banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity
916 Commits
3 Branches
0 Tags
1.7 MiB
master
dehydrated
wip
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '05c0d5fa7b'
${ noResults }
Commit Graph

667 Commits (05c0d5fa7bd1dbb69104ff3168c9ddb149b024e5)

Author SHA1 Message Date
Felix Stupp 4f9cf49f6c
dns/handlers merged into dns/application 4 years ago
Felix Stupp f46e51115e
acme: Changed underlying package from acme.sh to certbot 4 years ago
Felix Stupp 0f57d44bb1
acme/certificate: Renamed certificate_location to fullchain_location 4 years ago
Felix Stupp 55451f321a
acme,nginx: Reversed dependency to match real dependency 4 years ago
Felix Stupp 9ad4ada018
acme,nginx: Renamed var for validation root to acme prefix 4 years ago
Felix Stupp d48d4885d7
Extracted admin_mail into global var 4 years ago
Felix Stupp 6dcea566d6
acme/certificate: Removed invalid --ecc parameter 4 years ago
Felix Stupp 0e49941e1a
acme/certificate: Fixed quoting for acme.sh commands 4 years ago
Felix Stupp 98b7f4744e
Extracted service_name of nginx to global var 4 years ago
Felix Stupp 9fa36a210f
acme/certificate: Changed default reload command to "reload nginx" 4 years ago
Felix Stupp 45645de557
Moved conversion from domain to username into filter with shorts table 4 years ago
Felix Stupp 00ef0cd61a
server/gitea: Changed default database_user to system_user 
To be equal to other server roles
 4 years ago
Felix Stupp 67308818f5
server/minecraft: Changed dns entries format to new one 4 years ago
Felix Stupp 829d67f0b8
nginx/static: Moved directives into var 4 years ago
Felix Stupp 08d3382528
nginx/static: Fix indention for location 4 years ago
Felix Stupp b0cc2b8ca1
dns/master: Make backups of dynamic zone data 4 years ago
Felix Stupp ae42f963a2
dns: Transfered master zones from makefile approach to dynamic updates approach 4 years ago
Felix Stupp 0232319ccd
dns/master: Configured dnssec-policy for automatic KASP 4 years ago
Felix Stupp ae995dec67
dns/entries: Prefixed entries name with "server:" 4 years ago
Felix Stupp 3d274d9996
dns/application: Fixed indent 4 years ago
Felix Stupp 93b5ba9e4b
misc/backup_files: Fixed conversion of timing data to str 4 years ago
Felix Stupp ddc1da5c3c
misc/backup_files: Use backup_name for name of tasks 4 years ago
Felix Stupp d1e14a9de9
misc/backup_files: Added & used variable for backup_target 
Ensures usage of backup_name insted of domain
 4 years ago
Felix Stupp b6d9b1deb5
dns/entries: Fixed reference to var dns_zone_domain 4 years ago
Felix Stupp 360172f8db
dns/master: Moved default tts var to global var 4 years ago
Felix Stupp 72ee42d539
dns/master: Allow configure default ttl 4 years ago
Felix Stupp 3008672ded
dns/master: Added section comments to zone.conf 4 years ago
Felix Stupp a41f4c1c3f
dns/master: Adapted generate-keys to inline-signing (only gen KSK) 4 years ago
Felix Stupp be6303576a
dns/application: Added configuration for session-key 4 years ago
Felix Stupp 49d53d0213
dns/application: Removed obsolete dnssec directives 4 years ago
Felix Stupp 0e96fcbe34
dns/application: Fixed defining role dependencies 4 years ago
Felix Stupp 99e58d4224
common: Added helper nsupdate_keygen 4 years ago
Felix Stupp 0b7e2cb923
dns/application: Changed vars in makefile to support further dest files 4 years ago
Felix Stupp 1ceb1999ff
common: Changed include_tasks to import_tasks 
To enable static instead of dynamic imports
 4 years ago
Felix Stupp 36da702163
nginx/application: Disable log for HTTPs forwarding 4 years ago
Felix Stupp d8405a223b
server/nextcloud: Added hint for source of var redis_socket_path 4 years ago
Felix Stupp d8421b49bb
server/gitea: Renamed var gitea_user_directory to user_directory 4 years ago
Felix Stupp fe0a677b13
git_auto_update: Used long parameters 4 years ago
Felix Stupp e30121cae2
git_auto_update: Improved comparism with GPG fingerprint 
Configured grep to compare againg fixed strings, not regexp
 4 years ago
Felix Stupp f2b6e41645
git_auto_update: Fixed default reload_command to "true" 
An empty default value would result in an error thrown.
 4 years ago
Felix Stupp 818515cc05
server/gitea: Reworked logging configuration to contain (only) required information 4 years ago
Felix Stupp 49dd6e4da1
server/gitea/app.ini: Removed not required log settings 4 years ago
Felix Stupp 072ace6438
server/gitea: Configured fail2ban protection 4 years ago
Felix Stupp d81f883e50
server/gitea: Disable colorizing logs for fail2ban 4 years ago
Felix Stupp d630988291
Added role fail2ban/rule 4 years ago
Felix Stupp 2eaf8034f7
server/gitea: Reconfigured log to be minimal and adapted to systemd 4 years ago
Felix Stupp 85028e1dcb
fail2ban/application: Moved service_name to global var 4 years ago
Felix Stupp 239ef3124e
fail2ban/application: Moved vars to global part 
Because paths are not user-configured but given by package/system
 4 years ago
Felix Stupp 66e38ebcde
server/nextcloud: Enabled APCu cache for cron job 4 years ago
Felix Stupp cf4a4863f4
server/nextcloud: Reformatted cron job line to meet format requirements 4 years ago
Felix Stupp c6a9c15e14
server/nextcloud: Enabled redis cache 4 years ago
Felix Stupp f3d7f2f8a2
Added roles for redis (application, instance) 4 years ago
Felix Stupp b5ca1ce80f
server/nextcloud: Renamed var nextcloud_user_directory to user_directory 4 years ago
Felix Stupp 8e22085ba7
server/nextcloud: Moved "config APCu cache" to "add add. entries" with blockinfile task 4 years ago
Felix Stupp d40a8cee92
server/nextcloud: Fixed changing configuration of nextcloud instance 
- Fixes configuring APCu cache
 4 years ago
Felix Stupp 5c374bc977
nginx/application: Added security relevant HTTP headers to global config 
Duplicates removed from server/nextcloud
 4 years ago
Felix Stupp fc2a098ff2
server/nextcloud: Fixed disallowing well-known as dot file 4 years ago
Felix Stupp 7889e10385
nginx/php-pool: Fixed default disabling of status_page_path 4 years ago
Felix Stupp b7d34b28ee
nginx/php: Made name of task more descriptive 4 years ago
Felix Stupp 9d8d041241
nginx/application: Fixed typo of "unnecessary" 4 years ago
Felix Stupp 28d49be899
server/nextcloud: Added support for php-fpm status page 4 years ago
Felix Stupp 458babf82c
nginx/php: Added support for php-fpm status page 4 years ago
Felix Stupp 2a672cb597
nginx/default_server: Extracted status_page_acl var 4 years ago
Felix Stupp ce55e33fda
nginx/php-pool: Added support for enabling status page 4 years ago
Felix Stupp e91f9d1a81
nginx/default_server: Hide status page by answering 403 always 4 years ago
Felix Stupp 74a62e861f
Added role nginx/default_server 
To prevent circular dependencies, role must be included manually on
required servers
 4 years ago
Felix Stupp 7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP 
Can be derived by given certificate for host
 4 years ago
Felix Stupp 48588ee0dd
server/spotme: Removed not required dependencies 4 years ago
Felix Stupp 647f112c2b
nginx/server: Extracted special pre directives into configurable vars 4 years ago
Felix Stupp 11814fe236
nginx/server: Added explicit dependency to nginx/application 4 years ago
Felix Stupp 61c7f72422
nginx/server: Removed ssl on directive 
Should no longer be used, listen + ssl marker is working as expected
 4 years ago
Felix Stupp fbca70f81f
dns/master: Create keys directory writeable for bind 
To apply KASP later
 4 years ago
Felix Stupp d73e250b36
dns/master: Changed owner and adapted permissions of zone directory 4 years ago
Felix Stupp 22fde40ac5
dns/application: Changed bind9 source to official source 4 years ago
Felix Stupp a51225ccc8
dns/application: Allowed bind using AppArmor to write temporary journal files 4 years ago
Felix Stupp 646e6d5c75
dns: Configured service name using global variable 4 years ago
Felix Stupp 77d1e84117
dns: Fixed variable structure of var domain_environment_directory 4 years ago
Felix Stupp be8418d546
misc/backup_files: Added variable backup_name as alternative of name by domain 4 years ago
Felix Stupp 12e47c19c9
all/vars: Added var global_log_directory 
Added usage in role nginx/application
 4 years ago
Felix Stupp 51404e3a3d
misc/system_user: Added output var system_user_info 4 years ago
Felix Stupp 08a37c6dab
nginx/application: Configure dhparams for SSL 4 years ago
Felix Stupp 586163c9d0
Added role misc/dhparams 4 years ago
Felix Stupp 6fbf62cddd
dns/application: Added zone.db.jnl files to allowed files for bind to write 4 years ago
Felix Stupp f2e669734b
common: Readd package acl 
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user

This reverts commit 3c7fb65ac9.
 4 years ago
Felix Stupp c258a5d1bb
server/minecraft: Add SRV dns entry 4 years ago
Felix Stupp 55b27c041b
dns: Extracted role entries from server_entries 4 years ago
Felix Stupp 39771c907f
dns/server_entries: Renamed var all_entries to entries 4 years ago
Felix Stupp 9d23e12a16
dns/master: Now considered vars for nameserver and mail to be absolute 
Meaning the var itself must not have a dot at the end of the name,
but an usage of the variable may need to append a dot.
 4 years ago
Felix Stupp 40c6a3ab0f
dns/server_entries: Allow duplicate execution of role 4 years ago
Felix Stupp 1958c4df54
dns: Renamed role entries to server_entries 
To distinguish between simple entries role (coming in the future) and
entries role bundled with server-related entries (A, AAAA, SSHFP)
 4 years ago
Felix Stupp 08fafbf98f
dns/entries: Fixed SYNC comment to role dns/master 4 years ago
Felix Stupp 9121fd2c37
server/tt-rss: Moved repo clone method to standardized release tags 4 years ago
Felix Stupp debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet 
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
 4 years ago
Felix Stupp cca87f6425
nginx/php: Changed global include to root include 
root snippet is there for file based servers, including php
 4 years ago
Felix Stupp f2c92e94e2
nginx: Moved index directive from root snippet to specific static role 4 years ago
Felix Stupp dd48448828
nginx/php: Removed debian-specific index file from config 4 years ago
Felix Stupp 58955871ad
nginx/application: Removed specfic exclusion of htaccess files 
Because dot files are already blocked in general
 4 years ago
Felix Stupp 9394b66f47
wireguard/application: Added sorting of peer files before combining 4 years ago
Felix Stupp e09fb25104
Added role misc/dnsmasq as dnssec resolver 4 years ago
Felix Stupp 2158b2717d
dns/master: Added support for dname to root zone 4 years ago
Felix Stupp 0b388a7e9a
git_auto_update: Added brackets for less ambiguity 4 years ago
Felix Stupp 9a8996d69e
git_auto_update: Increased check options for update script 4 years ago
Felix Stupp 2515ab82db
roles/nfs: Improved var usages 
- Extracted global_nfs_directory from default root_directory
- Added usage of export_path
 4 years ago
Felix Stupp 04c71a8611
common: ssh makefile: Sort part files before combining 4 years ago
Felix Stupp d09b7ea8c3
mysql: Configure mysql_user and mysql_password 4 years ago
Felix Stupp 164cdbbc79
common: Tagged ip blocklist for easier skipping 4 years ago
Felix Stupp 187f573d4f
common: Added pv to required common packages 4 years ago
Felix Stupp 424b85eec8
mysql/database: Added database_template function 4 years ago
Felix Stupp c6309b92ad
mysql/database: Documented database_user as required var 4 years ago
Felix Stupp a3eb7778a8
server/nextcloud: Add packages for SMB access 4 years ago
Felix Stupp 2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries 4 years ago
Felix Stupp 5a41a9afc9
acme/certificate: Document var domain as required 4 years ago
Felix Stupp b3620fa3c8
dns/application: makefile combine: Sort files before combining 
Ensures 0_main.db is before other files
 4 years ago
Felix Stupp 979abba1aa
Added role dns/entries for configuring dns entries 4 years ago
Felix Stupp eff48f1773
Changed approach for generating sshfp RR to lookup on python script 4 years ago
Felix Stupp 748999d36d
dns: Moved var zones_environment_directory to global vars 4 years ago
Felix Stupp f8c01d46f6
dns/master: Fix permissions for dns env dir 4 years ago
Felix Stupp bf00dcb6dd
dns/application: Moved var configuration_directory to global vars 4 years ago
Felix Stupp eb632a8f2c
dns/master: Store mapping of domain to host in public_keys 4 years ago
Felix Stupp 592bb483cf
common: Used variable global_ssh_key_directory for public_keys path 4 years ago
Felix Stupp c58223c21b
server/gitea: Disable logging of SQL requests 4 years ago
Felix Stupp 3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config 4 years ago
Felix Stupp 2526033405
fail2ban/application: Send log messages to journald 4 years ago
Felix Stupp 0043d6255a
nginx/application global.conf: Added comment to excluding hidden files 4 years ago
Felix Stupp 025f77736a
dns: Changed approach for DNSSEC signing to inline-signing 
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
  - Only combining of zone files and setting serial number
  - signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
 4 years ago
Felix Stupp 274f658016
nginx/php-pool: Fixed permissions for other 4 years ago
Felix Stupp e85ad8fed3
dns: Fixed applying permissions to directories 4 years ago
Felix Stupp c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK" 
Only required and beneficial for ZSK
 4 years ago
Felix Stupp 905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment 4 years ago
Felix Stupp 7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names 4 years ago
Felix Stupp 4e6df015f5
Added roles nfs/server and nfs/export 4 years ago
Felix Stupp 24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh" 4 years ago
Felix Stupp a03a335430
account: Added bmon to tools list 4 years ago
Felix Stupp a576893776
misc/docker: Install docker-compose bindings for python3 4 years ago
Felix Stupp b600f678ca
misc/docker: Install python3 docker bindings using package manager 4 years ago
Felix Stupp 8758553a02
common: Install explicit python3 interpreter 4 years ago
Felix Stupp 2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params 
To allow Ansible to validate the main config if placed on different
locations
 4 years ago
Felix Stupp ff7275cb60
server/{linx,spotme}: Removed default bind_port 4 years ago
Felix Stupp 4a186854cf
server/node: Renamed variable app_port to bind_port 4 years ago
Felix Stupp f6c1aff55a
server/spotme: Renamed variable spotme_port to bind_port 4 years ago
Felix Stupp 7e0df4abc5
Added variable local_user for user running playbook 
Useful if tasks store data on the local machine
 4 years ago
Felix Stupp 9d50f84321
server/firefox-sync: Changed remote repo url back to official repo 4 years ago
Felix Stupp f91f2bc325
Added role fail2ban/application 4 years ago
Felix Stupp c110a24e9f
common: sshd: Disable weak key algorithms 4 years ago
Felix Stupp 505c85eb11
common: Disable root login over ssh 4 years ago
Felix Stupp 651794a136
common: sshd: Disable X11 Forwarding globally 4 years ago
Felix Stupp baace3ce16
misc/handlers: Changed "restart ssh" to "reload ssh" 4 years ago
Felix Stupp 025d8a3256
Added role misc/ssh_tg_notify 
- Added role to common site
- Added variables required to global vars and vault
 4 years ago
Felix Stupp 69b884ad3f
bootstrap: Configure ssh key used to connect on new user 4 years ago
Felix Stupp f610812fc7
bootstrap: Ensure user has .ssh/authorized_keys before trying to copy 4 years ago
Felix Stupp 096554f37b
mqtt/user: Fixed usage of var user (before username) 4 years ago
Felix Stupp fe393bd246
mqtt/application: Enforce sort part files before combining for acl and auth 4 years ago
Felix Stupp 1a608ce172
mqtt/application: Remove config use_username_as_clientid 
Seems to block users with different username and clientid
 4 years ago
Felix Stupp e18f7f32e0
mqtt/application: Add paths for acl and auth files to config 4 years ago
Felix Stupp 46e932049e
mqtt/application: Allow root to read SYS topics 4 years ago
Felix Stupp b6de0c1a4d
mqtt/application: Fix usage of variable configuration_directory 4 years ago
Felix Stupp cf632d1a56
mqtt: Ensure create auth files before writing using mosquitto_passwd 
Fixes error on calling tool if file does not exist
 4 years ago
Felix Stupp 4b6cef5c10
mqtt/application: Notify handlers on change to makefile 4 years ago
Felix Stupp 82c7666ae8
mqtt/application: Fix port for mosquitto server 4 years ago
Felix Stupp 81dab362a6
misc/docker: Do not install recommended packages to fix issue on raspberry 4 years ago
Felix Stupp fcae6e8429
Added blocklist of known malicious ip addresses applied by role common 4 years ago
Felix Stupp f2c9b17194
Moved packages only required for admin account from role common to role account 4 years ago
Felix Stupp 25df92ee7b
common: Removed package buffer 
Replaced by pv integrated buffering
which supports greater limits.
 4 years ago
Felix Stupp e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https 4 years ago
Felix Stupp 3c7fb65ac9
common: Removed package acl 
Not installable on Raspbian and also not used on any Debian system
 4 years ago
Felix Stupp 9e8d1b5220
common: Fix applying sources.list for different distributions 4 years ago
Felix Stupp b3f05edb6f
account: Added exa to packages 4 years ago
Felix Stupp 8ebe8aecfb
nginx/application: Hide server tokens per default 4 years ago
Felix Stupp 69dfba9911
mqtt/application: Added linking of configuration directory to environment 4 years ago
Felix Stupp 18832f4eb0
mqtt/application: Fixed names of variables admin_{user,pass} 4 years ago
Felix Stupp 9dc203621e
mqtt: Fixed wording 'notifiy' to 'notify' 4 years ago
Felix Stupp 0b69a41ebc
Added roles mqtt/application and mqtt/user 4 years ago
Felix Stupp ab1a067cff
dns/master: Added flush_handlers before role ends 4 years ago
Felix Stupp 371b1d5751
dns/application: Fixed permissions for zone databases directories 4 years ago
Felix Stupp 64576c8ff5
dns/master: zone.makefile: Added cd to key signing 4 years ago
Felix Stupp ab61090340
dns/master: zone.makefile: Added check for directories not equal 4 years ago
Felix Stupp bb8a2759ec
dns/master: zone.makefile: Changed usage of var dest 4 years ago
Felix Stupp d052a08f0d
dns/master: zone.makefile: Fixed format 4 years ago
Felix Stupp ebbacdce0c
dns/master: Added dependency to role dns/master_handlers 4 years ago
Felix Stupp 73c9a72590
dns: Fixed usages of var dns_zones_configuration_environment_directory 4 years ago
Felix Stupp 0662df1ca5
dns/master: Let serial number configured by dnssec-signzone 4 years ago
Felix Stupp d8f1b36ee1
dns/master: Moved building of zone files to makefile 4 years ago
Felix Stupp 208e277e79
Added role dns/master_handlers for makefile handler 4 years ago
Felix Stupp d7991e0bbb
dns/master: Added configuring configuration environment 4 years ago
Felix Stupp 5627a36949
dns/master: Extracted database_signed_file_name of database_signed_file 4 years ago
Felix Stupp a206642f77
dns/master: Extracted database_file_name of database_file 4 years ago
Felix Stupp 36bf7f9d18
dns/master: Declared var domain to be required 4 years ago
Felix Stupp 141d343d6d
Extracted dns/handlers out of dns/applications 4 years ago
Felix Stupp 8e95846002
dns/master: Added create zone environment directory 4 years ago
Felix Stupp de2bfe430c
dns/master: Rewrite create zone directories using loop 4 years ago
Felix Stupp 065050d5c2
dns/application: Added zone configuration environment directory 4 years ago
Felix Stupp 479430a9e9
dns/application: Reconfigured creating zone directories using loop 4 years ago
Felix Stupp 19b5fb3f9e
dns/application: Configured directory permissions for zones directory 4 years ago
Felix Stupp 8aacd27f31
dns/application: Configured group owner for bind main configuration 4 years ago
Felix Stupp c8dc602f09
account: Configure sudo insults 4 years ago
Felix Stupp ff3d6cba8e
Added group os_raspbian 4 years ago
Felix Stupp 78032d343f
common: Made sources.list dependent of distribution 4 years ago
Felix Stupp 5555c86357
server/gitea: Reworked configuration with defaults 4 years ago
Felix Stupp a9798fedc8
server/gitea: Fixed output of wget in update script 4 years ago
Felix Stupp e9db3d7d56
misc/backup: Secured shell commands for file backups 4 years ago