Jérémy Lecour
ac98aa2d18
evolinux-base: install Evocheck (default: True
)
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ec54af596c
evolinux-base: Don't customize the logcheck recipient by default.
...
By default the package sends its messages to the logcheck user.
By default we alias the "logcheck" user to "root" which is redirected to
our custom address.
2020-03-04 14:03:18 +01:00
Jérémy Lecour
7283e34077
Replace version_compare() with version()
2020-02-25 10:45:35 +01:00
Jérémy Lecour
80081aa26e
evolinux-base: remove the chrony package
2020-01-16 10:57:47 +01:00
Jérémy Lecour
6801f4e00e
Add names to many blocks
2019-12-31 16:56:03 +01:00
Jérémy Lecour
27e217467e
Change "|changed" with "is changed"
2019-12-31 16:18:56 +01:00
Jérémy Lecour
e04d881988
replace "with_items" in apt modules
2019-12-31 16:18:56 +01:00
Jérémy Lecour
79bb6103b8
Change "|version_compare" with "is version_compare"
2019-12-31 10:18:19 +01:00
Victor LABORIE
2a1e0b7ef6
evolinux-base: install ssacli for HP Smart Array
2019-12-13 11:00:20 +01:00
Victor LABORIE
6f5e13f8b8
Add evolix prefix to include_role
2019-11-29 14:00:25 +01:00
Ludovic Poujol
6e918d166e
evolinux-base: Don't make alert5.service executable
...
Every 3 mins, systemd complain that the service file is marked as
executable, and asks the executable bit to be remove.
Nov 27 01:35:11 foo systemd[1]: Configuration file /etc/systemd/system/alert5.service is marked executable. Please remove executable permission bits. Proceeding anyway.
2019-11-28 10:59:29 +01:00
Ludovic Poujol
dc1c78e08a
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
...
I've noticed that some log files, especially /var/log/syslog were empty.
After investigating, I've realized that it was happening after a log
rotation by logrotate.
The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on
Debian 10. It will fail with a not so explicit message :
[FAIL] Closing open files: rsyslogd failed!
Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't
created any more, so start-stop-daemon as used by /etc/init.d/rsyslog
will fail. Explaining the error message.
Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is
used by logrotate. It will send the signal HUP the 'right' way, so
rsyslog will be aware of the log rotation.
Sadly, this script isn't present in Debian 9 nor 8, so the logrotate
configuration for rsyslog is now a template, using the right command for
the right version.
2019-11-22 16:48:19 +01:00
Eric Morino
c15f8963e4
Add compatibility for debian 9 and debian 10 in HW tool and megacli package
2019-11-14 14:29:04 +01:00
Ludovic Poujol
174bfa5ba0
Fix a syntax error in a task name (a missplaced double quote)
2019-11-12 17:59:36 +01:00
Jérémy Lecour
f2dacac139
evolinux-base: add /usr/share/scripts in root's PATH (Debian 10+)
2019-10-30 14:32:32 +01:00
Jérémy Lecour
8679da4cb6
evolinux-base: install /sbin/deny
2019-10-30 14:32:32 +01:00
Jérémy Lecour
78ea4a61e1
typo
2019-10-30 14:32:32 +01:00
Jérémy Lecour
24edbd680a
Add crontabs only when cron package is installed (many roles)
2019-10-21 15:26:03 +02:00
Jérémy Lecour
bea11352be
Merge branch 'buster' into unstable
2019-09-23 18:34:35 +02:00
Jérémy Lecour
b31159c9d2
evolinux-base: use "evolinux_internal_group" for SSH authentication
2019-09-22 22:26:21 +02:00
Jérémy Lecour
8f868b8612
evolinux-base: default value for "evolinux_ssh_group"
2019-09-22 22:25:30 +02:00
Ludovic Poujol
f630d93587
evolinux-base: On debian 10 and later, add noexec on /dev/shm
2019-07-23 18:18:29 +02:00
Benoît S.
d5751150af
evolinux-base: spectre-meltdown-checker need binutils
2019-07-03 09:56:17 +02:00
Benoît S.
771c75c1de
all-roles: Dot not use ansible_lsb as it is deprecated
...
We move from `ansible_lsb.codename` to `ansible_distribution_release`.
2019-07-03 09:41:35 +02:00
Jérémy Lecour
fecdbb0406
evolinux-base: use the variable for the "ssh" group name
2019-06-24 17:08:01 +02:00
Jérémy Lecour
a8ef97fcde
Revert "evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)"
...
This reverts commit 65414d8ae7
.
2019-06-20 17:29:48 +02:00
Jérémy Lecour
b362f422df
evolinux-base: packages for Buster and later
2019-06-19 15:08:54 +02:00
Jérémy Lecour
bee57a0b3c
change distribution release codename
...
Ansible 2.2 is too old to know about buster.
Let's use LSB for that.
2019-06-18 17:35:28 +02:00
Jérémy Lecour
65414d8ae7
evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)
2019-06-17 14:22:00 +02:00
Ludovic Poujol
75a8c90258
evolinux-base: Ensure rename is present
2019-06-17 09:58:10 +02:00
Ludovic Poujol
334b8a3f0d
evolinux-base: Validate sshd config with "sshd -t"
...
See #52 - It seems the behaviour changed with the recent releases, -T
that does an extended test now fails on "Match" blocks when no context
is given through -C
2019-06-17 09:47:22 +02:00
Jérémy Lecour
aa28e9c1b8
change repositories URL
2019-03-21 15:31:58 +01:00
Jérémy Lecour
3e37800994
evolinux-base: remove apt-listchanges on Stretch and later
2019-03-05 11:10:12 +01:00
Jérémy Lecour
a94c94018c
normalize some arguments positions
2019-01-01 20:02:50 +01:00
Benoît S.
776839fe61
Typo: rcpbind and not rcpbin
2018-12-19 15:58:47 +01:00
Victor LABORIE
74f25e8183
evolinux-base: deploy custom motd if template are present
2018-11-30 15:14:39 +01:00
Patrick Marchand
9198c1e2c0
ansible-lint does not like trailing whitespace
2018-11-13 16:56:31 -05:00
Victor LABORIE
83e9f12669
evolinux-base: install man package
2018-10-23 11:38:52 +02:00
Jérémy Lecour
81e9b3d33c
don't reload history on each prompt
2018-09-13 16:54:07 +02:00
Jérémy Lecour
2a89b8ff22
evolinux-base: better shell history
...
* remove duplicates from history
* reload/save history at prompt time
2018-09-11 14:13:29 +02:00
Jérémy Lecour
fe064c16d1
update CHANGELOG for evolinux-todo
2018-08-24 14:43:14 +02:00
Jérémy Lecour
b6fa349394
evolinux-base: compact multiple systctl tasks into one
2018-08-21 13:34:03 +02:00
Gregory Colpart
51f41ff14a
Workaround by Evolix security team for old kernels and vulnerabiliy CVE-2018-5391 (FragmentSmack)
2018-08-17 21:28:14 +02:00
Jérémy Lecour
4461281945
evolinux-base: add internal FQDN/hostname in /etc/hosts if needed
2018-08-17 10:07:36 +02:00
Jérémy Lecour
bc8858fc0a
evolinux-base: improve hostname configuration
...
We can have a "real" hostname and domain, but also an "internal" hostnae
and domain, used mostly for internal tools.
2018-08-16 16:17:34 +02:00
Tristan PILAT
99747e72b5
500px is too narrow, let's switch to 768px
2018-07-24 12:17:07 +02:00
Victor LABORIE
f56f8f7615
evolinux-base: add mail related aliases
2018-06-25 11:20:37 +02:00
Jérémy Lecour
ec535b036c
apt module: Use "state: present" instead of "state: installed"
...
"state: installed" is deprecated in Ansible 2.5
2018-05-18 09:33:25 +02:00
Gregory Colpart
20f6371980
typo
2018-05-01 19:38:55 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
e79640d770
evolinux: Name and improve compatibility checks
2018-04-20 14:38:55 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b866b6fa0a
evolinux-base: fail2ban is not enabled by default
2018-04-18 12:15:43 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
ad3383a510
Install ncurses-term for additional terminal types
...
When connecting to a server from urxvt, the session behaves like one
with xterm.
2018-03-29 16:42:33 +02:00
Ludovic Poujol
3c2443181b
evolinux-base: Exec the firewall tasks sooner to avoid dependency issues
2018-03-15 12:04:35 +01:00
Jérémy Lecour
b634840b42
apache/nginx: server status suffix
2018-01-03 10:05:20 +01:00
Jérémy Lecour
08d544668b
evolinux-base: create /etc/evolinux
2018-01-03 10:05:20 +01:00
Victor LABORIE
f09d93aadb
evolinux-base: purge locate/mlocate by default
2018-01-02 15:11:27 +01:00
Jérémy Lecour
aeba94bcba
default/additional variables
...
List of hosts/ip are a combination of 2 lists allowing overrides
2017-12-20 18:04:54 +01:00
Ludovic Poujol
a2acd250a6
evolinux-base: have default_www files chmoded as 644
2017-12-13 15:44:16 +01:00
Jérémy Lecour
1faf0faa6b
Remove openntpd before installing serveur-base
2017-12-06 00:09:08 +01:00
Jérémy Lecour
5e1268ad65
Install traceroute
2017-12-05 14:42:07 +01:00
Jérémy Lecour
b3f4e4683e
hostname customization needs the dbus package
2017-11-22 14:08:54 +01:00
Jérémy Lecour
b15b06d458
add name for some fail modules
2017-11-21 10:17:46 +01:00
Jérémy Lecour
8ef9554746
Combine evolix and additional trusted IP addresses
2017-11-15 23:57:58 +01:00
Jérémy Lecour
46d70b3cd5
evolnux-base: cache pgp key locally
2017-11-15 11:40:42 +01:00
Victor LABORIE
1c48df025c
Move /usr rw remount into remount-usr role
2017-11-07 13:34:05 +01:00
Ludovic Poujol
3532cb3f2d
evolinux-base: harware tasks. Add http://hwraid.le-vert.net/debian repo
...
on stretch for megacli packages
2017-10-26 15:07:28 +02:00
Jérémy Lecour
b4e4b14fc6
Invert SSH Match User directives
2017-10-17 10:28:48 +02:00
Jérémy Lecour
c77bc14e95
Evolinux: don't remove root from AllowUsers list
2017-10-11 17:58:59 +02:00
Ludovic Poujol
745c45f88d
Fix remount_usr_rw/yml
2017-10-11 17:58:18 +02:00
Jérémy Lecour
4bc7635502
Include generate-ldif in evolinux-base
2017-10-11 13:10:15 +02:00
Jérémy Lecour
20e8a852fa
Handle "PermitRootLogin prohibit-password"
2017-10-10 23:50:14 +02:00
Jérémy Lecour
707aabb404
evolinux-base : remove root from AllowUsers directive
...
when disabling root login, also remove it from AllowUsers if present
2017-10-10 22:00:28 +02:00
Jérémy Lecour
79e57b7787
evolinux-base: don't disable root ssh by default
2017-10-10 21:58:03 +02:00
Jérémy Lecour
bf2cd96793
evolinux-users must not be included as is
...
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
2017-10-10 20:52:49 +02:00
Jérémy Lecour
e09a6ace31
evolinux-base: use apt role for all APT configuration
2017-10-10 16:35:23 +02:00
Jérémy Lecour
9fe76d40da
Let's keep the currently deployed line
2017-10-09 15:57:38 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
a07d1d873a
evolinux-base: bad group for password restrictions
2017-10-08 12:49:55 +02:00
Jérémy Lecour
6984c121c2
evolinux-base/ssh: syntax clarity
...
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
2017-10-08 12:48:56 +02:00
Jérémy Lecour
2480088f8b
Change DIR_MODE only if adduser.conf is pristine
2017-10-07 22:59:06 +02:00
Jérémy Lecour
518353268a
evolinux-base: logname command doesn't change
2017-10-07 22:56:37 +02:00
Jérémy Lecour
094ad8c28d
evolinux-base: improve AllowUsers for current user
2017-10-07 22:17:38 +02:00
Jérémy Lecour
c4e61a18d4
evolinux-base includes a few external roles
...
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
2017-10-07 18:13:52 +02:00
Jérémy Lecour
adade8ae3c
formatting
2017-10-07 17:54:25 +02:00
Jérémy Lecour
03bc456dfa
evolinux-base: allow ssh for current user
...
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant
This is disabled by default
2017-10-07 13:12:03 +02:00
Jérémy Lecour
382d545d0d
evolinux-base: fix netextreme device detection
2017-10-07 13:12:03 +02:00
Jérémy Lecour
7f4eb747de
change alert5 only for buster
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ed17676432
A real systemd unit for alert5
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ef93d56799
evolinux-base: better task name for postfix
2017-10-06 01:06:59 +02:00
Jérémy Lecour
7b88393ccf
Refactoring of admin-users + evolinux-base roles
...
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
to ensure ssh connections are possible for other users before
cutting root's access
* evomaintenance is also included in evolinux-base to have it available
when users are created
2017-10-06 01:06:59 +02:00
Jérémy Lecour
be32fd9a23
Remove useless comments
2017-10-05 00:29:14 +02:00
Jérémy Lecour
622698fb99
Don't disable root access by default
...
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
2017-10-05 00:29:14 +02:00
Jérémy Lecour
ee80235e14
evolinux-base: etc-git is included after apt customization
...
APT sources must be customized before installing any package
2017-10-04 23:32:27 +02:00
Jérémy Lecour
f050608596
evolinux-base/meta: compatible with stretch
2017-10-04 23:31:29 +02:00
Jérémy Lecour
5ffc94281f
evolinux-base: parse fstab with better regex
...
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
2017-10-04 14:31:01 +02:00
Benoît S.
c1b719f16a
Merge branch 'unstable' into 'bash-completion'
...
# Conflicts:
# evolinux-base/tasks/packages.yml
2017-09-20 15:56:45 +02:00
Jérémy Lecour
3a9b95cedc
evolinux-base: fallback with warning for ssh without addresses
2017-09-14 14:26:00 +02:00
Gregory Colpart
06184a44bf
remove *ssl_subject vars to avoid errors
2017-09-08 01:26:53 +02:00
Gregory Colpart
d4e800a263
enable evoadmin-web link in default site index
2017-09-08 01:26:53 +02:00
Gregory Colpart
a074f6488a
we use now evolinux-sudo group to set sudo rights
2017-09-08 01:26:53 +02:00
Gregory Colpart
87ef758891
we need force=no for files who will be lineinfile/blockinfile
2017-09-07 02:32:08 +02:00
Gregory Colpart
26b76aed17
review default vhost
2017-09-07 02:31:48 +02:00
Gregory Colpart
be4e811c47
phpMyAdmin configuration
2017-09-07 02:26:35 +02:00
Gregory Colpart
4eb891b8b7
use role ntpd in evolinux-base
2017-08-31 03:31:00 +02:00
Gregory Colpart
b801c883ac
minor fix: true -> True
2017-08-31 03:23:07 +02:00
Gregory Colpart
ca4b0d5b1d
log2mail need to be started and not restarted each time
2017-08-30 04:07:26 +02:00
Gregory Colpart
859822709d
Revert "Fix: openssl req -subj arg need to be "/CN="" because bad var during test
...
This reverts commit 8cfa0a6ef2
.
2017-08-30 04:07:26 +02:00
Gregory Colpart
8cfa0a6ef2
Fix: openssl req -subj arg need to be "/CN="
2017-08-29 02:32:20 +02:00
Gregory Colpart
207a2f6011
Improve distribution verification
2017-08-23 01:49:27 +02:00
Gregory Colpart
5226082db0
evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all
...
(will be probably generalized to others modules if needed)
2017-08-22 01:37:04 +02:00
Benoît S.
a95d7893c5
Add a comment about AcceptEnv
2017-08-18 14:37:34 +02:00
Gregory Colpart
d82b12b614
fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall)
2017-08-18 04:13:56 +02:00
Gregory Colpart
2bb7367edf
standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible
2017-08-18 03:50:30 +02:00
Jérémy Lecour
4b8456c5b7
Fix ssh security policy
2017-08-05 12:13:42 -04:00
Jérémy Lecour
db2b418be4
evolinux-base: fix typo in README
2017-08-05 12:13:42 -04:00
Gregory Colpart
e212f3043f
Set right URL for our custom role
2017-07-23 00:55:23 +02:00
Gregory Colpart
bbb0e579a6
Fix #2154 : we don't need lsb-invalid-mta and package is not anymore in stretch
2017-07-22 08:19:14 +02:00
Victor LABORIE
64a134355b
evolinux-base: override logmail service
2017-07-19 16:03:36 +02:00
Jérémy Lecour
adc3bd7a93
Fix ssh LogLevel
...
* the directive can be present but commented
* the version comparison was wrong
2017-07-19 13:49:08 +02:00
Jérémy Lecour
62fbbd2016
Rename role "apt-repositories" to "apt"
2017-07-19 08:56:46 +02:00
Jérémy Lecour
3e3e1c368e
Lighter /root/.vimrc
2017-07-18 20:03:57 +02:00
Jérémy Lecour
388a2c058e
Over-simplified /root/.gitconfig
2017-07-18 20:00:20 +02:00
Jérémy Lecour
0c2170cf5c
Remove some backups, again
2017-07-18 19:38:03 +02:00
Benoît S.
fa3047bdc4
Fix #2198 . Purge openntpd
2017-07-17 16:18:10 +02:00
Jérémy Lecour
be68f9ac0a
remove a few useless "backup: yes"
2017-07-17 14:46:01 +02:00
Gregory Colpart
a189b7935b
NTPD : Listen only on lo interface by default
2017-07-17 14:21:46 +02:00
Gregory Colpart
f78e93e0ff
we want always packages ssl-cert et ca-certificates (probably will go to serveur-base package, we will see)
2017-07-13 02:41:12 +02:00
Gregory Colpart
ea4ec27f08
Oops, last commit was broken. I think "when: TAG" need always to be boolean, then I patch for that.
2017-07-13 02:20:28 +02:00
Gregory Colpart
fcfea428b7
pet commit: remove not ecessary params
2017-07-13 01:18:25 +02:00
Jérémy Lecour
e23edbd5f4
this have nothing to do in the previous commit
2017-07-12 10:24:09 +02:00
Jérémy Lecour
ce37282feb
Effectively change the timezone
2017-07-12 10:23:21 +02:00
Jérémy Lecour
a318e6065c
Disable new vim defaults
2017-07-12 10:15:47 +02:00
Jérémy Lecour
6514f64a1f
Better english
2017-07-12 09:34:46 +02:00
Jérémy Lecour
1cdbcaa5fb
Install packages for Stretch and later
2017-07-11 18:43:22 +02:00
Gregory Colpart
12b5d9a97a
Fix #2207 : set -L 15 for Cron
2017-07-11 00:42:38 +02:00
Gregory Colpart
eab03993d0
improvment, don't touch to /etc/profile and instead use /etc/profile.d/evolinux.sh
2017-07-11 00:29:06 +02:00
Gregory Colpart
05b7588953
no more apt-listchanges in Stretch
2017-07-10 22:17:58 +02:00
Gregory Colpart
0d79db4ed5
Improve dpkg pre / post - invoke
2017-07-10 21:52:57 +02:00
Gregory Colpart
8505ef5b5e
exit 0 -> true
2017-07-09 19:59:12 +02:00
Gregory Colpart
0d0937aa4e
Use "false" instead of "0" to be more explicit
2017-07-09 19:59:12 +02:00
Jérémy Lecour
0fdc1565a8
Default site CSS slightly beautified
2017-07-06 17:14:29 +02:00
Jérémy Lecour
553025d199
enable server-status in default site
2017-07-06 17:14:29 +02:00
Jérémy Lecour
0e0bc1cbbd
Split default vhost into nginx ad apache roles
2017-07-06 17:14:28 +02:00
Jérémy Lecour
de37aac243
Don't overwrite default apache vhost
2017-07-06 17:14:27 +02:00
Benoît S.
effbfc3189
Be sure to have the bash-completion package
...
It is very handy to have this package to have completion of commands like
systemctl.
2017-07-06 11:58:48 +02:00
Jérémy Lecour
bae8961e99
packweb/evoadmin: cleanup
...
* extracted tasks
* more variables
* more templates
* less bugs
2017-07-03 18:23:39 +02:00
Jérémy Lecour
664a926caa
evolinux: fix rotate value customization
...
with "[0-9]*" too much lines would be changed
2017-07-03 17:57:00 +02:00