Felix Stupp
2efb214edd
misc/ssh_tg_notify: Ignore messages from trusted VPN subnet
2 years ago
Felix Stupp
c842c40c89
misc/ssh_tg_notify: Lookup & inform user which logged in as well
2 years ago
Felix Stupp
10a3e8aa9f
misc/ssh_tg_notify: Lookup user id of root dynamically
2 years ago
Felix Stupp
10e2dea52a
misc/ssh_tg_notify: Add comments for sections
2 years ago
Felix Stupp
a98b250c31
misc/ssh_tg_notify: Check that PAM_RHOST is defined
2 years ago
Felix Stupp
b50f457d99
misc/ssh_tg_notify: Add Content-Type to bot requests
2 years ago
Felix Stupp
4da0a72682
misc/ssh_tg_notify: Extract sendMessage method
2 years ago
Felix Stupp
07eeba447e
misc/ssh_tg_notify: Replace link to ipinfo.io with link to stat.ripe.net
2 years ago
Felix Stupp
8b7d4f1688
misc/ssh_tg_notify: strip expected stat error message
2 years ago
Felix Stupp
27bd516581
misc/ssh_tg_notify: Include username into cache key
...
- So if multiple users log in from the same ip, the cache does not prevent a notification
2 years ago
Felix Stupp
a2091da6a9
Added playbooks/facts folder with gitignore
2 years ago
Felix Stupp
9731affd79
Renamed host_var files to add .yml ending
2 years ago
Felix Stupp
224b302e2d
Implement virtual env for pip and ansible collections
3 years ago
Felix Stupp
8b6b7e57ad
Move credentials.tar.gpg into misc directory
3 years ago
Felix Stupp
dadee8a49d
ansible.cfg: Add comments for explaining every option / group of options
3 years ago
Felix Stupp
3a5cf551e7
makefile: Group targets with different headlines
3 years ago
Felix Stupp
8e6a96c5fa
makefile: Split up phony entries
3 years ago
Felix Stupp
734091b4fb
Add tag deploy-auto-update-script to some tasks
3 years ago
Felix Stupp
f9912f950f
Change default GPG keyserver to keys.openpgp.org
...
- sks-keyservers not available anymore, so fallback to new one
3 years ago
Felix Stupp
b5df9a1225
Extract GPG keyserver for backups into global var
3 years ago
Felix Stupp
644164eac5
Added tags to included roles
3 years ago
Felix Stupp
08e91883b3
misc/ssh_tg_notify: Added cache to send fewer notifications
...
- per IP only once in the next 4 hours
3 years ago
Felix Stupp
2e71da368b
nginx/{php,static}: Remove legacy "ssl on" directive
3 years ago
Felix Stupp
0781b4c175
nginx/forward: Redeveloped using nginx/server template
3 years ago
Felix Stupp
cc8513ddf4
nginx/forward: correctly documented vars as required by removing default value
3 years ago
Felix Stupp
6c48b7360e
Update mitogen to version compatible to Ansible 2.10
3 years ago
Felix Stupp
0c6d7161ed
nginx/server: Added tag nginx-server-config to deployment of site config
3 years ago
Felix Stupp
05c0d5fa7b
added intention to change global admin mail to own domain mail
3 years ago
Felix Stupp
16a72f6014
group_vars/all: extracted os_defaults from general vars.yml
3 years ago
Felix Stupp
88b904abc7
deprecate global "project" variables
3 years ago
Felix Stupp
72e3fda3ff
added role misc/deb_backports_prio
3 years ago
Felix Stupp
e267e345da
server/nextcloud: Enable apc on using occ commands
...
Required since Nextcloud 21
3 years ago
Felix Stupp
1bf40022a9
server/nextcloud: Allow configuring files_chunk_size and setup linked limits
...
- linked settings are (configured to same value appending some overheads):
- nginx_max_size
- php_post_max_size
- php_upload_max_size
3 years ago
Felix Stupp
5ae646abdd
server/spotme: service_environment_file variable fixed to use correct service_name var
3 years ago
Felix Stupp
ae39585006
server/spotme: Increased java version to 11
3 years ago
Felix Stupp
79e1423947
server/tt-rss: increased lifetime of session cookies
3 years ago
Felix Stupp
25616aa118
nginx/php-pool: Added tag nginx-php-pool-config
3 years ago
Felix Stupp
416289a367
server/firefox-sync: added dependency libmariadb-dev
3 years ago
Felix Stupp
b4eef0e28b
configure drone-ci on hatoria for git.banananet.work
3 years ago
Felix Stupp
b666ffb439
Removed temporary transfer tag
3 years ago
Felix Stupp
6301ed65fc
playbooks/dns: Moved main dns server from nvak to hatoria
3 years ago
Felix Stupp
0126d2f8ae
server/nextcloud: Add support for configuring default phone region
3 years ago
Felix Stupp
6919a6f7dc
dns/application: Added dependency python3-dnspython
...
Required for Ansible to configure dns records
3 years ago
Felix Stupp
f2dac5ca1f
nginx/php-pool: Allow configuring arbitary php_admin_values
...
- removing support for explicit configuration key for memory_limit
- replaced usage of memory_limit key with usage of admin_values key
3 years ago
Felix Stupp
98b7b55a53
Whitelist multiple services of proc's hidepid feature
...
Not only required for systemd-logind, but also for user@.service
3 years ago
Felix Stupp
15ad953131
common: Validate sshd_config before applying
3 years ago
Felix Stupp
e1a612966c
Hide running processes from users other than root
3 years ago
Felix Stupp
d0e9962d04
common: Add tag journald to certain tasks
3 years ago
Felix Stupp
edc4ccd4c3
Fix journald path from /systmed/ to /systemd/
3 years ago
Felix Stupp
065408fd9d
moved git.bnet from nvak to hatoria
3 years ago
Felix Stupp
c48c32f786
moved {firefox,rss,spotme}.bnet from nvak to hatoria
3 years ago
Felix Stupp
4c4c6529ad
server/spotme: Change default database user equal to system user
3 years ago
Felix Stupp
fe34e6111e
mysql/database: Added tag mysql_database to all tasks
3 years ago
Felix Stupp
9fd183bbac
mysql/database: rewrote usage of include_tasks to be better compatible with tags
3 years ago
Felix Stupp
288c4175d6
dns/entries: Add timeout of 8s after changing dns entries
...
so futher roles do not fail because external dns servers have not
received the change yet
3 years ago
Felix Stupp
6ae690aac3
transfered forumderschan.de from nvak to hatoria
3 years ago
Felix Stupp
933a094916
moved Stadtpiraten comments from nvak to hatoria
3 years ago
Felix Stupp
53d051824f
nvak: Remove turnips.banananet.work
3 years ago
Felix Stupp
455ca2ce09
nvak: transfered future projects phpmyadmin and banananetwork keys to hatoria
...
- Comments are already stored in hatorias playbook because this change
was committed by accident at b86d856b
3 years ago
Felix Stupp
abdc53c317
ansible.cfg: Always enable diff on playbook executions
3 years ago
Felix Stupp
18f374103a
hatoria hst20 nextcloud: updated app list
3 years ago
Felix Stupp
a734f6ef42
hatoria: Monitor public-known nameservers of forumderschan.de
3 years ago
Felix Stupp
0a5b3fc26f
Added new role misc/tg_monitor_cmd
3 years ago
Felix Stupp
7f9980903f
dns: Explicit defined main_nameserver and added to entries
3 years ago
Felix Stupp
6d061088a2
misc/ssh_tg_notify: Quoted TIMEOUT variable
3 years ago
Felix Stupp
6c547434b9
Renamed global_ssh_notify_telegram_bot_key to global_telegram_server_bot_key
3 years ago
Felix Stupp
5aa78edc12
dns: Assigned MailJet mail service to wg.banananet.work
3 years ago
Felix Stupp
03bc38ff78
playbooks/dns: Added section for managing arbitary entries
3 years ago
Felix Stupp
8413cbd9cc
Added role ext_mail/mailjet
3 years ago
Felix Stupp
52c03dc9d2
Added python3-yaml to common packages
3 years ago
Felix Stupp
43cb8f0a5e
hatoria: Removed ransomware_detection because of current problems
...
See https://github.com/undo-ransomware/ransomware_detection/issues/48#issue-763599989
3 years ago
Felix Stupp
f2c5aedc52
server/nextcloud: Add extract_app_list helper script
3 years ago
Felix Stupp
10dab39328
Transfered WG and HST21 Nextcloud instances from nvak to hatoria
3 years ago
Felix Stupp
0164e4810b
server/nextcloud: Remove not required comment on lost_password_link
...
Feature already explained in another comment above
3 years ago
Felix Stupp
a23e80abc1
server/nextcloud: Delete no longer required install_nextcloud.sh script
3 years ago
Felix Stupp
09cd9782a9
Added roles server/drone.io/{runner,server}
3 years ago
Felix Stupp
398ed9084c
Added role docker/compose-git
3 years ago
Felix Stupp
c8fdc4fae9
account: Configure authorized_keys using authorized_key module
...
- also restricts .ssh directory only to user
- restriction was automatically applied by authorized_keys module before
- more restriction is not harmful
- this restriction ensures indempotency while using the authorized_keys module
3 years ago
Felix Stupp
0a8ee3983d
group_vars/all: Changed default dns servers to normal Quad9
...
- in distinction to Quad9 servers supporting/using EDNS
- the default servers have EDNS disabled
3 years ago
Felix Stupp
f825787dd6
docker/application: Configure dns and log-driver of daemon
3 years ago
Felix Stupp
e9651f3b09
role misc/docker renamed to docker/application
3 years ago
Felix Stupp
7d240539c8
misc/docker: Reworked role to use docker package from distro repo
3 years ago
Felix Stupp
8725e65dfb
server/nextcloud: Fix re-importing config.json after changes
3 years ago
Felix Stupp
d281b238e7
Added group_vars for group hetzner_server
3 years ago
Felix Stupp
78dbfe3c8e
hosts.py: Added support for "&" operator in groups pattern
3 years ago
Felix Stupp
0b0135dd57
hosts.py: Generalized supported operations of group pattern
3 years ago
Felix Stupp
7d858342e2
Updated hosts.yml to support new inventory syntax
...
While reworked group structure to be more useful and powerful
3 years ago
Felix Stupp
827865b44c
hosts.py: Reworked inventory interpreter to support more powerful syntaxes
3 years ago
Felix Stupp
8e4cae43b5
site: Add name to playbook for common roles
3 years ago
Felix Stupp
00dde619e8
Rename group surface3 to dev_surface3
3 years ago
Felix Stupp
92b13e90ed
nginx/application: Fixed getting nameserver ips using ansible facts, not custom script
3 years ago
Felix Stupp
bf21d8727f
playbooks/group_bwcloud: Added hint about manual change
3 years ago
Felix Stupp
149dadd393
Added symlink for library in playbooks/
3 years ago
Felix Stupp
eee29f48b3
Integrated mitogen boost for ansible
3 years ago
Felix Stupp
74fa987e2d
Edit vault, add my minecraft name
3 years ago
Felix Stupp
47cc7a0706
site: Added tag common to "common" role execution
3 years ago
Felix Stupp
25ca7ef895
server/spotme: Define some conversion tasks to run also in check mode
...
- required to check later tasks
- do not change anything on the system on their own
3 years ago
Felix Stupp
01ed71353c
playbooks/wireguard: Remove not required strategy directives
3 years ago
Felix Stupp
e56498dc78
hatoria: Define creating custom_archive_directory for cloud-bnet
3 years ago
Felix Stupp
9d62d35564
hatoria: Moved domain/system_user for cloud-bnet to variables
3 years ago
Felix Stupp
e13c86fae1
mc-wg-bnet on hatoria: upgraded MC to version 1.16.4
3 years ago
Felix Stupp
a53d0bc117
playbooks/dns: Allow Mailbox as mail provider for banananet.work
4 years ago
Felix Stupp
b86d856b73
Add hatoria and move some services to hatoria
...
From nvak:
- banananet.work
- drop.banananet.work
- cloud.banananet.work
- debug instance of forumderschan.de
- forwarding of www.forumderschan.de
From third-party:
- mc.wg.banananet.work
4 years ago
Felix Stupp
088b27af95
playbooks/dns: Change SOA mails from admin@ to hostmaster@
4 years ago
Felix Stupp
b3181c7a48
dns/master: Changed default SOA mail to hostmaster@
4 years ago
Felix Stupp
057baa9c22
filter_plugins/systemd_escape: Fix missing import sys for testing purposes
4 years ago
Felix Stupp
441dbddc9c
vscode: Remove association to ansible plugin
4 years ago
Felix Stupp
d025cc1fac
server/minecraft: Allow MC to lock files in data dir
4 years ago
Felix Stupp
933e831804
server/minecraft: Fix warning of casting port while keeping port as int
4 years ago
Felix Stupp
cd3972887b
server/minecraft: Reworking generating server.properties
4 years ago
Felix Stupp
8e470e3aba
common: backup_autoremove: Fix find working with symlink of backups dir
4 years ago
Felix Stupp
abf4a36151
server/minecraft: Also save-all after backup to prevent losing changes made while backup
4 years ago
Felix Stupp
794cbea66d
acme/application: Renamed var to acme_key_size
4 years ago
Felix Stupp
ae9588913b
server/nextcloud: Fix changed config dbpass to dbpassword
4 years ago
Felix Stupp
3dde72a807
server/nextcloud: Fix configuring overwrite.cli.url
4 years ago
Felix Stupp
b3a8f253eb
server/nextcloud: ignore errors on app install/disable tasks
4 years ago
Felix Stupp
3c28464682
nvak: cloud-bnet: Adapt app list for new version 19
4 years ago
Felix Stupp
40ebbe835a
misc/hdd_dir: Fix checking for hdd_target_dir only if use_hdd_directory is enabled
4 years ago
Felix Stupp
d0ac846a36
mysql/backup_database: Fix conversion of number to string warning
4 years ago
Felix Stupp
9ed9e283c6
server/tt-rss: Increase default timeout to 30 seconds
4 years ago
Felix Stupp
df21870ebe
common: backup_mysql_database.sh: Remove --databases so dump does not use database name
...
Increases portability of backups
4 years ago
Felix Stupp
d5077ea553
playbooks/dns: Configured hetzner secondaries for banananet.work, forumderschan.de
4 years ago
Felix Stupp
7c9f135da5
dns/master: Add support for slaves as IPs (slaves_ip)
4 years ago
Felix Stupp
2b0e2f4803
playbooks/dns: Remove variable nvak_slaves
4 years ago
Felix Stupp
8d2808c82a
dns/master: Added missing default for variable slaves
4 years ago
Felix Stupp
e691b24cb4
misc/hdd_dir: Removed changing owner/group of symlink due to changed by specific server roles
4 years ago
Felix Stupp
d1c14b9ee6
common: helper backup_files: Support for directories with symlinks added
4 years ago
Felix Stupp
b42d639996
common: Added tag backups for backup related tasks
4 years ago
Felix Stupp
483eea3833
common: Configure hdd dir for backups directory
4 years ago
Felix Stupp
889a493fdd
Implement has_debug_instance and use to lower ttl
4 years ago
Felix Stupp
0b03f87319
dns/entries: Fix appending . to absolute domain name for debug removing task
4 years ago
Felix Stupp
14a924bdd2
Changed debug instance prefix to "debug-instance."
...
Due to "_" being an invalid character for hostnames for CAs.
4 years ago
Felix Stupp
59e6ce7b78
common: Add deployment of ssh_config for VerifyHostKeyDNS
4 years ago
Felix Stupp
ab74829169
server/nextcloud: Fixed using command module
...
- Added quote filter to import_config_file and system_user
- Split command for enabling/disabling addons
4 years ago
Felix Stupp
031d9db790
server/nextcloud: Remove TODO for Redis integration
...
Already implemented
4 years ago
Felix Stupp
f0c371b794
server/nextcloud: Enable configuring lost password links, disabled per default
4 years ago
Felix Stupp
d316e6ae7e
server/{gitea,linx,minecraft,nextcloud}: Implemented role misc/hdd_dir
4 years ago
Felix Stupp
50de8ade7d
server/gitea: Fixed comment on var gitea_repository_default_private
4 years ago
Felix Stupp
60c8d58dd8
server/gitea: Reorded directory variables
4 years ago
Felix Stupp
c51d098426
Added role misc/hdd_dir to link data directories to HDDs
...
- Also added task to common to create parent directory
4 years ago
Felix Stupp
1414df19c2
misc/system_user: Add tag to system_user role
4 years ago
Felix Stupp
58ba612fc1
Increase tty fontsize on thinkie
4 years ago
Felix Stupp
fcb1ed71b6
Added debug mode with support for all roles
4 years ago
Felix Stupp
027e5cec0b
dns/server_entries: Use relative domain suffix instead of absolute
4 years ago
Felix Stupp
5106142cc1
dns/master: Disable checking hostnames for validity in BIND9 on dynamic updates
4 years ago
Felix Stupp
02b501f4a5
dns/entries: Rewrite role to use nsupdate module instead of custom makefile construct
4 years ago
Felix Stupp
2b0345be62
misc/dhparams: Ensure local directory for dh params exists
4 years ago
Felix Stupp
502444d758
Added filter_plugin dns_entries
4 years ago
Felix Stupp
213864f32e
Added module tsig_interpreter
...
In preperation to use nsupdate module
4 years ago
Felix Stupp
17cb2fdac5
dns/entries: Not register not required variable entries_file_changed
4 years ago
Felix Stupp
4fe30d409e
dns/entries: Add explizit support for entries_name_prefix
4 years ago
Felix Stupp
99cee859bb
common: Add unattended-upgrades as required package
4 years ago
Felix Stupp
d8f47c7106
Decreased default DNS ttl to 1h
4 years ago
Felix Stupp
3dff69a1d4
hosts.yml: Added headers and split hosts into certain categories
4 years ago
Felix Stupp
c6a157ff53
site.yml: Configure wireguard after dns entries
4 years ago
Felix Stupp
b619f5f1ae
site.yml: Enroll telegram-notifictations only on non debug servers
4 years ago
Felix Stupp
9b4532199e
site: Disabled strategy free to get a better overview
4 years ago
Felix Stupp
ee8f1f0815
journald on raspbian: Set max storage to 256M
4 years ago
Felix Stupp
95dcb5a8b5
common: Configure journald to keep logs persistent until storage max
4 years ago
Felix Stupp
235103fbd6
common: Allowed to disable source package support if required
4 years ago
Felix Stupp
060bb1f4e2
Added tag bootstrap to bootstrap role execution
4 years ago
Felix Stupp
2359e5110e
bootstrap: Only reboot if user needs to be removed
4 years ago
Felix Stupp
0ff2a5b6bf
Added hst20 NC to nvak
4 years ago
Felix Stupp
0f03f5f421
Moved default repository infos to all vars
...
To allow groups to overwrite these variables
4 years ago
Felix Stupp
b64ba93512
server/nextcloud: Removed now unsupported & anyway unused option for database table prefix
4 years ago
Felix Stupp
8990d72cc0
kiosk/website: Added link to page explaining Chrome shortcuts
4 years ago
Felix Stupp
59dd7d93a1
wireguard: Rewritten to use systemd-networkd integration
4 years ago
Felix Stupp
7c1c7c9029
misc/deb_*: Add newline at end to sources file
4 years ago
Felix Stupp
3d52046a6d
misc/handlers: Enable systemd networkd on restart
4 years ago
Felix Stupp
b5cd08ae67
playbooks/wireguard: Reformatted notify to support multiple handlers
4 years ago
Felix Stupp
373905234a
playbooks/wireguard: Added tags to plays
4 years ago
Felix Stupp
d7e4153687
wireguard/{backbone,client}: Remove not required link to peer.cfg
4 years ago
Felix Stupp
c91f5f6559
hostname: Changed to use ansible-integrated module
4 years ago
Felix Stupp
a707a61906
hostname: Reformatted to newer syntax allowing multiple handlers in notify
4 years ago
Felix Stupp
72f3e603d8
misc/handlers: Add handler for restart systemd network
4 years ago
Felix Stupp
cfac03c746
misc/handlers: Add handler for reboot
4 years ago
Felix Stupp
6230caa65f
bootstrap: reboot before removing old user to prevent failure
4 years ago
Felix Stupp
dc6e4951d2
common: Added vim because used as default editor
4 years ago
Felix Stupp
fbec59d8ab
server/minecraft: Quote minecraft_version in shell command:
4 years ago
Felix Stupp
c3b8643fa8
host wgpanel: Decreased zoom factor to 1.5
4 years ago
Felix Stupp
6e16c3b267
host wgpanel: Fix link disabling kiosk mode on Home Assistant
...
- seems more buggy than useful
4 years ago
Felix Stupp
02da3bdec6
common: Added package sed for scripting
4 years ago
Felix Stupp
aa16fe3269
common: Added package python3-apt for Ansible
4 years ago
Felix Stupp
d9a694852f
kiosk/website: Fix button required release for "go to homepage"
4 years ago
Felix Stupp
23129d08c1
kiosk/website: Fix key input to Super_L (instead of meta) for home button
4 years ago
Felix Stupp
5ffed17e43
vars: Fix path for chromium_managed_policies_file
4 years ago
Felix Stupp
9377c6f2ee
kiosk/website: Fix var for chromium managed policies file
4 years ago
Felix Stupp
7e2aef6d02
Added host wgpanel.eridon.bnet
...
configured as kiosk device
4 years ago
Felix Stupp
1cea46b161
Added role kiosk/website
4 years ago
Felix Stupp
ab528baaff
Add device specific config for group surface3
4 years ago
Felix Stupp
c0676a8877
nvak: Tagged roles execution properly
4 years ago
Felix Stupp
71bf56e60f
server/nextcloud: Changed approach for config to import prepared JSON
4 years ago
Felix Stupp
10541b5ecc
server/nextcloud: Added tag nextcloud_apps
4 years ago
Felix Stupp
0a6484d1ea
server/nextcloud: Add new dependencies for Nextcloud
4 years ago
Felix Stupp
ad9dbb8e61
Update nextcloud server configuration to be more strict
4 years ago
Felix Stupp
3f2392332d
Added role kiosk/boot
4 years ago
Felix Stupp
1748d00f8c
Fixup for dns/application: Add nsupdate.makefile for indempotent updates
4 years ago
Felix Stupp
da381ce264
account: Transfered from oh-my-zsh to antigen
4 years ago
Felix Stupp
03c485e736
Configured sshd service name in global var
4 years ago
Felix Stupp
0939f14b21
wireguard/application: Key generation command rewritten to shell module
4 years ago
Felix Stupp
e8e735776f
wireguard: Install from backports instead of unstable
4 years ago
Felix Stupp
ddf4c8d4a1
Fixed shellcheck format=quiet not available on Debian Buster
4 years ago
Felix Stupp
f323f9dd7c
nginx/php-fpm: Moved sockets to non-temporary directory
...
/var/run was cleared after reboot, required re-executing Ansible to run
PHP services.
4 years ago
Felix Stupp
13f3aceb00
dns/entries: Make "setting entries" be indempotent using makefile
4 years ago
Felix Stupp
79b6e22311
playbooks/dns: Changed role variables back to role parameters
4 years ago
Felix Stupp
9c1e1e6ecd
Added role misc/overlay_mount
4 years ago
Felix Stupp
bd4d97d835
dns/entries: Block uploading dns entries in check mode
...
Must explicit block because otherwise Ansible tries to lookup the local
file, which may not be created in check mode
4 years ago
Felix Stupp
1dddc0cc03
Changed data of ChaosCraft Server for DNS
4 years ago
Felix Stupp
427541311a
account: Added validate for sudoers insults config
4 years ago
Felix Stupp
dfe801631c
account: Fixed mode for sudo insults config
4 years ago
Felix Stupp
6b40c8d8aa
nfs/export: Use systemd_escape_mount instead of custom regex_replace
4 years ago
Felix Stupp
c102cf72d0
Added filter plugin systemd_escape
4 years ago
Felix Stupp
41b040aa3e
makefile: Detect also removed files for build of credentials.tar.gz
4 years ago
Felix Stupp
e93c11f0d7
Added shellcheck for script validations
4 years ago
Felix Stupp
34614b7d6a
server/linx: update: Changed installed version detection to use zero-lines
4 years ago
Felix Stupp
7d2f8d32d0
server/linx: update: Combined two comment sections
4 years ago
Felix Stupp
69172f0145
server/gitea: update: Improved shell configuration to detect errors
4 years ago
Felix Stupp
90a2a41d7c
server/gitea: update.sh: Improved usage of quotation markers
4 years ago
Felix Stupp
f8cd2a6f60
misc/ssh_tg_notify: Used [[ instead of [ for if expression
4 years ago
Felix Stupp
3bc9c9360d
common: backup_autoremove: Improved script quality
4 years ago
Felix Stupp
6c7f35075b
git_auto_update: Added check if no update is required
4 years ago
Felix Stupp
092526315c
git_auto_update: Added check for if no release tag can't be found
4 years ago
Felix Stupp
f88b36fd1e
git_auto_update: Added and used error function
4 years ago
Felix Stupp
15d80c8d43
git_auto_update: Changed message for failed reload_command
4 years ago
Felix Stupp
a7a5bf00e8
git_auto_update: update.sh: Set git reset to be quiet
4 years ago
Felix Stupp
376de41b51
git_auto_update: Allow changing remote url
4 years ago
Felix Stupp
6c1beee210
git_auto_update: update.sh: Moved set command to beginning
4 years ago
Felix Stupp
44b5fdcbb0
git_auto_update: Added support for submodules
4 years ago
Felix Stupp
58dfab8529
nginx: Tagged tasks using certificate information
4 years ago
Felix Stupp
75e0dc0d1a
misc/system_user: Added tag always to task exporting variables
4 years ago
Felix Stupp
15a6cb1ff9
acme/certificate: Renamed tag for certificate tasks
4 years ago
Felix Stupp
482200821e
acme/certificate: Defined must-staple optional for certificate
4 years ago
Felix Stupp
c66dbe42c4
acme/certificate: Use certificate_name for task name
4 years ago
Felix Stupp
6ecf4426e2
Added role misc/deb_backports
4 years ago
Felix Stupp
7638b6f86c
nginx/php-pool: Added configuration for allow_overwrite_include
4 years ago
Felix Stupp
3ab19950c4
nginx/php-pool: Fixed memory_limit default to avoid overwrite by roles before
4 years ago
Felix Stupp
ef53197925
misc/system_user: Configured allow_duplicates to true
4 years ago
Felix Stupp
8443555583
nginx/application: Changed port numbers to string
...
To avoid conversion warning of ansible
4 years ago
Felix Stupp
8dd14a365d
misc/backup_files: Replaced old usages of domain with backup_name
4 years ago
Felix Stupp
5142f48064
Update credentials
4 years ago
Felix Stupp
9462e70ea1
server/spotme: Moved service envs to extra file
...
Otherwise all users would be able to extract data using systemctl show
4 years ago
Felix Stupp
07004c3717
server/tt-rss: Moved service envs in extra file
...
Otherwise all users would be able to extract data using systemctl show
4 years ago
Felix Stupp
9e04a7b39b
server/node: Moved private envs to extra file
...
Otherwise all users would be able to extract data using systemctl show
4 years ago
Felix Stupp
15ac9de2ef
Added ips to blocklist from failed DNS query log
4 years ago
Felix Stupp
62758cac7c
mysql: Extracted mysql_socket_path into global var
4 years ago
Felix Stupp
f91ef20682
server/gitea: Fixed quoting of vars for update script
4 years ago
Felix Stupp
58749bcc43
acme/certificate: Fixed quoting of nginx_service_name
4 years ago
Felix Stupp
a9c8fd9af3
Moved var nginx_installation_directory to global vars
4 years ago
Felix Stupp
b1a93849a1
Moved var nginx_system_user to global vars
4 years ago
Felix Stupp
34b867994c
nginx/proxy: Moved directives var to defaults
...
Overwrites directives in default of following roles
4 years ago
Felix Stupp
be218e813e
node/application: Removed not neccessary register and when construct
4 years ago
Felix Stupp
6c0b47dcd5
Added symlink for filter_plugins into symlink directory
...
Also hide the symlink in VS Code
4 years ago
Felix Stupp
4f9cf49f6c
dns/handlers merged into dns/application
4 years ago
Felix Stupp
fcce444989
README: Added desciption about roles for nfs
4 years ago
Felix Stupp
38fca5e7a7
README: Added usage description
4 years ago
Felix Stupp
cf03e0520c
Added LICENSE
4 years ago
Felix Stupp
255de97175
README: server/gitea: Added hint that fail2ban is included
4 years ago
Felix Stupp
a313c943b3
README: nginx: Added description for subrole default_server
4 years ago
Felix Stupp
9ff71d88c2
README: nginx: Reordered subroles to be alphabetical correct
4 years ago
Felix Stupp
1e5d7f89ed
README: mysql/database: Added hint that backup is included
4 years ago
Felix Stupp
20e599289f
README: Added description about fail2ban roles
4 years ago
Felix Stupp
b8d157df8f
README: dns: Added subroles entries and server_entries
4 years ago
Felix Stupp
eb56bbd108
README: node: Added hint about apt repo source
4 years ago
Felix Stupp
86c5ad1eb7
README: misc/docker: Added hint about apt repo source
4 years ago
Felix Stupp
e7605aa1e1
README: dns: Added hint about apt repo source
4 years ago
Felix Stupp
e9b6f8186a
README: Described bootstrap more precise
4 years ago
Felix Stupp
cf04f7b39e
README: acme: Reflected transfer from acme.sh to certbot
4 years ago
Felix Stupp
cd9a6452cb
README: Added hint about playbook expects targets to run Debian
4 years ago
Felix Stupp
79b021f430
README: Fixed typos
4 years ago
Felix Stupp
f46e51115e
acme: Changed underlying package from acme.sh to certbot
4 years ago
Felix Stupp
2be15aa10a
domain_relative_to: Fixed missing input parameter zone
4 years ago
Felix Stupp
0f57d44bb1
acme/certificate: Renamed certificate_location to fullchain_location
4 years ago
Felix Stupp
55451f321a
acme,nginx: Reversed dependency to match real dependency
4 years ago
Felix Stupp
9ad4ada018
acme,nginx: Renamed var for validation root to acme prefix
4 years ago
Felix Stupp
d48d4885d7
Extracted admin_mail into global var
4 years ago
Felix Stupp
6dcea566d6
acme/certificate: Removed invalid --ecc parameter
4 years ago
Felix Stupp
0e49941e1a
acme/certificate: Fixed quoting for acme.sh commands
4 years ago
Felix Stupp
98b7f4744e
Extracted service_name of nginx to global var
4 years ago
Felix Stupp
9fa36a210f
acme/certificate: Changed default reload command to "reload nginx"
4 years ago
Felix Stupp
45645de557
Moved conversion from domain to username into filter with shorts table
4 years ago
Felix Stupp
c7f5382c71
gitignore: Added pycache to excluded files
4 years ago
Felix Stupp
00ef0cd61a
server/gitea: Changed default database_user to system_user
...
To be equal to other server roles
4 years ago
Felix Stupp
67308818f5
server/minecraft: Changed dns entries format to new one
4 years ago
Felix Stupp
54facac9c0
Added filter_plugins used in other roles before
4 years ago
Felix Stupp
62de7fcdb5
playbooks/dns: Used absolute domain as relative domains are not used correctly
4 years ago
Felix Stupp
829d67f0b8
nginx/static: Moved directives into var
4 years ago
Felix Stupp
08d3382528
nginx/static: Fix indention for location
4 years ago
Felix Stupp
b0cc2b8ca1
dns/master: Make backups of dynamic zone data
4 years ago
Felix Stupp
ae42f963a2
dns: Transfered master zones from makefile approach to dynamic updates approach
4 years ago
Felix Stupp
0232319ccd
dns/master: Configured dnssec-policy for automatic KASP
4 years ago
Felix Stupp
ab39f9337e
vscode: Removed python path from repository configuration
4 years ago
Felix Stupp
ae995dec67
dns/entries: Prefixed entries name with "server:"
4 years ago
Felix Stupp
3071b98f9d
Reconfigured bind session-keyalg to hmac-sha512
4 years ago
Felix Stupp
3d274d9996
dns/application: Fixed indent
4 years ago
Felix Stupp
361f02565a
playbooks/dns: Removed gather facts about other hosts before
4 years ago
Felix Stupp
93b5ba9e4b
misc/backup_files: Fixed conversion of timing data to str
4 years ago
Felix Stupp
ddc1da5c3c
misc/backup_files: Use backup_name for name of tasks
4 years ago
Felix Stupp
d1e14a9de9
misc/backup_files: Added & used variable for backup_target
...
Ensures usage of backup_name insted of domain
4 years ago
Felix Stupp
b6d9b1deb5
dns/entries: Fixed reference to var dns_zone_domain
4 years ago
Felix Stupp
82288b4862
playbooks/dns: Removed explicit mail entries
...
Should be replaced by mail roles soon
4 years ago
Felix Stupp
360172f8db
dns/master: Moved default tts var to global var
4 years ago
Felix Stupp
72ee42d539
dns/master: Allow configure default ttl
4 years ago
Felix Stupp
3008672ded
dns/master: Added section comments to zone.conf
4 years ago
Felix Stupp
a41f4c1c3f
dns/master: Adapted generate-keys to inline-signing (only gen KSK)
4 years ago
Felix Stupp
be6303576a
dns/application: Added configuration for session-key
4 years ago
Felix Stupp
49d53d0213
dns/application: Removed obsolete dnssec directives
4 years ago
Felix Stupp
0e96fcbe34
dns/application: Fixed defining role dependencies
4 years ago
Felix Stupp
99e58d4224
common: Added helper nsupdate_keygen
4 years ago
Felix Stupp
0b7e2cb923
dns/application: Changed vars in makefile to support further dest files
4 years ago
Felix Stupp
1ceb1999ff
common: Changed include_tasks to import_tasks
...
To enable static instead of dynamic imports
4 years ago
Felix Stupp
36da702163
nginx/application: Disable log for HTTPs forwarding
4 years ago
Felix Stupp
49704746ad
blocklists: Added ipv4 of known SemrushBots
4 years ago
Felix Stupp
98ff22f28a
all/vars: Adapted bind_service_name to official bind version
4 years ago
Felix Stupp
d8405a223b
server/nextcloud: Added hint for source of var redis_socket_path
4 years ago
Felix Stupp
d8421b49bb
server/gitea: Renamed var gitea_user_directory to user_directory
4 years ago
Felix Stupp
fe0a677b13
git_auto_update: Used long parameters
4 years ago
Felix Stupp
e30121cae2
git_auto_update: Improved comparism with GPG fingerprint
...
Configured grep to compare againg fixed strings, not regexp
4 years ago
Felix Stupp
f2b6e41645
git_auto_update: Fixed default reload_command to "true"
...
An empty default value would result in an error thrown.
4 years ago
Felix Stupp
818515cc05
server/gitea: Reworked logging configuration to contain (only) required information
4 years ago
Felix Stupp
49dd6e4da1
server/gitea/app.ini: Removed not required log settings
4 years ago
Felix Stupp
072ace6438
server/gitea: Configured fail2ban protection
4 years ago
Felix Stupp
d81f883e50
server/gitea: Disable colorizing logs for fail2ban
4 years ago
Felix Stupp
d630988291
Added role fail2ban/rule
4 years ago
Felix Stupp
2eaf8034f7
server/gitea: Reconfigured log to be minimal and adapted to systemd
4 years ago
Felix Stupp
85028e1dcb
fail2ban/application: Moved service_name to global var
4 years ago
Felix Stupp
239ef3124e
fail2ban/application: Moved vars to global part
...
Because paths are not user-configured but given by package/system
4 years ago
Felix Stupp
66e38ebcde
server/nextcloud: Enabled APCu cache for cron job
4 years ago
Felix Stupp
cf4a4863f4
server/nextcloud: Reformatted cron job line to meet format requirements
4 years ago
Felix Stupp
c6a9c15e14
server/nextcloud: Enabled redis cache
4 years ago
Felix Stupp
f3d7f2f8a2
Added roles for redis (application, instance)
4 years ago
Felix Stupp
b5ca1ce80f
server/nextcloud: Renamed var nextcloud_user_directory to user_directory
4 years ago
Felix Stupp
8e22085ba7
server/nextcloud: Moved "config APCu cache" to "add add. entries" with blockinfile task
4 years ago
Felix Stupp
d59f4914b6
hosts.py: Added missing json.dumps
4 years ago
Felix Stupp
d40a8cee92
server/nextcloud: Fixed changing configuration of nextcloud instance
...
- Fixes configuring APCu cache
4 years ago
Felix Stupp
5c374bc977
nginx/application: Added security relevant HTTP headers to global config
...
Duplicates removed from server/nextcloud
4 years ago
Felix Stupp
fc2a098ff2
server/nextcloud: Fixed disallowing well-known as dot file
4 years ago
Felix Stupp
7889e10385
nginx/php-pool: Fixed default disabling of status_page_path
4 years ago
Felix Stupp
788d259f85
all/vars: nginx_status_page_acl: Added public addresses of host
4 years ago
Felix Stupp
8f25d008a9
var: nginx_status_page_acl: Fixed localhost ipv4 address range
4 years ago
Felix Stupp
b7d34b28ee
nginx/php: Made name of task more descriptive
4 years ago
Felix Stupp
9d8d041241
nginx/application: Fixed typo of "unnecessary"
4 years ago
Felix Stupp
28d49be899
server/nextcloud: Added support for php-fpm status page
4 years ago
Felix Stupp
458babf82c
nginx/php: Added support for php-fpm status page
4 years ago
Felix Stupp
2a672cb597
nginx/default_server: Extracted status_page_acl var
4 years ago
Felix Stupp
ce55e33fda
nginx/php-pool: Added support for enabling status page
4 years ago
Felix Stupp
e91f9d1a81
nginx/default_server: Hide status page by answering 403 always
4 years ago
Felix Stupp
74a62e861f
Added role nginx/default_server
...
To prevent circular dependencies, role must be included manually on
required servers
4 years ago
Felix Stupp
7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP
...
Can be derived by given certificate for host
4 years ago
Felix Stupp
48588ee0dd
server/spotme: Removed not required dependencies
4 years ago
Felix Stupp
647f112c2b
nginx/server: Extracted special pre directives into configurable vars
4 years ago
Felix Stupp
11814fe236
nginx/server: Added explicit dependency to nginx/application
4 years ago
Felix Stupp
61c7f72422
nginx/server: Removed ssl on directive
...
Should no longer be used, listen + ssl marker is working as expected
4 years ago
Felix Stupp
fbca70f81f
dns/master: Create keys directory writeable for bind
...
To apply KASP later
4 years ago
Felix Stupp
d73e250b36
dns/master: Changed owner and adapted permissions of zone directory
4 years ago
Felix Stupp
22fde40ac5
dns/application: Changed bind9 source to official source
4 years ago
Felix Stupp
415b107bbc
vscode configuration: Fixed path to python3 executable for syntax check
4 years ago
Felix Stupp
a51225ccc8
dns/application: Allowed bind using AppArmor to write temporary journal files
4 years ago
Felix Stupp
3932501d54
playbooks/dns: Fixed mx records for secondary domains
4 years ago
Felix Stupp
646e6d5c75
dns: Configured service name using global variable
4 years ago
Felix Stupp
77d1e84117
dns: Fixed variable structure of var domain_environment_directory
4 years ago
Felix Stupp
be8418d546
misc/backup_files: Added variable backup_name as alternative of name by domain
4 years ago
Felix Stupp
12e47c19c9
all/vars: Added var global_log_directory
...
Added usage in role nginx/application
4 years ago
Felix Stupp
95db4cad65
nvak: Configured turnips.banananet.work
4 years ago
Felix Stupp
51404e3a3d
misc/system_user: Added output var system_user_info
4 years ago
Felix Stupp
08a37c6dab
nginx/application: Configure dhparams for SSL
4 years ago
Felix Stupp
586163c9d0
Added role misc/dhparams
4 years ago
Felix Stupp
69a0b5fd69
nvak: Added forwarding of www.banananet.work to main site
4 years ago
Felix Stupp
ab13a1272f
playbooks/group_bwcloud: Configure preserve hostname for cloud-kernel
4 years ago
Felix Stupp
6fbf62cddd
dns/application: Added zone.db.jnl files to allowed files for bind to write
4 years ago
Felix Stupp
f2e669734b
common: Readd package acl
...
Required for ansible temporary files if becoming an unprivileged user, see
https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user
This reverts commit 3c7fb65ac9
.
4 years ago
Felix Stupp
c258a5d1bb
server/minecraft: Add SRV dns entry
4 years ago
Felix Stupp
c3f85bc8e0
playbooks/dns: Removed test mail dns records
...
can be added by specific mail roles
4 years ago
Felix Stupp
8c0e34729a
playbooks/dns: Add main server addresses now using dns/server_entries
4 years ago
Felix Stupp
55b27c041b
dns: Extracted role entries from server_entries
4 years ago
Felix Stupp
39771c907f
dns/server_entries: Renamed var all_entries to entries
4 years ago
Felix Stupp
f2b4540f1f
playbooks/dns: Removed manual configured dns entries for servers
...
Not required due to automatic configuration by role dns/server_entries
4 years ago
Felix Stupp
9d23e12a16
dns/master: Now considered vars for nameserver and mail to be absolute
...
Meaning the var itself must not have a dot at the end of the name,
but an usage of the variable may need to append a dot.
4 years ago
Felix Stupp
40c6a3ab0f
dns/server_entries: Allow duplicate execution of role
4 years ago
Felix Stupp
1958c4df54
dns: Renamed role entries to server_entries
...
To distinguish between simple entries role (coming in the future) and
entries role bundled with server-related entries (A, AAAA, SSHFP)
4 years ago
Felix Stupp
08fafbf98f
dns/entries: Fixed SYNC comment to role dns/master
4 years ago
Felix Stupp
a4ec44c9e4
playbooks/dns: Removed non-existent ns2 from nameserver list
4 years ago
Felix Stupp
cf2529bf05
playbooks/dns: Fixed typo "resposible" to "responsible"
4 years ago
Felix Stupp
891ec640c7
playbooks: Changed repo urls to https if project is public
4 years ago
Felix Stupp
9121fd2c37
server/tt-rss: Moved repo clone method to standardized release tags
4 years ago
Felix Stupp
debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
...
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
4 years ago
Felix Stupp
cca87f6425
nginx/php: Changed global include to root include
...
root snippet is there for file based servers, including php
4 years ago
Felix Stupp
f2c92e94e2
nginx: Moved index directive from root snippet to specific static role
4 years ago
Felix Stupp
dd48448828
nginx/php: Removed debian-specific index file from config
4 years ago
Felix Stupp
58955871ad
nginx/application: Removed specfic exclusion of htaccess files
...
Because dot files are already blocked in general
4 years ago
Felix Stupp
9394b66f47
wireguard/application: Added sorting of peer files before combining
4 years ago
Felix Stupp
e09fb25104
Added role misc/dnsmasq as dnssec resolver
4 years ago
Felix Stupp
fbf20622b0
Added group contabo_vserver
4 years ago
Felix Stupp
2158b2717d
dns/master: Added support for dname to root zone
4 years ago
Felix Stupp
0b388a7e9a
git_auto_update: Added brackets for less ambiguity
4 years ago
Felix Stupp
9a8996d69e
git_auto_update: Increased check options for update script
4 years ago
Felix Stupp
2515ab82db
roles/nfs: Improved var usages
...
- Extracted global_nfs_directory from default root_directory
- Added usage of export_path
4 years ago
Felix Stupp
666f463b46
Added global_vars already used
4 years ago
Felix Stupp
04c71a8611
common: ssh makefile: Sort part files before combining
4 years ago
Felix Stupp
d09b7ea8c3
mysql: Configure mysql_user and mysql_password
4 years ago
Felix Stupp
164cdbbc79
common: Tagged ip blocklist for easier skipping
4 years ago
Felix Stupp
b3fac3587f
Removed ecdsa as accepted ssh host key
4 years ago
Felix Stupp
187f573d4f
common: Added pv to required common packages
4 years ago
Felix Stupp
424b85eec8
mysql/database: Added database_template function
4 years ago
Felix Stupp
c6309b92ad
mysql/database: Documented database_user as required var
4 years ago
Felix Stupp
a3eb7778a8
server/nextcloud: Add packages for SMB access
4 years ago
Felix Stupp
f8e3f50e57
nvak wg.banananet.work: Added app side_menu
4 years ago
Felix Stupp
85edad4123
nvak nextclouds: Replaced apps files_markdown/files_readmemd with text
4 years ago
Felix Stupp
d07b72482c
nvak nextclouds: Added app settings from core
4 years ago
Felix Stupp
e437d35490
nvak nextclouds: Disable app spreed due to unused
4 years ago
Felix Stupp
91404feeae
nvak cloud.banananet.work: Remove app social due to deprecation
4 years ago
Felix Stupp
f85f713b8f
nvak nextclouds: Remove app sharerenamer due to deprecation
4 years ago
Felix Stupp
b17643bd4d
nvak nextclouds: Removed app files_ebookreader due to deprecation
4 years ago
Felix Stupp
9d130ea11a
nvak cloud.banananet.work: Remove app ransomware_detection
4 years ago
Felix Stupp
e5e41f11d6
nvak cloud.banananet.work: Disable app dicomviewer
4 years ago
Felix Stupp
1ccd35c3de
nvak nextclouds: Rename of app gallery to photos
4 years ago
Felix Stupp
2a161ca509
acme/certificate: Ensure dns entry is given by depending on role dns/entries
4 years ago
Felix Stupp
5a41a9afc9
acme/certificate: Document var domain as required
4 years ago
Felix Stupp
b3620fa3c8
dns/application: makefile combine: Sort files before combining
...
Ensures 0_main.db is before other files
4 years ago
Felix Stupp
979abba1aa
Added role dns/entries for configuring dns entries
4 years ago
Felix Stupp
eff48f1773
Changed approach for generating sshfp RR to lookup on python script
4 years ago
Felix Stupp
748999d36d
dns: Moved var zones_environment_directory to global vars
4 years ago
Felix Stupp
f8c01d46f6
dns/master: Fix permissions for dns env dir
4 years ago
Felix Stupp
bf00dcb6dd
dns/application: Moved var configuration_directory to global vars
4 years ago
Felix Stupp
eb632a8f2c
dns/master: Store mapping of domain to host in public_keys
4 years ago
Felix Stupp
499e48c208
site: Extracted playbook local.yml
4 years ago
Felix Stupp
7b2d1f90a6
all vars: Added separating space before ssh public_keys directories
4 years ago
Felix Stupp
5e139bc638
public_keys: Allow scripts in gitignore for usage in Ansible
4 years ago
Felix Stupp
9cac16e5af
public_keys: Added README
4 years ago
Felix Stupp
02fe2cfbc6
gitignore: Allow README files in fact directories
4 years ago
Felix Stupp
592bb483cf
common: Used variable global_ssh_key_directory for public_keys path
4 years ago
Felix Stupp
c58223c21b
server/gitea: Disable logging of SQL requests
4 years ago
Felix Stupp
3b33ff4c0c
fail2ban/application: Set file permissions for sshd.local config
4 years ago
Felix Stupp
2526033405
fail2ban/application: Send log messages to journald
4 years ago
Felix Stupp
55db427c95
blocklists/ipv4: Added North Korean IP subnets
4 years ago
Felix Stupp
8c69ef1611
blocklists/append_ipv4: Added support for ips with CIDR notation
4 years ago
Felix Stupp
0043d6255a
nginx/application global.conf: Added comment to excluding hidden files
4 years ago
Felix Stupp
025f77736a
dns: Changed approach for DNSSEC signing to inline-signing
...
- Moved keys into own directory
- Replaced makefile per zone by makefile for all zones
- Only combining of zone files and setting serial number
- signing now made by bind
- Added AppArmor profile extension for creating dynamic zone files
4 years ago
Felix Stupp
274f658016
nginx/php-pool: Fixed permissions for other
4 years ago
Felix Stupp
e85ad8fed3
dns: Fixed applying permissions to directories
4 years ago
Felix Stupp
c89ec27f6d
dns/master: Changed TODO for "Copy public key" to "Copy ZSK"
...
Only required and beneficial for ZSK
4 years ago
Felix Stupp
905a887b80
dns: Renamed zones_configuration_environment_ to zones_environment
4 years ago
Felix Stupp
7e2813928e
dns: Renamed variables, removed prefix dns_ on not essential variable names
4 years ago
Felix Stupp
4e6df015f5
Added roles nfs/server and nfs/export
4 years ago
Felix Stupp
24ab62d6a0
acme/application: Fixed usage of YAML multiline for "Upgrade acme.sh"
4 years ago
Felix Stupp
a03a335430
account: Added bmon to tools list
4 years ago
Felix Stupp
a576893776
misc/docker: Install docker-compose bindings for python3
4 years ago
Felix Stupp
b600f678ca
misc/docker: Install python3 docker bindings using package manager
4 years ago
Felix Stupp
6ce23c8a64
group os_debian: Force python3 interpreter to be used
4 years ago
Felix Stupp
8758553a02
common: Install explicit python3 interpreter
4 years ago
Felix Stupp
2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
...
To allow Ansible to validate the main config if placed on different
locations
4 years ago
Felix Stupp
ff7275cb60
server/{linx,spotme}: Removed default bind_port
4 years ago
Felix Stupp
4a186854cf
server/node: Renamed variable app_port to bind_port
4 years ago
Felix Stupp
f6c1aff55a
server/spotme: Renamed variable spotme_port to bind_port
4 years ago
Felix Stupp
7e0df4abc5
Added variable local_user for user running playbook
...
Useful if tasks store data on the local machine
4 years ago
Felix Stupp
192a9c8b86
cloud.banananet.work: Removed preconfiguring admin password
4 years ago
Felix Stupp
9d50f84321
server/firefox-sync: Changed remote repo url back to official repo
4 years ago
Felix Stupp
90bf46bde6
global vars: Added var for username "zocker"
4 years ago
Felix Stupp
373f59e7a4
misc/blocklist/ipv4: Expanded by new ips
4 years ago
Felix Stupp
b74029ec7b
site: Added fail2ban/application as default role for all hosts
4 years ago
Felix Stupp
f91f2bc325
Added role fail2ban/application
4 years ago
Felix Stupp
c110a24e9f
common: sshd: Disable weak key algorithms
4 years ago
Felix Stupp
505c85eb11
common: Disable root login over ssh
4 years ago
Felix Stupp
651794a136
common: sshd: Disable X11 Forwarding globally
4 years ago
Felix Stupp
baace3ce16
misc/handlers: Changed "restart ssh" to "reload ssh"
4 years ago
Felix Stupp
025d8a3256
Added role misc/ssh_tg_notify
...
- Added role to common site
- Added variables required to global vars and vault
4 years ago
Felix Stupp
69b884ad3f
bootstrap: Configure ssh key used to connect on new user
4 years ago
Felix Stupp
f610812fc7
bootstrap: Ensure user has .ssh/authorized_keys before trying to copy
4 years ago
Felix Stupp
096554f37b
mqtt/user: Fixed usage of var user (before username)
4 years ago
Felix Stupp
fe393bd246
mqtt/application: Enforce sort part files before combining for acl and auth
4 years ago
Felix Stupp
1a608ce172
mqtt/application: Remove config use_username_as_clientid
...
Seems to block users with different username and clientid
4 years ago
Felix Stupp
e18f7f32e0
mqtt/application: Add paths for acl and auth files to config
4 years ago
Felix Stupp
46e932049e
mqtt/application: Allow root to read SYS topics
4 years ago
Felix Stupp
b6de0c1a4d
mqtt/application: Fix usage of variable configuration_directory
4 years ago
Felix Stupp
cf632d1a56
mqtt: Ensure create auth files before writing using mosquitto_passwd
...
Fixes error on calling tool if file does not exist
4 years ago
Felix Stupp
4b6cef5c10
mqtt/application: Notify handlers on change to makefile
4 years ago
Felix Stupp
82c7666ae8
mqtt/application: Fix port for mosquitto server
4 years ago
Felix Stupp
81dab362a6
misc/docker: Do not install recommended packages to fix issue on raspberry
4 years ago
Felix Stupp
35b790978f
playbooks/dns: Changed minecraft wg addresses to Nitrado Game Server
4 years ago
Felix Stupp
b052d1f18c
ansible.cfg: Changed type of python detection
...
To prevent further warnings cause of coming, may breaking changes
4 years ago
Felix Stupp
d455d62dbf
Added script for appending ips to blocklist
4 years ago
Felix Stupp
81364e9bfe
Extracted blocklist to own file and added ips
4 years ago
Felix Stupp
8b340912b1
Added known ips to blocklist
4 years ago
Felix Stupp
fcae6e8429
Added blocklist of known malicious ip addresses applied by role common
4 years ago
Felix Stupp
f2c9b17194
Moved packages only required for admin account from role common to role account
4 years ago
Felix Stupp
25df92ee7b
common: Removed package buffer
...
Replaced by pv integrated buffering
which supports greater limits.
4 years ago
Felix Stupp
e68c6ffe50
common: Added todo / comment to (transition) package apt-transport-https
4 years ago
Felix Stupp
3c7fb65ac9
common: Removed package acl
...
Not installable on Raspbian and also not used on any Debian system
4 years ago
Felix Stupp
9e8d1b5220
common: Fix applying sources.list for different distributions
4 years ago
Felix Stupp
b3f05edb6f
account: Added exa to packages
4 years ago
Felix Stupp
8ebe8aecfb
nginx/application: Hide server tokens per default
4 years ago
Felix Stupp
69dfba9911
mqtt/application: Added linking of configuration directory to environment
4 years ago
Felix Stupp
18832f4eb0
mqtt/application: Fixed names of variables admin_{user,pass}
4 years ago
Felix Stupp
9dc203621e
mqtt: Fixed wording 'notifiy' to 'notify'
4 years ago
Felix Stupp
5f031fcd63
Subdirectories of playbook replaced by file prefixes
4 years ago
Felix Stupp
295c6831bd
site: Added comments
4 years ago
Felix Stupp
cc62f7617f
Added group configurataion for os_raspbian
4 years ago
Felix Stupp
3d5e2f0e9d
site: Moved host-specific configurations to special files
4 years ago
Felix Stupp
754adc8cb2
site: Removed test tag
4 years ago
Felix Stupp
7d0c6be8ee
site: Added import for group os_raspbian configuration
4 years ago
Felix Stupp
4738ee7140
playbooks: Moved group-specific plays in special directory
4 years ago
Felix Stupp
0b69a41ebc
Added roles mqtt/application and mqtt/user
4 years ago
Felix Stupp
7c57dc4325
site: nvak: Removed minecraft server
4 years ago
Felix Stupp
ab1a067cff
dns/master: Added flush_handlers before role ends
4 years ago
Felix Stupp
371b1d5751
dns/application: Fixed permissions for zone databases directories
4 years ago
Felix Stupp
64576c8ff5
dns/master: zone.makefile: Added cd to key signing
4 years ago
Felix Stupp
ab61090340
dns/master: zone.makefile: Added check for directories not equal
4 years ago
Felix Stupp
bb8a2759ec
dns/master: zone.makefile: Changed usage of var dest
4 years ago
Felix Stupp
d052a08f0d
dns/master: zone.makefile: Fixed format
4 years ago
Felix Stupp
ebbacdce0c
dns/master: Added dependency to role dns/master_handlers
4 years ago
Felix Stupp
73c9a72590
dns: Fixed usages of var dns_zones_configuration_environment_directory
4 years ago
Felix Stupp
0662df1ca5
dns/master: Let serial number configured by dnssec-signzone
4 years ago
Felix Stupp
d8f1b36ee1
dns/master: Moved building of zone files to makefile
4 years ago
Felix Stupp
208e277e79
Added role dns/master_handlers for makefile handler
4 years ago
Felix Stupp
d7991e0bbb
dns/master: Added configuring configuration environment
4 years ago
Felix Stupp
5627a36949
dns/master: Extracted database_signed_file_name of database_signed_file
4 years ago
Felix Stupp
a206642f77
dns/master: Extracted database_file_name of database_file
4 years ago
Felix Stupp
36bf7f9d18
dns/master: Declared var domain to be required
4 years ago
Felix Stupp
141d343d6d
Extracted dns/handlers out of dns/applications
4 years ago
Felix Stupp
8e95846002
dns/master: Added create zone environment directory
4 years ago
Felix Stupp
de2bfe430c
dns/master: Rewrite create zone directories using loop
4 years ago
Felix Stupp
065050d5c2
dns/application: Added zone configuration environment directory
4 years ago
Felix Stupp
479430a9e9
dns/application: Reconfigured creating zone directories using loop
4 years ago
Felix Stupp
19b5fb3f9e
dns/application: Configured directory permissions for zones directory
4 years ago
Felix Stupp
8aacd27f31
dns/application: Configured group owner for bind main configuration
4 years ago
Felix Stupp
026e57dd2c
vars: global_wireguard_env: Use var for reference to all global configuration environments
4 years ago
Felix Stupp
6dbd1057c3
vars: global_ssh_env: Use var for reference to all global configuration environments
4 years ago
Felix Stupp
f7ac9a950c
vars: Added global_configuration_environment_directory
4 years ago
Felix Stupp
9ccc905ae9
vars: Extracted var global_deployment_directory
4 years ago
Felix Stupp
c73731c406
Renamed zone khitomer to eridon
4 years ago
Felix Stupp
2bd7980846
hosts: Added newlines for readability
4 years ago
Felix Stupp
c8dc602f09
account: Configure sudo insults
4 years ago
Felix Stupp
ff3d6cba8e
Added group os_raspbian
4 years ago
Felix Stupp
78032d343f
common: Made sources.list dependent of distribution
4 years ago
Felix Stupp
37e4b15e3e
Added group os_debian
...
Moved specific variables into group specific file
4 years ago
Felix Stupp
7b797dc8a5
Rewrote hosts file to tag-based structure
4 years ago
Felix Stupp
5555c86357
server/gitea: Reworked configuration with defaults
4 years ago
Felix Stupp
a9798fedc8
server/gitea: Fixed output of wget in update script
4 years ago
Felix Stupp
e9db3d7d56
misc/backup: Secured shell commands for file backups
4 years ago
Felix Stupp
f90056bf76
mc.wg.bananet.work: Configured motd to "ChaosCraft"
4 years ago
Felix Stupp
fd8641e7df
Increased version of Minecraft Server to 1.15.2
4 years ago
Felix Stupp
a150266548
server/minecraft: Enabled auto backup
4 years ago
Felix Stupp
6dd5c75e67
misc/backup_files: Added support for commands executed before / after backup
4 years ago
Felix Stupp
3fb273aaae
server/minecraft: Fixed downloading Minecraft Server version
4 years ago
Felix Stupp
e0342a6bba
server/linx: Added helper script for uploading files to the service
4 years ago
Felix Stupp
574e9949b7
wg.banananet.work: Add ransomware protection
4 years ago
Felix Stupp
c835bb825c
cloud.banananet.work: Added ransomware protection
4 years ago
Felix Stupp
3737a2ad10
server/nextcloud: Added apps against ransomware to default
4 years ago
Felix Stupp
e24613d02c
acme/application: Added installing helper scripts for managing
4 years ago
Felix Stupp
cd0d602403
Moved SpotMe to new domain spotme.banananet.work
...
Due to lost of domain spotme.fun
4 years ago
Felix Stupp
e2b7778c8b
nginx/application: Changed Referrer-Policy to strict-origin
...
For better enforcing of secure handling of referrer information
4 years ago
Felix Stupp
54a8ad0d86
server/nextcloud: Removed doubled referrer-policy
...
Referrer-Policy already configured by global configuration
4 years ago
Felix Stupp
6c9b3d3a40
Updated credentials
...
- Added linx server
- Commited older, undocumentated changes
4 years ago
Felix Stupp
1855deb351
nginx/server: Documentated required variables
4 years ago
Felix Stupp
8621cabe3c
Configured drop.banananet.work as linx server on nvak
4 years ago
Felix Stupp
bc8233990f
common: Scheduled removal of old backups at 0:30
...
So for the most time two states are stored on the server.
The storage which will stay free can be better used to calculate the
storage which can still be used by dividing the free storage by 3.
4 years ago
Felix Stupp
ff054f4a04
Added role server/linx
4 years ago
Felix Stupp
8b75c49917
nginx/proxy: Made dependent on nginx/server and allowed additional directives
4 years ago
Felix Stupp
92b98dd3fe
server/gitea: Allow duplicate execution of role for multiple servers
4 years ago
Felix Stupp
79cf87663e
server/minecraft: Removed comment "for naming" of minecraft_version
...
As the minecraft_version now indicates the to get installed version
4 years ago
Felix Stupp
d0907975ad
server/minecraft: Allow query requests in minecraft server
4 years ago
Felix Stupp
a65ba1ec64
server/minecraft: Allow query requests through firewall
4 years ago
Felix Stupp
7fad2a89be
server/minecraft: Allow configure of query port
4 years ago
Felix Stupp
adbfd8dff0
server/minecraft: Added comment to firewall rule for server
4 years ago
Felix Stupp
ffd1ff826e
server/minecraft: Fix query port to default minecraft port
4 years ago
Felix Stupp
dd86bec08b
server/minecraft: Allow configure motd
4 years ago
Felix Stupp
d37c1c58bb
misc/backup_files: Allow multiple file backups (bugfix)
4 years ago
Felix Stupp
ecd0eb1eaa
mysql/backup_database: Allow multiple databases backups (bugfix)
4 years ago
Felix Stupp
3f64b70b04
server/minecraft: Optimized JVM execution
4 years ago
Felix Stupp
f3db11cdfe
server/minecraft: Increased priority of service (nice decreased to 2)
4 years ago
Felix Stupp
295554e947
server/minecraft: Allow configuring view distance
4 years ago
Felix Stupp
fea798b83c
server/minecraft: Decreased view distance to 10
4 years ago
Felix Stupp
46889a6e04
server/minecraft/launch: Configured JVM to server mode
5 years ago
Felix Stupp
fc39db2a48
server/minecraft: Added loop_control to complex loops
5 years ago
Felix Stupp
3912baef87
server/minecraft: Added handler for restart if service controlling scripts where changed
5 years ago
Felix Stupp
9d177c783d
server/minecraft: Split service controlling scripts and server controlling scripts
5 years ago
Felix Stupp
9dbd811fdb
server/minecraft/apparmor: Allowed access for checking player logins
5 years ago
Felix Stupp
a4db0c47a2
server/minecraft/launch: Split scipt line into line per argument
5 years ago
Felix Stupp
f8a8f62911
server/minecraft/service: Added sending warning to players about restart
5 years ago
Felix Stupp
895989ec4b
server/minecraft/service: Allowed installation of service
5 years ago
Felix Stupp
08dd7ccc26
server/minecraft: Combined default start_ram and max_ram to ram
5 years ago
Felix Stupp
75d45b724a
server/minecraft: Moved apparmor profile to AA's default location
5 years ago
Felix Stupp
79833e52ca
server/minecraft/apparmor: Used variables for java path replacing version and architecture
5 years ago
Felix Stupp
16fc6bd1f0
server/minecraft/apparmor: Used variables instead of fixed paths
5 years ago
Felix Stupp
5e1e4e6b0a
server/minecraft/apparmor: Fixed access to data directory
5 years ago
Felix Stupp
443de0c28b
server/minecraft/apparmor: Replaced wildcard with pid of protected process
5 years ago
Felix Stupp
f67d2e7414
server/minecraft/apparmor: Reorded /proc directives
5 years ago
Felix Stupp
4fc8a4888c
Updated credentials
5 years ago
Felix Stupp
a883f2102d
Added forwarding of www.spotme.fun => spotme.fun
5 years ago
Felix Stupp
f3e0ba9e9a
Reenabled spot me server
5 years ago
Felix Stupp
a4535893a2
mysql/backup_database: Fixed creating correct directory
5 years ago
Felix Stupp
e62a3c7232
common: backup_autoremove: force rm
...
so no error occurs because no parameter was given
5 years ago
Felix Stupp
00fa7852e1
common: backup_autoremove: Fix call find
5 years ago
Felix Stupp
102de98479
common: Configured auto remove of backups
5 years ago
Felix Stupp
32957fc899
Removed files_texteditor from nextclouds
5 years ago
Felix Stupp
8623d84b01
common: Ordered backup_files before backup_mysql_database
5 years ago
Felix Stupp
fce052c32b
common: backup_rename: Fixed getting multiple extensions
5 years ago
Felix Stupp
10ef319008
Moved mysql database backups into certain directory
5 years ago
Felix Stupp
4be0e9377f
Moved file backups into certain directories
5 years ago
Felix Stupp
c959db1d3f
common: backup_mysql_database: Adapted script to structure of backup_files
5 years ago
Felix Stupp
63e0a85dc0
common: backup_files: Rename backups to just date.ext
5 years ago
Felix Stupp
07706a1119
common: backup_rename: Surrounded variable contents with quotation marks
5 years ago
Felix Stupp
155d73983b
README: Added description for mysql/backup_database
5 years ago
Felix Stupp
bee56beb25
README: Added description for misc/docker
5 years ago
Felix Stupp
187123d780
README: Added description for backup_files
5 years ago
Felix Stupp
a4b47021c3
Replaced shebangs using /usr/bin/env
5 years ago
Felix Stupp
d66a4b5b24
mysql/backup_database: Removed TODO for special user
...
Is not good adaptable in current structure
5 years ago
Felix Stupp
cbb4b5eb79
mysql/backup_database: Create separate script containing backup command
5 years ago
Felix Stupp
fa16579311
misc/backup_files: Create separate script containing backup command
5 years ago
Felix Stupp
c69795eae5
vars: Removed not required variable global_ip_discover_server_name
5 years ago
Felix Stupp
1aa0d88110
Moved database backups into mysql specific directory
5 years ago
Felix Stupp
e6cbc59571
common: Added create backup scripts directories
5 years ago
Felix Stupp
5b253fd6b6
common: Generalized creating directories for scripts
5 years ago
Felix Stupp
8303d0126e
Extracted role misc/backup_files from server/{gitea,nextcloud}
5 years ago
Felix Stupp
83e249e73c
server/gitea: Removed already done TODO
5 years ago
Felix Stupp
5443259453
mysql/backup_database: Renamed cron job
5 years ago
Felix Stupp
94ee600180
common: backup_files: Fixed packing tar
5 years ago
Felix Stupp
99c4c21cad
Reordered backups_files_directory above backups_mysql_database_directory
5 years ago
Felix Stupp
4874bc2bbd
Renamed global variable backups_databases_directory to backups_mysql_database_directory
...
In order to specify and separate backups of different database services
5 years ago
Felix Stupp
fdb08f1eaf
Extracted role mysql/backup_database from mysql/database
5 years ago
Felix Stupp
73f1db7961
Specified backup_database to backup_mysql_database
5 years ago
Felix Stupp
e8503c41a4
common: Replaced buffer with pv as buffer
...
Also increased buffer size to 256M
5 years ago
Felix Stupp
4c9a2a8eb7
common: Reformated commands
5 years ago
Felix Stupp
f7acb01ada
hardie: Corrected wireguard ip
5 years ago
Felix Stupp
12357b1f5f
README: Added docu for existing roles
5 years ago
Felix Stupp
db903cf3d0
site: Fixed setting minecraft port from global variable
5 years ago
Felix Stupp
0c29a40981
site: Configured wg minecraft server on nvak
5 years ago
Felix Stupp
9b80b89f27
server/minecraft: Configured rcon port automatically using server port
5 years ago
Felix Stupp
8f35931033
server/minecraft: Configured apparmor profile
5 years ago
Felix Stupp
b3648c9362
server/minecraft: systemd uses launch script for starting service
5 years ago
Felix Stupp
8643456bd9
server/minecraft: Added launch script
5 years ago
Felix Stupp
f5bd293d83
server/minecraft: generalized configuring scripts
5 years ago
Felix Stupp
ad24eed923
server/minecraft: systemd waits until server exited
5 years ago
Felix Stupp
898a30789a
server/minecraft: Allowed global defining of java version
5 years ago
Felix Stupp
37f93d9471
server/minecraft: Allowed auto detecting link for downloading server version
5 years ago
Felix Stupp
82db6cb8fd
Added role server/minecraft
5 years ago
Felix Stupp
ae7361f4c6
server/gitea: update_gitea: Fixed getting newest version
5 years ago
Felix Stupp
cf15eff4f4
server/gitea: update_gitea expanded arguments for readability
5 years ago
Felix Stupp
5a392cd5d0
Added special configuration for bwcloud nodes
5 years ago
Felix Stupp
b132bb7dd9
Disabled cookbook on cloud.banananet.work
5 years ago
Felix Stupp
fb0c1f0901
Changed "ansible_fqdn" to "inventory_hostname"
...
Due to some hosts misconfigure fqdn themselves
5 years ago
Felix Stupp
574b07f2f4
misc/deb_unstable: Allow configuring priority for unstable repository
5 years ago
Felix Stupp
429833c457
account: ignore_errors on configuring authorized_keys
...
Depends on server itself, so this should be optional
5 years ago
Felix Stupp
3547927d5a
acme/certificate: Added support for custom reload cmd
5 years ago
Felix Stupp
46bb166475
server/gitea: Use scp-style uri for ssh cloning
5 years ago
Felix Stupp
431f15b91f
server/gitea: Allow interacting via HTTP
5 years ago
Felix Stupp
67deed23a0
server/nextcloud: Remove become_user at include_tasks
...
Raised error
5 years ago
Felix Stupp
b62b280b57
Disable keys server at nvak
5 years ago
Felix Stupp
665b6710aa
git_auto_update: Fixed check if reload was successful
5 years ago
Felix Stupp
4445a53b28
git_auto_update: Allowed omiting of sign check
5 years ago
Felix Stupp
c31f3c2f50
git_auto_update: update.sh: Fixed quoting of used variables
5 years ago
Felix Stupp
df5aba9aab
hosts: Added wireguard_backbones group
5 years ago
Felix Stupp
768cb0cfb4
Reworked wireguard configurations
5 years ago
Felix Stupp
1d7840422f
Configured wireguard ip addresses for hosts
5 years ago
Felix Stupp
70e92b8c94
Merge branch 'master' of git.banananet.work:banananetwork/ansible
5 years ago
Felix Stupp
29c2c2406f
vscode: Restricted excluding of links in playbooks dir
5 years ago
Felix Stupp
a60638f5ad
vscode: Hide links in playbooks dir in file explorer
5 years ago
Felix Stupp
a667132cb4
server/nextcloud: Applied security patch
...
CVE-2019-11043
see https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
5 years ago
Felix Stupp
b6bea17d48
playbooks/dns: Enabled gathering of facts
...
For running standalone
5 years ago
Felix Stupp
69a82c2397
playbooks/dns: Restricted gathering of ssh keys to public systems
5 years ago
Felix Stupp
cdcd9e38de
Extracted playbooks/dns from main playbook
...
Containing configuration of dns systems
5 years ago
Felix Stupp
9c63c8516b
nginx/application: Disabled SSL Session Tickets
5 years ago
Felix Stupp
409ea327f0
nginx/application: Increased ssl_cache timeout
5 years ago
Felix Stupp
e0b48597e7
Added symlinks to playbook dir
...
To enable executing of a single play
5 years ago
Felix Stupp
94f1463a87
mysql/application: Fixed configuring query cache
...
- Added notify
- Changed path of config file
5 years ago
Felix Stupp
1e903cb5b1
nvak.banananet.work: Configured mysql_query_cache
5 years ago
Felix Stupp
e76d90a4f5
server/nextcloud: Added support for APCu cache
5 years ago
Felix Stupp
4c463055b4
server/nextcloud: Restricted regexp modifing nextcloud config
5 years ago
Felix Stupp
b9f060a0ce
nginx/php-fpm: Added installation of apcu cache
5 years ago
Felix Stupp
7df2668208
nginx/php-fpm: Increased size of opcache memory consumption to 256
5 years ago
Felix Stupp
b7fe1827e0
Moved bootstrap_user config from hosts to group bwcloud_vserver
5 years ago
Felix Stupp
07f80158cf
Configured mysql query cache size for bwcloud instances
5 years ago
Felix Stupp
41a41c91fb
mysql/application: Added config for query cache
5 years ago
Felix Stupp
d6ec22e25d
Added group bwcloud_vserver for hosts
5 years ago
Felix Stupp
0f4508acec
site.yml: Added ip_discover to hardie
5 years ago
Felix Stupp
002128686d
server/tt-rss: Configured database to use UTF8MB4
5 years ago
Felix Stupp
6e65a905d4
site.yml: Updated list of apps for wg cloud
5 years ago
Felix Stupp
e96648eda3
site.yml: Added list of apps to cloud configuration
5 years ago
Felix Stupp
206c940d16
nginx/php-pool: Tuned up childs at php
5 years ago
Felix Stupp
a592e7f9c2
misc/debian_unstable: Added flush of handlers for refreshing apt cache
5 years ago
Felix Stupp
670833242a
misc/deb_unstable: Make mirror adaptive to server selection
5 years ago
Felix Stupp
4f96cd56c3
vscode: Exclude links in /playbooks from search
5 years ago
Felix Stupp
174ecd2e6d
vscode: Removed deprecated configuration
5 years ago
Felix Stupp
4a188a9e67
host/hardie: Changed address and mirror
5 years ago
Felix Stupp
68a0680cb6
misc/ip_discover: Fixed name for credentials directory
5 years ago
Felix Stupp
e118c42af2
Refreshed credentials
5 years ago
Felix Stupp
dbb4bff711
site: Configured register pass for keys server
5 years ago
Felix Stupp
1f26debcf2
server/node: Added support for specific environment variables
5 years ago
Felix Stupp
34da73722c
Added role ip_discover
5 years ago
Felix Stupp
177781cc44
Moved wireguard play into special playbook
...
Added import in main playbook
5 years ago
Felix Stupp
8b1d9ea65d
misc/docker: Disallowed duplicate execution of role
5 years ago
Felix Stupp
d165074600
wireguard/application: Removed updating apt cache
5 years ago
Felix Stupp
c73872df3a
misc/deb_unstable: Added updating of apt cache using handler
5 years ago
Felix Stupp
283e450c16
misc/handlers: Added handler "update apt cache"
5 years ago
Felix Stupp
2b83cec66c
Moved keys server to rurapenthe
5 years ago
Felix Stupp
caf70f632e
server/node: Added missing handlers dependency
5 years ago
Felix Stupp
fc897ea3b9
nginx/application: Fixed configuring resolver for OCSP Stapling
5 years ago
Felix Stupp
71945523fa
Added role misc/docker
5 years ago
Felix Stupp
dae5abed61
Added playbook to store facts of hosts
5 years ago
Felix Stupp
e011804360
Added credentials
5 years ago
Felix Stupp
e854aed62a
makefile: Added rules for load/store credentials
5 years ago
Felix Stupp
e24f0f5f29
gitignore: Added facts directory
5 years ago
Felix Stupp
71e1b4a17c
common: Added custom fact for dpkg architecture
5 years ago
Felix Stupp
3b86e1f5a6
server/nextcloud: Removed app tasks from nextcloud
5 years ago
Felix Stupp
42aa74844c
WG Nextcloud: Removed app task
5 years ago
Felix Stupp
4903390e7a
WG Nextcloud: Removed app social
5 years ago
Felix Stupp
4b2cedb5c6
WG Nextcloud: Added encryption
5 years ago
Felix Stupp
cf497870b7
Added nextcloud instance for WG
5 years ago
Felix Stupp
76a6086786
site: Declared legacy configuration keys
5 years ago
Felix Stupp
1ff4239472
dns: Store only public available server addresses
5 years ago
Felix Stupp
31d0d29cda
Removed rurapenthe as dns2 server
5 years ago
Felix Stupp
d0186923b2
server/spotme: Changed default system user to domain
5 years ago
Felix Stupp
e4066f764a
server/nextcloud: Fixed location of admin credential
5 years ago
Felix Stupp
d736b5714d
server/nextcloud: Changed default system user to domain
5 years ago
Felix Stupp
76fd5471e3
server/gitea: Fixed default tokens location
5 years ago
Felix Stupp
3804c7d138
server/gitea: Changed default system user to domain name
5 years ago
Felix Stupp
03884cbf3e
nginx/server: Allowed duplicates of role
5 years ago
Felix Stupp
edf455bf66
nginx/application: Allowed dot files uploads by Nextcloud
5 years ago
Felix Stupp
9a129a7f2f
bootstrap: Added disconnect before removing privileged user
5 years ago
Felix Stupp
ffd3563dbb
Changed conf for morska / rurapenthe
5 years ago
Felix Stupp
3324461e65
account: Added config for authorized_keys
5 years ago
Felix Stupp
afc80db48a
common: backup_files.sh: Disable compression of gpg
5 years ago
Felix Stupp
016aeaa661
site: Added tt-rss server
5 years ago
Felix Stupp
2bd16aa377
Added role server/tt-rss
5 years ago
Felix Stupp
13d725c964
ansible.cfg: Enabled force_handlers
5 years ago
Felix Stupp
c21ee11c66
nginx/application: Blocked all hidden directories except well-known
5 years ago
Felix Stupp
502606b1e3
nginx/application: Set type to text for test file
5 years ago
Felix Stupp
57e422b478
nginx/application: Disabled access_log on acme requests
5 years ago
Felix Stupp
ba83686562
site: Removed configuration of quvat
5 years ago
Felix Stupp
5d4ccf1bc3
site: Enabled forumderschan.de
5 years ago
Felix Stupp
efc6431640
Added role server/php
5 years ago
Felix Stupp
8e28bcb0ec
Added role nginx/php
5 years ago
Felix Stupp
5dad519f90
site: Disabled dsa page
5 years ago
Felix Stupp
72e7857570
nginx/php-pool: Locked reading of php-pool configurations
5 years ago
Felix Stupp
3414e3fd85
nginx/php-pool: Changed group of src directory to nginx user
5 years ago
Felix Stupp
4f1fdf72c7
nginx/php-pool: Added support for env variables
5 years ago
Felix Stupp
452efc2717
common: Reconfigured bash in backup scripts
...
Added options for better error handling
5 years ago
Felix Stupp
7e5ec719d3
server/spotme: Replaced configuration of system user with role usage
5 years ago
Felix Stupp
8e7fd3db9d
git_auto_update: Set default gpg fingerprint to backup fingerprint
5 years ago
Felix Stupp
b2b9466a28
common: Added global variable for backup gpg fingerprint
5 years ago
Felix Stupp
5354f71a08
README: Added description for server/firefox-sync
5 years ago
Felix Stupp
e707f3b51a
README: Added description for git_auto_update
5 years ago
Felix Stupp
a87b5d84e9
server/spotme: Made use of role node/application
5 years ago
Felix Stupp
6e08d4eb6f
Added host hardie.khitomer.banananet.work
5 years ago
Felix Stupp
d4dcd05ac5
hosts: Renamed group wireguard_nodes to public_available
...
Implicits every public available server should be a wireguard node
5 years ago
Felix Stupp
5c1a6b6a89
common: Improved helper script gpg_import_url_key
...
- Disabled output from called commands
- Improved shell options when failing
- Alternative return code if key is already stored in keyring
5 years ago
Felix Stupp
151f2ca896
server/nextcloud: Removed disabled task "Upgrade Nextcloud"
5 years ago
Felix Stupp
25b140f90e
server/nextcloud: Enabled app viewer
5 years ago
Felix Stupp
c129d94b73
server/nextcloud: Enabled app privacy
5 years ago
Felix Stupp
9537faa83d
server/nextcloud: Enabled app phonetrack
5 years ago
Felix Stupp
d576736e03
server/nextcloud: Enabled app ocdownloader
5 years ago
Felix Stupp
0eacb52089
server/nextcloud: Enabled app files_markdown
5 years ago
Felix Stupp
f5ee66de70
server/nextcloud: Enabled app files_ebookreader
5 years ago
Felix Stupp
0150c6191d
server/nextcloud: Enabled app cospend
5 years ago
Felix Stupp
3ffd6c06ac
server/nextcloud: Enabled app cookbook
5 years ago
Felix Stupp
cae1f92b60
server/nextcloud: Disabled survey_client app
5 years ago
Felix Stupp
4d735edfe7
server/nextcloud: Added task for disabling not required apps
5 years ago
Felix Stupp
7ac7806dc7
Fixed some lint errors
...
- Added missing default parameters
- Added names to tasks
- Configured changed|failed_when options
- Used command instead of shell module
- Changed local_action to delegate_to
- Added line to file ending
5 years ago
Felix Stupp
02e63f5d2a
server/nextcloud: Moved enabled apps list from tasks to defaults
5 years ago
Felix Stupp
7d4f2a89aa
server/nextcloud: Removed previewgenerator app
5 years ago
Felix Stupp
1819787da4
server/spotme: Used external handler for daemon_reload
5 years ago
Felix Stupp
49f119c6e8
server/node: Used external handler for daemon_reload
5 years ago
Felix Stupp
fd08d83275
Restricted permissions for service files
5 years ago