catgrl/ansible
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Big commit

Browse source
This commit is contained in:
chapeau 2025-07-07 22:33:27 +02:00
parent bab59d1602
commit 13b5d357b2
20 changed files with 278 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
all.yml
View file

@ -76,6 +76,10 @@
roles:
- { role: vaultwarden, tags: vaultwarden }
- hosts: bookshelf
roles:
- { role: bookshelf, tags: bookshelf }
- hosts: webmail
roles:
- { role: roundcube, tags: roundcube }

BIN
filter_plugins/__pycache__/catgrl_filters.cpython-311.pyc
View file

Binary file not shown.

BIN
filter_plugins/__pycache__/catgrl_filters.cpython-313.pyc Normal file
View file

Binary file not shown.

2
group_vars/all.yml
View file

@ -15,7 +15,7 @@ tsig_secret: !vault |
3035303566313166630a663231373163323039343865646339343962626234656238356530363938
39326330353066376232623564333062336161333666393664646464353231323733656431366637
3563616366316165393463343662373862306238313237633437
certbot_dns_server: 10.90.30.101
certbot_dns_server: 10.90.10.101
ldap_base_dn: dc=catgrl,dc=org

2
group_vars/backend-mail.yml
View file

@ -12,7 +12,7 @@ postfix:
62613132366164386138
dovecot:
master: mail.metz.intra.catgrl.org
master: mail.britaliope.intra.catgrl.org
database_user: dovecot_aliases
database_password: !vault |
$ANSIBLE_VAULT;1.1;AES256

36
group_vars/bookshelf.yml Normal file
View file

@ -0,0 +1,36 @@
bookshelf_app_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
35616465646435353233633534383965613034623863623934323433383230633364666533373764
6334383564623266386264373066383137376138323834310a333163616363373234316432356436
31316661326639306266396262306332313139376632623363633531343161623935306331623437
6363386230396366390a613239663363383866616536376333386433646636316431313534333965
35323131636366633636353062333935663863656362653364323032386665313962383038383563
37656662656665353132656238303736313564316237616432376433316163343730356266333561
663437316265643163363163636433663766
bookshelf_mariadb_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
39643263663162343064653439333430316263376466643063616564306666323835636537373763
3733313338643737623936366462393963386230336361350a613230363832356562373466643336
30636438656663666361623962363136356638643638326566393838313731636136613034643766
3663303464303239390a313435373531643261333031376163393030383533326438363534616636
30393063333635393565326365663632663839373061313766396637666166666665666364623538
3462366333393564653031633430636266393165343638333465
bookshelf_oidc_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
39323330626638666132663061393933373531383130613431313433643736356335316366336133
6636386465626365663462303530346536376437376637360a333165323633383862396463633430
33303039376665643239303435323334363263343230393763373363303637653137373037313334
3432333164663137360a393965656333663336636163626231323734313264383933663763613532
61323932636466393164353130636631363630306638303633643438303535306663333866306238
3930656565613030613432323063396461306635376434356138
mariadb_root_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
61663237326531643361386233363538656139376136326266353239663638316263653364343931
6537626361353337303164656136323566333235643735640a643431323738303339663338386239
36313632303161383831306162343935383930376530363462396631373466373464373739313662
6261343732323830300a393935366533386332383761666135646432393534343830313665336532
66333430633438316132383036313862343664613537356331663762643366663065633662633932
3263656466356565326136643530303736303638613966376362

6
group_vars/dns.yml
View file

@ -1,4 +1,4 @@
soa: dns.metz.intra.catgrl.org.
soa: dns.britaliope.intra.catgrl.org.
dns_mail: me.chapoline.me
master: 10.90.30.100
@ -18,5 +18,5 @@ reverse_list:
- name: "10.90.30"
records: []
mail_master: mail.metz.intra.catgrl.org.
mail_slave: mail.britaliope.intra.catgrl.org.
mail_master: mail.britaliope.intra.catgrl.org.
mail_slave: mail.metz.intra.catgrl.org.

3
group_vars/dns_ext.yml
View file

@ -55,6 +55,9 @@ zone_list:
- name: graph
ip: catgrl.org.
type: CNAME
- name: bookshelf
ip: catgrl.org.
type: CNAME
- name: mx1
ip: 31.220.79.204

20
group_vars/ilb.yml
View file

@ -3,7 +3,8 @@ haproxy_services:
port: 5432
protocol: tcp
primaries: "{{ groups['postgres'] | locals(inventory_hostname) }}"
secondaries: "{{ groups['postgres'] | remotes(inventory_hostname) }}"
# secondaries: "{{ groups['postgres'] | remotes(inventory_hostname) }}"
secondaries: []
- name: postgresql-master-priority
port: 5433
@ -11,31 +12,34 @@ haproxy_services:
protocol: tcp
primaries:
- "{{ postgres_master }}"
secondaries: ['pg.metz.intra.catgrl.org']
# secondaries: ['pg.metz.intra.catgrl.org']
secondaries: []
- name: ldap
port: 389
protocol: tcp
primaries: "{{ groups['ldap'] | locals(inventory_hostname) }}"
secondaries: "{{ groups['ldap'] | remotes(inventory_hostname) }}"
# secondaries: "{{ groups['ldap'] | remotes(inventory_hostname) }}"
secondaries: []
- name: pmg
port: 26
protocol: tcp
primaries: "{{ groups['pmg'] | locals(inventory_hostname) }}"
secondaries: "{{ groups['pmg'] | remotes(inventory_hostname) }}"
# secondaries: "{{ groups['pmg'] | remotes(inventory_hostname) }}"
secondaries: []
- name: imap
port: 993
protocol: tcp
primaries:
- mail.metz.intra.catgrl.org
secondaries:
- mail.britaliope.intra.catgrl.org
secondaries: []
# - mail.metz.intra.catgrl.org
- name: submission
port: 465
protocol: tcp
primaries:
- mail.metz.intra.catgrl.org
secondaries:
- mail.britaliope.intra.catgrl.org
secondaries: []
# - mail.metz.intra.catgrl.org

2
group_vars/pmg.yml
View file

@ -1,5 +1,5 @@
pmg:
master: pmg3.metz.intra.catgrl.org
master: pmg2.britaliope.intra.catgrl.org
root_password: !vault |
$ANSIBLE_VAULT;1.1;AES256

2
group_vars/postgres.yml
View file

@ -2,7 +2,7 @@ postgres:
version: 15
master: "{{ postgres_master }}"
replicas:
- pg.metz.intra.catgrl.org
- pg.britaliope.intra.catgrl.org
replication_user: replicator
replication_password: !vault |
$ANSIBLE_VAULT;1.1;AES256

22
group_vars/rp.yml
View file

@ -7,7 +7,7 @@ nginx:
backends:
- name: web
primaries: "{{ groups['website'] | locals(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
secondaries: "{{ groups['website'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
# secondaries: "{{ groups['website'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
location:
- route: "/"
# upstream: http://backend/
@ -20,7 +20,7 @@ nginx:
backends:
- name: sso
primaries: "{{ groups['sso'] | locals(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
secondaries: "{{ groups['sso'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
# secondaries: "{{ groups['sso'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
location:
- route: "/"
dest: "proxy_pass http://sso/"
@ -32,7 +32,7 @@ nginx:
backends:
- name: webmail
primaries: "{{ groups['webmail'] | locals(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
secondaries: "{{ groups['webmail'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
# secondaries: "{{ groups['webmail'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':80') }}"
location:
- route: "/"
dest: "proxy_pass http://webmail/"
@ -47,7 +47,7 @@ nginx:
# secondaries: []
location:
- route: "/"
upstream: "{{ hostvars['git.metz.intra.catgrl.org'].ansible_host }}:8000"
upstream: "{{ hostvars['git.britaliope.intra.catgrl.org'].ansible_host }}:8000"
dest: "proxy_pass http://$upstream"
- name: vault.catgrl.org
@ -57,11 +57,23 @@ nginx:
backends:
- name: vault
primaries: "{{ groups['vault'] | locals(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':8000') }}"
secondaries: "{{ groups['vault'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':8000') }}"
# secondaries: "{{ groups['vault'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':8000') }}"
location:
- route: "/"
dest: "proxy_pass http://vault/"
- name: bookshelf.catgrl.org
alias: [ ]
ssl: true
redirect: true
backends:
- name: bookshelf
primaries: "{{ groups['bookshelf'] | locals(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':8000') }}"
# secondaries: "{{ groups['bookshelf'] | remotes(inventory_hostname) | gethostvars(hostvars) | map(attribute='ansible_host') | append(':8000') }}"
location:
- route: "/"
dest: "proxy_pass http://bookshelf/"
# - name: "autoconfig.*"
# alias: [ ]
# ssl: true

8
group_vars/vps.yml
View file

@ -29,15 +29,15 @@ haproxy_services:
port: 465
protocol: tcp
primaries:
- mail.metz.intra.catgrl.org
secondaries:
- mail.britaliope.intra.catgrl.org
secondaries:
- mail.metz.intra.catgrl.org
- name: smtp
port: 25
protocol: tcp
primaries:
- pmg3.metz.intra.catgrl.org
secondaries:
- pmg2.britaliope.intra.catgrl.org
secondaries:
- pmg3.metz.intra.catgrl.org
send_proxy: True

8
group_vars/wireguard.yml
View file

@ -18,10 +18,10 @@ peers:
ip: 10.90.200.10
subnet: 10.90.10.0/24
- name: gw.metz.intra.catgrl.org
public_key: ncfaH+5ZXSkgNi6ukVw5E3Y5NLynZpSsSmtVLElEWWc=
ip: 10.90.200.30
subnet: 10.90.30.0/24
# - name: gw.metz.intra.catgrl.org
# public_key: ncfaH+5ZXSkgNi6ukVw5E3Y5NLynZpSsSmtVLElEWWc=
# ip: 10.90.200.30
# subnet: 10.90.30.0/24
standalone:
- name: backup.faercol.intra.catgrl.org

197
inventory.yml
View file

@ -10,10 +10,10 @@ vps:
# front1.faimaison.catgrl.org:
# ansible_host:
vars:
# The order is important!
dns_servers:
# The order is important!
- 10.90.10.100
- 10.90.30.100
# - 10.90.30.100
- 1.1.1.1
britaliope:
@ -28,12 +28,17 @@ britaliope:
ansible_host: 10.90.10.3
sso.britaliope.intra.catgrl.org:
ansible_host: 10.90.10.4
git.britaliope.intra.catgrl.org:
ansible_host: 10.90.10.5
pmg2.britaliope.intra.catgrl.org:
ansible_host: 10.90.10.6
vault.britaliope.intra.catgrl.org:
ansible_host: 10.90.10.7
webmail.britaliope.intra.catgrl.org:
ansible_host: 10.90.10.8
bookshelf.britaliope.intra.catgrl.org:
ansible_host: 10.90.10.9
ansible_user: root
dns.britaliope.intra.catgrl.org:
ansible_host: 10.90.10.100
dns-ext.britaliope.intra.catgrl.org:
@ -52,7 +57,7 @@ britaliope:
# The order is important!
dns_servers:
- 10.90.10.100
- 10.90.30.100
# - 10.90.30.100
- 1.1.1.1
local_ilb: ilb.britaliope.intra.catgrl.org
local_ldap: ldap.britaliope.intra.catgrl.org
@ -60,57 +65,56 @@ britaliope:
local_monitoring: prom.britaliope.intra.catgrl.org
zone: britaliope
metz:
hosts:
gw.metz.intra.catgrl.org:
ansible_host: 10.90.30.254
rp.metz.intra.catgrl.org:
ansible_host: 10.90.30.1
web.metz.intra.catgrl.org:
ansible_host: 10.90.30.2
mail.metz.intra.catgrl.org:
ansible_host: 10.90.30.3
ansible_user: root
sso.metz.intra.catgrl.org:
ansible_host: 10.90.30.4
git.metz.intra.catgrl.org:
ansible_host: 10.90.30.5
pmg3.metz.intra.catgrl.org:
ansible_host: 10.90.30.6
vault.metz.intra.catgrl.org:
ansible_host: 10.90.30.7
webmail.metz.intra.catgrl.org:
ansible_host: 10.90.30.8
dns.metz.intra.catgrl.org:
ansible_host: 10.90.30.100
dns-ext.metz.intra.catgrl.org:
ansible_host: 10.90.30.101
pg.metz.intra.catgrl.org:
ansible_host: 10.90.30.102
ldap.metz.intra.catgrl.org:
ansible_host: 10.90.30.103
ilb.metz.intra.catgrl.org:
ansible_host: 10.90.30.104
prom.metz.intra.catgrl.org:
ansible_host: 10.90.30.105
vars:
# The order is important!
dns_servers:
- 10.90.30.100
- 10.90.10.100
- 1.1.1.1
local_ilb: ilb.metz.intra.catgrl.org
local_ldap: ldap.metz.intra.catgrl.org
local_alias: web.metz.intra.catgrl.org
local_monitoring: prom.metz.intra.catgrl.org
zone: metz
# metz:
# hosts:
# gw.metz.intra.catgrl.org:
# ansible_host: 10.90.30.254
# rp.metz.intra.catgrl.org:
# ansible_host: 10.90.30.1
# web.metz.intra.catgrl.org:
# ansible_host: 10.90.30.2
# mail.metz.intra.catgrl.org:
# ansible_host: 10.90.30.3
# sso.metz.intra.catgrl.org:
# ansible_host: 10.90.30.4
# git.metz.intra.catgrl.org:
# ansible_host: 10.90.30.5
# pmg3.metz.intra.catgrl.org:
# ansible_host: 10.90.30.6
# vault.metz.intra.catgrl.org:
# ansible_host: 10.90.30.7
# webmail.metz.intra.catgrl.org:
# ansible_host: 10.90.30.8
# dns.metz.intra.catgrl.org:
# ansible_host: 10.90.30.100
# dns-ext.metz.intra.catgrl.org:
# ansible_host: 10.90.30.101
# pg.metz.intra.catgrl.org:
# ansible_host: 10.90.30.102
# ldap.metz.intra.catgrl.org:
# ansible_host: 10.90.30.103
# ilb.metz.intra.catgrl.org:
# ansible_host: 10.90.30.104
# prom.metz.intra.catgrl.org:
# ansible_host: 10.90.30.105
# vars:
# # The order is important!
# dns_servers:
# - 10.90.30.100
# - 10.90.10.100
# - 1.1.1.1
# local_ilb: ilb.metz.intra.catgrl.org
# local_ldap: ldap.metz.intra.catgrl.org
# local_alias: web.metz.intra.catgrl.org
# local_monitoring: prom.metz.intra.catgrl.org
# zone: metz
wg:
hosts:
gw.britaliope.wg.intra.catgrl.org:
ansible_host: 10.90.200.10
gw.metz.wg.intra.catgrl.org:
ansible_host: 10.90.200.30
# gw.metz.wg.intra.catgrl.org:
# ansible_host: 10.90.200.30
front1.contabo.wg.intra.catgrl.org:
ansible_host: 10.90.200.120
backup.faercol.wg.intra.catgrl.org:
@ -128,85 +132,88 @@ backup:
zone: faercol
metz-hw:
hosts:
nya.metz.intra.catgrl.org:
ansible_host: 10.90.0.1
abanatae.metz.catgrl.org:
ansible_host: 193.48.225.90
vars:
# The order is important!
dns_servers:
- 10.90.10.100
- 10.90.30.100
- 1.1.1.1
zone: metz
# metz-hw:
# hosts:
# nya.metz.intra.catgrl.org:
# ansible_host: 10.90.0.1
# abanatae.metz.catgrl.org:
# ansible_host: 193.48.225.90
# vars:
# # The order is important!
# dns_servers:
# - 10.90.10.100
# - 10.90.30.100
# - 1.1.1.1
# zone: metz
lxc:
children:
britaliope:
metz:
# metz:
backup:
vars:
ansible_ssh_common_args: '-J front1.contabo.catgrl.org'
# ansible_ssh_common_args: '-J front1.contabo.catgrl.org'
ansible_ssh_common_args: '-J 31.220.79.204'
managed:
children:
vps:
lxc:
backup:
metz-hw:
# metz-hw:
ilb:
hosts:
ilb.britaliope.intra.catgrl.org:
ilb.metz.intra.catgrl.org:
# ilb.metz.intra.catgrl.org:
docker:
hosts:
ldap.britaliope.intra.catgrl.org:
ldap.metz.intra.catgrl.org:
git.metz.intra.catgrl.org:
# ldap.metz.intra.catgrl.org:
git.britaliope.intra.catgrl.org:
# git.metz.intra.catgrl.org:
vault.britaliope.intra.catgrl.org:
vault.metz.intra.catgrl.org:
# vault.metz.intra.catgrl.org:
bookshelf.britaliope.intra.catgrl.org:
wireguard:
hosts:
front1.contabo.catgrl.org:
gw.britaliope.intra.catgrl.org:
gw.metz.intra.catgrl.org:
# gw.metz.intra.catgrl.org:
backup.faercol.wg.intra.catgrl.org:
dns:
hosts:
dns.britaliope.intra.catgrl.org:
is_master: False
dns.metz.intra.catgrl.org:
is_master: True
# dns.metz.intra.catgrl.org:
# is_master: False
dns_ext:
hosts:
dns-ext.britaliope.intra.catgrl.org:
is_master: False
dns-ext.metz.intra.catgrl.org:
is_master: True
# dns-ext.metz.intra.catgrl.org:
# is_master: False
rp:
hosts:
rp.britaliope.intra.catgrl.org:
rp.metz.intra.catgrl.org:
# rp.metz.intra.catgrl.org:
website:
hosts:
web.britaliope.intra.catgrl.org:
web.metz.intra.catgrl.org:
# web.metz.intra.catgrl.org:
acme:
children:
rp:
hosts:
rp.britaliope.intra.catgrl.org:
rp.metz.intra.catgrl.org:
# rp.metz.intra.catgrl.org:
vars:
acme:
- acme_domain: catgrl.org
@ -231,10 +238,13 @@ acme:
- acme_domain: webmail.catgrl.org
acme_alias: []
renewal_hook: systemctl restart nginx
- acme_domain: bookshelf.catgrl.org
acme_alias: []
renewal_hook: systemctl restart nginx
mail:
hosts:
mail.britaliope.intra.catgrl.org:
mail.metz.intra.catgrl.org:
# mail.metz.intra.catgrl.org:
vars:
acme:
- acme_domain: imap.catgrl.org
@ -246,49 +256,54 @@ acme:
postgres:
hosts:
pg.britaliope.intra.catgrl.org:
is_master: False
pg.metz.intra.catgrl.org:
is_master: True
# pg.metz.intra.catgrl.org:
# is_master: False
ldap:
hosts:
ldap.britaliope.intra.catgrl.org:
ldap.metz.intra.catgrl.org:
# ldap.metz.intra.catgrl.org:
sso:
hosts:
sso.britaliope.intra.catgrl.org:
sso.metz.intra.catgrl.org:
# sso.metz.intra.catgrl.org:
forgejo:
hosts:
git.metz.intra.catgrl.org:
git.britaliope.intra.catgrl.org:
# git.metz.intra.catgrl.org:
backend-mail:
hosts:
mail.britaliope.intra.catgrl.org:
is_master: False
mail.metz.intra.catgrl.org:
is_master: True
# mail.metz.intra.catgrl.org:
# is_master: False
pmg:
hosts:
pmg2.britaliope.intra.catgrl.org:
is_master: False
pmg3.metz.intra.catgrl.org:
is_master: False
is_master: True
# pmg3.metz.intra.catgrl.org:
# is_master: False
vault:
hosts:
vault.britaliope.intra.catgrl.org:
vault.metz.intra.catgrl.org:
# vault.metz.intra.catgrl.org:
webmail:
hosts:
webmail.britaliope.intra.catgrl.org:
webmail.metz.intra.catgrl.org:
# webmail.metz.intra.catgrl.org:
monitoring:
hosts:
prom.britaliope.intra.catgrl.org:
prom.metz.intra.catgrl.org:
# prom.metz.intra.catgrl.org:
bookshelf:
hosts:
bookshelf.britaliope.intra.catgrl.org:

5
roles/bookshelf/handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
- name: Stop docker compose
community.docker.docker_compose_v2:
project_src: /var/local/docker/bookshelf
state: stopped
become: true

32
roles/bookshelf/tasks/main.yml Normal file
View file

@ -0,0 +1,32 @@
- name: Create docker directory
file:
path: /var/local/docker/bookshelf
state: directory
owner: 2000
group: 2000
mode: 0755
become: true
- name: Deploy docker-compose.yml
template:
src: docker-compose.yml.j2
dest: /var/local/docker/bookshelf/docker-compose.yml
owner: 2000
group: 2000
mode: 0600
become: true
notify: Stop docker compose
- name: Pull docker images
community.docker.docker_compose_v2_pull:
project_src: /var/local/docker/bookshelf
become: true
- name: Stop docker compose if needed
meta: flush_handlers
- name: Start docker compose
community.docker.docker_compose_v2:
project_src: /var/local/docker/bookshelf
state: present
become: true

45
roles/bookshelf/templates/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,45 @@
services:
bookstack:
image: lscr.io/linuxserver/bookstack:version-v25.05
container_name: bookstack
environment:
- PUID=2000
- PGID=2000
- TZ=Europe/Paris
- APP_URL=https://bookshelf.catgrl.org
- APP_KEY={{ bookshelf_app_key }}
- DB_HOST=mariadb
- DB_PORT=3306
- DB_DATABASE=bookstack
- DB_USERNAME=bookstack
- DB_PASSWORD={{ bookshelf_mariadb_password }}
- AUTH_METHOD=oidc
- AUTH_AUTO_INITIATE=false
- OIDC_NAME=LemonLDAP
- OIDC_DISPLAY_NAME_CLAIMS=name
- OIDC_CLIENT_ID=bookshelf
- OIDC_CLIENT_SECRET={{ bookshelf_oidc_secret }}
- OIDC_ISSUER=https://auth.catgrl.org
- OIDC_END_SESSION_ENDPOINT=false
- OIDC_FETCH_AVATAR=false
- OIDC_ISSUER_DISCOVER=true
volumes:
- ./bookstack_app_data:/config
ports:
- 8000:80
restart: unless-stopped
mariadb:
image: lscr.io/linuxserver/mariadb:11.4.4
container_name: mariadb
environment:
- PUID=2000
- PGID=2000
- TZ=Etc/UTC
- MYSQL_ROOT_PASSWORD={{ mariadb_root_password }}
- MYSQL_DATABASE=bookstack
- MYSQL_USER=bookstack
- MYSQL_PASSWORD={{ bookshelf_mariadb_password }}
volumes:
- ./bookstack_db_data:/config
restart: unless-stopped

4
roles/nftables/templates/nftables.conf.j2
View file

@ -60,8 +60,8 @@ table inet filter {
chain prerouting {
type nat hook prerouting priority 0
ip saddr != @local_subnets udp dport 53 dnat to {{ hostvars['dns-ext.metz.intra.catgrl.org'].ansible_host }}:53
ip saddr != @local_subnets tcp dport 2222 dnat to {{ hostvars['git.metz.intra.catgrl.org'].ansible_host }}:222
ip saddr != @local_subnets udp dport 53 dnat to {{ hostvars['dns-ext.britaliope.intra.catgrl.org'].ansible_host }}:53
ip saddr != @local_subnets tcp dport 2222 dnat to {{ hostvars['git.britaliope.intra.catgrl.org'].ansible_host }}:222
}
chain postrouting {

1
shell.nix
View file

@ -13,6 +13,7 @@ pkgs.mkShell {
name = "Ansible catgrl";
packages = with pkgs; [
(python3.withPackages python-packages)
bash
];
ANSIBLE_FORCE_COLOR = true;