evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity
338 commits 2 branches 3 tags 668 KiB
Commit graph

268 commits

Author SHA1 Message Date
Jérémy Dubois ab7cc1189f base: add update-evobackup-canary script 2022-06-09 15:07:38 +02:00
Jérémy Dubois f4e07b4578 pf : reorder some rules, more details on some comments 2022-05-18 09:57:56 +02:00
Jérémy Dubois b220c1934d yamllint 2022-05-18 09:56:07 +02:00
Jérémy Dubois 19a0ebb8ea base: import last zzz_evobackup upstream version 2022-05-18 09:53:21 +02:00
Jérémy Dubois 950dbaec21 post-install: ignore errors from syspatch 2022-05-03 17:22:20 +02:00
Jérémy Dubois 1f07862c84 etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible 
Using ansible-commit script from ansible-roles
 2022-05-03 15:55:45 +02:00
Jérémy Dubois 6ef04839c4 fix copyright evocommit 2022-05-03 15:22:18 +02:00
Jérémy Dubois 335969ed42 post-install: group root does not exist, fix 2022-04-27 17:14:11 +02:00
Jérémy Dubois 445c6afe1f etc-git: fix when condition for /usr/share/scripts dir 2022-04-27 17:13:44 +02:00
Jérémy Dubois 2dc7d3073f post-install: fix syntax error 2022-04-26 18:06:55 +02:00
Jérémy Dubois be9f183359 Import last evocheck.sh version 2022-04-14 09:54:58 +02:00
Jérémy Dubois bb43bc5370 etc-git: add quote to numerical value so that it is seen as a string 2022-04-13 18:08:15 +02:00
Jérémy Dubois 490b733f1a etc-git: create gitignore files differently so that it stays idempotent 2022-04-13 17:53:09 +02:00
Jérémy Dubois e1ae8fefb9 post-install: add the date into the ldif generated file 2022-04-13 17:26:59 +02:00
Jérémy Dubois 46b9baf601 base: import last zzz_evobackup upstream version 2022-04-13 17:10:52 +02:00
Jérémy Dubois f57e9934ff Applying fix from yamllint and ansible-lint 2022-04-13 16:57:39 +02:00
Jérémy Dubois 1939ca3142 renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file 2022-04-13 16:22:26 +02:00
Jérémy Dubois 04bdff87f4 base: add a "next_part" before executing evobackup in daily.local file 2022-04-13 16:19:41 +02:00
Jérémy Dubois 5481bb4698 evocheck: upstream release 22.04 2022-04-13 15:58:25 +02:00
Jérémy Dubois bd1d29b1bd nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state 2022-04-13 15:41:47 +02:00
Jérémy Dubois bbe56e3422 etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks + add versioning for /usr/share/scripts 2022-04-13 15:28:10 +02:00
Jérémy Dubois e0c27ff083 collectd: add dhcp_pool.pl script 2022-04-08 16:48:02 +02:00
Jérémy Dubois 07f4dadd0e base: import dump-server-state.sh script 2022-03-31 18:18:10 +02:00
Jérémy Dubois ce886fdc1d post-install : improve management of ldif file for ldap 2022-03-31 16:05:19 +02:00
Jérémy Dubois bdda2b7b79 nagios-nrpe : add a check dhcp_pool 2022-03-31 11:57:45 +02:00
Jérémy Dubois 40ed5b0437 nagios-nrpe : handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh 2022-03-31 10:07:40 +02:00
Jérémy Dubois eb96fd41b2 base: zzz_evobackup upstream release 22.03 2022-03-25 18:09:08 +01:00
Jérémy Dubois 30a601b2e1 Import last evocheck.sh version 2022-03-10 16:48:19 +01:00
Jérémy Dubois b114d139d4 post-install: add a version number to motd-carp-state.sh 2022-03-10 15:59:28 +01:00
Jérémy Dubois ecacb00018 Import last evomaintenance and evobackup scripts 2022-02-08 10:19:46 +01:00
Jérémy Dubois 576e13db78 base: set the title of the terminal when connecting to a server 2022-02-07 11:05:36 +01:00
Jérémy Dubois a34f3d606b Fix motd-carp-state.sh 
The current release is not necessarily the first line of dmesg.boot
 2022-01-26 14:54:11 +01:00
Jérémy Dubois fe6235f8fb Multiple fixes 
- accounts : the user.yml task has a loop in a loop, var name need to be changed
- base, kshrc : fix a previously deleted command on which is based the command that follows
- base, ntp : do not display this task as a change, it only gets some information
 2022-01-25 17:28:28 +01:00
Jérémy Dubois 66c84dca6c Delete the deprecated OpenVPN role 2022-01-24 19:11:37 +01:00
Jérémy Dubois 93f21a947c base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history 
"set -A" options are for ksh only
 2022-01-07 18:12:09 +01:00
Jérémy Dubois 4506c835c5 Improve syntax of accounts role and fix missing tags 2022-01-06 12:01:22 +01:00
Jérémy Dubois f0ecc79696 accounts: use "evobsd_internal_group" for SSH authentication 2022-01-05 11:16:18 +01:00
Jérémy Dubois 7b337c2db1 Update README, change needed vars files, edit .gitignore and remove unneeded environment variable 2021-12-17 16:22:31 +01:00
Jérémy Dubois 4522546edd Add NRPE check bioctl for RAID devices and fix CHANGELOG and README syntax 2021-12-15 16:34:34 +01:00
Jérémy Dubois 798a87b0ff Configure locale to en_US.UTF-8, use vim as default git edit, and bump EvoBSD version 
Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly
Use vim as default git editor for the same reason, and because its better than vi
Bump EvoBSD version : OpenBSD 7.0 is out
 2021-12-09 11:03:38 +01:00
Jérémy Dubois 85fe9f6703 Comment out default check_bgpd in NRPE role 
This check is not used as is and must be customized.
I comment it out so we do not confuse it with the customized one.
 2021-12-09 10:31:51 +01:00
Jérémy Dubois e6e05268e5 Fix check_ipsecctl_critiques.sh 2021-11-18 14:53:45 +01:00
Jérémy Dubois 218568fc13 Add comment to check_ipsecctl_critiques.sh : how to use 2021-10-20 16:05:27 +02:00
Jérémy Dubois fe3d2035f5 Add full ipsecctl check script 
Different ipsecctl checks are currently used one the servers with no convention,
so I created one template with all that has to be checked.
 2021-10-15 11:55:46 +02:00
Jérémy Dubois 9269b13123 Convert values in string 2021-10-14 18:07:54 +02:00
Jérémy Dubois 3ccc0ca924 Force task to run in check mode for NTP configuration 2021-10-14 18:06:50 +02:00
Jérémy Dubois 1bfa1d61f0 Import last evocheck.sh version 2021-10-07 15:02:26 +02:00
Jérémy Dubois b68a18a4f5 Import last version of evocheck script 2021-09-17 17:16:17 +02:00
Jérémy Dubois c5f478c584 Update NRPE and doas configuration for checks mailq and openvpn_certificates 
- Fix check_mailq : the check from monitoring-plugins current version is not
  compatible with opensmtpd. I picked the last version from the GIT repository,
  and adjusted nrpe and doas configuration
- Add doas configuration for check_openvpn_certificates.sh : some servers need
  doas, others don't. Better to set it everywhere.
 2021-07-27 18:02:49 +02:00
Jérémy Dubois 1abf0f636c Fix check_dhcpd 
/usr/local/libexec/nagios/check_dhcp does not work on server itself
Using back /usr/local/libexec/nagios/check_procs -c1: -C dhcpd
And removing doas configuration
 2021-07-23 16:34:34 +02:00
Jérémy Dubois 82137026db Import fix of evocheck.sh script 2021-07-23 16:33:36 +02:00
Jérémy Dubois 91ef49f7b3 Import 6.9.1 version of evocheck 2021-07-23 16:02:40 +02:00
Jérémy Dubois 7046e193e0 Configure the ntpd.conf file and bump version 2021-07-19 15:27:57 +02:00
Jérémy Dubois b1aa50a717 Import 6.9.0 evocheck version 2021-07-16 14:58:20 +02:00
Jérémy Dubois 14ec1ca13b Shifting check carp number to match the interface number 2021-07-16 11:27:44 +02:00
Jérémy Dubois 3fc1dabec4 check_openvpn_certificates.sh : fix conf_file var definition 
Sometimes, OpenVPN run multiples processes
 2021-06-10 16:15:35 +02:00
Jérémy Dubois 8cd6b0bda6 Import last version of zzz_evobackup and evocheck.sh scripts 2021-05-25 21:09:23 +02:00
Jérémy Dubois f8a9a86bdd Added info on possible causes of error for openvpn check 2021-05-25 15:19:06 +02:00
Jérémy Dubois a0f8339705 Change evomaintenance files mode 2021-05-17 11:36:36 +02:00
Tristan Pilat 1364451198 Following the release of OpenBSD 6.9, the VERBOSESTATUS variable is no longer valid in the daily.local configuration file 2021-05-06 15:03:37 +02:00
Jérémy Dubois 2dae2d1ae4 Fix typo
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2021-02-15 18:56:24 +01:00
Jérémy Dubois b3496692b2 Fix motd-carp-state.sh 
Update the OpenBSD release in our customized motd
 2021-02-15 18:25:52 +01:00
Jérémy Dubois 54455a63df Fix check_free_mem.sh : cached RAM now is free RAM 2021-02-15 17:30:25 +01:00
Jérémy Dubois d7a427bd7f check_openvpn_certificates.sh : fix date format
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2021-02-08 17:29:46 +01:00
Jérémy Dubois 0c55f87727 Update CHANGELOG and add a check_openvpn_certificates
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2021-02-08 16:30:05 +01:00
Jérémy Dubois 60103070f2 Fix NRPE check_mem
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
The percentage sign must be precised. Without it, the check is done checking
the memory in MB.
 2021-02-03 11:57:47 +01:00
Jérémy Dubois 7f5627f6bd Import last version of zzz_evobackup file
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2021-01-07 09:48:38 +01:00
Jérémy Dubois 55745e1a62 nagios-nrpe role : change variables name
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-12-10 19:36:00 +01:00
Jérémy Dubois 8a2111561f Improve PacketFilter role 
Replace hards IP with variable
Add a README file
 2020-12-10 19:23:18 +01:00
Tristan PILAT 48ea75957d Add new exceptions to Logsentry ignore files
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-12-02 17:45:38 +01:00
Tristan PILAT 7d24b11fa9 Add tasks to copy customized configuration files 2020-11-24 16:27:29 +01:00
Tristan PILAT 6782746f3c Add customized logsentry configuration 2020-11-24 16:26:02 +01:00
Jérémy Dubois 389f1a8eae Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-11-16 11:24:47 +01:00
Jérémy Dubois 8cddc5e9ae Fix logsentry.sh file name in task
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-10-30 10:49:23 +01:00
Tristan PILAT d84fc581d8 Add a new role - Logsentry is a tool that scans system logs to report suspicious/unusual activity 2020-10-30 10:06:36 +01:00
Jérémy Dubois e9a1373a30 Add file to .gitignore
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details 
This file is frequently updated after a user connection to OpenVPN, so we do
not want to track it.
 2020-10-27 11:05:46 +01:00
Jérémy Dubois 9a07552731 Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-10-27 10:45:11 +01:00
Jérémy Dubois 381aa50e37 Deletion of simple quotes preventing the task to be correctly executed
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-26 16:40:53 +01:00
Jérémy Dubois 6613c70446 Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
Some checks failed
continuous-integration/drone/push Build is failing
Details 
This reverts commit 4012a014ce.
Versions older than 5.7 are … old.
We do not handle versions that old.
 2020-10-23 10:17:12 +02:00
Jérémy Dubois a26d6e13cb yamllint line-lenght and empty-line
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-23 10:15:57 +02:00
Jérémy Dubois f648f332dd Import 6.7.7 evocheck version
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-22 18:18:28 +02:00
Jérémy Dubois 4012a014ce Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-22 11:52:54 +02:00
Jérémy Dubois 4db9d006a2 Allow evolinux-sudo group to sudo
Some checks failed
continuous-integration/drone/push Build is failing
Details 
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
 2020-10-22 11:28:06 +02:00
Jérémy Dubois d7701d32da Comment on checks that cannot be used as is - v3
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-22 10:34:13 +02:00
Jérémy Dubois 42f5d2c10e Add "create; true" to other task, needed when running in check mode
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-21 15:47:23 +02:00
Jérémy Dubois 44d145e33b Add "create; true" to task, needed when running in check mode
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-21 10:52:39 +02:00
Jérémy Dubois 5ef4a403d2 We should be able to execute evomaintence.sh as soon as we can SSH to the server 2020-10-20 15:57:35 +02:00
Jérémy Dubois 9eeba0c0ab Add a doas authorization for NRPE 2020-10-20 15:10:12 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed 
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
 2020-10-15 11:01:52 +02:00
Jérémy Dubois 4a0e552691 Import evocheck v.6.7.6 2020-10-15 10:21:02 +02:00
Jérémy Dubois a7b96d9f67 Fstab : we now also add noatime to each partitions 2020-10-15 09:57:02 +02:00
Jérémy Dubois 4c902eda5a Fstab : change only ffs file system 2020-10-14 18:05:29 +02:00
Jérémy Dubois 4610661299 Fix add of multiple motd cron 
Do not add motd cron again if the same line is already there but uncommented
 2020-10-14 17:39:23 +02:00
Jérémy Dubois ff1f728102 Doas authorization for collectd 
We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
 2020-10-14 17:39:23 +02:00
Jérémy Dubois cc80aefac7 NRPE plugins dir was not created 2020-10-14 17:39:23 +02:00
Jérémy Dubois 6dd4b6b8aa Syspatch is not available before OpenBSD 6.1 2020-10-14 17:39:23 +02:00
Jérémy Dubois 556d98c170 Variable ansible_fqdn is often not the name of the server 2020-10-14 17:39:23 +02:00
Jérémy Dubois 7ecf7be4a4 Do not remove line that would have a customized subject 2020-10-14 17:39:09 +02:00
Jérémy Dubois 213e4a7bcd Comment on checks that cannot be used as is - v2
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-14 14:55:10 +02:00
Jérémy Dubois 592a2f8337 Comment on checks that cannot be used as is
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-14 12:25:55 +02:00