Merge pull request 'configure' (#2) from configure into master

Reviewed-on: #2

blacklist/vps-host/etc/sentinel/blacklist

@@ -0,0 +1,78 @@
+51.222.107.37
+45.33.110.22
+185.142.236.35
+164.92.135.200
+46.101.166.31
+195.181.163.29
+206.189.47.168
+103.74.54.128
+185.180.143.140
+146.0.77.38
+172.104.249.218
+137.184.200.131
+128.90.135.254
+134.209.70.98
+3.235.198.47
+71.6.199.23
+20.84.48.39
+193.42.33.15
+167.235.148.2
+54.74.107.180
+170.187.229.101
+165.227.89.199
+165.22.98.234
+34.122.37.133
+167.172.141.44
+167.172.142.119
+134.209.207.188
+34.125.93.26
+34.162.183.125
+139.59.138.104
+35.245.198.244
+143.198.85.144
+157.245.136.150
+185.134.23.83
+20.125.115.103
+185.163.109.66
+128.199.85.172
+148.153.45.238
+185.142.236.34
+45.13.227.172
+18.204.48.86
+34.106.22.184
+51.222.107.37
+106.75.176.55
+146.190.84.120
+143.198.213.67
+34.125.234.83
+43.130.152.82
+45.59.163.17
+172.94.9.227
+148.153.45.236
+68.183.183.237
+89.187.162.187
+206.189.38.98
+2.57.122.253
+172.105.190.200
+15.188.26.9
+13.49.23.69
+20.87.214.199
+45.55.64.12
+188.166.187.222
+167.71.24.123
+185.213.174.115
+165.232.174.66
+161.35.153.48
+54.219.74.101
+2.57.122.81
+165.22.96.121
+43.153.118.27
+43.153.12.17
+185.180.143.141
+18.144.156.146
+193.56.29.113
+3.129.42.4
+169.197.143.220
+3.15.142.108
+139.162.34.62
+80.66.79.22

inventory/host_vars/vps-host

@@ -1,14 +1,30 @@
 $ANSIBLE_VAULT;1.1;AES256
-37656337323032643834333437363330363932363462306332646166616531616265646536373530
+33636162336330363833666465326430326230353032643365623263306139346138363135316462
-6234313633353137656665653536663964393264303532610a633664613332343333363034396238
+6232623366616434333833333630663435333237306563630a333065363335653361613135316131
-61643465363532383661636238356566616161343034343166656364353538353564333235373663
+38346464653533633062636534303937366534383064376232336635663665323163386566336465
-3336313930643062370a316439666335626265306338383939306433343439666333646632613366
+3037636164626361390a373963346334616232323639353561306631333834613964363635626330
-65663766326333623033643933613962393163313566636238353964656636633265373936626364
+62633139383230373063313136383534653230323038313762323430393164616534363836376333
-65313565663265613532623563366533393030643539346363613035656632323762666131643530
+30303662613534333631393031303165376435363831323636316561336530393963313465356164
-61616338616637336333663363323761653564633137633361333364663232656136353966346134
+37386462643361363265326230393465313536343533646437393634663663663862643033323966
-38313435653131326161383564386261356333356164393034663538326262633036383438666330
+34396162613134343738343861666663643338363136383262666263623933316435323135656331
-65393939363338363932653461393234346431653661626338653536353562396664313932346432
+30373134376565633662646365636464663562636666303061653664633138326139373737303163
-39353035373263633938336337346461306162656662363461306538353436353063363764323631
+30613561366233333264336562633837393239626462633238323564386332613861323266643733
-30386334356534663238656166666432636233353935623331366130323264393231306265363761
+37653764646637313631326365373935313762393934663234326362393762313434663366663165
-37323163663561393938366662373963303634636564346663363239346332316336366636636235
+62313036373732383739666166626631353738323830636234383430313539666433643139346232
-64343466333931353861346164656234393265653034623335636266393262323234
+39626462613537363263343166663038346338383863343334656433396238346330653938373139
+39373265373961303763613962353762303735323966373762616462643433353162623136656130
+34666362373638303635313833663133623431353230386266653962646163646665333334646661
+38663634346461663430623235623138666563343739643432366635653331663233366136353666
+35393765346362663561633064356364623737353862353334386638306362363362386663663636
+37663731356664396330663862623965343237643066663031336338313937363461343264633534
+39613230373964663462656664656161623939656361336532383530303030666264323439623231
+65643430643433643239333338646363343933373934353435646337333238663239613539333862
+33333130386239303738366262386562323261653334356238646132313861396661633937353630
+65643064383036623035313766346636636264653265666232343837343033646466623066663932
+37313366363064613662383938663965633865326333323264363730666635316533393331643362
+64373661303761633862613237363430346134346237633736326139363963656239393162616432
+31663437333434626536353164663234353164623265623538303031333833646438616265306633
+38346535366531323032313232656533613431313133373561343465616266306634656237333038
+65633134656132623238363136623934346235316336326136613863626564396339646265323262
+65313239353737656231383664656431343239363730666362376532663835643337666664393738
+6131

playbook.yml

@@ -1,5 +1,5 @@
 ---
 - hosts: all
-  remote_user: admloc
+  remote_user: valentin
   roles:
     - deploy-web

roles/deploy-web/files/blacklist.sh

@@ -3,35 +3,40 @@ MAIL=/tmp/mail
 SERVER_LOG=/var/log/nginx
 HOST=($(cat /etc/sentinel/virtualhost))
 BLACKLIST=/etc/sentinel/blacklist
-chain_count=$(iptables -L BLACKLIST -n | wc -l)
+currently_blacklist=$(ps -ef | grep blacklist | grep bash |grep ${USER}  | wc -l)
-if [ ${chain_count} -eq 0 ]; then
-	bash /usr/local/bin/sentinel/refill_blacklist.sh
-fi
 
-for i in ${HOST[@]}
+if [ ${currently_blacklist} -eq 2 ]; then
-do
+
-	log_access=${SERVER_LOG}/${i}_access.log
+	chain_count=$(iptables -L BLACKLIST -n | wc -l)
-	tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
+	if [ ${chain_count} -eq 0 ]; then
-	cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
+		bash /usr/local/bin/sentinel/refill_blacklist.sh
-	cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
-	cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
-	cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
-	count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l)
-	if [ ${count} -ne 0 ]; then
-		echo "Nouvelle IP blacklisté" > ${MAIL}
-		list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v  |sort |uniq))
-		for j in ${list_ip[@]}
-		do
-			echo ${j} >> ${MAIL}
-			curl http://ipinfo.io/${j} >> ${MAIL}
-			echo "" >> ${MAIL}
-			cat /tmp/error_$i | grep ${j} >> ${MAIL} 
-			echo "" >> ${MAIL}
-			echo ${j} >> ${BLACKLIST}
-			iptables -A BLACKLIST -s ${j} -j DROP
-		done
-		echo "IP dejà blacklisté : " >> ${MAIL}
-		cat ${BLACKLIST} >> ${MAIL}
-		cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
 	fi
-done
+
+	for i in ${HOST[@]}
+	do
+		log_access=${SERVER_LOG}/${i}_access.log
+		tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
+		cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
+		cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
+		cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
+		cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
+		count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l)
+		if [ ${count} -ne 0 ]; then
+			echo "Nouvelle IP blacklisté" > ${MAIL}
+			list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v  |sort |uniq))
+			for j in ${list_ip[@]}
+			do
+				echo ${j} >> ${MAIL}
+				curl http://ipinfo.io/${j} >> ${MAIL}
+				echo "" >> ${MAIL}
+				cat /tmp/error_$i | grep ${j} >> ${MAIL} 
+				echo "" >> ${MAIL}
+				echo ${j} >> ${BLACKLIST}
+				iptables -A BLACKLIST -s ${j} -j DROP
+			done
+			echo "IP dejà blacklisté : " >> ${MAIL}
+			cat ${BLACKLIST} >> ${MAIL}
+			cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
+		fi
+	done
+fi

roles/deploy-web/files/getinfo_day.sh

@@ -2,7 +2,7 @@
 MAIL=/tmp/mail
 DIRECTORY=/home/valentin/mail
 SERVER_LOG=/var/log/nginx
-TOKEN=af920d2f7dbe97
+TOKEN=$(cat /etc/sentinel/token)
 DATE=$(date +%Y%m%d-%H%M%S)
 HOST=($(cat /etc/sentinel/virtualhost))
 WEEK=$(date +%V)
@@ -26,6 +26,7 @@ do
 	cat $log_access | grep "|" | awk -F "|" '{print $1}' | sort | uniq > $directory_host/list_$DATE
 	cat $log_access | awk -F "|" '{ if($2 == "404") print $1}' > $directory_host/404_$DATE
 	cat $log_access | awk -F "|" '{ if($2 == "400") print $1}' > $directory_host/400_$DATE
+	grep robots.txt $log_access | awk -F '|' '{print $3}' > $directory_host/robots_$DATE
 	while read line; do
 		if grep $line $DIRECTORY/*/*/output_*.txt > /dev/null 2>&1; then
 			grep -h -B1 -A8 $line $DIRECTORY/*/*/output_*.txt |head -10 >> $directory_host/output_$DATE.txt
@@ -50,6 +51,9 @@ do
 		cat $directory_host/${j}_$DATE |sort |uniq -c >> ${MAIL}
 		echo "--------" >> ${MAIL}
 	done
+	echo "nombre de robots " >> ${MAIL}
+	cat $directory_host/robots_$DATE |sort |uniq -c >> ${MAIL}
+	echo "---------" >> ${MAIL}
 	cat ${MAIL} |mail -s "Rapport reverse proxy $DATE" -A $directory_host/output_$DATE.txt valczebackup@gmail.com
 	#rm $directory_host/*
 done

roles/deploy-web/files/getinfo_month.sh

@@ -23,6 +23,10 @@ do
 		cat $directory_host/${j}_* |sort |uniq -c >> ${MAIL}
 		echo "----------------" >> ${MAIL}
 	done
+	echo "nombre de robots :" >> ${MAIL}
+	cat $directory_host/robots_* |sort |uniq -c >> ${MAIL}
+	echo "----------------" >> ${MAIL}
+
 	cat ${MAIL} |mail -s "Rapport mensuel reverse proxy ${i} $DATE" valczebackup@gmail.com
 	rm -rf $directory_host
 done

roles/deploy-web/files/getinfo_week.sh

@@ -36,6 +36,9 @@ do
 		cat $directory_host/${j}_* |sort |uniq -c >> ${MAIL}
 		echo "----------------" >> ${MAIL}
 	done
+	echo "nombre de robots :" >> ${MAIL}
+	cat $directory_host/robots_* |sort |uniq -c >> ${MAIL}
+	echo "----------------" >> ${MAIL}
 	cat ${MAIL} |mail -s "Rapport hebdomadaire reverse proxy ${i} $DATE" valczebackup@gmail.com
 	#rm $directory_host/*
 done

roles/deploy-web/files/gouter

@@ -4,6 +4,7 @@ server {
 	#gzip_static off;
 	server_name clarissariviere.com clarissariviere.fr www.clarissariviere.fr www.clarissariviere.com;
         add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
+	add_header Link "<https://www.clarissariviere.com; rel=\"canonical\">";
         proxy_cache STATIC;	
 	location / {
 		# First attempt to serve request as file, then
@@ -11,6 +12,7 @@ server {
 		#try_files $uri $uri/ =404;
 	        proxy_set_header Accept-Encoding "";
 		proxy_pass http://gouters.canalblog.com/;
+                #add_header Link "<https://www.clarissariviere.com; rel=\"canonical\">";
 		#proxy_redirect off;
                 #proxy_set_header Host $host;
 		#proxy_buffering        on;
@@ -25,6 +27,7 @@ server {
                 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		#proxy_set_header X-Forwarded-Proto $scheme;
 		sub_filter 'gouters.canalblog.com' "$host";
+		sub_filter '<meta name="generator" content="CanalBlog - https://www.canalblog.com" /> '';
 		sub_filter_types text/html text/xml text/plain text/css;
 		sub_filter_once off;	
 	
@@ -33,6 +36,14 @@ server {
 	location /googlebbc3cfa6d1866691.html {
 		root /var/www/gouter/;
 	}
+
+	location /yandex_93259fe4480c9828.html {
+		root /var/www/gouter/;
+	}
+
+	location /yandex_f07f7ace7d8459d8.html {
+		root /var/www/gouter/;
+	}
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/clarissariviere.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/clarissariviere.com/privkey.pem; # managed by Certbot

roles/deploy-web/files/scw-backup.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+LOGFILE_RECENT="/var/log/scw-log/logfile-recent.log"
+LOGFILE="/var/log/scw-log/logfile.log"
+DUPLICITY=/usr/local/bin/duplicity
+log () {
+	    date=`date +%Y-%m-%d`
+	    hour=`date +%H:%M:%S`
+	    echo "$date $hour $*" >> ${LOGFILE_RECENT}
+}
+
+rotate_log() {
+	cat ${LOGFILE_RECENT} >> ${LOGFILE}
+	backupScw=`echo ${SCW_BUCKET} | rev | cut -d "/" -f 2 | rev`
+	status="OK"
+	if [ $(grep "Errors 0" ${LOGFILE_RECENT} |wc -l) -eq 0 ]; then
+		status="ALERTE FAIL !!!"
+	fi	
+	cat ${LOGFILE_RECENT} |mail -s "${status} | Backup ${backupScw} `date +%Y-%m-%d`" valczebackup@gmail.com
+}
+
+USER=$(whoami)
+currently_backuping=$(ps -ef | grep duplicity  | grep python |grep ${USER}  | wc -l)
+
+if [ $currently_backuping -eq 0 ]; then
+	if [ ${#} -ne 1 ]; then
+		log ">>> Il manque un paramètre ${0} : <CONFIGFILE>"
+		rotate_log
+		exit 1
+	fi
+	if [ ! -f ${1} ]; then
+		log ">>> Le paramètre n'est pas un fichier ${USER} : ${1}"
+		rotate_log
+		exit 1
+	fi
+	source "$1"
+	echo > ${LOGFILE_RECENT}
+	log ">>> removing old backups"
+	${DUPLICITY} remove-older-than --s3-endpoint-url ${SCW_ENDPOINT_URL} --s3-region-name ${SCW_REGION} ${KEEP_BACKUP_TIME} ${SCW_BUCKET} --force >> ${LOGFILE_RECENT} 2>&1
+       	log ">>> creating and uploading backup to c14 cold storage ${SOURCE}"
+     	${DUPLICITY} \
+	    	incr --full-if-older-than ${FULL_BACKUP_TIME} \
+		--s3-endpoint-url ${SCW_ENDPOINT_URL} \
+		--s3-region-name ${SCW_REGION} \ 
+	    	--asynchronous-upload \
+	    	--s3-use-glacier \
+	    	--encrypt-key=${GPG_FINGERPRINT} \
+	    	--sign-key=${GPG_FINGERPRINT} \
+		${SOURCE} ${SCW_BUCKET} >> ${LOGFILE_RECENT} 2>&1
+	rotate_log
+else
+	log ">>> Duplicity déjà en cours de route sur cette utilisateur ${USER}"	
+	rotate_log
+fi

roles/deploy-web/files/scw-restore.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+  if [ $# -lt 3 ]; then
+    echo -e "Usage $0 <scw_configrc> <time or delta> [file to restore] <restore to>
+Exemple:
+\t$ $0 2018-7-21 recovery/  ## recovers * from closest backup to date
+  \t$ $0 0D secret data/  ## recovers most recent file nammed 'secret'";
+  exit; fi
+
+source $1
+shift
+
+
+  if [ $# -eq 2 ]; then
+    duplicity \
+      --s3-endpoint-url ${SCW_ENDPOINT_URL} \
+      --s3-region-name ${SCW_REGION} \
+      --time $1 \
+      ${SCW_BUCKET} $2
+  fi
+
+  if [ $# -eq 3 ]; then
+    duplicity \
+      --s3-endpoint-url ${SCW_ENDPOINT_URL} \
+      --s3-region-name ${SCW_REGION} \
+      --time $1 \
+      --file-to-restore $2 \
+      ${SCW_BUCKET} $3
+  fi

roles/deploy-web/files/virtualhost

@@ -1 +0,0 @@
-clarissa

roles/deploy-web/tasks/backup.yml

@@ -0,0 +1,50 @@
+# tasks file for stats script
+
+- name: "Create log for backup script"
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "/var/log/scw-log"
+    - "/root/log"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy scw backup and restore script
+  copy:
+    src: "{{ item }}"
+    dest: "/opt/{{ item }}"
+    mode: "0500"
+  with_items:
+    - "scw-backup.sh"
+    - "scw-restore.sh"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy scw backup config
+  template:
+    src: "scw-configrc.j2"
+    dest: "/root/.scw-configrc"
+    mode: "0400"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+
+#- name: Crontab blacklist
+#  ansible.builtin.cron:
+#    name: "blacklist script"
+#    cron_file: "blacklist_cron"
+#    minute: "*/5"
+#    job: "bash /usr/local/bin/sentinel/blacklist.sh"
+#    user: root
+#
+#  vars:
+#    ansible_become: yes
+#    ansible_become_method: sudo
+#    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/tasks/blacklist.yml

@@ -0,0 +1,27 @@
+# tasks file for stats script
+
+- name: Copy blacklist script
+  copy:
+    src: "{{ item }}.sh"
+    dest: "/usr/local/bin/sentinel/{{ item }}.sh"
+    mode: "0555"
+  with_items:
+    - blacklist
+    - refill_blacklist
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Crontab blacklist
+  ansible.builtin.cron:
+    name: "blacklist script"
+    cron_file: "blacklist_cron"
+    minute: "*/5"
+    job: "bash /usr/local/bin/sentinel/blacklist.sh"
+    user: root
+
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/tasks/configure.yml

@@ -0,0 +1,54 @@
+- name: Create sentinel directory
+  file:
+    state: directory
+    path: "{{ item }}/sentinel"
+  with_items: 
+    - /usr/local/bin
+    - /etc
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Template virtualhost
+  template:
+    src: virtualhost.j2
+    dest: /etc/sentinel/virtualhost
+    mode: "0444"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+  tags: [ "configure_blacklist" ]
+
+- name: Copy blacklist
+  copy:
+    src: "{{ playbook_dir }}/blacklist/{{ inventory_hostname }}/etc/sentinel/blacklist"
+    dest: /etc/sentinel/blacklist
+    mode: "0644"
+  when: script is not defined or script == "blacklist"
+  ignore_errors: true
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+  tags: [ "restore_blacklist" ]
+
+- name: Deploy stats script
+  import_tasks: stats.yml
+  tags: [ "configure_stats" ]
+
+- name: Configure blacklist script
+  import_tasks: blacklist.yml
+  tags: [ "configure_blacklist" ]
+
+- name: Configure supervision script
+  import_tasks: supervision.yml
+  tags: [ "configure_supervision" ]
+
+- name: Configure backup script
+  import_tasks: backup.yml
+  tags: [ "configure_backup" ]
+
+
+

roles/deploy-web/tasks/deconfigure.yml

@@ -0,0 +1,36 @@
+- name: Backup blacklist
+  fetch:
+    src: /etc/sentinel/blacklist
+    dest: blacklist
+  tags: [ "backup_blacklist" ]
+
+
+- name: Deconfigure stats script
+  import_tasks: deconfigure_stats.yml
+  tags: [ "deconfigure_stats" ]
+
+- name: Deconfigure blacklist script
+  import_tasks: deconfigure_blacklist.yml
+  tags: [ "deconfigure_blacklist" ]
+
+
+- name: Deconfigure supervision script
+  import_tasks: deconfigure_supervision.yml
+  tags: [ "deconfigure_supervision" ]
+
+- name: Deconfigure backup script
+  import_tasks: deconfigure_backup.yml
+  tags: [ "deconfigure_backup" ]
+
+
+- name: Remove sentinel directory
+  file:
+    state: absent
+    path: "{{ item }}/sentinel"
+  with_items: 
+    - /usr/local/bin
+    - /etc
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/tasks/deconfigure_backup.yml

@@ -0,0 +1,31 @@
+# tasks file for stats script
+
+- name: "Create log for backup script"
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - "/var/log/scw-log"
+    - "/root/log"
+    - "/opt/scw-backup.sh"
+    - "/opt/scw-restore.sh"
+    - "/root/.scw-configrc"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+
+
+#- name: Crontab blacklist
+#  ansible.builtin.cron:
+#    name: "blacklist script"
+#    cron_file: "blacklist_cron"
+#    minute: "*/5"
+#    job: "bash /usr/local/bin/sentinel/blacklist.sh"
+#    user: root
+#
+#  vars:
+#    ansible_become: yes
+#    ansible_become_method: sudo
+#    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/tasks/deconfigure_blacklist.yml

@@ -0,0 +1,25 @@
+# tasks file for stats script
+
+
+- name: Remove crontab blacklist
+  ansible.builtin.cron:
+    name: "blacklist script"
+    cron_file: "blacklist_cron"
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Remove blacklist script
+  copy:
+    src: "{{ item }}.sh"
+    state: absent
+  with_items:
+    - blacklist
+    - refill_blacklist
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+

roles/deploy-web/tasks/deconfigure_stats.yml

@@ -0,0 +1,64 @@
+# tasks file for stats script
+
+
+- name: Remove crontab get info day
+  ansible.builtin.cron:
+    name: "get info day"
+    cron_file: "get_info_day_cron"
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Remove crontab get info week
+  ansible.builtin.cron:
+    name: "get info week"
+    cron_file: "get_info_week_cron"
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Remove crontab get info month
+  ansible.builtin.cron:
+    name: "get info month"
+    cron_file: "get_info_month_cron"
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+
+- name: Remove getinfo script
+  file:
+    path: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh"
+    state: absent
+  with_items:
+    - day
+    - week
+    - month
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Remove token
+  file:
+    path: "/etc/sentinel/token"
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Remove template virtualhost
+  file:
+    path: /etc/sentinel/virtualhost
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/tasks/deconfigure_supervision.yml

@@ -0,0 +1,22 @@
+# tasks file for stats script
+
+- name: Remove crontab blacklist
+  ansible.builtin.cron:
+    name: "check ssl script"
+    cron_file: "check_ssl_cron"
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+
+- name: Remove check_ssl script
+  file:
+    path: "/usr/local/bin/sentinel/check_ssl.sh"
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+

roles/deploy-web/tasks/main.yml

@@ -2,7 +2,15 @@
   import_tasks: deploy.yml
   tags: ["deploy"]
 
+- name: Configure project web
+  import_tasks: configure.yml
+  tags: [ "configure" ]
+
 
 - name: Destrpy project web
   import_tasks: destroy.yml
-  tags: ["destroy"]
+  tags: ["destroy"]
+
+- name: Deconfigure project web
+  import_tasks: deconfigure.yml
+  tags: [ "deconfigure" ]

roles/deploy-web/tasks/stats.yml

@@ -0,0 +1,66 @@
+# tasks file for stats script
+
+- name: Template token ipinfo
+  template:
+    src: token.j2
+    dest: /etc/sentinel/token
+    mode: "0555"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy getinfo script
+  copy:
+    src: "getinfo_{{ item }}.sh"
+    dest: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh"
+    mode: "0555"
+  with_items:
+    - day
+    - week
+    - month
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Crontab get info day
+  ansible.builtin.cron:
+    name: "get info day"
+    cron_file: "get_info_day_cron"
+    minute: "0"
+    hour: "3"
+    user: root
+    job: "bash /usr/local/bin/sentinel/getinfo_day.sh"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Crontab get info week
+  ansible.builtin.cron:
+    name: "get info week"
+    cron_file: "get_info_week_cron"
+    minute: "15"
+    hour: "3"
+    weekday: "1"
+    user: root
+    job: "bash /usr/local/bin/sentinel/getinfo_week.sh"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Crontab get info month
+  ansible.builtin.cron:
+    name: "get info month"
+    cron_file: "get_info_month_cron"
+    minute: "30"
+    hour: "3"
+    day: "1"
+    user: root
+    job: "bash /usr/local/bin/sentinel/getinfo_month.sh"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/tasks/supervision.yml

@@ -0,0 +1,36 @@
+# tasks file for stats script
+
+
+- name: Create supervision directory
+  file:
+    state: directory
+    path: "{{ item }}/supervision"
+  with_items: 
+    - /usr/local/bin
+    - /etc
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy check_ssl script
+  copy:
+    src: "check_ssl.sh"
+    dest: "/usr/local/bin/supervision/check_ssl.sh"
+    mode: "0555"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Crontab check_ssl
+  ansible.builtin.cron:
+    name: "check ssl script"
+    cron_file: "check_ssl_cron"
+    minute: "*/30"
+    user: root
+    job: "bash /usr/local/bin/supervision/check_ssl.sh"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/templates/scw-configrc.j2

@@ -0,0 +1,28 @@
+export AWS_ACCESS_KEY_ID="{{ aws_access_key_id }}"
+export AWS_SECRET_ACCESS_KEY="{{ aws_secret_access_key }}"
+export SCW_REGION="{{ scw_region }}"
+export SCW_ENDPOINT_URL="https://s3.${SCW_REGION}.scw.cloud"
+export SCW_BUCKET="s3://{{ scw_directory }}"
+
+# GPG Key information
+export PASSPHRASE="{{ passphrase }}"
+export GPG_FINGERPRINT="{{ gpg_fingerprint }}"
+# Folder to backup
+export SOURCE="--exclude /sys --exclude /proc --exclude /opt --exclude /tmp --exclude /mnt --exclude /home /"
+
+# Will keep backup up to 1 month
+export KEEP_BACKUP_TIME="1M"
+
+# Will make a full backup every 10 days
+export FULL_BACKUP_TIME="10D"
+
+# Log files
+export LOGFILE_RECENT="/root/log/logfile-recent.log"
+export LOGFILE="/root/log/logfile.log"
+
+ log () {
+	    date=`date +%Y-%m-%d`
+	    hour=`date +%H:%M:%S`
+	    echo "$date $hour $*" >> ${LOGFILE_RECENT}
+}
+export -f log

roles/deploy-web/templates/token.j2

@@ -0,0 +1 @@
+{{ token_ipinfo }}

roles/deploy-web/templates/virtualhost.j2

@@ -0,0 +1,3 @@
+{% for host in virtualhosts %}
+    {{ host }}
+{% endfor %}