Victor LABORIE
3b4bf6d13a
php: fix right on custom conf files
2017-10-16 17:46:55 +02:00
Jérémy Lecour
1941f9a3f9
evoacme: improve webserver config logic
2017-10-13 17:14:03 +02:00
Jérémy Lecour
2066a79f2e
evoacme: exit after certbot in dry-run mode
2017-10-13 17:13:14 +02:00
Jérémy Lecour
350abe5787
evoacme: invert test logic
2017-10-13 14:05:05 +02:00
Jérémy Lecour
baa5eae784
evoacme: add many tests
2017-10-13 12:46:40 +02:00
Jérémy Lecour
1c5e5e965b
evoacme: fix typo
2017-10-13 12:32:16 +02:00
Jérémy Lecour
06a3965fde
whitespaces
2017-10-13 12:30:34 +02:00
Jérémy Lecour
31a19114e5
evoacme: readability of tests
...
change from :
"what I don't want" && error
to :
"what I want" || error
2017-10-13 12:30:24 +02:00
Jérémy Lecour
9bccbd9496
evoacme: check for readability, not just presence
2017-10-13 12:28:44 +02:00
Jérémy Lecour
3c283d2bb4
evoacme: execute evoacme in cron mode
2017-10-13 12:09:12 +02:00
Jérémy Lecour
0022071462
evoacme: add tests to fail with proper messages
2017-10-13 12:08:47 +02:00
Jérémy Lecour
e11958d101
evoacme: fix web servers config check
2017-10-13 11:18:37 +02:00
Jérémy Lecour
6d6d0760cd
evoacme: sed cert path after cert creation
2017-10-13 11:18:15 +02:00
Jérémy Lecour
88600039d3
evoacme: daily iterations are not enough
2017-10-13 11:17:32 +02:00
Jérémy Lecour
5e71da94d3
evoacme: fix typo
2017-10-13 11:16:46 +02:00
Jérémy Lecour
bced7561c9
make-csr: extract a few functions
2017-10-13 11:16:21 +02:00
Jérémy Lecour
fb0c22dfd1
evoacme: refactoring for make-csr
...
inspired from recent refactoring or evoacme itself
2017-10-13 00:47:02 +02:00
Jérémy Lecour
9fccd7e682
evoacme: improve variables
2017-10-12 18:22:43 +02:00
Jérémy Lecour
65ccc2c0b5
evoacme: use env variables for execution modes
2017-10-12 18:22:06 +02:00
Jérémy Lecour
30434a70d8
evoacme: csr verification is a different function call
2017-10-12 18:20:49 +02:00
Jérémy Lecour
118a9759af
evoacme: change function name to be more specific
2017-10-12 18:19:53 +02:00
Jérémy Lecour
3c61484448
evoacme: don't allow uninitialized variables
2017-10-12 18:19:09 +02:00
Victor LABORIE
5e9795435b
nginx: fix ip filtering in default vhost
2017-10-12 15:38:07 +02:00
Jérémy Lecour
0d0c21f908
Evoacme: refactoring
...
* add a lot of variables, to reduce possible typos
* add a lot of debug statements
* add many comments and line breaks for readability
* extract functions for complex openssl commands
* explode the big certbot command into multiple lines
* allow certbot to make test certs (for API query limits)
* allow certbot to run in "dry run" mode
* regroup some lines together when they do related things
2017-10-12 00:29:21 +02:00
Jérémy Lecour
1091dfeeed
evolinux-users: Handle "PermitRootLogin prohibit-password"
2017-10-11 22:17:52 +02:00
Victor LABORIE
1c244f556b
evoacme: better apache/nginx reload
2017-10-11 18:50:20 +02:00
Victor LABORIE
2dbdfb6600
evoacme: add error and debug function
2017-10-11 18:50:19 +02:00
Jérémy Lecour
9527aff68a
apache/nginx: remove compatibility mode
2017-10-11 18:13:15 +02:00
Jérémy Lecour
c77bc14e95
Evolinux: don't remove root from AllowUsers list
2017-10-11 17:58:59 +02:00
Jérémy Lecour
8518902ec9
Elasticsearch-head: no need to have a shell
2017-10-11 17:58:59 +02:00
Ludovic Poujol
745c45f88d
Fix remount_usr_rw/yml
2017-10-11 17:58:18 +02:00
Jérémy Lecour
4bc7635502
Include generate-ldif in evolinux-base
2017-10-11 13:10:15 +02:00
Jérémy Lecour
cca3b2921f
Public role for "generate-ldif"
2017-10-11 13:10:15 +02:00
Jérémy Lecour
20e8a852fa
Handle "PermitRootLogin prohibit-password"
2017-10-10 23:50:14 +02:00
Jérémy Lecour
ae4b9675c2
evolix-users: disable root ssh login by default
2017-10-10 22:01:44 +02:00
Jérémy Lecour
8435ac192d
evolinux-users: better detection of AllowUsers
2017-10-10 22:01:12 +02:00
Jérémy Lecour
707aabb404
evolinux-base : remove root from AllowUsers directive
...
when disabling root login, also remove it from AllowUsers if present
2017-10-10 22:00:28 +02:00
Jérémy Lecour
79e57b7787
evolinux-base: don't disable root ssh by default
2017-10-10 21:58:03 +02:00
Jérémy Lecour
bf2cd96793
evolinux-users must not be included as is
...
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
2017-10-10 20:52:49 +02:00
Jérémy Lecour
e09a6ace31
evolinux-base: use apt role for all APT configuration
2017-10-10 16:35:23 +02:00
Jérémy Lecour
fae9cd9208
extract APT configuration into apt role
2017-10-10 16:34:53 +02:00
Jérémy Lecour
517c0e672b
Nginx: completely rename ipaddr_whitelist
2017-10-10 09:57:29 +02:00
Jérémy Lecour
2a95325dc6
systemd unit for elasticsearch-head
2017-10-09 17:45:51 +02:00
Jérémy Lecour
9af98e7ebe
ES/head: use https to clone the repository
2017-10-09 16:36:03 +02:00
Jérémy Lecour
ae745d89ff
Nginx: don't overwrite the default vhost
2017-10-09 16:35:38 +02:00
Jérémy Lecour
9798022192
Nginx: fix ipaddr_whitelist path
2017-10-09 16:13:26 +02:00
Jérémy Lecour
9fe76d40da
Let's keep the currently deployed line
2017-10-09 15:57:38 +02:00
Ludovic Poujol
1e68bcb2fc
Nginx: fix missing double quote
2017-10-09 11:56:34 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
3d22cbf927
java8: we only need the headless variant
2017-10-08 22:33:49 +02:00