diff --git a/production/hosts b/production/hosts index 1c2296c..7815756 100644 --- a/production/hosts +++ b/production/hosts @@ -17,7 +17,6 @@ borg_client edelgard.dmz.mateu.be [borg_client] -n0box2.mateu.be baybay-ponay.mateu.be borg_backup_path="['/home', '/etc']" borg_backup_excluded_path="['/home/.snapshots']" borg_backup_hour=19 borg_backup_minute=30 bt.dmz.mateu.be borg_backup_path="['/etc', '/var/lib/transmission-daemon']" web1.dmz.mateu.be @@ -35,7 +34,6 @@ nut_client edelgard.dmz.mateu.be [nut_client] -n0box2.mateu.be claude.dmz.mateu.be dimitri.dmz.mateu.be edelgard.dmz.mateu.be diff --git a/roles/borg-client/templates/borgbackup.sh.j2 b/roles/borg-client/templates/borgbackup.sh.j2 index ae92c22..e17e1eb 100644 --- a/roles/borg-client/templates/borgbackup.sh.j2 +++ b/roles/borg-client/templates/borgbackup.sh.j2 @@ -10,11 +10,3 @@ borg create --exclude-caches {% for f in borg_backup_excluded_path %}-e {{ f }} ## récupération de l'espace borg prune -d 7 -w 4 -m 3 backup@{{ hostvars[groups['borg_server'][0]]['ansible_fqdn'] }}:home -{% if inventory_hostname == 'n0box2.mateu.be' %} -## la sauvegarde mais chez Holaf -borg create -s ssh://mortal@holaf.duckdns.org:22222/home/mortal/repos/n0box2.mateu.be/home::{now:%Y-%m-%d} /etc /home /srv - -## la sauvegarde mais chez Holaf -borg prune -d 7 -w 4 -m 3 ssh://mortal@holaf.duckdns.org:22222/home/mortal/repos/n0box2.mateu.be/home - -{% endif %} diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2 index 2863a5f..dc825db 100644 --- a/roles/firewall/templates/firewall.j2 +++ b/roles/firewall/templates/firewall.j2 @@ -81,77 +81,6 @@ config rule option target 'ACCEPT' option family 'ipv6' -## Traffic for n0box2 server -#config rule -# option name 'n0box2-TS-com+com2' -# option src 'wan' -# option proto 'tcp' -# option dest 'lan' -# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}' -# option dest_port '10011 30033' -# option target 'ACCEPT' -# option family 'ipv6' - -#config rule -# option name 'n0box2-TS-signal' -# option src 'wan' -# option proto 'udp' -# option dest 'lan' -# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}' -# option dest_port '9987' -# option target 'ACCEPT' -# option family 'ipv6' - -#config rule -# option name 'n0box2-mumble' -# option src 'wan' -# option proto 'tcpudp' -# option dest 'lan' -# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}' -# option dest_port '64738' -# option target 'ACCEPT' -# option family 'ipv6' - -#config redirect -# option name 'n0box2-TS-com' -# option src 'wan' -# option src_dport '10011' -# option proto 'tcp' -# option dest 'lan' -# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}' -# option dest_port '10011' -# option target 'DNAT' - -#config redirect -# option name 'n0box2-TS-com2' -# option src 'wan' -# option src_dport '30033' -# option proto 'tcp' -# option dest 'lan' -# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}' -# option dest_port '30033' -# option target 'DNAT' - -#config redirect -# option name 'n0box2-TS-signal' -# option src 'wan' -# option src_dport '9987' -# option proto 'udp' -# option dest 'lan' -# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}' -# option dest_port '9987' -# option target 'DNAT' - -#config redirect -# option name 'n0box2-mumble' -# option src 'wan' -# option src_dport '64738' -# option proto 'tcpudp' -# option dest 'lan' -# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}' -# option dest_port '64738' -# option target 'DNAT' - ### DMZ Rules ## General Rules # ICMP @@ -228,28 +157,6 @@ config rule option target 'ACCEPT' option family 'ipv6' -# a supprimer le prochain coup -# Allow traffic to n0box2 -config rule - option name 'Allow-OUTPUT-to-n0box2' - option src 'dmz' - option proto 'tcpudp' - option dest 'lan' - option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}' - option dest_port '25 26 80 443 465 587 143 993' - option target 'ACCEPT' - option family 'ipv4' - -config rule - option name 'Allow-OUTPUT-to-n0box2' - option src 'dmz' - option proto 'tcpudp' - option dest 'lan' - option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}' - option dest_port '25 26 80 443 465 587 143 993' - option target 'ACCEPT' - option family 'ipv6' - ## Specific rules # Allow IPv4 Web traffic IN config redirect diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index fd950b6..85d3367 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -49,7 +49,6 @@ frontend http {% endfor %} {% endfor %} - use_backend http_default frontend https mode tcp @@ -62,10 +61,9 @@ frontend https ## {{ hostname }} configuration acl host_{{ hostname }} req.ssl_sni -i {{ hostname }} use_backend https_{{ server }} if host_{{ hostname }} + {% endfor %} {% endfor %} - use_backend https_default - {% for server in groups['webservers'] %} ## {{ server }} configuration @@ -79,14 +77,6 @@ backend https_{{ server }} {% endfor %} -backend http_default - mode http - server host_n0box2 {{ lookup('dig', 'n0box2.mateu.be.', 'qtype=AAAA') }}:80 - -backend https_default - mode tcp - server host_n0box2 {{ lookup('dig', 'n0box2.mateu.be.', 'qtype=AAAA') }}:443 - ## Stats listen stats bind *:8080 diff --git a/system.yml b/system.yml index ab28a09..c625f3d 100644 --- a/system.yml +++ b/system.yml @@ -1,4 +1,4 @@ -- hosts: all:!baybay-ponay.mateu.be:!n0box2.mateu.be:!machinbox.mateu.be +- hosts: all:!baybay-ponay.mateu.be:!machinbox.mateu.be roles: - system - x509