summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTristan Weil2019-03-01 17:00:03 +0100
committerTristan Weil2019-04-18 15:10:00 +0200
commite1bcdc6146aed2692450fc2593410f42e2c0daf9 (patch)
treefef9905a28c15e0f35478f0e74a34b44001a4e81
downloadrepository-e1bcdc6146aed2692450fc2593410f42e2c0daf9.zip
repository-e1bcdc6146aed2692450fc2593410f42e2c0daf9.tar.gz
repository-e1bcdc6146aed2692450fc2593410f42e2c0daf9.tar.bz2
Initial commit
-rw-r--r--.gitignore1
-rw-r--r--Project_Install.yml27
-rw-r--r--ansible.cfg67
-rw-r--r--inventories/t18s.fr/group_vars/all/caddy.yml57
-rw-r--r--inventories/t18s.fr/group_vars/all/hashi_vault.yml5
-rw-r--r--inventories/t18s.fr/group_vars/all/ssl.yml13
-rw-r--r--inventories/t18s.fr/group_vars/all/users.yml11
-rw-r--r--inventories/t18s.fr/group_vars/repository/cgit-stack-caddy.yml46
-rw-r--r--inventories/t18s.fr/group_vars/repository/cgit-stack-cgit.yml10
-rw-r--r--inventories/t18s.fr/group_vars/repository/cgit-stack-git.yml5
-rw-r--r--inventories/t18s.fr/group_vars/repository/cgit-stack-repos.yml755
-rw-r--r--inventories/t18s.fr/host_vars/angband.t18s.fr/caddy.yml3
-rw-r--r--inventories/t18s.fr/host_vars/angband.t18s.fr/repository.yml10
-rw-r--r--inventories/t18s.fr/host_vars/angband.t18s.fr/systemd.yml3
-rw-r--r--inventories/t18s.fr/hosts.lst7
-rw-r--r--requirements_galaxy.yml56
-rw-r--r--requirements_pip.txt3
-rw-r--r--yamllint.yml54
18 files changed, 1133 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6e1a234
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+roles/t18s.fr_* \ No newline at end of file
diff --git a/Project_Install.yml b/Project_Install.yml
new file mode 100644
index 0000000..d6fb614
--- /dev/null
+++ b/Project_Install.yml
@@ -0,0 +1,27 @@
+---
+
+#
+# Install repository
+#
+
+###################################################
+# repository
+###################################################
+- hosts: repository
+ name: '!!!!!!!!!! Install repo !!!!!!!!!!'
+ become: True
+
+ roles:
+ - role: t18s.fr_cgit-stack
+
+ - role: t18s.fr_ssh_fingerprint
+ ssh_fingerprint_hosts:
+ - "{{ inventory_hostname }}"
+ ssh_fingerprint_user: root
+ ssh_fingerprint_ssh_dir_mode: "0750"
+ ssh_fingerprint_known_host_mode: "0640"
+
+ - role: t18s.fr_ssh_keygen
+ ssh_keygen_user: root
+ ssh_keygen_ssh_dir_mode: "0750"
+ ssh_keygen_ssh_key_mode: "0600"
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..e06d985
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,67 @@
+# config file for ansible -- https://ansible.com/
+# ===============================================
+
+[defaults]
+
+# default user to use for playbooks if user is not specified
+# (/usr/bin/ansible will use current user as default)
+remote_user = ansible
+
+# additional paths to search for roles in, colon separated
+#roles_path = /etc/ansible/roles
+roles_path = roles
+
+# retry files
+# When a playbook fails by default a .retry file will be created in ~/
+# You can disable this feature by setting retry_files_enabled to False
+# and you can change the location of the files by setting retry_files_save_path
+retry_files_enabled = False
+
+# remote temp directory
+# where to put temporary directories
+remote_tmp = /tmp
+
+# set plugin path directories here, separate with colons
+#action_plugins = /usr/share/ansible/plugins/action
+#cache_plugins = /usr/share/ansible/plugins/cache
+callback_plugins = /usr/share/ansible/plugins/callback:plugins/callback
+#connection_plugins = /usr/share/ansible/plugins/connection
+#lookup_plugins = /usr/share/ansible/plugins/lookup
+#inventory_plugins = /usr/share/ansible/plugins/inventory
+#vars_plugins = /usr/share/ansible/plugins/vars
+filter_plugins = /usr/share/ansible/plugins/filter:plugins/filter
+#test_plugins = /usr/share/ansible/plugins/test
+#terminal_plugins = /usr/share/ansible/plugins/terminal
+#strategy_plugins = /usr/share/ansible/plugins/strategy
+
+# change the default callback
+#callback_whitelist = timer, profile_tasks
+
+# plays will gather facts by default, which contain information about
+# the remote system.
+#
+# smart - gather by default, but don't regather if already gathered
+# implicit - gather by default, turn off with gather_facts: False
+# explicit - do not gather by default, must say gather_facts: True
+gathering = smart
+
+[ssh_connection]
+
+# Enabling pipelining reduces the number of SSH operations required to
+# execute a module on the remote server. This can result in a significant
+# performance improvement when enabled, however when using "sudo:" you must
+# first disable 'requiretty' in /etc/sudoers
+#
+# By default, this option is disabled to preserve compatibility with
+# sudoers configurations that have requiretty (the default on many distros).
+#
+pipelining = True
+
+# ssh arguments to use
+# Leaving off ControlPersist will result in poor performance, so use
+# paramiko on older platforms rather than removing it, -C controls compression use
+ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ServerAliveInterval=45 -o ServerAliveCountMax=10
+
+# if True, make ansible use scp if the connection type is ssh
+# (default is sftp)
+#scp_if_ssh = True
diff --git a/inventories/t18s.fr/group_vars/all/caddy.yml b/inventories/t18s.fr/group_vars/all/caddy.yml
new file mode 100644
index 0000000..8722dff
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/all/caddy.yml
@@ -0,0 +1,57 @@
+---
+
+caddy_dns_provider: gandiv5
+
+caddy_main_instance_envs:
+ - name: GANDIV5_API_KEY
+ value: "{{ lookup('hashi_vault', 'url={{ hashi_vault_url }} {{ hashi_vault_cx }} secret=secret/v1/common/gandi')['v5_api_key'] }}"
+
+caddy_artifact_options:
+ os: linux
+ arch: amd64
+ plugins:
+ - tls.dns.gandiv5
+ - http.cgi
+ license: personal
+ telemetry: 'off'
+
+caddy_daemon_log_path: /var/log/caddy/daemon.log
+
+caddy_main_instance_log_dir: /var/log/caddy
+
+caddy_main_instance_config: |+
+ {{ inventory_hostname }} {
+ root /var/empty
+
+ header / {
+ Strict-Transport-Security "max-age=31536000;"
+ -Hidden
+ -Server
+ }
+
+ gzip
+
+ log / {{ caddy_main_instance_log_dir }}/access.log "{common}" {
+ rotate_size 250
+ rotate_age 1
+ rotate_keep 7
+ rotate_compress
+ ipmask 0.0.0.0 0000:0000:0000:0000:0000:0000:0000:0000
+ #ipmask 255.255.0.0 ffff:ffff:ffff:ffff::
+ }
+
+ errors {{ caddy_main_instance_log_dir }}/errors.log {
+ rotate_size 250
+ rotate_age 1
+ rotate_keep 7
+ rotate_compress
+ }
+
+ tls {{ users_le_mail }} {
+ dns {{ caddy_dns_provider }}
+ ciphers {{ ssl_ciphers_caddy }}
+ protocols tls1.2
+ }
+ }
+
+ import vhosts/*
diff --git a/inventories/t18s.fr/group_vars/all/hashi_vault.yml b/inventories/t18s.fr/group_vars/all/hashi_vault.yml
new file mode 100644
index 0000000..d35352b
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/all/hashi_vault.yml
@@ -0,0 +1,5 @@
+---
+
+hashi_vault_url: "http://127.0.0.1:8200"
+# hashi_vault_cx: "auth_method=userpass username={{ hashi_vault_username }} password={{ hashi_vault_password }}"
+hashi_vault_cx: "mount_point=secret token={{ hashi_vault_token }}"
diff --git a/inventories/t18s.fr/group_vars/all/ssl.yml b/inventories/t18s.fr/group_vars/all/ssl.yml
new file mode 100644
index 0000000..a8208e8
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/all/ssl.yml
@@ -0,0 +1,13 @@
+---
+
+ssl_ciphers:
+ - ECDHE-ECDSA-WITH-CHACHA20-POLY1305
+ - ECDHE-RSA-WITH-CHACHA20-POLY1305
+ - ECDHE-ECDSA-AES256-GCM-SHA384
+ - ECDHE-RSA-AES256-GCM-SHA384
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ - ECDHE-RSA-AES128-GCM-SHA256
+
+ssl_ciphers_caddy: "{{ ssl_ciphers | join(' ') }}"
+ssl_ciphers_haproxy: "{{ ssl_ciphers | join(':') }}"
+ssl_ciphers_influxdb: "{{ ssl_ciphers | map('regex_replace', '-', '_') | map('regex_replace', '^', 'TLS_') | list }}"
diff --git a/inventories/t18s.fr/group_vars/all/users.yml b/inventories/t18s.fr/group_vars/all/users.yml
new file mode 100644
index 0000000..c0c30be
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/all/users.yml
@@ -0,0 +1,11 @@
+---
+
+users:
+ - name: titou
+ is_admin: True
+ pubkey: |-
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJiowbRvbFVz+OFtg+3RgnMXaXe2S38SERipwZTN90Qy titou@groar.intra.foloctet.com
+
+users_admin_user: titou
+
+users_le_mail: "{{ users_admin_user }}@le.t18s.fr"
diff --git a/inventories/t18s.fr/group_vars/repository/cgit-stack-caddy.yml b/inventories/t18s.fr/group_vars/repository/cgit-stack-caddy.yml
new file mode 100644
index 0000000..6634ca3
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/repository/cgit-stack-caddy.yml
@@ -0,0 +1,46 @@
+---
+
+cgit_stack_caddy_instance_name: cgit
+
+cgit_stack_caddy_instance_log_dir: "{{ caddy_main_instance_log_dir }}/{{ cgit_stack_caddy_instance_name }}"
+cgit_stack_caddy_instance_config: |+
+ {{ cgit_stack_caddy_url }} {
+ root {{ cgit_stack_cgit_assets_dir }}
+
+ header / {
+ Strict-Transport-Security "max-age=31536000;"
+ -Hidden
+ -Server
+ }
+
+ gzip
+
+ log / {{ cgit_stack_caddy_instance_log_dir }}/access.log "{common}" {
+ rotate_size 250
+ rotate_age 1
+ rotate_keep 7
+ rotate_compress
+ ipmask 0.0.0.0 0000:0000:0000:0000:0000:0000:0000:0000
+ #ipmask 255.255.0.0 ffff:ffff:ffff:ffff::
+ }
+
+ errors {{ cgit_stack_caddy_instance_log_dir }}/errors.log {
+ rotate_size 250
+ rotate_age 1
+ rotate_keep 7
+ rotate_compress
+ }
+
+ tls {{ users_le_mail }} {
+ dns {{ caddy_dns_provider }}
+ ciphers {{ ssl_ciphers_caddy }}
+ protocols tls1.2
+ }
+
+ cgi {
+ match /
+ exec {{ cgit_stack_cgit_path }}
+ env CGIT_CONFIG=/etc/cgitrc
+ except /cgit.png /favicon.ico /cgit.css /robots.txt
+ }
+ }
diff --git a/inventories/t18s.fr/group_vars/repository/cgit-stack-cgit.yml b/inventories/t18s.fr/group_vars/repository/cgit-stack-cgit.yml
new file mode 100644
index 0000000..ac7b2f5
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/repository/cgit-stack-cgit.yml
@@ -0,0 +1,10 @@
+---
+
+cgit_stack_cgit_assets_repo_url: "{{ cgit_stack_repos_dir }}/t18s/cgit-assets-t18s.git"
+
+cgit_stack_cgit_config:
+ clone-url: "https://{{ cgit_stack_caddy_url }}/$CGIT_REPO_URL ssh://git@{{ cgit_stack_caddy_url }}/$CGIT_REPO_URL"
+ root-title: t18s git repositories
+ root-desc: tracking t18s devs
+ root-readme: "{{ cgit_stack_cgit_assets_dir }}/about.html"
+ robots: noindex, nofollow
diff --git a/inventories/t18s.fr/group_vars/repository/cgit-stack-git.yml b/inventories/t18s.fr/group_vars/repository/cgit-stack-git.yml
new file mode 100644
index 0000000..6c797ae
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/repository/cgit-stack-git.yml
@@ -0,0 +1,5 @@
+---
+
+cgit_stack_git_user: git
+
+cgit_stack_git_pubkeys: "{{ users | json_query('[*].{pubkey: pubkey}') }}"
diff --git a/inventories/t18s.fr/group_vars/repository/cgit-stack-repos.yml b/inventories/t18s.fr/group_vars/repository/cgit-stack-repos.yml
new file mode 100644
index 0000000..7c1a7b6
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/repository/cgit-stack-repos.yml
@@ -0,0 +1,755 @@
+---
+
+cgit_stack_repos:
+ # devel
+ - name: dns-lexicon
+ parent_dir: devel
+ desc: a fork of dns-lexicon (https://github.com/AnalogJ/lexicon.git)
+ section: devel
+ owner: Tristan Weil
+
+ - name: node-interface
+ parent_dir: devel
+ desc: a fork of xblau's node-interface (https://github.com/xblau/node-interface.git)
+ section: devel
+ owner: Tristan Weil
+
+ - name: pfinger
+ parent_dir: devel
+ desc: a finger server and client in perl
+ section: devel
+ owner: Tristan Weil
+
+ - name: ptlstunnel
+ parent_dir: devel
+ desc: a simple tls proxy tunnel in perl
+ section: devel
+ owner: Tristan Weil
+
+ - name: pydaemonize
+ parent_dir: devel
+ desc: a python class to daemonize a process
+ section: devel
+ owner: Tristan Weil
+
+ - name: pygopher_server
+ parent_dir: devel
+ desc: a gopher server class in python
+ section: devel
+ owner: Tristan Weil
+
+ - name: pygopher
+ parent_dir: devel
+ desc: a gopher server
+ section: devel
+ owner: Tristan Weil
+
+ # t18s
+ - name: cgit-assets-t18s
+ parent_dir: t18s
+ desc: the custom cgit assets of t18s
+ section: t18s
+ owner: Tristan Weil
+
+ - name: pfinger-data-t18s
+ parent_dir: t18s
+ desc: the data for the pfinger server of t18s
+ section: t18s
+ owner: Tristan Weil
+ hooks:
+ - name: post-receive
+ content: |+
+ #!/bin/sh
+
+ branch=$(git symbolic-ref HEAD)
+ if [ "$branch" = "refs/heads/master" ]; then
+ ssh _finger-t18s-data@angband.t18s.fr "forcecommand"
+ exit $?
+ fi
+
+ exit 0
+
+ - name: pygopher-data-t18s
+ parent_dir: t18s
+ desc: the data for the pygopher server of t18s
+ section: t18s
+ owner: Tristan Weil
+ hooks:
+ - name: post-receive
+ content: |+
+ #!/bin/sh
+
+ branch=$(git symbolic-ref HEAD)
+ if [ "$branch" = "refs/heads/master" ]; then
+ ssh _gopher-t18s-data@angband.t18s.fr "forcecommand"
+ exit $?
+ fi
+
+ exit 0
+
+ - name: www-t18s
+ parent_dir: t18s
+ desc: the data for the website of t18s
+ section: t18s
+ owner: Tristan Weil
+ hooks:
+ - name: post-receive
+ content: |+
+ #!/bin/sh
+
+ branch=$(git symbolic-ref HEAD)
+ if [ "$branch" = "refs/heads/master" ]; then
+ ssh _www-t18s@angband.t18s.fr "forcecommand"
+ exit $?
+ fi
+
+ exit 0
+
+ # mirrors
+ - name: OpenBSD-src
+ parent_dir: mirrors
+ desc: OpenBSD's src repository (from https://github.com/openbsd/src)
+ src: https://github.com/openbsd/src.git
+ section: mirrors
+ owner: OpenBSD Project
+
+ - name: OpenBSD-ports
+ parent_dir: mirrors
+ desc: OpenBSD's ports repository (from https://github.com/openbsd/ports)
+ src: https://github.com/openbsd/ports.git
+ section: mirrors
+ owner: OpenBSD Project
+
+ - name: OpenBSD-xenocara
+ parent_dir: mirrors
+ desc: OpenBSD's xenocara repository (from https://github.com/openbsd/xenocara)
+ src: https://github.com/openbsd/xenocara.git
+ section: mirrors
+ owner: OpenBSD Project
+
+ - name: bitcoin-core
+ parent_dir: mirrors
+ desc: Bitcoin Core integration/staging tree (https://bitcoincore.org/en/download)
+ src: https://github.com/bitcoin/bitcoin.git
+ section: mirrors
+ owner: Bitcoin Project
+
+ - name: litecoin
+ parent_dir: mirrors
+ desc: Litecoin source tree (http://www.litecoin.org)
+ src: https://github.com/litecoin-project/litecoin
+ section: mirrors
+ owner: Litecoin Project
+
+ - name: monacoin
+ parent_dir: mirrors
+ desc: Monacoin source tree (https://monacoin.org/)
+ src: https://github.com/monacoinproject/monacoin.git
+ section: mirrors
+ owner: Monacoin Project
+
+ - name: flask-gopher
+ parent_dir: mirrors
+ desc: A Python Flask extension for the Gopher Protocol (https://github.com/michael-lazar/flask-gopher)
+ src: https://github.com/michael-lazar/flask-gopher.git
+ section: mirrors
+ owner: Michael Lazar
+
+ - name: node-interface
+ parent_dir: mirrors
+ desc: Web status page for Litecoin (and similar) full nodes (https://ltc.xblau.com)
+ src: https://github.com/xblau/node-interface.git
+ section: mirrors
+ owner: Daniel Mosquera
+
+ - name: rawdog
+ parent_dir: mirrors
+ desc: rawdog is an RSS Aggregator (https://offog.org/code/rawdog/)
+ src: http://offog.org/git/rawdog.git
+ section: mirrors
+ owner: Adam Sampson
+
+ - name: yamllint
+ parent_dir: mirrors
+ desc: A linter for YAML files (https://github.com/adrienverge/yamllint)
+ src: https://github.com/adrienverge/yamllint.git
+ section: mirrors
+ owner: Adrien Verge
+
+ # t18s-ansible-playbooks
+ - name: btc_bitcoincore
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy a bitcoincore instance for the bitcoin network
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: ltc_bitcoincore
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy a bitcoincore instance for the litecoin network
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: mnc_bitcoincore
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy a bitcoincore instance for the monacoin network
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: finger
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy a finger server
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: gopher
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy a gopher server
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: mysecrets
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy bitwarden
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: repository
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy cgit
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: website
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy a website with hugo
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: infrasecrets
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to deploy a cluster of Consul and Vault instances
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ - name: system
+ parent_dir: t18s-ansible-playbooks
+ desc: Ansible playbooks to prepare and install a machine
+ section: t18s-ansible-playbooks
+ owner: Tristan Weil
+
+ # ansible
+ - name: Debian_OnlineNet
+ parent_dir: ansible
+ desc: an Ansible role to configure a Debian machine at Online.net
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Debian_network
+ parent_dir: ansible
+ desc: an Ansible role to configure the network on Debian
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Debian_pkg_config
+ parent_dir: ansible
+ desc: an Ansible role to configure the package system on Debian
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Linux_bitwarden
+ parent_dir: ansible
+ desc: an Ansible role to install and configure an instance of bitwarden
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Linux_docker
+ parent_dir: ansible
+ desc: an Ansible role to install Docker on Linux
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Linux_docker-compose
+ parent_dir: ansible
+ desc: an Ansible role to install docker-compose on Linux
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Linux_firewall
+ parent_dir: ansible
+ desc: an Ansible role to install a firewall on Linux
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Linux_firewall_config
+ parent_dir: ansible
+ desc: an Ansible role to configure a firewall on Linux
+ section: ansible
+ owner: Tristan Weil
+
+ - name: Linux_kernel_module
+ parent_dir: ansible
+ desc: an Ansible role to add or remove kernel modules for Linux
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OnlineNet
+ parent_dir: ansible
+ desc: an Ansible role to configure a machine at Online.net
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OpenBSD_OnlineNet
+ parent_dir: ansible
+ desc: an Ansible role to configure an OpenBSD machine at Online.net
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OpenBSD_doas
+ parent_dir: ansible
+ desc: an Ansible role to configure doas
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OpenBSD_firewall
+ parent_dir: ansible
+ desc: an Ansible role to install a firewall on OpenBSD
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OpenBSD_firewall_config
+ parent_dir: ansible
+ desc: an Ansible role to configure a firewall on OpenBSD
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OpenBSD_login_class
+ parent_dir: ansible
+ desc: an Ansible role to configure a login class on OpenBSD
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OpenBSD_network
+ parent_dir: ansible
+ desc: an Ansible role to configure the network on OpenBSD
+ section: ansible
+ owner: Tristan Weil
+
+ - name: OpenBSD_pkg_config
+ parent_dir: ansible
+ desc: an Ansible role to configure the package system on OpenBSD
+ section: ansible
+ owner: Tristan Weil
+
+ - name: bitcoincore
+ parent_dir: ansible
+ desc: an Ansible role to install and configure an instance of bitcoincore
+ section: ansible
+ owner: Tristan Weil
+
+ - name: bitcoincore-stack
+ parent_dir: ansible
+ desc: an Ansible role to wrap the installation and configuration of bitcoincore, php-fpm, node-interface and caddy
+ section: ansible
+ owner: Tristan Weil
+
+ - name: caddy
+ parent_dir: ansible
+ desc: an Ansible role to install and configure the caddy web server
+ section: ansible
+ owner: Tristan Weil
+
+ - name: certbot
+ parent_dir: ansible
+ desc: an Ansible role to install and configure certbot
+ section: ansible
+ owner: Tristan Weil
+
+ - name: cgit
+ parent_dir: ansible
+ desc: an Ansible role to install and configure cgit
+ section: ansible
+ owner: Tristan Weil
+
+ - name: cgit-stack
+ parent_dir: ansible
+ desc: an Ansible role to wrap the installation and configuration of git, cgit and caddy
+ section: ansible
+ owner: Tristan Weil
+
+ - name: chroot
+ parent_dir: ansible
+ desc: an Ansible role to create and populate chroots
+ section: ansible
+ owner: Tristan Weil
+
+ - name: collectd
+ parent_dir: ansible
+ desc: an Ansible role to install and configure collectd
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul
+ parent_dir: ansible
+ desc: an Ansible role to install and configure a consul agent
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul_acl_policy
+ parent_dir: ansible
+ desc: an Ansible role to create and delete consul policy
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul_acl_token
+ parent_dir: ansible
+ desc: an Ansible role to create and delete consul token
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul_check
+ parent_dir: ansible
+ desc: an Ansible role to create a consul check
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul_cluster
+ parent_dir: ansible
+ desc: an Ansible role to create a consul cluster
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul_service
+ parent_dir: ansible
+ desc: an Ansible role to create a consul service
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul_simulation
+ parent_dir: ansible
+ desc: an Ansible role to help to simulate a consul cluster
+ section: ansible
+ owner: Tristan Weil
+
+ - name: consul_snapshot
+ parent_dir: ansible
+ desc: an Ansible role to manage snapshots
+ section: ansible
+ owner: Tristan Weil
+
+ - name: etc_hosts
+ parent_dir: ansible
+ desc: an Ansible role to manage /etc/hosts
+ section: ansible
+ owner: Tristan Weil
+
+ - name: fail2ban
+ parent_dir: ansible
+ desc: an Ansible role to install and configure fail2ban
+ section: ansible
+ owner: Tristan Weil
+
+ - name: firewall
+ parent_dir: ansible
+ desc: an Ansible role to install a firewall
+ section: ansible
+ owner: Tristan Weil
+
+ - name: firewall_config
+ parent_dir: ansible
+ desc: an Ansible role to configure a firewall
+ section: ansible
+ owner: Tristan Weil
+
+ - name: git
+ parent_dir: ansible
+ desc: an Ansible role to create and manage git repositories and/or mirrors
+ section: ansible
+ owner: Tristan Weil
+
+ - name: grafana
+ parent_dir: ansible
+ desc: an Ansible role to install and configure grafana
+ section: ansible
+ owner: Tristan Weil
+
+ - name: grafana_api
+ parent_dir: ansible
+ desc: an Ansible role to handle the grafana api
+ section: ansible
+ owner: Tristan Weil
+
+ - name: haproxy-simple
+ parent_dir: ansible
+ desc: an Ansible role to install and configure haproxy for simple use-cases
+ section: ansible
+ owner: Tristan Weil
+
+ - name: hugo
+ parent_dir: ansible
+ desc: an Ansible role to install an instance of hugo
+ section: ansible
+ owner: Tristan Weil
+
+ - name: logrotate
+ parent_dir: ansible
+ desc: an Ansible role to manage the configuration of the logs rotation system
+ section: ansible
+ owner: Tristan Weil
+
+ - name: motd
+ parent_dir: ansible
+ desc: an Ansible role to manage the /etc/motd and /etc/issue files
+ section: ansible
+ owner: Tristan Weil
+
+ - name: network
+ parent_dir: ansible
+ desc: an Ansible role to configure the network
+ section: ansible
+ owner: Tristan Weil
+
+ - name: node-interface
+ parent_dir: ansible
+ desc: an Ansible role to install and configure an instance of node-interface
+ section: ansible
+ owner: Tristan Weil
+
+ - name: openntpd
+ parent_dir: ansible
+ desc: an Ansible role to install and configure opennptd
+ section: ansible
+ owner: Tristan Weil
+
+ - name: opensmtpd
+ parent_dir: ansible
+ desc: an Ansible role to install and configure opensmtpd
+ section: ansible
+ owner: Tristan Weil
+
+ - name: perlbrew
+ parent_dir: ansible
+ desc: an Ansible role to manage perlbrew instances
+ section: ansible
+ owner: Tristan Weil
+
+ - name: pfinger
+ parent_dir: ansible
+ desc: an Ansible role to install and configure a finger server
+ section: ansible
+ owner: Tristan Weil
+
+ - name: php-fpm
+ parent_dir: ansible
+ desc: an Ansible role to install and configure an instance of php-fpm
+ section: ansible
+ owner: Tristan Weil
+
+ - name: php-fpm-stack
+ parent_dir: ansible
+ desc: an Ansible role to wrap the installation and configuration of php-fpm
+ section: ansible
+ owner: Tristan Weil
+
+ - name: pkg
+ parent_dir: ansible
+ desc: an Ansible role to manage packages
+ section: ansible
+ owner: Tristan Weil
+
+ - name: pkg_config
+ parent_dir: ansible
+ desc: an Ansible role to configure the packaging system (prefer the distrib one)
+ section: ansible
+ owner: Tristan Weil
+
+ - name: prometheus
+ parent_dir: ansible
+ desc: an Ansible role to install and configure prometheus
+ section: ansible
+ owner: Tristan Weil
+
+ - name: pyenv
+ parent_dir: ansible
+ desc: an Ansible role to manage pyenv instances
+ section: ansible
+ owner: Tristan Weil
+
+ - name: pygopher
+ parent_dir: ansible
+ desc: an Ansible role to install and configure a gopher server
+ section: ansible
+ owner: Tristan Weil
+
+ - name: rawdog
+ parent_dir: ansible
+ desc: an Ansible role to deploy rawdog (rss aggregator)
+ section: ansible
+ owner: Tristan Weil
+
+ - name: reboot
+ parent_dir: ansible
+ desc: an Ansible role to reboot a machine
+ section: ansible
+ owner: Tristan Weil
+
+ - name: requirements
+ parent_dir: ansible
+ desc: an Ansible role to install the minimal libs Ansible needs
+ section: ansible
+ owner: Tristan Weil
+
+ - name: skel
+ parent_dir: ansible
+ desc: an Ansible role to manage the /etc/skel files
+ section: ansible
+ owner: Tristan Weil
+
+ - name: ssh_fingerprint
+ parent_dir: ansible
+ desc: an Ansible role to add or remove SSH fingerprints
+ section: ansible
+ owner: Tristan Weil
+
+ - name: ssh_keygen
+ parent_dir: ansible
+ desc: an Ansible role to manage the keygen of SSH keys
+ section: ansible
+ owner: Tristan Weil
+
+ - name: sshd
+ parent_dir: ansible
+ desc: an Ansible role to configure the SSH daemon
+ section: ansible
+ owner: Tristan Weil
+
+ - name: sshd_delete_keys
+ parent_dir: ansible
+ desc: an Ansible role to delete hosts keys
+ section: ansible
+ owner: Tristan Weil
+
+ - name: sshd_sshfp
+ parent_dir: ansible
+ desc: an Ansible role to create/update SSHFP DNS records
+ section: ansible
+ owner: Tristan Weil
+
+ - name: ssl_consul_certificate
+ parent_dir: ansible
+ desc: an Ansible role to create a CA or to generate a certificate from a CA generated by the 'consul tls' tool
+ section: ansible
+ owner: Tristan Weil
+
+ - name: ssl_ownca_certificate
+ parent_dir: ansible
+ desc: an Ansible role to create a self-signed CA or to generate a certificate from a self-signed CA
+ section: ansible
+ owner: Tristan Weil
+
+ - name: ssl_selfsigned_certificate
+ parent_dir: ansible
+ desc: an Ansible role to create a self-signed certificate
+ section: ansible
+ owner: Tristan Weil
+
+ - name: ssl_vault_certificate
+ parent_dir: ansible
+ desc: an Ansible role to generate a certificate from vault
+ section: ansible
+ owner: Tristan Weil
+
+ - name: sudoers
+ parent_dir: ansible
+ desc: an Ansible role to configure sudo
+ section: ansible
+ owner: Tristan Weil
+
+ - name: sysctl
+ parent_dir: ansible
+ desc: an Ansible role to configure sysctl variables
+ section: ansible
+ owner: Tristan Weil
+
+ - name: syslog
+ parent_dir: ansible
+ desc: an Ansible role to install and configure a syslog service
+ section: ansible
+ owner: Tristan Weil
+
+ - name: syslog_system
+ parent_dir: ansible
+ desc: an Ansible role to install and configure syslog and default associated logrotates configurations
+ section: ansible
+ owner: Tristan Weil
+
+ - name: timezone
+ parent_dir: ansible
+ desc: an Ansible role to update the timezone on a machine
+ section: ansible
+ owner: Tristan Weil
+
+ - name: umask
+ parent_dir: ansible
+ desc: an Ansible role to configure the system umask
+ section: ansible
+ owner: Tristan Weil
+
+ - name: upgrade
+ parent_dir: ansible
+ desc: an Ansible role to manage the packages upgrade
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault
+ parent_dir: ansible
+ desc: an Ansible role to install and configure a vault daemon
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault_auth_method
+ parent_dir: ansible
+ desc: an Ansible role to add an auth method to vault
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault_auth_token
+ parent_dir: ansible
+ desc: an Ansible role to add authenticate against the 'token' auth method
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault_auth_userpass
+ parent_dir: ansible
+ desc: an Ansible role to add authenticate against the 'userpass' auth method
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault_cluster
+ parent_dir: ansible
+ desc: an Ansible role to create a vault cluster
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault_policy
+ parent_dir: ansible
+ desc: an Ansible role to add policy to vault
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault_secret_engine
+ parent_dir: ansible
+ desc: an Ansible role to add a secret engine to vault
+ section: ansible
+ owner: Tristan Weil
+
+ - name: vault_simulation
+ parent_dir: ansible
+ desc: an Ansible role to help to simulate a vault cluster
+ section: ansible
+ owner: Tristan Weil
+
+ - name: verify_artifact
+ parent_dir: ansible
+ desc: an Ansible role to validate artifacts or sum files
+ section: ansible
+ owner: Tristan Weil
diff --git a/inventories/t18s.fr/host_vars/angband.t18s.fr/caddy.yml b/inventories/t18s.fr/host_vars/angband.t18s.fr/caddy.yml
new file mode 100644
index 0000000..f849739
--- /dev/null
+++ b/inventories/t18s.fr/host_vars/angband.t18s.fr/caddy.yml
@@ -0,0 +1,3 @@
+---
+
+caddy_artifact_version: v0.11.4
diff --git a/inventories/t18s.fr/host_vars/angband.t18s.fr/repository.yml b/inventories/t18s.fr/host_vars/angband.t18s.fr/repository.yml
new file mode 100644
index 0000000..0191f63
--- /dev/null
+++ b/inventories/t18s.fr/host_vars/angband.t18s.fr/repository.yml
@@ -0,0 +1,10 @@
+---
+
+# caddy
+cgit_stack_caddy_url: git.t18s.fr
+
+# cgit
+cgit_stack_cgit_assets_dir: /data/srv/www/cgit-assets
+
+# cgit_stack
+cgit_stack_repos_dir: /data/srv/git
diff --git a/inventories/t18s.fr/host_vars/angband.t18s.fr/systemd.yml b/inventories/t18s.fr/host_vars/angband.t18s.fr/systemd.yml
new file mode 100644
index 0000000..9c621a1
--- /dev/null
+++ b/inventories/t18s.fr/host_vars/angband.t18s.fr/systemd.yml
@@ -0,0 +1,3 @@
+---
+
+caddy_daemon_enabled: False
diff --git a/inventories/t18s.fr/hosts.lst b/inventories/t18s.fr/hosts.lst
new file mode 100644
index 0000000..8e49640
--- /dev/null
+++ b/inventories/t18s.fr/hosts.lst
@@ -0,0 +1,7 @@
+#####
+
+[all]
+angband.t18s.fr ansible_host=62.210.124.142
+
+[repository]
+angband.t18s.fr
diff --git a/requirements_galaxy.yml b/requirements_galaxy.yml
new file mode 100644
index 0000000..bf6d197
--- /dev/null
+++ b/requirements_galaxy.yml
@@ -0,0 +1,56 @@
+---
+
+- src: https://git.t18s.fr/ansible/Linux_firewall_config.git
+ version: master
+ scm: git
+ name: t18s.fr_Linux_firewall_config
+
+- src: https://git.t18s.fr/ansible/caddy.git
+ version: master
+ scm: git
+ name: t18s.fr_caddy
+
+- src: https://git.t18s.fr/ansible/cgit.git
+ version: master
+ scm: git
+ name: t18s.fr_cgit
+
+- src: https://git.t18s.fr/ansible/cgit-stack.git
+ version: master
+ scm: git
+ name: t18s.fr_cgit-stack
+
+- src: https://git.t18s.fr/ansible/chroot.git
+ version: master
+ scm: git
+ name: t18s.fr_chroot
+
+- src: https://git.t18s.fr/ansible/firewall_config.git
+ version: master
+ scm: git
+ name: t18s.fr_firewall_config
+
+- src: https://git.t18s.fr/ansible/git.git
+ version: master
+ scm: git
+ name: t18s.fr_git
+
+- src: https://git.t18s.fr/ansible/pkg.git
+ version: master
+ scm: git
+ name: t18s.fr_pkg
+
+- src: https://git.t18s.fr/ansible/ssh_fingerprint.git
+ version: master
+ scm: git
+ name: t18s.fr_ssh_fingerprint
+
+- src: https://git.t18s.fr/ansible/ssh_keygen.git
+ version: master
+ scm: git
+ name: t18s.fr_ssh_keygen
+
+- src: https://git.t18s.fr/ansible/sshd.git
+ version: master
+ scm: git
+ name: t18s.fr_sshd
diff --git a/requirements_pip.txt b/requirements_pip.txt
new file mode 100644
index 0000000..702e6d2
--- /dev/null
+++ b/requirements_pip.txt
@@ -0,0 +1,3 @@
+ansible
+jmespath
+hvac \ No newline at end of file
diff --git a/yamllint.yml b/yamllint.yml
new file mode 100644
index 0000000..fe05227
--- /dev/null
+++ b/yamllint.yml
@@ -0,0 +1,54 @@
+---
+
+rules:
+ braces:
+ min-spaces-inside: 0
+ max-spaces-inside: 0
+ min-spaces-inside-empty: -1
+ max-spaces-inside-empty: -1
+ brackets:
+ min-spaces-inside: 0
+ max-spaces-inside: 0
+ min-spaces-inside-empty: -1
+ max-spaces-inside-empty: -1
+ colons:
+ max-spaces-before: 0
+ max-spaces-after: 1
+ commas:
+ max-spaces-before: 0
+ min-spaces-after: 1
+ max-spaces-after: 1
+ comments:
+ level: warning
+ require-starting-space: true
+ min-spaces-from-content: 2
+ comments-indentation:
+ level: warning
+ document-end: disable
+ document-start:
+ level: warning
+ present: true
+ empty-lines:
+ max: 2
+ max-start: 0
+ max-end: 0
+ empty-values:
+ forbid-in-block-mappings: false
+ forbid-in-flow-mappings: false
+ hyphens:
+ max-spaces-after: 1
+ indentation:
+ spaces: 2
+ indent-sequences: true
+ check-multi-line-strings: false
+ key-duplicates: enable
+ key-ordering: disable
+ line-length: disable
+ new-line-at-end-of-file: enable
+ new-lines:
+ type: unix
+ octal-values:
+ forbid-implicit-octal: false
+ forbid-explicit-octal: false
+ trailing-spaces: enable
+ truthy: disable