dprevot/ansible-roles
1
0
Fork 0
forked from evolix/ansible-roles
Code Issues Pull requests 1 Projects Releases Wiki Activity
3350 commits 45 branches 41 tags 9.7 MiB
Commit graph

909 commits

Author SHA1 Message Date
William Hirigoyen 13f4578599 postfix: Do not notify errors of classes policy, protocol in of main.cf 2023-01-23 15:01:57 +01:00
William Hirigoyen 31e90abe57 fail2ban: add 'Internal login failure' to Dovecot filter 2023-01-23 10:33:10 +01:00
William Hirigoyen 8d16f17354 * clamav: set MaxConnectionQueueLength to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix. 
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
 2023-01-18 10:30:41 +01:00
Jérémy Dubois 0cb751591a nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …) 2023-01-17 11:11:33 +01:00
Ludovic Poujol c27551939d webapps/nextcloud : Small enhancement on the vhost template to lock out data dir 2023-01-13 11:05:55 +01:00
Ludovic Poujol dcc378776c webapp/nextcloud : Change default data directory to be outside web root 2023-01-13 11:04:32 +01:00
Jérémy Dubois 68017d8db9 openvpn: fix the client cipher configuration to match the server cipher configuration 2023-01-12 14:29:18 +01:00
William Hirigoyen 417734eed2 haproxy: fix missing admin ACL in stats module access permissions 2023-01-11 16:15:09 +01:00
Patrick Marchand 08db5a5140 Fix problems with docker-host daemon.json config 2023-01-10 11:26:57 -05:00
William Hirigoyen 48e3ced983 elasticsearch : use logrotate for garbage collector logs 2023-01-02 17:29:37 +01:00
William Hirigoyen 8401401716 Update CHANGELOG 2022-12-30 10:46:24 +01:00
Jérémy Lecour 7a0e0d81d6 Proper jinja spacing 2022-12-28 09:03:37 +01:00
Jérémy Lecour 8eae5bba63 Use systemd module instead of command 2022-12-28 09:02:17 +01:00
Patrick Marchand 0e6c2567e2 Fix presentation error in changelog markdown 2022-12-22 11:35:52 -05:00
Patrick Marchand 5611bb73a2 Remove warning ignores as they are depreciated 
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
 2022-12-22 11:35:20 -05:00
Patrick Marchand 1c6fdbf85a Remove warning ignores as they are depreciated 
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
 2022-12-22 11:32:32 -05:00
William Hirigoyen 7005344a5b evolinux-base: ensure dbus enabled and started 2022-12-19 17:07:18 +01:00
William Hirigoyen 55a64845ce postfix: add localhost. to mydestination 2022-12-15 11:49:35 +01:00
Jérémy Lecour 0622e9ff1e fix non-breaking spaces 2022-12-14 11:47:53 +01:00
Jérémy Lecour 240ccee12b Release 22.12 2022-12-14 11:39:51 +01:00
Jérémy Lecour 34fefa1212 typos 2022-12-14 07:46:12 +01:00
Jérémy Dubois 91b40ce72f openvpn: Fix mode of shellpki script 2022-12-13 19:37:54 +01:00
Jérémy Dubois 9918776286 openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream 2022-12-13 17:53:59 +01:00
Jérémy Dubois 0722b84341 openvpn: shellpki upstream release 22.12.2 2022-12-13 17:50:09 +01:00
Mathieu Trossevin bc1facd1ba
proftpd: Fix mode of public key files and directory 2022-12-09 10:19:51 +01:00
Mathieu Trossevin 101c282846
proftpd: Fix format of public key files controlled by ansible 
The comments used by ansible's blockinfile module break the format
expected by proftpd for public ssh keys, making them unusable.

Replace with a template, we will just have to accept that we need to use
ansible for all changes to these file.
 2022-12-08 17:32:53 +01:00
Jérémy Lecour ce361c6819 listupgrade: sort/uniq of packages/services lists in email template 2022-12-07 21:05:12 +01:00
Jérémy Lecour 3c2369a3a2 listupgrade: better detection for PostgreSQL 2022-12-07 21:04:33 +01:00
Alexis Ben Miloud--Josselin 982112bd64 rabbitmq: add link in default page 2022-12-07 15:49:03 +01:00
Jérémy Lecour 22f30b59f2 certbot: auto-detect HAPEE version in renewal hook 2022-12-05 14:22:12 +01:00
Jérémy Dubois 6cc3e03864 openvpn: specifies that the mail for expirations is for OpenVPN 2022-12-05 09:52:20 +01:00
Jérémy Dubois cca072425b openvpn: shellpki upstream release 22.12 2022-12-01 16:56:23 +01:00
Jérémy Dubois cd2c1931b1 keepalived: change exit code (warning if runnin but not on expected state ; critical if not running) 2022-11-28 17:16:43 +01:00
Jérémy Lecour c96f28e47b evocheck: install script according to Debian version 2022-11-27 22:14:39 +01:00
Jérémy Lecour 08db230c29 Merge branch 'debian12' into unstable 2022-11-27 18:29:57 +01:00
Jérémy Lecour 54dca82838 varnish: fix missing state, that blocked the task 2022-11-26 19:10:21 +01:00
Jérémy Lecour 665177556e evomaintenance: allow missing API endpoint if APi is disabled 2022-11-26 19:09:05 +01:00
Jérémy Lecour ecd9d1543f varnish: better package facts usage with check mode and tags 2022-11-21 15:46:46 +01:00
Alexis Ben Miloud--Josselin 396afa0a75 nagios-nrpe: add ceph checks to changelog 2022-11-15 11:08:01 +01:00
Mathieu Trossevin 83138f0a0b
nagios-nrpe: Correct port for check_opendkim 2022-11-09 17:05:54 +01:00
Jérémy Lecour faeb92230b packweb-apache: manual dependencies resolution 2022-11-06 15:25:17 +01:00
Jérémy Lecour 4050dbea7a packweb-apache: enable log_forensic module 2022-11-06 15:25:17 +01:00
Jérémy Lecour b36d4c4766 various fixes for Debian 12 2022-11-06 15:25:17 +01:00
Jérémy Lecour 4c9aaf6d86 Merge branch 'unstable' into debian12-keyring 2022-11-06 10:19:36 +01:00
Jérémy Lecour a1bf300d54 bookworm-detect: transitional role to help dealing with unreleased bookworm version 2022-11-05 21:15:21 +01:00
Jérémy Lecour 28540247f0 Add signed-by option for additional APT sources 2022-11-02 23:17:08 +01:00
Jérémy Lecour f531460f49 Use proper keyrings directory for APT version 
Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings
 2022-11-02 23:16:32 +01:00
Jérémy Lecour c9ccda2277 varnish: create special tmp directory for syntax validation 2022-11-02 19:45:15 +01:00
Jérémy Lecour 4d259d3c04 varnish: systemd override depends on Varnish 
Use Varnish version instead of Debian version to choose systemd override template, to make it forward compatible
 2022-11-02 13:55:03 +01:00
William Hirigoyen 912cec5a78 lxc-php: update changelog. 2022-10-26 15:25:22 +02:00
Jérémy Lecour 857b3e0e45 nagios-nrpe: check_haproxy_stats supports DRAIN status 2022-10-20 15:46:04 +02:00
Jérémy Lecour 554c086b79 redis: variable to disable transparent hugepage (default: do nothing) 2022-10-20 14:38:12 +02:00
Jérémy Lecour fc52fbf4bc redis: some values should be quoted 
When Redis overwrites its own config, it uses quoted string values, so it's better to do the same to avoid changes.
 2022-10-20 14:36:47 +02:00
Jérémy Lecour f71075d4ef evolinux-base: replace regular kernel by cloud kernel on virtual servers 2022-10-19 16:33:25 +02:00
Jérémy Dubois 6be2ff3b48 evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions) 2022-10-17 11:37:58 +02:00
Jérémy Lecour 2d16aeb41e evolinux-base: utils.yml can be excluded 2022-10-11 13:37:21 +02:00
Mathieu Trossevin 4f9d6868e0
evolinux-user: sudoers privileges for check php\fpm80 and 81 2022-10-07 14:16:32 +02:00
Jérémy Lecour 15d7756881 minifirewall: whitelist deb.freexian.com 2022-10-03 18:54:29 +02:00
Jérémy Lecour 8e1b682ccc squid: whitelist deb.freexian.com 2022-10-03 18:54:05 +02:00
Jérémy Lecour c6fb24f7d8 lxc-solr: use default JRE package 2022-09-30 11:39:50 +02:00
Jérémy Lecour 792d1170ab java: use default JRE when version is not specified 2022-09-30 11:39:05 +02:00
Jérémy Lecour 6aeaab078d lxc-solr: set homedir and port at install 2022-09-27 07:47:26 +02:00
Jérémy Lecour 46deb04005 lxc-solr: choose java package and download URL according to Solr Version 2022-09-26 23:47:55 +02:00
Jérémy Lecour 26f9d171a4 lxc-solr: detect the real partition options 2022-09-26 23:46:29 +02:00
Jérémy Lecour 8089d90bd1 Release 22.09 2022-09-19 17:06:25 +02:00
Ludovic Poujol a540235077 munin: Add ipmi_ plugins on dedicated hardware 2022-09-15 11:45:24 +02:00
William Hirigoyen c310482ba6 domains: revert commits moved to dev branch domains 2022-09-15 10:48:55 +02:00
Jérémy Lecour 6f04a41557 fail2ban: fix dovecot-evolix regex syntax 2022-09-15 09:48:34 +02:00
William Hirigoyen 55f694f051 Update CHANGELOG 2022-09-14 12:21:13 +02:00
Jérémy Lecour d8a2dccf36 evocheck: upstream release 22.09 2022-09-14 10:55:02 +02:00
Ludovic Poujol cd46dd8320 proftpd: Add a warning if config file was overriden 2022-09-13 16:31:03 +02:00
Ludovic Poujol 9631476a06 proftpd: Allow user auth with ssh keys 2022-09-13 16:29:59 +02:00
Ludovic Poujol 7c4a169fb8 proftpd: Add options to override configs 2022-09-13 16:26:10 +02:00
Jérémy Lecour 28276b5d6f evolinux-base: update-evobackup-canary upstream release 22.06 2022-09-12 13:54:57 +02:00
Jérémy Lecour 3c1ec588fd minifirewall: use handlers to restart minifirewall 2022-09-09 16:09:48 +02:00
Jérémy Dubois c3be57410d openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS 2022-09-06 11:27:20 +02:00
William Hirigoyen 6fa89e69a5 Update changelog 2022-09-02 15:48:09 +02:00
Ludovic Poujol 1f52700b47 memcached: NRPE check for multi-instance setup 
Also some cleanup & split of tasks between single and multi instance

Note: Munin part seems still broken at the time
 2022-09-01 15:33:00 +02:00
Ludovic Poujol ee67ebca8b webapps/nextcloud: Drop support for Nginx 2022-09-01 12:46:37 +02:00
William Hirigoyen 2bda54a7bd Update CHANGELOG.md 2022-09-01 12:07:47 +02:00
Ludovic Poujol d165a104f2 * webapps/nextcloud: Add missing dependencies for imagick 2022-09-01 11:28:08 +02:00
Ludovic Poujol 4a3b40d986 generate-ldif: Support any MariaDB version 2022-08-29 17:29:14 +02:00
Jérémy Lecour c7a6b3e694 evocheck: upstream release 22.08.1 2022-08-29 17:03:31 +02:00
Jérémy Lecour 71aafe161c evocheck: upstream release 22.08 2022-08-29 17:03:31 +02:00
Eric Morino 9a25d5981f add webapps/nextcloud changelog 2022-08-26 16:34:19 +02:00
Jérémy Lecour 5fa7f4809c vrrp: fix systemd unit name 2022-08-24 17:58:46 +02:00
Jérémy Lecour 018eee7ea0 Update 'CHANGELOG.md' 
* use role name
* more descriptive message
* order items alphabetically
 2022-08-24 15:22:25 +02:00
Patrick Marchand 2c1ec040d1 Simplify user subset creation 
Instead of tags, allow only one subset of users to be created at a time.
 2022-08-24 09:05:29 -04:00
Patrick Marchand 9dfcfe1ef3 Made it possible to only create a subset of users 
The evolinux_users_create variable is a list of tags that defaults to ['active'].
Only the users that have one of the tags in the evolinux_users_create list will be created.
 2022-08-23 20:18:45 -04:00
David Prevot 3bd4b92425 CHANGELOG: Document previous ($self) change 2022-08-18 10:27:26 +02:00
Jérémy Lecour d0abfa985c redis: config directory must be owned by the user that runs the service 
… to be able to write tmp config files in it
 2022-08-17 16:53:07 +02:00
Jérémy Dubois de0c4fd314 openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command 2022-08-10 17:23:47 +02:00
Mathieu Trossevin 78dcec8656
varnish: Repair systemd unit for jessie/stretch 2022-08-10 11:18:23 +02:00
Mathieu Trossevin 08a4f1ed5f
Document previous change 2022-08-10 10:26:37 +02:00
Jérémy Lecour 6c33e11d5f evocheck: upstream release 22.07.1 2022-07-28 14:18:12 +02:00
Jérémy Lecour 0f899dcd09 evocheck: remove failure if deprecated variable is used 2022-07-28 13:58:09 +02:00
Jérémy Lecour 25b96c3283 Release 22.07.1 2022-07-28 13:49:57 +02:00
Jérémy Lecour f10ebe8cd6 evocheck: upstream release 22.07 2022-07-28 13:38:33 +02:00
Jérémy Lecour c8898a3d10 nagios-nrpe: use regexp to exclude paths/devices in check_disk1 2022-07-28 13:25:51 +02:00
Jérémy Lecour 0d086731ae evomaintenance: upstream release 22.07 2022-07-27 15:49:41 +02:00
Jérémy Lecour f7edd565a3 nagios-nrpe: check_disk1 returns only alerts 2022-07-27 09:24:46 +02:00
Jérémy Lecour b453321b3d nagios-nrpe: exclude /run/shm and /run/lock from check_disk1 2022-07-27 09:24:46 +02:00
Jérémy Lecour 0b41efd188 mongodb: replace version_compare() with version() 2022-07-18 15:54:42 +02:00
Bruno TATU 213c6dd6ac Add change for fail2ban role 2022-07-08 11:28:29 +02:00
Jérémy Lecour 53847d9919 Release 22.07 2022-07-06 18:02:42 +02:00
Jérémy Lecour a387304483 Fix CHANGELOG 2022-07-06 14:26:13 +02:00
Jérémy Lecour 0a3bfd7f27 evolinux-base: session timeout is configurable 2022-07-06 14:24:41 +02:00
Eric Morino 028bfe209a Add change in kvm-host 2022-07-05 10:18:49 +02:00
Jérémy Dubois 68ac8fc058 openvpn: configure logrotate 2022-06-30 10:12:36 +02:00
Jérémy Dubois 07c3c0226f openvpn: minimal rights on /etc/shellpki/ and crl.pem 2022-06-29 16:09:04 +02:00
Jérémy Lecour 205e699355 minifirewall: docker mode is configurable 2022-06-22 17:20:15 +02:00
Jérémy Lecour abb14e5b52 haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value 2022-06-22 15:32:10 +02:00
Ludovic Poujol 519ef930df Update PermitRootLogin task to work on Debian 11 2022-06-21 15:13:38 +02:00
Jérémy Lecour 050c61c220 Release 22.06.3 2022-06-17 11:00:51 +02:00
Jérémy Lecour 57ecac01ba evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers 2022-06-16 15:19:44 +02:00
William Hirigoyen (Evolix) 3623363b94 Update changelog for version 22.06 2022-06-13 17:35:31 +02:00
Jérémy Lecour 556719bbf2 Release 22.06.2 2022-06-10 11:11:44 +02:00
Ludovic Poujol b3ac39decd postgresql: Fix task order when using pgdg repo & Install the right pg version 2022-06-09 10:33:28 +02:00
Jérémy Lecour cea1408bba evocheck: upstream release 22.06.2 2022-06-09 07:42:29 +02:00
Jérémy Lecour 4d1d77faaf postgresql: add variable to configure binding addresses (default: 127.0.0.1) 2022-06-09 07:41:52 +02:00
Ludovic Poujol 1e19418fb0 Fail2ban: Multiple changes & improvements : 
* Give the possibility to override jail.local (with fail2ban_override_jaillocal)
* If jail.local was overriden, add a warning
* Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
* Allow to tune the default action with ansible
* Change default action to ban only (instead of ban + mail with whois report)
* Configure recidive jail (off by default) + extend dbpurgeage
 2022-06-08 17:55:58 +02:00
Jérémy Lecour bcaacdf57f postgresql: fix nested loop for Munin plugins 2022-06-08 15:39:34 +02:00
Jérémy Lecour cbe7985814 Enforce String notation for mode 2022-06-08 15:38:21 +02:00
Jérémy Lecour b677defd97 redis: binding is possible on multiple interfaces 2022-06-08 15:36:47 +02:00
Jérémy Lecour 1895c549d4 Release 22.06.1 2022-06-06 15:07:10 +02:00
Jérémy Lecour 3d70438f7e evocheck: upstream release 22.06.1 2022-06-06 15:05:59 +02:00
Jérémy Lecour 4cd7e0f4a1 minifirewall: upstream release 22.06 2022-06-06 14:42:22 +02:00
Jérémy Lecour 56c2c19d61 evomariabackup: release 22.06.1 2022-06-05 21:49:23 +02:00
Jérémy Lecour 6d0e49ba90 mysql: reorganize evomariabackup to use mtree instead of our own dir-check 2022-06-05 21:48:04 +02:00
Jérémy Lecour e718156f86 fix CHANGELOG 2022-06-03 10:19:35 +02:00
Jérémy Lecour e8e99bb9b6 Release 22.06 2022-06-03 09:27:01 +02:00
Jérémy Lecour 9378f5634c add missing entry in CHANGELOG 2022-06-03 09:26:07 +02:00
Jérémy Lecour 51908f64b9 evocheck: upstream release 22.06 2022-06-03 09:15:04 +02:00
Jérémy Lecour 586aa206a8 mysql: add post-backup-hook to evomariabackup 2022-06-02 18:26:23 +02:00
Jérémy Lecour b8b96bb5b7 mysql: use dir-check inside evomariabackup 2022-06-01 17:24:55 +02:00
Jérémy Lecour 249e53fc21 evolinux-base: add dir-check script 2022-06-01 17:24:55 +02:00
Jérémy Lecour 17a2032a10 evolinux-base: add update-evobackup-canary script 2022-06-01 10:46:13 +02:00
Jérémy Lecour b3dbcb082f certbot: add hapee (HAProxy Enterprise Edition) deploy hook 2022-05-31 14:06:25 +02:00
Ludovic Poujol 134355d190 docker: Allow live-restore to be toggled with docker_conf_live_restore 2022-05-24 16:22:49 +02:00
Jérémy Lecour 1a9c219c5b Release 22.05.1 2022-05-12 15:49:18 +02:00
Jérémy Lecour f82a81844d evocheck: upstream release 22.05 2022-05-12 15:47:50 +02:00
Ludovic Poujol 9973a62c16 docker : Introduce new variables to tweak daemon settings 2022-05-10 19:04:58 +02:00
Ludovic Poujol 6aa7b89b78 docker : Introduce new default settings + allow to change the docker data directory 2022-05-10 18:21:59 +02:00
Ludovic Poujol 1b4d4c98fe docker : Removed Debian Jessie support 2022-05-10 17:39:45 +02:00
Jérémy Lecour 09872fa4ad Release 22.05 2022-05-10 16:58:32 +02:00
Jérémy Lecour dd2072b86b minifirewall: fix failed_when conditions on restart 2022-05-10 16:40:45 +02:00
Jérémy Lecour 378ee04c82 minifirewall: upstream release 22.05 2022-05-10 15:55:08 +02:00
Eric Morino 3663783509 add change in opendkim role 2022-05-09 10:19:18 +02:00
Jérémy Lecour 749d6a78cd redis: Add log2mail user to redis group 2022-05-05 09:40:30 +02:00
Jérémy Lecour 61cd2b7428 minifirewall: upstream release 22.04
Some checks failed
continuous-integration/drone/push Build is failing
Details
2022-04-28 19:14:31 +02:00