evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity
392 commits 2 branches 3 tags 660 KiB
Commit graph

136 commits

Author SHA1 Message Date
Jérémy Dubois f57e9934ff Applying fix from yamllint and ansible-lint 2022-04-13 16:57:39 +02:00
Jérémy Dubois 04bdff87f4 base: add a "next_part" before executing evobackup in daily.local file 2022-04-13 16:19:41 +02:00
Jérémy Dubois 07f4dadd0e base: import dump-server-state.sh script 2022-03-31 18:18:10 +02:00
Jérémy Dubois eb96fd41b2 base: zzz_evobackup upstream release 22.03 2022-03-25 18:09:08 +01:00
Jérémy Dubois ecacb00018 Import last evomaintenance and evobackup scripts 2022-02-08 10:19:46 +01:00
Jérémy Dubois 576e13db78 base: set the title of the terminal when connecting to a server 2022-02-07 11:05:36 +01:00
Jérémy Dubois fe6235f8fb Multiple fixes 
- accounts : the user.yml task has a loop in a loop, var name need to be changed
- base, kshrc : fix a previously deleted command on which is based the command that follows
- base, ntp : do not display this task as a change, it only gets some information
 2022-01-25 17:28:28 +01:00
Jérémy Dubois 93f21a947c base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history 
"set -A" options are for ksh only
 2022-01-07 18:12:09 +01:00
Jérémy Dubois 7b337c2db1 Update README, change needed vars files, edit .gitignore and remove unneeded environment variable 2021-12-17 16:22:31 +01:00
Jérémy Dubois 798a87b0ff Configure locale to en_US.UTF-8, use vim as default git edit, and bump EvoBSD version 
Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly
Use vim as default git editor for the same reason, and because its better than vi
Bump EvoBSD version : OpenBSD 7.0 is out
 2021-12-09 11:03:38 +01:00
Jérémy Dubois 3ccc0ca924 Force task to run in check mode for NTP configuration 2021-10-14 18:06:50 +02:00
Jérémy Dubois c5f478c584 Update NRPE and doas configuration for checks mailq and openvpn_certificates 
- Fix check_mailq : the check from monitoring-plugins current version is not
  compatible with opensmtpd. I picked the last version from the GIT repository,
  and adjusted nrpe and doas configuration
- Add doas configuration for check_openvpn_certificates.sh : some servers need
  doas, others don't. Better to set it everywhere.
 2021-07-27 18:02:49 +02:00
Jérémy Dubois 1abf0f636c Fix check_dhcpd 
/usr/local/libexec/nagios/check_dhcp does not work on server itself
Using back /usr/local/libexec/nagios/check_procs -c1: -C dhcpd
And removing doas configuration
 2021-07-23 16:34:34 +02:00
Jérémy Dubois 7046e193e0 Configure the ntpd.conf file and bump version 2021-07-19 15:27:57 +02:00
Jérémy Dubois 8cd6b0bda6 Import last version of zzz_evobackup and evocheck.sh scripts 2021-05-25 21:09:23 +02:00
Jérémy Dubois a0f8339705 Change evomaintenance files mode 2021-05-17 11:36:36 +02:00
Tristan Pilat 1364451198 Following the release of OpenBSD 6.9, the VERBOSESTATUS variable is no longer valid in the daily.local configuration file 2021-05-06 15:03:37 +02:00
Jérémy Dubois 7f5627f6bd Import last version of zzz_evobackup file
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2021-01-07 09:48:38 +01:00
Jérémy Dubois 389f1a8eae Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-11-16 11:24:47 +01:00
Jérémy Dubois 9a07552731 Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-10-27 10:45:11 +01:00
Jérémy Dubois a26d6e13cb yamllint line-lenght and empty-line
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-23 10:15:57 +02:00
Jérémy Dubois 4db9d006a2 Allow evolinux-sudo group to sudo
Some checks failed
continuous-integration/drone/push Build is failing
Details 
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
 2020-10-22 11:28:06 +02:00
Jérémy Dubois 5ef4a403d2 We should be able to execute evomaintence.sh as soon as we can SSH to the server 2020-10-20 15:57:35 +02:00
Jérémy Dubois 9eeba0c0ab Add a doas authorization for NRPE 2020-10-20 15:10:12 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed 
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
 2020-10-15 11:01:52 +02:00
Jérémy Dubois a7b96d9f67 Fstab : we now also add noatime to each partitions 2020-10-15 09:57:02 +02:00
Jérémy Dubois 4c902eda5a Fstab : change only ffs file system 2020-10-14 18:05:29 +02:00
Jérémy Dubois ff1f728102 Doas authorization for collectd 
We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
 2020-10-14 17:39:23 +02:00
Jérémy Dubois 7ecf7be4a4 Do not remove line that would have a customized subject 2020-10-14 17:39:09 +02:00
Jérémy Dubois 68586d6450 Fstab role : do not change lines beggining with "#"
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-14 12:14:58 +02:00
Jérémy Dubois 2bf8a7e872 Stricter ssh and doas access - better version
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
 2020-10-13 16:03:54 +02:00
Jérémy Dubois a9ae1b57d4 Do not use litteral tab in configuration 
Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.
 2020-10-13 12:01:18 +02:00
Jérémy Dubois 57acbd6091 Add jinja2 variable for PATH variable environment 2020-10-13 11:44:53 +02:00
Jérémy Dubois a40e2b4750 Merge branch 'dev' into customize_fstab
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-10-12 14:47:02 +02:00
Jérémy Dubois 6b7c7b80c4 yamllint
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-12 14:20:59 +02:00
Jérémy Dubois bd22b0545b sudoers configuration : the tab was broken 2020-10-12 14:16:00 +02:00
Jérémy Dubois c1f66a92e2 Fix add of multiple evobackup cron
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Do not add evobackup cron again if the same line
is already there but uncommented
 2020-10-09 16:14:52 +02:00
Jérémy Dubois 92837424fb Fix weird commits
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-10-09 15:35:23 +02:00
Jérémy Dubois 5fa8e0c9bb Customize fstab with noexec and softdep
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:10 +02:00
Jérémy Dubois bd4748b403 Customize root crontab and daily.local 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 15:21:09 +02:00
Jérémy Dubois 0a4e970ab8 Customize fstab with noexec and softdep 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:08 +02:00
Jérémy Dubois 4f201d3a73 Customize root crontab and daily.local 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 15:21:07 +02:00
Jérémy Dubois e019b79723 yamllint + correction /tmp softdep 
softdep is not added anymore if noexec is
already defined after rw
 2020-10-09 15:21:06 +02:00
Jérémy Dubois 88df904282 Customize fstab with noexec and softdep 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:06 +02:00
Jérémy Dubois c9d1bff1c6 Customize root crontab and daily.local
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 14:15:46 +02:00
Jérémy Dubois 07d83d4994 Delete empty line - yamllint
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-09 10:45:23 +02:00
Jérémy Dubois fa497b280e Configure sudoers umask
Some checks failed
continuous-integration/drone/push Build is failing
Details 
This configuration is checked by evocheck,
so it should be present by default
 2020-10-08 15:42:52 +02:00
Jérémy Dubois 12b2f3d280 Delete evobackup root crontab replaced by daily.local cron 2020-10-08 15:39:50 +02:00
Jérémy Dubois f97317b767 Better rc.local configuration
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Add line before the "echo '.'" line instead of the end
Delete old entry not precising the hostname if still there
 2020-10-08 15:19:52 +02:00
Jérémy Dubois 3a6cd20ab3 Configure the check_packetfilter in NRPE with doas
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-28 17:57:30 +02:00
Jérémy Dubois 593df07f09 We do not net postgresql-client anymore
Some checks failed
continuous-integration/drone/push Build is failing
Details 
We now use an API for evomaintenance instead
of a direct call to postgresql
 2020-06-16 17:17:20 +02:00
Patrick Marchand 98089a3274 Fix yaml lint lines too long
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
 2020-06-04 12:51:53 -04:00
Jérémy Dubois e29e0e9e62 Ansible-lint and yamllint again 
Lot of truthy variables, indentation and trailing spaces
 2020-06-01 11:37:15 +02:00
Jérémy Dubois 2177d43637 Import Evomaintenance 0.6.3 2020-05-18 17:30:54 +02:00
Jérémy Dubois cb2be6ecd2 Change wtmp rotation period 2020-04-22 15:17:46 +02:00
Jérémy Dubois 9b1f5c0f6c Customize newsyslog.conf 2020-04-22 15:06:53 +02:00
Jérémy Dubois 27006f8db7 Doas permissions rearrangement 2020-04-21 16:18:07 +02:00
Jérémy Dubois 05d2b707e1 Add OpenBGPD nrpe check with doas configuration 2020-04-21 14:25:42 +02:00
Jérémy Dubois caf151d05c Import last evobackup client script 
The only difference from Debian version is that /srv does not exist on OpenBSD
and is removed from the backup directory list

Close #21
 2020-04-21 11:42:52 +02:00
Jérémy Dubois f57e0e24f0 Change in depreciated options 
Packages list and comparisons will have a new syntax with future ansible version
 2020-04-21 11:35:45 +02:00
Jérémy Dubois 29afa42c3d Deletion of mailevomaintenance.sh 
We now use the git status cron for uncommited changes
 2020-04-21 11:30:40 +02:00
Tristan Pilat 9c716c5d68 Merge branch 'stricter-access-control' of evolix/EvoBSD into dev 
The changes look good to me. Let's merge to dev!
 2019-11-25 10:03:45 +01:00
Tristan PILAT 70135252c0 Import Evomaintenance 0.6.1 2019-11-19 16:28:12 +01:00
Tristan PILAT f88538858b Import Evomaintenance 0.6.0 2019-11-14 15:07:09 +01:00
Patrick Marchand 8b1ce861e3 Add stricter ssh and doas access 2019-09-19 17:07:01 -04:00
Tristan PILAT d736455327 Please, we don't want the mouse function enabled in vim 2019-09-17 10:43:37 +02:00
Tristan Pilat 6b309ee32c Merge branch 'evomaintenance_22_08_19' of evolix/EvoBSD into dev 
Cool
 2019-09-17 10:38:03 +02:00
Patrick Marchand 3e3eb695b4 Merge branch 'replace_sudo_with_doas' into dev 
Any new checks should use doas as well.
 2019-09-03 17:43:22 +02:00
Patrick Marchand 18ac01cbb3 Apply latest dev branch to check_dhcpd branch 2019-09-03 11:38:34 -04:00
Patrick Marchand a994225c27 Merge check_connections_state into dev 2019-09-03 11:34:14 -04:00
Tristan PILAT 70e49781d9 Import evomaintenance after last overhaul 2019-08-22 17:24:03 +02:00
Jérémy Dubois f305b3420b Replace all sudo occurences with doas 2019-07-15 18:25:25 +02:00
Jérémy Dubois a23a6efca8 Replace sudo with doas 2019-07-15 17:44:05 +02:00
Jérémy Dubois 1b5196d6a4 Replace sudo with doas 2019-07-15 17:29:36 +02:00
Patrick Marchand f456e4abf2 Fix typo in pkg name 
Wrote postgresql withouth the g...
 2019-05-13 14:52:54 +02:00
Patrick Marchand 1cab5efc1d Reverts erroneous removal of postrgres-client pkg 2019-05-13 14:52:54 +02:00
Tristan PILAT 38273ecf33 Add a title in the daily output mail for the git status report 2019-05-13 14:52:54 +02:00
Tristan PILAT b23a579603 We have to make sure the daily.local file exists otherwise the playbook fails 2019-05-13 14:52:54 +02:00
Tristan PILAT 798a482787 Load root's environment when using doas 2019-04-23 20:50:02 +02:00
Jérémy Dubois 0f1b209370 Configure check_dhcpd 2019-04-19 15:21:08 +02:00
Jérémy Dubois 4ef630285d Add check_connections_state 
Script to check if connections are UP, and if so,
check whether main connection is correctly used.
Also add configuration to use with nrpe and sudo.
 2019-04-09 15:53:45 +02:00
Tristan PILAT 01278281bd Bring some completion functions in root's profile dotfile 2019-03-22 16:05:33 +01:00
Tristan PILAT 1d6eaa1270 sndiod is not needed, let's disable it 2019-03-22 16:05:02 +01:00
Tristan PILAT 74464346a2 We don't need a separate task to install sudo 2019-03-22 16:04:44 +01:00
Tristan PILAT 3ce0addd59 Fix daily.local file permissions 2019-01-22 10:31:29 +01:00
Tristan PILAT b555fb1222 Add initial project 2018-12-28 11:23:49 +01:00