Felix Stupp
f2e669734b
common: Readd package acl
...
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user
This reverts commit 3c7fb65ac9
.
5 years ago
Felix Stupp
c258a5d1bb
server/minecraft: Add SRV dns entry
5 years ago
Felix Stupp
55b27c041b
dns: Extracted role entries from server_entries
5 years ago
Felix Stupp
39771c907f
dns/server_entries: Renamed var all_entries to entries
5 years ago
Felix Stupp
9d23e12a16
dns/master: Now considered vars for nameserver and mail to be absolute
...
Meaning the var itself must not have a dot at the end of the name,
but an usage of the variable may need to append a dot.
5 years ago
Felix Stupp
40c6a3ab0f
dns/server_entries: Allow duplicate execution of role
5 years ago
Felix Stupp
1958c4df54
dns: Renamed role entries to server_entries
...
To distinguish between simple entries role (coming in the future) and
entries role bundled with server-related entries (A, AAAA, SSHFP)
5 years ago
Felix Stupp
08fafbf98f
dns/entries: Fixed SYNC comment to role dns/master
5 years ago
Felix Stupp
9121fd2c37
server/tt-rss: Moved repo clone method to standardized release tags
5 years ago
Felix Stupp
debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
...
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
5 years ago
Felix Stupp
cca87f6425
nginx/php: Changed global include to root include
...
root snippet is there for file based servers, including php
5 years ago
Felix Stupp
f2c92e94e2
nginx: Moved index directive from root snippet to specific static role
5 years ago
Felix Stupp
dd48448828
nginx/php: Removed debian-specific index file from config
5 years ago
Felix Stupp
58955871ad
nginx/application: Removed specfic exclusion of htaccess files
...
Because dot files are already blocked in general
5 years ago
Felix Stupp
9394b66f47
wireguard/application: Added sorting of peer files before combining
5 years ago
Felix Stupp
e09fb25104
Added role misc/dnsmasq as dnssec resolver
5 years ago
Felix Stupp
2158b2717d
dns/master: Added support for dname to root zone
5 years ago
Felix Stupp
0b388a7e9a
git_auto_update: Added brackets for less ambiguity
5 years ago
Felix Stupp
9a8996d69e
git_auto_update: Increased check options for update script
5 years ago
Felix Stupp
2515ab82db
roles/nfs: Improved var usages
...
- Extracted global_nfs_directory from default root_directory
- Added usage of export_path
5 years ago
Felix Stupp
04c71a8611
common: ssh makefile: Sort part files before combining
5 years ago
Felix Stupp
d09b7ea8c3
mysql: Configure mysql_user and mysql_password
5 years ago
Felix Stupp
164cdbbc79
common: Tagged ip blocklist for easier skipping
5 years ago
Felix Stupp
187f573d4f
common: Added pv to required common packages
5 years ago
Felix Stupp
424b85eec8
mysql/database: Added database_template function
5 years ago
Felix Stupp
c6309b92ad
mysql/database: Documented database_user as required var
5 years ago
Felix Stupp
a3eb7778a8
server/nextcloud: Add packages for SMB access
5 years ago
Felix Stupp
2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries
5 years ago
Felix Stupp
5a41a9afc9
acme/certificate: Document var domain as required
5 years ago
Felix Stupp
b3620fa3c8
dns/application: makefile combine: Sort files before combining
...
Ensures 0_main.db is before other files
5 years ago
Felix Stupp
979abba1aa
Added role dns/entries for configuring dns entries
5 years ago
Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
5 years ago
Felix Stupp
748999d36d
dns: Moved var zones_environment_directory to global vars
5 years ago
Felix Stupp
f8c01d46f6
dns/master: Fix permissions for dns env dir
5 years ago
Felix Stupp
bf00dcb6dd
dns/application: Moved var configuration_directory to global vars
5 years ago
Felix Stupp
eb632a8f2c
dns/master: Store mapping of domain to host in public_keys
5 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
5 years ago
Felix Stupp
c58223c21b
server/gitea: Disable logging of SQL requests
5 years ago
Felix Stupp
3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config
5 years ago
Felix Stupp
2526033405
fail2ban/application: Send log messages to journald
5 years ago
Felix Stupp
0043d6255a
nginx/application global.conf: Added comment to excluding hidden files
5 years ago
Felix Stupp
025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
...
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
- Only combining of zone files and setting serial number
- signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
5 years ago
Felix Stupp
274f658016
nginx/php-pool: Fixed permissions for other
5 years ago
Felix Stupp
e85ad8fed3
dns: Fixed applying permissions to directories
5 years ago
Felix Stupp
c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK"
...
Only required and beneficial for ZSK
5 years ago
Felix Stupp
905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment
5 years ago
Felix Stupp
7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names
5 years ago
Felix Stupp
4e6df015f5
Added roles nfs/server and nfs/export
5 years ago
Felix Stupp
24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh"
5 years ago
Felix Stupp
a03a335430
account: Added bmon to tools list
5 years ago
Felix Stupp
a576893776
misc/docker: Install docker-compose bindings for python3
5 years ago
Felix Stupp
b600f678ca
misc/docker: Install python3 docker bindings using package manager
5 years ago
Felix Stupp
8758553a02
common: Install explicit python3 interpreter
5 years ago
Felix Stupp
2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
...
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp
ff7275cb60
server/{linx,spotme}: Removed default bind_port
5 years ago
Felix Stupp
4a186854cf
server/node: Renamed variable app_port to bind_port
5 years ago
Felix Stupp
f6c1aff55a
server/spotme: Renamed variable spotme_port to bind_port
5 years ago
Felix Stupp
7e0df4abc5
Added variable local_user for user running playbook
...
Useful if tasks store data on the local machine
5 years ago
Felix Stupp
9d50f84321
server/firefox-sync: Changed remote repo url back to official repo
5 years ago
Felix Stupp
f91f2bc325
Added role fail2ban/application
5 years ago
Felix Stupp
c110a24e9f
common: sshd: Disable weak key algorithms
5 years ago
Felix Stupp
505c85eb11
common: Disable root login over ssh
5 years ago
Felix Stupp
651794a136
common: sshd: Disable X11 Forwarding globally
5 years ago
Felix Stupp
baace3ce16
misc/handlers: Changed "restart ssh" to "reload ssh"
5 years ago
Felix Stupp
025d8a3256
Added role misc/ssh_tg_notify
...
- Added role to common site
- Added variables required to global vars and vault
5 years ago
Felix Stupp
69b884ad3f
bootstrap: Configure ssh key used to connect on new user
5 years ago
Felix Stupp
f610812fc7
bootstrap: Ensure user has .ssh/authorized_keys before trying to copy
5 years ago
Felix Stupp
096554f37b
mqtt/user: Fixed usage of var user (before username)
5 years ago
Felix Stupp
fe393bd246
mqtt/application: Enforce sort part files before combining for acl and auth
5 years ago
Felix Stupp
1a608ce172
mqtt/application: Remove config use_username_as_clientid
...
Seems to block users with different username and clientid
5 years ago
Felix Stupp
e18f7f32e0
mqtt/application: Add paths for acl and auth files to config
5 years ago
Felix Stupp
46e932049e
mqtt/application: Allow root to read SYS topics
5 years ago
Felix Stupp
b6de0c1a4d
mqtt/application: Fix usage of variable configuration_directory
5 years ago
Felix Stupp
cf632d1a56
mqtt: Ensure create auth files before writing using mosquitto_passwd
...
Fixes error on calling tool if file does not exist
5 years ago
Felix Stupp
4b6cef5c10
mqtt/application: Notify handlers on change to makefile
5 years ago
Felix Stupp
82c7666ae8
mqtt/application: Fix port for mosquitto server
5 years ago
Felix Stupp
81dab362a6
misc/docker: Do not install recommended packages to fix issue on raspberry
5 years ago
Felix Stupp
fcae6e8429
Added blocklist of known malicious ip addresses applied by role common
5 years ago
Felix Stupp
f2c9b17194
Moved packages only required for admin account from role common to role account
5 years ago
Felix Stupp
25df92ee7b
common: Removed package buffer
...
Replaced by pv integrated buffering
which supports greater limits.
5 years ago
Felix Stupp
e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https
5 years ago
Felix Stupp
3c7fb65ac9
common: Removed package acl
...
Not installable on Raspbian and also not used on any Debian system
5 years ago
Felix Stupp
9e8d1b5220
common: Fix applying sources.list for different distributions
5 years ago
Felix Stupp
b3f05edb6f
account: Added exa to packages
5 years ago
Felix Stupp
8ebe8aecfb
nginx/application: Hide server tokens per default
5 years ago
Felix Stupp
69dfba9911
mqtt/application: Added linking of configuration directory to environment
5 years ago
Felix Stupp
18832f4eb0
mqtt/application: Fixed names of variables admin_{user,pass}
5 years ago
Felix Stupp
9dc203621e
mqtt: Fixed wording 'notifiy' to 'notify'
5 years ago
Felix Stupp
0b69a41ebc
Added roles mqtt/application and mqtt/user
5 years ago
Felix Stupp
ab1a067cff
dns/master: Added flush_handlers before role ends
5 years ago
Felix Stupp
371b1d5751
dns/application: Fixed permissions for zone databases directories
5 years ago
Felix Stupp
64576c8ff5
dns/master: zone.makefile: Added cd to key signing
5 years ago
Felix Stupp
ab61090340
dns/master: zone.makefile: Added check for directories not equal
5 years ago
Felix Stupp
bb8a2759ec
dns/master: zone.makefile: Changed usage of var dest
5 years ago
Felix Stupp
d052a08f0d
dns/master: zone.makefile: Fixed format
5 years ago
Felix Stupp
ebbacdce0c
dns/master: Added dependency to role dns/master_handlers
5 years ago
Felix Stupp
73c9a72590
dns: Fixed usages of var dns_zones_configuration_environment_directory
5 years ago
Felix Stupp
0662df1ca5
dns/master: Let serial number configured by dnssec-signzone
5 years ago
Felix Stupp
d8f1b36ee1
dns/master: Moved building of zone files to makefile
5 years ago
Felix Stupp
208e277e79
Added role dns/master_handlers for makefile handler
5 years ago
Felix Stupp
d7991e0bbb
dns/master: Added configuring configuration environment
5 years ago
Felix Stupp
5627a36949
dns/master: Extracted database_signed_file_name of database_signed_file
5 years ago
Felix Stupp
a206642f77
dns/master: Extracted database_file_name of database_file
5 years ago
Felix Stupp
36bf7f9d18
dns/master: Declared var domain to be required
5 years ago
Felix Stupp
141d343d6d
Extracted dns/handlers out of dns/applications
5 years ago
Felix Stupp
8e95846002
dns/master: Added create zone environment directory
5 years ago
Felix Stupp
de2bfe430c
dns/master: Rewrite create zone directories using loop
5 years ago
Felix Stupp
065050d5c2
dns/application: Added zone configuration environment directory
5 years ago
Felix Stupp
479430a9e9
dns/application: Reconfigured creating zone directories using loop
5 years ago
Felix Stupp
19b5fb3f9e
dns/application: Configured directory permissions for zones directory
5 years ago
Felix Stupp
8aacd27f31
dns/application: Configured group owner for bind main configuration
5 years ago
Felix Stupp
c8dc602f09
account: Configure sudo insults
5 years ago
Felix Stupp
ff3d6cba8e
Added group os_raspbian
5 years ago
Felix Stupp
78032d343f
common: Made sources.list dependent of distribution
5 years ago
Felix Stupp
5555c86357
server/gitea: Reworked configuration with defaults
5 years ago
Felix Stupp
a9798fedc8
server/gitea: Fixed output of wget in update script
5 years ago
Felix Stupp
e9db3d7d56
misc/backup: Secured shell commands for file backups
5 years ago
Felix Stupp
a150266548
server/minecraft: Enabled auto backup
5 years ago
Felix Stupp
6dd5c75e67
misc/backup_files: Added support for commands executed before / after backup
5 years ago
Felix Stupp
3fb273aaae
server/minecraft: Fixed downloading Minecraft Server version
5 years ago
Felix Stupp
e0342a6bba
server/linx: Added helper script for uploading files to the service
5 years ago
Felix Stupp
3737a2ad10
server/nextcloud: Added apps against ransomware to default
5 years ago
Felix Stupp
e24613d02c
acme/application: Added installing helper scripts for managing
5 years ago
Felix Stupp
e2b7778c8b
nginx/application: Changed Referrer-Policy to strict-origin
...
For better enforcing of secure handling of referrer information
5 years ago
Felix Stupp
54a8ad0d86
server/nextcloud: Removed doubled referrer-policy
...
Referrer-Policy already configured by global configuration
5 years ago
Felix Stupp
1855deb351
nginx/server: Documentated required variables
5 years ago
Felix Stupp
bc8233990f
common: Scheduled removal of old backups at 0:30
...
So for the most time two states are stored on the server.
The storage which will stay free can be better used to calculate the
storage which can still be used by dividing the free storage by 3.
5 years ago
Felix Stupp
ff054f4a04
Added role server/linx
5 years ago
Felix Stupp
8b75c49917
nginx/proxy: Made dependent on nginx/server and allowed additional directives
5 years ago
Felix Stupp
92b98dd3fe
server/gitea: Allow duplicate execution of role for multiple servers
5 years ago
Felix Stupp
79cf87663e
server/minecraft: Removed comment "for naming" of minecraft_version
...
As the minecraft_version now indicates the to get installed version
5 years ago
Felix Stupp
d0907975ad
server/minecraft: Allow query requests in minecraft server
5 years ago
Felix Stupp
a65ba1ec64
server/minecraft: Allow query requests through firewall
5 years ago
Felix Stupp
7fad2a89be
server/minecraft: Allow configure of query port
5 years ago
Felix Stupp
adbfd8dff0
server/minecraft: Added comment to firewall rule for server
5 years ago
Felix Stupp
ffd1ff826e
server/minecraft: Fix query port to default minecraft port
5 years ago
Felix Stupp
dd86bec08b
server/minecraft: Allow configure motd
5 years ago
Felix Stupp
d37c1c58bb
misc/backup_files: Allow multiple file backups (bugfix)
5 years ago
Felix Stupp
ecd0eb1eaa
mysql/backup_database: Allow multiple databases backups (bugfix)
5 years ago
Felix Stupp
3f64b70b04
server/minecraft: Optimized JVM execution
5 years ago
Felix Stupp
f3db11cdfe
server/minecraft: Increased priority of service (nice decreased to 2)
5 years ago
Felix Stupp
295554e947
server/minecraft: Allow configuring view distance
5 years ago
Felix Stupp
fea798b83c
server/minecraft: Decreased view distance to 10
5 years ago
Felix Stupp
46889a6e04
server/minecraft/launch: Configured JVM to server mode
5 years ago
Felix Stupp
fc39db2a48
server/minecraft: Added loop_control to complex loops
5 years ago
Felix Stupp
3912baef87
server/minecraft: Added handler for restart if service controlling scripts where changed
5 years ago
Felix Stupp
9d177c783d
server/minecraft: Split service controlling scripts and server controlling scripts
5 years ago
Felix Stupp
9dbd811fdb
server/minecraft/apparmor: Allowed access for checking player logins
5 years ago
Felix Stupp
a4db0c47a2
server/minecraft/launch: Split scipt line into line per argument
5 years ago
Felix Stupp
f8a8f62911
server/minecraft/service: Added sending warning to players about restart
5 years ago
Felix Stupp
895989ec4b
server/minecraft/service: Allowed installation of service
5 years ago
Felix Stupp
08dd7ccc26
server/minecraft: Combined default start_ram and max_ram to ram
5 years ago
Felix Stupp
75d45b724a
server/minecraft: Moved apparmor profile to AA's default location
5 years ago
Felix Stupp
79833e52ca
server/minecraft/apparmor: Used variables for java path replacing version and architecture
5 years ago
Felix Stupp
16fc6bd1f0
server/minecraft/apparmor: Used variables instead of fixed paths
5 years ago
Felix Stupp
5e1e4e6b0a
server/minecraft/apparmor: Fixed access to data directory
5 years ago
Felix Stupp
443de0c28b
server/minecraft/apparmor: Replaced wildcard with pid of protected process
5 years ago
Felix Stupp
f67d2e7414
server/minecraft/apparmor: Reorded /proc directives
5 years ago
Felix Stupp
a4535893a2
mysql/backup_database: Fixed creating correct directory
5 years ago
Felix Stupp
e62a3c7232
common: backup_autoremove: force rm
...
so no error occurs because no parameter was given
5 years ago
Felix Stupp
00fa7852e1
common: backup_autoremove: Fix call find
5 years ago
Felix Stupp
102de98479
common: Configured auto remove of backups
5 years ago
Felix Stupp
8623d84b01
common: Ordered backup_files before backup_mysql_database
5 years ago
Felix Stupp
fce052c32b
common: backup_rename: Fixed getting multiple extensions
5 years ago
Felix Stupp
10ef319008
Moved mysql database backups into certain directory
5 years ago
Felix Stupp
4be0e9377f
Moved file backups into certain directories
5 years ago
Felix Stupp
c959db1d3f
common: backup_mysql_database: Adapted script to structure of backup_files
5 years ago
Felix Stupp
63e0a85dc0
common: backup_files: Rename backups to just date.ext
5 years ago
Felix Stupp
07706a1119
common: backup_rename: Surrounded variable contents with quotation marks
5 years ago
Felix Stupp
a4b47021c3
Replaced shebangs using /usr/bin/env
5 years ago
Felix Stupp
d66a4b5b24
mysql/backup_database: Removed TODO for special user
...
Is not good adaptable in current structure
5 years ago
Felix Stupp
cbb4b5eb79
mysql/backup_database: Create separate script containing backup command
5 years ago
Felix Stupp
fa16579311
misc/backup_files: Create separate script containing backup command
5 years ago
Felix Stupp
e6cbc59571
common: Added create backup scripts directories
5 years ago
Felix Stupp
5b253fd6b6
common: Generalized creating directories for scripts
5 years ago
Felix Stupp
8303d0126e
Extracted role misc/backup_files from server/{gitea,nextcloud}
5 years ago
Felix Stupp
83e249e73c
server/gitea: Removed already done TODO
5 years ago
Felix Stupp
5443259453
mysql/backup_database: Renamed cron job
5 years ago
Felix Stupp
94ee600180
common: backup_files: Fixed packing tar
5 years ago
Felix Stupp
99c4c21cad
Reordered backups_files_directory above backups_mysql_database_directory
5 years ago
Felix Stupp
4874bc2bbd
Renamed global variable backups_databases_directory to backups_mysql_database_directory
...
In order to specify and separate backups of different database services
5 years ago
Felix Stupp
fdb08f1eaf
Extracted role mysql/backup_database from mysql/database
5 years ago
Felix Stupp
73f1db7961
Specified backup_database to backup_mysql_database
5 years ago
Felix Stupp
e8503c41a4
common: Replaced buffer with pv as buffer
...
Also increased buffer size to 256M
5 years ago
Felix Stupp
4c9a2a8eb7
common: Reformated commands
5 years ago
Felix Stupp
9b80b89f27
server/minecraft: Configured rcon port automatically using server port
5 years ago
Felix Stupp
8f35931033
server/minecraft: Configured apparmor profile
5 years ago
Felix Stupp
b3648c9362
server/minecraft: systemd uses launch script for starting service
5 years ago
Felix Stupp
8643456bd9
server/minecraft: Added launch script
5 years ago
Felix Stupp
f5bd293d83
server/minecraft: generalized configuring scripts
5 years ago
Felix Stupp
ad24eed923
server/minecraft: systemd waits until server exited
5 years ago
Felix Stupp
898a30789a
server/minecraft: Allowed global defining of java version
5 years ago
Felix Stupp
37f93d9471
server/minecraft: Allowed auto detecting link for downloading server version
5 years ago
Felix Stupp
82db6cb8fd
Added role server/minecraft
5 years ago
Felix Stupp
ae7361f4c6
server/gitea: update_gitea: Fixed getting newest version
5 years ago
Felix Stupp
cf15eff4f4
server/gitea: update_gitea expanded arguments for readability
5 years ago
Felix Stupp
fb0c1f0901
Changed "ansible_fqdn" to "inventory_hostname"
...
Due to some hosts misconfigure fqdn themselves
5 years ago
Felix Stupp
574b07f2f4
misc/deb_unstable: Allow configuring priority for unstable repository
5 years ago
Felix Stupp
429833c457
account: ignore_errors on configuring authorized_keys
...
Depends on server itself, so this should be optional
5 years ago
Felix Stupp
3547927d5a
acme/certificate: Added support for custom reload cmd
5 years ago
Felix Stupp
46bb166475
server/gitea: Use scp-style uri for ssh cloning
5 years ago
Felix Stupp
431f15b91f
server/gitea: Allow interacting via HTTP
5 years ago
Felix Stupp
67deed23a0
server/nextcloud: Remove become_user at include_tasks
...
Raised error
5 years ago
Felix Stupp
665b6710aa
git_auto_update: Fixed check if reload was successful
5 years ago
Felix Stupp
4445a53b28
git_auto_update: Allowed omiting of sign check
5 years ago
Felix Stupp
c31f3c2f50
git_auto_update: update.sh: Fixed quoting of used variables
5 years ago
Felix Stupp
768cb0cfb4
Reworked wireguard configurations
5 years ago
Felix Stupp
70e92b8c94
Merge branch 'master' of git.banananet.work:banananetwork/ansible
5 years ago
Felix Stupp
a667132cb4
server/nextcloud: Applied security patch
...
CVE-2019-11043
see https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
5 years ago
Felix Stupp
9c63c8516b
nginx/application: Disabled SSL Session Tickets
5 years ago
Felix Stupp
409ea327f0
nginx/application: Increased ssl_cache timeout
5 years ago
Felix Stupp
94f1463a87
mysql/application: Fixed configuring query cache
...
- Added notify
- Changed path of config file
5 years ago
Felix Stupp
e76d90a4f5
server/nextcloud: Added support for APCu cache
5 years ago
Felix Stupp
4c463055b4
server/nextcloud: Restricted regexp modifing nextcloud config
5 years ago
Felix Stupp
b9f060a0ce
nginx/php-fpm: Added installation of apcu cache
5 years ago
Felix Stupp
7df2668208
nginx/php-fpm: Increased size of opcache memory consumption to 256
5 years ago
Felix Stupp
41a41c91fb
mysql/application: Added config for query cache
5 years ago
Felix Stupp
002128686d
server/tt-rss: Configured database to use UTF8MB4
5 years ago
Felix Stupp
206c940d16
nginx/php-pool: Tuned up childs at php
5 years ago
Felix Stupp
a592e7f9c2
misc/debian_unstable: Added flush of handlers for refreshing apt cache
5 years ago
Felix Stupp
670833242a
misc/deb_unstable: Make mirror adaptive to server selection
5 years ago
Felix Stupp
68a0680cb6
misc/ip_discover: Fixed name for credentials directory
5 years ago
Felix Stupp
1f26debcf2
server/node: Added support for specific environment variables
5 years ago
Felix Stupp
34da73722c
Added role ip_discover
5 years ago
Felix Stupp
8b1d9ea65d
misc/docker: Disallowed duplicate execution of role
5 years ago
Felix Stupp
d165074600
wireguard/application: Removed updating apt cache
5 years ago
Felix Stupp
c73872df3a
misc/deb_unstable: Added updating of apt cache using handler
5 years ago
Felix Stupp
283e450c16
misc/handlers: Added handler "update apt cache"
5 years ago
Felix Stupp
caf70f632e
server/node: Added missing handlers dependency
5 years ago
Felix Stupp
fc897ea3b9
nginx/application: Fixed configuring resolver for OCSP Stapling
5 years ago
Felix Stupp
71945523fa
Added role misc/docker
5 years ago
Felix Stupp
71e1b4a17c
common: Added custom fact for dpkg architecture
5 years ago
Felix Stupp
3b86e1f5a6
server/nextcloud: Removed app tasks from nextcloud
5 years ago
Felix Stupp
d0186923b2
server/spotme: Changed default system user to domain
5 years ago
Felix Stupp
e4066f764a
server/nextcloud: Fixed location of admin credential
5 years ago
Felix Stupp
d736b5714d
server/nextcloud: Changed default system user to domain
5 years ago
Felix Stupp
76fd5471e3
server/gitea: Fixed default tokens location
5 years ago
Felix Stupp
3804c7d138
server/gitea: Changed default system user to domain name
5 years ago
Felix Stupp
03884cbf3e
nginx/server: Allowed duplicates of role
5 years ago
Felix Stupp
edf455bf66
nginx/application: Allowed dot files uploads by Nextcloud
5 years ago
Felix Stupp
9a129a7f2f
bootstrap: Added disconnect before removing privileged user
5 years ago
Felix Stupp
3324461e65
account: Added config for authorized_keys
5 years ago
Felix Stupp
afc80db48a
common: backup_files.sh: Disable compression of gpg
5 years ago
Felix Stupp
2bd16aa377
Added role server/tt-rss
5 years ago
Felix Stupp
c21ee11c66
nginx/application: Blocked all hidden directories except well-known
5 years ago
Felix Stupp
502606b1e3
nginx/application: Set type to text for test file
5 years ago
Felix Stupp
57e422b478
nginx/application: Disabled access_log on acme requests
5 years ago
Felix Stupp
efc6431640
Added role server/php
5 years ago
Felix Stupp
8e28bcb0ec
Added role nginx/php
5 years ago
Felix Stupp
72e7857570
nginx/php-pool: Locked reading of php-pool configurations
5 years ago
Felix Stupp
3414e3fd85
nginx/php-pool: Changed group of src directory to nginx user
5 years ago
Felix Stupp
4f1fdf72c7
nginx/php-pool: Added support for env variables
5 years ago
Felix Stupp
452efc2717
common: Reconfigured bash in backup scripts
...
Added options for better error handling
5 years ago
Felix Stupp
7e5ec719d3
server/spotme: Replaced configuration of system user with role usage
5 years ago
Felix Stupp
8e7fd3db9d
git_auto_update: Set default gpg fingerprint to backup fingerprint
5 years ago
Felix Stupp
b2b9466a28
common: Added global variable for backup gpg fingerprint
5 years ago
Felix Stupp
a87b5d84e9
server/spotme: Made use of role node/application
5 years ago
Felix Stupp
5c1a6b6a89
common: Improved helper script gpg_import_url_key
...
- Disabled output from called commands
- Improved shell options when failing
- Alternative return code if key is already stored in keyring
5 years ago
Felix Stupp
151f2ca896
server/nextcloud: Removed disabled task "Upgrade Nextcloud"
5 years ago
Felix Stupp
25b140f90e
server/nextcloud: Enabled app viewer
5 years ago
Felix Stupp
c129d94b73
server/nextcloud: Enabled app privacy
5 years ago
Felix Stupp
9537faa83d
server/nextcloud: Enabled app phonetrack
5 years ago
Felix Stupp
d576736e03
server/nextcloud: Enabled app ocdownloader
5 years ago
Felix Stupp
0eacb52089
server/nextcloud: Enabled app files_markdown
5 years ago
Felix Stupp
f5ee66de70
server/nextcloud: Enabled app files_ebookreader
5 years ago
Felix Stupp
0150c6191d
server/nextcloud: Enabled app cospend
5 years ago
Felix Stupp
3ffd6c06ac
server/nextcloud: Enabled app cookbook
5 years ago
Felix Stupp
cae1f92b60
server/nextcloud: Disabled survey_client app
5 years ago
Felix Stupp
4d735edfe7
server/nextcloud: Added task for disabling not required apps
5 years ago
Felix Stupp
7ac7806dc7
Fixed some lint errors
...
- Added missing default parameters
- Added names to tasks
- Configured changed|failed_when options
- Used command instead of shell module
- Changed local_action to delegate_to
- Added line to file ending
5 years ago
Felix Stupp
02e63f5d2a
server/nextcloud: Moved enabled apps list from tasks to defaults
5 years ago
Felix Stupp
7d4f2a89aa
server/nextcloud: Removed previewgenerator app
5 years ago
Felix Stupp
1819787da4
server/spotme: Used external handler for daemon_reload
5 years ago
Felix Stupp
49f119c6e8
server/node: Used external handler for daemon_reload
5 years ago
Felix Stupp
fd08d83275
Restricted permissions for service files
5 years ago
Felix Stupp
98386df525
Added role server/firefox-sync
5 years ago
Felix Stupp
8abcc88a13
server/nextcloud: Allow access for nginx for seeing php files
5 years ago
Felix Stupp
ec6202bd61
server/gitea: Added doc for var domain on nginx/proxy
5 years ago
Felix Stupp
133d82e0bb
nginx/proxy: Added doc for var upstream_name
5 years ago
Felix Stupp
b6e70b881a
acme: Fixed using correct home and config-home directories
5 years ago
Felix Stupp
5ea380e812
common: Fix auto backup database script
...
Encryption failed
5 years ago
Felix Stupp
2f8ef5dc34
Extracted global var for systemd configuration directory
5 years ago
Felix Stupp
bcfd4cb010
Fixed missing mode setting for others
...
To disallow access from others than user and group
5 years ago
Felix Stupp
5afcd6b738
misc/system_user: Allowed configuring user directory parameters
5 years ago
Felix Stupp
0ea1dac688
account: Documentated input variables
...
- username
- password
5 years ago
Felix Stupp
d9b4510200
account: Added variable for user directory
5 years ago
Felix Stupp
c56ed16851
account: Added configuration for home directory
...
For disabling other read rights on home directory
5 years ago
Felix Stupp
ad87ad2e7d
server/gitea: Removed dumping before update
...
Global backup service should be enough
5 years ago
Felix Stupp
bef682140b
acme/certificate: Removed invalid command argument
5 years ago
Felix Stupp
a3fde6aa3c
acme: Moved certificate handling to custom system user
...
Avoided using root for acme.sh
Modified also role nginx/application
5 years ago
Felix Stupp
9e20b807f1
acme/application: Removed getting if acme is installed
...
As it should be installed or otherwise the playbook failed
5 years ago
Felix Stupp
002ecc28b0
nginx/php-pool: Removed not needed system user configuration
5 years ago
Felix Stupp
5486d06226
nginx/php-fpm: Fixed removing default php-fpm pool
5 years ago
Felix Stupp
964099cfdb
nginx/php-fpm: Added configuration for php opcache
5 years ago
Felix Stupp
c25df42253
common: Reworked ssh configuration generation
5 years ago
Felix Stupp
1a5a7b0611
server/nextcloud: Added app previewgenerator
...
With its own cron job at 3
5 years ago
Felix Stupp
380a5dbf2e
server/nextcloud: Added apps Deck, Dicomviewer and suspicious_login
5 years ago
Felix Stupp
1e5dd61270
wireguard/application: Extracted role misc/deb_unstable
5 years ago
Felix Stupp
0dab3bdad2
Added role node/server
5 years ago
Felix Stupp
a74f532394
Added role node/application
5 years ago