Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • dimail/dimail-infra
1 result
Show changes
Commits on Source (3)
Showing
with 29 additions and 92 deletions
......@@ -7,7 +7,19 @@
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
- test
- lint
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
ansible-lint:
stage: lint
allow_failure: true
image:
name: nixos/nix
entrypoint: [""]
script:
- cd tools/nix
- nix --extra-experimental-features nix-command --extra-experimental-features flakes develop --command bash -c "cd ../../40_ansible/; ansible-lint"
---
- name: Create api first admin
- name: Create api first admin
run_once: true
ansible.builtin.uri:
url: https://api.{{ host_domain.name }}/users/
url: https://api.{{ host_domain.name }}/users/
method: POST
body:
name: "{{ api_password[env_name].user }}"
......@@ -13,10 +13,10 @@
body_format: json
user: panpan_est_le_plus_beau
password: coincoin_est_un_serieux_concurrent
register: api_admin_result
register: api_admin_result
failed_when: api_admin_result.status not in [201, 403]
changed_when: api_admin_result.status == 201
until: api_admin_result.status in [201, 403]
until: api_admin_result.status in [201, 403]
retries: 4
delay: 3
tags: [api,apiadmin]
tags: [api, apiadmin]
......@@ -79,7 +79,7 @@
- name: Show others for api
ansible.builtin.debug:
msg: "{{ [ api_password ] | map('compute_api_others', platforms, env_name) | first | to_json }}"
msg: "{{ [api_password] | map('compute_api_others', platforms, env_name) | first | to_json }}"
tags: [never, api]
- name: Install api container
......@@ -111,7 +111,7 @@
DIMAIL_REMOTE_CONFIG: "{{ ['something'] | map('compute_api_hosts', hostvars) | first }}"
DIMAIL_TECH_DOMAIN: "{{ tech_domain.name }}"
DIMAIL_MYSELF: "{{ env_name }}"
DIMAIL_OTHERS: "{{ [ api_password ] | map('compute_api_others', platforms, env_name) | first | to_json }}"
DIMAIL_OTHERS: "{{ [api_password] | map('compute_api_others', platforms, env_name) | first | to_json }}"
DIMAIL_LOG: "normal"
publish:
- "8000:8000"
......
......@@ -7,4 +7,3 @@
group: root
mode: u=rx,g=rx,o=rx
tags: [api]
......@@ -67,7 +67,7 @@
name: hash the postfix certs map
weekday: 1
hour: 8
minute: 10
minute: 10
job: /usr/sbin/postmap -o -F /opt/certs/config/postfix/certs-api; /usr/sbin/service postfix reload
cron_file: postmap-api-certs
user: root
......
......@@ -16,5 +16,3 @@
- "'webfront' in groups and groups['webfront'] | length > 0"
when: "'api_server' in groups and groups['api_server'] | length > 0"
tags: [check, check_env]
---
- name: Effectue le checkup complet pour la variable `{{ var.name }}`
tags: [ check, check_vars ]
tags: [check, check_vars]
when: var.when | default(true)
block:
- name: Récupère le chemin de définition de schema de la variable `{{ var.name }}`
......
......@@ -16,7 +16,7 @@
loop_control:
loop_var: var
label: "Variable {{ var.name }}"
tags: [ check, check_vars, always ]
tags: [check, check_vars, always]
- name: Vérifie les variables OIDC/Keycloak si nécessaire
ansible.builtin.include_tasks: ./check_var.yml
......@@ -26,7 +26,7 @@
loop_control:
loop_var: var
label: "Variable {{ var.name }}"
tags: [ check, check_vars, always ]
tags: [check, check_vars, always]
when: "'keycloak' in groups and groups['keycloak'] | length > 0"
- name: Vérifie les variables rclone pour les sauvegardes S3
......@@ -41,9 +41,10 @@
loop_control:
loop_var: var
label: "Variable {{ var.name }}"
tags: [ check, check_vars, always ]
tags: [check, check_vars, always]
- name: Vérifie les credentials de l'API
tags: [check, check_vars, always]
block:
- name: "Vérifie la présence des credentials API pour l'environnement '{{ env_name }}'"
ansible.builtin.assert:
......@@ -52,4 +53,3 @@
- "api_password[env_name].user is defined"
- "api_password[env_name].password is defined"
fail_msg: "Les credentials de l'API pour '{{ env_name }}' ne sont pas sont incorrectement définis dans api_password !"
tags: [ check, check_vars, always ]
......@@ -12,7 +12,7 @@
register: cyberwatch_user
tags: [cyberwatch, run_cyberwatch]
- name: Show the user
- name: Show the user # noqa: no-handler
ansible.builtin.debug:
msg: "{{ cyberwatch_user }}"
tags: [cyberwatch, run_cyberwatch, never]
......
......@@ -39,4 +39,4 @@
- { name: "Exécution des scripts Cyberwatch",
job: "cd /home/cyberwatch/scripts/ && bash /home/cyberwatch/scripts/run_cyberwatch.sh;" }
- { name: "Nettoyage des vieilles archives des scripts Cyberwatch",
job: 'find . -type f -name "{{ archive_name_prefix }}*" -mtime +120 -exec rm {} +' }
\ No newline at end of file
job: 'find . -type f -name "{{ archive_name_prefix }}*" -mtime +120 -exec rm {} +' }
......@@ -3,6 +3,7 @@
ansible.builtin.command:
cmd: "/home/cyberwatch/scripts/run_cyberwatch.sh"
chdir: "/home/cyberwatch/scripts/"
changed_when: true
tags: [never, run_cyberwatch]
- name: Cherche les archives à récupérer
......
......@@ -177,5 +177,3 @@
name: postsrsd
state: restarted
enabled: true
......@@ -23,5 +23,3 @@
notify:
- Restart dovecot
tags: [imap]
......@@ -82,57 +82,6 @@
update_query: "ALTER TABLE users ADD COLUMN proxy CHAR(1) NOT NULL DEFAULT 'N'"
tags: [imap, imapdb]
# - name: Compute the proxy domains informations # noqa fqcn[action-core]
# set_fact:
# proxies:
# domain: "{{ mail_domains | selectattr('proxy', 'defined') | map(attribute='name') | map('regex_replace', '(.*)', \"'\\1\") }}"
# host: "{{ mail_domains | selectattr('proxy', 'defined') | map(attribute='proxy') | map(attribute='host') | map('regex_replace', '(.*)', \"'\\1\") }}"
# master: "{{ mail_domains | selectattr('proxy', 'defined') | map(attribute='proxy') | map(attribute='master') | map('regex_replace', '(.*)', \"'\\1\") }}"
# pass: "{{ mail_domains | selectattr('proxy', 'defined') | map(attribute='proxy') | map(attribute='pass') | map('regex_replace', '(.*)', \"'\\1\") }}"
# count: "{{ mail_domains | selectattr('proxy', 'defined') | map(attribute='name') | length }}"
# tags: [imap, imapdb]
#
# - name: Compute the proxy domains query for cleaning # noqa fqcn[action-core]
# set_fact:
# proxy_sql_clean:
# - name: delete domain proxies we don't need anymore
# need_query: "select count(*) > 0 as update_needed from domain_proxy where domain not in ({{ proxies.domain | join(',') }})"
# update_query: "delete from domain_proxy where domain not in ({{ proxies.domain | join(',') }})"
# when: proxies.count|int > 0
# tags: [imap, imapdb]
#
# - name: Compute the proxy domains query for cleaning # noqa fqcn[action-core]
# set_fact:
# proxy_sql_clean:
# - name: delete all domain proxies as we don't need anyone
# need_query: "select count(*) > 0 as update_needed from domain_proxy"
# update_query: "delete from domain_proxy"
# when: proxies.count|int == 0
# tags: [imap, imapdb]
#
# - name: Empty the proxy_domain_queries # noqa fqcn[action-core]
# set_fact:
# proxy_sql_insert_or_update: []
# tags: [imap, imapdb]
#
# - name: Build the proxy domains queries # noqa fqcn[action-core]
# set_fact:
# proxy_sql_insert_or_update: "{{ proxy_sql_insert_or_update + [{
# 'name': 'ensure domain ' + proxies.domain[idx] + ' proxy configuration',
# 'need_query': 'SELECT count(*)=0 as update_needed FROM domain_proxy WHERE domain=' +
# proxies.domain[idx] + ' AND host=' + proxies.host[idx] + ' AND master=' +
# proxies.master[idx] + ' AND pass=' + proxies.pass[idx],
# 'update_query': 'INSERT INTO domain_proxy (domain, host, master, pass) VALUES (' +
# proxies.domain[idx] + ',' + proxies.host[idx] + ',' + proxies.master[idx] + ',' +
# proxies.pass[idx] + ') ON DUPLICATE KEY UPDATE host=' + proxies.host[idx] + ', master=' +
# proxies.master[idx] + ', pass=' + proxies.pass[idx]
# }] }}"
# loop: "{{ proxies.domain }}"
# loop_control:
# loop_var: better_than_empty
# index_var: idx
# tags: [imap, imapdb]
#
- name: Create table 'domain_proxy' in 'dovecot' database
ansible.builtin.include_role:
name: setup_db_table
......
......@@ -9,6 +9,7 @@
- name: Ensure /home/keycloak/keycloak.keystore is available
ansible.builtin.stat:
path: /home/keycloak/keycloak.keystore
become: true
become_user: keycloak
register: keystore_file
tags: [keycloak]
......
......@@ -8,4 +8,3 @@
group: root
notify: Restart amavis
tags: [spam]
......@@ -5,5 +5,3 @@
groups: amavis
append: true
tags: [spam]
......@@ -7,17 +7,3 @@
- clamav.yml
- amavis.yml
tags: [spam]
#- name: Copy the nagios service config file
# run_once: true
# ansible.builtin.template:
# src: nagios_smtp.cfg.j2
# dest: /etc/nagios4/conf.d/services/smtp.cfg
# mode: u=rw,g=r,o=r
# owner: nagios
# group: nagios
# delegate_to: "{{ groups['monitor'].0 }}"
# tags: [monitor, monitorsmtp, smtp]
# notify:
# - Reload nagios
#
......@@ -7,4 +7,3 @@
- clamav-daemon
state: latest
tags: [spam]
......@@ -20,4 +20,3 @@
notify:
- Restart spamd
tags: [spam]