Jérémy Lecour
a07d1d873a
evolinux-base: bad group for password restrictions
2017-10-08 12:49:55 +02:00
Jérémy Lecour
6984c121c2
evolinux-base/ssh: syntax clarity
...
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
2017-10-08 12:48:56 +02:00
Jérémy Lecour
2480088f8b
Change DIR_MODE only if adduser.conf is pristine
2017-10-07 22:59:06 +02:00
Jérémy Lecour
518353268a
evolinux-base: logname command doesn't change
2017-10-07 22:56:37 +02:00
Jérémy Lecour
094ad8c28d
evolinux-base: improve AllowUsers for current user
2017-10-07 22:17:38 +02:00
Jérémy Lecour
c4e61a18d4
evolinux-base includes a few external roles
...
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
2017-10-07 18:13:52 +02:00
Jérémy Lecour
adade8ae3c
formatting
2017-10-07 17:54:25 +02:00
Jérémy Lecour
03bc456dfa
evolinux-base: allow ssh for current user
...
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant
This is disabled by default
2017-10-07 13:12:03 +02:00
Jérémy Lecour
382d545d0d
evolinux-base: fix netextreme device detection
2017-10-07 13:12:03 +02:00
Jérémy Lecour
7f4eb747de
change alert5 only for buster
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ed17676432
A real systemd unit for alert5
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ef93d56799
evolinux-base: better task name for postfix
2017-10-06 01:06:59 +02:00
Jérémy Lecour
7b88393ccf
Refactoring of admin-users + evolinux-base roles
...
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
to ensure ssh connections are possible for other users before
cutting root's access
* evomaintenance is also included in evolinux-base to have it available
when users are created
2017-10-06 01:06:59 +02:00
Jérémy Lecour
be32fd9a23
Remove useless comments
2017-10-05 00:29:14 +02:00
Jérémy Lecour
ee80235e14
evolinux-base: etc-git is included after apt customization
...
APT sources must be customized before installing any package
2017-10-04 23:32:27 +02:00
Jérémy Lecour
5ffc94281f
evolinux-base: parse fstab with better regex
...
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
2017-10-04 14:31:01 +02:00
Benoît S.
c1b719f16a
Merge branch 'unstable' into 'bash-completion'
...
# Conflicts:
# evolinux-base/tasks/packages.yml
2017-09-20 15:56:45 +02:00
Jérémy Lecour
3a9b95cedc
evolinux-base: fallback with warning for ssh without addresses
2017-09-14 14:26:00 +02:00
Gregory Colpart
06184a44bf
remove *ssl_subject vars to avoid errors
2017-09-08 01:26:53 +02:00
Gregory Colpart
a074f6488a
we use now evolinux-sudo group to set sudo rights
2017-09-08 01:26:53 +02:00
Gregory Colpart
87ef758891
we need force=no for files who will be lineinfile/blockinfile
2017-09-07 02:32:08 +02:00
Gregory Colpart
4eb891b8b7
use role ntpd in evolinux-base
2017-08-31 03:31:00 +02:00
Gregory Colpart
ca4b0d5b1d
log2mail need to be started and not restarted each time
2017-08-30 04:07:26 +02:00
Gregory Colpart
859822709d
Revert "Fix: openssl req -subj arg need to be "/CN="" because bad var during test
...
This reverts commit 8cfa0a6ef2
.
2017-08-30 04:07:26 +02:00
Gregory Colpart
8cfa0a6ef2
Fix: openssl req -subj arg need to be "/CN="
2017-08-29 02:32:20 +02:00
Gregory Colpart
207a2f6011
Improve distribution verification
2017-08-23 01:49:27 +02:00
Gregory Colpart
5226082db0
evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all
...
(will be probably generalized to others modules if needed)
2017-08-22 01:37:04 +02:00
Benoît S.
a95d7893c5
Add a comment about AcceptEnv
2017-08-18 14:37:34 +02:00
Gregory Colpart
d82b12b614
fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall)
2017-08-18 04:13:56 +02:00
Gregory Colpart
2bb7367edf
standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible
2017-08-18 03:50:30 +02:00
Jérémy Lecour
4b8456c5b7
Fix ssh security policy
2017-08-05 12:13:42 -04:00
Gregory Colpart
bbb0e579a6
Fix #2154 : we don't need lsb-invalid-mta and package is not anymore in stretch
2017-07-22 08:19:14 +02:00
Victor LABORIE
64a134355b
evolinux-base: override logmail service
2017-07-19 16:03:36 +02:00
Jérémy Lecour
adc3bd7a93
Fix ssh LogLevel
...
* the directive can be present but commented
* the version comparison was wrong
2017-07-19 13:49:08 +02:00
Jérémy Lecour
62fbbd2016
Rename role "apt-repositories" to "apt"
2017-07-19 08:56:46 +02:00
Jérémy Lecour
3e3e1c368e
Lighter /root/.vimrc
2017-07-18 20:03:57 +02:00
Jérémy Lecour
0c2170cf5c
Remove some backups, again
2017-07-18 19:38:03 +02:00
Benoît S.
fa3047bdc4
Fix #2198 . Purge openntpd
2017-07-17 16:18:10 +02:00
Jérémy Lecour
be68f9ac0a
remove a few useless "backup: yes"
2017-07-17 14:46:01 +02:00
Gregory Colpart
a189b7935b
NTPD : Listen only on lo interface by default
2017-07-17 14:21:46 +02:00
Gregory Colpart
f78e93e0ff
we want always packages ssl-cert et ca-certificates (probably will go to serveur-base package, we will see)
2017-07-13 02:41:12 +02:00
Gregory Colpart
ea4ec27f08
Oops, last commit was broken. I think "when: TAG" need always to be boolean, then I patch for that.
2017-07-13 02:20:28 +02:00
Gregory Colpart
fcfea428b7
pet commit: remove not ecessary params
2017-07-13 01:18:25 +02:00
Jérémy Lecour
e23edbd5f4
this have nothing to do in the previous commit
2017-07-12 10:24:09 +02:00
Jérémy Lecour
ce37282feb
Effectively change the timezone
2017-07-12 10:23:21 +02:00
Jérémy Lecour
a318e6065c
Disable new vim defaults
2017-07-12 10:15:47 +02:00
Jérémy Lecour
6514f64a1f
Better english
2017-07-12 09:34:46 +02:00
Jérémy Lecour
1cdbcaa5fb
Install packages for Stretch and later
2017-07-11 18:43:22 +02:00
Gregory Colpart
12b5d9a97a
Fix #2207 : set -L 15 for Cron
2017-07-11 00:42:38 +02:00
Gregory Colpart
eab03993d0
improvment, don't touch to /etc/profile and instead use /etc/profile.d/evolinux.sh
2017-07-11 00:29:06 +02:00