diff --git a/.gitignore b/.gitignore index a251ac0..d7bc71a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ backup/ scaleway/ .vagrant/ ressources -SecLists/ \ No newline at end of file +SecLists/ +scan/ \ No newline at end of file diff --git a/backup.yml b/backup.yml index fe389d8..5ea6d2d 100644 --- a/backup.yml +++ b/backup.yml @@ -78,7 +78,7 @@ - /opt/dockerapps/appdata/bind/config/named.conf - /opt/dockerapps/appdata/bind/records/example.com.zone - /opt/dockerapps/appdata/bind/records/jingoh.private.zone - # crowdsec + #! crowdsec - /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml - /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml - /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile diff --git a/host_vars/ovh01.yml b/host_vars/ovh01.yml index 616c551..182e94f 100644 --- a/host_vars/ovh01.yml +++ b/host_vars/ovh01.yml @@ -1,130 +1,6 @@ -# --- +--- -# #* DOCKER -# docker_install_compose: true -# pip_executable: pip3 - -# #*PIP -# pip_install_packages: -# - docker-compose - -# #* SSH -# #ssh_listen_to: "{{ host_private_address }}" - -# #* USERS - -# management_user_list: -# - name: admin -# shell: '/bin/bash' -# authorized_keys: -# - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" -# exclusive: yes -# sudo: -# hosts: ALL -# as: ALL -# commands: ALL -# nopasswd: ALL - -# #* FIREWALL - -# firewall_allowed_tcp_ports: -# - "22" -# - "80" -# - "443" -# - "9100" -# - "9090" -# - "3000" -# - "9323" - -# #* NETBIRD - -# netbird_setup_key: F234BD1F-385B-4BEA-8234-608CCB1062ED -# netbird_register: true - -# #* TLS - -# node_exporter_tls_server_config: -# cert_file: /etc/node_exporter/tls.cert -# key_file: /etc/node_exporter/tls.key - -# #* NODE_EXPORTER - -# # node_exporter_basic_auth_users: -# # randomuser: examplepassword -# node_exporter_web_listen_address: "{{ host_private_address }}:9100" - -# #* PROMETHEUS - -# prometheus_web_listen_address: "{{ host_private_address }}:9090" -# prometheus_scrape_configs: -# - job_name: "prometheus" # Custom scrape job, here using `static_config` -# metrics_path: "/metrics" -# static_configs: -# - targets: -# - "{{ host_private_address }}:9090" -# - job_name: "node1" -# scheme: https # Custom scrape job, here using `static_config` -# metrics_path: "/metrics" -# tls_config: -# ca_file: "{{ node_exporter_tls_server_config.cert_file }}" -# static_configs: -# - targets: -# - "{{ ansible_hostname }}.netbird.cloud:9100" -# - job_name: "node2" -# scheme: https # Custom scrape job, here using `static_config` -# metrics_path: "/metrics" -# tls_config: -# ca_file: "/etc/node_exporter/tls_scaleway.cert" -# static_configs: -# - targets: -# - "scaleway.netbird.cloud:9100" -# # - "{{ host_private_address }}:9100" -# - job_name: "git" -# scheme: https # Custom scrape job, here using `static_config` -# metrics_path: "/metrics" -# static_configs: -# - targets: -# - "gitea.jingoh.fr" -# - job_name: "publicservicediscovery" -# metrics_path: "/metrics" -# basic_auth: -# username: 'jingohtraf' -# password: 'FSzmSLr#6i9M#d' -# scheme: https -# file_sd_configs: -# - files: -# - "{{ prometheus_config_dir }}/file_sd/node.yml" # This line loads file created from `prometheus_targets` -# prometheus_targets: -# node: # This is a base file name. File is located in "{{ prometheus_config_dir }}/file_sd/<>.yml" -# - targets: # -# - "traefik.jingoh.fr" - -# #* GRAFANA - -# grafana_address: "{{ host_private_address }}" -# install_grafana__protocol: "https" -# install_grafana__http_addr: "{{ host_private_address }}" -# install_grafana__domain: "{{ ansible_hostname }}.netbird.cloud" -# inv_install_grafana__cert_file: "{{ node_exporter_tls_server_config.cert_file }}" -# inv_install_grafana__cert_key: "{{ node_exporter_tls_server_config.key_file }}" - -# # ########## -# # # CHISEL # -# # ########## - -# # chisel_server: false -# # chisel_client_server_url: "{{ chisel_server_host }}:8080" -# # chisel_client_remotes: "R:{{ chisel_server_host }}:socks" -# # chisel_service_name: chisel-client -# # chisel_config_name: chisel-client - -# # chisel_conf: -# # # chisel enable auth and finder -# # - path: "/etc/chisel/{{ chisel_config_name }}.conf" -# # regexp: "^AUTH=--auth {{ chisel_client_auth_username }}:{{ chisel_client_auth_password }}" -# # state: present -# # line: "AUTH=--auth {{ chisel_client_auth_username }}:{{ chisel_client_auth_password }}" -# # - path: "/etc/chisel/{{ chisel_config_name }}.conf" -# # regexp: "^FINGERPRINT=--fingerprint {{ chisel_client_server_fingerprint }}" -# # state: present -# # line: "FINGERPRINT=--fingerprint {{ hostvars[groups['server'][0]].chisel_fingerprint[4]|default('') }}" +docker_swarm_addr: 100.96.125.190 +docker_swarm_interface: wt0 +pip_install_packages: + - docker \ No newline at end of file diff --git a/host_vars/scale01.yml b/host_vars/scale01.yml new file mode 100644 index 0000000..67e652e --- /dev/null +++ b/host_vars/scale01.yml @@ -0,0 +1,6 @@ +--- + +docker_swarm_addr: 100.96.212.100 +docker_swarm_interface: wt0 +pip_install_packages: + - docker \ No newline at end of file diff --git a/host_vars/ubuntu-worker.yml b/host_vars/ubuntu-worker.yml deleted file mode 100644 index 8b8f02f..0000000 --- a/host_vars/ubuntu-worker.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -kubernetes_version: 1.28 -kubernetes_role: node - -kubernetes_alias_bashrc: - - path: "/root/.bashrc" - regexp: "^source /usr/share/bash-completion/bash_completion" - state: present - line: "source /usr/share/bash-completion/bash_completion" - - path: "/root/.bashrc" - regexp: "^source /etc/bash_completion" - state: present - line: "source /etc/bash_completion" - - path: "/root/.bashrc" - regexp: "^source <(kubectl completion bash)" - state: present - line: "source <(kubectl completion bash)" - - path: "/root/.bashrc" - regexp: "^alias k=kubectl" - state: present - line: "alias k=kubectl" - - path: "/root/.bashrc" - regexp: "^complete -F __start_kubectl k" - state: present - line: "complete -F __start_kubectl k" \ No newline at end of file diff --git a/host_vars/ubuntu.yml b/host_vars/ubuntu.yml deleted file mode 100644 index a85aea1..0000000 --- a/host_vars/ubuntu.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- - -# elasticstack_ca_pass: setuppassword -elasticsearch_api_host: 192.168.0.26 -elasticsearch_http_publish_host: 192.168.0.26 -elasticsearch_network_host: 192.168.0.26 -elasticsearch_ssl_verification_mode: none -# logstash_elasticsearch: 192.168.0.26 - -#* USERS - -management_user_list: - - name: admin - shell: '/bin/bash' - authorized_keys: - - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" - exclusive: yes - sudo: - hosts: ALL - as: ALL - commands: ALL - nopasswd: ALL - -#* FIREWALL - -firewall_allowed_tcp_ports: - - "22" - - "80" - - "443" - - "9100" - - "9090" - - "3000" - -#* NETBIRD - -netbird_setup_key: F234BD1F-385B-4BEA-8234-608CCB1062ED -netbird_register: true - -#* TLS - -node_exporter_tls_server_config: - cert_file: /etc/node_exporter/tls.cert - key_file: /etc/node_exporter/tls.key - -#* NODE_EXPORTER - -# node_exporter_basic_auth_users: -# randomuser: examplepassword -node_exporter_web_listen_address: "{{ host_private_address }}:9100" - -#* PROMETHEUS - -prometheus_web_listen_address: "{{ host_private_address }}:9090" -prometheus_scrape_configs: - - job_name: "prometheus" # Custom scrape job, here using `static_config` - metrics_path: "/metrics" - static_configs: - - targets: - - "{{ host_private_address }}:9090" - - job_name: "node1" - scheme: https # Custom scrape job, here using `static_config` - metrics_path: "/metrics" - tls_config: - ca_file: "{{ node_exporter_tls_server_config.cert_file }}" - static_configs: - - targets: - - "{{ ansible_hostname }}.netbird.cloud:9100" - # - "{{ host_private_address }}:9100" - - job_name: "git" - scheme: https # Custom scrape job, here using `static_config` - metrics_path: "/metrics" - static_configs: - - targets: - - "gitea.jingoh.fr" - - job_name: "publicservicediscovery" - metrics_path: "/metrics" - basic_auth: - username: 'jingohtraf' - password: 'FSzmSLr#6i9M#d' - scheme: https - file_sd_configs: - - files: - - "{{ prometheus_config_dir }}/file_sd/node.yml" # This line loads file created from `prometheus_targets` -prometheus_targets: - node: # This is a base file name. File is located in "{{ prometheus_config_dir }}/file_sd/<>.yml" - - targets: # - - "traefik.jingoh.fr" - -#* GRAFANA - -grafana_address: "{{ host_private_address }}" -install_grafana__protocol: "https" -install_grafana__http_addr: "{{ host_private_address }}" -install_grafana__domain: "{{ ansible_hostname }}.netbird.cloud" -inv_install_grafana__cert_file: "{{ node_exporter_tls_server_config.cert_file }}" -inv_install_grafana__cert_key: "{{ node_exporter_tls_server_config.key_file }}" \ No newline at end of file diff --git a/host_vars/v1.yml b/host_vars/v1.yml new file mode 100644 index 0000000..086419f --- /dev/null +++ b/host_vars/v1.yml @@ -0,0 +1,6 @@ +--- + +docker_swarm_addr: 192.168.56.4 +docker_swarm_interface: eth1 +pip_install_packages: + - docker \ No newline at end of file diff --git a/host_vars/v2.yml b/host_vars/v2.yml new file mode 100644 index 0000000..18e995a --- /dev/null +++ b/host_vars/v2.yml @@ -0,0 +1,5 @@ +--- +docker_swarm_addr: 192.168.56.40 +docker_swarm_interface: eth1 +pip_install_packages: + - docker \ No newline at end of file diff --git a/host_vars/vagrant.yml b/host_vars/vagrant.yml deleted file mode 100644 index 16c3df1..0000000 --- a/host_vars/vagrant.yml +++ /dev/null @@ -1,316 +0,0 @@ -docker_install_compose: false -# kubernetes_config_kubelet_configuration: -# cgroupDriver: systemd - -kubernetes_version: 1.28 -kubernetes_apiserver_advertise_address: 192.168.33.10 -kubernetes_load_balancer_public_ip: 192.168.33.11 -kubernetes_pod_network: - # Flannel CNI. - cni: 'flannel' - cidr: '10.244.0.0/16' - -# containerd_config_systemd: true -# containerd_config_disabled_cgroups: true - - -# kubernetes_ignore_preflight_errors: null -# kubernetes_kubeadm_init_extra_opts: -# - "--pod-network-cidr=10.244.0.0/16" -# - "--control-plane-endpoint=192.168.33.10" - -# kubernetes_namespaces: -# - apiVersion: v1 -# kind: Namespace -# metadata: -# name: argocd - -# kubernetes_namespace: toto - -kubernetes_argocd_objects: - - namespace: argocd - kind: Secret - definition: - - apiVersion: v1 - data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsVENDQTMwQ0ZHZ1grMjdlSkJObVRVVDhUcjRsZEdUR0l4SzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0cKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTgpNQXNHQTFVRUNnd0VWRVZUVkRFTk1Bc0dBMVVFQ3d3RVZFVlRWREViTUJrR0ExVUVBd3dTWVhKbmIyTmtMblJ5CllXVm1hV3N1Ym1WME1Sc3dHUVlKS29aSWh2Y05BUWtCRmd4dWIyTkFkR1Z6ZEM1amIyMHdIaGNOTWpNd09ETXcKTVRVek9UUXpXaGNOTWpNd09USTVNVFV6T1RReldqQ0JoakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTQpCa1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeERUQUxCZ05WQkFvTUJGUkZVMVF4RFRBTEJnTlZCQXNNCkJGUkZVMVF4R3pBWkJnTlZCQU1NRW1GeVoyOWpaQzUwY21GbFptbHJMbTVsZERFYk1Ca0dDU3FHU0liM0RRRUoKQVJZTWJtOWpRSFJsYzNRdVkyOXRNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQQozcVhnNU1JM1Q4OGNiKzRHem9ENmI4eUs4YnplVlh5ZmUwcDVGcjBNbFlOSjNqai9GbXE1dzZ4akZTcUo0NTR3CnRSWkJUSEFIUnNTNlJFZHFSay8xdGNyV2s1ZStNbHhqamtqd3pXOS9kNW5CRER4MWRkL0VPVDA2MTY4RlorWkwKeGNseDFSVlN3L3Q3UmxlQTFJYTF5dmZRcnJXV2V0Qm9BQXZaeG1YVmtTK0tjUTl0ZXRudnFDUUJ2eDJVdTgxUgpaME9SeTN1U3doTUlRUlh5NzdvanM4MEN1ZjlQU0ZzRmUrUnZjQU5tVDlqZjNwYy9LNjRsME5WK0VqU3Biekp6ClFRL1BxdHR2NUFtck1JNFNEcGs4VWtKY3hHY09ZZ3BBV2hOK3Nzc0lHSnFBYlQyWjVWTExhdnp3STBsZlEweUgKMWtmQ2FqZ1FrTW5nOG51aTAxMzdGRkZmVjVPVGZkMTh2T2wxTlRIOVc2Q1d6eW5abXc5VGxBdVF1YWl1dFRtTwptU2VmOW9hbElhc2RnZVQ2WUprMzRuRWQwSEhJcFZFcWlhUHZXZlVzSlJHbldTWWRTWWd1UklFaDhTbDFJVy9PCldKUmNua2VrZmJxaTRCZ2pYR295TTJnQTBCWDNRcHVSOXMvZUdrWnVrWW8vQmRnczNORFB0OEYwYWFvemlYVEcKU2pXQVpOU3VKRHhwdWJ6WFNVMWtpa2pQUDM5aXJrOXVOZzlBbkZNUzNzak1CZEVyZmdybld6RE5SNzF0K0lLQgo1RTRrYklPdGlVbXp4MlFzVGdQNkhXTFJQd0pjT0pXWVVkYXBKTFJJb2J1VTUrdWhwaU9tSk9rK20wUnkzdnJVCkk5VXNhUGc2YndWWWNseWFzR3Q1eXJTRFRmenQxRTBvc1FTcldxTllzejhDQXdFQUFUQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBZ0VBcWNPNVA5YStwZnZ4VXZXS1N0ZVduYXIzVVhUQzlQa3JYTW8zYzFZNWdSUmJSZTUzOTUwbApEYVZYQ1UxR25FN3ZoQndtTUdycmFZOXFJRlZRZUNvRDBBd05HZURnL2s2QkJqWXNCZ2k3eVhyUnhBVnFyY3BNCjMrb2tvTzR6a29JVnNLSUVwSG1nVzJIckFUSjBBMWRxazZSUENXZ2RPY0JqZUhocldXZWNDeHpvSk5TdkNhd1cKZmpsNkg5c2NKT3lZS01za3lYTldBb2xQTkxkTHpsL3hDTFVPdTZUREYySGdHSWpHZmdIbW9kYUpuVUJYNXU1QwpTaGxOd1Z2U2pMWUY3QTVEWlF6aHBzTzgyZGVMZVFPeGxwZ2hUcFE1UC95MU5PWXJ0dDAxeVZBTkFnRFgySkVXCjRVK1k5VERoVGVWM3VMRmU0OHpEazBtTms5WDRWb0NyQWhOVnJMNmFxN2pMWUtuNCtjUWFlMWFiaXhaMVVKUkgKVDJDV0dybnUrRTN4R09GdWNlSytCT2NJRGNZRjVVcFdMYTFVOUxUTXRKMFN2bkh4dnAxZHgyKzN4VzdVS2RURApOc0xzcG4wSXRiUzR1aFRvZEdpQUZUSEMxMTZlUE5OT2RXNjlDVGVGa2dQaVJRcFcwY0VGZ1NVc0ZDcGFFbUpECnp1YUVYeWN1SE8zVGJsTCtIUFoxcEQ5U0FyZHFRMlR4Z2V6MW55eHM5MERuTldDcjl3QjhWRE53S084ekVzNzIKYVNJTFE1Ym0zeVFEanI5QVVFUVFpSWNscUJlcTVGTW9aNFpFOC9TTFlLdmJMR3hZY3d2ckxuNTZJVFBCdmxUcApVamdkYXFBR2NtUDV1azlPRStQdjJiTmJldEFGTUZUZG0wQ1pqUEcvMjB3dHNhUjRDRzB2MVFjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRGVwZURrd2pkUHp4eHYKN2diT2dQcHZ6SXJ4dk41VmZKOTdTbmtXdlF5VmcwbmVPUDhXYXJuRHJHTVZLb25qbmpDMUZrRk1jQWRHeExwRQpSMnBHVC9XMXl0YVRsNzR5WEdPT1NQRE5iMzkzbWNFTVBIVjEzOFE1UFRyWHJ3Vm41a3ZGeVhIVkZWTEQrM3RHClY0RFVoclhLOTlDdXRaWjYwR2dBQzluR1pkV1JMNHB4RDIxNjJlK29KQUcvSFpTN3pWRm5RNUhMZTVMQ0V3aEIKRmZMdnVpT3p6UUs1LzA5SVd3Vjc1Rzl3QTJaUDJOL2VsejhycmlYUTFYNFNOS2x2TW5OQkQ4K3EyMi9rQ2FzdwpqaElPbVR4U1FsekVadzVpQ2tCYUUzNnl5d2dZbW9CdFBabmxVc3RxL1BBalNWOURUSWZXUjhKcU9CQ1F5ZUR5CmU2TFRYZnNVVVY5WGs1TjkzWHk4NlhVMU1mMWJvSmJQS2RtYkQxT1VDNUM1cUs2MU9ZNlpKNS8yaHFVaHF4MkIKNVBwZ21UZmljUjNRY2NpbFVTcUpvKzlaOVN3bEVhZFpKaDFKaUM1RWdTSHhLWFVoYjg1WWxGeWVSNlI5dXFMZwpHQ05jYWpJemFBRFFGZmRDbTVIMno5NGFSbTZSaWo4RjJDemMwTSszd1hScHFqT0pkTVpLTllCazFLNGtQR201CnZOZEpUV1NLU004L2YyS3VUMjQyRDBDY1V4TGV5TXdGMFN0K0N1ZGJNTTFIdlczNGdvSGtUaVJzZzYySlNiUEgKWkN4T0Evb2RZdEUvQWx3NGxaaFIxcWtrdEVpaHU1VG42NkdtSTZZazZUNmJSSExlK3RRajFTeG8rRHB2QlZoeQpYSnF3YTNuS3RJTk4vTzNVVFNpeEJLdGFvMWl6UHdJREFRQUJBb0lDQVFDWWYxVkNXaVE0YmNzMGZ2djZoUzBEClZqMzB4VUFqblhBK3FndTJIMVozTWExdW4rdFlGMUdWVElXeEFhbmdWWUZYQng5Q2s1am9SK2FzeloxaysyOTQKVEs0YitWczBjME5kT1doMXpXQ3BNbzZmS3VucENwTUVBWVJFSm9TMVhXK1kwUmsrc1pRMjJCRGZaUi9BY1dRaQoyUW4rSURJcGZJVS9RdDZ1blNGaWlBVnkydlpKcHV3WFpsSXI3TDdxd3Y1MmxEbFAvaHZQQWVvdGFqTXpMM00wCnU3NmFWdHllMm5rdkdvK1pVVHJLaGVrUU5OZjN1eGY3cWI3b0NWbmo1OUk1UmZNZk81MnZ1MCtkdWpGei9sRHEKcHJtVGJHTFZrOS92MGxwOWE4TG4xeXNQcDVtNUVMUnpXenUvYjRub05vcnpvY0x2cmVicXhOdG1PbmlUL1ZMeQptRERZbUxrbUY2WkwwMnRpVWFOajlTY05iYjh2bGdHb0M4ek14bjBFMWtZVDJ0bHFFbEppK05LN2dlczlyWHJqCkdiYWVxTWF1YnNWb0xLNGFsNGlSOE1LWjErV3UyTkNuWjIzSlpvYzJTdFFPRWtNRmFJeENPYWp4VWRMeTZkS2UKNk9HS0RYUXUvTFludHFnM2hpenhCbW83T3RmWC9rTitxWlU2Z09kMy92TE1FSk5XYkdPVHdaKzUySUl4bEVTSwpXR2JiL1FXOEcrMXFtelViUDFDZy9yRkRJWmY0OU40cWFuYTBFeHFjcDZkWk5YRU9YL1d0aWNlRXM4K0ZqNnZWCkVSMUorNHpWRVpMeGNCVC9aMC9hOHozenBuWWVabDFMYkhzQ0Q3RCt6VGRwS3E0bStlQkFiMWNQT2V5czF0RW4Kd2dwbG5vYk5DM2VBdkd3MjRubUtBUUtDQVFFQSt6bmN5RW9kNmVBbDNBc0YwTkNtVTI1bEFHVEdLVVlsSy9LdgorWGFPMnVGOFNLeEV3YVVPUzFicGU4TnNzamoyTGpucHkrQ1UzVW9OZExXUDhuc3hrZlpFbDB0a0MwWHU4UzU4Ck5TWjJkWG9MMEdBU0FtcDRsQTFDazBJeUg3ekxPajJBOGhlazRMUWRNemo0RHVSZjFYN1RRVzRhanMzQjJhSTIKSjlZN0cxaEFBV0dUMFR4Z0E2Y3dkUnZRbTNhczZoWCthZzZiaGE0YjQ3ejBxaHdaZ01aUnVSeGdEL2ZjbDVxVwphSmcvOGVsdjVMT1Y3UUpud2d4WTBJSmtocWdYU0JEZXprd2pvQ1FuWXdlYTlZSmlOK3Vrbnd0b3Btb2pEaWJXCkMzR0tjb3plY2ZYV3B1a3FocGkvcUIyeDhxclNVaTMyaVZKbjNRenY5YVJjeFZ2RUlRS0NBUUVBNHVEK0Y4b0wKQ2lBUGZlSlQ1WFFmNEtVdTlabTJLZU9tNmtRUURadEYrQXk2M1NSOEYvZFV5Qlk3T0FuVkRsSXZRZmZLaS9ZVApWMjVLNWQ4QUN5ak1lMnczeEJFTVVyVWtZT0hpK2ZZVk9kNytaRm5hTFU5UG56NWRMQ2t0OVpDdnNzR2FzMGdwCm5DMXdtaUxYQ1dOSDUvZjh1UW1STFM3VHY5VHFWb0lIWGNzNzNwK0hnNEJkbFFuclI5aWRITDlLTThpeUtpdEgKU3VlMmVmMkc5N0Nrek9uL3VUQUxKNzV6dkhXaDVtS1EwQlVNLzhMWmdMTXMyUkN5V3lnQ3hTdmF4MHBmYkVkMwplTGRETldoclBreXc2MmdTVVpoeXRTWXdQdmxraDFOSDI5OTc4VlovMXVrdlBJRXpVTHNCUjkxWm96NjJ0ZXVRCjFWNkdVVDcvK1MyTFh3S0NBUUI1WUJCQ0dFVHhqS0RkK2RsYWRLUVhKUHZaUDliWmRCRmJkVW45M1lEUlVTV0oKdXVrUklaeVJXN0U4WVVOdnE4T011K0F2NXhZay83VVdrTzIxK2owTnh3eUdpQjhTcnp2cy9FZDRLbGdMRStjSApTcE1JNWNYUnljSkRnVFRVVHBObFZQZXFmeS9pZkVLclQ3ZlJBaGNtLzdvekgyM25WcE4wZ1VGbTU4THd5Q2RNClE0ZDJESlJhejNqQzY2aFNvL2lRdEFXUjJmTGJtQzNUVHFScVYxOGU3ekhtbkVYeEVSQmJrbzFlaFVoSHFUK3QKSC9Lc2FvQVVxWUJ6Wkx3S3JzVm94UFhRZDhxeWdTVWlYRGRLckM2bDA4eGFKdG50cE5QQTc1UjBQT3Zsd2hkcQp1WnAyVTZwL0V1ZHQ0c0xwZWd4Wk5lbXBtTTJqWjYrN1h5aVBGWEhoQW9JQkFDM052SjZ5NUoycnNWVDV6M1JBCmlIc0Mva01KUUZTZXFFRWRjcHc4bjlpZlFVNktJaDk0aUg1SXRyWHVqanZ3N2FlRXpqaUplb2dwTlNmSmFLblkKRjhoSEpjOEluaE5Jak1xZWNBT0U0ZTRvRGZYV2lneWh1WEp0MWNPbm9LYTJDakt0a1h6bWNiZ2RHR0dWN1JIeApJRUE5dWFEbHhKQjVwcmhRMU9xWUg4S1kyRUp1dEo0ZzJVUFFsOWFPYmRHeThOa1ppSmFvM0NETVBQUE44bVNwCkhleGN4WXJ1bnlIcitsT3U3L3VpSkpoTjE2eisrb2hZSkJMQ295OXlHWFVURUgweGo2ZzltV29lbll2M3c4YjEKRnJhLzhRcldHenBsTmxKUWFUSkU1dm9GMlhEMHhLUnZ1V0NldU94d2hLYXNrbjg1bHd1TlBsVkZXeHFsL0dtaQovME1DZ2dFQkFPazAwQlpJRWt3MTd6cERlTW53a1JQMURTblAyN0RwN3E4bnRNREplYW0vUGY5Ynk0ZkczSG9VCk12eXRubmlhN0F5SHl4TXJWN2plQVNjVCt5aVJJdXlmcUM5aGNTTU5RK0pxODVyN3pxNnE3VHZBWGRkeWJnUkgKUzR4Y3ByWG1VNVI4dGkyekVtUFpiOFRZOFFGdHNLTTdyaUtkcndCK3JpRGVYWkpTTVRQWXM3NTMwT3Vmc1BPRgpEM0VydlZweE9DTGROL0ZxWW42TFBrRUpNSXluNUZBekpqSXRRSTJuOGRIMlNRdEU1UjlyV1ZsSkNjYndicVh0Ck01UVFLODkyM0V5KzFwWUxOZXQ5Vmo0cUs1NHA0YWtiUFkwUTROeTlZZjdxek5LUjYxcDdZWkZXL29icmY2R0sKS0J2TWFsNlhRSktlOHJkNEFiMkVyOEQyQnBDc3E1dz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= - metadata: - name: cert-argocd - namespace: argocd - type: kubernetes.io/tls - - apiVersion: v1 - data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsVENDQTMwQ0ZHZ1grMjdlSkJObVRVVDhUcjRsZEdUR0l4SzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0cKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTgpNQXNHQTFVRUNnd0VWRVZUVkRFTk1Bc0dBMVVFQ3d3RVZFVlRWREViTUJrR0ExVUVBd3dTWVhKbmIyTmtMblJ5CllXVm1hV3N1Ym1WME1Sc3dHUVlKS29aSWh2Y05BUWtCRmd4dWIyTkFkR1Z6ZEM1amIyMHdIaGNOTWpNd09ETXcKTVRVek9UUXpXaGNOTWpNd09USTVNVFV6T1RReldqQ0JoakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTQpCa1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeERUQUxCZ05WQkFvTUJGUkZVMVF4RFRBTEJnTlZCQXNNCkJGUkZVMVF4R3pBWkJnTlZCQU1NRW1GeVoyOWpaQzUwY21GbFptbHJMbTVsZERFYk1Ca0dDU3FHU0liM0RRRUoKQVJZTWJtOWpRSFJsYzNRdVkyOXRNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQQozcVhnNU1JM1Q4OGNiKzRHem9ENmI4eUs4YnplVlh5ZmUwcDVGcjBNbFlOSjNqai9GbXE1dzZ4akZTcUo0NTR3CnRSWkJUSEFIUnNTNlJFZHFSay8xdGNyV2s1ZStNbHhqamtqd3pXOS9kNW5CRER4MWRkL0VPVDA2MTY4RlorWkwKeGNseDFSVlN3L3Q3UmxlQTFJYTF5dmZRcnJXV2V0Qm9BQXZaeG1YVmtTK0tjUTl0ZXRudnFDUUJ2eDJVdTgxUgpaME9SeTN1U3doTUlRUlh5NzdvanM4MEN1ZjlQU0ZzRmUrUnZjQU5tVDlqZjNwYy9LNjRsME5WK0VqU3Biekp6ClFRL1BxdHR2NUFtck1JNFNEcGs4VWtKY3hHY09ZZ3BBV2hOK3Nzc0lHSnFBYlQyWjVWTExhdnp3STBsZlEweUgKMWtmQ2FqZ1FrTW5nOG51aTAxMzdGRkZmVjVPVGZkMTh2T2wxTlRIOVc2Q1d6eW5abXc5VGxBdVF1YWl1dFRtTwptU2VmOW9hbElhc2RnZVQ2WUprMzRuRWQwSEhJcFZFcWlhUHZXZlVzSlJHbldTWWRTWWd1UklFaDhTbDFJVy9PCldKUmNua2VrZmJxaTRCZ2pYR295TTJnQTBCWDNRcHVSOXMvZUdrWnVrWW8vQmRnczNORFB0OEYwYWFvemlYVEcKU2pXQVpOU3VKRHhwdWJ6WFNVMWtpa2pQUDM5aXJrOXVOZzlBbkZNUzNzak1CZEVyZmdybld6RE5SNzF0K0lLQgo1RTRrYklPdGlVbXp4MlFzVGdQNkhXTFJQd0pjT0pXWVVkYXBKTFJJb2J1VTUrdWhwaU9tSk9rK20wUnkzdnJVCkk5VXNhUGc2YndWWWNseWFzR3Q1eXJTRFRmenQxRTBvc1FTcldxTllzejhDQXdFQUFUQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBZ0VBcWNPNVA5YStwZnZ4VXZXS1N0ZVduYXIzVVhUQzlQa3JYTW8zYzFZNWdSUmJSZTUzOTUwbApEYVZYQ1UxR25FN3ZoQndtTUdycmFZOXFJRlZRZUNvRDBBd05HZURnL2s2QkJqWXNCZ2k3eVhyUnhBVnFyY3BNCjMrb2tvTzR6a29JVnNLSUVwSG1nVzJIckFUSjBBMWRxazZSUENXZ2RPY0JqZUhocldXZWNDeHpvSk5TdkNhd1cKZmpsNkg5c2NKT3lZS01za3lYTldBb2xQTkxkTHpsL3hDTFVPdTZUREYySGdHSWpHZmdIbW9kYUpuVUJYNXU1QwpTaGxOd1Z2U2pMWUY3QTVEWlF6aHBzTzgyZGVMZVFPeGxwZ2hUcFE1UC95MU5PWXJ0dDAxeVZBTkFnRFgySkVXCjRVK1k5VERoVGVWM3VMRmU0OHpEazBtTms5WDRWb0NyQWhOVnJMNmFxN2pMWUtuNCtjUWFlMWFiaXhaMVVKUkgKVDJDV0dybnUrRTN4R09GdWNlSytCT2NJRGNZRjVVcFdMYTFVOUxUTXRKMFN2bkh4dnAxZHgyKzN4VzdVS2RURApOc0xzcG4wSXRiUzR1aFRvZEdpQUZUSEMxMTZlUE5OT2RXNjlDVGVGa2dQaVJRcFcwY0VGZ1NVc0ZDcGFFbUpECnp1YUVYeWN1SE8zVGJsTCtIUFoxcEQ5U0FyZHFRMlR4Z2V6MW55eHM5MERuTldDcjl3QjhWRE53S084ekVzNzIKYVNJTFE1Ym0zeVFEanI5QVVFUVFpSWNscUJlcTVGTW9aNFpFOC9TTFlLdmJMR3hZY3d2ckxuNTZJVFBCdmxUcApVamdkYXFBR2NtUDV1azlPRStQdjJiTmJldEFGTUZUZG0wQ1pqUEcvMjB3dHNhUjRDRzB2MVFjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRGVwZURrd2pkUHp4eHYKN2diT2dQcHZ6SXJ4dk41VmZKOTdTbmtXdlF5VmcwbmVPUDhXYXJuRHJHTVZLb25qbmpDMUZrRk1jQWRHeExwRQpSMnBHVC9XMXl0YVRsNzR5WEdPT1NQRE5iMzkzbWNFTVBIVjEzOFE1UFRyWHJ3Vm41a3ZGeVhIVkZWTEQrM3RHClY0RFVoclhLOTlDdXRaWjYwR2dBQzluR1pkV1JMNHB4RDIxNjJlK29KQUcvSFpTN3pWRm5RNUhMZTVMQ0V3aEIKRmZMdnVpT3p6UUs1LzA5SVd3Vjc1Rzl3QTJaUDJOL2VsejhycmlYUTFYNFNOS2x2TW5OQkQ4K3EyMi9rQ2FzdwpqaElPbVR4U1FsekVadzVpQ2tCYUUzNnl5d2dZbW9CdFBabmxVc3RxL1BBalNWOURUSWZXUjhKcU9CQ1F5ZUR5CmU2TFRYZnNVVVY5WGs1TjkzWHk4NlhVMU1mMWJvSmJQS2RtYkQxT1VDNUM1cUs2MU9ZNlpKNS8yaHFVaHF4MkIKNVBwZ21UZmljUjNRY2NpbFVTcUpvKzlaOVN3bEVhZFpKaDFKaUM1RWdTSHhLWFVoYjg1WWxGeWVSNlI5dXFMZwpHQ05jYWpJemFBRFFGZmRDbTVIMno5NGFSbTZSaWo4RjJDemMwTSszd1hScHFqT0pkTVpLTllCazFLNGtQR201CnZOZEpUV1NLU004L2YyS3VUMjQyRDBDY1V4TGV5TXdGMFN0K0N1ZGJNTTFIdlczNGdvSGtUaVJzZzYySlNiUEgKWkN4T0Evb2RZdEUvQWx3NGxaaFIxcWtrdEVpaHU1VG42NkdtSTZZazZUNmJSSExlK3RRajFTeG8rRHB2QlZoeQpYSnF3YTNuS3RJTk4vTzNVVFNpeEJLdGFvMWl6UHdJREFRQUJBb0lDQVFDWWYxVkNXaVE0YmNzMGZ2djZoUzBEClZqMzB4VUFqblhBK3FndTJIMVozTWExdW4rdFlGMUdWVElXeEFhbmdWWUZYQng5Q2s1am9SK2FzeloxaysyOTQKVEs0YitWczBjME5kT1doMXpXQ3BNbzZmS3VucENwTUVBWVJFSm9TMVhXK1kwUmsrc1pRMjJCRGZaUi9BY1dRaQoyUW4rSURJcGZJVS9RdDZ1blNGaWlBVnkydlpKcHV3WFpsSXI3TDdxd3Y1MmxEbFAvaHZQQWVvdGFqTXpMM00wCnU3NmFWdHllMm5rdkdvK1pVVHJLaGVrUU5OZjN1eGY3cWI3b0NWbmo1OUk1UmZNZk81MnZ1MCtkdWpGei9sRHEKcHJtVGJHTFZrOS92MGxwOWE4TG4xeXNQcDVtNUVMUnpXenUvYjRub05vcnpvY0x2cmVicXhOdG1PbmlUL1ZMeQptRERZbUxrbUY2WkwwMnRpVWFOajlTY05iYjh2bGdHb0M4ek14bjBFMWtZVDJ0bHFFbEppK05LN2dlczlyWHJqCkdiYWVxTWF1YnNWb0xLNGFsNGlSOE1LWjErV3UyTkNuWjIzSlpvYzJTdFFPRWtNRmFJeENPYWp4VWRMeTZkS2UKNk9HS0RYUXUvTFludHFnM2hpenhCbW83T3RmWC9rTitxWlU2Z09kMy92TE1FSk5XYkdPVHdaKzUySUl4bEVTSwpXR2JiL1FXOEcrMXFtelViUDFDZy9yRkRJWmY0OU40cWFuYTBFeHFjcDZkWk5YRU9YL1d0aWNlRXM4K0ZqNnZWCkVSMUorNHpWRVpMeGNCVC9aMC9hOHozenBuWWVabDFMYkhzQ0Q3RCt6VGRwS3E0bStlQkFiMWNQT2V5czF0RW4Kd2dwbG5vYk5DM2VBdkd3MjRubUtBUUtDQVFFQSt6bmN5RW9kNmVBbDNBc0YwTkNtVTI1bEFHVEdLVVlsSy9LdgorWGFPMnVGOFNLeEV3YVVPUzFicGU4TnNzamoyTGpucHkrQ1UzVW9OZExXUDhuc3hrZlpFbDB0a0MwWHU4UzU4Ck5TWjJkWG9MMEdBU0FtcDRsQTFDazBJeUg3ekxPajJBOGhlazRMUWRNemo0RHVSZjFYN1RRVzRhanMzQjJhSTIKSjlZN0cxaEFBV0dUMFR4Z0E2Y3dkUnZRbTNhczZoWCthZzZiaGE0YjQ3ejBxaHdaZ01aUnVSeGdEL2ZjbDVxVwphSmcvOGVsdjVMT1Y3UUpud2d4WTBJSmtocWdYU0JEZXprd2pvQ1FuWXdlYTlZSmlOK3Vrbnd0b3Btb2pEaWJXCkMzR0tjb3plY2ZYV3B1a3FocGkvcUIyeDhxclNVaTMyaVZKbjNRenY5YVJjeFZ2RUlRS0NBUUVBNHVEK0Y4b0wKQ2lBUGZlSlQ1WFFmNEtVdTlabTJLZU9tNmtRUURadEYrQXk2M1NSOEYvZFV5Qlk3T0FuVkRsSXZRZmZLaS9ZVApWMjVLNWQ4QUN5ak1lMnczeEJFTVVyVWtZT0hpK2ZZVk9kNytaRm5hTFU5UG56NWRMQ2t0OVpDdnNzR2FzMGdwCm5DMXdtaUxYQ1dOSDUvZjh1UW1STFM3VHY5VHFWb0lIWGNzNzNwK0hnNEJkbFFuclI5aWRITDlLTThpeUtpdEgKU3VlMmVmMkc5N0Nrek9uL3VUQUxKNzV6dkhXaDVtS1EwQlVNLzhMWmdMTXMyUkN5V3lnQ3hTdmF4MHBmYkVkMwplTGRETldoclBreXc2MmdTVVpoeXRTWXdQdmxraDFOSDI5OTc4VlovMXVrdlBJRXpVTHNCUjkxWm96NjJ0ZXVRCjFWNkdVVDcvK1MyTFh3S0NBUUI1WUJCQ0dFVHhqS0RkK2RsYWRLUVhKUHZaUDliWmRCRmJkVW45M1lEUlVTV0oKdXVrUklaeVJXN0U4WVVOdnE4T011K0F2NXhZay83VVdrTzIxK2owTnh3eUdpQjhTcnp2cy9FZDRLbGdMRStjSApTcE1JNWNYUnljSkRnVFRVVHBObFZQZXFmeS9pZkVLclQ3ZlJBaGNtLzdvekgyM25WcE4wZ1VGbTU4THd5Q2RNClE0ZDJESlJhejNqQzY2aFNvL2lRdEFXUjJmTGJtQzNUVHFScVYxOGU3ekhtbkVYeEVSQmJrbzFlaFVoSHFUK3QKSC9Lc2FvQVVxWUJ6Wkx3S3JzVm94UFhRZDhxeWdTVWlYRGRLckM2bDA4eGFKdG50cE5QQTc1UjBQT3Zsd2hkcQp1WnAyVTZwL0V1ZHQ0c0xwZWd4Wk5lbXBtTTJqWjYrN1h5aVBGWEhoQW9JQkFDM052SjZ5NUoycnNWVDV6M1JBCmlIc0Mva01KUUZTZXFFRWRjcHc4bjlpZlFVNktJaDk0aUg1SXRyWHVqanZ3N2FlRXpqaUplb2dwTlNmSmFLblkKRjhoSEpjOEluaE5Jak1xZWNBT0U0ZTRvRGZYV2lneWh1WEp0MWNPbm9LYTJDakt0a1h6bWNiZ2RHR0dWN1JIeApJRUE5dWFEbHhKQjVwcmhRMU9xWUg4S1kyRUp1dEo0ZzJVUFFsOWFPYmRHeThOa1ppSmFvM0NETVBQUE44bVNwCkhleGN4WXJ1bnlIcitsT3U3L3VpSkpoTjE2eisrb2hZSkJMQ295OXlHWFVURUgweGo2ZzltV29lbll2M3c4YjEKRnJhLzhRcldHenBsTmxKUWFUSkU1dm9GMlhEMHhLUnZ1V0NldU94d2hLYXNrbjg1bHd1TlBsVkZXeHFsL0dtaQovME1DZ2dFQkFPazAwQlpJRWt3MTd6cERlTW53a1JQMURTblAyN0RwN3E4bnRNREplYW0vUGY5Ynk0ZkczSG9VCk12eXRubmlhN0F5SHl4TXJWN2plQVNjVCt5aVJJdXlmcUM5aGNTTU5RK0pxODVyN3pxNnE3VHZBWGRkeWJnUkgKUzR4Y3ByWG1VNVI4dGkyekVtUFpiOFRZOFFGdHNLTTdyaUtkcndCK3JpRGVYWkpTTVRQWXM3NTMwT3Vmc1BPRgpEM0VydlZweE9DTGROL0ZxWW42TFBrRUpNSXluNUZBekpqSXRRSTJuOGRIMlNRdEU1UjlyV1ZsSkNjYndicVh0Ck01UVFLODkyM0V5KzFwWUxOZXQ5Vmo0cUs1NHA0YWtiUFkwUTROeTlZZjdxek5LUjYxcDdZWkZXL29icmY2R0sKS0J2TWFsNlhRSktlOHJkNEFiMkVyOEQyQnBDc3E1dz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= - metadata: - name: cert-argocd-test - namespace: argocd - type: kubernetes.io/tls - -kubernetes_tree_base_dir: - - /opt - - /opt/kubernetes - -kubernetes_service: infra - -kubernetes_git_repo: perso-infra - -kubernetes_git_url: github.com - - -kubernetes_allow_pods_on_control_plane: false - -kubernetes_alias_bashrc: - - path: "/root/.bashrc" - regexp: "^source /usr/share/bash-completion/bash_completion" - state: present - line: "source /usr/share/bash-completion/bash_completion" - - path: "/root/.bashrc" - regexp: "^source /etc/bash_completion" - state: present - line: "source /etc/bash_completion" - - path: "/root/.bashrc" - regexp: "^source <(kubectl completion bash)" - state: present - line: "source <(kubectl completion bash)" - - path: "/root/.bashrc" - regexp: "^alias k=kubectl" - state: present - line: "alias k=kubectl" - - path: "/root/.bashrc" - regexp: "^complete -F __start_kubectl k" - state: present - line: "complete -F __start_kubectl k" - - # - echo "source /usr/share/bash-completion/bash_completion" >> ~/.bashrc - # - echo "source /etc/bash_completion" >> ~/.bashrc - # - echo "source <(kubectl completion bash)" >> ~/.bashrc - # - echo "alias k=kubectl" >> ~/.bashrc - # - echo "complete -F __start_kubectl k" >> ~/.bashrc - # - complete -F __start_kubectl k - #- echo "function kname() {k config set-context --current --namespace $1}" >> ~/.bashrc - -kubernetes_namespaces_crd: - - namespace: argocd - url: https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml - file: install - - namespace: traefik - url: https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml - file: kubernetes-crd-definition-v1 - # - namespace: traefik - # url: https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml - # file: kubernetes-crd-rbac - -kubernetes_namespaces: "{{ kubernetes_namespaces_crd }}" - - -kubernetes_traefik_objects: - - namespace: traefik - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - definition: - metadata: - name: traefik-role - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.io - resources: - - middlewares - - middlewaretcps - - ingressroutes - - traefikservices - - ingressroutetcps - - ingressrouteudps - - tlsoptions - - tlsstores - - serverstransports - - serverstransporttcps - verbs: - - get - - list - - watch - - namespace: traefik - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - definition: - metadata: - name: traefik-role-binding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-role - subjects: - - kind: ServiceAccount - name: traefik-account - namespace: traefik - - namespace: traefik - apiVersion: v1 - kind: ServiceAccount - definition: - metadata: - name: traefik-account - - namespace: traefik - kind: Deployment - apiVersion: apps/v1 - definition: - metadata: - name: traefik-deployment - labels: - app: traefik - spec: - replicas: 1 - selector: - matchLabels: - app: traefik - template: - metadata: - labels: - app: traefik - spec: - serviceAccountName: traefik-account - hostNetwork: true - containers: - - name: traefik - image: traefik:v2.10 - args: - - --accessLog - - --api.insecure=false - - --api.dashboard - - --entrypoints.web.address=:80 - - --entrypoints.web.http.redirections.entryPoint.to=websecure - - --entrypoints.websecure.address=:443 - - --providers.kubernetesingress=true - - --providers.kubernetescrd=true - - --log.level=debug - - --metrics.prometheus=true - - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0 - - --metrics.prometheus.addEntryPointsLabels=true - - --metrics.prometheus.addrouterslabels=true - - --metrics.prometheus.addServicesLabels=true - - --metrics.prometheus.manualrouting=true - #Cela signifie que Traefik ne vérifiera pas la validité du certificat SSL/TLS du serveur vers lequel il dirige le trafic - # Ok en dev (self-signed) NOK en prod - # Utilisé pour argocd - 500 Internal Error traefik - - --serverstransport.insecureskipverify=true - ports: - - name: web - containerPort: 80 - - name: websecure - containerPort: 443 - - namespace: traefik - apiVersion: v1 - kind: Secret - definition: - data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsekNDQTM4Q0ZGSjc1dnE5KzhJUGNIR0RHcU5EM1ZnRzZyU1FNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0gKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTwpNQXdHQTFVRUNnd0ZTMFZaV1U4eERqQU1CZ05WQkFzTUJVdEZXVmxQTVJrd0Z3WURWUVFEREJCMFpYTjBMblJ5CllXVm1hV3N1Ym1WME1Sd3dHZ1lKS29aSWh2Y05BUWtCRmcxMFpYTjBRSFJsYzNRdVkyOXRNQjRYRFRJek1EZ3kKTnpFME5ESXhObG9YRFRJek1Ea3lOakUwTkRJeE5sb3dnWWN4Q3pBSkJnTlZCQVlUQWtaU01ROHdEUVlEVlFRSQpEQVpHY21GdVkyVXhEakFNQmdOVkJBY01CVkJoY21sek1RNHdEQVlEVlFRS0RBVkxSVmxaVHpFT01Bd0dBMVVFCkN3d0ZTMFZaV1U4eEdUQVhCZ05WQkFNTUVIUmxjM1F1ZEhKaFpXWnBheTV1WlhReEhEQWFCZ2txaGtpRzl3MEIKQ1FFV0RYUmxjM1JBZEdWemRDNWpiMjB3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQwpBUURNbG9aSE4yOE04SERMU2t5WkJ5SzhvWEtTcDB0WHFnL3FrM1FpeHQ5UEpnOWduYWs1NThtVEgwemNzQk1VCmFndEtTWXU1akdQSGFSQ3dXNDdrTGp6TUlLL2RYdWlDRE1nUUN6RFB0cWM2Qm9KQy95UTZHV1VwU2hhSmVQUVUKRFRVK09NamNpd09LSmkxOTFKMnR3ZGxpb21FbXZYWUFHcStzSkRVa25WL1FadVBZMlpmcVZibnBwQkt5U0FvegpJWVVGRzdOSTk2K3o3TW5IelVWNG94V1lkQkNjTWNvMllFV3lNU2hhR0hDV3Z3dUtXalZJWXJWSGI1dlQyWVF4CjRCbHlUa2dEQ1o3bTZWMlhLcFJIalp4cjJJVHh1T0FybzhoZ3FHSGprbnptVGh6ZnZKK1NuWk8xK253OXEvNnMKN1lxbkI1RUh2UVdBSks5UkYrZDZsOGZTam1iUGs0VGl1cWNqRkljUXprSnVUV2ZSbk1MN0YybXQ4Z0p6azlZRwpsaW1jcTdkSTdENFFDaEJadGt1Ny93TmUrSTI2Y0MwM0l5QnR0SFRqeUlvbWJ4K1JVOFJBaGFKNDZtY3Y4ZUdCCjNIeS9hVjZERFB6SWdUc1JQWTNuekhlYWhmOHJmamNRcDcrZGNuNmxDV0pROW0rQVFNN0hZZGtJdXQ5QlF0aEQKemlHZFFLd3ZBdmFTV3krRjdQc2kxUXQwTDhxZ01OT2JDTUl6ZUdCYXg0ZkdZQnJjNFQ3UXFVNzBKakZXWXhQUwpzU1UzRm5sWFhLbXFTZ29naFd3Y2tqWUJCakJnb1E4dmZJNDhqTDlycmJkZWFxSWJXSkRSeXc4R0ZGNDVDMzNQCkxRWC9zWEN3Wno0YjVHYkZZNWRzbVBGdFVnUG9TVWtZWm9KVU8waUw3NXhMRVFJREFRQUJNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElDQVFDWU0vY2tKUDBYelk1bTJsQlRWdm9hUzg1MVJlRTA5YmFqaXlMbnYrTFpLRTNyVzFQTAo1citubzNXVCtZWmxYUzVGS0Z4cGZMdXdJRGZtZTZjOUVldzRLbkdxaTVVTXJrVjJxb3lPUmxIRzdESG1ocW5NCjlNK1J2Zks4QldaUmMwQ0lwOGQ3dnBhWW1xQ0tFdURYajZZd2FSUmJHejdkcE1MYnFsNWViaU5md2c5em1aaE0KNmxXcVphN3JxTzBwMEp3NXNOLzZUS2F1QXlkUitaS1NGdzVVVWFCN20veW1MN0lWVk5WRVBzRm5aYnViRm40YwpZQm93NHA1V3NjUHoyQTVmUG83QzlkZkNaaWpCYmlodXNYdTIzMDEwSU9ITys4SjlOMFBtUit5Y0J3dHd2MmhRCmpzbThPTTV0YTFUZkJmeHUzeWNQZjl2Um5SVlJHVkg0eEdLN2tTMnNwKzZiS0xEM2hKNFN2VkRNdVBHQW5zb2gKbGFOb2JqL2l0NU1MQ08wcDhMclJ2OHdwTUdnVUZ0eVNtR2FDa0MvM0pqQ1BTbnI2S1d3a3VQVnRVVlZpSjhpagpKREhBcW9hSWhLVzcwOXZTdWlFbHZUTlIwUmJWWHVaRDZqRHRDTGdmaXB1T2E1endoeEd3aVhHL1g1bUszaUxkCnRCUi9JeGw0ZUlQV1BVbEtnZHBMVzFIU2I3aU42cG05cjQveGpEbDkzeGowR2ZYZktKalhFY0RtTklhZUl1cVUKRUpDK0Q3YVU4bkdoMlN3WTIrbWlQckFQU0gwSjBxMjhzTHErMXZKWG11MEsxUVZNejErY3hrVER5WVRpTnBwcQpTOXJoWkJoTzNPZEd4Z0ZYSVc5V1dqSStEdXZ3cTJrV1Qwb3VKTHZNbkpDcU5vYkgzVXlHTGg0WmNnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRRE1sb1pITjI4TThIREwKU2t5WkJ5SzhvWEtTcDB0WHFnL3FrM1FpeHQ5UEpnOWduYWs1NThtVEgwemNzQk1VYWd0S1NZdTVqR1BIYVJDdwpXNDdrTGp6TUlLL2RYdWlDRE1nUUN6RFB0cWM2Qm9KQy95UTZHV1VwU2hhSmVQUVVEVFUrT01qY2l3T0tKaTE5CjFKMnR3ZGxpb21FbXZYWUFHcStzSkRVa25WL1FadVBZMlpmcVZibnBwQkt5U0FveklZVUZHN05JOTYrejdNbkgKelVWNG94V1lkQkNjTWNvMllFV3lNU2hhR0hDV3Z3dUtXalZJWXJWSGI1dlQyWVF4NEJseVRrZ0RDWjdtNlYyWApLcFJIalp4cjJJVHh1T0FybzhoZ3FHSGprbnptVGh6ZnZKK1NuWk8xK253OXEvNnM3WXFuQjVFSHZRV0FKSzlSCkYrZDZsOGZTam1iUGs0VGl1cWNqRkljUXprSnVUV2ZSbk1MN0YybXQ4Z0p6azlZR2xpbWNxN2RJN0Q0UUNoQloKdGt1Ny93TmUrSTI2Y0MwM0l5QnR0SFRqeUlvbWJ4K1JVOFJBaGFKNDZtY3Y4ZUdCM0h5L2FWNkREUHpJZ1RzUgpQWTNuekhlYWhmOHJmamNRcDcrZGNuNmxDV0pROW0rQVFNN0hZZGtJdXQ5QlF0aER6aUdkUUt3dkF2YVNXeStGCjdQc2kxUXQwTDhxZ01OT2JDTUl6ZUdCYXg0ZkdZQnJjNFQ3UXFVNzBKakZXWXhQU3NTVTNGbmxYWEttcVNnb2cKaFd3Y2tqWUJCakJnb1E4dmZJNDhqTDlycmJkZWFxSWJXSkRSeXc4R0ZGNDVDMzNQTFFYL3NYQ3daejRiNUdiRgpZNWRzbVBGdFVnUG9TVWtZWm9KVU8waUw3NXhMRVFJREFRQUJBb0lDQUd4bE9FSFZVZ1kyQWwwRFFiQTJncVlVCm1DS3hkbzY4OE8vbExqd2F5RWdrTHpPT2RSSFVDQTNtSUpBd3pmc2I4RjFzdUJZWUZ1bVpkaGtxZVh2V0w2b3IKaTJJcm5kOEJyS0lyZTdJaDRWb3lCcVEra0ZBa0VtQWMrL0hjWHQyYzNkL1lzRHVCZjkrYk9MRVpqRzE2YnBYKwoyS0J3ODJzOHVHVHBUaXJYSXVQRkQrVmQ3RXBoSHo1MkN0M2dvMTdSM0t1SE1LZHhhK3RWZ3RkVW9BRTV6d0JXClJsS3JZcXNLdVFLZlh2VFZUQm5pb05ldDBkdEhTU3JQTEczREtuSk9mTXorUXRNeExyckRYQzN5aGx1ZTRRaVcKMEdGT0JaKzVpRG9HSE04NVZ1bWk2MU56bWN4UnB1aGREYVNUVXowR0lsYzdBQkZzaWRTS0cwVkkrQUVSRi9JNQpyM0IyWFBoQVVTNFVlTCttTVJoNW4xWjAzemY4dnRTbnJydUhTditlT25GMVpmcy9tS0NwSnV3YXFHVU4ycjU5CjR1SUNLeXExeUdWaXhNUFU1Zk9QU3poeVd3dUNyVEIydlZqb2J4OUtwVGZGb1dQbU1nSW1rVDRiZy9oVE5naWQKcm9mMmMrVE12cVBQdERKTnRyNW8vQm5jbFIvMXloOVVYdnZSN1dxT21UcEREZUtRUmZlb253TFhNRW1xbmlVYgpTQzZBWnZ4M05yeE14Sk9iRkNDQ01rbXNhS3o2VE9jN2FCRU9ocEZaK1VtN3ZhWWpCZE4vTVlDQmxQZEJ2R090CnRJNk43TVJuc0tid09zOE5wU0FZRWVoWkF3M285KzJzaGIrL3hTUnFocGpURE9tY25KSGRSN3B6RnpGZzA0QzYKT01kU09ycTNrdnpHWWlnNnduYkJBb0lCQVFEbnhtbERwbHRyUUdYMXZmcTRzTFBHTnhmbktabVg3SzdvTlEvegp3NlBFKzlwSi8zSU1VL3NXMGFmcDhvQnc1ZndNT21jN0FqL3VEeTBZYks5Mk55VG5OSzBoZzZPcXNodFdYdDZOCjlnU0hCV3ArcG9pMHVxS3pEblhReEpZUzQ5MDVvTmxvdmhabHMvOG1jbm91TmlhSUlHcXQ0L2dOMUZINmN0bDUKMTRrbm1SUDFRNnZzWXNHNXlKSThsNldDTnJzT21RQmFzR0RrWGJ1dzFWTVYxMzhRR3lCUDdVK2J6Sy9vZ1VqQgpiKzY3Q3JSZ0dIRDc0eS9QNVp3MDJMV3F2WWVHZVJhZHMwQUIyNUlqeTVMWHVERkdWUVZsRlNjTGNkNFZSVXdzCnVqWVdqem1CQmJsVE9tMW1vSjRmRm1haGdLM2RiSW12UGFjQkprQXhnbDJ4MGlVcEFvSUJBUURoK0t2TzBxV08KMXZSbklJWmE3TzQ2SWdmN3E4cVdlanhsbmtUamVkYm5xakpxM1VQMHRxZmpid1V2a3J2amhWaHJmR1lVelBrTApINm9seGh5VmpLM0EvYUNPTlNnWXpDd1grWHllSUdtUnpNNlV5aGFzYVFzTHU1dnhYRTBmZ0VxdGxUb3VrZkIvCjBVUm9TTittQjd5VXBKSTBDQkZmZGN0aVR6a2Q5cDRlU2VSZDNHSWFFMU0vUXBSTTVyN2h1S3dkSXdOdDJSeHEKQ2szY3dVd1psZkpSZ1NZL3pjK3VuZFlYYmN5aFFKRTIya29yNVQ4Nll1S1NPcU1RdlhNRkJkSFlMNVJBZzBRYgpQSkxUWm9hNU9qbkc3VHNsaWxFbUVMSUg3eHp4ZStYVEY3MERSdkhuOWlnY2hHbmhkSTEvWU1DbTNuSHlqWVRNCmFML1BlcTRxSVF1cEFvSUJBUUNMMEdiRGhtRHphOStWeEVxd2l2ZUhoTWlJaTlHNWtlOVk2Rmw5SlBGdjdMV2IKbWRyRWtReVFrVnlIaGQveE91czJ2U3gwcmtDK2JLMDVaS2JiMnh3SjFQN3pqcU4yWHdhYXJaUDNjd2I4SkVvLwpxRm9qRzhyMTFLMUJpTFUzSS9uWnY2d213VFJsbVpVN0xpZUNKT3hOaGJDVXdVWnJvVDdxbzhtSTlIb3FSdStCCkxwZFJlNmw5VnY3UVNuSnZBSEVLdDBVOWI5U2pMZUFCSms1K2lJWi93cjFWT2NTaUtYR2NBaEZQanlRbDlLa20KcHRmUk94VW1oazRhbXZmTHpaVXBpM1lYSDRCbkhuc2oyTFAyS1lpZjhyM1VZbFF4VlRrdy82S2FBS0tNTFUzMQpCT3pzeGZ3a3dwTmdFWFZMeTRJV1psa1FPMUs1SU1mc2xjWExkUWN4QW9JQkFRRGR4MUxRRlR1NTJreGEzcmdlCmkwVXdOdkJBMkJWbjVLWmNVWjVvNTg2ODVmUy9uMVF2M0FrZ2xYaXdmVUg4aG9ZR1VEeGNFK1FsUDdtZGd6ZlEKcXhacFFFT1E3cWpnMVpvOUdYWnVOMytGUWs1S0I2R0RLMEZWRFpkNnBrMW5LbUdneGNJcHJNQXVvbk9TS2x1ZQpOeCtsZjNPaXIzeGxoVlhNc2Rac0N2eWEyNGpQZWhtcVgrY25RakFNM2JiZ0VJQ1R4Q1o4YkVhUDZIY012NFh4CjRwSEYzb3hzdUpFcFh1MmRadjBjRWlPemcwQ2lua2VWQlRJN3RHTVFiZTl5TVlrSHRZSzZZbHE0cEpXeDk0RW8KVC9ZZXYveDUxcXZZUVRDSnl1dE1NbjZZMUVhRTdkOUQrdnJaS2poRXQwQ2NrSmZqN3BSRkt4SDRFS0tZZmw1cgpLSzJwQW9JQkFRRFFJOUp4N2YraW53Y1EydWtHckN2bmVJN2VnaXVqWmoxUEdKbTZLMU5hM3ZVT0xJem9iV3dNCk01dmpRcXAweDdFc3BjQXpBSVF6TytQcUNPQ21iMUx6VGVwejhyc2FiRW84Z04rOEV6SkQzdnF2NTNMR0NCMFMKM2RhdHlmZ0xmeGFvYVFTUk9jUWUxYlpwZy9MUzloZ2pmZjlEbUtaZ3VOTzN0eUZhRGJ4MHQ0RS9GZkJkNVNPWApPdU0vZVU5R1ZZdzFJSW1FeGF2bll4eEtzUXd0VlAyQjNYMG9MbFNhemk0bG9Jb21SRE81TEhTUXp0TDZ6UFZrClRUT0JML2t4Umx1K3UvYStXQ2NrNytSKzc3dmU3d0taV2lJNmdyYnpjNW1VSXlHbEpTUjRvRlVSSzhiL20vOHQKVkJBZzhUYllDYms3aG1RWitHN0lac1NQWE9od2lzWHYKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= - metadata: - name: test-ssl-secret - namespace: traefik - type: kubernetes.io/tls - - namespace: traefik - apiVersion: v1 - kind: Secret - definition: - metadata: - name: traefik-auth-secret-dashboard - type: kubernetes.io/basic-auth - stringData: - username: admin - password: dashboard - - namespace: traefik - apiVersion: traefik.containo.us/v1alpha1 - kind: Middleware - definition: - metadata: - name: traefik-auth-dashboard - spec: - basicAuth: - secret: traefik-auth-secret-dashboard - - namespace: traefik - apiVersion: traefik.io/v1alpha1 - kind: IngressRoute - definition: - metadata: - name: traefik-dashboard - namespace: traefik - spec: - entryPoints: - - websecure - routes: - - match: Host(`test.traefik.net`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) - kind: Rule - services: - - name: api@internal - kind: TraefikService - middlewares: - - name: traefik-auth-dashboard - namespace: traefik - tls: - secretName: test-ssl-secret - - namespace: traefik - apiVersion: v1 - kind: Service - definition: - metadata: - name: traefik-service - namespace: traefik - spec: - type: LoadBalancer - externalIPs: - - "{{ kubernetes_load_balancer_public_ip }}" - ports: - - protocol: TCP - port: 443 - targetPort: websecure - name: websecure - - protocol: TCP - targetPort: web - port: 80 - name: web - selector: - app: traefik - - - -# for github - -management_user_list: - - name: stephanegratias - shell: '/bin/bash' - authorized_keys: - - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" - exclusive: yes - sudo: - hosts: ALL - as: ALL - commands: ALL - nopasswd: ALL \ No newline at end of file diff --git a/hosts b/hosts index 6f595f4..89507ad 100644 --- a/hosts +++ b/hosts @@ -17,6 +17,14 @@ ovh01 ansible_host=5.135.181.11 ansible_user=stephane control worker -[vagrant] -v1 ansible_host=192.168.121.2 ansible_user=vagrant ansible_ssh_pass=vagrant -v2 ansible_host=192.168.121.240 ansible_user=vagrant ansible_ssh_pass=vagrant \ No newline at end of file +[docker_swarm_manager] +v1 ansible_host=192.168.121.68 ansible_user=vagrant ansible_ssh_pass=vagrant +ovh01 ansible_host=5.135.181.11 ansible_user=stephane + +[docker_swarm_worker] +v2 ansible_host=192.168.121.128 ansible_user=vagrant ansible_ssh_pass=vagrant +scale01 ansible_host=163.172.209.36 ansible_user=stephane + +[vagrant:children] +docker_swarm_manager +docker_swarm_worker \ No newline at end of file diff --git a/paused.conf b/paused.conf new file mode 100644 index 0000000..db40108 --- /dev/null +++ b/paused.conf @@ -0,0 +1,14 @@ + +# resume information +resume-index = 69 +seed = 12653686914129623649 +rate = 100 +shard = 1/1 +nocapture = servername + + +adapter-ip = 172.29.219.224 +# TARGET SELECTION (IP, PORTS, EXCLUDES) +ports = 443 +range = 163.172.80.0/24 + diff --git a/portainer-agent-stack.yml b/portainer-agent-stack.yml new file mode 100644 index 0000000..c75860c --- /dev/null +++ b/portainer-agent-stack.yml @@ -0,0 +1,39 @@ +version: '3.2' + +services: + agent: + image: portainer/agent:2.19.5 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + networks: + - agent_network + deploy: + mode: global + placement: + constraints: [node.platform.os == linux] + + portainer: + image: portainer/portainer-ce:2.19.5 + command: -H tcp://tasks.agent:9001 --tlsskipverify + ports: + - "9443:9443" + - "9000:9000" + - "8000:8000" + volumes: + - portainer_data:/data + networks: + - agent_network + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + +networks: + agent_network: + driver: overlay + attachable: true + +volumes: + portainer_data: diff --git a/portainer-traefik-agent.yml b/portainer-traefik-agent.yml new file mode 100644 index 0000000..724a3cf --- /dev/null +++ b/portainer-traefik-agent.yml @@ -0,0 +1,91 @@ +version: '3.2' + +services: + traefik: + image: "traefik:latest" + command: + - --entrypoints.web.address=:80 + - --entryPoints.web.forwardedHeaders.insecure=true + - --entrypoints.websecure.address=:443 + - --providers.docker=true + - --providers.swarm=true + - --providers.docker.exposedbydefault=false + - --providers.docker.network=public + - --api=true + - --api.dashboard=true + - --api.insecure=true + - --log.level=INFO + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + labels: + - "traefik.http.routers.dashboard.rule=Host(`traefik.test.com`)" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.services.dashboard.loadbalancer.server.port=8080" + ports: + - target: 80 + published: 80 + mode: host + - target: 443 + published: 443 + mode: host + networks: + - public + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + + agent: + image: portainer/agent:latest + environment: + # REQUIRED: Should be equal to the service name prefixed by "tasks." when + # deployed inside an overlay network + AGENT_CLUSTER_ADDR: tasks.agent + # AGENT_PORT: 9001 + # LOG_LEVEL: debug + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + networks: + - agent_network + deploy: + mode: global + placement: + constraints: [node.platform.os == linux] + + portainer: + image: portainer/portainer-ce:latest + command: -H tcp://tasks.agent:9001 --tlsskipverify + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - data:/data + - /etc/localtime:/etc/localtime + networks: + - public + - agent_network + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer.rule=Host(`portainer.test.com`)" + - "traefik.http.routers.portainer.entrypoints=web" + - "traefik.http.routers.portainer.service=portainer" + - "traefik.http.services.portainer.loadbalancer.server.port=9000" + # Edge + - "traefik.http.routers.edge.rule=Host(`edge.test.com`)" + - "traefik.http.routers.edge.entrypoints=web" + - "traefik.http.services.edge.loadbalancer.server.port=8000" + - "traefik.http.routers.edge.service=edge" + +networks: + public: + external: true + agent_network: + external: true + attachable: true +volumes: + data: \ No newline at end of file diff --git a/roles/.gitignore b/roles/.gitignore index d3f2dc6..114af7f 100644 --- a/roles/.gitignore +++ b/roles/.gitignore @@ -45,4 +45,5 @@ robertdebock.update ansible-role-labocbz-install-grafana cloudalchemy.grafana CTL-Fed-Security.ansible-grafana -thomasjpfan.docker-swarm \ No newline at end of file +thomasjpfan.docker-swarm +asg1612.dockerswarm \ No newline at end of file diff --git a/roles/requirements.yml b/roles/requirements.yml index 6edebe4..2fb1f8e 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -7,44 +7,45 @@ # DOCKER - src: geerlingguy.docker # CONTAINERD -- src: geerlingguy.containerd -# KUBERNETES -- src: git+https://github.com/garutilorenzo/ansible-role-linux-kubernetes.git -- src: geerlingguy.kubernetes +# - src: geerlingguy.containerd +# # KUBERNETES +# - src: git+https://github.com/garutilorenzo/ansible-role-linux-kubernetes.git +# - src: geerlingguy.kubernetes # PIP - src: geerlingguy.pip +- src: asg1612.dockerswarm # SYSTEM -- src: tumf.systemd-service -# SSH client side -# PACKAGE -- src: GROG.package -# IPTABLES -- src: geerlingguy.firewall -# LOG ROTATE -- src: nickhammond.logrotate -- src: ome.logrotate -# FAIL2BAN -- src: robertdebock.fail2ban -# BACKUP -- src: ome.rsync_server -- src: ome.selinux_utils -# HELM -- src: geerlingguy.helm +# - src: tumf.systemd-service +# # SSH client side +# # PACKAGE +# - src: GROG.package +# # IPTABLES +# - src: geerlingguy.firewall +# # LOG ROTATE +# - src: nickhammond.logrotate +# - src: ome.logrotate +# # FAIL2BAN +# - src: robertdebock.fail2ban +# # BACKUP +# - src: ome.rsync_server +# - src: ome.selinux_utils +# # HELM +# - src: geerlingguy.helm -## SETUP -- src: buluma.lynis -- src: maxlareo.rkhunter -- src: maxlareo.chkrootkit -- src: robertdebock.auditd -- src: robertdebock.update -# - src: buluma.auditd -# version: v1.0.10 -# - src: jnv.unattended-upgrades -# - src: dominion_solutions.netbird - # version: 0.1.6 -- name: ansible_unattended_upgrades - src: git+https://gitlab.epfl.ch/ansible-sti-roles/ansible-unattended-upgrades.git -- name: ansible-role-labocbz-install-grafana - src: git+https://gitlab.com/cbz-d-velop/public-ansible/ansible-role-labocbz-install-grafana.git -- src: thomasjpfan.docker-swarm \ No newline at end of file +# ## SETUP +# - src: buluma.lynis +# - src: maxlareo.rkhunter +# - src: maxlareo.chkrootkit +# - src: robertdebock.auditd +# - src: robertdebock.update +# # - src: buluma.auditd +# # version: v1.0.10 +# # - src: jnv.unattended-upgrades +# # - src: dominion_solutions.netbird +# # version: 0.1.6 +# - name: ansible_unattended_upgrades +# src: git+https://gitlab.epfl.ch/ansible-sti-roles/ansible-unattended-upgrades.git +# - name: ansible-role-labocbz-install-grafana +# src: git+https://gitlab.com/cbz-d-velop/public-ansible/ansible-role-labocbz-install-grafana.git +# - src: thomasjpfan.docker-swarm \ No newline at end of file diff --git a/scan.yml b/scan.yml index 1335fa1..f3b717c 100644 --- a/scan.yml +++ b/scan.yml @@ -1,11 +1,21 @@ --- - name: Scan - hosts: tower + hosts: localhost become: true gather_facts: false vars: + + user: staffadmin + token: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 35343365393734313034383961616333633265623037303436653739613935366666373237366562 + 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 + 30313631343534643866383336623837363433303032376264373139306464313866313034663636 + 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 + 37653135666331633532653436656461396131623736353962643632316135633562346631313036 + 6137356332636431643830666461333862613835336631333037 # 163.172.0.0/24 - target_network: 163.172.83.0/24 + target_network: 163.172.80.0/28 ansible_user: stephane ansible_password: stephane ansible_become_password: stephane @@ -26,38 +36,36 @@ pre_tasks: + - ansible.builtin.git: - repo: https://github.com/danielmiessler/SecLists.git - dest: "{{ playbook_dir }}/SecLists" + repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + dest: "{{ playbook_dir }}/scan" single_branch: yes force: true delegate_to: localhost + + # - ansible.builtin.git: + # repo: https://github.com/danielmiessler/SecLists.git + # dest: "{{ playbook_dir }}/SecLists" + # single_branch: yes + # force: true + # delegate_to: localhost + # apt install masscan - ansible.builtin.command: - cmd: "masscan {{ target_network }} -p443 --rate=100000" + cmd: "masscan {{ target_network }} -p443" become: true register: scan_output delegate_to: localhost - # # - name: Simple A record (IPV4 address) lookup for example.com - # # ansible.builtin.debug: - # # msg: "{{ lookup('community.general.dig', 'example.com.')}}" - - # - debug: - # msg: "{{ item.split('on')[-1].strip() }}" - # loop: "{{ scan_output.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # tags: test - - - # - debug: - # msg: "{{ item }}" - # loop: "{{ scan_output.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # tags: test + - debug: + msg: "{{ item }}" + loop: "{{ scan_output.stdout_lines }}" + # - "{{ cert.not_after }}" + # - "{{ ansible_date_time.iso8601_basic }}" + tags: test + delegate_to: localhost - name: Get a cert from an https por community.crypto.get_certificate: @@ -70,12 +78,21 @@ register: cert tags: test +# item.subject.CN + - debug: + msg: "{{ item.item.split('on')[-1].strip() }}" + loop: "{{ cert.results }}" + # - "{{ cert.not_after }}" + # - "{{ ansible_date_time.iso8601_basic }}" + tags: test + delegate_to: localhost + # apt install masscan - ansible.builtin.command: - cmd: "ffuf -w SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u https://{{ item.split('on')[-1].strip() }}/FUZZ -s" + cmd: " dirsearch -u https://{{ item.item.split('on')[-1].strip() }} -i 200 -t 100" become: true - loop: "{{ scan_output.stdout_lines }}" + loop: "{{ cert.results }}" ignore_errors: true register: fuff delegate_to: localhost @@ -88,7 +105,10 @@ # # loop: "{{ scan443.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" + + # tags: test + - debug: msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}" @@ -99,19 +119,40 @@ # - "{{ ansible_date_time.iso8601_basic }}" tags: test ignore_errors: true - + delegate_to: localhost - debug: - msg: " host: {{ item.cmd }} ||||||| chemin : {{ item.stdout_lines }}" + msg: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" loop: "{{ fuff.results }}" - # when: item.subject is defined + # when: item.stdout_lines is search('200 -') # loop: "{{ scan443.stdout_lines }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test ignore_errors: true + delegate_to: localhost + - name: Copy a "sudoers" file on the remote machine for editing + ansible.builtin.copy: + src: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" + dest: "{{ playbook_dir }}/scan/{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1].split('/')[-2] }}" + remote_src: yes + loop: "{{ fuff.results }}" + delegate_to: localhost + + + - name: Push backup to git + ansible.builtin.shell: | + git config user.email "stephane.gratiasquiquandon@gmail.com" + git config user.name "staffadmin" + git add . + git commit -m "Push scan with access token" + git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + args: + chdir: "{{ playbook_dir }}/scan/" + run_once: true + delegate_to: localhost # https://github.com/danielmiessler/SecLists.git diff --git a/swarm.yml b/swarm.yml index a36b244..95510b7 100644 --- a/swarm.yml +++ b/swarm.yml @@ -1,8 +1,11 @@ --- - name: Swarm - hosts: testswarm + hosts: control become: true +# +# corentinth/it-tools:latest => dinguerie +# # apt-get install sshpass @@ -48,8 +51,6 @@ # - { role: thomasjpfan.docker-swarm, tags: pip } - tasks: - # # touch /etc/docker/daemon.json # - ansible.builtin.include_role: # name: softing.swarm.softing_swarm_server @@ -59,31 +60,40 @@ # swarm_server_ca_domain: "{{ domain }}" # swarm_server_ca_folder: "/resources/swarm" - - ansible.builtin.include_role: - name: softing.swarm.softing_swarm_certs - apply: - become: false - delegate_to: "localhost" - run_once: true - vars: - swarm_certs_domain: "swarm.domain.com" - swarm_certs_folder: "{{ playbook_dir }}/resources/swarm" - swarm_certs_nodes: - - ip: 192.168.50.4 - hostname: manager - domain: domain.com - - ip: 192.168.50.40 - hostname: worker1 - domain: domain.com - - ip: 192.168.50.44 - hostname: worker2 - domain: domain.com - - ansible.builtin.include_role: - name: softing.swarm.softing_swarm_initialize - public: yes - vars: - swarm_master_ip: 192.168.50.4 + + roles: + - { role: geerlingguy.pip, tags: pip } + - { role: geerlingguy.docker, tags: docker } + - { role: asg1612.dockerswarm, tags: swarm } + + tasks: + + # - ansible.builtin.include_role: + # name: softing.swarm.softing_swarm_certs + # apply: + # become: false + # delegate_to: "localhost" + # run_once: true + # vars: + # swarm_certs_domain: "swarm.domain.com" + # swarm_certs_folder: "{{ playbook_dir }}/resources/swarm" + # swarm_certs_nodes: + # - ip: 192.168.50.4 + # hostname: manager + # domain: domain.com + # - ip: 192.168.50.40 + # hostname: worker1 + # domain: domain.com + # - ip: 192.168.50.44 + # hostname: worker2 + # domain: domain.com + + # - ansible.builtin.include_role: + # name: softing.swarm.softing_swarm_initialize + # public: yes + # vars: + # swarm_master_ip: 192.168.50.4 # - ansible.builtin.include_role: # name: "softing_swarm_worker"