Felix Stupp
a3eb7778a8
server/nextcloud: Add packages for SMB access
4 years ago
Felix Stupp
2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries
4 years ago
Felix Stupp
5a41a9afc9
acme/certificate: Document var domain as required
4 years ago
Felix Stupp
b3620fa3c8
dns/application: makefile combine: Sort files before combining
...
Ensures 0_main.db is before other files
4 years ago
Felix Stupp
979abba1aa
Added role dns/entries for configuring dns entries
4 years ago
Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
4 years ago
Felix Stupp
748999d36d
dns: Moved var zones_environment_directory to global vars
4 years ago
Felix Stupp
f8c01d46f6
dns/master: Fix permissions for dns env dir
4 years ago
Felix Stupp
bf00dcb6dd
dns/application: Moved var configuration_directory to global vars
4 years ago
Felix Stupp
eb632a8f2c
dns/master: Store mapping of domain to host in public_keys
4 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
4 years ago
Felix Stupp
c58223c21b
server/gitea: Disable logging of SQL requests
4 years ago
Felix Stupp
3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config
4 years ago
Felix Stupp
2526033405
fail2ban/application: Send log messages to journald
4 years ago
Felix Stupp
0043d6255a
nginx/application global.conf: Added comment to excluding hidden files
4 years ago
Felix Stupp
025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
...
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
- Only combining of zone files and setting serial number
- signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
4 years ago
Felix Stupp
274f658016
nginx/php-pool: Fixed permissions for other
4 years ago
Felix Stupp
e85ad8fed3
dns: Fixed applying permissions to directories
4 years ago
Felix Stupp
c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK"
...
Only required and beneficial for ZSK
4 years ago
Felix Stupp
905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment
4 years ago
Felix Stupp
7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names
4 years ago
Felix Stupp
4e6df015f5
Added roles nfs/server and nfs/export
4 years ago
Felix Stupp
24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh"
4 years ago
Felix Stupp
a03a335430
account: Added bmon to tools list
4 years ago
Felix Stupp
a576893776
misc/docker: Install docker-compose bindings for python3
5 years ago
Felix Stupp
b600f678ca
misc/docker: Install python3 docker bindings using package manager
5 years ago
Felix Stupp
8758553a02
common: Install explicit python3 interpreter
5 years ago
Felix Stupp
2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
...
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp
ff7275cb60
server/{linx,spotme}: Removed default bind_port
5 years ago
Felix Stupp
4a186854cf
server/node: Renamed variable app_port to bind_port
5 years ago
Felix Stupp
f6c1aff55a
server/spotme: Renamed variable spotme_port to bind_port
5 years ago
Felix Stupp
7e0df4abc5
Added variable local_user for user running playbook
...
Useful if tasks store data on the local machine
5 years ago
Felix Stupp
9d50f84321
server/firefox-sync: Changed remote repo url back to official repo
5 years ago
Felix Stupp
f91f2bc325
Added role fail2ban/application
5 years ago
Felix Stupp
c110a24e9f
common: sshd: Disable weak key algorithms
5 years ago
Felix Stupp
505c85eb11
common: Disable root login over ssh
5 years ago
Felix Stupp
651794a136
common: sshd: Disable X11 Forwarding globally
5 years ago
Felix Stupp
baace3ce16
misc/handlers: Changed "restart ssh" to "reload ssh"
5 years ago
Felix Stupp
025d8a3256
Added role misc/ssh_tg_notify
...
- Added role to common site
- Added variables required to global vars and vault
5 years ago
Felix Stupp
69b884ad3f
bootstrap: Configure ssh key used to connect on new user
5 years ago
Felix Stupp
f610812fc7
bootstrap: Ensure user has .ssh/authorized_keys before trying to copy
5 years ago
Felix Stupp
096554f37b
mqtt/user: Fixed usage of var user (before username)
5 years ago
Felix Stupp
fe393bd246
mqtt/application: Enforce sort part files before combining for acl and auth
5 years ago
Felix Stupp
1a608ce172
mqtt/application: Remove config use_username_as_clientid
...
Seems to block users with different username and clientid
5 years ago
Felix Stupp
e18f7f32e0
mqtt/application: Add paths for acl and auth files to config
5 years ago
Felix Stupp
46e932049e
mqtt/application: Allow root to read SYS topics
5 years ago
Felix Stupp
b6de0c1a4d
mqtt/application: Fix usage of variable configuration_directory
5 years ago
Felix Stupp
cf632d1a56
mqtt: Ensure create auth files before writing using mosquitto_passwd
...
Fixes error on calling tool if file does not exist
5 years ago
Felix Stupp
4b6cef5c10
mqtt/application: Notify handlers on change to makefile
5 years ago
Felix Stupp
82c7666ae8
mqtt/application: Fix port for mosquitto server
5 years ago
Felix Stupp
81dab362a6
misc/docker: Do not install recommended packages to fix issue on raspberry
5 years ago
Felix Stupp
fcae6e8429
Added blocklist of known malicious ip addresses applied by role common
5 years ago
Felix Stupp
f2c9b17194
Moved packages only required for admin account from role common to role account
5 years ago
Felix Stupp
25df92ee7b
common: Removed package buffer
...
Replaced by pv integrated buffering
which supports greater limits.
5 years ago
Felix Stupp
e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https
5 years ago
Felix Stupp
3c7fb65ac9
common: Removed package acl
...
Not installable on Raspbian and also not used on any Debian system
5 years ago
Felix Stupp
9e8d1b5220
common: Fix applying sources.list for different distributions
5 years ago
Felix Stupp
b3f05edb6f
account: Added exa to packages
5 years ago
Felix Stupp
8ebe8aecfb
nginx/application: Hide server tokens per default
5 years ago
Felix Stupp
69dfba9911
mqtt/application: Added linking of configuration directory to environment
5 years ago
Felix Stupp
18832f4eb0
mqtt/application: Fixed names of variables admin_{user,pass}
5 years ago
Felix Stupp
9dc203621e
mqtt: Fixed wording 'notifiy' to 'notify'
5 years ago
Felix Stupp
0b69a41ebc
Added roles mqtt/application and mqtt/user
5 years ago
Felix Stupp
ab1a067cff
dns/master: Added flush_handlers before role ends
5 years ago
Felix Stupp
371b1d5751
dns/application: Fixed permissions for zone databases directories
5 years ago
Felix Stupp
64576c8ff5
dns/master: zone.makefile: Added cd to key signing
5 years ago
Felix Stupp
ab61090340
dns/master: zone.makefile: Added check for directories not equal
5 years ago
Felix Stupp
bb8a2759ec
dns/master: zone.makefile: Changed usage of var dest
5 years ago
Felix Stupp
d052a08f0d
dns/master: zone.makefile: Fixed format
5 years ago
Felix Stupp
ebbacdce0c
dns/master: Added dependency to role dns/master_handlers
5 years ago
Felix Stupp
73c9a72590
dns: Fixed usages of var dns_zones_configuration_environment_directory
5 years ago
Felix Stupp
0662df1ca5
dns/master: Let serial number configured by dnssec-signzone
5 years ago
Felix Stupp
d8f1b36ee1
dns/master: Moved building of zone files to makefile
5 years ago
Felix Stupp
208e277e79
Added role dns/master_handlers for makefile handler
5 years ago
Felix Stupp
d7991e0bbb
dns/master: Added configuring configuration environment
5 years ago
Felix Stupp
5627a36949
dns/master: Extracted database_signed_file_name of database_signed_file
5 years ago
Felix Stupp
a206642f77
dns/master: Extracted database_file_name of database_file
5 years ago
Felix Stupp
36bf7f9d18
dns/master: Declared var domain to be required
5 years ago
Felix Stupp
141d343d6d
Extracted dns/handlers out of dns/applications
5 years ago
Felix Stupp
8e95846002
dns/master: Added create zone environment directory
5 years ago
Felix Stupp
de2bfe430c
dns/master: Rewrite create zone directories using loop
5 years ago
Felix Stupp
065050d5c2
dns/application: Added zone configuration environment directory
5 years ago
Felix Stupp
479430a9e9
dns/application: Reconfigured creating zone directories using loop
5 years ago
Felix Stupp
19b5fb3f9e
dns/application: Configured directory permissions for zones directory
5 years ago
Felix Stupp
8aacd27f31
dns/application: Configured group owner for bind main configuration
5 years ago
Felix Stupp
c8dc602f09
account: Configure sudo insults
5 years ago
Felix Stupp
ff3d6cba8e
Added group os_raspbian
5 years ago
Felix Stupp
78032d343f
common: Made sources.list dependent of distribution
5 years ago
Felix Stupp
5555c86357
server/gitea: Reworked configuration with defaults
5 years ago
Felix Stupp
a9798fedc8
server/gitea: Fixed output of wget in update script
5 years ago
Felix Stupp
e9db3d7d56
misc/backup: Secured shell commands for file backups
5 years ago
Felix Stupp
a150266548
server/minecraft: Enabled auto backup
5 years ago
Felix Stupp
6dd5c75e67
misc/backup_files: Added support for commands executed before / after backup
5 years ago
Felix Stupp
3fb273aaae
server/minecraft: Fixed downloading Minecraft Server version
5 years ago
Felix Stupp
e0342a6bba
server/linx: Added helper script for uploading files to the service
5 years ago
Felix Stupp
3737a2ad10
server/nextcloud: Added apps against ransomware to default
5 years ago
Felix Stupp
e24613d02c
acme/application: Added installing helper scripts for managing
5 years ago
Felix Stupp
e2b7778c8b
nginx/application: Changed Referrer-Policy to strict-origin
...
For better enforcing of secure handling of referrer information
5 years ago
Felix Stupp
54a8ad0d86
server/nextcloud: Removed doubled referrer-policy
...
Referrer-Policy already configured by global configuration
5 years ago
Felix Stupp
1855deb351
nginx/server: Documentated required variables
5 years ago