Début de traductions pour les playbooks!
This commit is contained in:
parent
7e00bbd393
commit
a7f2063641
|
@ -0,0 +1,44 @@
|
|||
task: Task
|
||||
handler: Handler
|
||||
SUMMARY: SUMMARY
|
||||
Gathering Facts: Gather facts
|
||||
changed: changed
|
||||
ok: ok
|
||||
ignored: ignored
|
||||
failed: failed
|
||||
unreachable: unreachable
|
||||
#### roles/.common
|
||||
# roles/.common/tasks/main.yml
|
||||
common-backports: Enable backports
|
||||
common-base-pkg: Install base packages
|
||||
common-certbot-setup: Configure certbot with the contact email
|
||||
common-users-gen: Generate user accounts
|
||||
common-peering: Setup peering with friendly servers
|
||||
common-additional-packages: Install additional packages
|
||||
common-roles: Apply roles defined in config
|
||||
# roles/.common/tasks/packages.yml
|
||||
common-package-managers: Start package managers
|
||||
# roles/.common/tasks/tor.yml
|
||||
common-tor-create: Create /etc/tor/onions/ for tor config
|
||||
common-tor-config: Load onions from /etc/tor/onions
|
||||
# roles/.common/tasks/peering/main.yml
|
||||
common-peering-home: Create /home/peers
|
||||
common-peering-remote: "Configure peer server {{ item.name }}"
|
||||
# roles/.common/tasks/peering/setup_local.yml
|
||||
common-peering-local-account: Create account peer
|
||||
common-peering-local-ln: Create symbolic link to the local peer
|
||||
common-peering-local-genkey: Generate SSH key for local peer
|
||||
common-peering-local-confkey: Force SSH as ed25519 for local peer
|
||||
# roles/.common/tasks/peering/setup_peer.yml
|
||||
common-peering-remote-account: "Create account for peer server {{ item.name }}"
|
||||
common-peering-remote-key: "Configure SSH key for peer {{ item.name }}"
|
||||
common-peering-remote-known: "Declare key for server {{ item.name }} on account peer"
|
||||
# roles/.common/tasks/users/main.yml
|
||||
common-users-tor-reload: Reload tor to generate new onions
|
||||
common-users-tor-wait: Wait for onions to be generated
|
||||
# roles/.common/tasks/users/setup_user.yml
|
||||
common-users-setup-account: "Create account {{ item.name }}"
|
||||
common-users-setup-sudo: "Give admin powers to {{ item.name }}"
|
||||
common-users-setup-key: Authorize associated SSH key
|
||||
common-users-setup-onion: Generate a personal onion
|
||||
common-users-setup-irc: Welcome the user on IRC
|
|
@ -0,0 +1,44 @@
|
|||
task: Tâche
|
||||
handler: Gestionnaire
|
||||
SUMMARY: RÉSUMÉ
|
||||
Gathering Facts: Rassembler les faits
|
||||
changed: changéE
|
||||
ok: ok
|
||||
ignored: ignoré
|
||||
failed: échoué
|
||||
unreachable: injoignable
|
||||
#### roles/.common
|
||||
# roles/.common/tasks/main.yml
|
||||
common-backports: Activer les backports
|
||||
common-base-pkg: Installer les paquets de base
|
||||
common-certbot-setup: Configurer certbot avec le mail de contact
|
||||
common-users-gen: Générer les comptes des utilisateurices
|
||||
common-peering: Mettre en place le peering avec les serveurs amis
|
||||
common-additional-packages: Installer les paquets supplémentaires
|
||||
common-roles: Appliquer les rôles définis dans la config
|
||||
# roles/.common/tasks/packages.yml
|
||||
common-package-managers: Exécuter les gestionnaires de paquets
|
||||
# roles/.common/tasks/tor.yml
|
||||
common-tor-create: Créer /etc/tor/onions pour la config Tor
|
||||
common-tor-config: Charger les onions tor depuis /etc/tor/onions
|
||||
# roles/.common/tasks/peering/main.yml
|
||||
common-peering-home: Créer /home/peers
|
||||
common-peering-remote: "Configurer le serveur pair {{ item.name }}"
|
||||
# roles/.common/tasks/peering/setup_local.yml
|
||||
common-peering-local-account: Créer un compte peer
|
||||
common-peering-local-ln: Créer un lien symbolique vers le pair local
|
||||
common-peering-local-genkey: Créer une clé SSH pour le compte peer
|
||||
common-peering-local-confkey: Forcer SSH en ed25519 sur le compte peer
|
||||
# roles/.common/tasks/peering/setup_peer.yml
|
||||
common-peering-remote-account: "Créer un compte pour le serveur pair {{ item.name }}"
|
||||
common-peering-remote-key: "Configurer la clé SSH autorisée pour {{ item.name }}"
|
||||
common-peering-remote-known: "Déclarer la clé de {{ item.name }} sur le compte peer"
|
||||
# roles/.common/tasks/users/main.yml
|
||||
common-users-tor-reload: Redémarrer tor pour générer les nouveaux onions
|
||||
common-users-tor-wait: Attendre que les onions soient générés
|
||||
# roles/.common/tasks/users/setup_user.yml
|
||||
common-users-setup-account: "Create account {{ item.name }}"
|
||||
common-users-setup-sudo: "Give admin powers to {{ item.name }}"
|
||||
common-users-setup-key: Authorize associated SSH key
|
||||
common-users-setup-onion: Generate a personal onion
|
||||
common-users-setup-irc: Welcome the user on IRC
|
|
@ -1,36 +1,37 @@
|
|||
- name: Activer les backports
|
||||
- name: common-backports
|
||||
lineinfile:
|
||||
path: /etc/apt/sources.list.d/backports.list
|
||||
line: deb http://ftp.debian.org/debian buster-backports main contrib
|
||||
create: yes
|
||||
state: present
|
||||
|
||||
- name: Installer les paquets de base
|
||||
- name: common-base-pkg
|
||||
apt:
|
||||
state: present
|
||||
name: [ certbot, tor, sudo ]
|
||||
update_cache: yes
|
||||
|
||||
- name: setup certbot with contact email
|
||||
# TODO: configurable contact email from config.yml
|
||||
- name: common-certbot-setup
|
||||
copy:
|
||||
src: ../files/letsencrypt_cli.ini
|
||||
dest: /etc/letsencrypt/cli.ini
|
||||
|
||||
- include: tor.yml
|
||||
|
||||
- name: Générer les comptes utilisateurices
|
||||
- name: common-users-gen
|
||||
include_tasks: users/main.yml
|
||||
when: users is defined
|
||||
|
||||
- name: Activer le peering
|
||||
- name: common-peering
|
||||
include: peering/main.yml
|
||||
when: peers is defined
|
||||
|
||||
- name: Installer des paquets supplémentaires
|
||||
- name: common-additional-packages
|
||||
include_tasks: packages.yml
|
||||
when: packages is defined
|
||||
|
||||
- name: Exécuter les rôles définis dans la config
|
||||
- name: common-roles
|
||||
include_role:
|
||||
name: "{{ current_role }}"
|
||||
loop: "{{ roles }}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Quand packages est vide, on arrive pas ici
|
||||
|
||||
# Les gestionnaires de paquets sont des rôles qui commencent par .
|
||||
- name: Exécuter les gestionnaires de paquets
|
||||
- name: common-package-managers
|
||||
include_role:
|
||||
# Chaque gestionnaire de paquets peut estimer que sa liste n'est pas vide
|
||||
name: ".{{ current_role.key }}"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: Créer le dossier /home/peers
|
||||
- name: common-peering-home
|
||||
file:
|
||||
path: "/home/peers"
|
||||
state: directory
|
||||
|
@ -10,6 +10,6 @@
|
|||
- include: setup_local.yml
|
||||
when: ! local_peer.stat.exists
|
||||
|
||||
- name: Générer les comptes
|
||||
- name: common-peering-remote
|
||||
include: setup_peer.yml
|
||||
loop: "{{ peers }}"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: Créer un compte peer pour se connecter avec d'autres serveurs
|
||||
- name: common-peering-local-account
|
||||
user:
|
||||
name: "peer"
|
||||
state: present
|
||||
|
@ -9,7 +9,7 @@
|
|||
home: "/home/peers/self"
|
||||
|
||||
|
||||
- name: Créer un lien symbolique au hostname du serveur
|
||||
- name: common-peering-local-ln
|
||||
file:
|
||||
src: /home/peers/self
|
||||
dest: "/home/peers/{{ hostname }}"
|
||||
|
@ -21,14 +21,14 @@
|
|||
group: peer
|
||||
state: directory
|
||||
|
||||
- name: Générer une clé SSH pour le compte peer
|
||||
- name: common-peering-local-genkey
|
||||
become: yes
|
||||
become_user: peer
|
||||
command:
|
||||
creates: /home/peers/self/.ssh/id_ed25519.pub
|
||||
cmd: ssh-keygen -t ed25519 -f /home/peers/self/.ssh/id_ed25519 -N ""
|
||||
|
||||
- name: Configurer SSH en ed25519 depuis le compte peer
|
||||
- name: common-peering-local-confkey
|
||||
copy:
|
||||
src: ../files/ssh_config
|
||||
dest: /home/peers/self/.ssh/config
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: Créer un compte pour le serveur pair
|
||||
- name: common-peering-remote-account
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
|
@ -8,7 +8,7 @@
|
|||
createhome: yes
|
||||
home: "/home/peers/{{ item.name }}"
|
||||
|
||||
- name: Configurer la clé autorisée pour le serveur pair
|
||||
- name: common-peering-remote-key
|
||||
lineinfile:
|
||||
path: "/home/peers/{{ item.name }}/.ssh/authorized_keys"
|
||||
line: "{{ item.client_key }}"
|
||||
|
@ -16,7 +16,8 @@
|
|||
# TODO: dans authorized_keys pour restreindre le compte à SCP
|
||||
# no-port-forwarding,no-pty,command="scp source target" ssh-dss ...
|
||||
# TODO: chroot
|
||||
- name: Configurer le known_hosts du compte peer pour le serveur pair
|
||||
|
||||
- name: common-peering-remote-known
|
||||
lineinfile:
|
||||
path: /home/peers/self/.ssh/known_hosts
|
||||
create: yes
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: On crée le dossier pour les onions
|
||||
- name: common-tor-create
|
||||
file:
|
||||
path: /etc/tor/onions
|
||||
state: directory
|
||||
|
@ -6,7 +6,7 @@
|
|||
group: debian-tor
|
||||
mode: '0740'
|
||||
|
||||
- name: Tor charge les onions depuis /etc/tor/onions/
|
||||
- name: common-tor-config
|
||||
lineinfile:
|
||||
path: /etc/tor/torrc
|
||||
line: "%include /etc/tor/onions"
|
||||
|
|
|
@ -7,13 +7,13 @@
|
|||
register: onion_exists
|
||||
changed_when: not onion_exists.stat.exists
|
||||
|
||||
- name: Redémarrer le démon tor pour générer les onions
|
||||
- name: common-users-tor-reload
|
||||
service:
|
||||
name: tor
|
||||
state: restarted
|
||||
when: onion_exists.changed
|
||||
|
||||
- name: Attendre que les onion perso soient générés
|
||||
- name: common-users-tor-wait
|
||||
wait_for:
|
||||
path: "/var/lib/tor/{{ item.name }}/hostname"
|
||||
loop: "{{ users }}"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
- name: Créer le compte
|
||||
- name: common-users-setup-account
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
|
@ -9,24 +9,24 @@
|
|||
home: "/home/{{ item.name }}"
|
||||
register: new_user
|
||||
|
||||
- name: Donner le pouvoir aux admins
|
||||
- name: common-users-setup-sudo
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
group: sudo
|
||||
when: item.sudo|default(false) == true
|
||||
|
||||
- name: Autoriser la clé SSH associée
|
||||
- name: common-users-setup-key
|
||||
authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
state: present
|
||||
key: "{{ item.key }}"
|
||||
|
||||
- name: Génerer un onion perso
|
||||
- name: common-users-setup-onion
|
||||
template:
|
||||
src: ../../files/onion.conf.j2
|
||||
dest: "/etc/tor/onions/{{ item.name }}.conf"
|
||||
|
||||
- name: Annoncer la bonne nouvelle sur IRC
|
||||
- name: common-users-setup-irc
|
||||
irc:
|
||||
msg: "{{ irc_announce.msg | default('Bienvenue à ' ~ item.name ~ sur le serveur \\o/') }}"
|
||||
server: "{{ irc_announce.server | default('irc.tilde.chat') }}"
|
||||
|
|
Loading…
Reference in New Issue