv6 regexp
|
||||||
|
echo ${host_host["$alias"]} | grep -q -E "^(((([a-f]|[0-9]){1,4})|:):){6}([a-f]|[0-9]){1,4}$" && check_host=true
|
||||||
|
# URL regexp
|
||||||
|
echo ${host_host["$alias"]} | grep -q -E "^[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*\.[a-z]{2,5}$" && check_host=true
|
||||||
|
|
||||||
|
test "$check_host" = true || die "Config error! Host $alias : ${host_host["$alias"]} isn't a valid host (expected IPv4, IPv6 or URL)."
|
||||||
|
|
||||||
|
test -n "${host_port["$alias"]}" && test "${host_port["$alias"]}" -gt 2>/dev/null 0 && test "${host_port["$alias"]}" -le 65536 || die "Config error! Host $alias : "${host_port["$alias"]}" isn't a valid port."
|
||||||
|
|
||||||
|
# End parameter validation
|
||||||
|
|
||||||
|
# Parameter expansion lvl: I was not ready for this.
|
||||||
|
host="ssh://${host_user["$alias"]:+${host_user["$alias"]}@}\
|
||||||
|
${host_host["$alias"]:+${host_host["$alias"]}}\
|
||||||
|
${host_port["$alias"]:+:${host_port["$alias"]}}\
|
||||||
|
${host_repo_dir["$alias"]:+${host_repo_dir["$alias"]}}"
|
||||||
|
|
||||||
|
# super-secret-back-door
|
||||||
|
elif test "${host_mode[$alias]}" = "iknowwhatimdoing" ; then
|
||||||
|
host="${host_host["$alias"]}"
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
die "Config error! Host $alias : unrecognized mode ${host_mode[$alias]}"
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
test "$verbosity" -gt 0 && section "$alias: $host"
|
||||||
|
|
||||||
|
for repo in "${local_repos[@]}" ; do
|
||||||
|
|
||||||
|
test "$verbosity" -gt 0 && section "$repo"
|
||||||
|
|
||||||
|
# we use a python-like name for the repo:
|
||||||
|
reponame=$(echo "$repo" | tr "/" ".")
|
||||||
|
|
||||||
|
#Check that the repo exists (we could be backuping a new service)
|
||||||
|
|
||||||
|
check_repo_exists=false;
|
||||||
|
|
||||||
|
if test "${host_mode[$alias]}" = "ssh" ; then
|
||||||
|
export BORG_PASSPHRASE=$(cat "$BORG_SECURITY_DIR/passphrases/$alias/$reponame") && borg list "$host/$reponame" > /dev/null && check_repo_exists=true || "Could'nt open repo $reponame at host $host. Creating it."
|
||||||
|
fi
|
||||||
|
|
||||||
|
test "${host_mode[$alias]}" = "local" && test -d "$host/$reponame" && test -s "$host/$reponame/README" && grep -q "This is a Borg Backup repository." "$host/$reponame/README" && check_repo_exists=true
|
||||||
|
#TODO: this doesn't check if a distant repo exists
|
||||||
|
|
||||||
|
if $check_repo_exists = true ; then
|
||||||
|
|
||||||
|
#it's okay, repo exists, start the normal backup
|
||||||
|
test -s "$BORG_SECURITY_DIR/passphrases/$alias/$reponame" && export BORG_PASSPHRASE=$(cat "$BORG_SECURITY_DIR/passphrases/$alias/$reponame") || die "Couldn't get passphrase for repo $alias/$repo from file: $BORG_SECURITY_DIR/passphrases/$alias/$reponame"
|
||||||
|
|
||||||
|
test $verbosity -gt 1 && echo "borg create ${verbosity:+"--progress"} ${BORG_EXCLUDE_FILE:+--exclude-from "$BORG_EXCLUDE_FILE"} --compression obfuscate,115,auto,zstd,20 "$host/$reponame"::"$reponame-$(date +%Y-%m-%d_%H-%M-%S)" "$repo""
|
||||||
|
test $verbosity -gt 3 && read -p " Continue ?"
|
||||||
|
|
||||||
|
run borg create ${verbosity:+"--progress"} ${BORG_EXCLUDE_FILE:+--exclude-from "$BORG_EXCLUDE_FILE"} --compression obfuscate,115,auto,zstd,20 "$host/$reponame"::"$reponame-$(date +%Y-%m-%d_%H-%M-%S)" "$repo"
|
||||||
|
#TODO Check that zstd lvl 20 compression is not too cpu-intensive, could be reduced (or use lz4) (see borg help benchmark)
|
||||||
|
|
||||||
|
# Global retention parameters
|
||||||
|
hourly=${BORG_KEEP_HOURLY[all]:+"--keep-hourly=${BORG_KEEP_HOURLY[all]} "}
|
||||||
|
daily=${BORG_KEEP_DAILY[all]:+"--keep-daily=${BORG_KEEP_DAILY[all]} "}
|
||||||
|
weekly=${BORG_KEEP_WEEKLY[all]:+"--keep-weekly=${BORG_KEEP_WEEKLY[all]} "}
|
||||||
|
monthly=${BORG_KEEP_MONTHLY[all]:+"--keep-monthly=${BORG_KEEP_MONTHLY[all]} "}
|
||||||
|
yearly=${BORG_KEEP_YEARLY[all]:+"--keep-yearly=${BORG_KEEP_YEARLY[all]} "}
|
||||||
|
test $verbosity -gt 2 && echo "Global retention policy : $hourly $daily $weekly $monthly $yearly"
|
||||||
|
|
||||||
|
# Per-host retention parameters
|
||||||
|
test -n "${BORG_KEEP_HOURLY["$alias"]}" && hourly="--keep-hourly=${BORG_KEEP_HOURLY["$alias"]}"
|
||||||
|
test -n "${BORG_KEEP_DAILY["$alias"]}" && daily="--keep-daily=${BORG_KEEP_DAILY["$alias"]}"
|
||||||
|
test -n "${BORG_KEEP_WEEKLY["$alias"]}" && weekly="--keep-weekly=${BORG_KEEP_WEEKLY["$alias"]}"
|
||||||
|
test -n "${BORG_KEEP_MONTHLY["$alias"]}" && monthly="--keep-monthly=${BORG_KEEP_MONTHLY["$alias"]}"
|
||||||
|
test -n "${BORG_KEEP_YEARLY["$alias"]}" && yearly="--keep-yearly=${BORG_KEEP_YEARLY["$alias"]}"
|
||||||
|
test $verbosity -gt 2 && echo "$alias retention policy : $hourly $daily $weekly $monthly $yearly"
|
||||||
|
|
||||||
|
test $verbosity -gt 1 && echo "borg prune ${verbosity:+"--progress"} --list --glob-archives \"$reponame*\" $hourly $daily $weekly $monthly $yearly \"$host/$reponame\""
|
||||||
|
test $verbosity -gt 3 && read -p " Continue ?"
|
||||||
|
|
||||||
|
run borg prune ${verbosity:+"--progress"} --list --glob-archives \"$reponame*\" $hourly $daily $weekly $monthly $yearly "$host/$reponame"
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
#If repo doesn't exist, create it
|
||||||
|
init_repo "$host" "$repo" "$reponame" "$alias"
|
||||||
|
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
59
provisioning/group_vars/borg-client/borg-conf.env
Normal file
59
provisioning/group_vars/borg-client/borg-conf.env
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
verbosity=3
|
||||||
|
|
||||||
|
# Borg Configuration
|
||||||
|
BORG_BASE_DIR=/data/borg
|
||||||
|
BORG_CACHE_DIR=$BORG_BASE_DIR/cache
|
||||||
|
BORG_CONFIG_DIR=$BORG_BASE_DIR/config
|
||||||
|
BORG_TMPDIR=$BORG_BASE_DIR/tmp
|
||||||
|
BORG_SECURITY_DIR=$BORG_BASE_DIR/security
|
||||||
|
|
||||||
|
# Jean-Cloud configuration:
|
||||||
|
# Where are backups saved
|
||||||
|
BORG_HOSTS=(\
|
||||||
|
/data/borg/repos \
|
||||||
|
ssh://root@tetede.jean-cloud.net:45985/data/borg/repos \
|
||||||
|
#ssh://borg@tetede.jean-cloud.net:4646/data/borg/repos \
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
# Local backuped dirs
|
||||||
|
local_repos=($(ls -d /data/*)) #NO TRAILING SLASHES PLEASE
|
||||||
|
|
||||||
|
# Hosts configuration
|
||||||
|
|
||||||
|
# # Sample host configuration
|
||||||
|
# host_mode[alias]=local|ssh
|
||||||
|
# host_repo_dir[alias]=/path/to/repo
|
||||||
|
# # Params below this line are specific to ssh hosts
|
||||||
|
# host_host[alias]=borg.example.org|123.456.789 # TODO There are regexps to chek for valid IPv4 and IPv6, but not URL yet.
|
||||||
|
# host_port[alias]=22
|
||||||
|
# host_user[alias]=borg-distant-user
|
||||||
|
|
||||||
|
declare -A host_mode host_repo_dir host_host host_port host_user host_repo_dir
|
||||||
|
|
||||||
|
# host: tetede
|
||||||
|
host_mode[tetede]=ssh
|
||||||
|
host_host[tetede]=tetede.jean-cloud.net
|
||||||
|
host_port[tetede]=45985
|
||||||
|
host_user[tetede]=root
|
||||||
|
host_repo_dir[tetede]=/data/borg/repos
|
||||||
|
|
||||||
|
# host : localhost
|
||||||
|
host_mode[localhost]=local
|
||||||
|
host_repo_dir[localhost]=/data/borg/repos
|
||||||
|
|
||||||
|
declare -A BORG_KEEP_HOURLY BORG_KEEP_DAILY BORG_KEEP_WEEKLY BORG_KEEP_MONTHLY BORG_KEEP_YEARLY
|
||||||
|
|
||||||
|
# Global retention configuration (comment a line to deactivate it, do not set it to 0)
|
||||||
|
#BORG_KEEP_HOURLY[all]=1
|
||||||
|
BORG_KEEP_DAILY[all]=4
|
||||||
|
BORG_KEEP_WEEKLY[all]=2
|
||||||
|
BORG_KEEP_MONTHLY[all]=2
|
||||||
|
#BORG_KEEP_YEARLY[all]=1
|
||||||
|
|
||||||
|
# Per-host retention configuration (comment a line to deactivate it, do not set it to 0)
|
||||||
|
#BORG_KEEP_HOURLY[alias]=1
|
||||||
|
#BORG_KEEP_DAILY[alias]=4
|
||||||
|
#BORG_KEEP_WEEKLY[alias]=2
|
||||||
|
#BORG_KEEP_MONTHLY[alias]=2
|
||||||
|
BORG_KEEP_YEARLY[localhost]=1
|
@ -1,6 +1,6 @@
|
|||||||
- name: server
|
- name: server
|
||||||
hosts: servers
|
hosts: servers
|
||||||
become: yes
|
become: no
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
roles:
|
roles:
|
||||||
# Ansible prerequisites
|
# Ansible prerequisites
|
||||||
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
- name: server
|
- name: server
|
||||||
hosts: servers
|
hosts: servers
|
||||||
become: yes
|
#become: yes
|
||||||
#gather_facts: no
|
#gather_facts: no
|
||||||
roles:
|
roles:
|
||||||
# Ansible prerequisites
|
# Ansible prerequisites
|
||||||
|
@ -1,155 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
driglibash_run_retry=true
|
|
||||||
. driglibash-base
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Variables
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
proxy_dir="/etc/nginx"
|
|
||||||
nginx_conf_path="$proxy_dir/sites-enabled"
|
|
||||||
new_nginx_conf_path="$proxy_dir/new-sites-enabled"
|
|
||||||
|
|
||||||
certs_path="/etc/letsencrypt/live"
|
|
||||||
dummy_cert_path="$certs_path/dummy"
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Helpers
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
# Returns the public IP4 address of a domain name
|
|
||||||
function ipof {
|
|
||||||
resolv.sh "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Path to this directory
|
|
||||||
here="$(where 'follow_links')"
|
|
||||||
|
|
||||||
# Ip4 address
|
|
||||||
my_ip="$(ipof "$(cat /etc/hostname)")"
|
|
||||||
[ -z "$my_ip" ] && yell "Unable to find my IP" && exit 1
|
|
||||||
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Nginx preparation
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
driglibash_section_prefix="[Prepare nginx] "
|
|
||||||
section "Delete new conf directory (to recover)"
|
|
||||||
run rm -rf "$new_nginx_conf_path"
|
|
||||||
|
|
||||||
section "Create new conf file (for tests purposes)"
|
|
||||||
sed "s#$nginx_conf_path#$new_nginx_conf_path#" "/docker/_proxy/nginx.conf" > "$proxy_dir/new_nginx.conf"
|
|
||||||
|
|
||||||
section "Create proxy dir"
|
|
||||||
run mkdir -p "$proxy_dir" /docker /data
|
|
||||||
run chown root:root /docker
|
|
||||||
run chown root:root /data
|
|
||||||
run chmod 755 /docker
|
|
||||||
run chmod 755 /data
|
|
||||||
|
|
||||||
section "Check dummy cert exists "
|
|
||||||
#TODO check if expired
|
|
||||||
if [ ! -f "$dummy_cert_path/privkey.pem" ] ; then
|
|
||||||
echo "Dummy cert generation"
|
|
||||||
run mkdir -p "$dummy_cert_path"
|
|
||||||
run openssl req -x509 -newkey rsa:2048 -keyout /etc/letsencrypt/live/dummy/privkey.pem -out /etc/letsencrypt/live/dummy/fullchain.pem -days 365 -nodes -subj "/C=FR/ST=France/O=IT/CN=jean-cloud.net"
|
|
||||||
fi
|
|
||||||
|
|
||||||
section "Create new conf directory"
|
|
||||||
run mkdir -p "$new_nginx_conf_path"
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Deploy services
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
for dir in /docker/* ; do
|
|
||||||
service="$(basename "$dir")"
|
|
||||||
|
|
||||||
# Ignore _ prefixed directories
|
|
||||||
[ "${service::1}" == '_' ] && continue
|
|
||||||
|
|
||||||
docker_service="$(echo "$service" | tr '.' '_')"
|
|
||||||
driglibash_section_prefix="[$service] "
|
|
||||||
cd "/docker/$service"
|
|
||||||
|
|
||||||
# Is service meant to be on this server?
|
|
||||||
ip="$(ipof "$service")"
|
|
||||||
[ -z "$ip" ] && yell "No IP found for $service" && continue
|
|
||||||
|
|
||||||
if [ "$ip" != "$my_ip" ] ; then
|
|
||||||
if [ -n "$(docker ps | grep "$docker_service")" ] ; then
|
|
||||||
section "--------------------"
|
|
||||||
section "Removing service"
|
|
||||||
docker-compose down --rmi all --remove-orphans
|
|
||||||
fi
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If there is a docker-compose file and it has services in it
|
|
||||||
if [ -f "/docker/$service/docker-compose.yml" ] && [ -n "$(grep '^[^#]*services' "/docker/$service/docker-compose.yml")" ] ; then
|
|
||||||
section "-------------------- $service"
|
|
||||||
section "Logging to registry"
|
|
||||||
# XXX Login to docker registry
|
|
||||||
|
|
||||||
section "Pulling images"
|
|
||||||
run docker-compose pull
|
|
||||||
|
|
||||||
section "Starting service"
|
|
||||||
run docker-compose up -d --remove-orphans
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If there is a nginx conf file
|
|
||||||
if [ -f "/docker/$service/nginx_server.conf" ] ; then
|
|
||||||
section "Copy nginx conf"
|
|
||||||
run cp "/docker/$service/nginx_server.conf" "$new_nginx_conf_path/$service"
|
|
||||||
|
|
||||||
if [ -f "/docker/$service/.env" ] ; then
|
|
||||||
section "Template nginx conf with vars from '.env' file"
|
|
||||||
run template.sh "/docker/$service/.env" < "/docker/$service/nginx_server.conf" > "$new_nginx_conf_path/$service"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Do we need dummy cert?
|
|
||||||
if [ ! -e "$certs_path/$service/fullchain.pem" ] ; then
|
|
||||||
section "Create cert dir"
|
|
||||||
run mkdir -p "$certs_path/$service"
|
|
||||||
|
|
||||||
section "Link dummy to cert"
|
|
||||||
run ln -s "$dummy_cert_path/fullchain.pem" "$certs_path/$service"
|
|
||||||
run ln -s "$dummy_cert_path/privkey.pem" "$certs_path/$service"
|
|
||||||
fi
|
|
||||||
|
|
||||||
section "Testing nginx conf"
|
|
||||||
run nginx -t -c /etc/nginx/new_nginx.conf
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Nginx restart
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
driglibash_section_prefix="[Restart nginx] "
|
|
||||||
|
|
||||||
section "Test if nginx conf is ok"
|
|
||||||
run nginx -t -c "$proxy_dir/new_nginx.conf"
|
|
||||||
|
|
||||||
section "Update nginx conf"
|
|
||||||
run rm -rf "$nginx_conf_path"
|
|
||||||
run mv "$new_nginx_conf_path" "$nginx_conf_path"
|
|
||||||
run cp "/docker/_proxy/nginx.conf" "$proxy_dir/nginx.conf"
|
|
||||||
|
|
||||||
section "Test nginx conf to be sure"
|
|
||||||
run nginx -t
|
|
||||||
|
|
||||||
if [ -z "$(cat /var/run/nginx.pid)" ] ; then
|
|
||||||
section "Start nginx"
|
|
||||||
run nginx
|
|
||||||
else
|
|
||||||
section "Reload nginx"
|
|
||||||
run nginx -s reload
|
|
||||||
fi
|
|
||||||
|
|
||||||
clean
|
|
@ -1,90 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# https://github.com/adrianamaglio/driglibash-arg
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
|
|
||||||
# Usage :
|
|
||||||
#
|
|
||||||
# version="alpha nightly 0.0.1 pre-release unstable"
|
|
||||||
# summary="$0 [options] <device>"
|
|
||||||
#
|
|
||||||
# usage[t]="Start qemu after the installation"
|
|
||||||
# varia[t]=tst
|
|
||||||
# tst=false
|
|
||||||
#
|
|
||||||
# usage[i]="Install the provided package. Not implemented"
|
|
||||||
# varia[i]=install
|
|
||||||
# declare -a install
|
|
||||||
#
|
|
||||||
# usage[k]="Keep the temporar mountpoints"
|
|
||||||
# varia[k]=keep
|
|
||||||
# keep=false
|
|
||||||
#
|
|
||||||
# usage[e]="bash command file to execute in the chroot. - to read from stdin"
|
|
||||||
# varia[e]=execute
|
|
||||||
# declare -a execute
|
|
||||||
|
|
||||||
. driglibash-base
|
|
||||||
|
|
||||||
#TODO keep order usage options
|
|
||||||
# Print usage and exit in error
|
|
||||||
usage() {
|
|
||||||
yell "Version: $version"
|
|
||||||
yell "Usage: $summary"
|
|
||||||
yell "Parameters:"
|
|
||||||
yell " -h print this help, version and exit."
|
|
||||||
for key in "${!usage[@]}" ; do
|
|
||||||
if [ "$(driglibash_arg_type "$key")" == "single_value" ] ; then
|
|
||||||
name="${varia[$key]}"
|
|
||||||
default=" (default : ${!name})"
|
|
||||||
else
|
|
||||||
default=
|
|
||||||
fi
|
|
||||||
yell " -$key ${usage[$key]}$default"
|
|
||||||
done
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# Guess the variable type
|
|
||||||
# Boolean, list or string
|
|
||||||
driglibash_arg_type() {
|
|
||||||
if [ $# -ne 1 ] ; then
|
|
||||||
die "Bad driglibash_arg_type usage";
|
|
||||||
fi
|
|
||||||
|
|
||||||
name="${varia[$1]}"
|
|
||||||
if [ "$name" == "" ] ; then die "Variable name is empty for key $1" ; fi
|
|
||||||
if [ "${!name}" == "false" ] ; then
|
|
||||||
echo "boolean"
|
|
||||||
elif [ -n "$( declare -p "$name" 2>/dev/null | grep 'declare \-a')" ] ; then
|
|
||||||
echo "array"
|
|
||||||
else
|
|
||||||
echo "single_value"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Generate getopts string #
|
|
||||||
getopts_string=":h"
|
|
||||||
for key in ${!usage[@]} ; do
|
|
||||||
needs_parameter=
|
|
||||||
if [ "$(driglibash_arg_type "$key")" != "boolean" ] ; then needs_parameter=":" ; fi
|
|
||||||
getopts_string="$getopts_string$key$needs_parameter"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Loop throught options #
|
|
||||||
while getopts "$getopts_string" opt; do
|
|
||||||
case $opt in
|
|
||||||
h) usage;;
|
|
||||||
:) die "Option -$OPTARG requires an argument.";;
|
|
||||||
\?) die "Invalid option: -$OPTARG";;
|
|
||||||
*)
|
|
||||||
name="${varia[$opt]}"
|
|
||||||
if [ "${!name}" == "false" ] ; then eval $name=true
|
|
||||||
elif [ -n "$( declare -p "$name" 2>/dev/null | grep 'declare \-a')" ] ; then safe="${!name} $OPTARG" ; eval $name=\$safe
|
|
||||||
else eval $name=\$OPTARG
|
|
||||||
fi;;
|
|
||||||
esac
|
|
||||||
done ; shift $((OPTIND-1))
|
|
||||||
|
|
@ -1,179 +0,0 @@
|
|||||||
###############################################################################
|
|
||||||
# Driglibash pack 1
|
|
||||||
# Usual helper functions for bash scripts
|
|
||||||
# https://github.com/adrianamaglio/driglibash
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
# Set to true to make a pause at each step
|
|
||||||
driglibash_step_by_step=false
|
|
||||||
|
|
||||||
# Set to watever you want to have a prefix
|
|
||||||
driglibash_section_prefix=""
|
|
||||||
|
|
||||||
|
|
||||||
trap 'die "Received sigint"' INT
|
|
||||||
|
|
||||||
# Output on standard error output
|
|
||||||
yell() {
|
|
||||||
echo >&2 -e "$@"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Output first parameter, second parameter times
|
|
||||||
repeat() {
|
|
||||||
printf "$1"'%.s' $(eval "echo {1.."$(($2))"}")
|
|
||||||
}
|
|
||||||
|
|
||||||
# Output a "section title" to visually separate different script part
|
|
||||||
# TODO local variables
|
|
||||||
# TODO fixed place left aligned
|
|
||||||
section(){
|
|
||||||
text="$driglibash_section_prefix$1"
|
|
||||||
if [ -n "$text" ] ; then
|
|
||||||
len="${#text}"
|
|
||||||
max_len="$(($(tput cols)-2))"
|
|
||||||
if [ "$len" -ge "$max_len" ] ; then
|
|
||||||
right=5
|
|
||||||
left=5
|
|
||||||
else
|
|
||||||
left="$((($max_len - $len)/2))"
|
|
||||||
right="$left"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
left=80
|
|
||||||
right=0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If the character number was rounded down
|
|
||||||
if [ "$(($left + $right + $len +1 ))" -eq "$max_len" ] ; then
|
|
||||||
left="$(($left+ 1))"
|
|
||||||
fi
|
|
||||||
|
|
||||||
repeat '=' "$left"
|
|
||||||
if [ "$right" -ge 1 ] ; then
|
|
||||||
echo -n " $text "
|
|
||||||
repeat '=' "$right"
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
|
|
||||||
if "$driglibash_step_by_step" ; then
|
|
||||||
echo "Press enter to proceed"
|
|
||||||
read
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
alias step=section
|
|
||||||
|
|
||||||
# Print an error, clean and exit
|
|
||||||
die() {
|
|
||||||
yell "$@"
|
|
||||||
clean
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Exit on error if not root
|
|
||||||
root_or_die() {
|
|
||||||
if [ "$UID" -ne 0 ] ; then
|
|
||||||
die "You need to be root"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Execute a command and die if it returns with error #
|
|
||||||
run() {
|
|
||||||
while true ; do
|
|
||||||
"$@"
|
|
||||||
code=$?
|
|
||||||
if [ "$code" -ne 0 ] ; then
|
|
||||||
yell "command [$*] failed with exit code '$code'"
|
|
||||||
if [ -n "$driglibash_run_retry" ] ; then
|
|
||||||
echo "Retry ? Retry (y), skip the command (s) or exit script(n) [Y/s/n] ?"
|
|
||||||
read answer
|
|
||||||
if [ "$answer" = "y" ] || [ "$answer" = "Y" ] || [ -z "$answer" ] ; then
|
|
||||||
continue
|
|
||||||
elif [ "$answer" = "s" ] || [ "$answer" = "S" ] ; then
|
|
||||||
return "$code"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
die "Aborting"
|
|
||||||
else
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Execute a commad in background and return its pid
|
|
||||||
start(){
|
|
||||||
"$@" &
|
|
||||||
pid=$!
|
|
||||||
clean pre "kill $pid"
|
|
||||||
return $pid
|
|
||||||
}
|
|
||||||
|
|
||||||
# Clean exit #
|
|
||||||
# Record command lines passed as argument and execute them all when called without args #
|
|
||||||
# One argument = One command #
|
|
||||||
# TODO append or prepend according to arg
|
|
||||||
declare -a driglibash_clean_actions
|
|
||||||
clean() {
|
|
||||||
if [ "$#" -eq 0 ] ; then
|
|
||||||
echo "Cleaning"
|
|
||||||
for action in "${driglibash_clean_actions[@]}" ; do
|
|
||||||
echo "driglibash_clean> $action"
|
|
||||||
$action
|
|
||||||
done
|
|
||||||
elif [ "$#" -eq 1 ] ; then
|
|
||||||
driglibash_clean_actions+=("$1")
|
|
||||||
elif [ "$#" -eq 2 ] ; then
|
|
||||||
case "$1" in
|
|
||||||
"pre")
|
|
||||||
declare -a tmp
|
|
||||||
tmp=("${driglibash_clean_actions[@]}")
|
|
||||||
driglibash_clean_actions=("$2")
|
|
||||||
driglibash_clean_actions+=("${tmp[@]}")
|
|
||||||
;;
|
|
||||||
"post")
|
|
||||||
driglibash_clean_actions+=("$2")
|
|
||||||
;;
|
|
||||||
"del")
|
|
||||||
for i in "${!driglibash_clean_actions[@]}" ; do
|
|
||||||
if [ "$2" = "${driglibash_clean_actions[$i]}" ] ; then
|
|
||||||
unset driglibash_clean_actions[$i]
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
die "driglibash_clean: action '$1' not supported"
|
|
||||||
esac
|
|
||||||
else
|
|
||||||
die "driglibash_clean : Bad clean usage, receveid more than two args"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# tells where your executable is (absolute path). Follow simlinks if any argument provided
|
|
||||||
where() {
|
|
||||||
if [ -z "$1" ] ; then
|
|
||||||
echo "$( cd -P "$( dirname "$1" )" && pwd )"
|
|
||||||
else
|
|
||||||
SOURCE="$0"
|
|
||||||
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
|
|
||||||
DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
|
|
||||||
SOURCE="$(readlink "$SOURCE")"
|
|
||||||
[[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
|
|
||||||
done
|
|
||||||
DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
|
|
||||||
|
|
||||||
echo $DIR
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Add the line $1 in file $2 if not present
|
|
||||||
line_in_file() {
|
|
||||||
if [ "$#" -ne 2 ] ; then die "Bad usage of 'line_in_file'. Got '$#' parameters : '$@'" ; fi
|
|
||||||
if [ -z "$1" ] ; then die "Line arg is emtpy in 'line_in_file'" ; fi
|
|
||||||
line="$1"
|
|
||||||
if [ -z "$2" ] ; then die "File arg is emtpy in 'line_in_file'" ; fi
|
|
||||||
file="$2"
|
|
||||||
if [ ! -f "$file" ] ; then run touch "$file" ; fi
|
|
||||||
|
|
||||||
grep -q -x -F "$line" "$file" || echo "$line" >> "$file"
|
|
||||||
}
|
|
@ -1,105 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# This script will run on new cert and on cron renew
|
|
||||||
# there is one cert by service
|
|
||||||
|
|
||||||
# TODO make it an ansible script
|
|
||||||
# No
|
|
||||||
|
|
||||||
# Les arguments du pauvre
|
|
||||||
if [ "$#" -eq 1 ] && [ "$1" = '-v' ] ; then
|
|
||||||
verbose=true
|
|
||||||
else
|
|
||||||
verbose=false
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Variable
|
|
||||||
acmeroot=/var/www/letsencrypt
|
|
||||||
|
|
||||||
# Création du répertoire
|
|
||||||
mkdir -p "$acmeroot"
|
|
||||||
|
|
||||||
# With trailing slash or it will be a prefix selector
|
|
||||||
#nginx_sites_dir="/etc/nginx/sites-enabled/"
|
|
||||||
nginx_sites_dir="/etc/nginx/sites-enabled/"
|
|
||||||
|
|
||||||
for file in "$nginx_sites_dir"* ; do
|
|
||||||
if $verbose ; then
|
|
||||||
echo '-------------------------'
|
|
||||||
echo "$file"
|
|
||||||
fi
|
|
||||||
|
|
||||||
service_name="$(basename "$file")"
|
|
||||||
|
|
||||||
# Getting just the domain names
|
|
||||||
domains="$(grep '^[[:blank:]]*[^#][[:blank:]]*server_name' "$file" | sed 's/ _ / /g' | sed 's/server_name//g' | sed 's/default_server//g' | sed -e 's/^[[:space:]]*//' | cut -d ';' -f 1)"
|
|
||||||
if [ -n "$domains" ] ; then
|
|
||||||
# If using dummy cert, disabling it
|
|
||||||
if [ "$(readlink "/etc/letsencrypt/live/$service_name/fullchain.pem")" = "/etc/letsencrypt/live/dummy/fullchain.pem" ] ; then
|
|
||||||
rm -r "/etc/letsencrypt/live/$service_name"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# removing duplicates
|
|
||||||
domains="$(echo $domains | awk '{for (i=1;i<=NF;i++) if (!a[$i]++) printf("%s%s",$i,FS)}{printf("\n")}')"
|
|
||||||
echo "$domains"
|
|
||||||
|
|
||||||
# adding -d before every domain
|
|
||||||
domains="-d $(echo $domains | sed 's/ / -d /g')"
|
|
||||||
|
|
||||||
# Run certbot
|
|
||||||
command="certbot certonly -n --expand --agree-tos --webroot -w "$acmeroot" --email contact@jean-cloud.org --cert-name "$(basename $file)" $domains"
|
|
||||||
if $verbose ; then
|
|
||||||
echo $command
|
|
||||||
fi
|
|
||||||
out="$($command 2>&1)"
|
|
||||||
result="$?"
|
|
||||||
|
|
||||||
if [ "$result" -eq 0 ] && [[ "$out" = *"Certificate not yet due for renewal; no action taken."* ]]; then
|
|
||||||
echo "Cert still valid"
|
|
||||||
elif [ "$result" -eq 0 ] ; then
|
|
||||||
echo "Cert renewed or obtained"
|
|
||||||
#new_cert="$(echo "$out" | grep -oE '/etc/letsencrypt/live/.*/fullchain.pem')"
|
|
||||||
#echo "'$new_cert'"
|
|
||||||
#new_cert_dir="$(dirname "$out")"
|
|
||||||
#echo "'$new_cert_dir'"
|
|
||||||
|
|
||||||
#if [ -d "$new_cert_dir" ] ; then
|
|
||||||
# echo "New cert dir : '$new_cert_dir'"
|
|
||||||
# echo "cp '$new_cert_dir/*' '/data/proxy/certs/'"
|
|
||||||
#else
|
|
||||||
# echo "Error parsiong dir name"
|
|
||||||
#fi
|
|
||||||
|
|
||||||
elif [ "$result" -eq 1 ] ; then
|
|
||||||
echo "Cert failed"
|
|
||||||
echo " ------------------------------------------"
|
|
||||||
echo "$out"
|
|
||||||
echo " ------------------------------------------"
|
|
||||||
else
|
|
||||||
echo "Unknown error : $result.\n$out"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
ls /etc/letsencrypt/live/*000* &> /dev/null
|
|
||||||
if [ "$?" -eq 0 ] ; then
|
|
||||||
echo " ---------------------------------------------------------------------------------------------"
|
|
||||||
echo "Bad certs detected in letsencrypt dir. Nginx conf wont work…"
|
|
||||||
echo "rm -r /etc/letsencrypt/live/*000* /etc/letsencrypt/archive/*000* /etc/letsencrypt/renewal/*000*"
|
|
||||||
echo " ---------------------------------------------------------------------------------------------"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
nginx -t
|
|
||||||
code="$?"
|
|
||||||
if [ "$code" -ne 0 ] ; then
|
|
||||||
echo "Nginx test error, can’t reloat it"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
nginx -s reload
|
|
||||||
code="$?"
|
|
||||||
if [ "$code" -ne 0 ] ; then
|
|
||||||
echo "Nginx reload error, GENERAL ALEEEEEEEEERT!!!!!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Done. No error detected."
|
|
@ -1,2 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
docker inspect -f $'{{.Name}}\t{{.GraphDriver.Data.MergedDir}}' $(docker ps -aq)
|
|
@ -1,61 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
########################### Helpers ###########################################
|
|
||||||
|
|
||||||
function yell {
|
|
||||||
echo "$@" >&2
|
|
||||||
}
|
|
||||||
|
|
||||||
function die {
|
|
||||||
yell "$@"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
function say {
|
|
||||||
if "$verbose" ; then
|
|
||||||
yell "$@"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
########################### Options ###########################################
|
|
||||||
|
|
||||||
verbose=false
|
|
||||||
if [ "$1" = '-v' ] ; then
|
|
||||||
verbose=true
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
########################### arguments ##########################################
|
|
||||||
|
|
||||||
if [ "$#" -ne 1 ] ; then
|
|
||||||
die "Usage: $0 [options] <domain_name>
|
|
||||||
options : -v verbose"
|
|
||||||
fi
|
|
||||||
|
|
||||||
name="$1"
|
|
||||||
|
|
||||||
########################### script ############################################
|
|
||||||
|
|
||||||
while true ; do
|
|
||||||
if "$verbose" ; then
|
|
||||||
say "Querying $name"
|
|
||||||
fi
|
|
||||||
while read line ; do
|
|
||||||
if [[ "$line" = *"is an alias for "* ]] ; then
|
|
||||||
name="$(echo "$line" | cut -d ' ' -f 6)"
|
|
||||||
break
|
|
||||||
elif [[ "$line" = *" has address "* ]] ; then
|
|
||||||
echo "$line" | cut -d ' ' -f 4
|
|
||||||
exit 0
|
|
||||||
elif [[ "$line" = *" not found: "* ]] ; then
|
|
||||||
exit 0
|
|
||||||
elif [[ "$line" = *" has no A record" ]] ; then
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
say "unmatched: $line"
|
|
||||||
fi
|
|
||||||
done <<< "$(host -W 2 -t A "$name" localhost)"
|
|
||||||
done
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
if [ "$#" -ne 1 ] ; then
|
|
||||||
echo "Usage: $0 <env_file>" >&2
|
|
||||||
echo "This script read env_file variables and replace theire occurences in stdin" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
bash -c 'set -a && . '"$1"' && envsubst "$(cat '"$1"' | grep -o ^.*= | sed "s/=//" | sed "s/^/$/")"'
|
|
@ -1,22 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.dahus.net. (
|
|
||||||
2023041900 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
86400 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL (min before refresh)
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
@ IN A 51.255.33.248
|
|
||||||
|
|
||||||
@ IN MX 10 mail.amaglio.fr.
|
|
||||||
|
|
||||||
mail IN A 91.216.107.37
|
|
||||||
imap IN CNAME mail.amaglio.fr.
|
|
||||||
pop IN CNAME mail.amaglio.fr.
|
|
||||||
smtp IN CNAME mail.amaglio.fr.
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2020031104 ; Serial
|
|
||||||
7200 ; Refresh
|
|
||||||
7200 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL
|
|
||||||
|
|
||||||
; NS
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
||||||
|
|
||||||
@ 10800 IN MX 10 spool.mail.gandi.net.
|
|
||||||
@ 10800 IN MX 50 fb.mail.gandi.net.
|
|
||||||
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
|
||||||
|
|
||||||
collectif-arthadie.fr. IN CAA 0 issue "letsencrypt.org"
|
|
||||||
collectif-arthadie.fr. IN CAA 0 issuewild ";"
|
|
||||||
|
|
||||||
wordpress IN CNAME vandamme.jean-cloud.net.
|
|
||||||
www.wordpress IN CNAME vandamme.jean-cloud.net.
|
|
||||||
www IN CNAME vandamme.jean-cloud.net.
|
|
||||||
|
|
||||||
www.wordpress.collectif-arthadie.fr IN CAA 0 issue "letsencrypt.org"
|
|
||||||
www.wordpress.collectif-arthadie.fr IN CAA 0 issuewild ";"
|
|
@ -1,16 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023042100 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
86400 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL (min before refresh)
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 172.104.154.21
|
|
||||||
@ IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
|
|
@ -1,30 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023020400 ; Serial
|
|
||||||
7200 ; Refresh
|
|
||||||
7200 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL
|
|
||||||
|
|
||||||
; NS
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.jean-cloud.net.
|
|
||||||
@ IN NS ns1.he.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.195.40.128
|
|
||||||
@ IN AAAA 2001:41d0:701:1100::31f
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
; Resolving nameserver
|
|
||||||
ns1 IN A 51.255.33.248
|
|
||||||
ns2 IN A 172.104.154.21
|
|
||||||
|
|
||||||
tetede IN A 51.255.33.248
|
|
||||||
tetede IN AAAA 2001:41d0:701:1100::31f
|
|
||||||
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023040300 ; Serial
|
|
||||||
7200 ; Refresh
|
|
||||||
7200 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL
|
|
||||||
|
|
||||||
; NS
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.jean-cloud.net.
|
|
||||||
|
|
||||||
|
|
||||||
; Resolving nameserver
|
|
||||||
ns1 IN A 51.255.33.248
|
|
||||||
ns2 IN A 172.104.154.21
|
|
||||||
|
|
||||||
radiodemo IN CNAME montbonnot.jean-cloud.net
|
|
||||||
|
|
@ -1,15 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023042100 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
86400 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL (min before refresh)
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
@ -1,148 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023042100 ; Serial
|
|
||||||
7200 ; Refresh
|
|
||||||
7200 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL
|
|
||||||
|
|
||||||
; NS
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.jean-cloud.net.
|
|
||||||
@ IN NS ns1.he.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
||||||
|
|
||||||
@ 10800 IN MX 10 spool.mail.gandi.net.
|
|
||||||
@ 10800 IN MX 50 fb.mail.gandi.net.
|
|
||||||
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
|
||||||
|
|
||||||
|
|
||||||
; Resolving nameserver
|
|
||||||
ns1 IN A 51.255.33.248
|
|
||||||
ns2 IN A 172.104.154.21
|
|
||||||
|
|
||||||
;mail IN CNAME vandamme
|
|
||||||
webmail IN CNAME vandamme
|
|
||||||
vimbadmin IN CNAME vandamme
|
|
||||||
|
|
||||||
www IN CNAME vandamme
|
|
||||||
|
|
||||||
; Naming nodes
|
|
||||||
vandamme IN A 51.255.33.248
|
|
||||||
|
|
||||||
local-adrian IN A 193.33.56.94
|
|
||||||
|
|
||||||
francois IN A 54.38.189.153
|
|
||||||
|
|
||||||
nougaro IN A 172.104.154.21
|
|
||||||
nougaro IN AAAA 2a01:7e01::f03c:92ff:fecf:e815
|
|
||||||
|
|
||||||
tetede IN AAAA 2001:41d0:701:1100::31f
|
|
||||||
tetede IN A 51.195.40.128
|
|
||||||
|
|
||||||
carcasse IN A 109.18.84.200
|
|
||||||
carcasse IN AAAA 2a02:8434:1633:df01:adf9:74c3:b444:262f
|
|
||||||
|
|
||||||
gigi IN A 51.77.156.235
|
|
||||||
gigi IN AAAA 2001:41d0:305:2100::10e1
|
|
||||||
|
|
||||||
max IN A 82.65.204.254
|
|
||||||
max IN AAAA 2a01:e0a:c9d:81d0:a2b3:ccff:fe85:af97
|
|
||||||
|
|
||||||
montbonnot IN A 188.114.97.2
|
|
||||||
montbonnot IN A 188.114.96.2
|
|
||||||
montbonnot IN AAAA 2a06:98c1:3120::2
|
|
||||||
montbonnot IN AAAA 2a06:98c1:3121::2
|
|
||||||
|
|
||||||
|
|
||||||
; Carcasse
|
|
||||||
dumbcluster IN A 109.18.84.200
|
|
||||||
dumbcluster IN AAAA 2a02:8434:1633:df01:226:2dff:fe11:56af
|
|
||||||
; Tetede
|
|
||||||
dumbcluster IN A 51.195.40.128
|
|
||||||
dumbcluster IN AAAA 2001:41d0:701:1100::31f
|
|
||||||
|
|
||||||
; services
|
|
||||||
team IN CNAME tetede
|
|
||||||
|
|
||||||
nuage IN CNAME vandamme
|
|
||||||
www.nuage IN CNAME vandamme
|
|
||||||
calc.nuage IN CNAME vandamme
|
|
||||||
pad.nuage IN CNAME vandamme
|
|
||||||
|
|
||||||
feteducourt IN CNAME vandamme
|
|
||||||
www.feteducourt IN CNAME vandamme
|
|
||||||
feteducourt2020 IN CNAME vandamme
|
|
||||||
www.feteducourt2020 IN CNAME vandamme
|
|
||||||
|
|
||||||
git IN CNAME vandamme
|
|
||||||
www.git IN CNAME vandamme
|
|
||||||
|
|
||||||
wiki-cgr IN CNAME vandamme
|
|
||||||
www.wiki-cgr IN CNAME vandamme
|
|
||||||
parsoid-wiki-cgr IN CNAME vandamme
|
|
||||||
www.parsoid-wiki-cgr IN CNAME vandamme
|
|
||||||
|
|
||||||
cousinades IN CNAME vandamme
|
|
||||||
www.cousinades IN CNAME vandamme
|
|
||||||
|
|
||||||
cousinadesi2 IN CNAME vandamme
|
|
||||||
www.cousinades2 IN CNAME vandamme
|
|
||||||
|
|
||||||
velov IN CNAME vandamme
|
|
||||||
www.velov IN CNAME vandamme
|
|
||||||
|
|
||||||
registry IN CNAME vandamme
|
|
||||||
www.registry IN CNAME vandamme
|
|
||||||
|
|
||||||
inurbe IN CNAME vandamme
|
|
||||||
www.inurbe IN CNAME vandamme
|
|
||||||
|
|
||||||
gmx-webmail IN CNAME vandamme
|
|
||||||
www.gmx-webmail IN CNAME vandamme
|
|
||||||
|
|
||||||
rpnow IN CNAME vandamme
|
|
||||||
www.rpnow IN CNAME vandamme
|
|
||||||
test.rpnow IN CNAME vandamme
|
|
||||||
www.test.rpnow IN CNAME vandamme
|
|
||||||
|
|
||||||
lalis IN CNAME vandamme
|
|
||||||
www.lalis IN CNAME vandamme
|
|
||||||
|
|
||||||
metamorphose IN CNAME vandamme
|
|
||||||
www.metamorphose IN CNAME vandamme
|
|
||||||
|
|
||||||
static IN CNAME vandamme
|
|
||||||
www.static IN CNAME vandamme
|
|
||||||
|
|
||||||
;educloud IN CNAME tetede
|
|
||||||
;www.educloud IN CNAME tetede
|
|
||||||
;educloud2 IN CNAME tetede
|
|
||||||
;www.educloud2 IN CNAME tetede
|
|
||||||
|
|
||||||
copaines IN CNAME tetede
|
|
||||||
www.copaines IN CNAME tetede
|
|
||||||
wordpress.copaines IN CNAME tetede
|
|
||||||
www.wordpress.copaines IN CNAME tetede
|
|
||||||
|
|
||||||
feministesucl34 IN CNAME tetede
|
|
||||||
www.feministesucl34 IN CNAME tetede
|
|
||||||
wordpress.feministesucl34 IN CNAME tetede
|
|
||||||
www.wordpress.feministesucl34 IN CNAME tetede
|
|
||||||
|
|
||||||
tracker IN CNAME tetede
|
|
||||||
|
|
||||||
raplacgr IN CNAME tetede
|
|
||||||
|
|
||||||
walou IN CNAME dumbcluster
|
|
||||||
|
|
||||||
nc-backup IN CNAME tetede
|
|
||||||
|
|
||||||
gypsy IN CNAME tetede
|
|
||||||
|
|
||||||
shlago.wireguard.jean-cloud.net IN CNAME teted
|
|
@ -1,20 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2021060600 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
86400 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
604800 ) ; Negative Cache TTL
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.jean-cloud.net.
|
|
||||||
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
||||||
|
|
||||||
@ 10800 IN MX 10 spool.mail.gandi.net.
|
|
||||||
@ 10800 IN MX 50 fb.mail.gandi.net.
|
|
||||||
@ 10800 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
|
|
||||||
|
|
||||||
ns1 IN A 51.255.33.248
|
|
||||||
|
|
@ -1,27 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023020700 ; Serial
|
|
||||||
7200 ; Refresh
|
|
||||||
7200 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL
|
|
||||||
|
|
||||||
; NS
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.jean-cloud.net.
|
|
||||||
@ IN NS ns1.he.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.178.80.171
|
|
||||||
|
|
||||||
|
|
||||||
; Resolving nameserver
|
|
||||||
ns1 IN A 51.255.33.248
|
|
||||||
ns2 IN A 172.104.154.21
|
|
||||||
|
|
||||||
benevoles IN A 51.178.80.171
|
|
||||||
benevoles31 IN A 51.178.80.171
|
|
||||||
|
|
@ -1,15 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023042100 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
86400 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL (min before refresh)
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
@ -1,15 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023042100 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
86400 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL (min before refresh)
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
@ -1,15 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023042100 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
86400 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
7200 ) ; Negative Cache TTL (min before refresh)
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
@ -1,58 +0,0 @@
|
|||||||
$TTL 604800
|
|
||||||
@ IN SOA ns1.jean-cloud.net. contact.jean-cloud.org. (
|
|
||||||
2023042200 ; Serial
|
|
||||||
604800 ; Refresh
|
|
||||||
7200 ; Retry
|
|
||||||
2419200 ; Expire
|
|
||||||
604800 ) ; Negative Cache TTL
|
|
||||||
|
|
||||||
@ IN NS ns1.jean-cloud.net.
|
|
||||||
@ IN NS ns5.he.net.
|
|
||||||
@ IN NS ns4.he.net.
|
|
||||||
@ IN NS ns3.he.net.
|
|
||||||
@ IN NS ns2.he.net.
|
|
||||||
|
|
||||||
@ IN A 51.255.33.248
|
|
||||||
|
|
||||||
@ IN MX 1 mx1.mail.ovh.net.
|
|
||||||
@ IN MX 5 mx2.mail.ovh.net.
|
|
||||||
@ IN MX 10 mx3.mail.ovh.net.
|
|
||||||
|
|
||||||
www IN CNAME vandamme.jean-cloud.net.
|
|
||||||
|
|
||||||
www.registry IN CNAME nougaro.jean-cloud.net.
|
|
||||||
registry IN CNAME nougaro.jean-cloud.net.
|
|
||||||
services IN CNAME nougaro.jean-cloud.net.
|
|
||||||
|
|
||||||
radionimaitre IN CNAME tetede.jean-cloud.net.
|
|
||||||
www.radionimaitre IN CNAME tetede.jean-cloud.net.
|
|
||||||
paj IN CNAME nougaro.jean-cloud.net.
|
|
||||||
www.paj IN CNAME nougaro.jean-cloud.net.
|
|
||||||
radiodemo IN CNAME tetede.jean-cloud.net.
|
|
||||||
radiodemo-back IN CNAME montbonnot.jean-cloud.net.
|
|
||||||
|
|
||||||
|
|
||||||
_autodiscover._tcp IN SRV 0 0 443 mailconfig.ovh.net.
|
|
||||||
_imaps._tcp IN SRV 0 0 993 ssl0.ovh.net.
|
|
||||||
_submission._tcp IN SRV 0 0 465 ssl0.ovh.net.
|
|
||||||
;autoconfig IN SRV mailconfig.ovh.net.
|
|
||||||
imap IN CNAME ssl0.ovh.net.
|
|
||||||
smtp IN CNAME ssl0.ovh.net.
|
|
||||||
mail IN CNAME ssl0.ovh.net.
|
|
||||||
pop3 IN CNAME ssl0.ovh.net.
|
|
||||||
|
|
||||||
stream.paj.ports IN TXT 9002
|
|
||||||
control.paj.ports IN TXT 9492
|
|
||||||
|
|
||||||
pa1.studios IN CNAME carcasse.jean-cloud.net.
|
|
||||||
montpellier1.studios IN CNAME tetede.jean-cloud.net.
|
|
||||||
|
|
||||||
npm IN CNAME vandamme.jean-cloud.net.
|
|
||||||
www.npm IN CNAME vandamme.jean-cloud.net.
|
|
||||||
|
|
||||||
static IN CNAME vandamme.jean-cloud.net.
|
|
||||||
www.static IN CNAME vandamme.jean-cloud.net.
|
|
||||||
|
|
||||||
discordbot IN CNAME vandamme.jean-cloud.net.
|
|
||||||
www.discordbot IN CNAME vandamme.jean-cloud.net.
|
|
||||||
|
|
@ -1,78 +0,0 @@
|
|||||||
//
|
|
||||||
// Do any local configuration here
|
|
||||||
//
|
|
||||||
|
|
||||||
// Consider adding the 1918 zones here, if they are not used in your
|
|
||||||
// organization
|
|
||||||
//include "/etc/bind/zones.rfc1918";
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
zone "oma-radio.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.oma-radio.fr";
|
|
||||||
};
|
|
||||||
zone "jean-cloud.net"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.jean-cloud.net";
|
|
||||||
};
|
|
||||||
zone "jean-cloud.org"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.jean-cloud.org";
|
|
||||||
};
|
|
||||||
zone "karnaval.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.karnaval.fr";
|
|
||||||
};
|
|
||||||
zone "amaglio.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.amaglio.fr";
|
|
||||||
};
|
|
||||||
zone "collectif-arthadie.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.collectif-arthadie.fr";
|
|
||||||
};
|
|
||||||
zone "gypsylyonfestival.com"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.gypsylyonfestival.com";
|
|
||||||
};
|
|
||||||
zone "hid"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.hid";
|
|
||||||
};
|
|
||||||
zone "compagnienouvelle.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.compagnienouvelle.fr";
|
|
||||||
};
|
|
||||||
zone "inurbe.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.inurbe.fr";
|
|
||||||
};
|
|
||||||
zone "lalis.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.lalis.fr";
|
|
||||||
};
|
|
||||||
zone "leida.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.leida.fr";
|
|
||||||
};
|
|
||||||
zone "metamorphosemagazine.fr"{
|
|
||||||
allow-update { none; }; # We are primary DNS
|
|
||||||
type master;
|
|
||||||
file "/etc/bind/db.metamorphosemagazine.fr";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,18 +0,0 @@
|
|||||||
options {
|
|
||||||
directory "/var/cache/bind";
|
|
||||||
dnssec-validation auto;
|
|
||||||
|
|
||||||
auth-nxdomain no; # conform to RFC1035
|
|
||||||
listen-on { any; };
|
|
||||||
listen-on-v6 { any; };
|
|
||||||
allow-update { none; };
|
|
||||||
allow-recursion { none; };
|
|
||||||
allow-recursion-on { none; };
|
|
||||||
recursion no;
|
|
||||||
notify yes;
|
|
||||||
allow-transfer {
|
|
||||||
none;
|
|
||||||
#216.218.133.2; 2001:470:600::2; //he.net
|
|
||||||
#172.104.154.21; 2a01:7e01::f03c:92ff:fecf:e815; // nougaro
|
|
||||||
};
|
|
||||||
};
|
|
29
provisioning/roles/sysadmins/.travis.yml
Normal file
29
provisioning/roles/sysadmins/.travis.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
language: python
|
||||||
|
python: "2.7"
|
||||||
|
|
||||||
|
# Use the new container infrastructure
|
||||||
|
sudo: false
|
||||||
|
|
||||||
|
# Install ansible
|
||||||
|
addons:
|
||||||
|
apt:
|
||||||
|
packages:
|
||||||
|
- python-pip
|
||||||
|
|
||||||
|
install:
|
||||||
|
# Install ansible
|
||||||
|
- pip install ansible
|
||||||
|
|
||||||
|
# Check ansible version
|
||||||
|
- ansible --version
|
||||||
|
|
||||||
|
# Create ansible.cfg with correct roles_path
|
||||||
|
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||||
|
|
||||||
|
script:
|
||||||
|
# Basic role syntax check
|
||||||
|
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||||
|
|
||||||
|
notifications:
|
||||||
|
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
38
provisioning/roles/sysadmins/README.md
Normal file
38
provisioning/roles/sysadmins/README.md
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
Role Name
|
||||||
|
=========
|
||||||
|
|
||||||
|
A brief description of the role goes here.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||||
|
|
||||||
|
- hosts: servers
|
||||||
|
roles:
|
||||||
|
- { role: username.rolename, x: 42 }
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
BSD
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
38
provisioning/roles/sysadmins/files/git_key
Normal file
38
provisioning/roles/sysadmins/files/git_key
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||||
|
NhAAAAAwEAAQAAAYEA32dBmidg3toPfxHT04AOVDB7LLbyfcQS2Jn/8XNL4K0ptfgXCwYn
|
||||||
|
L7CvWi8CmVgnWfnor4rCtCPxg8xr0NS6biuV6fFkNfg4zini8RDms+SjG39cCeQ5ZiqYWK
|
||||||
|
7spP+SK9OHs+w1+6sRRbmkSWxRIXpjDK6xqoPOQWDLJqFSd9xQFaO1CR9tR4BrS6i4UftB
|
||||||
|
ompDqeae5wkBjTLs42wv60pRFwrMyo4616RWidDchHF3ykNHT2A1rgmQfqgLsOYsgo45Bp
|
||||||
|
6ejsv7Q71oTdq7yh9rYHznlZug7COEqumuAWctgLawk4YKrmXppBhwrmAZgpvn461Fkb2r
|
||||||
|
nDvjwn4SoZbQPPOuVBn94/uZ7eh64uij8lESNWs0hIByDvESOD8Bs1oETZdQERy4uV1vCx
|
||||||
|
I23KYeBBG1rsPFAh0U+DDZuhJjR1KRfo96yJXIMSAx+2Nc/kgfaB1Q1h+b4mjC3koXqE1s
|
||||||
|
K5XtoEuXzr9ojWRAEp+0D9GvBQmbZs4WIjdw2+wNAAAFiGHhtNdh4bTXAAAAB3NzaC1yc2
|
||||||
|
EAAAGBAN9nQZonYN7aD38R09OADlQweyy28n3EEtiZ//FzS+CtKbX4FwsGJy+wr1ovAplY
|
||||||
|
J1n56K+KwrQj8YPMa9DUum4rlenxZDX4OM4p4vEQ5rPkoxt/XAnkOWYqmFiu7KT/kivTh7
|
||||||
|
PsNfurEUW5pElsUSF6YwyusaqDzkFgyyahUnfcUBWjtQkfbUeAa0uouFH7QaJqQ6nmnucJ
|
||||||
|
AY0y7ONsL+tKURcKzMqOOtekVonQ3IRxd8pDR09gNa4JkH6oC7DmLIKOOQaeno7L+0O9aE
|
||||||
|
3au8ofa2B855WboOwjhKrprgFnLYC2sJOGCq5l6aQYcK5gGYKb5+OtRZG9q5w748J+EqGW
|
||||||
|
0DzzrlQZ/eP7me3oeuLoo/JREjVrNISAcg7xEjg/AbNaBE2XUBEcuLldbwsSNtymHgQRta
|
||||||
|
7DxQIdFPgw2boSY0dSkX6PesiVyDEgMftjXP5IH2gdUNYfm+Jowt5KF6hNbCuV7aBLl86/
|
||||||
|
aI1kQBKftA/RrwUJm2bOFiI3cNvsDQAAAAMBAAEAAAGBANmSJE/PXgZrdIAaiqQGqO3RMY
|
||||||
|
TAv7VASeJtSNiLozAzNNYlwbtYyL0nY/9+nRdexSRZwQWFLE5oWwQzCCWfp9k31Y67Kw9s
|
||||||
|
qVYPcRe5kBVO7JMRHD/95vDbNvfXlFy1ElRgdF8EAycQ2YeAXsGrHfBu0xw83obkSvFdJT
|
||||||
|
yADGLzS4Nnph42XyUtqlFLBgfBnZBh0XgcRFFZcgtjt1VdveV2wTahrATxM9lkEWuy37CV
|
||||||
|
GUcA8ugZGO5gHjtbydcEsi6pqpqM3dzqUgYvP1B5/3EiFe8fDpmxYJ6sviT9ml7JVZcQur
|
||||||
|
z+UwV3+ADosNqX9375a8BKycPKjbWsaw06kF+NyHq9+5ULEZnWDd/FNYxmUKOEICJm83Ym
|
||||||
|
r27EtRBUbjWa8iRgkjA4x6cXRhtMuuHRowseSLlOfWVU6wgJsA6tupGUoZl1JgcIy4tCGT
|
||||||
|
nl6Bk+Lh13HrADUPDpEV+0qbwFESGdyYhPpwqCuoNpXcd6ax6iPJeRePVMgLlT3H+2AQAA
|
||||||
|
AMEA5/IohVYLNizy1qEDImqx5ZW9gwXveoheHPzj6L84OGMIepmS8HV3B/o8PfANL5qF0D
|
||||||
|
4PPEURyvrStqWa9/PktaBlsAfJky38U1XW+xtHQ9wOJ9dkusyadXpLnyjuHhJMogCkdgJ1
|
||||||
|
/N/8XI3X7YTCBc8Mm4+r40px809mWnsZJFLzKCuTo4Qit7BVtWlp4gwOh+sBkTbhZ71WQB
|
||||||
|
YkUFV7qBMB9MKYLVkRkTmjAyv0nzw9lGyMfiOCavCsmmbTVW8hAAAAwQDzVGv26H6ANM4g
|
||||||
|
K5T9PqUe0ShZRYmRZV/bg3jhO61LhZ9cmNvMAh+K43uhCpypX1RXfWVWKC4d4pRILov1Wu
|
||||||
|
Y3fltPbNomfIsvXa9mroxDuBC/Fc1NAHhogiOvtmCiud1eBGACoOL34tTp+iohC7/HxLds
|
||||||
|
hAJ5SvoU7xcH5kx8zBNrbMfRBcKdMv1F25tyFhKIa4gphXKikwasFJsEtaZX/2KvNKj2n2
|
||||||
|
59wvTQzc93ws0UgUJdzxPFRJJTqOElREEAAADBAOsJN0LgbC1D49+tC6MZyma6qg4zBUKY
|
||||||
|
/kyZSdRdooROtuoRxnIL88l8GkbaAA/ozPhKEMO8tOLiaLVrmrZv7YHGeUYHiZZYXJX1ea
|
||||||
|
+m4QjSTGyj+rAfoIzNshXUQ42CIa+diMPCml7V4/iXkxm2KHlBWqsnS1P9bjP+s7FluKC6
|
||||||
|
2xaYrWy6DYluKECnS2FI2tUSSIky+iD2bUNAeBCeCflYX19kuqGQ0166egRmPXRZckzdz9
|
||||||
|
oJ3ABVQr4eKyNEzQAAAA5pbHlhQGFzdXMteDUzcwECAw==
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
1
provisioning/roles/sysadmins/files/git_key.pub
Normal file
1
provisioning/roles/sysadmins/files/git_key.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfZ0GaJ2De2g9/EdPTgA5UMHsstvJ9xBLYmf/xc0vgrSm1+BcLBicvsK9aLwKZWCdZ+eivisK0I/GDzGvQ1LpuK5Xp8WQ1+DjOKeLxEOaz5KMbf1wJ5DlmKphYruyk/5Ir04ez7DX7qxFFuaRJbFEhemMMrrGqg85BYMsmoVJ33FAVo7UJH21HgGtLqLhR+0GiakOp5p7nCQGNMuzjbC/rSlEXCszKjjrXpFaJ0NyEcXfKQ0dPYDWuCZB+qAuw5iyCjjkGnp6Oy/tDvWhN2rvKH2tgfOeVm6DsI4Sq6a4BZy2AtrCThgquZemkGHCuYBmCm+fjrUWRvaucO+PCfhKhltA8865UGf3j+5nt6Hri6KPyURI1azSEgHIO8RI4PwGzWgRNl1ARHLi5XW8LEjbcph4EEbWuw8UCHRT4MNm6EmNHUpF+j3rIlcgxIDH7Y1z+SB9oHVDWH5viaMLeSheoTWwrle2gS5fOv2iNZEASn7QP0a8FCZtmzhYiN3Db7A0= adrian@amaglio.fr
|
38
provisioning/roles/sysadmins/tasks/main.yml
Normal file
38
provisioning/roles/sysadmins/tasks/main.yml
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
---
|
||||||
|
# tasks file for sysadmin
|
||||||
|
bloc:
|
||||||
|
|
||||||
|
- name: add user
|
||||||
|
user:
|
||||||
|
name: "{{ item.username }}"
|
||||||
|
uid: "{{ item.uid }}" # Why ask for a specific UID?
|
||||||
|
home: "{{ item.home }}"
|
||||||
|
group: "{{ item.username }}"
|
||||||
|
groups: "{{ item.groups }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
|
||||||
|
- name: create ssh dir
|
||||||
|
file:
|
||||||
|
path: "{{ item.home }}/.ssh"
|
||||||
|
owner: "{{item.username}}"
|
||||||
|
mode: '0700'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: add git ssh server in authorized_keys
|
||||||
|
ansible.builtin.known_hosts:
|
||||||
|
path: "{{item.home}}/.ssh/known_hosts"
|
||||||
|
name: "[git.jean-cloud.net]:22529"
|
||||||
|
key: "[git.jean-cloud.net]:22529,[51.255.33.248]:22529 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBD5wYpMhqZ1DDgVKyX5tutlM8BHu2evhVsi2/5mpuqVYZU8LjI9oTVs6rxIV7FlgtHlPDpad5pTIk//bJxFGdA="
|
||||||
|
# key: "{{ lookup('ansible.builtin.file', 'files/git_key.pub') }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
|
||||||
|
- name: Set authorized key
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ item.username }}"
|
||||||
|
state: present
|
||||||
|
key: "{{ item.public_ssh_key }}"
|
||||||
|
|
||||||
|
with_items: "{{sysadmin}}"
|
||||||
|
|
15
provisioning/roles/sysadmins/vars/main.yml
Normal file
15
provisioning/roles/sysadmins/vars/main.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
# vars file for sysadmin-adrian
|
||||||
|
sysadmin:
|
||||||
|
ad:
|
||||||
|
username: ad
|
||||||
|
full_name: Adrian Amaglio
|
||||||
|
home: /home/ad
|
||||||
|
groups: sudo sysdamins
|
||||||
|
ssh_public_key: ???
|
||||||
|
pn:
|
||||||
|
username: pn
|
||||||
|
full_name: Pieds-Nus
|
||||||
|
home: /home/pn
|
||||||
|
groups: sudo sysadmins
|
||||||
|
ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKqcuQ41Wt0mmMXd1MZ0godzu63c08/zJdLfBGzoGIoZEOW5CRIWqVCR7BhjpaN+kBLqReCJDwwBNJy0W0LQcNPG0l5MwDnWHWxenKAOLpTuER5NTlrbdVjPaCQ7D0oM1UY+LYn4YCDxdm76Ygvc1eAChjsKiQXO3mItFgav9lvx7owmuCE/IV/gKHW6KAJPdmprXBv7AQaRX2qy4qCZ6CRZ/q8sVb3njpzFhVUs4IcTgs15IUVTlukSHg7YoaaPN8nOhoQaZu81uKvKQGtqKso29I+PGRNHglFZ6q+7Lzbx2/tqN+D4J9pBWVr3UKYfOtqYqRMehudvdD+ngj+5D1jggPpOE+ferhae9LlPTf+IIJK3KMZroi67lUYoCMh5VmbpMDTaYMskAwmf4npwjl+By+HHb4zIReSWz2tngevYu7kkCaFAy5w0/2jHPN6ApM/qC9tOFNdcJmIwK+6hVdYUM55jJwXRaZFkWSESEP2U5u2OvnRYGfDmgrcEuBjjc= pieds-nus@jean-cloud"
|
Loading…
Reference in New Issue
Block a user