From a7f2063641e7a1131f2bd8f03a2c90d070a83d09 Mon Sep 17 00:00:00 2001 From: southerntofu Date: Fri, 17 Apr 2020 15:39:07 +0200 Subject: [PATCH] =?UTF-8?q?D=C3=A9but=20de=20traductions=20pour=20les=20pl?= =?UTF-8?q?aybooks!?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- i18n/en.yml | 44 +++++++++++++++++++++ i18n/fr.yml | 44 +++++++++++++++++++++ roles/.common/tasks/main.yml | 15 +++---- roles/.common/tasks/packages.yml | 2 +- roles/.common/tasks/peering/main.yml | 4 +- roles/.common/tasks/peering/setup_local.yml | 8 ++-- roles/.common/tasks/peering/setup_peer.yml | 7 ++-- roles/.common/tasks/tor.yml | 4 +- roles/.common/tasks/users/main.yml | 4 +- roles/.common/tasks/users/setup_user.yml | 10 ++--- 10 files changed, 116 insertions(+), 26 deletions(-) create mode 100644 i18n/en.yml create mode 100644 i18n/fr.yml diff --git a/i18n/en.yml b/i18n/en.yml new file mode 100644 index 0000000..c55bc49 --- /dev/null +++ b/i18n/en.yml @@ -0,0 +1,44 @@ +task: Task +handler: Handler +SUMMARY: SUMMARY +Gathering Facts: Gather facts +changed: changed +ok: ok +ignored: ignored +failed: failed +unreachable: unreachable +#### roles/.common +# roles/.common/tasks/main.yml +common-backports: Enable backports +common-base-pkg: Install base packages +common-certbot-setup: Configure certbot with the contact email +common-users-gen: Generate user accounts +common-peering: Setup peering with friendly servers +common-additional-packages: Install additional packages +common-roles: Apply roles defined in config +# roles/.common/tasks/packages.yml +common-package-managers: Start package managers +# roles/.common/tasks/tor.yml +common-tor-create: Create /etc/tor/onions/ for tor config +common-tor-config: Load onions from /etc/tor/onions +# roles/.common/tasks/peering/main.yml +common-peering-home: Create /home/peers +common-peering-remote: "Configure peer server {{ item.name }}" +# roles/.common/tasks/peering/setup_local.yml +common-peering-local-account: Create account peer +common-peering-local-ln: Create symbolic link to the local peer +common-peering-local-genkey: Generate SSH key for local peer +common-peering-local-confkey: Force SSH as ed25519 for local peer +# roles/.common/tasks/peering/setup_peer.yml +common-peering-remote-account: "Create account for peer server {{ item.name }}" +common-peering-remote-key: "Configure SSH key for peer {{ item.name }}" +common-peering-remote-known: "Declare key for server {{ item.name }} on account peer" +# roles/.common/tasks/users/main.yml +common-users-tor-reload: Reload tor to generate new onions +common-users-tor-wait: Wait for onions to be generated +# roles/.common/tasks/users/setup_user.yml +common-users-setup-account: "Create account {{ item.name }}" +common-users-setup-sudo: "Give admin powers to {{ item.name }}" +common-users-setup-key: Authorize associated SSH key +common-users-setup-onion: Generate a personal onion +common-users-setup-irc: Welcome the user on IRC diff --git a/i18n/fr.yml b/i18n/fr.yml new file mode 100644 index 0000000..6e0a513 --- /dev/null +++ b/i18n/fr.yml @@ -0,0 +1,44 @@ +task: Tâche +handler: Gestionnaire +SUMMARY: RÉSUMÉ +Gathering Facts: Rassembler les faits +changed: changéE +ok: ok +ignored: ignoré +failed: échoué +unreachable: injoignable +#### roles/.common +# roles/.common/tasks/main.yml +common-backports: Activer les backports +common-base-pkg: Installer les paquets de base +common-certbot-setup: Configurer certbot avec le mail de contact +common-users-gen: Générer les comptes des utilisateurices +common-peering: Mettre en place le peering avec les serveurs amis +common-additional-packages: Installer les paquets supplémentaires +common-roles: Appliquer les rôles définis dans la config +# roles/.common/tasks/packages.yml +common-package-managers: Exécuter les gestionnaires de paquets +# roles/.common/tasks/tor.yml +common-tor-create: Créer /etc/tor/onions pour la config Tor +common-tor-config: Charger les onions tor depuis /etc/tor/onions +# roles/.common/tasks/peering/main.yml +common-peering-home: Créer /home/peers +common-peering-remote: "Configurer le serveur pair {{ item.name }}" +# roles/.common/tasks/peering/setup_local.yml +common-peering-local-account: Créer un compte peer +common-peering-local-ln: Créer un lien symbolique vers le pair local +common-peering-local-genkey: Créer une clé SSH pour le compte peer +common-peering-local-confkey: Forcer SSH en ed25519 sur le compte peer +# roles/.common/tasks/peering/setup_peer.yml +common-peering-remote-account: "Créer un compte pour le serveur pair {{ item.name }}" +common-peering-remote-key: "Configurer la clé SSH autorisée pour {{ item.name }}" +common-peering-remote-known: "Déclarer la clé de {{ item.name }} sur le compte peer" +# roles/.common/tasks/users/main.yml +common-users-tor-reload: Redémarrer tor pour générer les nouveaux onions +common-users-tor-wait: Attendre que les onions soient générés +# roles/.common/tasks/users/setup_user.yml +common-users-setup-account: "Create account {{ item.name }}" +common-users-setup-sudo: "Give admin powers to {{ item.name }}" +common-users-setup-key: Authorize associated SSH key +common-users-setup-onion: Generate a personal onion +common-users-setup-irc: Welcome the user on IRC diff --git a/roles/.common/tasks/main.yml b/roles/.common/tasks/main.yml index 3e3b49b..961b44b 100644 --- a/roles/.common/tasks/main.yml +++ b/roles/.common/tasks/main.yml @@ -1,36 +1,37 @@ -- name: Activer les backports +- name: common-backports lineinfile: path: /etc/apt/sources.list.d/backports.list line: deb http://ftp.debian.org/debian buster-backports main contrib create: yes state: present -- name: Installer les paquets de base +- name: common-base-pkg apt: state: present name: [ certbot, tor, sudo ] update_cache: yes -- name: setup certbot with contact email +# TODO: configurable contact email from config.yml +- name: common-certbot-setup copy: src: ../files/letsencrypt_cli.ini dest: /etc/letsencrypt/cli.ini - include: tor.yml -- name: Générer les comptes utilisateurices +- name: common-users-gen include_tasks: users/main.yml when: users is defined -- name: Activer le peering +- name: common-peering include: peering/main.yml when: peers is defined -- name: Installer des paquets supplémentaires +- name: common-additional-packages include_tasks: packages.yml when: packages is defined -- name: Exécuter les rôles définis dans la config +- name: common-roles include_role: name: "{{ current_role }}" loop: "{{ roles }}" diff --git a/roles/.common/tasks/packages.yml b/roles/.common/tasks/packages.yml index a7c49fe..08674ef 100644 --- a/roles/.common/tasks/packages.yml +++ b/roles/.common/tasks/packages.yml @@ -1,7 +1,7 @@ # Quand packages est vide, on arrive pas ici # Les gestionnaires de paquets sont des rôles qui commencent par . -- name: Exécuter les gestionnaires de paquets +- name: common-package-managers include_role: # Chaque gestionnaire de paquets peut estimer que sa liste n'est pas vide name: ".{{ current_role.key }}" diff --git a/roles/.common/tasks/peering/main.yml b/roles/.common/tasks/peering/main.yml index 55c5ffb..02b5636 100644 --- a/roles/.common/tasks/peering/main.yml +++ b/roles/.common/tasks/peering/main.yml @@ -1,4 +1,4 @@ -- name: Créer le dossier /home/peers +- name: common-peering-home file: path: "/home/peers" state: directory @@ -10,6 +10,6 @@ - include: setup_local.yml when: ! local_peer.stat.exists -- name: Générer les comptes +- name: common-peering-remote include: setup_peer.yml loop: "{{ peers }}" diff --git a/roles/.common/tasks/peering/setup_local.yml b/roles/.common/tasks/peering/setup_local.yml index 0132ac4..afe6029 100644 --- a/roles/.common/tasks/peering/setup_local.yml +++ b/roles/.common/tasks/peering/setup_local.yml @@ -1,4 +1,4 @@ -- name: Créer un compte peer pour se connecter avec d'autres serveurs +- name: common-peering-local-account user: name: "peer" state: present @@ -9,7 +9,7 @@ home: "/home/peers/self" -- name: Créer un lien symbolique au hostname du serveur +- name: common-peering-local-ln file: src: /home/peers/self dest: "/home/peers/{{ hostname }}" @@ -21,14 +21,14 @@ group: peer state: directory -- name: Générer une clé SSH pour le compte peer +- name: common-peering-local-genkey become: yes become_user: peer command: creates: /home/peers/self/.ssh/id_ed25519.pub cmd: ssh-keygen -t ed25519 -f /home/peers/self/.ssh/id_ed25519 -N "" -- name: Configurer SSH en ed25519 depuis le compte peer +- name: common-peering-local-confkey copy: src: ../files/ssh_config dest: /home/peers/self/.ssh/config diff --git a/roles/.common/tasks/peering/setup_peer.yml b/roles/.common/tasks/peering/setup_peer.yml index 770f834..9cfd1c6 100644 --- a/roles/.common/tasks/peering/setup_peer.yml +++ b/roles/.common/tasks/peering/setup_peer.yml @@ -1,4 +1,4 @@ -- name: Créer un compte pour le serveur pair +- name: common-peering-remote-account user: name: "{{ item.name }}" state: present @@ -8,7 +8,7 @@ createhome: yes home: "/home/peers/{{ item.name }}" -- name: Configurer la clé autorisée pour le serveur pair +- name: common-peering-remote-key lineinfile: path: "/home/peers/{{ item.name }}/.ssh/authorized_keys" line: "{{ item.client_key }}" @@ -16,7 +16,8 @@ # TODO: dans authorized_keys pour restreindre le compte à SCP # no-port-forwarding,no-pty,command="scp source target" ssh-dss ... # TODO: chroot -- name: Configurer le known_hosts du compte peer pour le serveur pair + +- name: common-peering-remote-known lineinfile: path: /home/peers/self/.ssh/known_hosts create: yes diff --git a/roles/.common/tasks/tor.yml b/roles/.common/tasks/tor.yml index c86ea55..575d00e 100644 --- a/roles/.common/tasks/tor.yml +++ b/roles/.common/tasks/tor.yml @@ -1,4 +1,4 @@ -- name: On crée le dossier pour les onions +- name: common-tor-create file: path: /etc/tor/onions state: directory @@ -6,7 +6,7 @@ group: debian-tor mode: '0740' -- name: Tor charge les onions depuis /etc/tor/onions/ +- name: common-tor-config lineinfile: path: /etc/tor/torrc line: "%include /etc/tor/onions" diff --git a/roles/.common/tasks/users/main.yml b/roles/.common/tasks/users/main.yml index 9a99360..15c6084 100644 --- a/roles/.common/tasks/users/main.yml +++ b/roles/.common/tasks/users/main.yml @@ -7,13 +7,13 @@ register: onion_exists changed_when: not onion_exists.stat.exists -- name: Redémarrer le démon tor pour générer les onions +- name: common-users-tor-reload service: name: tor state: restarted when: onion_exists.changed -- name: Attendre que les onion perso soient générés +- name: common-users-tor-wait wait_for: path: "/var/lib/tor/{{ item.name }}/hostname" loop: "{{ users }}" diff --git a/roles/.common/tasks/users/setup_user.yml b/roles/.common/tasks/users/setup_user.yml index ccc269c..81c10f0 100644 --- a/roles/.common/tasks/users/setup_user.yml +++ b/roles/.common/tasks/users/setup_user.yml @@ -1,4 +1,4 @@ -- name: Créer le compte +- name: common-users-setup-account user: name: "{{ item.name }}" state: present @@ -9,24 +9,24 @@ home: "/home/{{ item.name }}" register: new_user -- name: Donner le pouvoir aux admins +- name: common-users-setup-sudo user: name: "{{ item.name }}" group: sudo when: item.sudo|default(false) == true -- name: Autoriser la clé SSH associée +- name: common-users-setup-key authorized_key: user: "{{ item.name }}" state: present key: "{{ item.key }}" -- name: Génerer un onion perso +- name: common-users-setup-onion template: src: ../../files/onion.conf.j2 dest: "/etc/tor/onions/{{ item.name }}.conf" -- name: Annoncer la bonne nouvelle sur IRC +- name: common-users-setup-irc irc: msg: "{{ irc_announce.msg | default('Bienvenue à ' ~ item.name ~ sur le serveur \\o/') }}" server: "{{ irc_announce.server | default('irc.tilde.chat') }}"