921 Commits (2e71da368b18bbe04664155570df6ac7161e7753)
 

Author SHA1 Message Date
Felix Stupp d630988291
Added role fail2ban/rule 5 years ago
Felix Stupp 2eaf8034f7
server/gitea: Reconfigured log to be minimal and adapted to systemd 5 years ago
Felix Stupp 85028e1dcb
fail2ban/application: Moved service_name to global var 5 years ago
Felix Stupp 239ef3124e
fail2ban/application: Moved vars to global part
Because paths are not user-configured but given by package/system
5 years ago
Felix Stupp 66e38ebcde
server/nextcloud: Enabled APCu cache for cron job 5 years ago
Felix Stupp cf4a4863f4
server/nextcloud: Reformatted cron job line to meet format requirements 5 years ago
Felix Stupp c6a9c15e14
server/nextcloud: Enabled redis cache 5 years ago
Felix Stupp f3d7f2f8a2
Added roles for redis (application, instance) 5 years ago
Felix Stupp b5ca1ce80f
server/nextcloud: Renamed var nextcloud_user_directory to user_directory 5 years ago
Felix Stupp 8e22085ba7
server/nextcloud: Moved "config APCu cache" to "add add. entries" with blockinfile task 5 years ago
Felix Stupp d59f4914b6
hosts.py: Added missing json.dumps 5 years ago
Felix Stupp d40a8cee92
server/nextcloud: Fixed changing configuration of nextcloud instance
- Fixes configuring APCu cache
5 years ago
Felix Stupp 5c374bc977
nginx/application: Added security relevant HTTP headers to global config
Duplicates removed from server/nextcloud
5 years ago
Felix Stupp fc2a098ff2
server/nextcloud: Fixed disallowing well-known as dot file 5 years ago
Felix Stupp 7889e10385
nginx/php-pool: Fixed default disabling of status_page_path 5 years ago
Felix Stupp 788d259f85
all/vars: nginx_status_page_acl: Added public addresses of host 5 years ago
Felix Stupp 8f25d008a9
var: nginx_status_page_acl: Fixed localhost ipv4 address range 5 years ago
Felix Stupp b7d34b28ee
nginx/php: Made name of task more descriptive 5 years ago
Felix Stupp 9d8d041241
nginx/application: Fixed typo of "unnecessary" 5 years ago
Felix Stupp 28d49be899
server/nextcloud: Added support for php-fpm status page 5 years ago
Felix Stupp 458babf82c
nginx/php: Added support for php-fpm status page 5 years ago
Felix Stupp 2a672cb597
nginx/default_server: Extracted status_page_acl var 5 years ago
Felix Stupp ce55e33fda
nginx/php-pool: Added support for enabling status page 5 years ago
Felix Stupp e91f9d1a81
nginx/default_server: Hide status page by answering 403 always 5 years ago
Felix Stupp 74a62e861f
Added role nginx/default_server
To prevent circular dependencies, role must be included manually on
required servers
5 years ago
Felix Stupp 7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP
Can be derived by given certificate for host
5 years ago
Felix Stupp 48588ee0dd
server/spotme: Removed not required dependencies 5 years ago
Felix Stupp 647f112c2b
nginx/server: Extracted special pre directives into configurable vars 5 years ago
Felix Stupp 11814fe236
nginx/server: Added explicit dependency to nginx/application 5 years ago
Felix Stupp 61c7f72422
nginx/server: Removed ssl on directive
Should no longer be used, listen + ssl marker is working as expected
5 years ago
Felix Stupp fbca70f81f
dns/master: Create keys directory writeable for bind
To apply KASP later
5 years ago
Felix Stupp d73e250b36
dns/master: Changed owner and adapted permissions of zone directory 5 years ago
Felix Stupp 22fde40ac5
dns/application: Changed bind9 source to official source 5 years ago
Felix Stupp 415b107bbc
vscode configuration: Fixed path to python3 executable for syntax check 5 years ago
Felix Stupp a51225ccc8
dns/application: Allowed bind using AppArmor to write temporary journal files 5 years ago
Felix Stupp 3932501d54
playbooks/dns: Fixed mx records for secondary domains 5 years ago
Felix Stupp 646e6d5c75
dns: Configured service name using global variable 5 years ago
Felix Stupp 77d1e84117
dns: Fixed variable structure of var domain_environment_directory 5 years ago
Felix Stupp be8418d546
misc/backup_files: Added variable backup_name as alternative of name by domain 5 years ago
Felix Stupp 12e47c19c9
all/vars: Added var global_log_directory
Added usage in role nginx/application
5 years ago
Felix Stupp 95db4cad65
nvak: Configured turnips.banananet.work 5 years ago
Felix Stupp 51404e3a3d
misc/system_user: Added output var system_user_info 5 years ago
Felix Stupp 08a37c6dab
nginx/application: Configure dhparams for SSL 5 years ago
Felix Stupp 586163c9d0
Added role misc/dhparams 5 years ago
Felix Stupp 69a0b5fd69
nvak: Added forwarding of www.banananet.work to main site 5 years ago
Felix Stupp ab13a1272f
playbooks/group_bwcloud: Configure preserve hostname for cloud-kernel 5 years ago
Felix Stupp 6fbf62cddd
dns/application: Added zone.db.jnl files to allowed files for bind to write 5 years ago
Felix Stupp f2e669734b
common: Readd package acl
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user

This reverts commit 3c7fb65ac9.
5 years ago
Felix Stupp c258a5d1bb
server/minecraft: Add SRV dns entry 5 years ago
Felix Stupp c3f85bc8e0
playbooks/dns: Removed test mail dns records
can be added by specific mail roles
5 years ago