evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity
274 commits 2 branches 3 tags 660 KiB
Commit graph

214 commits

Author SHA1 Message Date
Jérémy Dubois 2bf8a7e872 Stricter ssh and doas access - better version
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
 2020-10-13 16:03:54 +02:00
Jérémy Dubois 7ddc1ab72f Fix NRPE check file name
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-13 12:02:48 +02:00
Jérémy Dubois a9ae1b57d4 Do not use litteral tab in configuration 
Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.
 2020-10-13 12:01:18 +02:00
Jérémy Dubois 57acbd6091 Add jinja2 variable for PATH variable environment 2020-10-13 11:44:53 +02:00
Jérémy Dubois 11d3331958 Collectd role : deletion of collectd_plugin_exec variable
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
This variable had to be activated only if collectd_plugin_exec_ifq_drops or
collectd_plugin_exec_dns_stats was also activated, for some configuration to be
taken into account. I changed the role so that the configuration is
automatically taken into account if one of these two variables is activated.
 2020-10-12 15:45:13 +02:00
Jérémy Dubois 7cc374ea9e yamllint : indentation, trailing-spaces and truthy value 2020-10-12 15:26:45 +02:00
Jérémy Dubois 337e80b670 Writing of collectd role 2020-10-12 15:12:31 +02:00
Jérémy Dubois a40e2b4750 Merge branch 'dev' into customize_fstab
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-10-12 14:47:02 +02:00
Jérémy Dubois 6b7c7b80c4 yamllint
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-12 14:20:59 +02:00
Jérémy Dubois bd22b0545b sudoers configuration : the tab was broken 2020-10-12 14:16:00 +02:00
Jérémy Dubois 0615d3b555 Specify order of cron command in daily.local and fix full deletion of the cron
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-12 12:00:28 +02:00
Jérémy Dubois c1f66a92e2 Fix add of multiple evobackup cron
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Do not add evobackup cron again if the same line
is already there but uncommented
 2020-10-09 16:14:52 +02:00
Tristan Pilat 01158227eb Merge pull request 'Force replacement of some NRPE checks' (#33) from force_NRPE_checks_replacement into dev
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #33
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-10-09 15:48:14 +02:00
Jérémy Dubois 92837424fb Fix weird commits
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-10-09 15:35:23 +02:00
Jérémy Dubois 5fa8e0c9bb Customize fstab with noexec and softdep
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:10 +02:00
Jérémy Dubois bd4748b403 Customize root crontab and daily.local 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 15:21:09 +02:00
Jérémy Dubois 0a4e970ab8 Customize fstab with noexec and softdep 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:08 +02:00
Jérémy Dubois 4f201d3a73 Customize root crontab and daily.local 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 15:21:07 +02:00
Jérémy Dubois e019b79723 yamllint + correction /tmp softdep 
softdep is not added anymore if noexec is
already defined after rw
 2020-10-09 15:21:06 +02:00
Jérémy Dubois 88df904282 Customize fstab with noexec and softdep 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:06 +02:00
Jérémy Dubois c9d1bff1c6 Customize root crontab and daily.local
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 14:15:46 +02:00
Jérémy Dubois fe0c7f6add Import evocheck v.6.7.5 2020-10-09 14:15:14 +02:00
Jérémy Dubois 07d83d4994 Delete empty line - yamllint
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-09 10:45:23 +02:00
Jérémy Dubois fa497b280e Configure sudoers umask
Some checks failed
continuous-integration/drone/push Build is failing
Details 
This configuration is checked by evocheck,
so it should be present by default
 2020-10-08 15:42:52 +02:00
Jérémy Dubois 12b2f3d280 Delete evobackup root crontab replaced by daily.local cron 2020-10-08 15:39:50 +02:00
Jérémy Dubois f97317b767 Better rc.local configuration
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Add line before the "echo '.'" line instead of the end
Delete old entry not precising the hostname if still there
 2020-10-08 15:19:52 +02:00
Jérémy Dubois b0f1f9c2ca Fix OSPF role : add deletion of old log files
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-09-24 16:11:49 +02:00
Tristan PILAT 8ecaf81314 Update evocheck to 6.7.4 2020-09-10 11:55:43 +02:00
Jérémy Dubois 655099101c LDAP script replace "ram0" name with "mem"
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-09-02 15:10:16 +02:00
Jérémy Dubois 04ffb90b0c Add NRPE check unbound since OpenBSD use it more than bind
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-08-31 17:29:57 +02:00
Jérémy Dubois b586b1fafe Write and deploy motd-carp-state.sh
Some checks failed
continuous-integration/drone/push Build is failing
Details 
A script that checks the carp state and writes in the /etc/motd file if the
server is in backup or master state. Script is copied in /usr/share/scripts/
directory and a cron job is installed but disabled by default.
 2020-08-25 17:57:22 +02:00
Jérémy Dubois deafd82337 For local modifications of nrpe conf, use zzz_evolix.cfg instead of zzz-evolix.cfg which is buggy
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-08-21 15:26:32 +02:00
Jérémy Dubois 829df74567 ldap.sh : Fix computerOS and add case for HardwareSerial if computer is a VM
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-08-21 14:33:53 +02:00
Jérémy Dubois d956d5c6ba Import evocheck 6.7.3
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-31 14:32:44 +02:00
Jérémy Dubois 708ffcc538 Add packetfilter service and update other services version in LDIF creation for LDAP
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-29 14:52:46 +02:00
Jérémy Dubois 3a6cd20ab3 Configure the check_packetfilter in NRPE with doas
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-28 17:57:30 +02:00
Jérémy Dubois 5166977025 Change mode : make check_packetfilter.sh executable
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-28 17:47:01 +02:00
Jérémy Dubois 62515ca5b5 Add a new NRPE check : check_packetfilter
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-28 17:45:14 +02:00
Jérémy Dubois cdc811b3de New NRPE check : check_packetfilter
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-07-28 17:43:24 +02:00
Jérémy Dubois 05898cc188 Change NTP check host
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-21 14:12:45 +02:00
Jérémy Dubois c6e55ea4c0 Correct yamllint : spaces inside braces
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-07-09 16:09:19 +02:00
Jérémy Dubois 5c11472e9a Force replacement of some NRPE checks
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
We cannot simply put "force: true" because some
checks are customizable, some are not.
We do not force to replace customizable ones for
the customizations not to be lost.
 2020-07-09 15:44:25 +02:00
Jérémy Dubois 30c1b70e2b Modified openbgpd check to be in NRPE critical state when BGPD is not running
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-08 17:28:12 +02:00
Jérémy Dubois 3dd9e461c4 Corrects yaml line break.
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Indentation is not allowed and breaks the tasks.
 2020-07-02 16:40:17 +02:00
Jérémy Dubois dedbdf9822 Added a package needed for the OpenVPN check and changed the default location of the checks
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-06-23 15:38:21 +02:00
Jérémy Dubois 593df07f09 We do not net postgresql-client anymore
Some checks failed
continuous-integration/drone/push Build is failing
Details 
We now use an API for evomaintenance instead
of a direct call to postgresql
 2020-06-16 17:17:20 +02:00
Jérémy Dubois 87d0c8aca4 We do not use pfstatd anymore 2020-06-16 17:16:55 +02:00
Patrick Marchand 9f378fc1f9 Misunderstood syntax for unordered lists in markdown
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
So an unordered list needs three spaces and an ordered list needs
a dot and two spaces.
 2020-06-04 13:27:03 -04:00
Patrick Marchand b711154722 Apply fix in last commit to other markdown files
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
So a markdown list should be no indentation followed by two spaces. '  '

*  one
*  two
 2020-06-04 13:23:06 -04:00
Patrick Marchand db488ba8ef Split long lines in git role
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-06-04 13:10:08 -04:00
Patrick Marchand 98089a3274 Fix yaml lint lines too long
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
 2020-06-04 12:51:53 -04:00
Patrick Marchand e877b721f9 Fix readme markdown
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-06-04 11:47:08 -04:00
Jérémy Dubois e29e0e9e62 Ansible-lint and yamllint again 
Lot of truthy variables, indentation and trailing spaces
 2020-06-01 11:37:15 +02:00
Patrick Marchand af7b3b36fe Ansible-lint and yamllint 
Does not fix all warnings, but gets rid of the purely cosmetic ones.
(roles/accounts/tasks/main.yml)
 2020-05-22 11:49:18 -04:00
Jérémy Dubois 38e5c1bf70 Add OpenBSD version in computerOS field of ldap.sh 2020-05-22 11:34:47 +02:00
Jérémy Dubois 2177d43637 Import Evomaintenance 0.6.3 2020-05-18 17:30:54 +02:00
Jérémy Dubois 1014dab37b Escaping percent sign in crontab for bgp role 2020-05-15 16:25:58 +02:00
Tristan PILAT 6ae49f147d Fix group name in evocheck install task 2020-05-12 18:21:20 +02:00
Tristan PILAT 12f7e347da Add initial version of an evocheck role 2020-05-12 15:01:46 +02:00
Jérémy Dubois 2de4227651 Merge pull request 'Enhance ospfd_simple check' (#19) from enhance_check_ospfd_simple into dev 
Reviewed-by: Patrick Marchand <pmarchand@noreply.gitea.evolix.org>
 2020-04-29 15:46:20 +02:00
Tristan Pilat 2c9bad859d Merge pull request 'Writing of ospf and bgp roles' (#29) from ospf_and_bgp into dev 
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-04-24 15:00:31 +02:00
Tristan Pilat 96b3d43342 Merge pull request 'Reordering of the list of NRPE checks' (#30) from reorder_nrpe_checks into dev 
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-04-24 14:22:17 +02:00
Tristan Pilat d0108d6e3f Merge pull request 'Customize newsyslog' (#31) from customize_newsyslog into dev 
Reviewed-by: Patrick Marchand <pmarchand@noreply.gitea.evolix.org>
 2020-04-24 14:16:15 +02:00
Jérémy Dubois c45c68c1b0 Add execute permission to OpenVPN check 2020-04-22 15:43:56 +02:00
Jérémy Dubois cb2be6ecd2 Change wtmp rotation period 2020-04-22 15:17:46 +02:00
Jérémy Dubois 9b1f5c0f6c Customize newsyslog.conf 2020-04-22 15:06:53 +02:00
Jérémy Dubois 6cf81802be Reordering of the list of NRPE checks 
With deletion of unused check_onduleur
and correction of check_connections_state location
 2020-04-22 14:30:26 +02:00
Jérémy Dubois 71e0acb7e7 Functional and better ospfd check 2020-04-22 12:08:55 +02:00
Jérémy Dubois 634cfee774 Writing of ospf and bgp roles 2020-04-22 11:59:41 +02:00
Jérémy Dubois 27006f8db7 Doas permissions rearrangement 2020-04-21 16:18:07 +02:00
Jérémy Dubois 267163ba93 Correcting a typo 2020-04-21 16:15:29 +02:00
Jérémy Dubois 05d2b707e1 Add OpenBGPD nrpe check with doas configuration 2020-04-21 14:25:42 +02:00
Jérémy Dubois 1ba892ef01 Improve NRPE OpenVPN check 2020-04-21 14:14:49 +02:00
Jérémy Dubois caf151d05c Import last evobackup client script 
The only difference from Debian version is that /srv does not exist on OpenBSD
and is removed from the backup directory list

Close #21
 2020-04-21 11:42:52 +02:00
Jérémy Dubois f57e0e24f0 Change in depreciated options 
Packages list and comparisons will have a new syntax with future ansible version
 2020-04-21 11:35:45 +02:00
Jérémy Dubois 29afa42c3d Deletion of mailevomaintenance.sh 
We now use the git status cron for uncommited changes
 2020-04-21 11:30:40 +02:00
Jérémy Dubois 10d56cad1e Correction of the stricter ssh access commit 
evolinux_ssh_group was missing
 2020-04-21 11:27:43 +02:00
Tristan Pilat 9c716c5d68 Merge branch 'stricter-access-control' of evolix/EvoBSD into dev 
The changes look good to me. Let's merge to dev!
 2019-11-25 10:03:45 +01:00
Tristan PILAT 70135252c0 Import Evomaintenance 0.6.1 2019-11-19 16:28:12 +01:00
Tristan PILAT f88538858b Import Evomaintenance 0.6.0 2019-11-14 15:07:09 +01:00
Tristan PILAT 02658b6b1d Add first version of an OpenVPN role 2019-10-30 11:00:29 +01:00
Tristan PILAT 8be45548a2 Since yspatch can apply stable patches, we no longer need to install openup 2019-10-29 17:59:33 +01:00
Patrick Marchand 8b1ce861e3 Add stricter ssh and doas access 2019-09-19 17:07:01 -04:00
Tristan PILAT d736455327 Please, we don't want the mouse function enabled in vim 2019-09-17 10:43:37 +02:00
Tristan Pilat 6b309ee32c Merge branch 'evomaintenance_22_08_19' of evolix/EvoBSD into dev 
Cool
 2019-09-17 10:38:03 +02:00
Patrick Marchand 3e3eb695b4 Merge branch 'replace_sudo_with_doas' into dev 
Any new checks should use doas as well.
 2019-09-03 17:43:22 +02:00
Patrick Marchand 18ac01cbb3 Apply latest dev branch to check_dhcpd branch 2019-09-03 11:38:34 -04:00
Patrick Marchand a994225c27 Merge check_connections_state into dev 2019-09-03 11:34:14 -04:00
Tristan PILAT 70e49781d9 Import evomaintenance after last overhaul 2019-08-22 17:24:03 +02:00
Jérémy Dubois f0c4b2f414 Enhance ospfd_simple check 
The condition did not work properly
 2019-07-22 15:56:35 +02:00
Jérémy Dubois f305b3420b Replace all sudo occurences with doas 2019-07-15 18:25:25 +02:00
Jérémy Dubois 6b55368234 Improve script and add comments 2019-07-15 17:48:51 +02:00
Jérémy Dubois a23a6efca8 Replace sudo with doas 2019-07-15 17:44:05 +02:00
Jérémy Dubois 1b5196d6a4 Replace sudo with doas 2019-07-15 17:29:36 +02:00
Patrick Marchand f456e4abf2 Fix typo in pkg name 
Wrote postgresql withouth the g...
 2019-05-13 14:52:54 +02:00
Patrick Marchand 1cab5efc1d Reverts erroneous removal of postrgres-client pkg 2019-05-13 14:52:54 +02:00
Tristan PILAT 0afd6b9b63 Add missing quotes 2019-05-13 14:52:54 +02:00
Tristan PILAT 38273ecf33 Add a title in the daily output mail for the git status report 2019-05-13 14:52:54 +02:00
Tristan PILAT b23a579603 We have to make sure the daily.local file exists otherwise the playbook fails 2019-05-13 14:52:54 +02:00
Tristan Pilat a7ec4597cb Merge branch 'increase_pf_states' of evolix/EvoBSD into dev 
That's just a small value change in the pf_states NRPE check. No need to test. ok by me.
 2019-05-11 21:00:42 +02:00
Tristan PILAT a6815408a8 Add a warning message in the NRPE configuration requesting to use an alternative configuration file for local modifications 2019-04-23 20:50:02 +02:00
Tristan PILAT 798a482787 Load root's environment when using doas 2019-04-23 20:50:02 +02:00
Jérémy Dubois 0f1b209370 Configure check_dhcpd 2019-04-19 15:21:08 +02:00
Jérémy Dubois d2e9a0f5fb Increase warning and critical pf_states threshold 2019-04-15 11:00:53 +02:00
Jérémy Dubois 4ef630285d Add check_connections_state 
Script to check if connections are UP, and if so,
check whether main connection is correctly used.
Also add configuration to use with nrpe and sudo.
 2019-04-09 15:53:45 +02:00
Tristan PILAT 01278281bd Bring some completion functions in root's profile dotfile 2019-03-22 16:05:33 +01:00
Tristan PILAT 1d6eaa1270 sndiod is not needed, let's disable it 2019-03-22 16:05:02 +01:00
Tristan PILAT 74464346a2 We don't need a separate task to install sudo 2019-03-22 16:04:44 +01:00
Tristan PILAT 3ce0addd59 Fix daily.local file permissions 2019-01-22 10:31:29 +01:00
Tristan Pilat f2bdfb8ff5 Merge branch 'ssh-key-fix' of evolix/EvoBSD into dev 2019-01-21 11:47:34 +01:00
Patrick Marchand 846e9aba0e Adds admin tag back to ssh-key task 2019-01-18 15:05:37 -05:00
Patrick Marchand 77269a2c3f Fixed problem with ssh keys 
ssh key variable is a list of keys, not a single key. Use a loop
and the authorized keys module to fix this.
 2019-01-18 09:30:42 -05:00
Tristan PILAT 9d47174756 Fix permissions on daily.local and monthly.local 2019-01-18 15:12:47 +01:00
Tristan PILAT b555fb1222 Add initial project 2018-12-28 11:23:49 +01:00