91 Commits (master)

Author SHA1 Message Date
Felix Stupp 2efb214edd
misc/ssh_tg_notify: Ignore messages from trusted VPN subnet 2 years ago
Felix Stupp 98b7b55a53
Whitelist multiple services of proc's hidepid feature
Not only required for systemd-logind, but also for user@.service
4 years ago
Felix Stupp 15ad953131
common: Validate sshd_config before applying 4 years ago
Felix Stupp e1a612966c
Hide running processes from users other than root 4 years ago
Felix Stupp d0e9962d04
common: Add tag journald to certain tasks 4 years ago
Felix Stupp 52c03dc9d2
Added python3-yaml to common packages 4 years ago
Felix Stupp 8e470e3aba
common: backup_autoremove: Fix find working with symlink of backups dir 4 years ago
Felix Stupp df21870ebe
common: backup_mysql_database.sh: Remove --databases so dump does not use database name
Increases portability of backups
4 years ago
Felix Stupp d1c14b9ee6
common: helper backup_files: Support for directories with symlinks added 4 years ago
Felix Stupp b42d639996
common: Added tag backups for backup related tasks 4 years ago
Felix Stupp 483eea3833
common: Configure hdd dir for backups directory 4 years ago
Felix Stupp 59e6ce7b78
common: Add deployment of ssh_config for VerifyHostKeyDNS 4 years ago
Felix Stupp c51d098426
Added role misc/hdd_dir to link data directories to HDDs
- Also added task to common to create parent directory
4 years ago
Felix Stupp 99cee859bb
common: Add unattended-upgrades as required package 4 years ago
Felix Stupp 95dcb5a8b5
common: Configure journald to keep logs persistent until storage max 4 years ago
Felix Stupp 235103fbd6
common: Allowed to disable source package support if required 4 years ago
Felix Stupp dc6e4951d2
common: Added vim because used as default editor 4 years ago
Felix Stupp 02da3bdec6
common: Added package sed for scripting 4 years ago
Felix Stupp aa16fe3269
common: Added package python3-apt for Ansible 4 years ago
Felix Stupp e93c11f0d7
Added shellcheck for script validations 4 years ago
Felix Stupp 3bc9c9360d
common: backup_autoremove: Improved script quality 4 years ago
Felix Stupp d1e14a9de9
misc/backup_files: Added & used variable for backup_target
Ensures usage of backup_name insted of domain
5 years ago
Felix Stupp 99e58d4224
common: Added helper nsupdate_keygen 5 years ago
Felix Stupp 1ceb1999ff
common: Changed include_tasks to import_tasks
To enable static instead of dynamic imports
5 years ago
Felix Stupp f2e669734b
common: Readd package acl
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user

This reverts commit 3c7fb65ac9.
5 years ago
Felix Stupp 04c71a8611
common: ssh makefile: Sort part files before combining 5 years ago
Felix Stupp 164cdbbc79
common: Tagged ip blocklist for easier skipping 5 years ago
Felix Stupp 187f573d4f
common: Added pv to required common packages 5 years ago
Felix Stupp eff48f1773
Changed approach for generating sshfp RR to lookup on python script 5 years ago
Felix Stupp 592bb483cf
common: Used variable global_ssh_key_directory for public_keys path 5 years ago
Felix Stupp 8758553a02
common: Install explicit python3 interpreter 5 years ago
Felix Stupp c110a24e9f
common: sshd: Disable weak key algorithms 5 years ago
Felix Stupp 505c85eb11
common: Disable root login over ssh 5 years ago
Felix Stupp 651794a136
common: sshd: Disable X11 Forwarding globally 5 years ago
Felix Stupp fcae6e8429
Added blocklist of known malicious ip addresses applied by role common 5 years ago
Felix Stupp f2c9b17194
Moved packages only required for admin account from role common to role account 5 years ago
Felix Stupp 25df92ee7b
common: Removed package buffer
Replaced by pv integrated buffering
which supports greater limits.
5 years ago
Felix Stupp e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https 5 years ago
Felix Stupp 3c7fb65ac9
common: Removed package acl
Not installable on Raspbian and also not used on any Debian system
5 years ago
Felix Stupp 9e8d1b5220
common: Fix applying sources.list for different distributions 5 years ago
Felix Stupp ff3d6cba8e
Added group os_raspbian 5 years ago
Felix Stupp 78032d343f
common: Made sources.list dependent of distribution 5 years ago
Felix Stupp bc8233990f
common: Scheduled removal of old backups at 0:30
So for the most time two states are stored on the server.
The storage which will stay free can be better used to calculate the
storage which can still be used by dividing the free storage by 3.
5 years ago
Felix Stupp e62a3c7232
common: backup_autoremove: force rm
so no error occurs because no parameter was given
5 years ago
Felix Stupp 00fa7852e1
common: backup_autoremove: Fix call find 5 years ago
Felix Stupp 102de98479
common: Configured auto remove of backups 5 years ago
Felix Stupp 8623d84b01
common: Ordered backup_files before backup_mysql_database 5 years ago
Felix Stupp fce052c32b
common: backup_rename: Fixed getting multiple extensions 5 years ago
Felix Stupp 10ef319008
Moved mysql database backups into certain directory 5 years ago
Felix Stupp 4be0e9377f
Moved file backups into certain directories 5 years ago