Commit Graph

391 Commits

Author SHA1 Message Date
Jérémy Dubois 6a2faf5649 Use a new evobsd_ssl_cert_hostname var instead of ansible_fqdn
On OpenBSD, ansible_fqdn is the reverse of the IP, which is not always properly configured
2024-02-20 15:30:25 +01:00
Jérémy Dubois f2451118c4 ospf, bgp: fix checks scripts 2024-02-19 10:37:31 +01:00
Ludovic Poujol 28851698e6
nagios-nrpe: configure server certificate for nrpe daemon 2024-02-16 11:00:48 +01:00
Ludovic Poujol 9fe7825499
base: Generate default (self-signed) certificate
Create /etc/ssl/certs on OpenBSD to follow Linux/Debian
Don't change the owner/group of generated files (for now)
2024-02-16 10:45:32 +01:00
Ludovic Poujol f7b29deda3
base: Generate default (self-signed) certificate 2024-02-15 12:18:29 +01:00
Ludovic Poujol 43e8ebfa0a
Changelog for previous commit bce501dee0 2024-02-15 11:50:32 +01:00
Ludovic Poujol bce501dee0 etc-git: Remove deprecated/unsupported "warn" parameter 2024-02-15 11:28:42 +01:00
Jérémy Dubois 70ab0c80de accounts: add a "users" tag
So that new users are not created and customized password are not reset based on vars files when executing evolixisation.yml again
2024-01-26 14:39:42 +01:00
Jérémy Dubois bf1bb2f80e base: dump-server-state.sh upstream release 24.01 2024-01-12 15:02:32 +01:00
Jérémy Dubois a61f2423bc Remove multiple spaces 2023-12-15 16:23:31 +01:00
Jérémy Dubois 7dd930afcb nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP 2023-12-15 15:46:15 +01:00
Jérémy Dubois 8e18b6972a post-install: execute motd-carp-state.sh every 10 minuts 2023-12-11 17:44:41 +01:00
Jérémy Dubois 63212accdd forwarding: added tags to distinguish IPv4 from IPv6 2023-11-13 17:45:33 +01:00
Jérémy Dubois aee18bfde9 base: configure "/var/log" for servers that have a mount on it 2023-11-13 16:01:47 +01:00
Jérémy Dubois 1f0011ad2a accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00
Jérémy Dubois 6822eaa4f0 base: added handlers for entries in fstab 2023-11-09 17:06:00 +01:00
Jérémy Dubois aed20187de use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00
Jérémy Dubois 28021670f0 yamllint, ansible-lint, and tags everywhere 2023-10-23 09:33:33 +02:00
Jérémy Dubois a217bb2e56 base: deactivate insults in sudo 2023-10-13 11:52:41 +02:00
Jérémy Dubois 832e93da0d base: ignore errors on packages installation because it fails for some packages when run in check mode 2023-10-13 11:52:40 +02:00
Jérémy Dubois ced4098192 collectd: fix rights for collectd directory 2023-10-13 11:52:22 +02:00
Jérémy Dubois 7aa588528c base: doas configuration for ipmi_sensor NRPE check 2023-10-13 11:52:22 +02:00
Jérémy Dubois afba3ad7e1 nagios-nrpe: add the ipmi_sensor check 2023-10-13 11:52:21 +02:00
Jérémy Dubois 05bdef9ab8 etc-git: add versioning for /var/unbound/etc 2023-10-13 11:52:19 +02:00
Jérémy Lecour b2438dde80
evomaintenance: upstream release 23.10.1 2023-10-09 18:12:05 +02:00
Jérémy Lecour f644f8c449
evomaintenance: upstream release 23.10 2023-10-09 17:03:21 +02:00
Jérémy Dubois a0139688c6 accounts: create only users who have a certain value for the `create` key (default: `always`) 2023-06-20 11:03:55 +02:00
Jérémy Dubois a66e1c1ee9 accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet 2023-06-20 10:41:52 +02:00
Jérémy Dubois b4e1afa698 base: rename sudo task 2023-06-20 10:21:18 +02:00
Jérémy Dubois 5ca86431eb base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it 2023-06-20 10:17:00 +02:00
Jérémy Dubois 8a63c8336f evocheck: upstream release 23.06 2023-06-05 11:46:12 +02:00
Jérémy Dubois d2574faaef base: dump-server-state.sh upstream release 23.06 2023-06-05 10:46:53 +02:00
Jérémy Dubois f43405991e base: install ncdu and htop often used as diagnostic tools 2023-05-30 11:09:50 +02:00
Jérémy Dubois e4bc6c1d97 collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them 2023-04-25 10:12:44 +02:00
Jérémy Dubois 6f97857b91 post-install: execute motd-carp-state.sh only once an hour 2023-04-13 17:57:54 +02:00
Jérémy Dubois 264c58a03d evobackup: execute canary script before executing backup script 2023-03-23 11:41:28 +01:00
Jérémy Dubois 7ab102376f base: dump-server-state.sh upstream release 23.03 2023-03-23 11:41:27 +01:00
Jérémy Dubois 81d8774885 evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash ; base: install bash, now needed for zzz_evobackup script 2023-03-23 11:41:27 +01:00
Jérémy Dubois 9c450ff11b nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-23 11:41:21 +01:00
Jérémy Dubois f801218789 nagios-nrpe: allow older cipher suites for older Icinga version 2023-03-15 16:13:41 +01:00
Jérémy Dubois a045995c01 post-install: add the pf_states check by default in generateldif.sh script 2023-03-15 16:03:58 +01:00
Jérémy Dubois c7e3b2d9ac base: set the lookup option so that resolv.conf searches /etc/hosts before querying a domain name server; the default is the opposite 2023-03-15 15:55:41 +01:00
Jérémy Dubois f42477c8fb nagios-nrpe: check_ipsecctl.sh is never used standalone for check_vpn, always called by check_ipsecctl_critiques.sh 2023-03-15 15:27:04 +01:00
Jérémy Dubois 3a0db4bfb4 nagios-nrpe: changed check_load to make it more relevant 2023-03-03 16:28:43 +01:00
Jérémy Dubois 394b71c947 ospf: do not repeat use of command, use variable instead with output of command 2023-03-01 14:57:22 +01:00
Jérémy Dubois ccdd16c523 collectd: improve dns_stats.sh script for more metrics 2023-02-17 16:21:36 +01:00
Jérémy Dubois 84e6ccec4f base: doas configuration for _collectd user is managed in collectd role, not needed to have it by default 2023-02-17 16:20:32 +01:00
Jérémy Dubois 7258d99d13 logsentry: delete unused default file that we put in /usr/share/scripts 2023-02-16 16:44:06 +01:00
Jérémy Dubois 60fd0e1e38 logsentry: fix variables for configuration files 2023-02-16 16:40:53 +01:00
Jérémy Dubois e7ff98662f ospf: precise in the readme file that no daemon is configured/activated 2023-02-16 16:31:17 +01:00