874 Commits (52c03dc9d249f48cbba0ef5f8415925c65bc783c)
 

Author SHA1 Message Date
Felix Stupp eff48f1773
Changed approach for generating sshfp RR to lookup on python script 5 years ago
Felix Stupp 748999d36d
dns: Moved var zones_environment_directory to global vars 5 years ago
Felix Stupp f8c01d46f6
dns/master: Fix permissions for dns env dir 5 years ago
Felix Stupp bf00dcb6dd
dns/application: Moved var configuration_directory to global vars 5 years ago
Felix Stupp eb632a8f2c
dns/master: Store mapping of domain to host in public_keys 5 years ago
Felix Stupp 499e48c208
site: Extracted playbook local.yml 5 years ago
Felix Stupp 7b2d1f90a6
all vars: Added separating space before ssh public_keys directories 5 years ago
Felix Stupp 5e139bc638
public_keys: Allow scripts in gitignore for usage in Ansible 5 years ago
Felix Stupp 9cac16e5af
public_keys: Added README 5 years ago
Felix Stupp 02fe2cfbc6
gitignore: Allow README files in fact directories 5 years ago
Felix Stupp 592bb483cf
common: Used variable global_ssh_key_directory for public_keys path 5 years ago
Felix Stupp c58223c21b
server/gitea: Disable logging of SQL requests 5 years ago
Felix Stupp 3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config 5 years ago
Felix Stupp 2526033405
fail2ban/application: Send log messages to journald 5 years ago
Felix Stupp 55db427c95
blocklists/ipv4: Added North Korean IP subnets 5 years ago
Felix Stupp 8c69ef1611
blocklists/append_ipv4: Added support for ips with CIDR notation 5 years ago
Felix Stupp 0043d6255a
nginx/application global.conf: Added comment to excluding hidden files 5 years ago
Felix Stupp 025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
  - Only combining of zone files and setting serial number
  - signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
5 years ago
Felix Stupp 274f658016
nginx/php-pool: Fixed permissions for other 5 years ago
Felix Stupp e85ad8fed3
dns: Fixed applying permissions to directories 5 years ago
Felix Stupp c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK"
Only required and beneficial for ZSK
5 years ago
Felix Stupp 905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment 5 years ago
Felix Stupp 7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names 5 years ago
Felix Stupp 4e6df015f5
Added roles nfs/server and nfs/export 5 years ago
Felix Stupp 24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh" 5 years ago
Felix Stupp a03a335430
account: Added bmon to tools list 5 years ago
Felix Stupp a576893776
misc/docker: Install docker-compose bindings for python3 5 years ago
Felix Stupp b600f678ca
misc/docker: Install python3 docker bindings using package manager 5 years ago
Felix Stupp 6ce23c8a64
group os_debian: Force python3 interpreter to be used 5 years ago
Felix Stupp 8758553a02
common: Install explicit python3 interpreter 5 years ago
Felix Stupp 2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp ff7275cb60
server/{linx,spotme}: Removed default bind_port 5 years ago
Felix Stupp 4a186854cf
server/node: Renamed variable app_port to bind_port 5 years ago
Felix Stupp f6c1aff55a
server/spotme: Renamed variable spotme_port to bind_port 5 years ago
Felix Stupp 7e0df4abc5
Added variable local_user for user running playbook
Useful if tasks store data on the local machine
5 years ago
Felix Stupp 192a9c8b86
cloud.banananet.work: Removed preconfiguring admin password 5 years ago
Felix Stupp 9d50f84321
server/firefox-sync: Changed remote repo url back to official repo 5 years ago
Felix Stupp 90bf46bde6
global vars: Added var for username "zocker" 5 years ago
Felix Stupp 373f59e7a4
misc/blocklist/ipv4: Expanded by new ips 5 years ago
Felix Stupp b74029ec7b
site: Added fail2ban/application as default role for all hosts 5 years ago
Felix Stupp f91f2bc325
Added role fail2ban/application 5 years ago
Felix Stupp c110a24e9f
common: sshd: Disable weak key algorithms 5 years ago
Felix Stupp 505c85eb11
common: Disable root login over ssh 5 years ago
Felix Stupp 651794a136
common: sshd: Disable X11 Forwarding globally 5 years ago
Felix Stupp baace3ce16
misc/handlers: Changed "restart ssh" to "reload ssh" 5 years ago
Felix Stupp 025d8a3256
Added role misc/ssh_tg_notify
- Added role to common site
- Added variables required to global vars and vault
5 years ago
Felix Stupp 69b884ad3f
bootstrap: Configure ssh key used to connect on new user 5 years ago
Felix Stupp f610812fc7
bootstrap: Ensure user has .ssh/authorized_keys before trying to copy 5 years ago
Felix Stupp 096554f37b
mqtt/user: Fixed usage of var user (before username) 5 years ago
Felix Stupp fe393bd246
mqtt/application: Enforce sort part files before combining for acl and auth 5 years ago