94 Commits (b4eef0e28b0baf4c19d6e0f3e06b6a81400ecaca)

Author SHA1 Message Date
Felix Stupp 98b7b55a53
Whitelist multiple services of proc's hidepid feature
Not only required for systemd-logind, but also for user@.service
4 years ago
Felix Stupp 15ad953131
common: Validate sshd_config before applying 4 years ago
Felix Stupp e1a612966c
Hide running processes from users other than root 4 years ago
Felix Stupp edc4ccd4c3
Fix journald path from /systmed/ to /systemd/ 4 years ago
Felix Stupp 0a5b3fc26f
Added new role misc/tg_monitor_cmd 4 years ago
Felix Stupp 6c547434b9
Renamed global_ssh_notify_telegram_bot_key to global_telegram_server_bot_key 4 years ago
Felix Stupp 09cd9782a9
Added roles server/drone.io/{runner,server} 4 years ago
Felix Stupp 0a8ee3983d
group_vars/all: Changed default dns servers to normal Quad9
- in distinction to Quad9 servers supporting/using EDNS
- the default servers have EDNS disabled
4 years ago
Felix Stupp f825787dd6
docker/application: Configure dns and log-driver of daemon 4 years ago
Felix Stupp d281b238e7
Added group_vars for group hetzner_server 4 years ago
Felix Stupp 74fa987e2d
Edit vault, add my minecraft name 4 years ago
Felix Stupp 889a493fdd
Implement has_debug_instance and use to lower ttl 4 years ago
Felix Stupp 14a924bdd2
Changed debug instance prefix to "debug-instance."
Due to "_" being an invalid character for hostnames for CAs.
4 years ago
Felix Stupp fcb1ed71b6
Added debug mode with support for all roles 4 years ago
Felix Stupp 02b501f4a5
dns/entries: Rewrite role to use nsupdate module instead of custom makefile construct 4 years ago
Felix Stupp d8f47c7106
Decreased default DNS ttl to 1h 4 years ago
Felix Stupp ee8f1f0815
journald on raspbian: Set max storage to 256M 4 years ago
Felix Stupp 95dcb5a8b5
common: Configure journald to keep logs persistent until storage max 4 years ago
Felix Stupp 235103fbd6
common: Allowed to disable source package support if required 4 years ago
Felix Stupp 0f03f5f421
Moved default repository infos to all vars
To allow groups to overwrite these variables
4 years ago
Felix Stupp 59dd7d93a1
wireguard: Rewritten to use systemd-networkd integration 4 years ago
Felix Stupp 5ffed17e43
vars: Fix path for chromium_managed_policies_file 4 years ago
Felix Stupp 1cea46b161
Added role kiosk/website 4 years ago
Felix Stupp 3f2392332d
Added role kiosk/boot 4 years ago
Felix Stupp da381ce264
account: Transfered from oh-my-zsh to antigen 4 years ago
Felix Stupp 03c485e736
Configured sshd service name in global var 4 years ago
Felix Stupp ddf4c8d4a1
Fixed shellcheck format=quiet not available on Debian Buster 4 years ago
Felix Stupp 13f3aceb00
dns/entries: Make "setting entries" be indempotent using makefile 4 years ago
Felix Stupp 427541311a
account: Added validate for sudoers insults config 4 years ago
Felix Stupp e93c11f0d7
Added shellcheck for script validations 4 years ago
Felix Stupp 62758cac7c
mysql: Extracted mysql_socket_path into global var 4 years ago
Felix Stupp a9c8fd9af3
Moved var nginx_installation_directory to global vars 4 years ago
Felix Stupp b1a93849a1
Moved var nginx_system_user to global vars 4 years ago
Felix Stupp f46e51115e
acme: Changed underlying package from acme.sh to certbot 4 years ago
Felix Stupp d48d4885d7
Extracted admin_mail into global var 4 years ago
Felix Stupp 98b7f4744e
Extracted service_name of nginx to global var 4 years ago
Felix Stupp ae42f963a2
dns: Transfered master zones from makefile approach to dynamic updates approach 5 years ago
Felix Stupp 3071b98f9d
Reconfigured bind session-keyalg to hmac-sha512 5 years ago
Felix Stupp 360172f8db
dns/master: Moved default tts var to global var 5 years ago
Felix Stupp be6303576a
dns/application: Added configuration for session-key 5 years ago
Felix Stupp 99e58d4224
common: Added helper nsupdate_keygen 5 years ago
Felix Stupp 98ff22f28a
all/vars: Adapted bind_service_name to official bind version 5 years ago
Felix Stupp 85028e1dcb
fail2ban/application: Moved service_name to global var 5 years ago
Felix Stupp 239ef3124e
fail2ban/application: Moved vars to global part
Because paths are not user-configured but given by package/system
5 years ago
Felix Stupp f3d7f2f8a2
Added roles for redis (application, instance) 5 years ago
Felix Stupp 788d259f85
all/vars: nginx_status_page_acl: Added public addresses of host 5 years ago
Felix Stupp 8f25d008a9
var: nginx_status_page_acl: Fixed localhost ipv4 address range 5 years ago
Felix Stupp 458babf82c
nginx/php: Added support for php-fpm status page 5 years ago
Felix Stupp 2a672cb597
nginx/default_server: Extracted status_page_acl var 5 years ago
Felix Stupp 646e6d5c75
dns: Configured service name using global variable 5 years ago