Felix Stupp
2efb214edd
misc/ssh_tg_notify: Ignore messages from trusted VPN subnet
2 years ago
Felix Stupp
98b7b55a53
Whitelist multiple services of proc's hidepid feature
...
Not only required for systemd-logind, but also for user@.service
4 years ago
Felix Stupp
15ad953131
common: Validate sshd_config before applying
4 years ago
Felix Stupp
e1a612966c
Hide running processes from users other than root
4 years ago
Felix Stupp
d0e9962d04
common: Add tag journald to certain tasks
4 years ago
Felix Stupp
52c03dc9d2
Added python3-yaml to common packages
4 years ago
Felix Stupp
b42d639996
common: Added tag backups for backup related tasks
4 years ago
Felix Stupp
483eea3833
common: Configure hdd dir for backups directory
4 years ago
Felix Stupp
59e6ce7b78
common: Add deployment of ssh_config for VerifyHostKeyDNS
4 years ago
Felix Stupp
c51d098426
Added role misc/hdd_dir to link data directories to HDDs
...
- Also added task to common to create parent directory
4 years ago
Felix Stupp
99cee859bb
common: Add unattended-upgrades as required package
4 years ago
Felix Stupp
95dcb5a8b5
common: Configure journald to keep logs persistent until storage max
4 years ago
Felix Stupp
dc6e4951d2
common: Added vim because used as default editor
4 years ago
Felix Stupp
02da3bdec6
common: Added package sed for scripting
4 years ago
Felix Stupp
aa16fe3269
common: Added package python3-apt for Ansible
4 years ago
Felix Stupp
e93c11f0d7
Added shellcheck for script validations
4 years ago
Felix Stupp
99e58d4224
common: Added helper nsupdate_keygen
5 years ago
Felix Stupp
1ceb1999ff
common: Changed include_tasks to import_tasks
...
To enable static instead of dynamic imports
5 years ago
Felix Stupp
f2e669734b
common: Readd package acl
...
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user
This reverts commit 3c7fb65ac9
.
5 years ago
Felix Stupp
164cdbbc79
common: Tagged ip blocklist for easier skipping
5 years ago
Felix Stupp
187f573d4f
common: Added pv to required common packages
5 years ago
Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
5 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
5 years ago
Felix Stupp
8758553a02
common: Install explicit python3 interpreter
5 years ago
Felix Stupp
fcae6e8429
Added blocklist of known malicious ip addresses applied by role common
5 years ago
Felix Stupp
f2c9b17194
Moved packages only required for admin account from role common to role account
5 years ago
Felix Stupp
25df92ee7b
common: Removed package buffer
...
Replaced by pv integrated buffering
which supports greater limits.
5 years ago
Felix Stupp
e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https
5 years ago
Felix Stupp
3c7fb65ac9
common: Removed package acl
...
Not installable on Raspbian and also not used on any Debian system
5 years ago
Felix Stupp
9e8d1b5220
common: Fix applying sources.list for different distributions
5 years ago
Felix Stupp
78032d343f
common: Made sources.list dependent of distribution
5 years ago
Felix Stupp
bc8233990f
common: Scheduled removal of old backups at 0:30
...
So for the most time two states are stored on the server.
The storage which will stay free can be better used to calculate the
storage which can still be used by dividing the free storage by 3.
5 years ago
Felix Stupp
102de98479
common: Configured auto remove of backups
5 years ago
Felix Stupp
8623d84b01
common: Ordered backup_files before backup_mysql_database
5 years ago
Felix Stupp
e6cbc59571
common: Added create backup scripts directories
5 years ago
Felix Stupp
5b253fd6b6
common: Generalized creating directories for scripts
5 years ago
Felix Stupp
99c4c21cad
Reordered backups_files_directory above backups_mysql_database_directory
5 years ago
Felix Stupp
4874bc2bbd
Renamed global variable backups_databases_directory to backups_mysql_database_directory
...
In order to specify and separate backups of different database services
5 years ago
Felix Stupp
73f1db7961
Specified backup_database to backup_mysql_database
5 years ago
Felix Stupp
fb0c1f0901
Changed "ansible_fqdn" to "inventory_hostname"
...
Due to some hosts misconfigure fqdn themselves
5 years ago
Felix Stupp
71e1b4a17c
common: Added custom fact for dpkg architecture
5 years ago
Felix Stupp
7ac7806dc7
Fixed some lint errors
...
- Added missing default parameters
- Added names to tasks
- Configured changed|failed_when options
- Used command instead of shell module
- Changed local_action to delegate_to
- Added line to file ending
5 years ago
Felix Stupp
bcfd4cb010
Fixed missing mode setting for others
...
To disallow access from others than user and group
5 years ago
Felix Stupp
c25df42253
common: Reworked ssh configuration generation
5 years ago
Felix Stupp
0944fd798f
common: Added configuration of apt sources
5 years ago
Felix Stupp
16d91d83bd
common: Added aptitude to list of common packages
5 years ago
Felix Stupp
02ff70e699
common: Added downloading and processing ssh host keys
5 years ago
Felix Stupp
826cc1d0b7
common: Added creating of backup files directory
5 years ago
Felix Stupp
c02b88bf2e
common: Added support for files backups
5 years ago
Felix Stupp
c2b060df9e
common: Added support for backup databases
5 years ago