dprevot/ansible-roles
1
0
Fork 0
forked from evolix/ansible-roles
Code Issues Pull requests 1 Projects Releases Wiki Activity
3310 commits 45 branches 41 tags 9.7 MiB
Commit graph

894 commits

Author SHA1 Message Date
Jérémy Lecour 65ee8c7e45 Release 23.03 2023-03-16 14:56:39 +01:00
Jérémy Lecour 8df930f016 import changelog line 2023-03-16 14:38:32 +01:00
Jérémy Lecour 70d34ac18d listupgrade: upstream release 23.03.3 2023-03-16 14:38:32 +01:00
Jérémy Lecour 50216eb5c7 listupgrade: upstream release 23.03.2 2023-03-16 14:38:32 +01:00
Jérémy Lecour 8d698ec6cb CHANGELOG cleanup 2023-03-16 14:38:29 +01:00
Alexis Ben Miloud--Josselin dc6b340081 changelog: ajouter changements sur kvmstats 2023-03-16 14:21:21 +01:00
Jérémy Lecour fa1935e46c apt: add tools to migrate sources to deb822 format 2023-03-15 22:50:00 +01:00
David Prevot c7940dc8c1 CHANGELOG: tfix 2023-03-13 15:12:37 +01:00
William Hirigoyen 419071f470 php: fix error introduced in 33503e4538 (False evaluated as a string instead of boolean) 2023-03-13 15:09:41 +01:00
Jérémy Lecour b4a63d3d55 listupgrade: upstream release 23.03.1 2023-03-12 11:12:56 +01:00
Jérémy Lecour b57fd16ee6 listupgrade: upstream release 23.03 2023-03-12 11:12:56 +01:00
Jérémy Lecour d64193287d postgresql: configure max_connections 2023-03-12 11:12:56 +01:00
William Hirigoyen 3f353ad072 elasticsearch: disable GC logging 2023-03-10 10:29:59 +01:00
William Hirigoyen fc95f57711 elasticsearch: Disable GC rotation for JDK 8 2023-03-10 10:29:59 +01:00
William Hirigoyen 4759ed645c lxc: copy /etc/profile.d/evolinux.sh from host into container (P10001) 2023-03-08 11:09:36 +01:00
William Hirigoyen af569f8c26 userlogrotate: set rotate date format in right order (YYYY-MM-DD)! 2023-03-03 14:39:16 +01:00
William Hirigoyen 4d3f92df23 postfix: avoid Amavis transport to be considered dead when restarted. 2023-03-02 17:50:17 +01:00
William Hirigoyen 7ec58bf144 userlogrotate: skip zipping if .gz log already exists (prevents interactive question) 2023-03-01 17:50:58 +01:00
William Hirigoyen cc7c2a7d4e userlogrotate: fix bug introduced in commit 2e54944a24 (rotated files were not zipped) 2023-03-01 17:22:50 +01:00
William Hirigoyen d9c5563fd6 postfix: remove unused "aliases_scope=sub" from virtual_aliases.cf (it generated warnings) 2023-03-01 14:35:51 +01:00
Ludovic Poujol e896459d06 varnish: add variable varnish_update_config to disable configuration update 2023-02-28 15:24:18 +01:00
David Prevot 1d701b060e apt: Use pub.evolix.org instead of pub.evolix.net 2023-02-27 18:11:51 +01:00
Jérémy Lecour 17946f7280 apt: add move-apt-keyrings script/tasks 2023-02-27 13:58:01 +01:00
Jérémy Lecour 431ffd5991 evolinux-base: subversion is not installed anymore 2023-02-26 21:31:02 +01:00
Eric Morino 68d34c8528 Add changelog for add feature in postfix / apache and php 2023-02-24 15:46:00 +01:00
Jérémy Lecour 8cbe837147 bind: refactor role 
* queries log can be enabled or disabled
* split tasks
* check if AppArmor is present
* don't install Munin plugin whose data file is not present
* remove example ACL in authoritative configuration
 2023-02-21 19:01:01 +01:00
William Hirigoyen 2c1db6a222 userlogrotate: create role separated from packweb-apache 2023-02-21 17:55:46 +01:00
William Hirigoyen cd8a812288 bind: fix fail in check mode 2023-02-21 15:14:05 +01:00
Jérémy Lecour 86a3c78a04 yarn: update apt key 2023-02-21 15:09:05 +01:00
Jérémy Lecour 21a4f76330 bind: use systemd module 2023-02-21 15:08:02 +01:00
Alexis Ben Miloud--Josselin 6968128e7c php: fix last commit and update changelog 2023-02-14 16:43:41 +01:00
Ludovic Poujol 49e92d20b0 evolinux-users: Update sudoers template to remove commands allowed without password 2023-02-01 15:23:51 +01:00
Jérémy Dubois f354f16cd6 openvpn: Change check_openvpn destination file to comply with recent EvoBSD change 2023-01-31 11:13:08 +01:00
Jérémy Lecour 8244bd4615 nagios-nrpe: add tasks/files for a wrapper 2023-01-30 12:05:43 +01:00
William Hirigoyen e0c143d9cf postfix: come back to default value of for pack mails 2023-01-23 15:35:47 +01:00
William Hirigoyen 13f4578599 postfix: Do not notify errors of classes policy, protocol in of main.cf 2023-01-23 15:01:57 +01:00
William Hirigoyen 31e90abe57 fail2ban: add 'Internal login failure' to Dovecot filter 2023-01-23 10:33:10 +01:00
William Hirigoyen 8d16f17354 * clamav: set MaxConnectionQueueLength to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix. 
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
 2023-01-18 10:30:41 +01:00
Jérémy Dubois 0cb751591a nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …) 2023-01-17 11:11:33 +01:00
Ludovic Poujol c27551939d webapps/nextcloud : Small enhancement on the vhost template to lock out data dir 2023-01-13 11:05:55 +01:00
Ludovic Poujol dcc378776c webapp/nextcloud : Change default data directory to be outside web root 2023-01-13 11:04:32 +01:00
Jérémy Dubois 68017d8db9 openvpn: fix the client cipher configuration to match the server cipher configuration 2023-01-12 14:29:18 +01:00
William Hirigoyen 417734eed2 haproxy: fix missing admin ACL in stats module access permissions 2023-01-11 16:15:09 +01:00
Patrick Marchand 08db5a5140 Fix problems with docker-host daemon.json config 2023-01-10 11:26:57 -05:00
William Hirigoyen 48e3ced983 elasticsearch : use logrotate for garbage collector logs 2023-01-02 17:29:37 +01:00
William Hirigoyen 8401401716 Update CHANGELOG 2022-12-30 10:46:24 +01:00
Jérémy Lecour 7a0e0d81d6 Proper jinja spacing 2022-12-28 09:03:37 +01:00
Jérémy Lecour 8eae5bba63 Use systemd module instead of command 2022-12-28 09:02:17 +01:00
Patrick Marchand 0e6c2567e2 Fix presentation error in changelog markdown 2022-12-22 11:35:52 -05:00
Patrick Marchand 5611bb73a2 Remove warning ignores as they are depreciated 
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
 2022-12-22 11:35:20 -05:00
Patrick Marchand 1c6fdbf85a Remove warning ignores as they are depreciated 
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
 2022-12-22 11:32:32 -05:00
William Hirigoyen 7005344a5b evolinux-base: ensure dbus enabled and started 2022-12-19 17:07:18 +01:00
William Hirigoyen 55a64845ce postfix: add localhost. to mydestination 2022-12-15 11:49:35 +01:00
Jérémy Lecour 0622e9ff1e fix non-breaking spaces 2022-12-14 11:47:53 +01:00
Jérémy Lecour 240ccee12b Release 22.12 2022-12-14 11:39:51 +01:00
Jérémy Lecour 34fefa1212 typos 2022-12-14 07:46:12 +01:00
Jérémy Dubois 91b40ce72f openvpn: Fix mode of shellpki script 2022-12-13 19:37:54 +01:00
Jérémy Dubois 9918776286 openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream 2022-12-13 17:53:59 +01:00
Jérémy Dubois 0722b84341 openvpn: shellpki upstream release 22.12.2 2022-12-13 17:50:09 +01:00
Mathieu Trossevin bc1facd1ba
proftpd: Fix mode of public key files and directory 2022-12-09 10:19:51 +01:00
Mathieu Trossevin 101c282846
proftpd: Fix format of public key files controlled by ansible 
The comments used by ansible's blockinfile module break the format
expected by proftpd for public ssh keys, making them unusable.

Replace with a template, we will just have to accept that we need to use
ansible for all changes to these file.
 2022-12-08 17:32:53 +01:00
Jérémy Lecour ce361c6819 listupgrade: sort/uniq of packages/services lists in email template 2022-12-07 21:05:12 +01:00
Jérémy Lecour 3c2369a3a2 listupgrade: better detection for PostgreSQL 2022-12-07 21:04:33 +01:00
Alexis Ben Miloud--Josselin 982112bd64 rabbitmq: add link in default page 2022-12-07 15:49:03 +01:00
Jérémy Lecour 22f30b59f2 certbot: auto-detect HAPEE version in renewal hook 2022-12-05 14:22:12 +01:00
Jérémy Dubois 6cc3e03864 openvpn: specifies that the mail for expirations is for OpenVPN 2022-12-05 09:52:20 +01:00
Jérémy Dubois cca072425b openvpn: shellpki upstream release 22.12 2022-12-01 16:56:23 +01:00
Jérémy Dubois cd2c1931b1 keepalived: change exit code (warning if runnin but not on expected state ; critical if not running) 2022-11-28 17:16:43 +01:00
Jérémy Lecour c96f28e47b evocheck: install script according to Debian version 2022-11-27 22:14:39 +01:00
Jérémy Lecour 08db230c29 Merge branch 'debian12' into unstable 2022-11-27 18:29:57 +01:00
Jérémy Lecour 54dca82838 varnish: fix missing state, that blocked the task 2022-11-26 19:10:21 +01:00
Jérémy Lecour 665177556e evomaintenance: allow missing API endpoint if APi is disabled 2022-11-26 19:09:05 +01:00
Jérémy Lecour ecd9d1543f varnish: better package facts usage with check mode and tags 2022-11-21 15:46:46 +01:00
Alexis Ben Miloud--Josselin 396afa0a75 nagios-nrpe: add ceph checks to changelog 2022-11-15 11:08:01 +01:00
Mathieu Trossevin 83138f0a0b
nagios-nrpe: Correct port for check_opendkim 2022-11-09 17:05:54 +01:00
Jérémy Lecour faeb92230b packweb-apache: manual dependencies resolution 2022-11-06 15:25:17 +01:00
Jérémy Lecour 4050dbea7a packweb-apache: enable log_forensic module 2022-11-06 15:25:17 +01:00
Jérémy Lecour b36d4c4766 various fixes for Debian 12 2022-11-06 15:25:17 +01:00
Jérémy Lecour 4c9aaf6d86 Merge branch 'unstable' into debian12-keyring 2022-11-06 10:19:36 +01:00
Jérémy Lecour a1bf300d54 bookworm-detect: transitional role to help dealing with unreleased bookworm version 2022-11-05 21:15:21 +01:00
Jérémy Lecour 28540247f0 Add signed-by option for additional APT sources 2022-11-02 23:17:08 +01:00
Jérémy Lecour f531460f49 Use proper keyrings directory for APT version 
Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings
 2022-11-02 23:16:32 +01:00
Jérémy Lecour c9ccda2277 varnish: create special tmp directory for syntax validation 2022-11-02 19:45:15 +01:00
Jérémy Lecour 4d259d3c04 varnish: systemd override depends on Varnish 
Use Varnish version instead of Debian version to choose systemd override template, to make it forward compatible
 2022-11-02 13:55:03 +01:00
William Hirigoyen 912cec5a78 lxc-php: update changelog. 2022-10-26 15:25:22 +02:00
Jérémy Lecour 857b3e0e45 nagios-nrpe: check_haproxy_stats supports DRAIN status 2022-10-20 15:46:04 +02:00
Jérémy Lecour 554c086b79 redis: variable to disable transparent hugepage (default: do nothing) 2022-10-20 14:38:12 +02:00
Jérémy Lecour fc52fbf4bc redis: some values should be quoted 
When Redis overwrites its own config, it uses quoted string values, so it's better to do the same to avoid changes.
 2022-10-20 14:36:47 +02:00
Jérémy Lecour f71075d4ef evolinux-base: replace regular kernel by cloud kernel on virtual servers 2022-10-19 16:33:25 +02:00
Jérémy Dubois 6be2ff3b48 evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions) 2022-10-17 11:37:58 +02:00
Jérémy Lecour 2d16aeb41e evolinux-base: utils.yml can be excluded 2022-10-11 13:37:21 +02:00
Mathieu Trossevin 4f9d6868e0
evolinux-user: sudoers privileges for check php\fpm80 and 81 2022-10-07 14:16:32 +02:00
Jérémy Lecour 15d7756881 minifirewall: whitelist deb.freexian.com 2022-10-03 18:54:29 +02:00
Jérémy Lecour 8e1b682ccc squid: whitelist deb.freexian.com 2022-10-03 18:54:05 +02:00
Jérémy Lecour c6fb24f7d8 lxc-solr: use default JRE package 2022-09-30 11:39:50 +02:00
Jérémy Lecour 792d1170ab java: use default JRE when version is not specified 2022-09-30 11:39:05 +02:00
Jérémy Lecour 6aeaab078d lxc-solr: set homedir and port at install 2022-09-27 07:47:26 +02:00
Jérémy Lecour 46deb04005 lxc-solr: choose java package and download URL according to Solr Version 2022-09-26 23:47:55 +02:00
Jérémy Lecour 26f9d171a4 lxc-solr: detect the real partition options 2022-09-26 23:46:29 +02:00
Jérémy Lecour 8089d90bd1 Release 22.09 2022-09-19 17:06:25 +02:00