change

2025-08-27 13:15:16 +02:00
parent e67cc93516
commit 7ce8cf1662
13 changed files with 234 additions and 95 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,17 +1,24 @@
 ---
 exclude_paths:
  - .gitea/
  - .github/
  - .git/
  - .cache/
  - test/
  - tests/
  - molecule/
 skip_list:
  - yaml[line-length]
  - name[casing]
  - no-changed-when
  - command-instead-of-module
  - risky-file-permissions
 warn_list:
  - experimental
  - role-name[path]
  - var-naming[no-role-prefix]
 enable_list:
  - fqcn-builtins
@@ -23,4 +30,11 @@ kinds:
  - vars: "**/vars/*.yml"
  - defaults: "**/defaults/*.yml"
  - handlers: "**/handlers/*.yml"
-  - meta: "**/meta/*.yml"
+  - meta: "**/meta/*.yml"
  - yaml: "*.yaml"
  - yml: "*.yml"
 use_default_rules: true
 parseable: true
 quiet: false
 verbosity: 1
--- a/.gitignore
+++ b/.gitignore
@@ -1,29 +1,70 @@
 # Ansible
 *.retry
 *.log
 .vault_pass
-.ansible_vault_pass
+vault.yml
 secrets
 secrets.yml
 *.vault
-# SSH keys
+# SSH Keys
 *.pem
 *.key
 *.pub
 id_rsa*
-ansible_key*
+id_ed25519*
 authorized_keys
-# Temporary files
+# Backup files
-*.tmp
+*.bak
-*.temp
+*.backup
 *.old
 *~
 *.swp
 *.swo
 # Python
 __pycache__/
 *.py[cod]
 *$py.class
 .Python
 env/
 venv/
 .env
 .venv
 # OS
 .DS_Store
 Thumbs.db
 desktop.ini
 # IDE
 .vscode/
 .idea/
-*.swp
+*.iml
-*.swo
+.project
 .settings/
-# Logs
+# Ansible
-*.log
+.ansible/
 /tmp/ansible_facts/
 ansible-facts/
-# Backups
+# Test
-*.bak
+test/
-*.backup
+tests/
 molecule/
 .molecule/
 .cache/
 .pytest_cache/
 # Local
 local/
 *.local
 *.local.yml
 .vagrant/
 # Terraform (si utilisé)
 *.tfstate
 *.tfstate.*
 .terraform/
--- a/.yamllint.yml
+++ b/.yamllint.yml
@@ -7,12 +7,32 @@ rules:
    level: warning
  truthy:
    allowed-values: ['true', 'false', 'yes', 'no']
    check-keys: false
  comments:
    min-spaces-from-content: 1
  comments-indentation: disable
  indentation:
    spaces: 2
    indent-sequences: true
  brackets:
    max-spaces-inside: 1
  braces:
    max-spaces-inside: 1
  colons:
    max-spaces-after: -1
  commas:
    max-spaces-after: -1
  document-start:
    present: true
  empty-lines:
    max: 2
  key-duplicates: enable
  new-line-at-end-of-file: enable
  trailing-spaces: enable
 ignore: |
  .gitea/
-  *.md
+  .github/
  *.md
  .vault_pass
  vault.yml
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -2,7 +2,6 @@
 host_key_checking = False
 inventory = ./inventories/production/hosts.yml
 remote_user = ansible
 private_key_file = ~/.ssh/ansible_key
 roles_path = ./roles
 collections_path = ./collections
 retry_files_enabled = False
@@ -11,11 +10,12 @@ fact_caching = jsonfile
 fact_caching_connection = /tmp/ansible_facts
 fact_caching_timeout = 86400
 stdout_callback = yaml
 callback_whitelist = profile_tasks
 deprecation_warnings = False
 command_warnings = False
 ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
 interpreter_python = /usr/bin/python3
 [ssh_connection]
 pipelining = True
-control_path = /tmp/ansible-ssh-%%h-%%p-%%r
+control_path = /tmp/ansible-ssh-%%h-%%p-%%r
 ssh_args = -o ControlMaster=auto -o ControlPersist=60s
--- a/inventories/production/group_vars/all.yml
+++ b/inventories/production/group_vars/all.yml
@@ -1,7 +1,6 @@
 ---
-# Variables globales pour la production
+# Configuration Ansible
 ansible_user: ansible
 ansible_ssh_private_key_file: ~/.ssh/ansible_key
 ansible_become: true
 ansible_become_method: sudo
@@ -16,6 +15,10 @@ minecraft_sources_dir: /opt/minecraft/sources
 minecraft_tools_dir: /opt/minecraft/tools
 minecraft_backup_dir: /opt/minecraft/backups
 # Configuration mémoire
 minecraft_memory_min: 2048
 minecraft_memory_max: 4096
 # Configuration Java
 java_version: 21
 java_vendor: openjdk
@@ -24,8 +27,50 @@ java_vendor: openjdk
 server_port: 25565
 rcon_port: 25575
 enable_rcon: true
 rcon_password: "{{ vault_rcon_password | default('ChangeMe123!') }}"
 # Configuration serveur
 server_name: "Production Minecraft Server"
 max_players: 20
 view_distance: 10
 gamemode: survival
 difficulty: normal
 enable_command_block: false
 online_mode: true
 pvp: true
 white_list: false
 # Configuration Backup
 backup_retention_daily: 7
 backup_retention_weekly: 4
-backup_retention_monthly: 3
+backup_retention_monthly: 3
 backup_time_daily: "03:00"
 backup_time_weekly: "04:00"
 backup_time_monthly: "05:00"
 # Configuration sécurité
 ssh_port: 22
 firewall_allowed_tcp_ports:
  - 22
  - 25565
  - 25575
 firewall_allowed_udp_ports: []
 # Administrateurs SSH (à remplir avec vos clés)
 admin_ssh_keys: []
 #  - name: admin1
 #    key: "ssh-rsa AAAAB3..."
 # Opérateurs Minecraft (à remplir)
 minecraft_ops: []
 #  - name: "PlayerName"
 #    uuid: "uuid-here"
 #    level: 4
 #    bypassesPlayerLimit: true
 # Plugins à installer
 minecraft_plugins_list:
  - name: "EssentialsX"
    url: "https://github.com/EssentialsX/Essentials/releases/latest/download/EssentialsX.jar"
  - name: "Vault"
    url: "https://github.com/MilkBowl/Vault/releases/latest/download/Vault.jar"
--- a/inventories/production/group_vars/minecraft_servers.yml
+++ b/inventories/production/group_vars/minecraft_servers.yml
@@ -1,27 +0,0 @@
 ---
 # Configuration spécifique aux serveurs Minecraft
 minecraft_version: "1.21.6"
 minecraft_user: minecraft
 minecraft_group: minecraft
 minecraft_home: /opt/minecraft
 # Chemins
 minecraft_sources_dir: "{{ minecraft_home }}/sources"
 minecraft_server_dir: "{{ minecraft_home }}/server"
 minecraft_tools_dir: "{{ minecraft_home }}/tools"
 minecraft_backups_dir: "{{ minecraft_home }}/backups"
 # Configuration serveur
 minecraft_memory_min: "1G"
 minecraft_memory_max: "4G"
 minecraft_port: 25565
 minecraft_rcon_port: 25575
 minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
 # Java
 java_version: 21
 # Backups
 backup_retention_daily: 7
 backup_retention_weekly: 4
 backup_retention_monthly: 6
--- a/inventories/production/hosts.yml
+++ b/inventories/production/hosts.yml
@@ -5,11 +5,8 @@ all:
      hosts:
        minecraft-prod-01:
          ansible_host: 192.168.1.10
          ansible_user: ansible
        minecraft-prod-02:
          ansible_host: 192.168.1.11
          ansible_user: ansible
      vars:
        ansible_user: ansible
        environment: production
        minecraft_memory: 4096
        minecraft_port: 25565
--- a/inventories/staging/group_vars/all.yml
+++ b/inventories/staging/group_vars/all.yml
@@ -1,11 +1,10 @@
 ---
-# Variables globales pour le staging
+# Configuration Ansible
 ansible_user: ansible
 ansible_ssh_private_key_file: ~/.ssh/ansible_key
 ansible_become: true
 ansible_become_method: sudo
-# Configuration Minecraft (staging)
+# Configuration Minecraft
 minecraft_version: "1.21.6"
 minecraft_type: "spigot"
 minecraft_user: minecraft
@@ -16,6 +15,10 @@ minecraft_sources_dir: /opt/minecraft/sources
 minecraft_tools_dir: /opt/minecraft/tools
 minecraft_backup_dir: /opt/minecraft/backups
 # Configuration mémoire
 minecraft_memory_min: 2048
 minecraft_memory_max: 4096
 # Configuration Java
 java_version: 21
 java_vendor: openjdk
@@ -24,8 +27,50 @@ java_vendor: openjdk
 server_port: 25565
 rcon_port: 25575
 enable_rcon: true
 rcon_password: "{{ vault_rcon_password | default('ChangeMe123!') }}"
 # Configuration serveur
 server_name: "Production Minecraft Server"
 max_players: 20
 view_distance: 10
 gamemode: survival
 difficulty: normal
 enable_command_block: false
 online_mode: true
 pvp: true
 white_list: false
 # Configuration Backup
-backup_retention_daily: 3
+backup_retention_daily: 7
-backup_retention_weekly: 2
+backup_retention_weekly: 4
-backup_retention_monthly: 1
+backup_retention_monthly: 3
 backup_time_daily: "03:00"
 backup_time_weekly: "04:00"
 backup_time_monthly: "05:00"
 # Configuration sécurité
 ssh_port: 22
 firewall_allowed_tcp_ports:
  - 22
  - 25565
  - 25575
 firewall_allowed_udp_ports: []
 # Administrateurs SSH (à remplir avec vos clés)
 admin_ssh_keys: []
 #  - name: admin1
 #    key: "ssh-rsa AAAAB3..."
 # Opérateurs Minecraft (à remplir)
 minecraft_ops: []
 #  - name: "PlayerName"
 #    uuid: "uuid-here"
 #    level: 4
 #    bypassesPlayerLimit: true
 # Plugins à installer
 minecraft_plugins_list:
  - name: "EssentialsX"
    url: "https://github.com/EssentialsX/Essentials/releases/latest/download/EssentialsX.jar"
  - name: "Vault"
    url: "https://github.com/MilkBowl/Vault/releases/latest/download/Vault.jar"
--- a/inventories/staging/group_vars/minecraft_servers.yml
+++ b/inventories/staging/group_vars/minecraft_servers.yml
@@ -1,27 +0,0 @@
 ---
 # Configuration spécifique aux serveurs Minecraft de staging
 minecraft_version: "1.21.6"
 minecraft_user: minecraft
 minecraft_group: minecraft
 minecraft_home: /opt/minecraft
 # Chemins
 minecraft_sources_dir: "{{ minecraft_home }}/sources"
 minecraft_server_dir: "{{ minecraft_home }}/server"
 minecraft_tools_dir: "{{ minecraft_home }}/tools"
 minecraft_backups_dir: "{{ minecraft_home }}/backups"
 # Configuration serveur (plus petite pour staging)
 minecraft_memory_min: "512M"
 minecraft_memory_max: "2G"
 minecraft_port: 25565
 minecraft_rcon_port: 25575
 minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
 # Java
 java_version: 21
 # Backups (retention plus courte en staging)
 backup_retention_daily: 3
 backup_retention_weekly: 2
 backup_retention_monthly: 1
--- a/inventories/staging/hosts.yml
+++ b/inventories/staging/hosts.yml
@@ -5,8 +5,8 @@ all:
      hosts:
        minecraft-staging-01:
          ansible_host: 192.168.2.10
          ansible_user: ansible
      vars:
        ansible_user: ansible
        environment: staging
        minecraft_memory: 2048
        minecraft_port: 25565
--- a/requirements.yml
+++ b/requirements.yml
@@ -3,6 +3,4 @@ collections:
  - name: ansible.posix
    version: ">=1.5.4"
  - name: community.general
-    version: ">=8.0.0"
+    version: ">=8.0.0"
 roles: []
--- a/scripts/test-connection.sh
+++ b/scripts/test-connection.sh
@@ -0,0 +1,23 @@
 #!/bin/bash
 # Test de connexion aux serveurs
 echo "=== Test de connexion aux serveurs ==="
 # Test staging
 echo "Test de connexion à staging..."
 ansible -i inventories/staging/hosts.yml minecraft_servers -m ping
 # Test production
 echo "Test de connexion à production..."
 ansible -i inventories/production/hosts.yml minecraft_servers -m ping
 echo ""
 echo "=== Test de privilèges sudo ==="
 # Test sudo staging
 echo "Test sudo sur staging..."
 ansible -i inventories/staging/hosts.yml minecraft_servers -b -m command -a "whoami"
 # Test sudo production
 echo "Test sudo sur production..."
 ansible -i inventories/production/hosts.yml minecraft_servers -b -m command -a "whoami"
--- a/site.yml
+++ b/site.yml
@@ -14,17 +14,27 @@
  roles:
    - role: 01-server_hardening
-      tags: ['hardening', 'security']
+      tags: 
        - hardening
        - security
    - role: 02-installation-java
-      tags: ['java', 'prerequisites']
+      tags: 
        - java
        - prerequisites
-    - role: 03-installation-Minecraft
+    - role: 03-Installation-Minecraft
-      tags: ['minecraft', 'installation']
+      tags: 
        - minecraft
        - installation
    - role: 04-backups
-      tags: ['backup', 'maintenance']
+      tags: 
        - backup
        - maintenance
    - role: 05-Update
-      tags: ['update', 'maintenance']
+      tags: 
        - update
        - maintenance
      when: update_check | default(false)