Felix Stupp
77d1e84117
dns: Fixed variable structure of var domain_environment_directory
5 years ago
Felix Stupp
be8418d546
misc/backup_files: Added variable backup_name as alternative of name by domain
5 years ago
Felix Stupp
12e47c19c9
all/vars: Added var global_log_directory
...
Added usage in role nginx/application
5 years ago
Felix Stupp
51404e3a3d
misc/system_user: Added output var system_user_info
5 years ago
Felix Stupp
08a37c6dab
nginx/application: Configure dhparams for SSL
5 years ago
Felix Stupp
586163c9d0
Added role misc/dhparams
5 years ago
Felix Stupp
6fbf62cddd
dns/application: Added zone.db.jnl files to allowed files for bind to write
5 years ago
Felix Stupp
f2e669734b
common: Readd package acl
...
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user
This reverts commit 3c7fb65ac9
.
5 years ago
Felix Stupp
c258a5d1bb
server/minecraft: Add SRV dns entry
5 years ago
Felix Stupp
55b27c041b
dns: Extracted role entries from server_entries
5 years ago
Felix Stupp
39771c907f
dns/server_entries: Renamed var all_entries to entries
5 years ago
Felix Stupp
9d23e12a16
dns/master: Now considered vars for nameserver and mail to be absolute
...
Meaning the var itself must not have a dot at the end of the name,
but an usage of the variable may need to append a dot.
5 years ago
Felix Stupp
40c6a3ab0f
dns/server_entries: Allow duplicate execution of role
5 years ago
Felix Stupp
1958c4df54
dns: Renamed role entries to server_entries
...
To distinguish between simple entries role (coming in the future) and
entries role bundled with server-related entries (A, AAAA, SSHFP)
5 years ago
Felix Stupp
08fafbf98f
dns/entries: Fixed SYNC comment to role dns/master
5 years ago
Felix Stupp
9121fd2c37
server/tt-rss: Moved repo clone method to standardized release tags
5 years ago
Felix Stupp
debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
...
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
5 years ago
Felix Stupp
cca87f6425
nginx/php: Changed global include to root include
...
root snippet is there for file based servers, including php
5 years ago
Felix Stupp
f2c92e94e2
nginx: Moved index directive from root snippet to specific static role
5 years ago
Felix Stupp
dd48448828
nginx/php: Removed debian-specific index file from config
5 years ago
Felix Stupp
58955871ad
nginx/application: Removed specfic exclusion of htaccess files
...
Because dot files are already blocked in general
5 years ago
Felix Stupp
9394b66f47
wireguard/application: Added sorting of peer files before combining
5 years ago
Felix Stupp
e09fb25104
Added role misc/dnsmasq as dnssec resolver
5 years ago
Felix Stupp
2158b2717d
dns/master: Added support for dname to root zone
5 years ago
Felix Stupp
0b388a7e9a
git_auto_update: Added brackets for less ambiguity
5 years ago
Felix Stupp
9a8996d69e
git_auto_update: Increased check options for update script
5 years ago
Felix Stupp
2515ab82db
roles/nfs: Improved var usages
...
- Extracted global_nfs_directory from default root_directory
- Added usage of export_path
5 years ago
Felix Stupp
04c71a8611
common: ssh makefile: Sort part files before combining
5 years ago
Felix Stupp
d09b7ea8c3
mysql: Configure mysql_user and mysql_password
5 years ago
Felix Stupp
164cdbbc79
common: Tagged ip blocklist for easier skipping
5 years ago
Felix Stupp
187f573d4f
common: Added pv to required common packages
5 years ago
Felix Stupp
424b85eec8
mysql/database: Added database_template function
5 years ago
Felix Stupp
c6309b92ad
mysql/database: Documented database_user as required var
5 years ago
Felix Stupp
a3eb7778a8
server/nextcloud: Add packages for SMB access
5 years ago
Felix Stupp
2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries
5 years ago
Felix Stupp
5a41a9afc9
acme/certificate: Document var domain as required
5 years ago
Felix Stupp
b3620fa3c8
dns/application: makefile combine: Sort files before combining
...
Ensures 0_main.db is before other files
5 years ago
Felix Stupp
979abba1aa
Added role dns/entries for configuring dns entries
5 years ago
Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
5 years ago
Felix Stupp
748999d36d
dns: Moved var zones_environment_directory to global vars
5 years ago
Felix Stupp
f8c01d46f6
dns/master: Fix permissions for dns env dir
5 years ago
Felix Stupp
bf00dcb6dd
dns/application: Moved var configuration_directory to global vars
5 years ago
Felix Stupp
eb632a8f2c
dns/master: Store mapping of domain to host in public_keys
5 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
5 years ago
Felix Stupp
c58223c21b
server/gitea: Disable logging of SQL requests
5 years ago
Felix Stupp
3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config
5 years ago
Felix Stupp
2526033405
fail2ban/application: Send log messages to journald
5 years ago
Felix Stupp
0043d6255a
nginx/application global.conf: Added comment to excluding hidden files
5 years ago
Felix Stupp
025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
...
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
- Only combining of zone files and setting serial number
- signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
5 years ago
Felix Stupp
274f658016
nginx/php-pool: Fixed permissions for other
5 years ago