Felix Stupp
|
98b7b55a53
|
Whitelist multiple services of proc's hidepid feature
Not only required for systemd-logind, but also for user@.service
|
4 years ago |
Felix Stupp
|
15ad953131
|
common: Validate sshd_config before applying
|
4 years ago |
Felix Stupp
|
e1a612966c
|
Hide running processes from users other than root
|
4 years ago |
Felix Stupp
|
edc4ccd4c3
|
Fix journald path from /systmed/ to /systemd/
|
4 years ago |
Felix Stupp
|
0a5b3fc26f
|
Added new role misc/tg_monitor_cmd
|
4 years ago |
Felix Stupp
|
6c547434b9
|
Renamed global_ssh_notify_telegram_bot_key to global_telegram_server_bot_key
|
4 years ago |
Felix Stupp
|
09cd9782a9
|
Added roles server/drone.io/{runner,server}
|
4 years ago |
Felix Stupp
|
0a8ee3983d
|
group_vars/all: Changed default dns servers to normal Quad9
- in distinction to Quad9 servers supporting/using EDNS
- the default servers have EDNS disabled
|
4 years ago |
Felix Stupp
|
f825787dd6
|
docker/application: Configure dns and log-driver of daemon
|
4 years ago |
Felix Stupp
|
d281b238e7
|
Added group_vars for group hetzner_server
|
4 years ago |
Felix Stupp
|
74fa987e2d
|
Edit vault, add my minecraft name
|
4 years ago |
Felix Stupp
|
889a493fdd
|
Implement has_debug_instance and use to lower ttl
|
4 years ago |
Felix Stupp
|
14a924bdd2
|
Changed debug instance prefix to "debug-instance."
Due to "_" being an invalid character for hostnames for CAs.
|
4 years ago |
Felix Stupp
|
fcb1ed71b6
|
Added debug mode with support for all roles
|
4 years ago |
Felix Stupp
|
02b501f4a5
|
dns/entries: Rewrite role to use nsupdate module instead of custom makefile construct
|
4 years ago |
Felix Stupp
|
d8f47c7106
|
Decreased default DNS ttl to 1h
|
4 years ago |
Felix Stupp
|
ee8f1f0815
|
journald on raspbian: Set max storage to 256M
|
4 years ago |
Felix Stupp
|
95dcb5a8b5
|
common: Configure journald to keep logs persistent until storage max
|
4 years ago |
Felix Stupp
|
235103fbd6
|
common: Allowed to disable source package support if required
|
4 years ago |
Felix Stupp
|
0f03f5f421
|
Moved default repository infos to all vars
To allow groups to overwrite these variables
|
4 years ago |
Felix Stupp
|
59dd7d93a1
|
wireguard: Rewritten to use systemd-networkd integration
|
4 years ago |
Felix Stupp
|
5ffed17e43
|
vars: Fix path for chromium_managed_policies_file
|
4 years ago |
Felix Stupp
|
1cea46b161
|
Added role kiosk/website
|
4 years ago |
Felix Stupp
|
3f2392332d
|
Added role kiosk/boot
|
4 years ago |
Felix Stupp
|
da381ce264
|
account: Transfered from oh-my-zsh to antigen
|
4 years ago |
Felix Stupp
|
03c485e736
|
Configured sshd service name in global var
|
4 years ago |
Felix Stupp
|
ddf4c8d4a1
|
Fixed shellcheck format=quiet not available on Debian Buster
|
4 years ago |
Felix Stupp
|
13f3aceb00
|
dns/entries: Make "setting entries" be indempotent using makefile
|
4 years ago |
Felix Stupp
|
427541311a
|
account: Added validate for sudoers insults config
|
4 years ago |
Felix Stupp
|
e93c11f0d7
|
Added shellcheck for script validations
|
4 years ago |
Felix Stupp
|
62758cac7c
|
mysql: Extracted mysql_socket_path into global var
|
4 years ago |
Felix Stupp
|
a9c8fd9af3
|
Moved var nginx_installation_directory to global vars
|
4 years ago |
Felix Stupp
|
b1a93849a1
|
Moved var nginx_system_user to global vars
|
4 years ago |
Felix Stupp
|
f46e51115e
|
acme: Changed underlying package from acme.sh to certbot
|
4 years ago |
Felix Stupp
|
d48d4885d7
|
Extracted admin_mail into global var
|
4 years ago |
Felix Stupp
|
98b7f4744e
|
Extracted service_name of nginx to global var
|
4 years ago |
Felix Stupp
|
ae42f963a2
|
dns: Transfered master zones from makefile approach to dynamic updates approach
|
5 years ago |
Felix Stupp
|
3071b98f9d
|
Reconfigured bind session-keyalg to hmac-sha512
|
5 years ago |
Felix Stupp
|
360172f8db
|
dns/master: Moved default tts var to global var
|
5 years ago |
Felix Stupp
|
be6303576a
|
dns/application: Added configuration for session-key
|
5 years ago |
Felix Stupp
|
99e58d4224
|
common: Added helper nsupdate_keygen
|
5 years ago |
Felix Stupp
|
98ff22f28a
|
all/vars: Adapted bind_service_name to official bind version
|
5 years ago |
Felix Stupp
|
85028e1dcb
|
fail2ban/application: Moved service_name to global var
|
5 years ago |
Felix Stupp
|
239ef3124e
|
fail2ban/application: Moved vars to global part
Because paths are not user-configured but given by package/system
|
5 years ago |
Felix Stupp
|
f3d7f2f8a2
|
Added roles for redis (application, instance)
|
5 years ago |
Felix Stupp
|
788d259f85
|
all/vars: nginx_status_page_acl: Added public addresses of host
|
5 years ago |
Felix Stupp
|
8f25d008a9
|
var: nginx_status_page_acl: Fixed localhost ipv4 address range
|
5 years ago |
Felix Stupp
|
458babf82c
|
nginx/php: Added support for php-fpm status page
|
5 years ago |
Felix Stupp
|
2a672cb597
|
nginx/default_server: Extracted status_page_acl var
|
5 years ago |
Felix Stupp
|
646e6d5c75
|
dns: Configured service name using global variable
|
5 years ago |