dprevot/ansible-roles
1
0
Fork 0
forked from evolix/ansible-roles
Code Issues Pull requests 1 Projects Releases Wiki Activity
3624 commits 45 branches 41 tags 9.7 MiB
Commit graph

1067 commits

Author SHA1 Message Date
Jérémy Lecour 2e9b6c0680
amavis/ldap: make ldap_suffix mandatory 2024-02-07 16:15:32 +01:00
Jérémy Lecour 0b859fd1a4
dovecot: add variables for LDAP 2024-02-07 16:14:29 +01:00
William Hirigoyen 3bb29aa6ba proftpd: fix error when no SSH key is provided 2024-02-07 11:32:41 +01:00
Eric Morino 5df27a4bc5 Add variables for generate "ldap_suffix" in amavis role. 2024-02-06 10:29:52 +01:00
Jérémy Lecour ba827b79d9
sort CHANGELOG 2024-02-06 08:41:58 +01:00
Jérémy Lecour 12993a8d7c
vrrpd: configure minifirewall 2024-02-06 08:40:55 +01:00
William Hirigoyen 1f8738fbda postfix: move postfix installation from evolinux-base to postfix role, plus some refactoring 
postfix:
* Move common packages installation in common.yml
* Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs)
* Remove dependency on evolinux_fqdn var
* Do not overwrite main.cf if it has been modified (except if postfix_force_main_cf)

evolinux-base:
* Move exim4 purge from evolinux-base to postfix role
* Call postfix role call after nagios role (dependency)
 2024-02-01 18:00:48 +01:00
William Hirigoyen 554bbaa36f roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL) 2024-02-01 18:00:38 +01:00
William Hirigoyen bc07010aa6 webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice) 2024-02-01 18:00:38 +01:00
William Hirigoyen de0a98d693 dovecot: fix missing default mails 2024-02-01 18:00:38 +01:00
Alexis Ben Miloud--Josselin 8741167a80 Revert last commit 2024-02-01 17:04:30 +01:00
Alexis Ben Miloud--Josselin 4c9e4a30cc userlogrotate: Ensure we use a valid group name 
Use user's primary group when user's name is not an existing group.
 2024-02-01 11:07:19 +01:00
William Hirigoyen d67e2b122f nagios-nrpe, generateldif: new check_pressure_{cpu,io,mem} 2024-01-31 18:04:11 +01:00
William Hirigoyen 393c1f4ff1 add missing LDAP conf iterate_filter to exclude disabled accounts in users list 2024-01-29 12:04:38 +01:00
William Hirigoyen dae2a25f78 check_free_space: add role; evolinux-base: install check_free_space by default 2024-01-24 17:25:20 +01:00
William Hirigoyen cce7280cd0 fail2ban: add script unban_ip 2024-01-24 15:24:42 +01:00
William Hirigoyen 68d9d3c47c minifirewall: do not open publicly ports except 22222 2024-01-24 11:45:28 +01:00
Alexis Ben Miloud--Josselin 251416f3e8 webapps/nextcloud: Set home directory's mode 2024-01-23 18:00:54 +01:00
Alexis Ben Miloud--Josselin 9b67202acc webapps/nextcloud: Add condition for archive tasks 2024-01-23 16:35:51 +01:00
David Prevot bc19912b71 Revert "listupgrade: try and get rid of duplicate entries" 
This reverts commit 531b633d99.
 2024-01-18 10:14:36 +01:00
Jérémy Lecour 0c17e4d8fc
sort CHANGELOG 2024-01-18 10:01:46 +01:00
Jérémy Lecour 51280c586a
redis: manage config template inside a block 
This allows to have a coherent block managed by Ansible and extra lines that won't be overwritten.
Eg. : automatically added lines for replication, sentinel groups…
 2024-01-18 10:00:44 +01:00
David Prevot 531b633d99 listupgrade: try and get rid of duplicate entries 2024-01-17 17:07:20 +01:00
David Prevot bceb3f5c27 php: drop apt_preferences(5) file for sury (changelog) 2024-01-17 16:51:14 +01:00
Jérémy Lecour f3eb7a4981
listupgrade : old-kernel-removal.sh upstream release 24.01 2024-01-12 11:39:01 +01:00
Jérémy Lecour bca5b9f28c
fail2ban: fix template marker 2024-01-11 17:46:49 +01:00
Jérémy Lecour bf07ef74c3
nginx: take care of « already defined » and « not yet defined » server status suffix in check mode 2024-01-11 16:51:20 +01:00
William Hirigoyen f5d5e84caf dovecot: fix plugin dovecot1 2024-01-09 17:13:22 +01:00
David Prevot e089796c4c evocheck: upstream release 24.01 2024-01-03 17:47:09 +01:00
William Hirigoyen 0a590b6679 nginx: fix multiple fails in check mode 2024-01-03 11:29:20 +01:00
David Prevot 1ac497282c evoadmin-mail: use fixed version for Ansible 2023-12-22 15:44:40 +01:00
William Hirigoyen 9fb635b45f webapps/evoadmin-mail: package installed via public.evolix.org/evolix repo starting with Bookworm 
(H)acked-By: David Prévot <dprevot+git@evolix.fr>
 2023-12-22 15:42:30 +01:00
Mathieu Trossevin c2de4b4cd1
kvm-host: Add LVM filter when needed 2023-12-22 11:26:08 +01:00
Jérémy Lecour d93eb2495b
sort CHANGELOG 2023-12-20 15:28:09 +01:00
Jérémy Lecour 046f1411b3
vrrpd: test if interface exists before deleting it 2023-12-20 15:27:07 +01:00
Ludovic Poujol 4a1b94f55d unbound: Add a apt cache validity to enforce an apt update if needed 2023-12-19 17:55:36 +01:00
Tom David--Broglio 1eb5a47c71 nagios: add dockerd check in nrpe check template 2023-12-18 19:17:39 +01:00
Tom David--Broglio d4ac4ef7a1 nagios: cleaning nrpe check template 2023-12-18 19:17:39 +01:00
Mathieu Trossevin c0f27426bc
Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable 2023-12-18 17:47:47 +01:00
Mathieu Trossevin 62c596046d
Add role for automatically deploying autosysadmin 2023-12-18 17:00:51 +01:00
Jérémy Lecour b4c9fcf6f7
mongodb: add gpg key for 7.0 2023-12-18 16:36:09 +01:00
William Hirigoyen 9e67db57e5 evolinux-base: fix hardware.yml (wrong repo, missing update cache) 2023-12-18 11:29:40 +01:00
Mathieu Trossevin 0c09763e87
fix(minifirewall): Properly detect old minifirewall versions 2023-12-14 16:59:55 +01:00
Jérémy Lecour b0992bcaf9
mysql: disable performance schema for Debian 8 2023-12-11 18:21:57 +01:00
Jérémy Lecour 26e3dc1be6
apache: use backward compatible Redirect directive 2023-12-11 18:19:38 +01:00
Jérémy Lecour a920d2d402
apt: Disable archive repository for Debian 8 2023-12-11 15:10:11 +01:00
Jérémy Lecour 6c0ca02391
apt: add task file to install ELTS repository (default: False) 2023-12-11 15:10:10 +01:00
Jérémy Lecour db63902206
apt: use the GPG version of the key for Debian 8-9 2023-12-11 15:10:09 +01:00
Jérémy Lecour fb7218972f
squid: config directory seems to have changed from /etc/squid3 to /etc/squid in Debian 8 2023-12-11 15:10:06 +01:00
William Hirigoyen 66b69f1502 remount-usr: do not try to remount /usr RW if /usr is not a mounted partition 2023-12-11 10:46:04 +01:00
Ludovic Poujol e32e1c5496 Unbound: Big update & enhancements 
* Move configuration generated to /etc/unbound/unbound.conf.d/evolinux.conf so we don't override default config file
* Make use of root hints provided by dns-root-data instead of downloading them
* Add configuration to ensure that configuration reload work out of the box on Debian11 and old
* Add required configuration in Unbound and munin to allow tge plugin to work
* Make ansible-lint a bit more happy
 2023-12-08 16:13:41 +01:00
Tom David--Broglio cbc51c462a fix Add Ceph volume to fstab : missing UUID= in src 2023-12-07 11:02:04 +01:00
Alexis Ben Miloud--Josselin 4d7de89ad4 webapps/nextcloud: Add condition for config tasks 
And update CHANGELOG
 2023-12-07 10:19:42 +01:00
William Hirigoyen c9e8b6c4e1 dovecot: Munin plugin conf path is now /etc/munin/plugin-conf.d/zzz-dovecot (instead of z-evolinux-dovecot) 2023-12-07 10:04:11 +01:00
David Prevot b8732dffaf Changelog for previous changes 2023-11-30 15:58:31 +01:00
Mathieu Trossevin 0ca31b91fe
fix(certbot): Fix hook for dovecot (too strict) 
When we use a separate certificate for POP3 and IMAP there might be
blank characters (almost certainly spaces but might as well be more lax)
before `ssl_cert` which resulted in these lines not being detected and
the hook not being played, forcing manual intervention.

This commit fixes that problem by accepting blank characters before
ssl_certs. (`\b` might be even better...)
 2023-11-30 10:11:05 +01:00
William Hirigoyen 1a74bef0bc check stat.exists before stat.isdir 2023-11-29 10:13:43 +01:00
William Hirigoyen 83e61b25a5 etc-git: add /var/chroot-bind/etc/bind repo 2023-11-29 09:59:57 +01:00
Jérémy Lecour 06c47493e9
sort changelog 2023-11-29 09:24:28 +01:00
Jérémy Lecour 81d97bb3fb
vrrpd: variable to force update the switch script (default: false) 2023-11-29 09:24:00 +01:00
David Prevot e5f5425f6d lxc-php: Allow one to install php83 on Bookworm container 2023-11-28 17:15:44 +01:00
David Prevot 69bc93ff6e lxc: Init /etc git repository in lxc container 
Note: ugly loop, but “it works”…
 2023-11-24 11:54:13 +01:00
Alexis Ben Miloud--Josselin 892067cf2b kvmstats: use .capacity instead of .physical for disk size 2023-11-23 12:26:20 +01:00
David Prevot c93748487b evocheck: upstream release 23.11.1 2023-11-22 17:27:39 +01:00
David Prevot 2c86660e52 evocheck: upstream release 23.11 2023-11-22 17:06:39 +01:00
David Prevot 95aeb9a68e Fix bind changelog entry 2023-11-22 16:13:37 +01:00
David Prevot 96d15eb5aa Changelog entry for bind changes 2023-11-21 11:35:42 +01:00
Jérémy Lecour 4cba25d8fc
evolinux-base: no need to remove update-evobackup-canary from sbin anymore 2023-11-20 19:15:39 +01:00
Jérémy Lecour f01e7453fb
no need to symlink backup-server-state to dump-server-state anymore 2023-11-20 19:13:51 +01:00
Jérémy Lecour 83c178f244
log2mail: move custom config in separate file 2023-11-20 19:02:48 +01:00
Jérémy Lecour 642fbb1ea4
evolinux-base: dump-server-state upstream release 23.11 2023-11-20 19:02:03 +01:00
William Hirigoyen a5e4359d0e #73871 ssl: no not execute haproxy tasks and reload if haproxy is disabled 2023-11-17 15:51:33 +01:00
Gregory Colpart 0578d5a3ec apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name) 2023-11-16 14:45:07 +01:00
Gregory Colpart ac72c7ac31 apache: fix MaxRequestsPerChild value to be sync with wiki.e.o 2023-11-16 14:44:08 +01:00
Gregory Colpart b1a67d1a5c apache : fix goaway pattern for bad bots 2023-11-16 14:35:48 +01:00
William Hirigoyen 1394052fd6 ProFTPd: set missing default listen IP for SFTP, enable ed25525549 key only for Debian >= 11 2023-11-15 10:53:22 +01:00
William Hirigoyen 4a6e6e6ba2 ProFTPd: in SFTP vhost, enable SSH keys login, enable ed25549 host key 2023-11-15 09:43:10 +01:00
Ludovic Poujol b77845cc8c php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository 2023-11-13 16:17:22 +01:00
Tom David--Broglio 6ae9e04f27 webapps/nextcloud: fix misplaced gid attr and added check for nexctcloud uid 2023-11-09 16:48:17 +01:00
Tom David--Broglio aab3381887 webapps/nextcloud: fix missing gid 2023-11-09 15:59:45 +01:00
Tom David--Broglio 009de62e28 webapps/nextcloud Added var nextcloud_user_uid to enforce uid for nextcloud user 2023-11-09 15:19:15 +01:00
William Hirigoyen 41ec5b737b nagios: rename var into and check systemd-timesyncd instead of ntpd in Debian 12 2023-11-07 17:46:29 +01:00
William Hirigoyen c9c8ade55d nagios: fix default file to monitor for check_clamav_db 2023-11-03 18:03:35 +01:00
William Hirigoyen bc284f8248 add-vm.sh: allow VM name max length > 20 2023-11-03 10:48:28 +01:00
Brice Waegeneire 74a6b2ead1 nagios-nrpe: add check_sentinel 2023-10-27 15:02:28 +02:00
David Prevot 953ca015c5 Changelog entries for latest changes 2023-10-26 16:09:42 +02:00
Brice Waegeneire 679e170dce evolinux-base: use separate default config file for rsyslog 2023-10-18 15:10:35 +02:00
Jérémy Lecour 3b3b130248
Release 23.10 2023-10-14 07:37:18 +02:00
Jérémy Lecour 31990cfe80
Linting CHANGELOG 2023-10-14 07:36:29 +02:00
Alexis Ben Miloud--Josselin bbf6ce6f6e rbenv: Installer libyaml-dev 
Le paquet est nécessaire en Debian 12.
 2023-10-12 17:49:00 +02:00
Alexis Ben Miloud--Josselin dbd1103078 docker-host: Retirer directive state en trop 2023-10-11 18:06:13 +02:00
Alexis Ben Miloud--Josselin a80076a5ea evolinux-base: Corriger autorisation pour evolinux_user 
Cas configuration SSH séparée. Ticket #74636.
 2023-10-11 10:02:34 +02:00
Jérémy Lecour 3347ac4271
evomaintenance: upstream release 23.10.1 2023-10-09 18:13:48 +02:00
Alexis Ben Miloud--Josselin 0c9b55e5e1 evolix-base/root: fix module used 2023-10-09 17:12:15 +02:00
Jérémy Lecour c673ed10c6
evomaintenance: upstream release 23.10 2023-10-09 16:24:47 +02:00
Jérémy Lecour d6a777be72
kvm-host: migrate-vm: set migration speed even on bridges 2023-10-05 22:05:17 +02:00
Jérémy Lecour 9cd0426d2b
nagios-nrpe: sync Redis check from redis roles 2023-10-03 13:34:53 +02:00
David Prevot f2c37dddff Use timesyncd instead of ntpd starting with Debian 12 (not always) 2023-09-28 17:25:18 +02:00
David Prevot a2306e6a15 Changelog for previous commit 2023-09-28 15:27:19 +02:00
David Prevot aa13171f91 Changelog for previous commit 2023-09-26 18:00:59 +02:00