Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
5 years ago
Felix Stupp
748999d36d
dns: Moved var zones_environment_directory to global vars
5 years ago
Felix Stupp
f8c01d46f6
dns/master: Fix permissions for dns env dir
5 years ago
Felix Stupp
bf00dcb6dd
dns/application: Moved var configuration_directory to global vars
5 years ago
Felix Stupp
eb632a8f2c
dns/master: Store mapping of domain to host in public_keys
5 years ago
Felix Stupp
499e48c208
site: Extracted playbook local.yml
5 years ago
Felix Stupp
7b2d1f90a6
all vars: Added separating space before ssh public_keys directories
5 years ago
Felix Stupp
5e139bc638
public_keys: Allow scripts in gitignore for usage in Ansible
5 years ago
Felix Stupp
9cac16e5af
public_keys: Added README
5 years ago
Felix Stupp
02fe2cfbc6
gitignore: Allow README files in fact directories
5 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
5 years ago
Felix Stupp
c58223c21b
server/gitea: Disable logging of SQL requests
5 years ago
Felix Stupp
3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config
5 years ago
Felix Stupp
2526033405
fail2ban/application: Send log messages to journald
5 years ago
Felix Stupp
55db427c95
blocklists/ipv4: Added North Korean IP subnets
5 years ago
Felix Stupp
8c69ef1611
blocklists/append_ipv4: Added support for ips with CIDR notation
5 years ago
Felix Stupp
0043d6255a
nginx/application global.conf: Added comment to excluding hidden files
5 years ago
Felix Stupp
025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
...
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
- Only combining of zone files and setting serial number
- signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
5 years ago
Felix Stupp
274f658016
nginx/php-pool: Fixed permissions for other
5 years ago
Felix Stupp
e85ad8fed3
dns: Fixed applying permissions to directories
5 years ago
Felix Stupp
c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK"
...
Only required and beneficial for ZSK
5 years ago
Felix Stupp
905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment
5 years ago
Felix Stupp
7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names
5 years ago
Felix Stupp
4e6df015f5
Added roles nfs/server and nfs/export
5 years ago
Felix Stupp
24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh"
5 years ago
Felix Stupp
a03a335430
account: Added bmon to tools list
5 years ago
Felix Stupp
a576893776
misc/docker: Install docker-compose bindings for python3
5 years ago
Felix Stupp
b600f678ca
misc/docker: Install python3 docker bindings using package manager
5 years ago
Felix Stupp
6ce23c8a64
group os_debian: Force python3 interpreter to be used
5 years ago
Felix Stupp
8758553a02
common: Install explicit python3 interpreter
5 years ago
Felix Stupp
2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
...
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp
ff7275cb60
server/{linx,spotme}: Removed default bind_port
5 years ago
Felix Stupp
4a186854cf
server/node: Renamed variable app_port to bind_port
5 years ago
Felix Stupp
f6c1aff55a
server/spotme: Renamed variable spotme_port to bind_port
5 years ago
Felix Stupp
7e0df4abc5
Added variable local_user for user running playbook
...
Useful if tasks store data on the local machine
5 years ago
Felix Stupp
192a9c8b86
cloud.banananet.work: Removed preconfiguring admin password
5 years ago
Felix Stupp
9d50f84321
server/firefox-sync: Changed remote repo url back to official repo
5 years ago
Felix Stupp
90bf46bde6
global vars: Added var for username "zocker"
5 years ago
Felix Stupp
373f59e7a4
misc/blocklist/ipv4: Expanded by new ips
5 years ago
Felix Stupp
b74029ec7b
site: Added fail2ban/application as default role for all hosts
5 years ago
Felix Stupp
f91f2bc325
Added role fail2ban/application
5 years ago
Felix Stupp
c110a24e9f
common: sshd: Disable weak key algorithms
5 years ago
Felix Stupp
505c85eb11
common: Disable root login over ssh
5 years ago
Felix Stupp
651794a136
common: sshd: Disable X11 Forwarding globally
5 years ago
Felix Stupp
baace3ce16
misc/handlers: Changed "restart ssh" to "reload ssh"
5 years ago
Felix Stupp
025d8a3256
Added role misc/ssh_tg_notify
...
- Added role to common site
- Added variables required to global vars and vault
5 years ago
Felix Stupp
69b884ad3f
bootstrap: Configure ssh key used to connect on new user
5 years ago
Felix Stupp
f610812fc7
bootstrap: Ensure user has .ssh/authorized_keys before trying to copy
5 years ago
Felix Stupp
096554f37b
mqtt/user: Fixed usage of var user (before username)
5 years ago
Felix Stupp
fe393bd246
mqtt/application: Enforce sort part files before combining for acl and auth
5 years ago