Jérémy Dubois
68586d6450
Fstab role : do not change lines beggining with "#"
continuous-integration/drone/push Build is failing
2020-10-14 12:14:58 +02:00
Jérémy Dubois
2bf8a7e872
Stricter ssh and doas access - better version
...
continuous-integration/drone/push Build is failing
Fix #34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Jérémy Dubois
a9ae1b57d4
Do not use litteral tab in configuration
...
Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.
2020-10-13 12:01:18 +02:00
Jérémy Dubois
57acbd6091
Add jinja2 variable for PATH variable environment
2020-10-13 11:44:53 +02:00
Jérémy Dubois
a40e2b4750
Merge branch 'dev' into customize_fstab
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-12 14:47:02 +02:00
Jérémy Dubois
6b7c7b80c4
yamllint
continuous-integration/drone/push Build is failing
2020-10-12 14:20:59 +02:00
Jérémy Dubois
bd22b0545b
sudoers configuration : the tab was broken
2020-10-12 14:16:00 +02:00
Jérémy Dubois
c1f66a92e2
Fix add of multiple evobackup cron
...
continuous-integration/drone/push Build is failing
Do not add evobackup cron again if the same line
is already there but uncommented
2020-10-09 16:14:52 +02:00
Jérémy Dubois
92837424fb
Fix weird commits
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-09 15:35:23 +02:00
Jérémy Dubois
5fa8e0c9bb
Customize fstab with noexec and softdep
...
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:10 +02:00
Jérémy Dubois
bd4748b403
Customize root crontab and daily.local
...
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 15:21:09 +02:00
Jérémy Dubois
0a4e970ab8
Customize fstab with noexec and softdep
...
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:08 +02:00
Jérémy Dubois
4f201d3a73
Customize root crontab and daily.local
...
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 15:21:07 +02:00
Jérémy Dubois
e019b79723
yamllint + correction /tmp softdep
...
softdep is not added anymore if noexec is
already defined after rw
2020-10-09 15:21:06 +02:00
Jérémy Dubois
88df904282
Customize fstab with noexec and softdep
...
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:06 +02:00
Jérémy Dubois
c9d1bff1c6
Customize root crontab and daily.local
...
continuous-integration/drone/push Build is failing
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 14:15:46 +02:00
Jérémy Dubois
07d83d4994
Delete empty line - yamllint
continuous-integration/drone/push Build is failing
2020-10-09 10:45:23 +02:00
Jérémy Dubois
fa497b280e
Configure sudoers umask
...
continuous-integration/drone/push Build is failing
This configuration is checked by evocheck,
so it should be present by default
2020-10-08 15:42:52 +02:00
Jérémy Dubois
12b2f3d280
Delete evobackup root crontab replaced by daily.local cron
2020-10-08 15:39:50 +02:00
Jérémy Dubois
f97317b767
Better rc.local configuration
...
continuous-integration/drone/push Build is failing
Add line before the "echo '.'" line instead of the end
Delete old entry not precising the hostname if still there
2020-10-08 15:19:52 +02:00
Jérémy Dubois
3a6cd20ab3
Configure the check_packetfilter in NRPE with doas
continuous-integration/drone/push Build is failing
2020-07-28 17:57:30 +02:00
Jérémy Dubois
593df07f09
We do not net postgresql-client anymore
...
continuous-integration/drone/push Build is failing
We now use an API for evomaintenance instead
of a direct call to postgresql
2020-06-16 17:17:20 +02:00
Patrick Marchand
98089a3274
Fix yaml lint lines too long
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
2020-06-04 12:51:53 -04:00
Jérémy Dubois
e29e0e9e62
Ansible-lint and yamllint again
...
Lot of truthy variables, indentation and trailing spaces
2020-06-01 11:37:15 +02:00
Jérémy Dubois
2177d43637
Import Evomaintenance 0.6.3
2020-05-18 17:30:54 +02:00
Jérémy Dubois
cb2be6ecd2
Change wtmp rotation period
2020-04-22 15:17:46 +02:00
Jérémy Dubois
9b1f5c0f6c
Customize newsyslog.conf
2020-04-22 15:06:53 +02:00
Jérémy Dubois
27006f8db7
Doas permissions rearrangement
2020-04-21 16:18:07 +02:00
Jérémy Dubois
05d2b707e1
Add OpenBGPD nrpe check with doas configuration
2020-04-21 14:25:42 +02:00
Jérémy Dubois
caf151d05c
Import last evobackup client script
...
The only difference from Debian version is that /srv does not exist on OpenBSD
and is removed from the backup directory list
Close #21
2020-04-21 11:42:52 +02:00
Jérémy Dubois
f57e0e24f0
Change in depreciated options
...
Packages list and comparisons will have a new syntax with future ansible version
2020-04-21 11:35:45 +02:00
Jérémy Dubois
29afa42c3d
Deletion of mailevomaintenance.sh
...
We now use the git status cron for uncommited changes
2020-04-21 11:30:40 +02:00
Tristan Pilat
9c716c5d68
Merge branch 'stricter-access-control' of evolix/EvoBSD into dev
...
The changes look good to me. Let's merge to dev!
2019-11-25 10:03:45 +01:00
Tristan PILAT
70135252c0
Import Evomaintenance 0.6.1
2019-11-19 16:28:12 +01:00
Tristan PILAT
f88538858b
Import Evomaintenance 0.6.0
2019-11-14 15:07:09 +01:00
Patrick Marchand
8b1ce861e3
Add stricter ssh and doas access
2019-09-19 17:07:01 -04:00
Tristan PILAT
d736455327
Please, we don't want the mouse function enabled in vim
2019-09-17 10:43:37 +02:00
Tristan Pilat
6b309ee32c
Merge branch 'evomaintenance_22_08_19' of evolix/EvoBSD into dev
...
Cool
2019-09-17 10:38:03 +02:00
Patrick Marchand
3e3eb695b4
Merge branch 'replace_sudo_with_doas' into dev
...
Any new checks should use doas as well.
2019-09-03 17:43:22 +02:00
Patrick Marchand
18ac01cbb3
Apply latest dev branch to check_dhcpd branch
2019-09-03 11:38:34 -04:00
Patrick Marchand
a994225c27
Merge check_connections_state into dev
2019-09-03 11:34:14 -04:00
Tristan PILAT
70e49781d9
Import evomaintenance after last overhaul
2019-08-22 17:24:03 +02:00
Jérémy Dubois
f305b3420b
Replace all sudo occurences with doas
2019-07-15 18:25:25 +02:00
Jérémy Dubois
a23a6efca8
Replace sudo with doas
2019-07-15 17:44:05 +02:00
Jérémy Dubois
1b5196d6a4
Replace sudo with doas
2019-07-15 17:29:36 +02:00
Patrick Marchand
f456e4abf2
Fix typo in pkg name
...
Wrote postgresql withouth the g...
2019-05-13 14:52:54 +02:00
Patrick Marchand
1cab5efc1d
Reverts erroneous removal of postrgres-client pkg
2019-05-13 14:52:54 +02:00
Tristan PILAT
38273ecf33
Add a title in the daily output mail for the git status report
2019-05-13 14:52:54 +02:00
Tristan PILAT
b23a579603
We have to make sure the daily.local file exists otherwise the playbook fails
2019-05-13 14:52:54 +02:00
Tristan PILAT
798a482787
Load root's environment when using doas
2019-04-23 20:50:02 +02:00