Felix Stupp
fe0a677b13
git_auto_update: Used long parameters
5 years ago
Felix Stupp
e30121cae2
git_auto_update: Improved comparism with GPG fingerprint
...
Configured grep to compare againg fixed strings, not regexp
5 years ago
Felix Stupp
f2b6e41645
git_auto_update: Fixed default reload_command to "true"
...
An empty default value would result in an error thrown.
5 years ago
Felix Stupp
818515cc05
server/gitea: Reworked logging configuration to contain (only) required information
5 years ago
Felix Stupp
49dd6e4da1
server/gitea/app.ini: Removed not required log settings
5 years ago
Felix Stupp
072ace6438
server/gitea: Configured fail2ban protection
5 years ago
Felix Stupp
d81f883e50
server/gitea: Disable colorizing logs for fail2ban
5 years ago
Felix Stupp
d630988291
Added role fail2ban/rule
5 years ago
Felix Stupp
2eaf8034f7
server/gitea: Reconfigured log to be minimal and adapted to systemd
5 years ago
Felix Stupp
85028e1dcb
fail2ban/application: Moved service_name to global var
5 years ago
Felix Stupp
239ef3124e
fail2ban/application: Moved vars to global part
...
Because paths are not user-configured but given by package/system
5 years ago
Felix Stupp
66e38ebcde
server/nextcloud: Enabled APCu cache for cron job
5 years ago
Felix Stupp
cf4a4863f4
server/nextcloud: Reformatted cron job line to meet format requirements
5 years ago
Felix Stupp
c6a9c15e14
server/nextcloud: Enabled redis cache
5 years ago
Felix Stupp
f3d7f2f8a2
Added roles for redis (application, instance)
5 years ago
Felix Stupp
b5ca1ce80f
server/nextcloud: Renamed var nextcloud_user_directory to user_directory
5 years ago
Felix Stupp
8e22085ba7
server/nextcloud: Moved "config APCu cache" to "add add. entries" with blockinfile task
5 years ago
Felix Stupp
d40a8cee92
server/nextcloud: Fixed changing configuration of nextcloud instance
...
- Fixes configuring APCu cache
5 years ago
Felix Stupp
5c374bc977
nginx/application: Added security relevant HTTP headers to global config
...
Duplicates removed from server/nextcloud
5 years ago
Felix Stupp
fc2a098ff2
server/nextcloud: Fixed disallowing well-known as dot file
5 years ago
Felix Stupp
7889e10385
nginx/php-pool: Fixed default disabling of status_page_path
5 years ago
Felix Stupp
b7d34b28ee
nginx/php: Made name of task more descriptive
5 years ago
Felix Stupp
9d8d041241
nginx/application: Fixed typo of "unnecessary"
5 years ago
Felix Stupp
28d49be899
server/nextcloud: Added support for php-fpm status page
5 years ago
Felix Stupp
458babf82c
nginx/php: Added support for php-fpm status page
5 years ago
Felix Stupp
2a672cb597
nginx/default_server: Extracted status_page_acl var
5 years ago
Felix Stupp
ce55e33fda
nginx/php-pool: Added support for enabling status page
5 years ago
Felix Stupp
e91f9d1a81
nginx/default_server: Hide status page by answering 403 always
5 years ago
Felix Stupp
74a62e861f
Added role nginx/default_server
...
To prevent circular dependencies, role must be included manually on
required servers
5 years ago
Felix Stupp
7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP
...
Can be derived by given certificate for host
5 years ago
Felix Stupp
48588ee0dd
server/spotme: Removed not required dependencies
5 years ago
Felix Stupp
647f112c2b
nginx/server: Extracted special pre directives into configurable vars
5 years ago
Felix Stupp
11814fe236
nginx/server: Added explicit dependency to nginx/application
5 years ago
Felix Stupp
61c7f72422
nginx/server: Removed ssl on directive
...
Should no longer be used, listen + ssl marker is working as expected
5 years ago
Felix Stupp
fbca70f81f
dns/master: Create keys directory writeable for bind
...
To apply KASP later
5 years ago
Felix Stupp
d73e250b36
dns/master: Changed owner and adapted permissions of zone directory
5 years ago
Felix Stupp
22fde40ac5
dns/application: Changed bind9 source to official source
5 years ago
Felix Stupp
a51225ccc8
dns/application: Allowed bind using AppArmor to write temporary journal files
5 years ago
Felix Stupp
646e6d5c75
dns: Configured service name using global variable
5 years ago
Felix Stupp
77d1e84117
dns: Fixed variable structure of var domain_environment_directory
5 years ago
Felix Stupp
be8418d546
misc/backup_files: Added variable backup_name as alternative of name by domain
5 years ago
Felix Stupp
12e47c19c9
all/vars: Added var global_log_directory
...
Added usage in role nginx/application
5 years ago
Felix Stupp
51404e3a3d
misc/system_user: Added output var system_user_info
5 years ago
Felix Stupp
08a37c6dab
nginx/application: Configure dhparams for SSL
5 years ago
Felix Stupp
586163c9d0
Added role misc/dhparams
5 years ago
Felix Stupp
6fbf62cddd
dns/application: Added zone.db.jnl files to allowed files for bind to write
5 years ago
Felix Stupp
f2e669734b
common: Readd package acl
...
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user
This reverts commit 3c7fb65ac9
.
5 years ago
Felix Stupp
c258a5d1bb
server/minecraft: Add SRV dns entry
5 years ago
Felix Stupp
55b27c041b
dns: Extracted role entries from server_entries
5 years ago
Felix Stupp
39771c907f
dns/server_entries: Renamed var all_entries to entries
5 years ago
Felix Stupp
9d23e12a16
dns/master: Now considered vars for nameserver and mail to be absolute
...
Meaning the var itself must not have a dot at the end of the name,
but an usage of the variable may need to append a dot.
5 years ago
Felix Stupp
40c6a3ab0f
dns/server_entries: Allow duplicate execution of role
5 years ago
Felix Stupp
1958c4df54
dns: Renamed role entries to server_entries
...
To distinguish between simple entries role (coming in the future) and
entries role bundled with server-related entries (A, AAAA, SSHFP)
5 years ago
Felix Stupp
08fafbf98f
dns/entries: Fixed SYNC comment to role dns/master
5 years ago
Felix Stupp
9121fd2c37
server/tt-rss: Moved repo clone method to standardized release tags
5 years ago
Felix Stupp
debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
...
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
5 years ago
Felix Stupp
cca87f6425
nginx/php: Changed global include to root include
...
root snippet is there for file based servers, including php
5 years ago
Felix Stupp
f2c92e94e2
nginx: Moved index directive from root snippet to specific static role
5 years ago
Felix Stupp
dd48448828
nginx/php: Removed debian-specific index file from config
5 years ago
Felix Stupp
58955871ad
nginx/application: Removed specfic exclusion of htaccess files
...
Because dot files are already blocked in general
5 years ago
Felix Stupp
9394b66f47
wireguard/application: Added sorting of peer files before combining
5 years ago
Felix Stupp
e09fb25104
Added role misc/dnsmasq as dnssec resolver
5 years ago
Felix Stupp
2158b2717d
dns/master: Added support for dname to root zone
5 years ago
Felix Stupp
0b388a7e9a
git_auto_update: Added brackets for less ambiguity
5 years ago
Felix Stupp
9a8996d69e
git_auto_update: Increased check options for update script
5 years ago
Felix Stupp
2515ab82db
roles/nfs: Improved var usages
...
- Extracted global_nfs_directory from default root_directory
- Added usage of export_path
5 years ago
Felix Stupp
04c71a8611
common: ssh makefile: Sort part files before combining
5 years ago
Felix Stupp
d09b7ea8c3
mysql: Configure mysql_user and mysql_password
5 years ago
Felix Stupp
164cdbbc79
common: Tagged ip blocklist for easier skipping
5 years ago
Felix Stupp
187f573d4f
common: Added pv to required common packages
5 years ago
Felix Stupp
424b85eec8
mysql/database: Added database_template function
5 years ago
Felix Stupp
c6309b92ad
mysql/database: Documented database_user as required var
5 years ago
Felix Stupp
a3eb7778a8
server/nextcloud: Add packages for SMB access
5 years ago
Felix Stupp
2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries
5 years ago
Felix Stupp
5a41a9afc9
acme/certificate: Document var domain as required
5 years ago
Felix Stupp
b3620fa3c8
dns/application: makefile combine: Sort files before combining
...
Ensures 0_main.db is before other files
5 years ago
Felix Stupp
979abba1aa
Added role dns/entries for configuring dns entries
5 years ago
Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
5 years ago
Felix Stupp
748999d36d
dns: Moved var zones_environment_directory to global vars
5 years ago
Felix Stupp
f8c01d46f6
dns/master: Fix permissions for dns env dir
5 years ago
Felix Stupp
bf00dcb6dd
dns/application: Moved var configuration_directory to global vars
5 years ago
Felix Stupp
eb632a8f2c
dns/master: Store mapping of domain to host in public_keys
5 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
5 years ago
Felix Stupp
c58223c21b
server/gitea: Disable logging of SQL requests
5 years ago
Felix Stupp
3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config
5 years ago
Felix Stupp
2526033405
fail2ban/application: Send log messages to journald
5 years ago
Felix Stupp
0043d6255a
nginx/application global.conf: Added comment to excluding hidden files
5 years ago
Felix Stupp
025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
...
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
- Only combining of zone files and setting serial number
- signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
5 years ago
Felix Stupp
274f658016
nginx/php-pool: Fixed permissions for other
5 years ago
Felix Stupp
e85ad8fed3
dns: Fixed applying permissions to directories
5 years ago
Felix Stupp
c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK"
...
Only required and beneficial for ZSK
5 years ago
Felix Stupp
905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment
5 years ago
Felix Stupp
7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names
5 years ago
Felix Stupp
4e6df015f5
Added roles nfs/server and nfs/export
5 years ago
Felix Stupp
24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh"
5 years ago
Felix Stupp
a03a335430
account: Added bmon to tools list
5 years ago
Felix Stupp
a576893776
misc/docker: Install docker-compose bindings for python3
5 years ago
Felix Stupp
b600f678ca
misc/docker: Install python3 docker bindings using package manager
5 years ago
Felix Stupp
8758553a02
common: Install explicit python3 interpreter
5 years ago
Felix Stupp
2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
...
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp
ff7275cb60
server/{linx,spotme}: Removed default bind_port
5 years ago
Felix Stupp
4a186854cf
server/node: Renamed variable app_port to bind_port
5 years ago
Felix Stupp
f6c1aff55a
server/spotme: Renamed variable spotme_port to bind_port
5 years ago
Felix Stupp
7e0df4abc5
Added variable local_user for user running playbook
...
Useful if tasks store data on the local machine
5 years ago
Felix Stupp
9d50f84321
server/firefox-sync: Changed remote repo url back to official repo
5 years ago
Felix Stupp
f91f2bc325
Added role fail2ban/application
5 years ago
Felix Stupp
c110a24e9f
common: sshd: Disable weak key algorithms
5 years ago
Felix Stupp
505c85eb11
common: Disable root login over ssh
5 years ago
Felix Stupp
651794a136
common: sshd: Disable X11 Forwarding globally
5 years ago
Felix Stupp
baace3ce16
misc/handlers: Changed "restart ssh" to "reload ssh"
5 years ago
Felix Stupp
025d8a3256
Added role misc/ssh_tg_notify
...
- Added role to common site
- Added variables required to global vars and vault
5 years ago
Felix Stupp
69b884ad3f
bootstrap: Configure ssh key used to connect on new user
5 years ago
Felix Stupp
f610812fc7
bootstrap: Ensure user has .ssh/authorized_keys before trying to copy
5 years ago
Felix Stupp
096554f37b
mqtt/user: Fixed usage of var user (before username)
5 years ago
Felix Stupp
fe393bd246
mqtt/application: Enforce sort part files before combining for acl and auth
5 years ago
Felix Stupp
1a608ce172
mqtt/application: Remove config use_username_as_clientid
...
Seems to block users with different username and clientid
5 years ago
Felix Stupp
e18f7f32e0
mqtt/application: Add paths for acl and auth files to config
5 years ago
Felix Stupp
46e932049e
mqtt/application: Allow root to read SYS topics
5 years ago
Felix Stupp
b6de0c1a4d
mqtt/application: Fix usage of variable configuration_directory
5 years ago
Felix Stupp
cf632d1a56
mqtt: Ensure create auth files before writing using mosquitto_passwd
...
Fixes error on calling tool if file does not exist
5 years ago
Felix Stupp
4b6cef5c10
mqtt/application: Notify handlers on change to makefile
5 years ago
Felix Stupp
82c7666ae8
mqtt/application: Fix port for mosquitto server
5 years ago
Felix Stupp
81dab362a6
misc/docker: Do not install recommended packages to fix issue on raspberry
5 years ago
Felix Stupp
fcae6e8429
Added blocklist of known malicious ip addresses applied by role common
5 years ago
Felix Stupp
f2c9b17194
Moved packages only required for admin account from role common to role account
5 years ago
Felix Stupp
25df92ee7b
common: Removed package buffer
...
Replaced by pv integrated buffering
which supports greater limits.
5 years ago
Felix Stupp
e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https
5 years ago
Felix Stupp
3c7fb65ac9
common: Removed package acl
...
Not installable on Raspbian and also not used on any Debian system
5 years ago
Felix Stupp
9e8d1b5220
common: Fix applying sources.list for different distributions
5 years ago
Felix Stupp
b3f05edb6f
account: Added exa to packages
5 years ago
Felix Stupp
8ebe8aecfb
nginx/application: Hide server tokens per default
5 years ago
Felix Stupp
69dfba9911
mqtt/application: Added linking of configuration directory to environment
5 years ago
Felix Stupp
18832f4eb0
mqtt/application: Fixed names of variables admin_{user,pass}
5 years ago
Felix Stupp
9dc203621e
mqtt: Fixed wording 'notifiy' to 'notify'
5 years ago
Felix Stupp
0b69a41ebc
Added roles mqtt/application and mqtt/user
5 years ago
Felix Stupp
ab1a067cff
dns/master: Added flush_handlers before role ends
5 years ago
Felix Stupp
371b1d5751
dns/application: Fixed permissions for zone databases directories
5 years ago
Felix Stupp
64576c8ff5
dns/master: zone.makefile: Added cd to key signing
5 years ago
Felix Stupp
ab61090340
dns/master: zone.makefile: Added check for directories not equal
5 years ago
Felix Stupp
bb8a2759ec
dns/master: zone.makefile: Changed usage of var dest
5 years ago
Felix Stupp
d052a08f0d
dns/master: zone.makefile: Fixed format
5 years ago
Felix Stupp
ebbacdce0c
dns/master: Added dependency to role dns/master_handlers
5 years ago
Felix Stupp
73c9a72590
dns: Fixed usages of var dns_zones_configuration_environment_directory
5 years ago
Felix Stupp
0662df1ca5
dns/master: Let serial number configured by dnssec-signzone
5 years ago
Felix Stupp
d8f1b36ee1
dns/master: Moved building of zone files to makefile
5 years ago
Felix Stupp
208e277e79
Added role dns/master_handlers for makefile handler
5 years ago
Felix Stupp
d7991e0bbb
dns/master: Added configuring configuration environment
5 years ago
Felix Stupp
5627a36949
dns/master: Extracted database_signed_file_name of database_signed_file
5 years ago
Felix Stupp
a206642f77
dns/master: Extracted database_file_name of database_file
5 years ago
Felix Stupp
36bf7f9d18
dns/master: Declared var domain to be required
5 years ago
Felix Stupp
141d343d6d
Extracted dns/handlers out of dns/applications
5 years ago
Felix Stupp
8e95846002
dns/master: Added create zone environment directory
5 years ago
Felix Stupp
de2bfe430c
dns/master: Rewrite create zone directories using loop
5 years ago
Felix Stupp
065050d5c2
dns/application: Added zone configuration environment directory
5 years ago
Felix Stupp
479430a9e9
dns/application: Reconfigured creating zone directories using loop
5 years ago
Felix Stupp
19b5fb3f9e
dns/application: Configured directory permissions for zones directory
5 years ago
Felix Stupp
8aacd27f31
dns/application: Configured group owner for bind main configuration
5 years ago
Felix Stupp
c8dc602f09
account: Configure sudo insults
5 years ago
Felix Stupp
ff3d6cba8e
Added group os_raspbian
5 years ago
Felix Stupp
78032d343f
common: Made sources.list dependent of distribution
5 years ago
Felix Stupp
5555c86357
server/gitea: Reworked configuration with defaults
5 years ago
Felix Stupp
a9798fedc8
server/gitea: Fixed output of wget in update script
5 years ago
Felix Stupp
e9db3d7d56
misc/backup: Secured shell commands for file backups
5 years ago
Felix Stupp
a150266548
server/minecraft: Enabled auto backup
5 years ago
Felix Stupp
6dd5c75e67
misc/backup_files: Added support for commands executed before / after backup
5 years ago
Felix Stupp
3fb273aaae
server/minecraft: Fixed downloading Minecraft Server version
5 years ago
Felix Stupp
e0342a6bba
server/linx: Added helper script for uploading files to the service
5 years ago
Felix Stupp
3737a2ad10
server/nextcloud: Added apps against ransomware to default
5 years ago
Felix Stupp
e24613d02c
acme/application: Added installing helper scripts for managing
5 years ago
Felix Stupp
e2b7778c8b
nginx/application: Changed Referrer-Policy to strict-origin
...
For better enforcing of secure handling of referrer information
5 years ago
Felix Stupp
54a8ad0d86
server/nextcloud: Removed doubled referrer-policy
...
Referrer-Policy already configured by global configuration
5 years ago
Felix Stupp
1855deb351
nginx/server: Documentated required variables
5 years ago
Felix Stupp
bc8233990f
common: Scheduled removal of old backups at 0:30
...
So for the most time two states are stored on the server.
The storage which will stay free can be better used to calculate the
storage which can still be used by dividing the free storage by 3.
5 years ago
Felix Stupp
ff054f4a04
Added role server/linx
5 years ago
Felix Stupp
8b75c49917
nginx/proxy: Made dependent on nginx/server and allowed additional directives
5 years ago
Felix Stupp
92b98dd3fe
server/gitea: Allow duplicate execution of role for multiple servers
5 years ago
Felix Stupp
79cf87663e
server/minecraft: Removed comment "for naming" of minecraft_version
...
As the minecraft_version now indicates the to get installed version
5 years ago
Felix Stupp
d0907975ad
server/minecraft: Allow query requests in minecraft server
5 years ago
Felix Stupp
a65ba1ec64
server/minecraft: Allow query requests through firewall
5 years ago
Felix Stupp
7fad2a89be
server/minecraft: Allow configure of query port
5 years ago
Felix Stupp
adbfd8dff0
server/minecraft: Added comment to firewall rule for server
5 years ago
Felix Stupp
ffd1ff826e
server/minecraft: Fix query port to default minecraft port
5 years ago
Felix Stupp
dd86bec08b
server/minecraft: Allow configure motd
5 years ago
Felix Stupp
d37c1c58bb
misc/backup_files: Allow multiple file backups (bugfix)
5 years ago
Felix Stupp
ecd0eb1eaa
mysql/backup_database: Allow multiple databases backups (bugfix)
5 years ago
Felix Stupp
3f64b70b04
server/minecraft: Optimized JVM execution
5 years ago
Felix Stupp
f3db11cdfe
server/minecraft: Increased priority of service (nice decreased to 2)
5 years ago
Felix Stupp
295554e947
server/minecraft: Allow configuring view distance
5 years ago
Felix Stupp
fea798b83c
server/minecraft: Decreased view distance to 10
5 years ago
Felix Stupp
46889a6e04
server/minecraft/launch: Configured JVM to server mode
5 years ago
Felix Stupp
fc39db2a48
server/minecraft: Added loop_control to complex loops
5 years ago
Felix Stupp
3912baef87
server/minecraft: Added handler for restart if service controlling scripts where changed
5 years ago
Felix Stupp
9d177c783d
server/minecraft: Split service controlling scripts and server controlling scripts
5 years ago
Felix Stupp
9dbd811fdb
server/minecraft/apparmor: Allowed access for checking player logins
5 years ago
Felix Stupp
a4db0c47a2
server/minecraft/launch: Split scipt line into line per argument
5 years ago
Felix Stupp
f8a8f62911
server/minecraft/service: Added sending warning to players about restart
5 years ago
Felix Stupp
895989ec4b
server/minecraft/service: Allowed installation of service
5 years ago
Felix Stupp
08dd7ccc26
server/minecraft: Combined default start_ram and max_ram to ram
5 years ago
Felix Stupp
75d45b724a
server/minecraft: Moved apparmor profile to AA's default location
5 years ago
Felix Stupp
79833e52ca
server/minecraft/apparmor: Used variables for java path replacing version and architecture
5 years ago