Move inventory in dedicated folder/folder (can be separatly versioned with GIT)

.gitignore

@@ -1,6 +1,5 @@
-group_vars/all/vault.yml
-host_vars/*.wirebrass.fr*
 roles/geerlingguy.*
-inventory_wirebrass.yml
 .vault-password
 *.retry
+inventory*
+!inventory_template*

inventory_template/group_vars/all/all.yml

@@ -0,0 +1,30 @@
+---
+# Sudo users on all servers
+sudo_users:
+  - user01
+
+# Hash of default password to use when a user is created
+default_user_password: "{{ vault_default_user_password }}"
+
+# Map users' public key
+public_key:
+  user01: "{{ vault_public_key_user01 }}"
+
+# Default DNS resolvers to use (here it's FDN and LDN)
+resolvers:
+  - 2001:910:800::40
+  - 80.67.169.12
+  - 2001:913::8
+  - 80.67.188.188
+
+# Domain to use in the DNS "search" resolver field
+main_domain: example.org
+
+# Certbot admin Email address
+certbot_admin_email: admin@example.org
+
+# Admin email (for system notification)
+system_admin_email: admin@example.org
+
+# Munin server SSH pubkey
+public_key_munin_user_host: "{{ vault_public_key_munin_user_host }}"

inventory_template/group_vars/all/vault.yml

@@ -0,0 +1,184 @@
+$ANSIBLE_VAULT;1.1;AES256
+31376164633339623639323037393935346461373466636661336665623038303631333237383362
+3331353461396235623661636336303038646462643264350a623938323535323865333132616433
+63623533643266643263316666613461643862633139303761316437656338333261376262323930
+3963643836303763380a333661656536353533643663336434323433316264663132353434663739
+64346464636231623930616436383262633230326363333033353733333464663466653637633866
+36333730313863306436316365396139636634623361303339393066623739353038663561353035
+39353361316636346533323235386239396364326338393035323930356165663338633338613032
+65323531346431346464636165373037663964656635356533393066666438646235306361613537
+38613231616162333563363366356638373333623339623564356262626639656338303266346234
+65363162363431623564626330653562353261313365346331633164326238633861336262653430
+61393430633630336265353663363938636664333039316632616530306362386538653662316437
+65656635323263366363636361333565666330383965353434323134383033356433383236396533
+61393435623436346264616261636336363062663436343762313130383233616365623232343263
+64356431326432666334333462373637313930653032353266376663616364646262616235363563
+66313138316464653861343366653736376636663461316137306333386637666237333839653035
+38646637373035326266353738323934343635613935333966363962353966396239393734316264
+32363531663461633036316165363439363032313466313730376566383630663837383131326539
+34376636643834316362323236313062326363376230333338303962386433353862613933373466
+32303032666332333834346262313436633235653437393632373131363435626636353333336331
+63616565306435623533333366303336626132393738623239333265373634633531326534636665
+35333864656638356666313263363337306336363563393961393663386461376665306566306536
+37343433356466623035653637316234643263613230663763666561336162643363626663333130
+36303263626462393065633439613731393665653930376263356234623762343661326563313765
+63623066316666303335346364653436663761306565653931373138343762656432373837323364
+63336431666537336265373432323938336336303530616537303638623465666438353436613531
+35383462353263383839353237313464396465643130363435636533376239616132383636333838
+31386630346137356363353433613131376161336539313164363033666136313466646530373565
+31313732333330663836386262653463333433373637396265383431666563313866316463326363
+65613630633662393134396663353864323761393637633336656537613239623061363033393237
+63643538663162396630356333343161343839626665313563666161313831336337303965643833
+65386236333864396334326633353938306238356630316162653633643762343232303631313235
+39626336393737386231356535656337663030333861663735373538353363613361616632366164
+36386561303561353439626535326132663435353930383832363939343336373738313231326437
+36346666613563623862303531653063386337653766666361316664343334333465633661356138
+34653232333662636431343465663932313236326435313535653961383236353366383831383464
+36363836306233363936356261656436633331643130383830613035353361376536353462623863
+64373664353539303238646135656633633037353763663330373031613062313131333735346337
+33653161656437343831613439353561386265656461636535336430323166386462656533366336
+66393066396534643534336138616233613561343164333861356138643663633934313036306363
+64336466646661313365373966626234313132383732303934303933386261633164663530633830
+39376637386132376637316662373231636430336264383466336336636339666434353266303637
+33356633366432323137663732393637343561663236643334633366333865383663353766376635
+61343266613136643631383235303432376333383134306632373264306235633337316563393738
+35336561333364303065653965616137333465613466383138353033626232626366363065333430
+32333039613362333361653739656430326165623438356166316538363466653638626535343832
+32323931316635376162383565353539303737643461313131663962633233373736346433376362
+34646366393936633231396265376233393834373832646639333233646461333733656163346661
+37323865343739386464303265633064626531346130363735363036303333383234663237373730
+63393262336265386561663230383236616235343935356563323565333936353134333033336163
+64623038656531613339666131306431623561386638343361363464333664646463626131633136
+34646665633538333566666665353730633139343566653532303138303861323538323164646366
+39383166353238353861656338303962633832383835663666373061633864376661353931323161
+64383530623033613261366666303335363830363331316566333666643430653033363433616261
+37633831313731356131656438356462366138313766303835386262626338346532613564383735
+32353662393235366535373734636535316661666162656665646635303364386664353165343538
+66353833373038636161623238343434346362363038343361616330346334613835626337316533
+38383231313136633238613537343837656236663834646262343963376663336637386164356263
+35306166653666323236333131336437343835653332613263363238383336633836323037366138
+34663933373661396531393361316435346234646561313039393263323065353233653032356266
+35363338366536663364313038353039343164343330363037663832373731303538396336363434
+39363031613766656433393666663565316135323966353236663966376463303636393430613438
+65616238616230623331316631346336326361383436393735346338336235303130646433633166
+66376537393062656462373738373332373637656534373034643134356634613732373435366135
+38333265346161303261323233396165643962326333633236636661353830323939396538353035
+31343838353939646263353466373738353133326639663638346164633661366531386539633632
+61313766323864653034383062346135353937643261393331666266323339626663303064623135
+38623665363231623436636465333666393138656664383132353961633236383431343832636338
+33616134646531363832653630613033366231386661376437346635363464623065616336353065
+34363337653735376164653839646339626330393036393163613434626435353538363961626366
+34363534653335336339316237326636646233346563333736373335636639623762613865656539
+64643738343032306636383833383566616538316235313033633737613633333563313634666536
+61373733646532643532363466663937353361613830613530346164643438333839353163646364
+61363930363431626365653830356165396535336638623337383364633163323436363338353034
+65383264633430386435383830623964663864653734313238643836633062306138383062346466
+33626265636333663438346161383865623231646166653434373332343933323032373033386338
+37636366643761666437376363653235303537306531383333386365653363303938313530316435
+61643966616164346136313433646231336239323437313931323734386531373231633336633736
+34616237313131653466336230333039613630346366663664396234343238353166613937653663
+63633839393232396435653263663137376436616235616435313462323138613961663866393363
+38323863383962323163383965653532646164366135373737376165633666313736323731323334
+32633564613865326562643037633966366238346235326661393262376165313535623632643464
+37303866636666363230306334306163366630326666383161663032333966316138613835653866
+31303162306233613664363039303864303862653863333337336263666437646166313935383064
+39313635613130656638666462373437393830653264356461653263396565306331633161616133
+37633033626538333564626263396632643739663334633966326437356639653264616461323133
+37613732633030353839366232366364633963396131386339383563643964343865616136353166
+37323564386633353262313634323636383633663361363231393861396137346134663963326538
+38373039363039336231613734623430616637653735313462323539376135663362303564353963
+39633831613138393336653234326133643733306138306331623139376362616332316561643032
+37303133316436343137656164636539343731646164323661646564666133373837633639343063
+39326665646264623465653137323739633938383239333437613266643930346435633361303338
+61393639393630323963646533383465303161373665646464613033633235393764316635376230
+65643564613065333966386339653336353035663938383436613361616331653032623539386631
+61636466343764636262323466656364323730363034336163616434646633326335396664643235
+34376637386364616437643166336466313963646366326237616164633361623763396564363837
+30306239356330663338356464333837336364386130663462616139323265316261393438626536
+61326465646233396431643661376336316661323732643036616637643439383631633137656533
+63633338316339616235393862313961303038386532363565633830663030376330653237636634
+37653231316434636364653738326536303135656535656332366632386264356132653066303232
+36353831336563386235343839643039316366643361333966613532623730383865373836386165
+66353638623534373162366430326334363961333833336633346563353065626537636165306434
+30313764313765393630333639353635313735323361613362343065643035316338396561333230
+35386133396666613533636635653331613163313432363739373964636565306433646262383463
+38653731633636326136316666666532316436656462343364393034373835343064656339616636
+64316631316135653462343561333835383961323636363035313039643230336464333230646366
+39326261616137623837313738663564363138336134333961326136656139636130373832333534
+64333734613434323837313339336231623038663661613863376538623963366639633166353563
+39393232633936656563616361666562303566303565323736383333616432646564656562323031
+64313634663034633737383137656332393937323236393666386633356335613164343064313030
+38656132633263323630333062316139633130333230623861633438643430616236666364376330
+35316564313037613934323832633532303632326239653364633663366330323437626562656565
+65626334646162613432363363653839373536633361306231383430656563316361343537303161
+33343431633438396234643532346265663831323335313334616332626432303761616235346239
+39396235343035326265303836653665313034613565333430656165343466336365366163383961
+63616233643137616232666462666131366136376164393334396437303138323130666634613461
+35313430643565356564653538383733393361326565343761386633333062636365616137343533
+62363265323166303937396332353931333364643239303132643830633463323135303731346233
+33363136393665666337353964383833626436386639363338306131353963386564333266353530
+64626235303863313034646330316466303233653637353831353465383333303363356138353732
+33343631613830636136306637646233633931636665383136363066306262323561656335663666
+63616431313265396264363936333861666631616231336638633437623865383866383666313232
+36316231633830303864316438353232306534376263303035383166363165343961646139326331
+36626538313935616433326264396364636637316138643432656239353635393962393839663033
+64303830376562633134653936336666633836376361303662643437316265353636356565313031
+30343336323330316135343064663362363162363131306663326261316538343464303039333134
+66326535643064303936666263653866353562626661666438393738346234656338623832626631
+65373965616662326533633265346166393132383634303731346465303563363533636336366130
+33386662353238633962626630373534353865353963343837326233326464343839666163663865
+36373439393039383538323634653833353563383134343534613137383030666338313736306531
+61326365373931656236313234656435366133633837393464386465396430383132613132383064
+39656230323937393936383066396430613635373532386333323436623638623339326437636436
+30306461306262653130356365623230623061656466313032303531643262626330613239633031
+33373235656639323835313261386636663064316133383266316334383234666230643637393364
+31663134373030636138633037383933663766373765306164323862656565613765643032613966
+36623135336564373830353661653533323835303539643735346263643761343436636464336132
+61313330316533333335346637653965653463353038306634313530613265383733663661353436
+36663537373132333662653330306237376331373835663434326531376132663937326633636334
+32313464376165336165613634353638383436613663666163366438303235383063666137326236
+64346264633462633536663338656331643132356164393530343736363131306332363039393566
+33326634393437666633646231343464666135333161343164356435646137303465633363396538
+34626430663164646133633262643030343166323737326266313537383835643161313932306461
+39373462363963396162666665643731626361626632663236383435623430666162633365393034
+66656536376662306361623765303134393961633962663539663633346135643664313938306334
+63363230653331656634636137303064393466383437306265613862343966666439396466313539
+30326363396234643131373531363465346465386564663030356530333838663464383531353662
+63633166663130363164373133373161343136323165643533643437393836333164326339663764
+63333036643330653036613436383036346666653836653035303261366636666630336233363233
+65373433323937613362303062313063666561386163623761353062363238633431323763356165
+38666337366633623039333939613266376132303665626131366437323131323966376535386435
+32386563303932666330653566346439383062613539386338616436613265346238643037646236
+61386166663666333537313066663030613339343331656335373039653132373039356565323164
+63646436366666646137353237383536383266383030346162656534613465363362316231633666
+66313536393765353132313831393864636232303962303930636630376566383039663962383037
+37383664316638366633653761313164316365363632643564336461396136616334333731623838
+36326462343439623861393638303864623836343632373862613937333363643363363637323036
+39386464356439306637633864373236333862663433343333333437393732633436323662343863
+63346236646435663433316432653363313463343932396131326435386134393465623231383833
+61623131333965633762653166306634363538616639353364656132376261343633363030366661
+31386234336137656531306664616366656435386532303433323039626436346332306461613766
+37613535313539633835383231656265393532613531333764613033363135383361616339373431
+62303935343534346232333663386161323331393363356633386462623432613533343639613133
+39613530363061343031353130623665343935653536373533336533366264323365316462326664
+31386562323730646634346366333833303032623434323861346533373737303735326463356635
+35386231313130303032313037373665383261636237313638663336633664326631643239626563
+34653566613461343930383833643762363032666661623761633066376237333665343263303461
+34616261356330386231663062373962356131336664353838353233626234633366653639373331
+39356637643435663366306163306165613633613738356538646531646231626631396266626230
+65386337663062323032343964313639646236376261373839626437353230623835633631333338
+30653933373565323635306164633731366161653432663166373732643434613937663533643261
+33306432653330663266356366393739353638386266633535616161613534373835626638333333
+34313730613430616364383235633135363836663930373963306338383366626435376361383661
+37656464613263663264386135343632323539653539633538626439653563303133346332656265
+36626136303139393164656163663739353232363032653464373062636537366161303362393139
+35373430316538653336306264626432616261313266383532616532663039366638356532666266
+33623938643838633631646665656438393961343339663261343833623862376331363664386364
+31376162393861646230663664313862643835663538356233616439323766376133323061623438
+39313866343863636330333634383562653265326339333062616135343965333863663332343635
+65626465323036363662363432616436393038646263316230383938303634313862613637333735
+38616662626461316436386534303330343139393830303636396539313834313266356663326130
+30333333383033393064336632316634353164383230323636636463353561663031663732346466
+38376533663162316364663066643039333663663765666336333066346236656434313338386438
+39666463633035616437336335363362663934326437373666336132623930333130363565393164
+623866336361303837333132353364373661

roles/openvpn_server/files/down.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+# Copyright (c) 2006-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# Contributed by Roy Marples (uberlord@gentoo.org)
+
+# If we have a service specific script, run this now
+if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
+	/etc/openvpn/"${SVCNAME}"-down.sh "$@"
+fi
+
+# Restore resolv.conf to how it was
+if [ "${PEER_DNS}" != "no" ]; then
+	if [ -x /sbin/resolvconf ] ; then
+		/sbin/resolvconf -d "${dev}"
+	elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then
+		# Important that we copy instead of move incase resolv.conf is
+		# a symlink and not an actual file
+		cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
+		rm -f /etc/resolv.conf-"${dev}".sv
+	fi
+fi
+
+if [ -n "${SVCNAME}" ]; then
+	# Re-enter the init script to start any dependant services
+	if /etc/init.d/"${SVCNAME}" --quiet status ; then
+		export IN_BACKGROUND=true
+		/etc/init.d/"${SVCNAME}" --quiet stop
+	fi
+fi
+
+exit 0
+
+# vim: ts=4 :

roles/openvpn_server/files/up.sh

@@ -0,0 +1,100 @@
+#!/bin/sh
+# Copyright (c) 2006-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# Contributed by Roy Marples (uberlord@gentoo.org)
+
+# Setup our resolv.conf
+# Vitally important that we use the domain entry in resolv.conf so we
+# can setup the nameservers are for the domain ONLY in resolvconf if
+# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc.
+# nscd/libc users will get the VPN nameservers before their other ones
+# and will use the first one that responds - maybe the LAN ones?
+# non resolvconf users just the the VPN resolv.conf
+
+# FIXME:- if we have >1 domain, then we have to use search :/
+# We need to add a flag to resolvconf to say
+# "these nameservers should only be used for the listed search domains
+#  if other global nameservers are present on other interfaces"
+# This however, will break compatibility with Debians resolvconf
+# A possible workaround would be to just list multiple domain lines
+# and try and let resolvconf handle it
+
+min_route() {
+	local n=1
+	local m
+	local r
+
+	eval m="\$route_metric_$n"
+	while [ -n "${m}" ]; do
+		if [ -z "$r" ] || [ "$r" -gt "$m" ]; then
+			r="$m"
+		fi
+		n="$(($n+1))"
+		eval m="\$route_metric_$n"
+	done
+
+	echo "$r"
+}
+
+if [ "${PEER_DNS}" != "no" ]; then
+	NS=
+	DOMAIN=
+	SEARCH=
+	i=1
+	while true ; do
+		eval opt=\$foreign_option_${i}
+		[ -z "${opt}" ] && break
+		if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
+			if [ -z "${DOMAIN}" ] ; then
+				DOMAIN="${opt#dhcp-option DOMAIN *}"
+			else
+				SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
+			fi
+		elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
+			NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
+		fi
+		i=$((${i} + 1))
+	done
+
+	if [ -n "${NS}" ] ; then
+		DNS="# Generated by openvpn for interface ${dev}\n"
+		if [ -n "${SEARCH}" ] ; then
+			DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
+		elif [ -n "${DOMAIN}" ]; then
+			DNS="${DNS}domain ${DOMAIN}\n"
+		fi
+		DNS="${DNS}${NS}"
+		if [ -x /sbin/resolvconf ] ; then
+			metric="$(min_route)"
+			printf "${DNS}" | /sbin/resolvconf -a "${dev}" ${metric:+-m ${metric}}
+		else
+			# Preserve the existing resolv.conf
+			if [ -e /etc/resolv.conf ] ; then
+				cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
+			fi
+			printf "${DNS}" > /etc/resolv.conf
+			chmod 644 /etc/resolv.conf
+		fi
+	fi
+fi
+
+# Below section is Gentoo specific
+# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
+# as we could have >1 openvpn service
+
+if [ -n "${SVCNAME}" ]; then
+	# If we have a service specific script, run this now
+	if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then
+		/etc/openvpn/"${SVCNAME}"-up.sh "$@"
+	fi
+
+	# Re-enter the init script to start any dependant services
+	if ! /etc/init.d/"${SVCNAME}" --quiet status ; then
+		export IN_BACKGROUND=true
+		/etc/init.d/${SVCNAME} --quiet start
+	fi
+fi
+
+exit 0
+
+# vim: ts=4 :

roles/openvpn_server/templates/host_ccd

@@ -0,0 +1,5 @@
+# IPv4
+ifconfig-push {{ ccd_ipv4 }} {{ ccd_network }}
+
+# IPv6
+ifconfig-ipv6-push {{ ccd_ipv6_with_prefix }}