Jérémy Dubois
|
983b7204b4
|
pf: fix comment for the rule that changed with the previous commit
|
2024-06-10 17:28:45 +02:00 |
|
Jérémy Dubois
|
c90e178444
|
* pf: pass quick for ICMP and Evolix rules which won't need to be overwritten, no state for ICMP because it's not needed and can sometimes be unfavourable
|
2024-06-10 17:27:20 +02:00 |
|
Jérémy Dubois
|
2d52979402
|
evomaintenance: fix src path and some syntax convention
There was an extra ' in the src path
|
2024-06-10 15:41:32 +02:00 |
|
Jérémy Lecour
|
17de9c87de
|
evomaintenance: put upstream files into upstream folder
|
2024-05-15 13:47:53 +02:00 |
|
Jérémy Lecour
|
4b8d89bddb
|
evomaintenance: upstream release 24.05
|
2024-05-15 13:26:37 +02:00 |
|
Jérémy Dubois
|
7f76cc14f5
|
base, collectd, etc-git, logsentry, nagios-nrpe: execute pkg_info command even in check mode
|
2024-05-06 15:11:31 +02:00 |
|
Jérémy Dubois
|
e0b9c03798
|
nagios-nrpe: fix variable use in check_ipsecctl_critiques.sh
|
2024-05-06 11:21:18 +02:00 |
|
Jérémy Dubois
|
99ff7284a3
|
base, collectd, etc-git, logsentry, nagios-nrpe: install packages manually
Because openbsd_pkg module is broken since OpenBSD 7.4 with the version of Ansible we currently use
|
2024-03-13 15:17:20 +01:00 |
|
Jérémy Dubois
|
6a2faf5649
|
Use a new evobsd_ssl_cert_hostname var instead of ansible_fqdn
On OpenBSD, ansible_fqdn is the reverse of the IP, which is not always properly configured
|
2024-02-20 15:30:25 +01:00 |
|
Jérémy Dubois
|
f2451118c4
|
ospf, bgp: fix checks scripts
|
2024-02-19 10:37:31 +01:00 |
|
Ludovic Poujol
|
28851698e6
|
nagios-nrpe: configure server certificate for nrpe daemon
|
2024-02-16 11:00:48 +01:00 |
|
Ludovic Poujol
|
9fe7825499
|
base: Generate default (self-signed) certificate
Create /etc/ssl/certs on OpenBSD to follow Linux/Debian
Don't change the owner/group of generated files (for now)
|
2024-02-16 10:45:32 +01:00 |
|
Ludovic Poujol
|
f7b29deda3
|
base: Generate default (self-signed) certificate
|
2024-02-15 12:18:29 +01:00 |
|
Ludovic Poujol
|
bce501dee0
|
etc-git: Remove deprecated/unsupported "warn" parameter
|
2024-02-15 11:28:42 +01:00 |
|
Jérémy Dubois
|
70ab0c80de
|
accounts: add a "users" tag
So that new users are not created and customized password are not reset based on vars files when executing evolixisation.yml again
|
2024-01-26 14:39:42 +01:00 |
|
Jérémy Dubois
|
bf1bb2f80e
|
base: dump-server-state.sh upstream release 24.01
|
2024-01-12 15:02:32 +01:00 |
|
Jérémy Dubois
|
a61f2423bc
|
Remove multiple spaces
|
2023-12-15 16:23:31 +01:00 |
|
Jérémy Dubois
|
7dd930afcb
|
nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP
|
2023-12-15 15:46:15 +01:00 |
|
Jérémy Dubois
|
8e18b6972a
|
post-install: execute motd-carp-state.sh every 10 minuts
|
2023-12-11 17:44:41 +01:00 |
|
Jérémy Dubois
|
63212accdd
|
forwarding: added tags to distinguish IPv4 from IPv6
|
2023-11-13 17:45:33 +01:00 |
|
Jérémy Dubois
|
aee18bfde9
|
base: configure "/var/log" for servers that have a mount on it
|
2023-11-13 16:01:47 +01:00 |
|
Jérémy Dubois
|
1f0011ad2a
|
accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
|
2023-11-09 17:08:13 +01:00 |
|
Jérémy Dubois
|
6822eaa4f0
|
base: added handlers for entries in fstab
|
2023-11-09 17:06:00 +01:00 |
|
Jérémy Dubois
|
aed20187de
|
use Fully Qualified Collection Name everywhere
|
2023-10-23 09:33:54 +02:00 |
|
Jérémy Dubois
|
28021670f0
|
yamllint, ansible-lint, and tags everywhere
|
2023-10-23 09:33:33 +02:00 |
|
Jérémy Dubois
|
a217bb2e56
|
base: deactivate insults in sudo
|
2023-10-13 11:52:41 +02:00 |
|
Jérémy Dubois
|
832e93da0d
|
base: ignore errors on packages installation because it fails for some packages when run in check mode
|
2023-10-13 11:52:40 +02:00 |
|
Jérémy Dubois
|
ced4098192
|
collectd: fix rights for collectd directory
|
2023-10-13 11:52:22 +02:00 |
|
Jérémy Dubois
|
7aa588528c
|
base: doas configuration for ipmi_sensor NRPE check
|
2023-10-13 11:52:22 +02:00 |
|
Jérémy Dubois
|
afba3ad7e1
|
nagios-nrpe: add the ipmi_sensor check
|
2023-10-13 11:52:21 +02:00 |
|
Jérémy Dubois
|
05bdef9ab8
|
etc-git: add versioning for /var/unbound/etc
|
2023-10-13 11:52:19 +02:00 |
|
Jérémy Lecour
|
b2438dde80
|
evomaintenance: upstream release 23.10.1
|
2023-10-09 18:12:05 +02:00 |
|
Jérémy Lecour
|
f644f8c449
|
evomaintenance: upstream release 23.10
|
2023-10-09 17:03:21 +02:00 |
|
Jérémy Dubois
|
a0139688c6
|
accounts: create only users who have a certain value for the create key (default: always )
|
2023-06-20 11:03:55 +02:00 |
|
Jérémy Dubois
|
a66e1c1ee9
|
accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet
|
2023-06-20 10:41:52 +02:00 |
|
Jérémy Dubois
|
b4e1afa698
|
base: rename sudo task
|
2023-06-20 10:21:18 +02:00 |
|
Jérémy Dubois
|
5ca86431eb
|
base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it
|
2023-06-20 10:17:00 +02:00 |
|
Jérémy Dubois
|
8a63c8336f
|
evocheck: upstream release 23.06
|
2023-06-05 11:46:12 +02:00 |
|
Jérémy Dubois
|
d2574faaef
|
base: dump-server-state.sh upstream release 23.06
|
2023-06-05 10:46:53 +02:00 |
|
Jérémy Dubois
|
f43405991e
|
base: install ncdu and htop often used as diagnostic tools
|
2023-05-30 11:09:50 +02:00 |
|
Jérémy Dubois
|
e4bc6c1d97
|
collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them
|
2023-04-25 10:12:44 +02:00 |
|
Jérémy Dubois
|
6f97857b91
|
post-install: execute motd-carp-state.sh only once an hour
|
2023-04-13 17:57:54 +02:00 |
|
Jérémy Dubois
|
264c58a03d
|
evobackup: execute canary script before executing backup script
|
2023-03-23 11:41:28 +01:00 |
|
Jérémy Dubois
|
7ab102376f
|
base: dump-server-state.sh upstream release 23.03
|
2023-03-23 11:41:27 +01:00 |
|
Jérémy Dubois
|
81d8774885
|
evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash ; base: install bash, now needed for zzz_evobackup script
|
2023-03-23 11:41:27 +01:00 |
|
Jérémy Dubois
|
9c450ff11b
|
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet
|
2023-03-23 11:41:21 +01:00 |
|
Jérémy Dubois
|
f801218789
|
nagios-nrpe: allow older cipher suites for older Icinga version
|
2023-03-15 16:13:41 +01:00 |
|
Jérémy Dubois
|
a045995c01
|
post-install: add the pf_states check by default in generateldif.sh script
|
2023-03-15 16:03:58 +01:00 |
|
Jérémy Dubois
|
c7e3b2d9ac
|
base: set the lookup option so that resolv.conf searches /etc/hosts before querying a domain name server; the default is the opposite
|
2023-03-15 15:55:41 +01:00 |
|
Jérémy Dubois
|
f42477c8fb
|
nagios-nrpe: check_ipsecctl.sh is never used standalone for check_vpn, always called by check_ipsecctl_critiques.sh
|
2023-03-15 15:27:04 +01:00 |
|