61 Commits (master)

Author SHA1 Message Date
Felix Stupp 2efb214edd
misc/ssh_tg_notify: Ignore messages from trusted VPN subnet 2 years ago
Felix Stupp 98b7b55a53
Whitelist multiple services of proc's hidepid feature
Not only required for systemd-logind, but also for user@.service
4 years ago
Felix Stupp 15ad953131
common: Validate sshd_config before applying 4 years ago
Felix Stupp e1a612966c
Hide running processes from users other than root 4 years ago
Felix Stupp d0e9962d04
common: Add tag journald to certain tasks 4 years ago
Felix Stupp 52c03dc9d2
Added python3-yaml to common packages 4 years ago
Felix Stupp b42d639996
common: Added tag backups for backup related tasks 4 years ago
Felix Stupp 483eea3833
common: Configure hdd dir for backups directory 4 years ago
Felix Stupp 59e6ce7b78
common: Add deployment of ssh_config for VerifyHostKeyDNS 4 years ago
Felix Stupp c51d098426
Added role misc/hdd_dir to link data directories to HDDs
- Also added task to common to create parent directory
4 years ago
Felix Stupp 99cee859bb
common: Add unattended-upgrades as required package 4 years ago
Felix Stupp 95dcb5a8b5
common: Configure journald to keep logs persistent until storage max 4 years ago
Felix Stupp dc6e4951d2
common: Added vim because used as default editor 4 years ago
Felix Stupp 02da3bdec6
common: Added package sed for scripting 4 years ago
Felix Stupp aa16fe3269
common: Added package python3-apt for Ansible 4 years ago
Felix Stupp e93c11f0d7
Added shellcheck for script validations 4 years ago
Felix Stupp 99e58d4224
common: Added helper nsupdate_keygen 5 years ago
Felix Stupp 1ceb1999ff
common: Changed include_tasks to import_tasks
To enable static instead of dynamic imports
5 years ago
Felix Stupp f2e669734b
common: Readd package acl
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user

This reverts commit 3c7fb65ac9.
5 years ago
Felix Stupp 164cdbbc79
common: Tagged ip blocklist for easier skipping 5 years ago
Felix Stupp 187f573d4f
common: Added pv to required common packages 5 years ago
Felix Stupp eff48f1773
Changed approach for generating sshfp RR to lookup on python script 5 years ago
Felix Stupp 592bb483cf
common: Used variable global_ssh_key_directory for public_keys path 5 years ago
Felix Stupp 8758553a02
common: Install explicit python3 interpreter 5 years ago
Felix Stupp fcae6e8429
Added blocklist of known malicious ip addresses applied by role common 5 years ago
Felix Stupp f2c9b17194
Moved packages only required for admin account from role common to role account 5 years ago
Felix Stupp 25df92ee7b
common: Removed package buffer
Replaced by pv integrated buffering
which supports greater limits.
5 years ago
Felix Stupp e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https 5 years ago
Felix Stupp 3c7fb65ac9
common: Removed package acl
Not installable on Raspbian and also not used on any Debian system
5 years ago
Felix Stupp 9e8d1b5220
common: Fix applying sources.list for different distributions 5 years ago
Felix Stupp 78032d343f
common: Made sources.list dependent of distribution 5 years ago
Felix Stupp bc8233990f
common: Scheduled removal of old backups at 0:30
So for the most time two states are stored on the server.
The storage which will stay free can be better used to calculate the
storage which can still be used by dividing the free storage by 3.
5 years ago
Felix Stupp 102de98479
common: Configured auto remove of backups 5 years ago
Felix Stupp 8623d84b01
common: Ordered backup_files before backup_mysql_database 5 years ago
Felix Stupp e6cbc59571
common: Added create backup scripts directories 5 years ago
Felix Stupp 5b253fd6b6
common: Generalized creating directories for scripts 5 years ago
Felix Stupp 99c4c21cad
Reordered backups_files_directory above backups_mysql_database_directory 5 years ago
Felix Stupp 4874bc2bbd
Renamed global variable backups_databases_directory to backups_mysql_database_directory
In order to specify and separate backups of different database services
5 years ago
Felix Stupp 73f1db7961
Specified backup_database to backup_mysql_database 5 years ago
Felix Stupp fb0c1f0901
Changed "ansible_fqdn" to "inventory_hostname"
Due to some hosts misconfigure fqdn themselves
5 years ago
Felix Stupp 71e1b4a17c
common: Added custom fact for dpkg architecture 5 years ago
Felix Stupp 7ac7806dc7
Fixed some lint errors
- Added missing default parameters
- Added names to tasks
- Configured changed|failed_when options
- Used command instead of shell module
- Changed local_action to delegate_to
- Added line to file ending
5 years ago
Felix Stupp bcfd4cb010
Fixed missing mode setting for others
To disallow access from others than user and group
5 years ago
Felix Stupp c25df42253
common: Reworked ssh configuration generation 5 years ago
Felix Stupp 0944fd798f
common: Added configuration of apt sources 5 years ago
Felix Stupp 16d91d83bd
common: Added aptitude to list of common packages 5 years ago
Felix Stupp 02ff70e699
common: Added downloading and processing ssh host keys 5 years ago
Felix Stupp 826cc1d0b7
common: Added creating of backup files directory 5 years ago
Felix Stupp c02b88bf2e
common: Added support for files backups 5 years ago
Felix Stupp c2b060df9e
common: Added support for backup databases 5 years ago