Commit graph

399 commits

Author SHA1 Message Date
Jérémy Dubois 7f5627f6bd Import last version of zzz_evobackup file
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-07 09:48:38 +01:00
Jérémy Dubois 55745e1a62 nagios-nrpe role : change variables name
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-12-10 19:36:00 +01:00
Jérémy Dubois 8a2111561f Improve PacketFilter role
Replace hards IP with variable
Add a README file
2020-12-10 19:23:18 +01:00
Tristan PILAT 48ea75957d Add new exceptions to Logsentry ignore files
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-12-02 17:45:38 +01:00
Tristan PILAT 7d24b11fa9 Add tasks to copy customized configuration files 2020-11-24 16:27:29 +01:00
Tristan PILAT 6782746f3c Add customized logsentry configuration 2020-11-24 16:26:02 +01:00
Jérémy Dubois 389f1a8eae Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-11-16 11:24:47 +01:00
Jérémy Dubois 8cddc5e9ae Fix logsentry.sh file name in task
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-30 10:49:23 +01:00
Tristan PILAT 7b7edb67c7 Update CHANGELOG and bump to version 6.8.2
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-30 10:09:37 +01:00
Tristan PILAT d84fc581d8 Add a new role - Logsentry is a tool that scans system logs to report suspicious/unusual activity 2020-10-30 10:06:36 +01:00
Jérémy Dubois e9a1373a30 Add file to .gitignore
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
This file is frequently updated after a user connection to OpenVPN, so we do
not want to track it.
2020-10-27 11:05:46 +01:00
Jérémy Dubois 9a07552731 Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-27 10:45:11 +01:00
Jérémy Dubois c242733808 Update README with new version
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-26 17:20:07 +01:00
Jérémy Dubois 563b17d5cd Update CHANGELOG and bump to version 6.8.1
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-26 16:48:02 +01:00
Jérémy Dubois 381aa50e37 Deletion of simple quotes preventing the task to be correctly executed
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-26 16:40:53 +01:00
Jérémy Lecour f89751669f Merge pull request 'Release of EvoBSD 6.8.0' (#37) from dev into master
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/tag Build is failing
Reviewed-on: #37
Reviewed-by: Jérémy Lecour <jlecour@noreply.gitea.evolix.org>
2020-10-23 12:13:26 +02:00
Tristan PILAT c54d0decb8 Update README file - amend version number and command examples
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-23 11:40:22 +02:00
Tristan PILAT 864f85a49a Change default Python version to 3.x 2020-10-23 11:38:56 +02:00
Tristan PILAT fd4bdf9dcc Update CHANGELOG and bump to version 6.8.0
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-23 11:29:31 +02:00
Jérémy Dubois 6613c70446 Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
Some checks failed
continuous-integration/drone/push Build is failing
This reverts commit 4012a014ce.
Versions older than 5.7 are … old.
We do not handle versions that old.
2020-10-23 10:17:12 +02:00
Jérémy Dubois a26d6e13cb yamllint line-lenght and empty-line
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-23 10:15:57 +02:00
Jérémy Dubois 5540aea87d Add empty vars_files for them not to generate errors
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-23 10:02:26 +02:00
Jérémy Dubois f648f332dd Import 6.7.7 evocheck version
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-22 18:18:28 +02:00
Jérémy Dubois 4012a014ce Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-22 11:52:54 +02:00
Jérémy Dubois 4db9d006a2 Allow evolinux-sudo group to sudo
Some checks failed
continuous-integration/drone/push Build is failing
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
2020-10-22 11:28:06 +02:00
Jérémy Dubois d7701d32da Comment on checks that cannot be used as is - v3
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-22 10:34:13 +02:00
Jérémy Dubois 42f5d2c10e Add "create; true" to other task, needed when running in check mode
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-21 15:47:23 +02:00
Jérémy Dubois 44d145e33b Add "create; true" to task, needed when running in check mode
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-21 10:52:39 +02:00
Jérémy Dubois 5ef4a403d2 We should be able to execute evomaintence.sh as soon as we can SSH to the server 2020-10-20 15:57:35 +02:00
Jérémy Dubois 9eeba0c0ab Add a doas authorization for NRPE 2020-10-20 15:10:12 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00
Jérémy Dubois 4a0e552691 Import evocheck v.6.7.6 2020-10-15 10:21:02 +02:00
Jérémy Dubois a7b96d9f67 Fstab : we now also add noatime to each partitions 2020-10-15 09:57:02 +02:00
Jérémy Dubois 4c902eda5a Fstab : change only ffs file system 2020-10-14 18:05:29 +02:00
Jérémy Dubois 4610661299 Fix add of multiple motd cron
Do not add motd cron again if the same line is already there but uncommented
2020-10-14 17:39:23 +02:00
Jérémy Dubois ff1f728102 Doas authorization for collectd
We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
2020-10-14 17:39:23 +02:00
Jérémy Dubois cc80aefac7 NRPE plugins dir was not created 2020-10-14 17:39:23 +02:00
Jérémy Dubois 6dd4b6b8aa Syspatch is not available before OpenBSD 6.1 2020-10-14 17:39:23 +02:00
Jérémy Dubois 556d98c170 Variable ansible_fqdn is often not the name of the server 2020-10-14 17:39:23 +02:00
Jérémy Dubois 7ecf7be4a4 Do not remove line that would have a customized subject 2020-10-14 17:39:09 +02:00
Jérémy Dubois 213e4a7bcd Comment on checks that cannot be used as is - v2
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-14 14:55:10 +02:00
Jérémy Dubois 592a2f8337 Comment on checks that cannot be used as is
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-14 12:25:55 +02:00
Jérémy Dubois 68586d6450 Fstab role : do not change lines beggining with "#"
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-14 12:14:58 +02:00
Jérémy Dubois 37ec518850 The pf_states NRPE check does not contain any variable, it can be in files folder
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-14 12:13:52 +02:00
Jérémy Dubois 5adeaa31e1 Add a pf tag that we skip for subsequent use
Some checks failed
continuous-integration/drone/push Build is failing
PacketFilter need to be customized only once, at the first use.
After that, pf.conf will be modified on the server for the needs of the
network. It must not be overwriten.
2020-10-14 09:40:59 +02:00
Jérémy Dubois dc2707c004 Fix typo
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-13 16:16:52 +02:00
Jérémy Dubois 2bf8a7e872 Stricter ssh and doas access - better version
Some checks failed
continuous-integration/drone/push Build is failing
Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Jérémy Dubois a606230d93 We always need these Evolix vars_files which overwrite defaults values
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-13 16:01:16 +02:00
Tristan PILAT b925a9f84d Update CHANGELOG and bump to version 6.7.2
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-13 14:46:14 +02:00
Jérémy Dubois 7ddc1ab72f Fix NRPE check file name
Some checks failed
continuous-integration/drone/push Build is failing
2020-10-13 12:02:48 +02:00