banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity
899 Commits
3 Branches
0 Tags
1.7 MiB
master
dehydrated
wip
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '98b7b55a53'
${ noResults }
Commit Graph

656 Commits (98b7b55a53c945f4fa4f271bf2fe7916e18f3be3)

Author SHA1 Message Date
Felix Stupp 427541311a
account: Added validate for sudoers insults config 4 years ago
Felix Stupp dfe801631c
account: Fixed mode for sudo insults config 4 years ago
Felix Stupp 6b40c8d8aa
nfs/export: Use systemd_escape_mount instead of custom regex_replace 4 years ago
Felix Stupp e93c11f0d7
Added shellcheck for script validations 4 years ago
Felix Stupp 34614b7d6a
server/linx: update: Changed installed version detection to use zero-lines 4 years ago
Felix Stupp 7d2f8d32d0
server/linx: update: Combined two comment sections 4 years ago
Felix Stupp 69172f0145
server/gitea: update: Improved shell configuration to detect errors 4 years ago
Felix Stupp 90a2a41d7c
server/gitea: update.sh: Improved usage of quotation markers 4 years ago
Felix Stupp f8cd2a6f60
misc/ssh_tg_notify: Used [[ instead of [ for if expression 4 years ago
Felix Stupp 3bc9c9360d
common: backup_autoremove: Improved script quality 4 years ago
Felix Stupp 6c7f35075b
git_auto_update: Added check if no update is required 4 years ago
Felix Stupp 092526315c
git_auto_update: Added check for if no release tag can't be found 4 years ago
Felix Stupp f88b36fd1e
git_auto_update: Added and used error function 4 years ago
Felix Stupp 15d80c8d43
git_auto_update: Changed message for failed reload_command 4 years ago
Felix Stupp a7a5bf00e8
git_auto_update: update.sh: Set git reset to be quiet 4 years ago
Felix Stupp 376de41b51
git_auto_update: Allow changing remote url 4 years ago
Felix Stupp 6c1beee210
git_auto_update: update.sh: Moved set command to beginning 4 years ago
Felix Stupp 44b5fdcbb0
git_auto_update: Added support for submodules 4 years ago
Felix Stupp 58dfab8529
nginx: Tagged tasks using certificate information 4 years ago
Felix Stupp 75e0dc0d1a
misc/system_user: Added tag always to task exporting variables 4 years ago
Felix Stupp 15a6cb1ff9
acme/certificate: Renamed tag for certificate tasks 4 years ago
Felix Stupp 482200821e
acme/certificate: Defined must-staple optional for certificate 4 years ago
Felix Stupp c66dbe42c4
acme/certificate: Use certificate_name for task name 4 years ago
Felix Stupp 6ecf4426e2
Added role misc/deb_backports 4 years ago
Felix Stupp 7638b6f86c
nginx/php-pool: Added configuration for allow_overwrite_include 4 years ago
Felix Stupp 3ab19950c4
nginx/php-pool: Fixed memory_limit default to avoid overwrite by roles before 4 years ago
Felix Stupp ef53197925
misc/system_user: Configured allow_duplicates to true 4 years ago
Felix Stupp 8443555583
nginx/application: Changed port numbers to string 
To avoid conversion warning of ansible
 4 years ago
Felix Stupp 8dd14a365d
misc/backup_files: Replaced old usages of domain with backup_name 4 years ago
Felix Stupp 9462e70ea1
server/spotme: Moved service envs to extra file 
Otherwise all users would be able to extract data using systemctl show
 4 years ago
Felix Stupp 07004c3717
server/tt-rss: Moved service envs in extra file 
Otherwise all users would be able to extract data using systemctl show
 4 years ago
Felix Stupp 9e04a7b39b
server/node: Moved private envs to extra file 
Otherwise all users would be able to extract data using systemctl show
 4 years ago
Felix Stupp 62758cac7c
mysql: Extracted mysql_socket_path into global var 4 years ago
Felix Stupp f91ef20682
server/gitea: Fixed quoting of vars for update script 4 years ago
Felix Stupp 58749bcc43
acme/certificate: Fixed quoting of nginx_service_name 4 years ago
Felix Stupp a9c8fd9af3
Moved var nginx_installation_directory to global vars 4 years ago
Felix Stupp b1a93849a1
Moved var nginx_system_user to global vars 4 years ago
Felix Stupp 34b867994c
nginx/proxy: Moved directives var to defaults 
Overwrites directives in default of following roles
 4 years ago
Felix Stupp be218e813e
node/application: Removed not neccessary register and when construct 4 years ago
Felix Stupp 4f9cf49f6c
dns/handlers merged into dns/application 4 years ago
Felix Stupp f46e51115e
acme: Changed underlying package from acme.sh to certbot 4 years ago
Felix Stupp 0f57d44bb1
acme/certificate: Renamed certificate_location to fullchain_location 4 years ago
Felix Stupp 55451f321a
acme,nginx: Reversed dependency to match real dependency 4 years ago
Felix Stupp 9ad4ada018
acme,nginx: Renamed var for validation root to acme prefix 4 years ago
Felix Stupp d48d4885d7
Extracted admin_mail into global var 4 years ago
Felix Stupp 6dcea566d6
acme/certificate: Removed invalid --ecc parameter 4 years ago
Felix Stupp 0e49941e1a
acme/certificate: Fixed quoting for acme.sh commands 4 years ago
Felix Stupp 98b7f4744e
Extracted service_name of nginx to global var 4 years ago
Felix Stupp 9fa36a210f
acme/certificate: Changed default reload command to "reload nginx" 4 years ago
Felix Stupp 45645de557
Moved conversion from domain to username into filter with shorts table 4 years ago
Felix Stupp 00ef0cd61a
server/gitea: Changed default database_user to system_user 
To be equal to other server roles
 4 years ago
Felix Stupp 67308818f5
server/minecraft: Changed dns entries format to new one 4 years ago
Felix Stupp 829d67f0b8
nginx/static: Moved directives into var 4 years ago
Felix Stupp 08d3382528
nginx/static: Fix indention for location 4 years ago
Felix Stupp b0cc2b8ca1
dns/master: Make backups of dynamic zone data 4 years ago
Felix Stupp ae42f963a2
dns: Transfered master zones from makefile approach to dynamic updates approach 4 years ago
Felix Stupp 0232319ccd
dns/master: Configured dnssec-policy for automatic KASP 4 years ago
Felix Stupp ae995dec67
dns/entries: Prefixed entries name with "server:" 4 years ago
Felix Stupp 3d274d9996
dns/application: Fixed indent 4 years ago
Felix Stupp 93b5ba9e4b
misc/backup_files: Fixed conversion of timing data to str 4 years ago
Felix Stupp ddc1da5c3c
misc/backup_files: Use backup_name for name of tasks 4 years ago
Felix Stupp d1e14a9de9
misc/backup_files: Added & used variable for backup_target 
Ensures usage of backup_name insted of domain
 4 years ago
Felix Stupp b6d9b1deb5
dns/entries: Fixed reference to var dns_zone_domain 4 years ago
Felix Stupp 360172f8db
dns/master: Moved default tts var to global var 4 years ago
Felix Stupp 72ee42d539
dns/master: Allow configure default ttl 4 years ago
Felix Stupp 3008672ded
dns/master: Added section comments to zone.conf 4 years ago
Felix Stupp a41f4c1c3f
dns/master: Adapted generate-keys to inline-signing (only gen KSK) 4 years ago
Felix Stupp be6303576a
dns/application: Added configuration for session-key 4 years ago
Felix Stupp 49d53d0213
dns/application: Removed obsolete dnssec directives 4 years ago
Felix Stupp 0e96fcbe34
dns/application: Fixed defining role dependencies 4 years ago
Felix Stupp 99e58d4224
common: Added helper nsupdate_keygen 4 years ago
Felix Stupp 0b7e2cb923
dns/application: Changed vars in makefile to support further dest files 4 years ago
Felix Stupp 1ceb1999ff
common: Changed include_tasks to import_tasks 
To enable static instead of dynamic imports
 4 years ago
Felix Stupp 36da702163
nginx/application: Disable log for HTTPs forwarding 4 years ago
Felix Stupp d8405a223b
server/nextcloud: Added hint for source of var redis_socket_path 5 years ago
Felix Stupp d8421b49bb
server/gitea: Renamed var gitea_user_directory to user_directory 5 years ago
Felix Stupp fe0a677b13
git_auto_update: Used long parameters 5 years ago
Felix Stupp e30121cae2
git_auto_update: Improved comparism with GPG fingerprint 
Configured grep to compare againg fixed strings, not regexp
 5 years ago
Felix Stupp f2b6e41645
git_auto_update: Fixed default reload_command to "true" 
An empty default value would result in an error thrown.
 5 years ago
Felix Stupp 818515cc05
server/gitea: Reworked logging configuration to contain (only) required information 5 years ago
Felix Stupp 49dd6e4da1
server/gitea/app.ini: Removed not required log settings 5 years ago
Felix Stupp 072ace6438
server/gitea: Configured fail2ban protection 5 years ago
Felix Stupp d81f883e50
server/gitea: Disable colorizing logs for fail2ban 5 years ago
Felix Stupp d630988291
Added role fail2ban/rule 5 years ago
Felix Stupp 2eaf8034f7
server/gitea: Reconfigured log to be minimal and adapted to systemd 5 years ago
Felix Stupp 85028e1dcb
fail2ban/application: Moved service_name to global var 5 years ago
Felix Stupp 239ef3124e
fail2ban/application: Moved vars to global part 
Because paths are not user-configured but given by package/system
 5 years ago
Felix Stupp 66e38ebcde
server/nextcloud: Enabled APCu cache for cron job 5 years ago
Felix Stupp cf4a4863f4
server/nextcloud: Reformatted cron job line to meet format requirements 5 years ago
Felix Stupp c6a9c15e14
server/nextcloud: Enabled redis cache 5 years ago
Felix Stupp f3d7f2f8a2
Added roles for redis (application, instance) 5 years ago
Felix Stupp b5ca1ce80f
server/nextcloud: Renamed var nextcloud_user_directory to user_directory 5 years ago
Felix Stupp 8e22085ba7
server/nextcloud: Moved "config APCu cache" to "add add. entries" with blockinfile task 5 years ago
Felix Stupp d40a8cee92
server/nextcloud: Fixed changing configuration of nextcloud instance 
- Fixes configuring APCu cache
 5 years ago
Felix Stupp 5c374bc977
nginx/application: Added security relevant HTTP headers to global config 
Duplicates removed from server/nextcloud
 5 years ago
Felix Stupp fc2a098ff2
server/nextcloud: Fixed disallowing well-known as dot file 5 years ago
Felix Stupp 7889e10385
nginx/php-pool: Fixed default disabling of status_page_path 5 years ago
Felix Stupp b7d34b28ee
nginx/php: Made name of task more descriptive 5 years ago
Felix Stupp 9d8d041241
nginx/application: Fixed typo of "unnecessary" 5 years ago
Felix Stupp 28d49be899
server/nextcloud: Added support for php-fpm status page 5 years ago
Felix Stupp 458babf82c
nginx/php: Added support for php-fpm status page 5 years ago
Felix Stupp 2a672cb597
nginx/default_server: Extracted status_page_acl var 5 years ago
Felix Stupp ce55e33fda
nginx/php-pool: Added support for enabling status page 5 years ago
Felix Stupp e91f9d1a81
nginx/default_server: Hide status page by answering 403 always 5 years ago
Felix Stupp 74a62e861f
Added role nginx/default_server 
To prevent circular dependencies, role must be included manually on
required servers
 5 years ago
Felix Stupp 7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP 
Can be derived by given certificate for host
 5 years ago
Felix Stupp 48588ee0dd
server/spotme: Removed not required dependencies 5 years ago
Felix Stupp 647f112c2b
nginx/server: Extracted special pre directives into configurable vars 5 years ago
Felix Stupp 11814fe236
nginx/server: Added explicit dependency to nginx/application 5 years ago
Felix Stupp 61c7f72422
nginx/server: Removed ssl on directive 
Should no longer be used, listen + ssl marker is working as expected
 5 years ago
Felix Stupp fbca70f81f
dns/master: Create keys directory writeable for bind 
To apply KASP later
 5 years ago
Felix Stupp d73e250b36
dns/master: Changed owner and adapted permissions of zone directory 5 years ago
Felix Stupp 22fde40ac5
dns/application: Changed bind9 source to official source 5 years ago
Felix Stupp a51225ccc8
dns/application: Allowed bind using AppArmor to write temporary journal files 5 years ago
Felix Stupp 646e6d5c75
dns: Configured service name using global variable 5 years ago
Felix Stupp 77d1e84117
dns: Fixed variable structure of var domain_environment_directory 5 years ago
Felix Stupp be8418d546
misc/backup_files: Added variable backup_name as alternative of name by domain 5 years ago
Felix Stupp 12e47c19c9
all/vars: Added var global_log_directory 
Added usage in role nginx/application
 5 years ago
Felix Stupp 51404e3a3d
misc/system_user: Added output var system_user_info 5 years ago
Felix Stupp 08a37c6dab
nginx/application: Configure dhparams for SSL 5 years ago
Felix Stupp 586163c9d0
Added role misc/dhparams 5 years ago
Felix Stupp 6fbf62cddd
dns/application: Added zone.db.jnl files to allowed files for bind to write 5 years ago
Felix Stupp f2e669734b
common: Readd package acl 
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user

This reverts commit 3c7fb65ac9.
 5 years ago
Felix Stupp c258a5d1bb
server/minecraft: Add SRV dns entry 5 years ago
Felix Stupp 55b27c041b
dns: Extracted role entries from server_entries 5 years ago
Felix Stupp 39771c907f
dns/server_entries: Renamed var all_entries to entries 5 years ago
Felix Stupp 9d23e12a16
dns/master: Now considered vars for nameserver and mail to be absolute 
Meaning the var itself must not have a dot at the end of the name,
but an usage of the variable may need to append a dot.
 5 years ago
Felix Stupp 40c6a3ab0f
dns/server_entries: Allow duplicate execution of role 5 years ago
Felix Stupp 1958c4df54
dns: Renamed role entries to server_entries 
To distinguish between simple entries role (coming in the future) and
entries role bundled with server-related entries (A, AAAA, SSHFP)
 5 years ago
Felix Stupp 08fafbf98f
dns/entries: Fixed SYNC comment to role dns/master 5 years ago
Felix Stupp 9121fd2c37
server/tt-rss: Moved repo clone method to standardized release tags 5 years ago
Felix Stupp debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet 
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
 5 years ago
Felix Stupp cca87f6425
nginx/php: Changed global include to root include 
root snippet is there for file based servers, including php
 5 years ago
Felix Stupp f2c92e94e2
nginx: Moved index directive from root snippet to specific static role 5 years ago
Felix Stupp dd48448828
nginx/php: Removed debian-specific index file from config 5 years ago
Felix Stupp 58955871ad
nginx/application: Removed specfic exclusion of htaccess files 
Because dot files are already blocked in general
 5 years ago
Felix Stupp 9394b66f47
wireguard/application: Added sorting of peer files before combining 5 years ago
Felix Stupp e09fb25104
Added role misc/dnsmasq as dnssec resolver 5 years ago
Felix Stupp 2158b2717d
dns/master: Added support for dname to root zone 5 years ago
Felix Stupp 0b388a7e9a
git_auto_update: Added brackets for less ambiguity 5 years ago
Felix Stupp 9a8996d69e
git_auto_update: Increased check options for update script 5 years ago
Felix Stupp 2515ab82db
roles/nfs: Improved var usages 
- Extracted global_nfs_directory from default root_directory
- Added usage of export_path
 5 years ago
Felix Stupp 04c71a8611
common: ssh makefile: Sort part files before combining 5 years ago
Felix Stupp d09b7ea8c3
mysql: Configure mysql_user and mysql_password 5 years ago
Felix Stupp 164cdbbc79
common: Tagged ip blocklist for easier skipping 5 years ago
Felix Stupp 187f573d4f
common: Added pv to required common packages 5 years ago
Felix Stupp 424b85eec8
mysql/database: Added database_template function 5 years ago
Felix Stupp c6309b92ad
mysql/database: Documented database_user as required var 5 years ago
Felix Stupp a3eb7778a8
server/nextcloud: Add packages for SMB access 5 years ago
Felix Stupp 2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries 5 years ago