Commit graph

399 commits

Author SHA1 Message Date
Jérémy Dubois 983b7204b4 pf: fix comment for the rule that changed with the previous commit 2024-06-10 17:28:45 +02:00
Jérémy Dubois c90e178444 * pf: pass quick for ICMP and Evolix rules which won't need to be overwritten, no state for ICMP because it's not needed and can sometimes be unfavourable 2024-06-10 17:27:20 +02:00
Jérémy Dubois 2d52979402 evomaintenance: fix src path and some syntax convention
There was an extra ' in the src path
2024-06-10 15:41:32 +02:00
Jérémy Lecour 17de9c87de
evomaintenance: put upstream files into upstream folder 2024-05-15 13:47:53 +02:00
Jérémy Lecour 4b8d89bddb
evomaintenance: upstream release 24.05 2024-05-15 13:26:37 +02:00
Jérémy Dubois 7f76cc14f5 base, collectd, etc-git, logsentry, nagios-nrpe: execute pkg_info command even in check mode 2024-05-06 15:11:31 +02:00
Jérémy Dubois e0b9c03798 nagios-nrpe: fix variable use in 2024-05-06 11:21:18 +02:00
Jérémy Dubois 99ff7284a3 base, collectd, etc-git, logsentry, nagios-nrpe: install packages manually
Because openbsd_pkg module is broken since OpenBSD 7.4 with the version of Ansible we currently use
2024-03-13 15:17:20 +01:00
Jérémy Dubois 6a2faf5649 Use a new evobsd_ssl_cert_hostname var instead of ansible_fqdn
On OpenBSD, ansible_fqdn is the reverse of the IP, which is not always properly configured
2024-02-20 15:30:25 +01:00
Jérémy Dubois f2451118c4 ospf, bgp: fix checks scripts 2024-02-19 10:37:31 +01:00
Ludovic Poujol 28851698e6
nagios-nrpe: configure server certificate for nrpe daemon 2024-02-16 11:00:48 +01:00
Ludovic Poujol 9fe7825499
base: Generate default (self-signed) certificate
Create /etc/ssl/certs on OpenBSD to follow Linux/Debian
Don't change the owner/group of generated files (for now)
2024-02-16 10:45:32 +01:00
Ludovic Poujol f7b29deda3
base: Generate default (self-signed) certificate 2024-02-15 12:18:29 +01:00
Ludovic Poujol 43e8ebfa0a
Changelog for previous commit bce501dee0 2024-02-15 11:50:32 +01:00
Ludovic Poujol bce501dee0 etc-git: Remove deprecated/unsupported "warn" parameter 2024-02-15 11:28:42 +01:00
Jérémy Dubois 70ab0c80de accounts: add a "users" tag
So that new users are not created and customized password are not reset based on vars files when executing evolixisation.yml again
2024-01-26 14:39:42 +01:00
Jérémy Dubois bf1bb2f80e base: upstream release 24.01 2024-01-12 15:02:32 +01:00
Jérémy Dubois a61f2423bc Remove multiple spaces 2023-12-15 16:23:31 +01:00
Jérémy Dubois 7dd930afcb nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP 2023-12-15 15:46:15 +01:00
Jérémy Dubois 8e18b6972a post-install: execute every 10 minuts 2023-12-11 17:44:41 +01:00
Jérémy Dubois 63212accdd forwarding: added tags to distinguish IPv4 from IPv6 2023-11-13 17:45:33 +01:00
Jérémy Dubois aee18bfde9 base: configure "/var/log" for servers that have a mount on it 2023-11-13 16:01:47 +01:00
Jérémy Dubois 1f0011ad2a accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00
Jérémy Dubois 6822eaa4f0 base: added handlers for entries in fstab 2023-11-09 17:06:00 +01:00
Jérémy Dubois aed20187de use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00
Jérémy Dubois 28021670f0 yamllint, ansible-lint, and tags everywhere 2023-10-23 09:33:33 +02:00
Jérémy Dubois a217bb2e56 base: deactivate insults in sudo 2023-10-13 11:52:41 +02:00
Jérémy Dubois 832e93da0d base: ignore errors on packages installation because it fails for some packages when run in check mode 2023-10-13 11:52:40 +02:00
Jérémy Dubois ced4098192 collectd: fix rights for collectd directory 2023-10-13 11:52:22 +02:00
Jérémy Dubois 7aa588528c base: doas configuration for ipmi_sensor NRPE check 2023-10-13 11:52:22 +02:00
Jérémy Dubois afba3ad7e1 nagios-nrpe: add the ipmi_sensor check 2023-10-13 11:52:21 +02:00
Jérémy Dubois 05bdef9ab8 etc-git: add versioning for /var/unbound/etc 2023-10-13 11:52:19 +02:00
Jérémy Lecour b2438dde80
evomaintenance: upstream release 23.10.1 2023-10-09 18:12:05 +02:00
Jérémy Lecour f644f8c449
evomaintenance: upstream release 23.10 2023-10-09 17:03:21 +02:00
Jérémy Dubois a0139688c6 accounts: create only users who have a certain value for the create key (default: always) 2023-06-20 11:03:55 +02:00
Jérémy Dubois a66e1c1ee9 accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet 2023-06-20 10:41:52 +02:00
Jérémy Dubois b4e1afa698 base: rename sudo task 2023-06-20 10:21:18 +02:00
Jérémy Dubois 5ca86431eb base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it 2023-06-20 10:17:00 +02:00
Jérémy Dubois 8a63c8336f evocheck: upstream release 23.06 2023-06-05 11:46:12 +02:00
Jérémy Dubois d2574faaef base: upstream release 23.06 2023-06-05 10:46:53 +02:00
Jérémy Dubois f43405991e base: install ncdu and htop often used as diagnostic tools 2023-05-30 11:09:50 +02:00
Jérémy Dubois e4bc6c1d97 collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them 2023-04-25 10:12:44 +02:00
Jérémy Dubois 6f97857b91 post-install: execute only once an hour 2023-04-13 17:57:54 +02:00
Jérémy Dubois 264c58a03d evobackup: execute canary script before executing backup script 2023-03-23 11:41:28 +01:00
Jérémy Dubois 7ab102376f base: upstream release 23.03 2023-03-23 11:41:27 +01:00
Jérémy Dubois 81d8774885 evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash ; base: install bash, now needed for zzz_evobackup script 2023-03-23 11:41:27 +01:00
Jérémy Dubois 9c450ff11b nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-23 11:41:21 +01:00
Jérémy Dubois f801218789 nagios-nrpe: allow older cipher suites for older Icinga version 2023-03-15 16:13:41 +01:00
Jérémy Dubois a045995c01 post-install: add the pf_states check by default in script 2023-03-15 16:03:58 +01:00
Jérémy Dubois c7e3b2d9ac base: set the lookup option so that resolv.conf searches /etc/hosts before querying a domain name server; the default is the opposite 2023-03-15 15:55:41 +01:00