Felix Stupp
ef53197925
misc/system_user: Configured allow_duplicates to true
4 years ago
Felix Stupp
8443555583
nginx/application: Changed port numbers to string
...
To avoid conversion warning of ansible
4 years ago
Felix Stupp
8dd14a365d
misc/backup_files: Replaced old usages of domain with backup_name
4 years ago
Felix Stupp
9462e70ea1
server/spotme: Moved service envs to extra file
...
Otherwise all users would be able to extract data using systemctl show
4 years ago
Felix Stupp
07004c3717
server/tt-rss: Moved service envs in extra file
...
Otherwise all users would be able to extract data using systemctl show
4 years ago
Felix Stupp
9e04a7b39b
server/node: Moved private envs to extra file
...
Otherwise all users would be able to extract data using systemctl show
4 years ago
Felix Stupp
62758cac7c
mysql: Extracted mysql_socket_path into global var
5 years ago
Felix Stupp
f91ef20682
server/gitea: Fixed quoting of vars for update script
5 years ago
Felix Stupp
58749bcc43
acme/certificate: Fixed quoting of nginx_service_name
5 years ago
Felix Stupp
a9c8fd9af3
Moved var nginx_installation_directory to global vars
5 years ago
Felix Stupp
b1a93849a1
Moved var nginx_system_user to global vars
5 years ago
Felix Stupp
34b867994c
nginx/proxy: Moved directives var to defaults
...
Overwrites directives in default of following roles
5 years ago
Felix Stupp
be218e813e
node/application: Removed not neccessary register and when construct
5 years ago
Felix Stupp
4f9cf49f6c
dns/handlers merged into dns/application
5 years ago
Felix Stupp
f46e51115e
acme: Changed underlying package from acme.sh to certbot
5 years ago
Felix Stupp
0f57d44bb1
acme/certificate: Renamed certificate_location to fullchain_location
5 years ago
Felix Stupp
55451f321a
acme,nginx: Reversed dependency to match real dependency
5 years ago
Felix Stupp
9ad4ada018
acme,nginx: Renamed var for validation root to acme prefix
5 years ago
Felix Stupp
d48d4885d7
Extracted admin_mail into global var
5 years ago
Felix Stupp
6dcea566d6
acme/certificate: Removed invalid --ecc parameter
5 years ago
Felix Stupp
0e49941e1a
acme/certificate: Fixed quoting for acme.sh commands
5 years ago
Felix Stupp
98b7f4744e
Extracted service_name of nginx to global var
5 years ago
Felix Stupp
9fa36a210f
acme/certificate: Changed default reload command to "reload nginx"
5 years ago
Felix Stupp
45645de557
Moved conversion from domain to username into filter with shorts table
5 years ago
Felix Stupp
00ef0cd61a
server/gitea: Changed default database_user to system_user
...
To be equal to other server roles
5 years ago
Felix Stupp
67308818f5
server/minecraft: Changed dns entries format to new one
5 years ago
Felix Stupp
829d67f0b8
nginx/static: Moved directives into var
5 years ago
Felix Stupp
08d3382528
nginx/static: Fix indention for location
5 years ago
Felix Stupp
b0cc2b8ca1
dns/master: Make backups of dynamic zone data
5 years ago
Felix Stupp
ae42f963a2
dns: Transfered master zones from makefile approach to dynamic updates approach
5 years ago
Felix Stupp
0232319ccd
dns/master: Configured dnssec-policy for automatic KASP
5 years ago
Felix Stupp
ae995dec67
dns/entries: Prefixed entries name with "server:"
5 years ago
Felix Stupp
3d274d9996
dns/application: Fixed indent
5 years ago
Felix Stupp
93b5ba9e4b
misc/backup_files: Fixed conversion of timing data to str
5 years ago
Felix Stupp
ddc1da5c3c
misc/backup_files: Use backup_name for name of tasks
5 years ago
Felix Stupp
d1e14a9de9
misc/backup_files: Added & used variable for backup_target
...
Ensures usage of backup_name insted of domain
5 years ago
Felix Stupp
b6d9b1deb5
dns/entries: Fixed reference to var dns_zone_domain
5 years ago
Felix Stupp
360172f8db
dns/master: Moved default tts var to global var
5 years ago
Felix Stupp
72ee42d539
dns/master: Allow configure default ttl
5 years ago
Felix Stupp
3008672ded
dns/master: Added section comments to zone.conf
5 years ago
Felix Stupp
a41f4c1c3f
dns/master: Adapted generate-keys to inline-signing (only gen KSK)
5 years ago
Felix Stupp
be6303576a
dns/application: Added configuration for session-key
5 years ago
Felix Stupp
49d53d0213
dns/application: Removed obsolete dnssec directives
5 years ago
Felix Stupp
0e96fcbe34
dns/application: Fixed defining role dependencies
5 years ago
Felix Stupp
99e58d4224
common: Added helper nsupdate_keygen
5 years ago
Felix Stupp
0b7e2cb923
dns/application: Changed vars in makefile to support further dest files
5 years ago
Felix Stupp
1ceb1999ff
common: Changed include_tasks to import_tasks
...
To enable static instead of dynamic imports
5 years ago
Felix Stupp
36da702163
nginx/application: Disable log for HTTPs forwarding
5 years ago
Felix Stupp
d8405a223b
server/nextcloud: Added hint for source of var redis_socket_path
5 years ago
Felix Stupp
d8421b49bb
server/gitea: Renamed var gitea_user_directory to user_directory
5 years ago
Felix Stupp
fe0a677b13
git_auto_update: Used long parameters
5 years ago
Felix Stupp
e30121cae2
git_auto_update: Improved comparism with GPG fingerprint
...
Configured grep to compare againg fixed strings, not regexp
5 years ago
Felix Stupp
f2b6e41645
git_auto_update: Fixed default reload_command to "true"
...
An empty default value would result in an error thrown.
5 years ago
Felix Stupp
818515cc05
server/gitea: Reworked logging configuration to contain (only) required information
5 years ago
Felix Stupp
49dd6e4da1
server/gitea/app.ini: Removed not required log settings
5 years ago
Felix Stupp
072ace6438
server/gitea: Configured fail2ban protection
5 years ago
Felix Stupp
d81f883e50
server/gitea: Disable colorizing logs for fail2ban
5 years ago
Felix Stupp
d630988291
Added role fail2ban/rule
5 years ago
Felix Stupp
2eaf8034f7
server/gitea: Reconfigured log to be minimal and adapted to systemd
5 years ago
Felix Stupp
85028e1dcb
fail2ban/application: Moved service_name to global var
5 years ago
Felix Stupp
239ef3124e
fail2ban/application: Moved vars to global part
...
Because paths are not user-configured but given by package/system
5 years ago
Felix Stupp
66e38ebcde
server/nextcloud: Enabled APCu cache for cron job
5 years ago
Felix Stupp
cf4a4863f4
server/nextcloud: Reformatted cron job line to meet format requirements
5 years ago
Felix Stupp
c6a9c15e14
server/nextcloud: Enabled redis cache
5 years ago
Felix Stupp
f3d7f2f8a2
Added roles for redis (application, instance)
5 years ago
Felix Stupp
b5ca1ce80f
server/nextcloud: Renamed var nextcloud_user_directory to user_directory
5 years ago
Felix Stupp
8e22085ba7
server/nextcloud: Moved "config APCu cache" to "add add. entries" with blockinfile task
5 years ago
Felix Stupp
d40a8cee92
server/nextcloud: Fixed changing configuration of nextcloud instance
...
- Fixes configuring APCu cache
5 years ago
Felix Stupp
5c374bc977
nginx/application: Added security relevant HTTP headers to global config
...
Duplicates removed from server/nextcloud
5 years ago
Felix Stupp
fc2a098ff2
server/nextcloud: Fixed disallowing well-known as dot file
5 years ago
Felix Stupp
7889e10385
nginx/php-pool: Fixed default disabling of status_page_path
5 years ago
Felix Stupp
b7d34b28ee
nginx/php: Made name of task more descriptive
5 years ago
Felix Stupp
9d8d041241
nginx/application: Fixed typo of "unnecessary"
5 years ago
Felix Stupp
28d49be899
server/nextcloud: Added support for php-fpm status page
5 years ago
Felix Stupp
458babf82c
nginx/php: Added support for php-fpm status page
5 years ago
Felix Stupp
2a672cb597
nginx/default_server: Extracted status_page_acl var
5 years ago
Felix Stupp
ce55e33fda
nginx/php-pool: Added support for enabling status page
5 years ago
Felix Stupp
e91f9d1a81
nginx/default_server: Hide status page by answering 403 always
5 years ago
Felix Stupp
74a62e861f
Added role nginx/default_server
...
To prevent circular dependencies, role must be included manually on
required servers
5 years ago
Felix Stupp
7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP
...
Can be derived by given certificate for host
5 years ago
Felix Stupp
48588ee0dd
server/spotme: Removed not required dependencies
5 years ago
Felix Stupp
647f112c2b
nginx/server: Extracted special pre directives into configurable vars
5 years ago
Felix Stupp
11814fe236
nginx/server: Added explicit dependency to nginx/application
5 years ago
Felix Stupp
61c7f72422
nginx/server: Removed ssl on directive
...
Should no longer be used, listen + ssl marker is working as expected
5 years ago
Felix Stupp
fbca70f81f
dns/master: Create keys directory writeable for bind
...
To apply KASP later
5 years ago
Felix Stupp
d73e250b36
dns/master: Changed owner and adapted permissions of zone directory
5 years ago
Felix Stupp
22fde40ac5
dns/application: Changed bind9 source to official source
5 years ago
Felix Stupp
a51225ccc8
dns/application: Allowed bind using AppArmor to write temporary journal files
5 years ago
Felix Stupp
646e6d5c75
dns: Configured service name using global variable
5 years ago
Felix Stupp
77d1e84117
dns: Fixed variable structure of var domain_environment_directory
5 years ago
Felix Stupp
be8418d546
misc/backup_files: Added variable backup_name as alternative of name by domain
5 years ago
Felix Stupp
12e47c19c9
all/vars: Added var global_log_directory
...
Added usage in role nginx/application
5 years ago
Felix Stupp
51404e3a3d
misc/system_user: Added output var system_user_info
5 years ago
Felix Stupp
08a37c6dab
nginx/application: Configure dhparams for SSL
5 years ago
Felix Stupp
586163c9d0
Added role misc/dhparams
5 years ago
Felix Stupp
6fbf62cddd
dns/application: Added zone.db.jnl files to allowed files for bind to write
5 years ago
Felix Stupp
f2e669734b
common: Readd package acl
...
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user
This reverts commit 3c7fb65ac9
.
5 years ago
Felix Stupp
c258a5d1bb
server/minecraft: Add SRV dns entry
5 years ago
Felix Stupp
55b27c041b
dns: Extracted role entries from server_entries
5 years ago
Felix Stupp
39771c907f
dns/server_entries: Renamed var all_entries to entries
5 years ago
Felix Stupp
9d23e12a16
dns/master: Now considered vars for nameserver and mail to be absolute
...
Meaning the var itself must not have a dot at the end of the name,
but an usage of the variable may need to append a dot.
5 years ago
Felix Stupp
40c6a3ab0f
dns/server_entries: Allow duplicate execution of role
5 years ago
Felix Stupp
1958c4df54
dns: Renamed role entries to server_entries
...
To distinguish between simple entries role (coming in the future) and
entries role bundled with server-related entries (A, AAAA, SSHFP)
5 years ago
Felix Stupp
08fafbf98f
dns/entries: Fixed SYNC comment to role dns/master
5 years ago
Felix Stupp
9121fd2c37
server/tt-rss: Moved repo clone method to standardized release tags
5 years ago
Felix Stupp
debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
...
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
5 years ago
Felix Stupp
cca87f6425
nginx/php: Changed global include to root include
...
root snippet is there for file based servers, including php
5 years ago
Felix Stupp
f2c92e94e2
nginx: Moved index directive from root snippet to specific static role
5 years ago
Felix Stupp
dd48448828
nginx/php: Removed debian-specific index file from config
5 years ago
Felix Stupp
58955871ad
nginx/application: Removed specfic exclusion of htaccess files
...
Because dot files are already blocked in general
5 years ago
Felix Stupp
9394b66f47
wireguard/application: Added sorting of peer files before combining
5 years ago
Felix Stupp
e09fb25104
Added role misc/dnsmasq as dnssec resolver
5 years ago
Felix Stupp
2158b2717d
dns/master: Added support for dname to root zone
5 years ago
Felix Stupp
0b388a7e9a
git_auto_update: Added brackets for less ambiguity
5 years ago
Felix Stupp
9a8996d69e
git_auto_update: Increased check options for update script
5 years ago
Felix Stupp
2515ab82db
roles/nfs: Improved var usages
...
- Extracted global_nfs_directory from default root_directory
- Added usage of export_path
5 years ago
Felix Stupp
04c71a8611
common: ssh makefile: Sort part files before combining
5 years ago
Felix Stupp
d09b7ea8c3
mysql: Configure mysql_user and mysql_password
5 years ago
Felix Stupp
164cdbbc79
common: Tagged ip blocklist for easier skipping
5 years ago
Felix Stupp
187f573d4f
common: Added pv to required common packages
5 years ago
Felix Stupp
424b85eec8
mysql/database: Added database_template function
5 years ago
Felix Stupp
c6309b92ad
mysql/database: Documented database_user as required var
5 years ago
Felix Stupp
a3eb7778a8
server/nextcloud: Add packages for SMB access
5 years ago
Felix Stupp
2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries
5 years ago
Felix Stupp
5a41a9afc9
acme/certificate: Document var domain as required
5 years ago
Felix Stupp
b3620fa3c8
dns/application: makefile combine: Sort files before combining
...
Ensures 0_main.db is before other files
5 years ago
Felix Stupp
979abba1aa
Added role dns/entries for configuring dns entries
5 years ago
Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
5 years ago
Felix Stupp
748999d36d
dns: Moved var zones_environment_directory to global vars
5 years ago
Felix Stupp
f8c01d46f6
dns/master: Fix permissions for dns env dir
5 years ago
Felix Stupp
bf00dcb6dd
dns/application: Moved var configuration_directory to global vars
5 years ago
Felix Stupp
eb632a8f2c
dns/master: Store mapping of domain to host in public_keys
5 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
5 years ago
Felix Stupp
c58223c21b
server/gitea: Disable logging of SQL requests
5 years ago
Felix Stupp
3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config
5 years ago
Felix Stupp
2526033405
fail2ban/application: Send log messages to journald
5 years ago
Felix Stupp
0043d6255a
nginx/application global.conf: Added comment to excluding hidden files
5 years ago
Felix Stupp
025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
...
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
- Only combining of zone files and setting serial number
- signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
5 years ago
Felix Stupp
274f658016
nginx/php-pool: Fixed permissions for other
5 years ago
Felix Stupp
e85ad8fed3
dns: Fixed applying permissions to directories
5 years ago
Felix Stupp
c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK"
...
Only required and beneficial for ZSK
5 years ago
Felix Stupp
905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment
5 years ago
Felix Stupp
7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names
5 years ago
Felix Stupp
4e6df015f5
Added roles nfs/server and nfs/export
5 years ago
Felix Stupp
24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh"
5 years ago
Felix Stupp
a03a335430
account: Added bmon to tools list
5 years ago
Felix Stupp
a576893776
misc/docker: Install docker-compose bindings for python3
5 years ago
Felix Stupp
b600f678ca
misc/docker: Install python3 docker bindings using package manager
5 years ago
Felix Stupp
8758553a02
common: Install explicit python3 interpreter
5 years ago
Felix Stupp
2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
...
To allow Ansible to validate the main config if placed on different
locations
5 years ago