gwen
/
montpelliermaalsi2024
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: gwen:develop
Branches Tags
gwen:main
gwen:feature/SuperFeature_2
gwen:develop
...
pull from: gwen:main
Branches Tags
gwen:main
gwen:feature/SuperFeature_2
gwen:develop

18 Commits
develop ... main

Author SHA1 Message Date
gwen 82165a2482 concourse 3 months ago
gwen c6763a6ff8 kubernetes 3 months ago
gwen 139b039ac2 vultr 3 months ago
gwen fddb497635 concourse 4 months ago
gwen b775797383 obsidian 4 months ago
gwen 03d7b1a2f1 devsecops 5 months ago
gwen c6f68a5d3f forge 5 months ago
gwen c3c3907b5b ansible deploy docker 5 months ago
gwen 3a71e5e75b vmcreator 5 months ago
gwen e6dbf7caad ansible nginx 5 months ago
gwen e84a7da44d rabbit 1 year ago
gwen 299f508858 rag 1 year ago
gwen 1094f91871 hello world rag 1 year ago
gwen 3c01502c4f invoice templating 1 year ago
auriane geai-schmitt 2feadab0fe Ajout bricoloc 1 year ago
auriane geai-schmitt d7987cc4e7 test pipeline 1 year ago
AzeGab 171b068806 pipeline 1 year ago
gwen 5ba922845f task 1 year ago
169 changed files with 5717 additions and 96 deletions
Show Stats

16
ansible_deploy_docker/hosts.yml
Unescape Escape View File

@ -0,0 +1,16 @@
# deploy_machine:
# hosts:
# # Déploiement sur Perso VPS
# home_vps:
# ansible_connection: ssh
# ansible_host: "{{ lookup('env', 'VPS_IP') }}"
# ansible_user: "{{ lookup('env', 'VPS_USER') }}"
# ansible_ssh_private_key_file: "{{ lookup('env', 'VPS_SSH_KEY') }}"
all:
hosts:
multipass_vm:
ansible_host: 10.13.166.245
ansible_user: ubuntu
ansible_ssh_private_key_file: key/tmp_deploy
ansible_python_interpreter: /usr/bin/python3

174
ansible_deploy_docker/key/deploy
Unescape Escape View File

@ -0,0 +1,174 @@
$ANSIBLE_VAULT;1.1;AES256
30353666306461663632323630376537623465313130303233383932636565303536613264326565
3930346636366564353035306132643063383339333733330a343464376237643833356132343532
30376365333266666362326437663038373238333962643637613535613163353761306636383131
6664333964373632300a336139303964663131613133383034306464333530393836386566333930
65633661353836653235376539663034363561303465303065393263376564393363633565636664
63613564323332326232646537616135656565653331626534666434346566653530386333383438
65623731313938396463323232396333656430353938613862396561613435633038663237653461
62303433366662636263623030303731303531386230316364613431356332646232396635653731
65356363343433313739343032623866393438616433663237326430376466656661383330363931
64393839393066346664383230393361646135373135383565353665313538306334336433386538
30356164646430376161636436663561633636343139643466373638663930343936333936313065
33653939653964386137633263333439663863653761393661323561353935316634343931303966
62363536626533653365393631383965313033653161336131313739666436363962643063323934
37393932613461666535633733663861643435383935333061363034366563343130316462356537
64383433393239376433323932313736633930353031616235623734663863393932656261386235
34383862303334363138333563356464326432366330646166636564633035323830353334623562
62353733353137323837333263383834373834663132626434386166363562383431623832393233
32663430653065303161336331626132646565366537626234666565373138313438336361313635
61313537353033333332336533323563316231376137353762613632363432353938313538613363
34333732393539666238373830353066383538393135333739373065356339353335386438623831
61386564393863623832396664666430633535326165303932323231353837373065633565393836
37396164616535386632343463363738316538366564393163306132383463366263653262653662
62373461373034623063353930623633653636323634663532346634363966646662383436326561
31333333363362653766303164373038393630666263396434633434376230613362343937336536
64383961373432653237303731333836306265346632323965386535363463616532633261613736
37353839323661396163653038643162313833393638393562356365393839623634613037643433
66366336303534666433626635306336356339666331343565623164653732666562316631613038
64626334303534303061386437303233306530653032663238653463303130313133346338323335
62363161383631316535333339303663303865376331383436623166313464653332383963636538
34363131373433663436613132616635373166383632333262306462333263333839356563336536
36373739646637366430653036333363333035303063623232653735656261323231656364623934
38663532353339613733633262303139306435323132313730343739386364376562336436353161
34313331646235316365666532333666343435633064636632643031336666313834636537623930
65383138373233343134643166393532373363376433666132636430363362343531623530376666
33333062383735626533346438613762373538383137623835643635316261393364373732343232
37636430373539393366373332383164363334356331663539366365616362643338356463623338
66386633666537613539616238356238643839376661633430393738353833656238643366616363
66333161663264626564386437656665386663616437343461366235396364356631326365333030
34373435393863326232373961623937376462623264653931316265626538383462316434396532
64373835663938646162346436306563666362626361353964643239386136643762393536306130
33316434343432343933376239313238313634303435613030396434633931313264366465363063
64643733663837313034366538623466656235663239363661383836336363393238343731343465
35353730393130323161653732656561323838306435376439326464396637643331646132623838
36363363373235313830326436306237343339353931363031663866376264393437323166623866
38326461666433613834663863653566653862383762333165353337653365623633393636393966
37363132306638326265323337363939363362613162343561303866353131363937666261336265
37613530643631633065323939396236626562656366636333656538656134356538373966316139
30333764376133616165623862616136326338316133373562353235643632356239323463346666
62306635333762396534303635303336363036336639303731326565383934643136616231363038
33376436383066356534386130336262343732303737653761386261396431383131393630316630
66653764306361356563336239373031623739313064373038633939356634346263363531613733
61656634343036323633613263643262663034376132653338353230663166653134623930653236
32313462623335376364346539396538646132633231396138316537306465383634353362613363
36656634333038643837653536346365626634316361666135646637333331613134306461363861
65366635646334306331353338383364336464343437663230646239363139343963303034323434
66646565396162633762386662366334376165363265323338656431623838323930643465623139
32366661306662663834383561623961363463393863343565393931303136333932343964333736
61316430646332333034616332636334653262666232383139333363346634663064393863343131
63383365396163303662333664646164313966366137323761356237356464323963343365643935
62643366653631363836633130653632646466393636353166323433653936383437333961366435
33626232373238343936373462326363313232623633373031383834383531613938363731616161
39393330373236383631363163643630663236303334306362303636386232616239643432623866
65306463643130383661643231343838613264366235303362396464356663363538396538323364
37666136346162363338623233616666626535303134306462343831326331326432663332653239
65346662323965303638626631396266336565303332353665333564653864643832616435393265
32616464346266323439613737376362356332333031303733353866333335656633326233363331
66653764306632663834383231393838303533376437343934313539616461396537333861663035
32623638353132383362653561376335333632633363643734633633613839613638633737353336
35393538643336353763313965623931656433316166626231303233343161623838653332313639
61326138333961343439363631653931623464646336346363636636316564373931613633376633
61323436323735336664663834646637656265323732663565323733663534366639623238623464
63316535383661376536376465353738623037343931393465333265306639663032353365396165
34353866396630643661386639323430666339303332336133336438313832646236313936343634
63653364626637323135336135613666666134656462623739323861393839656330356561626334
33633337323961626437643637626134383638616637346665353963393434316237623663316130
66653632663862613334346336366138613330386232333639653436343865333938363135366130
34663830393434386331376633383836306132343562303362636533663433373039343062633635
38326261653063366435613733366534333364313063623066373934333334383335343662616339
31633837343262356131386231386538383262663734396663303532303937393766663733386334
66653664323538613361323262346437326564306634366438366438353638393963643962323730
65643262336632333466393931623035616432336466643265393633613131663336356235613562
30643536393039653962663030656462646231303830346564303839373635623534643831393964
64623436326664616539666230366465366530363362356437316165383131653037623961666235
66616463363933656139356262633232633832336132653733363436393537656137616135386265
32356264666632363233373836323236376632646161653735663134336630616461343762303334
61393362363334633532343734663232383830346534613135643134383039303635326566616632
66303238333233363738653934366636373731346363343632346563653735393033663161386663
32666132333632376136326533333964653331356262633462656630353331303733356438376563
38663736646634346637626139346530343030346137373030316136313963333863616334386531
39373937323632303736646235653430346436633930326536323037653031633238353335313135
38346463653734303334653639636530376664626164663632333265373531666162653966633430
32353265353137643962386531333532316531653634363463646530363861643239323035383533
34666364393761626237653235363332376334393664616462646166366664303330613561633839
30356336326363383064663034613833393730323932356434623131346230663539653961366436
34653564633530656235326564333039336161373537623830643932663035303737363331303265
39633137303937346566616634393330656362376366663437636365316334343839653362646265
36333934623630356463303866393030663037353465306466653230353164333765653233616664
35376436616635323032663336333134353764626430653136366264343361306438323531336436
34656266313566393430623763343230643839616434336264626332333635333933313864366161
62343761323663356463343231366164313065373863613036363433343438346561643931396432
37646234323031306336656262653363333335306535613833653232383637376632616563343932
64386135623565333964663237333038663766393930633863386566613637383939636635373937
32363232636335313866366433366264613932623832376136353264666131393130653039373935
66396432333233386538623034376138356239386566326633356338613165616133653032666133
64646333363564373531626338323737633332383666633438383562623764396464653561323662
39366266643836363536376261623833323734616630386632303633666632323131636634613030
39656561373631613036653263663937393361303036396536613632303030383730316364636331
61363438366363623961333161666263393639343363633538643266393963363064383266663432
61376132633261303634663539366136303637333233386536356130313033313666303064353963
63346336613339343533373537376165643233626339306666366238653732303538343562323762
64623261333166316366383935613965333034303832313435323065333963316133343037626432
31393534373062663130373831333839626539626166346632363761313065623932663738333662
61353437373761313131313861346331613937326530626535663937646337353565666465356530
34376162663738323035626637343566313932343038666466316334326231666364333163366333
36383632323134313564336337326530663337616262643166393238613332653730363438646166
30343636323936616661653239656235383061663961383833373239623461323939643764386261
62386634376463363866643862333437653566666262663933663565366132353132613261336631
65613364616133653231353262656634646665366361363461356336313565346138366366333632
66643836623864353265346538663362393561613838643736626363343734663361386436366330
61363132353336626132313565653935343666313835623631363833646230303465353931353061
32326530326164343031386361313139336333316666373234613066336464363661663466646138
38643830346665346261623563383065346433336338613361373430306363616264653762626462
34613862306330623731353537663565636137656663656661303035623434343436333265306462
36656164636462303937666232636664636332633431306161653435393630313462636335326437
37316334313737643464326230633333303934613534653661343532646563333630623363343863
36366139643939653763383464323630336435373931373766613261346664666165623037396265
38646633383037356234643234376338353664666163363736663761373063343637363166633938
39373364386463646232626130376435663631313464376161376566626332373933333033396132
32363434353436616564626539333535336530623764343534336138613665313762356566383861
65393737613130326564343561616435326135356666653535336538386134363664313835313163
63363964636331386463303331646264633231353662393230613932663764383761333533616665
31656261353932613331643366316537336231613432653936643365376130356438376332303738
66626631313437303064366536626436393132633430336165326266643232613538363839376133
30353334356232333762343237376137366365343632303237646332626330383663386166376431
35616233366364366233326537653438313230383736326234363138313861393334383138653831
39306665383538666237626365613966646531613966656235383161613466366337613030376261
61613031396661633932656562353733303464343239313233623339323236323332343838343531
30616165366138383933633837663765666263376539373436393966323363316365666361366661
34366361656635636566623930393335633762313863386537313064343561663437393432333038
33633338663230356638623962633833616335386361653431333966646130616436653264663261
33633434306536303964646332663863396564353865626263306132623463336364393433323939
31323730386137366339303339333839613430303631636265616632313061396461326161366235
39653338616165383665386439336134613235353162316161633661363430336439333232316466
39323364363361356133613736383338326162343164633835336139326533346534376437343835
33393464626137653532616632396432373466616630633833333935633732666362623462373434
38653430316438306138663062303836353261313265316332316533393666386138636164656165
61336364303762346334646134656665636235626436623430333733336537663033323533326635
39393162373965323566353234623538323030373964613163363262663031303935303033666437
33353861323037316437326139353164303764383538663237366264663333666134643964643033
32663538366134366630303534373963393561653036346364623261373738326366616639353836
64316265316462616461656665613331373636343865373935363035323639656437666234393738
65393231363733626665623437343631383230346433326266663035316564646436636639316232
37646336613431343438306338306463393435663039343737643062396661353435663136383061
61366130343131613264393533396538336435643737646465373461316634343864643561313530
34373733363834373564333037333266303465313963613335393862313030336265306232346138
34633064626364636165393437363431376130326261653137333264623932353466313236316135
34666637623864376531383937323833323131386461396663656533393236373232343134396263
62356262613132336263343163313362313837313833333133306364653332313332383837383462
65353463353162663935626533356162373463383065326232636634333530303638663165343533
64383266633834323462643634646562653761326164373161343339363238626337303263643336
61633034646362323330323939663539393661313832633633326165323864633134353430643237
64616639356435356533353262303066386662333162376566386564396161313865333064636565
31313934326134346663656166623966666439633262623039643034316261356639613638313765
37373562353331353139386335633161333136316634373963663932346266363865343563393338
38316431353435633130316465636336353536396637656339393737336232346338623462343336
37323963316237383464306232666332663031626363323061333732326338326264633166616563
64346165336165313865393864666435363538613865616465333533666363396137366338356235
37316638323432616665656530613563373966663961383635613634396533393261376162313633
32343366393437356130646161393638363734336637323338396437643935383831393765383037
32383032636137316139373665366134636266643732333364623066353639373165356135373339
37663032383038373762343334326662646565303361306131623337303062316566343032653835
30613631616631313665616561633634373734376536376438373765616237303536336564393561
3232

1
ansible_deploy_docker/key/deploy.pub
Unescape Escape View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCNDMlDx9dR/jzx/mBEmIrA6K7+OI7AKJ0vBqESMJ59+QqdxHbHlGtdDKX8+QTvtouasH6FgLtBvZgRuwu+bOuHOTYLevz3To/PP63mq7q5BV2VSjRaHfU9Z84q1Pd+/RpCHP14H2iyTgRnGBfn5Z8uUBuptd+P/HP1PCvxQvCA6BtZPzgmQ9xoDWkOyiqbKbaK1ai3bI8sKoRjTbYGa7nbUcFob4oofFgQAvi4qZSLTG93CdQBlVftAlsPPtSNOoZu/JQcuPlZHBUVTLPcfUtyt7meOrgoToNsWV82vdbU03ALJipkoJueSKhUZJa0XS/alE0MeKoVUtXB4zUIg8iM1OB4qAUsIUjXCc469C0LKsPxYyyw7N3/TI6I+Yxfdnpd7AVECHG9QXIv9p03TG+1QlRvOK/JIouIh/y/IJXX1L0sAT75SKThZoOAES/u0B3X8IVZMCIZ0eG0taJbbQ0uDnFlkoLtSzdVSJAR3fohnB+Axr1On2SIacEqK9JRP0M/doTuLMyp3ospWxO1VRj8jFSJH4yOhxsTMgcs2stSu/JZdpJeIzBc11cilThjOLVNOKLJWG4YjPWSkbQ7FSSzdV53tNd3DD3W156yTUv09z/1tsAA9SHhtP2L71cnmgSJiffOz+W5LcTa75WklkN7Nv0djvXcvmDJj0oXT7+Drw== matt@dell

49
ansible_deploy_docker/key/tmp_deploy
Unescape Escape View File

@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAjQzJQ8fXUf488f5gRJiKwOiu/jiOwCidLwahEjCeffkKncR2x5Rr
XQyl/PkE77aLmrB+hYC7Qb2YEbsLvmzrhzk2C3r8906Pzz+t5qu6uQVdlUo0Wh31PWfOKt
T3fv0aQhz9eB9osk4EZxgX5+WfLlAbqbXfj/xz9Twr8ULwgOgbWT84JkPcaA1pDsoqmym2
itWot2yPLCqEY022Bmu521HBaG+KKHxYEAL4uKmUi0xvdwnUAZVX7QJbDz7UjTqGbvyUHL
j5WRwVFUyz3H1Lcre5njq4KE6DbFlfNr3W1NNwCyYqZKCbnkioVGSWtF0v2pRNDHiqFVLV
weM1CIPIjNTgeKgFLCFI1wnOOvQtCyrD8WMssOzd/0yOiPmMX3Z6XewFRAhxvUFyL/adN0
xvtUJUbzivySKLiIf8vyCV19S9LAE++Uik4WaDgBEv7tAd1/CFWTAiGdHhtLWiW20NLg5x
ZZKC7Us3VUiQEd36IZwfgMa9Tp9kiGnBKivSUT9DP3aE7izMqd6LKVsTtVUY/IxUiR+Mjo
cbEzIHLNrLUrvyWXaSXiMwXNdXIpU4Yzi1TTiiyVhuGIz1kpG0OxUks3Ved7TXdww91tee
sk1L9Pc/9bbAAPUh4bT9i+9XJ5oEiYn3zs/luS3E2u+VpJZDezb9HY713L5gyY9KF0+/g6
8AAAdARTnhIEU54SAAAAAHc3NoLXJzYQAAAgEAjQzJQ8fXUf488f5gRJiKwOiu/jiOwCid
LwahEjCeffkKncR2x5RrXQyl/PkE77aLmrB+hYC7Qb2YEbsLvmzrhzk2C3r8906Pzz+t5q
u6uQVdlUo0Wh31PWfOKtT3fv0aQhz9eB9osk4EZxgX5+WfLlAbqbXfj/xz9Twr8ULwgOgb
WT84JkPcaA1pDsoqmym2itWot2yPLCqEY022Bmu521HBaG+KKHxYEAL4uKmUi0xvdwnUAZ
VX7QJbDz7UjTqGbvyUHLj5WRwVFUyz3H1Lcre5njq4KE6DbFlfNr3W1NNwCyYqZKCbnkio
VGSWtF0v2pRNDHiqFVLVweM1CIPIjNTgeKgFLCFI1wnOOvQtCyrD8WMssOzd/0yOiPmMX3
Z6XewFRAhxvUFyL/adN0xvtUJUbzivySKLiIf8vyCV19S9LAE++Uik4WaDgBEv7tAd1/CF
WTAiGdHhtLWiW20NLg5xZZKC7Us3VUiQEd36IZwfgMa9Tp9kiGnBKivSUT9DP3aE7izMqd
6LKVsTtVUY/IxUiR+MjocbEzIHLNrLUrvyWXaSXiMwXNdXIpU4Yzi1TTiiyVhuGIz1kpG0
OxUks3Ved7TXdww91teesk1L9Pc/9bbAAPUh4bT9i+9XJ5oEiYn3zs/luS3E2u+VpJZDez
b9HY713L5gyY9KF0+/g68AAAADAQABAAACABnB+/8kv215wCdxDKN6N9yCoXJLYcY1pH6x
9zgbKNZYZFfrSMWplPGpHabU0tHzxAq7sF8w4wFeXibewYZE3b4T9IqkKw3+isSOHHPDaJ
XhJPXeVzEdx2svSbcIrSnDjsgEA0WsdrIZDTTGcZcnl6oddu/HBsyEjah7FIs6bjEcMeJa
aSaTvexChqzsvlsXgv5Xhjf42yx1lzeLOXJyub4Tb/5iYBiEnJBP+pu+XCIUE0bpxI2FeE
kP5REjqC0iQuqBtYqJPP/I4RDCsRXSy7RnWL5MetThgZ6Hs5uLj2/OLOfcUGGP8ts06Yh/
1gWZ/uMrseZVIrpCJkcB9u1XI4hO5pMA8G3NvHXMZmq/lkmn9BOcIMzlKwKJ+7aru0qkUf
opECAE740djMPWiOc6dOPeuhLrty9LQCR9Gyh3Uh9dXse9T3qywlvZMK4rEx5M5f43qRt7
4Q73y4Hwj4Q3Vkf8akz+k9urqeK41jdhL93PAqFTGkYEAf4ernm5Ofi+D+LPY1+0NyhPSK
fQD0UthdArMzUy4WFdKBTV+TfX5ZsSDeoCiNma+HHydDe0r3531ySJyuzFDcT66DwsvOZC
pxVF9PTf+nCNqOFhWZ6jNKhE7zPfwSbO39ulqFkE58ALHgFpN+REDM81GOKxNNu+0J/nUi
CIDCDZkiZMTep3FrABAAABAAPq+/92o96E5/VJbntggUa+F0YKPDM+IQMDQvVsDSj6n+H2
8K6ohkE5QfAQU+daop3k7NHIT5Tkx08MG9TjIDuX9WzjFxKMrmg4cMkt3HaI34cyIewXOj
JAEumXfJ/ryfL1AyWlMJ0ZYZ02O9jixeSSDsg5S2yybxyOvQnHHkz5Y2Gyk+8PB6VC4mYI
Nx6nbnsVIaLldC1Zg2u1DJu5nhvUp08BPW7cefEry/G9NNIuo65mQtxJPefpbwiqfhnzSh
4FVio1ph9LOK3XtsT/Py7Nm4B6LvyQndPPSMBOP+dj9BZ6fGidU+smTkliRdzg+RBFDCPM
f5AimaE89q0KzGwAAAEBAMR9RLgg2F/fqhInnMKtC7cDxWZdQTq3WrQYSUHePRExjzR/IQ
ymtCWuZKkZ22KFboYyDtsTao6vn8cG1C6oyHD6ZLravob2U1hxC+4q3IvTRSe0DU3dSi/Y
bztKFOBvQqfu6wJ6r9ctHchV709tCyRgByY76d41cwVlGzbUKGLrEMK6CJHrZf9kP51Yus
vjbx19fssnSbOhNhpZ4vyb30NzxnuJAi+8EfWNF4JAIw5qqhrCR9JGVu1gSC5/CnrHNDdZ
bTVbfk39Zg8hA8npREbKL0hG9WM5Ap6dsc4H0PviNl2hUfVkAkPH96jx78yKA1hvv4RylH
G5J/YxlM9RZuEAAAEBALfFC2QunxbAtwuVAq9somYb/RhwGVJ+xw47XlxCMMc9NCC3Oc5I
mJJQFdeCCbPsXZaH/P2Q1v7+e0s8TR3ZaLoL6OYQ5HZzYEoKFRVNbU3ISDmaIKd5+Cu8vg
hYhAHIX104WjObh2N+RdEl8BacKwbMIYwQmX9NJ9vgU+0Kx9VQomWg0e9Elz3u+aPpEeCW
zLoP2DtFWWRi4/qgrBGTqmiPFg0dSsHI5KjYM0TInGor6Zlwc34O5mZ81vG68aOppfq4fQ
t6P8HQi/Gq28HyMCRSVdrbeL7xi3YeK00Z15VHBPyREMpl7EN7scbR+YA4IG05sP08luTj
3o0G6RGEjI8AAAAJbWF0dEBkZWxsAQI=
-----END OPENSSH PRIVATE KEY-----

15
ansible_deploy_docker/playbook.yml
Unescape Escape View File

@ -0,0 +1,15 @@
- name: Deploy docker image on VPS
hosts: multipass_vm
remote_user: ubuntu
gather_facts: false
become: true
become_method: sudo
vars:
ssh_private_key_file: key/deploy
roles:
- decrypt
- docker
- docker-compose
# - remove

8
ansible_deploy_docker/roles/decrypt/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,8 @@
- name: Decrypt SSH private key
copy:
src: "{{ ssh_private_key_file }}"
dest: key/tmp_deploy
decrypt: yes
mode: '0600'
delegate_to: localhost
become: false

34
ansible_deploy_docker/roles/docker-compose/tasks/install.yml
Unescape Escape View File

@ -0,0 +1,34 @@
- name: Download the latest Docker Compose binary
get_url:
url: https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64
dest: /tmp/
mode: '0755'
- name: Download the SHA256 checksum file
get_url:
url: https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64.sha256
dest: /tmp/
- name: Verify the SHA256 checksum
command: sha256sum -c /tmp/docker-compose-linux-x86_64.sha256
args:
chdir: /tmp
register: sha256_check
failed_when: sha256_check.rc != 0
- name: Move the new Docker Compose binary to /usr/bin
command: mv /tmp/docker-compose-linux-x86_64 /usr/bin/docker-compose
when: sha256_check.rc == 0
- name: Apply executable permissions to the binary
file:
path: /usr/bin/docker-compose
mode: '0755'
- name: Verify Docker Compose installation
command: docker-compose --version
register: docker_compose_version
- name: Display Docker Compose version
debug:
msg: "Docker Compose version: {{ docker_compose_version.stdout }}"

44
ansible_deploy_docker/roles/docker-compose/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,44 @@
---
- name: Install docker install
ansible.builtin.include_tasks: install.yml
- name: Create Docker Compose directory
file:
path: /opt/deploy
state: directory
mode: '0755'
- name: Synchorisation du folder
synchronize:
src: ../../../../
dest: /opt/deploy
- name: Create directory for MongoDB keys
file:
path: /opt/deploy/catalogue/mongoDb/keys
state: directory
mode: '0755'
- name: Generate MongoDB replica set key
command: openssl rand -base64 756
register: mongo_key
- name: Write MongoDB replica set key to file
copy:
content: "{{ mongo_key.stdout }}"
dest: /opt/deploy/catalogue/mongoDb/keys/mongo-replica-set.key
mode: '0600'
owner: '999'
group: '999'
- name: Log in to the private Docker registry
community.docker.docker_login:
registry: "{{ docker_registry }}"
username: "{{ docker_username }}"
password: "{{ docker_password }}"
reauthorize: yes
- name: Start Docker Compose services
ansible.builtin.shell:
cmd: docker-compose up -d
chdir: /opt/deploy

3
ansible_deploy_docker/roles/docker-compose/vars/main.yml
Unescape Escape View File

@ -0,0 +1,3 @@
docker_registry: xxx
docker_username: xxx
docker_password: xxx

17
ansible_deploy_docker/roles/docker/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,17 @@
---
- name: Install Snapd
apt:
name: snapd
state: present
update_cache: yes
- name: Install Docker via Snap
community.general.snap:
name: docker
state: present
- name: Ensure Docker service is running
service:
name: snap.docker.dockerd
state: started
enabled: yes

4
ansible_deploy_docker/roles/remove/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,4 @@
- name: Remove file (delete file)
ansible.builtin.file:
path: /tmp/id_rsa
state: absent

1
ansible_simple_nginx/hosts
Unescape Escape View File

@ -0,0 +1 @@
server1 ansible_host="mistergwen.site" ansible_ssh_user="ubuntu" ansible_python_interpreter="/usr/bin/python3"

11
ansible_simple_nginx/nginx.yml
Unescape Escape View File

@ -0,0 +1,11 @@
- hosts: server1
#remote_user: debian
become: true
become_method: sudo
tasks:
- name: ensure nginx is at the latest version
apt: name=nginx state=latest
- name: start nginx
service:
name: nginx
state: started

25
ansible_simple_nginx/nginx2.yml
Unescape Escape View File

@ -0,0 +1,25 @@
- name: Installation et configuration de Nginx
hosts: oracle-server
become: yes # Utilise sudo pour les commandes
tasks:
- name: Mettre à jour les paquets apt
apt:
update_cache: yes
cache_valid_time: 3600 # Cache valide pendant 1 heure
- name: Installer Nginx
apt:
name: nginx
state: present
- name: Démarrer et activer Nginx
service:
name: nginx
state: started
enabled: yes
- name: Générer le certificat et mettre en place le HTTPS
command: /usr/bin/certbot --nginx -d oscar.nicolas-bardin.ovh --email rouquette.oscar@gmail.com --agree-tos --redirect --non-interactive --quiet

44
ansible_simple_nginx/playbook.yml
Unescape Escape View File

@ -0,0 +1,44 @@
- hosts: server1
#remote_user: debian
become: true
become_method: sudo
tasks:
- name: Update & upgrade system
apt:
update_cache: yes
upgrade: dist
- name: Install required packages
apt:
name:
- cron
- python3-pip
- python3-virtualenv
- python3-setuptools
- htop
- man
- net-tools
- bash-completion
- locales
- python-is-python3
- wget
- zip
- bzip2
- tree
- vim
- vim-common
- screen
- curl
- unzip
state: present
- name: Remove useless stuff
apt:
name:
- bind9
- telnet
- ftp
state: absent

1
ansible_simple_nginx/run.sh
Unescape Escape View File

@ -0,0 +1 @@
ansible-playbook -i hosts playbook.yml

1
ansiblenginx/.gitignore vendored
Unescape Escape View File

@ -0,0 +1 @@
.venv

402
ansiblenginx/EXERCICE.md
Unescape Escape View File

@ -0,0 +1,402 @@
# 🎯 Exercice : Améliorer le serveur Nginx avec Ansible
## 📋 Objectif de l'exercice
Tu vas améliorer ton projet Ansible actuel en ajoutant 3 fonctionnalités importantes :
1. ✅ **HTTPS** (sécuriser le site avec un certificat SSL)
2. ✅ **Authentification** (protéger l'accès avec login/password)
3. ✅ **Déployer des pages web** (mettre ton propre site HTML)
---
## 🚀 Partie 1 : Configurer HTTPS avec Let's Encrypt
### 🤔 C'est quoi HTTPS ?
- HTTP = ton site est accessible mais **pas sécurisé** (pas de cadenas 🔓)
- HTTPS = ton site est **sécurisé** avec un certificat SSL (cadenas vert 🔒)
- Les données sont **chiffrées** entre le navigateur et le serveur
### 📝 Ce que tu dois faire :
#### Étape 1.1 : Installer Certbot
Certbot = outil gratuit pour obtenir un certificat SSL
**Ajoute cette tâche dans `playbook.yml`** (après l'installation de Nginx) :
```yaml
- name: Installer Certbot pour Let's Encrypt
apt:
name:
- certbot
- python3-certbot-nginx
state: present
```
**💡 Explication** :
- `certbot` = l'outil principal
- `python3-certbot-nginx` = plugin pour configurer automatiquement Nginx
#### Étape 1.2 : Générer le certificat SSL
**Ajoute cette tâche** :
```yaml
- name: Obtenir un certificat SSL avec Certbot
command: certbot --nginx -d defder.fr --non-interactive --agree-tos --email ton-email@exemple.com
args:
creates: /etc/letsencrypt/live/defder.fr/fullchain.pem
```
**💡 Explication** :
- `--nginx` = configure automatiquement Nginx
- `-d defder.fr` = ton nom de domaine
- `--non-interactive` = pas de questions (automatique)
- `--agree-tos` = accepte les conditions
- `--email` = **REMPLACE par ton vrai email !**
- `creates: ...` = ne refait pas si le certificat existe déjà
#### Étape 1.3 : Renouvellement automatique
Les certificats expirent tous les 90 jours. Il faut les renouveler automatiquement.
**Ajoute cette tâche** :
```yaml
- name: Configurer le renouvellement automatique du certificat
cron:
name: "Renouveler certificat SSL"
minute: "0"
hour: "3"
job: "certbot renew --quiet"
```
**💡 Explication** :
- Vérifie chaque jour à 3h du matin si le certificat doit être renouvelé
- `--quiet` = ne fait pas de bruit dans les logs
#### ✅ Vérification Partie 1
Lance ton playbook : `./run.sh`
Ensuite, teste dans ton navigateur : `https://defder.fr`
- Tu dois voir le **cadenas vert 🔒**
- Le site est maintenant sécurisé !
---
## 🔐 Partie 2 : Ajouter une authentification
### 🤔 C'est quoi l'authentification ?
Une popup qui demande **login + password** avant d'accéder au site.
Utile pour protéger un site privé, un backoffice, etc.
### 📝 Ce que tu dois faire :
#### Étape 2.1 : Installer les outils nécessaires
**Ajoute cette tâche** :
```yaml
- name: Installer apache2-utils pour htpasswd
apt:
name: apache2-utils
state: present
```
**💡 Explication** :
- `htpasswd` = outil pour créer des fichiers de mots de passe
#### Étape 2.2 : Créer un utilisateur avec mot de passe
**Ajoute cette tâche** :
```yaml
- name: Créer un fichier de mots de passe
htpasswd:
path: /etc/nginx/.htpasswd
name: admin
password: "MonMotDePasse123"
owner: root
group: www-data
mode: '0640'
```
**💡 Explication** :
- Crée un fichier `/etc/nginx/.htpasswd`
- Utilisateur : `admin`
- Mot de passe : `MonMotDePasse123` (**CHANGE-LE !**)
- `mode: '0640'` = permissions sécurisées
#### Étape 2.3 : Créer un fichier de configuration Nginx
Tu vas créer un fichier de config personnalisé pour Nginx.
**D'abord, crée un dossier `templates/` dans ton projet** :
```
iaac/
├── templates/
│ └── nginx-auth.conf.j2
├── playbook.yml
├── inventory.yml
...
```
**Crée le fichier `templates/nginx-auth.conf.j2`** avec ce contenu :
```nginx
server {
listen 80;
server_name defder.fr;
# Redirection HTTP vers HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name defder.fr;
# Certificats SSL (générés par Certbot)
ssl_certificate /etc/letsencrypt/live/defder.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/defder.fr/privkey.pem;
# Dossier racine du site
root /var/www/html;
index index.html;
# AUTHENTIFICATION
auth_basic "Zone protégée - Connexion requise";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
try_files $uri $uri/ =404;
}
}
```
**💡 Explication** :
- Redirige automatiquement HTTP → HTTPS
- Active l'authentification avec `auth_basic`
- Pointe vers le fichier de mots de passe
#### Étape 2.4 : Déployer la configuration
**Ajoute cette tâche dans `playbook.yml`** :
```yaml
- name: Déployer la configuration Nginx avec authentification
template:
src: templates/nginx-auth.conf.j2
dest: /etc/nginx/sites-available/defder
notify: Recharger Nginx
- name: Activer le site
file:
src: /etc/nginx/sites-available/defder
dest: /etc/nginx/sites-enabled/defder
state: link
- name: Désactiver le site par défaut
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: Recharger Nginx
```
#### Étape 2.5 : Ajouter un handler pour recharger Nginx
**À la fin de `playbook.yml`**, ajoute :
```yaml
handlers:
- name: Recharger Nginx
systemd:
name: nginx
state: reloaded
```
**💡 Explication** :
- Un handler = une action qui se déclenche quand un fichier change
- Recharge Nginx quand la config est modifiée
#### ✅ Vérification Partie 2
Lance ton playbook : `./run.sh`
Visite `https://defder.fr` → Une popup apparaît !
- Login : `admin`
- Password : `MonMotDePasse123` (ou celui que tu as choisi)
---
## 🎨 Partie 3 : Déployer des pages web personnalisées
### 🤔 C'est quoi déployer des pages ?
Remplacer la page par défaut de Nginx par **ton propre site HTML**.
### 📝 Ce que tu dois faire :
#### Étape 3.1 : Créer un dossier pour ton site
**Dans ton projet, crée un dossier `files/`** :
```
iaac/
├── files/
│ ├── index.html
│ └── style.css
├── templates/
├── playbook.yml
...
```
#### Étape 3.2 : Créer une page HTML
**Crée `files/index.html`** :
```html
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Mon site déployé avec Ansible</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
<h1>🚀 Bienvenue sur mon serveur !</h1>
<p>Ce site a été déployé automatiquement avec Ansible.</p>
<ul>
<li>✅ Serveur : Nginx</li>
<li>✅ Sécurité : HTTPS activé</li>
<li>✅ Protection : Authentification activée</li>
<li>✅ Automatisation : 100% IaaC</li>
</ul>
<p class="footer">Déployé le {{ ansible_date_time.date }} 🎉</p>
</div>
</body>
</html>
```
#### Étape 3.3 : Créer un fichier CSS
**Crée `files/style.css`** :
```css
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: Arial, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
display: flex;
justify-content: center;
align-items: center;
}
.container {
background: white;
padding: 3rem;
border-radius: 15px;
box-shadow: 0 10px 40px rgba(0,0,0,0.3);
max-width: 600px;
text-align: center;
}
h1 {
color: #667eea;
margin-bottom: 1rem;
font-size: 2.5rem;
}
p {
color: #333;
margin-bottom: 1rem;
font-size: 1.1rem;
}
ul {
list-style: none;
margin: 2rem 0;
}
ul li {
background: #f0f0f0;
padding: 0.8rem;
margin: 0.5rem 0;
border-radius: 8px;
font-size: 1rem;
}
.footer {
margin-top: 2rem;
font-style: italic;
color: #667eea;
}
```
#### Étape 3.4 : Déployer les fichiers sur le serveur
**Ajoute ces tâches dans `playbook.yml`** (avant le handler) :
```yaml
- name: Créer le dossier du site web
file:
path: /var/www/html
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Déployer la page HTML
template:
src: files/index.html
dest: /var/www/html/index.html
owner: www-data
group: www-data
mode: '0644'
- name: Déployer le fichier CSS
copy:
src: files/style.css
dest: /var/www/html/style.css
owner: www-data
group: www-data
mode: '0644'
```
**💡 Explication** :
- `template:` pour index.html = permet d'utiliser des variables Ansible (comme la date)
- `copy:` pour style.css = copie simple du fichier
- `owner: www-data` = donne les bons droits à Nginx
#### ✅ Vérification Partie 3
Lance ton playbook : `./run.sh`
Visite `https://defder.fr` :
- Entre login/password
- Tu vois **ton site personnalisé** ! 🎉
---
## 🎓 Résumé de ce que tu as appris
| Fonctionnalité | Module Ansible | Utilité |
|---------------|----------------|---------|
| **HTTPS** | `command` (certbot) | Sécuriser le site |
| **Authentification** | `htpasswd` | Protéger l'accès |
| **Configuration Nginx** | `template` | Personnaliser le serveur |
| **Déploiement de fichiers** | `copy` / `template` | Mettre en ligne ton site |
| **Handlers** | `handlers` | Recharger Nginx automatiquement |
---
## 🚀 Pour aller plus loin (Bonus)
### Idées d'améliorations :
1. **Plusieurs utilisateurs** : Ajoute plusieurs logins dans htpasswd
2. **Variables** : Mets le nom de domaine, email, etc. dans un fichier `vars.yml`
3. **Rôles Ansible** : Organise ton code en rôles (nginx, ssl, web)
4. **CI/CD** : Automatise le déploiement avec GitHub Actions
5. **Monitoring** : Ajoute un outil pour surveiller le serveur
---
## 📚 Ressources utiles
- **Documentation Ansible** : https://docs.ansible.com
- **Certbot** : https://certbot.eff.org
- **Nginx** : https://nginx.org/en/docs/
---
## ✅ Checklist finale
- [ ] HTTPS fonctionne (cadenas vert)
- [ ] Authentification demande login/password
- [ ] Page personnalisée affichée
- [ ] Certificat SSL se renouvelle automatiquement
- [ ] Code versionné sur Git
- [ ] Playbook s'exécute sans erreur
**Bravo ! Tu as créé une infrastructure complète et sécurisée avec Ansible ! 🎉**

37
ansiblenginx/README.md
Unescape Escape View File

@ -0,0 +1,37 @@
# Projet Ansible - Installation Nginx sur VPS
## Configuration
1. **Modifier l'inventory** : Éditez `inventory.yml` et remplacez `YOUR_VPS_IP_ADDRESS` par l'adresse IP de votre VPS
2. **Configurer l'accès SSH** :
- Assurez-vous d'avoir accès SSH à votre VPS
- Si vous utilisez une clé SSH, décommentez et configurez `ansible_ssh_private_key_file`
## Utilisation
### Tester la connexion
```bash
ansible all -m ping
```
### Exécuter le playbook
```bash
ansible-playbook playbook.yml
```
### Exécuter en mode vérification (dry-run)
```bash
ansible-playbook playbook.yml --check
```
### Exécuter avec verbosité
```bash
ansible-playbook playbook.yml -v
```
## Structure du projet
- `ansible.cfg` : Configuration Ansible
- `inventory.yml` : Inventaire des serveurs au format YAML
- `playbook.yml` : Playbook d'installation de Nginx

11
ansiblenginx/ansible.cfg
Unescape Escape View File

@ -0,0 +1,11 @@
[defaults]
inventory = inventory.yml
host_key_checking = False
remote_user = root
retry_files_enabled = False
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

22
ansiblenginx/files/index.html
Unescape Escape View File

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Mon site déployé avec Ansible</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="container">
<h1>🚀 Bienvenue sur mon serveur !</h1>
<p>Ce site a été déployé automatiquement avec Ansible.</p>
<ul>
<li>✅ Serveur : Nginx</li>
<li>✅ Sécurité : HTTPS activé</li>
<li>✅ Protection : Authentification activée</li>
<li>✅ Automatisation : 100% IaaC</li>
</ul>
<p class="footer">Déployé le {{ ansible_date_time.date }} 🎉</p>
</div>
</body>
</html>

54
ansiblenginx/files/style.css
Unescape Escape View File

@ -0,0 +1,54 @@
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: Arial, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
display: flex;
justify-content: center;
align-items: center;
}
.container {
background: white;
padding: 3rem;
border-radius: 15px;
box-shadow: 0 10px 40px rgba(0,0,0,0.3);
max-width: 600px;
text-align: center;
}
h1 {
color: #667eea;
margin-bottom: 1rem;
font-size: 2.5rem;
}
p {
color: #333;
margin-bottom: 1rem;
font-size: 1.1rem;
}
ul {
list-style: none;
margin: 2rem 0;
}
ul li {
background: #f0f0f0;
padding: 0.8rem;
margin: 0.5rem 0;
border-radius: 8px;
font-size: 1rem;
}
.footer {
margin-top: 2rem;
font-style: italic;
color: #667eea;
}

51
ansiblenginx/install.sh
Unescape Escape View File

@ -0,0 +1,51 @@
#!/bin/bash
# Script d'installation du projet Ansible
set -e
echo "================================================"
echo "Installation du projet Ansible - Nginx sur VPS"
echo "================================================"
echo ""
# Vérifier si Python3 est installé
if ! command -v python3 &> /dev/null; then
echo "❌ Python3 n'est pas installé. Veuillez l'installer d'abord."
exit 1
fi
echo "✅ Python3 est installé"
# Créer un environnement virtuel s'il n'existe pas
if [ ! -d ".venv" ]; then
echo "📦 Création de l'environnement virtuel..."
python3 -m venv .venv
echo "✅ Environnement virtuel créé"
else
echo "✅ Environnement virtuel existe déjà"
fi
# Activer l'environnement virtuel
echo "🔧 Activation de l'environnement virtuel..."
source .venv/bin/activate
# Mettre à jour pip
echo "⬆️ Mise à jour de pip..."
pip install --upgrade pip > /dev/null 2>&1
# Installer les dépendances
echo "📥 Installation d'Ansible et des dépendances..."
pip install -r requirements.txt
echo ""
echo "✅ Installation terminée avec succès!"
echo ""
echo "================================================"
echo "Prochaines étapes:"
echo "================================================"
echo "1. Éditez 'inventory.yml' et configurez l'IP de votre VPS"
echo "2. Activez l'environnement virtuel : source .venv/bin/activate"
echo "3. Testez la connexion : ansible all -m ping"
echo "4. Lancez le script : ./run.sh"
echo ""

11
ansiblenginx/inventory.yml
Unescape Escape View File

@ -0,0 +1,11 @@
---
all:
children:
webservers:
hosts:
vps1:
ansible_host: defder.fr
ansible_user: root
ansible_port: 22
ansible_ssh_private_key_file: ./defderkey

79
ansiblenginx/pipeline-auto.yml
Unescape Escape View File

@ -0,0 +1,79 @@
# ==============================================
# Pipeline Concourse - Déploiement Automatique
# ==============================================
# Surveille le repo Git et déploie automatiquement
resource_types: []
resources:
# Repo Git local (polling toutes les 30 secondes)
- name: repo
type: git
icon: gitlab
check_every: 30s
source:
uri: https://forge.gwenaelremond.fr/romain/ansiblenginx.git
branch: main
jobs:
# Job principal : Déploiement automatique
- name: deploy-bricoloc
plan:
# 1. Récupère le code depuis Git
- get: repo
trigger: true # Déclenche automatiquement sur changement
# 2. Déploie sur le VPS
- task: deploy-to-vps
config:
platform: linux
image_resource:
type: registry-image
source:
repository: python
tag: "3.11-slim"
inputs:
- name: repo
params:
ssh_private_key: ((ssh_private_key))
vps_host: ((vps_host))
vps_user: ((vps_user))
run:
path: /bin/bash
args:
- -exc
- |
# Installer les dépendances
apt-get update && apt-get install -y openssh-client rsync sshpass
pip install ansible
# Configurer SSH
mkdir -p ~/.ssh
echo "$ssh_private_key" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H $vps_host >> ~/.ssh/known_hosts 2>/dev/null
cd repo
# Créer l'inventaire dynamique
cat > inventory.yml << EOF
all:
hosts:
vps1:
ansible_host: $vps_host
ansible_user: $vps_user
ansible_ssh_private_key_file: ~/.ssh/id_rsa
children:
webservers:
hosts:
vps1:
EOF
# Lancer le playbook Ansible
ansible-playbook -i inventory.yml playbook.yml
echo "✅ Déploiement terminé sur $vps_host"

239
ansiblenginx/playbook.yml
Unescape Escape View File

@ -0,0 +1,239 @@
---
- name: Installer et configurer Nginx sur VPS Ubuntu
hosts: webservers
become: yes
tasks:
- name: Mettre à jour le cache apt
apt:
update_cache: yes
cache_valid_time: 3600
- name: Installer Nginx
apt:
name: nginx
state: present
- name: Installer Node.js et npm
apt:
name:
- nodejs
- npm
state: present
- name: Installer pnpm globalement
command: npm install -g pnpm
changed_when: false
- name: Installer apache2-utils pour htpasswd
apt:
name: apache2-utils
state: present
- name: Installer la librairie Python passlib
apt:
name: python3-passlib
state: present
- name: Créer un fichier de mots de passe
htpasswd:
path: /etc/nginx/.htpasswd
name: admin
password: "mdp123"
owner: root
group: www-data
mode: '0640'
- name: Installer Certbot pour Let's Encrypt
apt:
name:
- certbot
- python3-certbot-nginx
state: present
- name: Obtenir un certificat SSL avec Certbot
command: certbot --nginx -d defder.fr --non-interactive --agree-tos --email bottero.romain1811@gmail.com --redirect
notify: Restart Nginx
args:
creates: /etc/letsencrypt/live/defder.fr/fullchain.pem
- name: Configurer le renouvellement automatique du certificat
cron:
name: "Renouveler le certificat SSL"
minute: "0"
hour: "3"
job: "certbot renew --quiet"
- name: S'assurer qu'UFW est installé
apt:
name: ufw
state: present
- name: Autoriser le trafic SSH dans le firewall (UFW)
ufw:
rule: allow
port: '22'
proto: tcp
- name: Autoriser le trafic HTTP dans le firewall (UFW)
ufw:
rule: allow
port: '80'
proto: tcp
- name: Autoriser le trafic HTTPS dans le firewall (UFW)
ufw:
rule: allow
port: '443'
proto: tcp
- name: Activer UFW(uncomplicated firewall)
ufw:
state: enabled
- name: Démarrer et activer Nginx
systemd:
name: nginx
state: started
enabled: yes
# Config Nginx supprimée - on utilise uniquement nginx-app-legacy.conf.j2
# qui fait le reverse proxy vers l'app Node.js
- name: Supprimer toute ancienne config Nginx obsolète
file:
path: /etc/nginx/sites-available/defder
state: absent
- name: Déployer la configuration Nginx pour l'app legacy
template:
src: templates/nginx-app-legacy.conf.j2
dest: /etc/nginx/sites-available/defder
notify: Recharger Nginx
- name: Déployer le service systemd pour l'app legacy
template:
src: templates/bricoloc-legacy.service.j2
dest: /etc/systemd/system/bricoloc-legacy.service
notify: Redémarrer l'app legacy
- name: Activer et démarrer le service legacy
systemd:
name: bricoloc-legacy
state: started
enabled: yes
daemon_reload: yes
- name: Activer le site
file:
src: /etc/nginx/sites-available/defder
dest: /etc/nginx/sites-enabled/defder
state: link
notify: Recharger Nginx
- name: Désactiver le site par défaut
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: Recharger Nginx
- name: Vérifier que Nginx est en cours d'exécution
service:
name: nginx
state: started
register: nginx_status
- name: Afficher le statut de Nginx
debug:
msg: "Nginx est installé et en cours d'exécution"
- name: Récupérer l'IP du serveur
command: hostname -I
register: server_ip
changed_when: false
- name: Créer le dossier du site web
file:
path: /var/www/apps
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Créer le dossier .local pour pnpm
file:
path: /var/www/.local/share/pnpm
state: directory
owner: www-data
group: www-data
mode: '0755'
recurse: yes
- name: Déployer l'app depuis le repo local
synchronize:
src: app/bricolociaac/
dest: /var/www/apps/bricolociaac/
delete: yes
rsync_opts:
- "--exclude=node_modules"
- "--exclude=.git"
- name: Définir les permissions sur les fichiers déployés
file:
path: /var/www/apps/bricolociaac
owner: www-data
group: www-data
recurse: yes
- name: Installer les dépendances du projet
shell: |
cd /var/www/apps/bricolociaac
pnpm install --frozen-lockfile || pnpm install
environment:
NODE_ENV: production
PNPM_HOME: /var/www/.local/share/pnpm
timeout: 600
- name: Installer les dépendances de l'app legacy spécifiquement
shell: |
cd /var/www/apps/bricolociaac
pnpm install --filter legacy --frozen-lockfile || pnpm install --filter legacy
environment:
NODE_ENV: production
PNPM_HOME: /var/www/.local/share/pnpm
timeout: 600
- name: Builder l'app legacy
command: pnpm build:legacy
args:
chdir: /var/www/apps/bricolociaac
environment:
NODE_ENV: production
PNPM_HOME: /var/www/.local/share/pnpm
- name: Redémarrer le service bricoloc-legacy après déploiement
systemd:
name: bricoloc-legacy
state: restarted
daemon_reload: yes
- name: Afficher l'URL d'accès
debug:
msg: "Nginx est accessible à l'adresse : https://defder.fr (ou http://{{ server_ip.stdout.split()[0] }} qui redirige vers HTTPS)"
handlers:
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Recharger Nginx
systemd:
name: nginx
state: reloaded
- name: Redémarrer l'app legacy
systemd:
name: bricoloc-legacy
state: restarted

1
ansiblenginx/requirements.txt
Unescape Escape View File

@ -0,0 +1 @@
ansible>=2.9

1
ansiblenginx/run.sh
Unescape Escape View File

@ -0,0 +1 @@
ansible-playbook -i inventory.yml --private-key defderkey playbook.yml

15
ansiblenginx/templates/bricoloc-legacy.service.j2
Unescape Escape View File

@ -0,0 +1,15 @@
[Unit]
Description=Bricoloc Legacy App
After=network.target
[Service]
Type=simple
User=www-data
WorkingDirectory=/var/www/apps/bricolociaac/apps/legacy-app
Environment="NODE_ENV=production"
ExecStart=/usr/bin/node src/server.js
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target

33
ansiblenginx/templates/nginx-app-legacy.conf.j2
Unescape Escape View File

@ -0,0 +1,33 @@
server {
listen 80;
server_name defder.fr;
# Redirection HTTP vers HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name defder.fr;
# Certificats SSL (générés par Certbot)
ssl_certificate /etc/letsencrypt/live/defder.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/defder.fr/privkey.pem;
# AUTHENTIFICATION
auth_basic "Zone protégée - Connexion requise";
auth_basic_user_file /etc/nginx/.htpasswd;
# Reverse proxy vers l'app legacy (port 3000)
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}

17
api/createRepo.js
Unescape Escape View File

@ -1,17 +0,0 @@
let headers = new Headers();
headers.append("Authorization", "Bearer 53fee4e31a06d538bd18562e7eb3450ce714e63f");
var formdata = new FormData();
formdata.append("name", "exercices");
var options = {
method: 'POST',
headers: headers,
body: formdata,
redirect: 'follow'
};
fetch("https://forge.gwenaelremond.fr/api/v1/user/repos", options)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));

54
api/create_one_repo.py
Unescape Escape View File

@ -1,54 +0,0 @@
"""
#  XXX TODO : fournir la bonne URL
#  XXX TODO : fournir le bon application token
sur la page du compte utilisateur de (admin)
la page de configuration **perso** /user/settings
> settings > application > générer un jeton d'authentification
http://forge:port/user/settings/applications
API doc swagger :
https://forge.gwenaelremond.fr/api/swagger/
https://<url>/api/swagger#/admin/adminCreateUser
il y a:
- créer un repo comme admin
- créer un repo comme user
https://forge.gwenaelremond.fr/api/v1/user/repos
"""
# ______________________________________________________________________________
import requests
# ______________________________________________________________________________
# configuration
"repo name"
name = "essai"
url = 'https://forge.gwenaelremond.fr/api/v1/user/repos'
token = 'XXX'
# ______________________________________________________________________________
headers = {
'accept': 'application/json',
'Content-Type': 'application/json; indent=4',
'Authorization': 'token {}'.format(token)
}
#{'Authorization': 'token myToken'}
#'X-Auth-Token': token
#{
# "default_branch": "string",
# "description": "string",
# "name": "string",
# "readme": "string",
#}
data = {
"description": name,
"default_branch": "main",
"name": name,
"private": False,
}
response = requests.post(url, headers=headers, json=data)
print("réponse : ", response.json())

20
api/curl.txt
Unescape Escape View File

@ -1,20 +0,0 @@
"""
curl -X 'POST' \
'https://forge.gwenaelremond.fr/api/v1/admin/users' \
-H 'accept: application/json' \
-H 'Authorization: token XXXX'\
-H 'Content-Type: application/json' \
-d '{
"email": "user@example.com",
"full_name": "dupont",
"login_name": "dupont",
"must_change_password": true,
"password": "blabla%TulPoint45",
"restricted": true,
"send_notify": false,
"source_id": 0,
"username": "dupont"
}'
"""

5
api/curl_post.sh
Unescape Escape View File

@ -1,5 +0,0 @@
# token, ou bien bearer
#"Authorization: token e4d2bac2fb0e463b1e79997b108b91fe7de144d5"
#"Authorization: bearer e4d2bac2fb0e463b1e79997b108b91fe7de144d5"
curl -X POST "https://forge.gwenaelremond.fr/api/v1/user/repos" -H "accept: application/json" -H "Authorization: token f2b21b62ceb91d9cd561278545638a053bfce498" -H "Content-Type: application/json" -d '{ "auto_init": true, "default_branch": "main", "description": "reponses aux exercices et tp", "name": "exercices", "private": false, "readme": "Default"}' -i

8
bricoloc/.idea/.gitignore vendored
Unescape Escape View File

@ -0,0 +1,8 @@
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml

14
bricoloc/.idea/bricoloc.iml
Unescape Escape View File

@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="PYTHON_MODULE" version="4">
<component name="Flask">
<option name="enabled" value="true" />
</component>
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="jdk" jdkName="Python 3.12" jdkType="Python SDK" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
<component name="TemplatesService">
<option name="TEMPLATE_CONFIGURATION" value="Jinja2" />
</component>
</module>

6
bricoloc/.idea/inspectionProfiles/profiles_settings.xml
Unescape Escape View File

@ -0,0 +1,6 @@
<component name="InspectionProjectProfileManager">
<settings>
<option name="USE_PROJECT_PROFILE" value="false" />
<version value="1.0" />
</settings>
</component>

7
bricoloc/.idea/misc.xml
Unescape Escape View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="Black">
<option name="sdkName" value="Python 3.12" />
</component>
<component name="ProjectRootManager" version="2" project-jdk-name="Python 3.12" project-jdk-type="Python SDK" />
</project>

8
bricoloc/.idea/modules.xml
Unescape Escape View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/bricoloc.iml" filepath="$PROJECT_DIR$/.idea/bricoloc.iml" />
</modules>
</component>
</project>

38
bricoloc/inventory-service.py
Unescape Escape View File

@ -0,0 +1,38 @@
# inventory_service.py
import pika
import json
# RabbitMQ setup
RABBITMQ_HOST = 'localhost'
connection = pika.BlockingConnection(pika.ConnectionParameters(RABBITMQ_HOST))
channel = connection.channel()
channel.queue_declare(queue='rental_requests')
# Database simulation
inventory = {
'perceuse': 5,
'tondeuse': 3,
'ponceuse': 4,
'scie': 2
}
def process_rental(ch, method, properties, body):
rental_data = json.loads(body)
product = rental_data['product']
quantity = rental_data['quantity']
if product in inventory and inventory[product] >= quantity:
inventory[product] -= quantity
print(f"Déstockage effectué: {quantity} {product}(s)")
print(f"Stock restant - {product}: {inventory[product]}")
else:
print(f"Erreur: Stock insuffisant pour {product}")
channel.basic_consume(
queue='rental_requests',
on_message_callback=process_rental,
auto_ack=True
)
print("Service de gestion des stocks démarré. En attente de demandes...")
channel.start_consuming()

45
bricoloc/rental-request-service.py
Unescape Escape View File

@ -0,0 +1,45 @@
# request_service.py
from flask import Flask, render_template, request, jsonify
import pika
import json
app = Flask(__name__)
# RabbitMQ setup
RABBITMQ_HOST = 'localhost'
connection = pika.BlockingConnection(pika.ConnectionParameters(RABBITMQ_HOST))
channel = connection.channel()
channel.queue_declare(queue='rental_requests')
# Database simulation
inventory = {
'perceuse': 5,
'tondeuse': 3,
'ponceuse': 4,
'scie': 2
}
@app.route('/')
def home():
return render_template('rental_form.html')
@app.route('/submit_rental', methods=['POST'])
def submit_rental():
rental_data = {
'product': request.form['product'],
'quantity': int(request.form['quantity']),
'customer_name': request.form['customer_name'],
'rental_duration': int(request.form['duration'])
}
# Send message to inventory service
channel.basic_publish(
exchange='',
routing_key='rental_requests',
body=json.dumps(rental_data)
)
return jsonify({"message": "Demande de location envoyée avec succès!"})
if __name__ == '__main__':
app.run(port=5000)

2
bricoloc/requirements.txt
Unescape Escape View File

@ -0,0 +1,2 @@
pika
flask

55
bricoloc/templates/rental_form.html
Unescape Escape View File

@ -0,0 +1,55 @@
<!DOCTYPE html>
<html>
<head>
<title>Location d'Équipements</title>
<style>
body { max-width: 600px; margin: 0 auto; padding: 20px; }
.form-group { margin-bottom: 15px; }
label { display: block; margin-bottom: 5px; }
input, select { width: 100%; padding: 8px; }
button { padding: 10px 20px; background-color: #4CAF50; color: white; border: none; }
</style>
</head>
<body>
<h1>Location d'Équipements de Bricolage</h1>
<form id="rentalForm" onsubmit="submitForm(event)">
<div class="form-group">
<label for="product">Produit:</label>
<select id="product" name="product" required>
<option value="perceuse">Perceuse</option>
<option value="tondeuse">Tondeuse</option>
<option value="ponceuse">Ponceuse</option>
<option value="scie">Scie</option>
</select>
</div>
<div class="form-group">
<label for="quantity">Quantité:</label>
<input type="number" id="quantity" name="quantity" min="1" required>
</div>
<div class="form-group">
<label for="customer_name">Nom du client:</label>
<input type="text" id="customer_name" name="customer_name" required>
</div>
<div class="form-group">
<label for="duration">Durée de location (jours):</label>
<input type="number" id="duration" name="duration" min="1" required>
</div>
<button type="submit">Soumettre</button>
</form>
<script>
function submitForm(event) {
event.preventDefault();
const formData = new FormData(document.getElementById('rentalForm'));
fetch('/submit_rental', {
method: 'POST',
body: formData
})
.then(response => response.json())
.then(data => alert(data.message))
.catch(error => alert('Erreur: ' + error));
}
</script>
</body>
</html>

19
concourse/concourse.txt
Unescape Escape View File

@ -0,0 +1,19 @@
Concourse
-------------
- install concourse avec docker-compose
- install de fly
tunel ssh pour pouvoir accéder à l'appli web
ssh -L 8080:localhost:8080 ubuntu@mistergwen.site
fly -t tutorial login -c http://localhost:8080 -u test -p test
fly -t tutorial set-pipeline -p hello-world -c hello-world.yml
fly -t tutorial unpause-pipeline -p hello-world
fly -t tutorial trigger-job --job hello-world/hello-world-job --watch
pour nettoyer :
fly -t tutorial destroy-pipeline -p hello-world

40
concourse/concourse_target.md
Unescape Escape View File

@ -0,0 +1,40 @@
Dans le contexte d'un pipeline **Concourse**, une **target** fait généralement référence à un **environnement de déploiement** ou à un **ensemble d'objectifs (targets)** où un job doit être exécuté. Cela fait partie de la configuration permettant de déterminer où les ressources et les jobs doivent être déployés ou exécutés, que ce soit sur un environnement local ou distant.
### Définition et utilisation de "target" dans un pipeline Concourse :
1. **Environnement d'exécution** :
- Une target représente l'endroit où les actions de pipeline (telles que les jobs ou les ressources) seront exécutées. Ce peut être un serveur de déploiement, un environnement de tests, ou une machine virtuelle dans le cas de Concourse. Chaque instance de Concourse peut être configurée pour interagir avec des environnements différents ou des ressources externes à travers des "targets".
2. **Dans les ressources et les actions** :
- Dans un pipeline Concourse, des ressources (comme les dépôts Git, les images Docker, ou les artefacts) peuvent être connectées à des targets, ce qui indique à Concourse de quelle manière et où interagir avec ces ressources.
- Exemple : si vous avez une ressource qui interagit avec un service externe comme AWS, une cible peut être utilisée pour configurer l'authentification et l'interaction avec cet environnement.
3. **Dans la configuration de Concourse** :
- Concourse utilise des "targets" dans sa configuration pour déterminer les paramètres relatifs aux connexions aux systèmes externes. Les **targets** sont utilisés dans des fichiers de configuration ou de pipeline pour établir des connexions aux environnements de déploiement ou aux systèmes tiers. Par exemple, cela pourrait concerner des environnements comme `production`, `staging` ou `dev`.
### Exemple pratique :
Disons que vous avez un pipeline qui déploie une application sur plusieurs environnements, par exemple :
- Un environnement de développement (dev).
- Un environnement de staging.
- Un environnement de production.
Chaque environnement aurait une **target** associée. Par exemple :
```yaml
resources:
- name: git-repo
type: git
source:
uri: "https://github.com/monrepo"
branch: master
target: staging # Ici la target désignerait l'environnement "staging" pour ce job
jobs:
- name: deploy-dev
plan:
- get: git-repo
trigger: true
- task: deploy-to-dev
target: dev # Ici la target désignerait l'environnement "dev"
```
### Conclusion :
En résumé, une **target** dans un pipeline **Concourse** est un mécanisme pour spécifier où les ressources doivent être utilisées ou où les actions doivent être exécutées. C'est une abstraction pour interagir avec différents environnements ou systèmes externes en fonction du contexte de votre pipeline. Cela permet d'avoir un contrôle fin sur le déploiement, l'exécution des tâches, et l'intégration avec d'autres outils ou plateformes.

25
concourse/connector.yaml
Unescape Escape View File

@ -0,0 +1,25 @@
resources:
- name: exo_resource
type: git
source:
uri: https://forge.gwenaelremond.fr/gwen/larochellemaalsi2023/
branch: develop
jobs:
- name: job-resource
plan:
- get: exo_resource
trigger: true
- task: diff
config:
inputs:
- name: exo_resource
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
run:
path: echo
args: ["Test"]

35
concourse/docker-compose.yml
Unescape Escape View File

@ -0,0 +1,35 @@
version: '3'
services:
concourse-db:
image: postgres
environment:
POSTGRES_DB: concourse
POSTGRES_PASSWORD: concourse_pass
POSTGRES_USER: concourse_user
PGDATA: /database
concourse:
image: concourse/concourse
command: quickstart
privileged: true
depends_on: [concourse-db]
ports: ["8080:8080"]
environment:
CONCOURSE_POSTGRES_HOST: concourse-db
CONCOURSE_POSTGRES_USER: concourse_user
CONCOURSE_POSTGRES_PASSWORD: concourse_pass
CONCOURSE_POSTGRES_DATABASE: concourse
CONCOURSE_EXTERNAL_URL: http://localhost:8080
CONCOURSE_ADD_LOCAL_USER: test:test
CONCOURSE_MAIN_TEAM_LOCAL_USER: test
# instead of relying on the default "detect"
CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay
CONCOURSE_CLIENT_SECRET: Y29uY291cnNlLXdlYgo=
CONCOURSE_TSA_CLIENT_SECRET: Y29uY291cnNlLXdvcmtlcgo=
CONCOURSE_X_FRAME_OPTIONS: allow
CONCOURSE_CONTENT_SECURITY_POLICY: "*"
CONCOURSE_CLUSTER_NAME: tutorial
CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "8.8.8.8"
# For ARM-based machine, change the Concourse runtime to "houdini"
CONCOURSE_WORKER_RUNTIME: "containerd"

15
concourse/exo2.yml
Unescape Escape View File

@ -0,0 +1,15 @@
jobs:
- name: hello-world-job
plan:
- task: hello-world-task
config:
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
outputs:
- name: the-artifact
run:
path: ls
args: ["-lF"]

36
concourse/exo3.yml
Unescape Escape View File

@ -0,0 +1,36 @@
jobs:
- name: hello-world-job
plan:
- task: hello-world-task
config:
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
outputs:
- name: the-artifact
run:
path: sh
args:
- -cx
- |
ls -l .
echo "hello from another step!" > the-artifact/message
- task: read-the-artifact
config:
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
# To receive "the-artifact", specify it as an input
inputs:
- name: the-artifact
run:
path: sh
args:
- -cx
- |
ls -l .
cat the-artifact/message

26
concourse/exo_resource.yml
Unescape Escape View File

@ -0,0 +1,26 @@
---
resources:
- name: exo_resource
type: git
source:
uri: https://forge.gwenaelremond.fr/gwen/chateauroux/
branch: develop
jobs:
- name: job-resource
plan:
- get: exo_resource
trigger: true
- task: diff
config:
inputs:
- name: exo_resource
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
run:
path: echo
args: ["Test"]

10
concourse/from_resource/hello.yml
Unescape Escape View File

@ -0,0 +1,10 @@
- task: hello
config:
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
run:
path: echo
args: ["Hello world!"]

16
concourse/from_resource/hello_from_resource.yml
Unescape Escape View File

@ -0,0 +1,16 @@
resources:
- name: ci
type: git
source:
uri: https://forge.gwenaelremond.fr/gwen/chateauroux
branch: main
version:
ref: 8e78227300e4dcd88d7b85a84a15f4a0fc5ece8f
jobs:
- name: time-job
public: true
plan:
- get: ci
- task: hello
file: hello.yml

13
concourse/hello-world.yml
Unescape Escape View File

@ -0,0 +1,13 @@
jobs:
- name: hello-world-job
plan:
- task: hello-world-task
config:
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
run:
path: echo
args: ["Hello world!"]

25
concourse/hello-world.yml.1
Unescape Escape View File

@ -0,0 +1,25 @@
jobs:
- name: hello-world-job
plan:
- task: hello-world-task
config:
# Tells Concourse which type of worker this task should run on
platform: linux
# This is one way of telling Concourse which container image to use for a
# task. We'll explain this more when talking about resources
image_resource:
type: registry-image
source:
repository: busybox # images are pulled from docker hub by default
# The command Concourse will run inside the container
# echo "Hello world!"
# run:
# path: echo
# args: ["Hello world!"]
outputs:
- name: the-artifact
run:
# Change the command to `ls -lF` to see
# what the task sees in its working directory
path: ls
args: ["-lF"]

39
concourse/hello-world.yml.2
Unescape Escape View File

@ -0,0 +1,39 @@
jobs:
- name: hello-world-job
plan:
- task: hello-world-task
config:
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
outputs:
- name: the-artifact
run:
# This is a neat way of embedding a script into a task
path: sh
args:
- -cx
- |
ls -l .
echo "hello from another step!" > the-artifact/message
# Add a second task that reads the contents of the-artifact/message
- task: read-the-artifact
config:
platform: linux
image_resource:
type: registry-image
source:
repository: busybox
# To receive "the-artifact", specify it as an input
inputs:
- name: the-artifact
run:
path: sh
args:
- -cx
- |
ls -l .
cat the-artifact/message
cp -a the-artifact /tmp/

15
concourse/last.yml
Unescape Escape View File

@ -0,0 +1,15 @@
---
resources:
- name: resource-tutorial
type: git
source:
uri: https://github.com/starkandwayne/concourse-tutorial.git
branch: develop
jobs:
- name: job-hello-world
public: true
plan:
- get: resource-tutorial
- task: hello-world
file: resource-tutorial/tutorials/basic/task-hello-world/task_hello_world.yml

79
concourse/pipeline-concourse.yml
Unescape Escape View File

@ -0,0 +1,79 @@
# ==============================================
# Pipeline Concourse - Déploiement Automatique
# ==============================================
# Surveille le repo Git et déploie automatiquement
resource_types: []
resources:
# Repo Git local (polling toutes les 30 secondes)
- name: repo
type: git
icon: gitlab
check_every: 30s
source:
uri: https://forge.gwenaelremond.fr/romain/ansiblenginx.git
branch: main
jobs:
# Job principal : Déploiement automatique
- name: deploy-bricoloc
plan:
# 1. Récupère le code depuis Git
- get: repo
trigger: true # Déclenche automatiquement sur changement
# 2. Déploie sur le VPS
- task: deploy-to-vps
config:
platform: linux
image_resource:
type: registry-image
source:
repository: python
tag: "3.11-slim"
inputs:
- name: repo
params:
ssh_private_key: ((ssh_private_key))
vps_host: ((vps_host))
vps_user: ((vps_user))
run:
path: /bin/bash
args:
- -exc
- |
# Installer les dépendances
apt-get update && apt-get install -y openssh-client rsync sshpass
pip install ansible
# Configurer SSH
mkdir -p ~/.ssh
echo "$ssh_private_key" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H $vps_host >> ~/.ssh/known_hosts 2>/dev/null
cd repo
# Créer l'inventaire dynamique
cat > inventory.yml << EOF
all:
hosts:
vps1:
ansible_host: $vps_host
ansible_user: $vps_user
ansible_ssh_private_key_file: ~/.ssh/id_rsa
children:
webservers:
hosts:
vps1:
EOF
# Lancer le playbook Ansible
ansible-playbook -i inventory.yml playbook.yml
echo "✅ Déploiement terminé sur $vps_host"

14
concourse/standalone_task.yml
Unescape Escape View File

@ -0,0 +1,14 @@
#to be lauched with the -i arg
#fly -t tutorial execute -c manual_launch.yml -i manual=.
platform: linux
image_resource:
type: registry-image
source:
repository: alpine/ansible
inputs:
- name: manual
run:
args:
- manual/print_hello.yml
path: ansible-playbook

260
devSecOps/ansible_decrypt.md
Unescape Escape View File

@ -0,0 +1,260 @@
# Ansible Vault SSH Key Management Guide
## Overview
This document explains how to securely manage SSH private keys using Ansible Vault and the copy module with decryption capabilities, including proper playbook configuration to handle decryption before fact gathering.
## Important: Playbook Configuration
### Critical Setup Requirements
```yaml
---
- name: Deploy with encrypted SSH key
hosts: all
gather_facts: false # ⚠️ ESSENTIAL - prevents early SSH connection attempts
vars:
ssh_private_key_file: key/deploy # Path to your encrypted key file
tasks:
# Your decryption and deployment tasks here
```
### Why `gather_facts: false` is Mandatory
**Without `gather_facts: false`:**
- Ansible attempts to connect to target hosts immediately
- It tries to use SSH with the default SSH agent configuration
- Fails because the encrypted key isn't decrypted yet
- Playbook stops before reaching your decryption task
**With `gather_facts: false`:**
- Ansible skips the initial fact gathering phase
- Allows your decryption task to run first
- You control when and how the SSH key is used
## Step 1: Encrypt SSH Private Key with Ansible Vault
### Encrypt an existing SSH key:
```bash
# Method 1: Interactive password prompt
ansible-vault encrypt key/deploy --ask-vault-pass
# Method 2: Using a password file
ansible-vault encrypt key/deploy --vault-password-file vault_pass.txt
# Method 3: Using vault ID
ansible-vault encrypt key/deploy --vault-id deploy@vault_pass.txt
```
### Create a new encrypted SSH key:
```bash
ansible-vault create key/deploy --vault-password-file vault_pass.txt
```
### Verify encrypted content:
```bash
ansible-vault view key/deploy --vault-password-file vault_pass.txt
```
## Step 2: Complete Ansible Playbook Example
### Full playbook structure:
```yaml
---
- name: Deploy using encrypted SSH key
hosts: all
gather_facts: false # CRITICAL: Must be disabled
vars:
ssh_private_key_file: key/deploy
decrypted_key_path: /tmp/ansible_deploy_key
tasks:
- name: Decrypt SSH private key
copy:
src: "{{ ssh_private_key_file }}"
dest: "{{ decrypted_key_path }}"
decrypt: yes
mode: '0600'
delegate_to: localhost
become: false
run_once: true
- name: Enable fact gathering with decrypted key
setup:
delegate_to: localhost
become: false
- name: Use the decrypted key for deployment
ansible.builtin.shell: |
ssh -i "{{ decrypted_key_path }}" \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
deploy@{{ inventory_hostname }} 'deployment_command'
args:
executable: /bin/bash
- name: Remove decrypted SSH key (cleanup)
file:
path: "{{ decrypted_key_path }}"
state: absent
delegate_to: localhost
become: false
always: yes
```
## Step 3: Running the Playbook
### Execution methods:
```bash
# With password file
ansible-playbook playbook.yml --vault-password-file vault_pass.txt
# Interactive password prompt
ansible-playbook playbook.yml --ask-vault-pass
# With vault ID
ansible-playbook playbook.yml --vault-id deploy@vault_pass.txt
# With inventory file
ansible-playbook -i hosts.ini playbook.yml --vault-password-file vault_pass.txt
```
## Step 4: Advanced Error Handling & Security
### Robust playbook with proper error handling:
```yaml
---
- name: Secure deployment with encrypted SSH key
hosts: all
gather_facts: false
vars:
ssh_private_key_file: key/deploy
decrypted_key_path: "/tmp/ansible_deploy_key_{{ ansible_date_time.epoch }}"
tasks:
- name: Ensure encrypted key file exists
stat:
path: "{{ ssh_private_key_file }}"
register: key_file
delegate_to: localhost
become: false
- name: Fail if encrypted key is missing
fail:
msg: "Encrypted SSH key file {{ ssh_private_key_file }} not found"
when: not key_file.stat.exists
delegate_to: localhost
become: false
- name: Decrypt SSH private key
copy:
src: "{{ ssh_private_key_file }}"
dest: "{{ decrypted_key_path }}"
decrypt: yes
mode: '0600'
delegate_to: localhost
become: false
run_once: true
- name: Verify decrypted key permissions
file:
path: "{{ decrypted_key_path }}"
mode: '0600'
delegate_to: localhost
become: false
- name: Gather facts using decrypted key (if needed)
setup:
delegate_to: localhost
become: false
- name: Perform deployment tasks
block:
- name: Execute remote deployment
ansible.builtin.shell: |
ssh -i "{{ decrypted_key_path }}" \
-o ConnectTimeout=30 \
-o StrictHostKeyChecking=no \
deploy@{{ inventory_hostname }} 'your_deployment_script'
args:
executable: /bin/bash
register: deployment_result
- name: Display deployment output
debug:
var: deployment_result.stdout
rescue:
- name: Handle deployment failure
debug:
msg: "Deployment failed - check SSH connectivity and permissions"
always:
- name: Always remove decrypted key
file:
path: "{{ decrypted_key_path }}"
state: absent
delegate_to: localhost
become: false
```
## Security Best Practices
### 1. File Security:
```bash
# Secure permissions for password files
chmod 600 vault_pass.txt
# Secure permissions for encrypted key
chmod 600 key/deploy
```
### 2. Temporary File Safety:
- Use unique temporary filenames with timestamps
- Set strict permissions (0600)
- Always clean up, even on failure
### 3. Key Management:
- Never store unencrypted keys in version control
- Rotate deployment keys regularly
- Use different keys for different environments
## Troubleshooting
### Common Issues & Solutions:
1. **"Permission denied" errors:**
- Verify vault password is correct
- Check encrypted file permissions
- Ensure cleanup tasks run successfully
2. **SSH connection failures:**
- Verify the decrypted key is authorized on target hosts
- Check network connectivity
- Validate target host accessibility
3. **Fact gathering issues:**
- Use `gather_facts: false` in main playbook
- Manually call `setup` module after decryption if needed
### Debug Commands:
```bash
# Test vault decryption
ansible-vault view key/deploy --vault-password-file vault_pass.txt
# Verify playbook syntax
ansible-playbook playbook.yml --syntax-check
# Dry run to see what would happen
ansible-playbook playbook.yml --vault-password-file vault_pass.txt --check
```
## Summary
The key points for successful encrypted SSH key management:
1. **Always use `gather_facts: false`** in the main playbook
2. **Decrypt the key early** in your tasks
3. **Use unique temporary paths** for decrypted keys
4. **Always clean up** decrypted keys, even on failures
5. **Secure your vault passwords** with proper file permissions
This approach ensures your SSH keys remain encrypted at rest and are only temporarily decrypted during execution, maintaining security throughout your deployment process.

1
forge/gitrepo/addrepo.sh
Unescape Escape View File

@ -0,0 +1 @@
ansible-playbook -i hosts --private-key myprivatekey.key playbook.yml

4
forge/gitrepo/ansible.cfg
Unescape Escape View File

@ -0,0 +1,4 @@
[defaults]
host_key_checking = false
inventory = hosts

1
forge/gitrepo/hosts
Unescape Escape View File

@ -0,0 +1 @@
gitserver ansible_host="{{ domain }}" ansible_ssh_user="{{ git_user }}" ansible_python_interpreter="/usr/bin/python3"

25
forge/gitrepo/playbook.yml
Unescape Escape View File

@ -0,0 +1,25 @@
- hosts: gitserver
vars:
domain: "forge.myforge.fr"
git_repos: /home/git
git_user: git
vars_prompt:
- name: repo_name
prompt: "What is the name of the new repository's you need to create?"
private: false
tasks:
- name: make a bare repo named "{{ repo_name }}"
ansible.builtin.shell: "git init --bare --shared {{ repo_name }}.git"
args:
chdir: "{{ git_repos }}"
creates: "{{ repo_name }}.git"
become_user: "{{ git_user }}"
- name: Change repo's group and permissions
ansible.builtin.file:
path: "{{ git_repos }}/{{ repo_name }}.git"
state: directory
group: git
mode: '0770'
recurse: yes

30
forge/gitrepo/readme.rst
Unescape Escape View File

@ -0,0 +1,30 @@
Defder.fr git repository server
=================================
Description
-----------
The repo is just a bare git shared over ssh.
Usage
-------
`git clone`
If you need to clone a repo::
git clone git@myforge.fr:{{repo_name}}.git
New repo
-----------
If you need to make a new repository,
1. Install ansible (`apt install ansible-core` on ubuntu, or simply `pip install ansible`).
.. attention:: Ansible does not work on a windows system.
2. Launch the `run_playbook.sh` script::
gitrepo (main =) $ ./run_playbook.sh
What is the new repository's name?: myrepo

4
forge/gitserver/ansible.cfg
Unescape Escape View File

@ -0,0 +1,4 @@
[defaults]
host_key_checking = false
inventory = hosts

7
forge/gitserver/gitrepo.yml
Unescape Escape View File

@ -0,0 +1,7 @@
- hosts: gitserver
become: true
become_method: sudo
roles:
- common
- git

1
forge/gitserver/hosts
Unescape Escape View File

@ -0,0 +1 @@
gitserver ansible_host=forge.myforge.fr ansible_ssh_user=root ansible_python_interpreter="/usr/bin/python3"

2
forge/gitserver/install.sh
Unescape Escape View File

@ -0,0 +1,2 @@
#ansible-playbook gitrepo.yml
ansible-playbook --private-key mykey.key gitrepo.yml

13
forge/gitserver/readme.rst
Unescape Escape View File

@ -0,0 +1,13 @@
git ssh repo
==================
Clone a repository
-----------------------
To clone a repo, do::
git clone git@myaddress.site:myproject.git
this is a shorthand for::
git clone ssh://git@myaddress/home/git/myproject.git

2
forge/gitserver/roles/common/meta/.galaxy_install_info
Unescape Escape View File

@ -0,0 +1,2 @@
install_date: "dim. 02 f\xE9vr. 2025 11:21:06"
version: 1.0.0

12
forge/gitserver/roles/common/meta/main.yml
Unescape Escape View File

@ -0,0 +1,12 @@
---
galaxy_info:
author: Gwen
description: Ansible role to update, upgrade and add somme paquets
company: defder
license: MIT
platforms:
- name: Ubuntu
galaxy_tags:
- apt
dependencies: []

26
forge/gitserver/roles/common/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,26 @@
---
- name: Update & upgrade system
apt:
update_cache: yes
upgrade: dist
tags:
- update
- name: Install required packages
apt:
name:
- htop
- vim
- locales
- python-is-python3
- python3-pip
- wget
- zip
- bzip2
- vim-common
- screen
- curl
- git
- unzip
state: present

1
forge/gitserver/roles/git/files/gwen.pub
Unescape Escape View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDem+BGBCt8Sf/tzWJmWYJKiEWI0GQn9xLfpo+KCnnJmHV2tv9a1a5ED4IJttXjqdlMrENIe6g0MBxbcqxtgLKUvYhNpw0eKz1zUOec1WzcPh+K7VRMYKBDTemUl5Tw4tw9IQe8XtoT64YsG+YJJlZ/WxgIRUDf4VGpEgpxGf9o+6bDwNaSlZcc24+Rm4EHGPFfCz0OdLMECUrW+PrhmES+mlFcCBxcOsdWPl1GZ0nGiyfbK8ozgaLHwgOXR0D0eYOYyfkWmqlwrMgv2ZkhTbgRwfNxgDljlz4cK78Cp5hNBwTacX9r3t7763V+6LdCKpJtY5h5C036lfWhmU8n0rcx gwen@gwen

1
forge/gitserver/roles/git/files/selcuk.pub
Unescape Escape View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoeAXaO4A5BykCzy5SA0wnI2AcAcSwt8XfuxaV/bTYmY1st4yH8JeEGsVB6qLVGJ9PWgkn0Avt4r8W+aF81duMDnH5F2vU18dtyBh/tmn4iTmEdqHIoz2OFGjvtYxr7t9RIgTiaHoJ6Mc73YrrFMTZo3HJZarP+I29slaeMHgYq4UrwMHhNQ24BProg4RrIt8Xcts8OqgJSYGuI4mPF7vRbNSiCk8mmjuUQX4IPP0jWKka+kO8EUEYjeK6oivdHxbYh8FeZZJP39NUPu0Q2ldu6jV1mfIgGfg2TAMB5gcaivWXpzTx4NhXcmq+oymIhvTd106ch8dWUF7bijeghN0sdc+uz43YXMzV3OdlfK7esxu9W05Iea7THFtywkbqu1N5nXHNtAvgDV+hNEKdE0mLJpq/qt+li4tvkDT5aXxGxwaXhgH0/0upHjUQY2OPP769y9JhsJnnK4D3YwtUtzUxNhmvV26Qsd9IKSVnHh+opG0XTJrGWs8Qko+cHCouVRdVQ0KwyGrdHMy2+R8IJvTa6DISBX/C72GYjZeJE5W3C4Q62t6hXtPWl+zEtCwqKaDQXswKuVvL8ZnacgS6/qYcU2HfYbmuGHM/59u7x4oI7ehZZvyqx1gNuJGM85XBm15ke3DF14UlppJlgFg3ED97Vf1AvdnYECC7V7zrwZwtQQ== selcukcemoglu@gmail.com

37
forge/gitserver/roles/git/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,37 @@
---
- name: Ensure that the git group exists
ansible.builtin.group:
name: "{{ git_group }}"
state: present
- name: add git user
ansible.builtin.user:
name: "{{ git_user }}"
home: "{{ git_homedir }}"
create_home: yes
shell: "/bin/bash"
groups: "{{ git_group }}"
append: true
state: present
#- name: add authorized_key to user
# ansible.posix.authorized_key:
# user: git
# state: present
# key: "{{ lookup('file', 'files/XXX.pub') }}"
- name: Add authorized_key for users
ansible.posix.authorized_key:
user: "{{ item.user }}"
state: present
key: "{{ lookup('file', 'files/' + item.key) }}"
loop: "{{ users }}"
#- name: create repositories directory
# ansible.builtin.file:
# path: "{{ git_repos }}"
# owner: "{{ git_user }}"
# group: "{{ git_group }}"
# state: directory
# mode: u=rwx,g=rwx,o=r

10
forge/gitserver/roles/git/vars/main.yml
Unescape Escape View File

@ -0,0 +1,10 @@
git_user: git
git_homedir: /home/git
git_group: git
git_repos: /home/git
users:
- user: "git"
key: "gwen.pub"
- user: "git"
key: "selcuk.pub"

7
forge/gitserver/todo.txt
Unescape Escape View File

@ -0,0 +1,7 @@
TODO
========
- mettre la ssh-key dans un inventory en yaml et pas dans la ligne de commande
- sécurisation du serveur (interdire ssh root, creer un compte admin de ssh,
ufw, port ssh 2222, ...)

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 10-47-11.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 149 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 11-32-47.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 11-34-33.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 11-35-21.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 11-40-09.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 11-40-40.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 11-47-23.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 11-49-20.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 12-09-52.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 12-12-19.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 215 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 12-15-18.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 199 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 15-07-23.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 142 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 15-08-02.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 168 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 15-10-45.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 15-11-15.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 112 KiB

BIN
gitlab/gitlab_cicd/Capture d’écran du 2023-03-06 15-13-50.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 192 KiB

26
gitlab/gitlab_pages.txt
Unescape Escape View File

@ -0,0 +1,26 @@
affectation d'un nom de domaine sur un projet gitlab
==========================================================
https://docs.framasoft.org/fr/gitlab/gitlab-pages.html#configuration-dns
settings > Pages
- ajouter un domaine (celui qu'on veut) exemple : test.pedrolalune.fr
sur le gitlab de framagit, mon projet est titi
https://gwen71.frama.io/titi/
configuration dns chez ovh :
- faire la redirection (CNAME)
exemple test.pedrolalune.fr -> gwen71.frama.io.
- TXT :
_gitlab-pages-verification-code.test ->
"_gitlab-pages-verification-code.test.pedrolalune.fr TXT
gitlab-pages-verification-code=2613sdfsdfsfdsdfsdf"
puis retourner dans les Pages gitlab,
et appuyer sur le bouton de vérification du nom de domaine.

BIN
gitlab/gitlab_pages/Capture d’écran du 2023-03-06 18-37-05.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
gitlab/gitlab_pages/Capture d’écran du 2023-03-07 10-31-24.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
gitlab/gitlab_pages/Capture d’écran du 2023-03-07 11-13-19.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 128 KiB

BIN
gitlab/gitlab_pages/Capture d’écran du 2023-03-07 11-14-55.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 106 KiB

BIN
gitlab/gitlab_pages/Capture d’écran du 2023-03-07 11-18-44.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
gitlab/gitlab_pages/Capture d’écran du 2023-03-07 11-18-58.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save