Début de traductions pour les playbooks!
This commit is contained in:
parent
7e00bbd393
commit
a7f2063641
|
@ -0,0 +1,44 @@
|
||||||
|
task: Task
|
||||||
|
handler: Handler
|
||||||
|
SUMMARY: SUMMARY
|
||||||
|
Gathering Facts: Gather facts
|
||||||
|
changed: changed
|
||||||
|
ok: ok
|
||||||
|
ignored: ignored
|
||||||
|
failed: failed
|
||||||
|
unreachable: unreachable
|
||||||
|
#### roles/.common
|
||||||
|
# roles/.common/tasks/main.yml
|
||||||
|
common-backports: Enable backports
|
||||||
|
common-base-pkg: Install base packages
|
||||||
|
common-certbot-setup: Configure certbot with the contact email
|
||||||
|
common-users-gen: Generate user accounts
|
||||||
|
common-peering: Setup peering with friendly servers
|
||||||
|
common-additional-packages: Install additional packages
|
||||||
|
common-roles: Apply roles defined in config
|
||||||
|
# roles/.common/tasks/packages.yml
|
||||||
|
common-package-managers: Start package managers
|
||||||
|
# roles/.common/tasks/tor.yml
|
||||||
|
common-tor-create: Create /etc/tor/onions/ for tor config
|
||||||
|
common-tor-config: Load onions from /etc/tor/onions
|
||||||
|
# roles/.common/tasks/peering/main.yml
|
||||||
|
common-peering-home: Create /home/peers
|
||||||
|
common-peering-remote: "Configure peer server {{ item.name }}"
|
||||||
|
# roles/.common/tasks/peering/setup_local.yml
|
||||||
|
common-peering-local-account: Create account peer
|
||||||
|
common-peering-local-ln: Create symbolic link to the local peer
|
||||||
|
common-peering-local-genkey: Generate SSH key for local peer
|
||||||
|
common-peering-local-confkey: Force SSH as ed25519 for local peer
|
||||||
|
# roles/.common/tasks/peering/setup_peer.yml
|
||||||
|
common-peering-remote-account: "Create account for peer server {{ item.name }}"
|
||||||
|
common-peering-remote-key: "Configure SSH key for peer {{ item.name }}"
|
||||||
|
common-peering-remote-known: "Declare key for server {{ item.name }} on account peer"
|
||||||
|
# roles/.common/tasks/users/main.yml
|
||||||
|
common-users-tor-reload: Reload tor to generate new onions
|
||||||
|
common-users-tor-wait: Wait for onions to be generated
|
||||||
|
# roles/.common/tasks/users/setup_user.yml
|
||||||
|
common-users-setup-account: "Create account {{ item.name }}"
|
||||||
|
common-users-setup-sudo: "Give admin powers to {{ item.name }}"
|
||||||
|
common-users-setup-key: Authorize associated SSH key
|
||||||
|
common-users-setup-onion: Generate a personal onion
|
||||||
|
common-users-setup-irc: Welcome the user on IRC
|
|
@ -0,0 +1,44 @@
|
||||||
|
task: Tâche
|
||||||
|
handler: Gestionnaire
|
||||||
|
SUMMARY: RÉSUMÉ
|
||||||
|
Gathering Facts: Rassembler les faits
|
||||||
|
changed: changéE
|
||||||
|
ok: ok
|
||||||
|
ignored: ignoré
|
||||||
|
failed: échoué
|
||||||
|
unreachable: injoignable
|
||||||
|
#### roles/.common
|
||||||
|
# roles/.common/tasks/main.yml
|
||||||
|
common-backports: Activer les backports
|
||||||
|
common-base-pkg: Installer les paquets de base
|
||||||
|
common-certbot-setup: Configurer certbot avec le mail de contact
|
||||||
|
common-users-gen: Générer les comptes des utilisateurices
|
||||||
|
common-peering: Mettre en place le peering avec les serveurs amis
|
||||||
|
common-additional-packages: Installer les paquets supplémentaires
|
||||||
|
common-roles: Appliquer les rôles définis dans la config
|
||||||
|
# roles/.common/tasks/packages.yml
|
||||||
|
common-package-managers: Exécuter les gestionnaires de paquets
|
||||||
|
# roles/.common/tasks/tor.yml
|
||||||
|
common-tor-create: Créer /etc/tor/onions pour la config Tor
|
||||||
|
common-tor-config: Charger les onions tor depuis /etc/tor/onions
|
||||||
|
# roles/.common/tasks/peering/main.yml
|
||||||
|
common-peering-home: Créer /home/peers
|
||||||
|
common-peering-remote: "Configurer le serveur pair {{ item.name }}"
|
||||||
|
# roles/.common/tasks/peering/setup_local.yml
|
||||||
|
common-peering-local-account: Créer un compte peer
|
||||||
|
common-peering-local-ln: Créer un lien symbolique vers le pair local
|
||||||
|
common-peering-local-genkey: Créer une clé SSH pour le compte peer
|
||||||
|
common-peering-local-confkey: Forcer SSH en ed25519 sur le compte peer
|
||||||
|
# roles/.common/tasks/peering/setup_peer.yml
|
||||||
|
common-peering-remote-account: "Créer un compte pour le serveur pair {{ item.name }}"
|
||||||
|
common-peering-remote-key: "Configurer la clé SSH autorisée pour {{ item.name }}"
|
||||||
|
common-peering-remote-known: "Déclarer la clé de {{ item.name }} sur le compte peer"
|
||||||
|
# roles/.common/tasks/users/main.yml
|
||||||
|
common-users-tor-reload: Redémarrer tor pour générer les nouveaux onions
|
||||||
|
common-users-tor-wait: Attendre que les onions soient générés
|
||||||
|
# roles/.common/tasks/users/setup_user.yml
|
||||||
|
common-users-setup-account: "Create account {{ item.name }}"
|
||||||
|
common-users-setup-sudo: "Give admin powers to {{ item.name }}"
|
||||||
|
common-users-setup-key: Authorize associated SSH key
|
||||||
|
common-users-setup-onion: Generate a personal onion
|
||||||
|
common-users-setup-irc: Welcome the user on IRC
|
|
@ -1,36 +1,37 @@
|
||||||
- name: Activer les backports
|
- name: common-backports
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/apt/sources.list.d/backports.list
|
path: /etc/apt/sources.list.d/backports.list
|
||||||
line: deb http://ftp.debian.org/debian buster-backports main contrib
|
line: deb http://ftp.debian.org/debian buster-backports main contrib
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Installer les paquets de base
|
- name: common-base-pkg
|
||||||
apt:
|
apt:
|
||||||
state: present
|
state: present
|
||||||
name: [ certbot, tor, sudo ]
|
name: [ certbot, tor, sudo ]
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: setup certbot with contact email
|
# TODO: configurable contact email from config.yml
|
||||||
|
- name: common-certbot-setup
|
||||||
copy:
|
copy:
|
||||||
src: ../files/letsencrypt_cli.ini
|
src: ../files/letsencrypt_cli.ini
|
||||||
dest: /etc/letsencrypt/cli.ini
|
dest: /etc/letsencrypt/cli.ini
|
||||||
|
|
||||||
- include: tor.yml
|
- include: tor.yml
|
||||||
|
|
||||||
- name: Générer les comptes utilisateurices
|
- name: common-users-gen
|
||||||
include_tasks: users/main.yml
|
include_tasks: users/main.yml
|
||||||
when: users is defined
|
when: users is defined
|
||||||
|
|
||||||
- name: Activer le peering
|
- name: common-peering
|
||||||
include: peering/main.yml
|
include: peering/main.yml
|
||||||
when: peers is defined
|
when: peers is defined
|
||||||
|
|
||||||
- name: Installer des paquets supplémentaires
|
- name: common-additional-packages
|
||||||
include_tasks: packages.yml
|
include_tasks: packages.yml
|
||||||
when: packages is defined
|
when: packages is defined
|
||||||
|
|
||||||
- name: Exécuter les rôles définis dans la config
|
- name: common-roles
|
||||||
include_role:
|
include_role:
|
||||||
name: "{{ current_role }}"
|
name: "{{ current_role }}"
|
||||||
loop: "{{ roles }}"
|
loop: "{{ roles }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Quand packages est vide, on arrive pas ici
|
# Quand packages est vide, on arrive pas ici
|
||||||
|
|
||||||
# Les gestionnaires de paquets sont des rôles qui commencent par .
|
# Les gestionnaires de paquets sont des rôles qui commencent par .
|
||||||
- name: Exécuter les gestionnaires de paquets
|
- name: common-package-managers
|
||||||
include_role:
|
include_role:
|
||||||
# Chaque gestionnaire de paquets peut estimer que sa liste n'est pas vide
|
# Chaque gestionnaire de paquets peut estimer que sa liste n'est pas vide
|
||||||
name: ".{{ current_role.key }}"
|
name: ".{{ current_role.key }}"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
- name: Créer le dossier /home/peers
|
- name: common-peering-home
|
||||||
file:
|
file:
|
||||||
path: "/home/peers"
|
path: "/home/peers"
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -10,6 +10,6 @@
|
||||||
- include: setup_local.yml
|
- include: setup_local.yml
|
||||||
when: ! local_peer.stat.exists
|
when: ! local_peer.stat.exists
|
||||||
|
|
||||||
- name: Générer les comptes
|
- name: common-peering-remote
|
||||||
include: setup_peer.yml
|
include: setup_peer.yml
|
||||||
loop: "{{ peers }}"
|
loop: "{{ peers }}"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
- name: Créer un compte peer pour se connecter avec d'autres serveurs
|
- name: common-peering-local-account
|
||||||
user:
|
user:
|
||||||
name: "peer"
|
name: "peer"
|
||||||
state: present
|
state: present
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
home: "/home/peers/self"
|
home: "/home/peers/self"
|
||||||
|
|
||||||
|
|
||||||
- name: Créer un lien symbolique au hostname du serveur
|
- name: common-peering-local-ln
|
||||||
file:
|
file:
|
||||||
src: /home/peers/self
|
src: /home/peers/self
|
||||||
dest: "/home/peers/{{ hostname }}"
|
dest: "/home/peers/{{ hostname }}"
|
||||||
|
@ -21,14 +21,14 @@
|
||||||
group: peer
|
group: peer
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Générer une clé SSH pour le compte peer
|
- name: common-peering-local-genkey
|
||||||
become: yes
|
become: yes
|
||||||
become_user: peer
|
become_user: peer
|
||||||
command:
|
command:
|
||||||
creates: /home/peers/self/.ssh/id_ed25519.pub
|
creates: /home/peers/self/.ssh/id_ed25519.pub
|
||||||
cmd: ssh-keygen -t ed25519 -f /home/peers/self/.ssh/id_ed25519 -N ""
|
cmd: ssh-keygen -t ed25519 -f /home/peers/self/.ssh/id_ed25519 -N ""
|
||||||
|
|
||||||
- name: Configurer SSH en ed25519 depuis le compte peer
|
- name: common-peering-local-confkey
|
||||||
copy:
|
copy:
|
||||||
src: ../files/ssh_config
|
src: ../files/ssh_config
|
||||||
dest: /home/peers/self/.ssh/config
|
dest: /home/peers/self/.ssh/config
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
- name: Créer un compte pour le serveur pair
|
- name: common-peering-remote-account
|
||||||
user:
|
user:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
createhome: yes
|
createhome: yes
|
||||||
home: "/home/peers/{{ item.name }}"
|
home: "/home/peers/{{ item.name }}"
|
||||||
|
|
||||||
- name: Configurer la clé autorisée pour le serveur pair
|
- name: common-peering-remote-key
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "/home/peers/{{ item.name }}/.ssh/authorized_keys"
|
path: "/home/peers/{{ item.name }}/.ssh/authorized_keys"
|
||||||
line: "{{ item.client_key }}"
|
line: "{{ item.client_key }}"
|
||||||
|
@ -16,7 +16,8 @@
|
||||||
# TODO: dans authorized_keys pour restreindre le compte à SCP
|
# TODO: dans authorized_keys pour restreindre le compte à SCP
|
||||||
# no-port-forwarding,no-pty,command="scp source target" ssh-dss ...
|
# no-port-forwarding,no-pty,command="scp source target" ssh-dss ...
|
||||||
# TODO: chroot
|
# TODO: chroot
|
||||||
- name: Configurer le known_hosts du compte peer pour le serveur pair
|
|
||||||
|
- name: common-peering-remote-known
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /home/peers/self/.ssh/known_hosts
|
path: /home/peers/self/.ssh/known_hosts
|
||||||
create: yes
|
create: yes
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
- name: On crée le dossier pour les onions
|
- name: common-tor-create
|
||||||
file:
|
file:
|
||||||
path: /etc/tor/onions
|
path: /etc/tor/onions
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -6,7 +6,7 @@
|
||||||
group: debian-tor
|
group: debian-tor
|
||||||
mode: '0740'
|
mode: '0740'
|
||||||
|
|
||||||
- name: Tor charge les onions depuis /etc/tor/onions/
|
- name: common-tor-config
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/tor/torrc
|
path: /etc/tor/torrc
|
||||||
line: "%include /etc/tor/onions"
|
line: "%include /etc/tor/onions"
|
||||||
|
|
|
@ -7,13 +7,13 @@
|
||||||
register: onion_exists
|
register: onion_exists
|
||||||
changed_when: not onion_exists.stat.exists
|
changed_when: not onion_exists.stat.exists
|
||||||
|
|
||||||
- name: Redémarrer le démon tor pour générer les onions
|
- name: common-users-tor-reload
|
||||||
service:
|
service:
|
||||||
name: tor
|
name: tor
|
||||||
state: restarted
|
state: restarted
|
||||||
when: onion_exists.changed
|
when: onion_exists.changed
|
||||||
|
|
||||||
- name: Attendre que les onion perso soient générés
|
- name: common-users-tor-wait
|
||||||
wait_for:
|
wait_for:
|
||||||
path: "/var/lib/tor/{{ item.name }}/hostname"
|
path: "/var/lib/tor/{{ item.name }}/hostname"
|
||||||
loop: "{{ users }}"
|
loop: "{{ users }}"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
- name: Créer le compte
|
- name: common-users-setup-account
|
||||||
user:
|
user:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -9,24 +9,24 @@
|
||||||
home: "/home/{{ item.name }}"
|
home: "/home/{{ item.name }}"
|
||||||
register: new_user
|
register: new_user
|
||||||
|
|
||||||
- name: Donner le pouvoir aux admins
|
- name: common-users-setup-sudo
|
||||||
user:
|
user:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
group: sudo
|
group: sudo
|
||||||
when: item.sudo|default(false) == true
|
when: item.sudo|default(false) == true
|
||||||
|
|
||||||
- name: Autoriser la clé SSH associée
|
- name: common-users-setup-key
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ item.name }}"
|
user: "{{ item.name }}"
|
||||||
state: present
|
state: present
|
||||||
key: "{{ item.key }}"
|
key: "{{ item.key }}"
|
||||||
|
|
||||||
- name: Génerer un onion perso
|
- name: common-users-setup-onion
|
||||||
template:
|
template:
|
||||||
src: ../../files/onion.conf.j2
|
src: ../../files/onion.conf.j2
|
||||||
dest: "/etc/tor/onions/{{ item.name }}.conf"
|
dest: "/etc/tor/onions/{{ item.name }}.conf"
|
||||||
|
|
||||||
- name: Annoncer la bonne nouvelle sur IRC
|
- name: common-users-setup-irc
|
||||||
irc:
|
irc:
|
||||||
msg: "{{ irc_announce.msg | default('Bienvenue à ' ~ item.name ~ sur le serveur \\o/') }}"
|
msg: "{{ irc_announce.msg | default('Bienvenue à ' ~ item.name ~ sur le serveur \\o/') }}"
|
||||||
server: "{{ irc_announce.server | default('irc.tilde.chat') }}"
|
server: "{{ irc_announce.server | default('irc.tilde.chat') }}"
|
||||||
|
|
Loading…
Reference in New Issue