Jérémy Dubois
389f1a8eae
Import last zzz_evobackup file version
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-11-16 11:24:47 +01:00
Jérémy Dubois
9a07552731
Import last zzz_evobackup file version
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-27 10:45:11 +01:00
Jérémy Dubois
a26d6e13cb
yamllint line-lenght and empty-line
continuous-integration/drone/push Build is failing
2020-10-23 10:15:57 +02:00
Jérémy Dubois
4db9d006a2
Allow evolinux-sudo group to sudo
...
continuous-integration/drone/push Build is failing
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
2020-10-22 11:28:06 +02:00
Jérémy Dubois
5ef4a403d2
We should be able to execute evomaintence.sh as soon as we can SSH to the server
2020-10-20 15:57:35 +02:00
Jérémy Dubois
9eeba0c0ab
Add a doas authorization for NRPE
2020-10-20 15:10:12 +02:00
Jérémy Dubois
78686b8730
Stricter ssh and doas access - two separate groups actually needed
...
Fix #34 again
After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)
We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00
Jérémy Dubois
a7b96d9f67
Fstab : we now also add noatime to each partitions
2020-10-15 09:57:02 +02:00
Jérémy Dubois
4c902eda5a
Fstab : change only ffs file system
2020-10-14 18:05:29 +02:00
Jérémy Dubois
ff1f728102
Doas authorization for collectd
...
We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
2020-10-14 17:39:23 +02:00
Jérémy Dubois
7ecf7be4a4
Do not remove line that would have a customized subject
2020-10-14 17:39:09 +02:00
Jérémy Dubois
68586d6450
Fstab role : do not change lines beggining with "#"
continuous-integration/drone/push Build is failing
2020-10-14 12:14:58 +02:00
Jérémy Dubois
2bf8a7e872
Stricter ssh and doas access - better version
...
continuous-integration/drone/push Build is failing
Fix #34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Jérémy Dubois
a9ae1b57d4
Do not use litteral tab in configuration
...
Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.
2020-10-13 12:01:18 +02:00
Jérémy Dubois
57acbd6091
Add jinja2 variable for PATH variable environment
2020-10-13 11:44:53 +02:00
Jérémy Dubois
a40e2b4750
Merge branch 'dev' into customize_fstab
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-12 14:47:02 +02:00
Jérémy Dubois
6b7c7b80c4
yamllint
continuous-integration/drone/push Build is failing
2020-10-12 14:20:59 +02:00
Jérémy Dubois
bd22b0545b
sudoers configuration : the tab was broken
2020-10-12 14:16:00 +02:00
Jérémy Dubois
c1f66a92e2
Fix add of multiple evobackup cron
...
continuous-integration/drone/push Build is failing
Do not add evobackup cron again if the same line
is already there but uncommented
2020-10-09 16:14:52 +02:00
Jérémy Dubois
92837424fb
Fix weird commits
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-09 15:35:23 +02:00
Jérémy Dubois
5fa8e0c9bb
Customize fstab with noexec and softdep
...
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:10 +02:00
Jérémy Dubois
bd4748b403
Customize root crontab and daily.local
...
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 15:21:09 +02:00
Jérémy Dubois
0a4e970ab8
Customize fstab with noexec and softdep
...
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:08 +02:00
Jérémy Dubois
4f201d3a73
Customize root crontab and daily.local
...
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 15:21:07 +02:00
Jérémy Dubois
e019b79723
yamllint + correction /tmp softdep
...
softdep is not added anymore if noexec is
already defined after rw
2020-10-09 15:21:06 +02:00
Jérémy Dubois
88df904282
Customize fstab with noexec and softdep
...
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:06 +02:00
Jérémy Dubois
c9d1bff1c6
Customize root crontab and daily.local
...
continuous-integration/drone/push Build is failing
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 14:15:46 +02:00
Jérémy Dubois
07d83d4994
Delete empty line - yamllint
continuous-integration/drone/push Build is failing
2020-10-09 10:45:23 +02:00
Jérémy Dubois
fa497b280e
Configure sudoers umask
...
continuous-integration/drone/push Build is failing
This configuration is checked by evocheck,
so it should be present by default
2020-10-08 15:42:52 +02:00
Jérémy Dubois
12b2f3d280
Delete evobackup root crontab replaced by daily.local cron
2020-10-08 15:39:50 +02:00
Jérémy Dubois
f97317b767
Better rc.local configuration
...
continuous-integration/drone/push Build is failing
Add line before the "echo '.'" line instead of the end
Delete old entry not precising the hostname if still there
2020-10-08 15:19:52 +02:00
Jérémy Dubois
3a6cd20ab3
Configure the check_packetfilter in NRPE with doas
continuous-integration/drone/push Build is failing
2020-07-28 17:57:30 +02:00
Jérémy Dubois
593df07f09
We do not net postgresql-client anymore
...
continuous-integration/drone/push Build is failing
We now use an API for evomaintenance instead
of a direct call to postgresql
2020-06-16 17:17:20 +02:00
Patrick Marchand
98089a3274
Fix yaml lint lines too long
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
2020-06-04 12:51:53 -04:00
Jérémy Dubois
e29e0e9e62
Ansible-lint and yamllint again
...
Lot of truthy variables, indentation and trailing spaces
2020-06-01 11:37:15 +02:00
Jérémy Dubois
2177d43637
Import Evomaintenance 0.6.3
2020-05-18 17:30:54 +02:00
Jérémy Dubois
cb2be6ecd2
Change wtmp rotation period
2020-04-22 15:17:46 +02:00
Jérémy Dubois
9b1f5c0f6c
Customize newsyslog.conf
2020-04-22 15:06:53 +02:00
Jérémy Dubois
27006f8db7
Doas permissions rearrangement
2020-04-21 16:18:07 +02:00
Jérémy Dubois
05d2b707e1
Add OpenBGPD nrpe check with doas configuration
2020-04-21 14:25:42 +02:00
Jérémy Dubois
caf151d05c
Import last evobackup client script
...
The only difference from Debian version is that /srv does not exist on OpenBSD
and is removed from the backup directory list
Close #21
2020-04-21 11:42:52 +02:00
Jérémy Dubois
f57e0e24f0
Change in depreciated options
...
Packages list and comparisons will have a new syntax with future ansible version
2020-04-21 11:35:45 +02:00
Jérémy Dubois
29afa42c3d
Deletion of mailevomaintenance.sh
...
We now use the git status cron for uncommited changes
2020-04-21 11:30:40 +02:00
Tristan Pilat
9c716c5d68
Merge branch 'stricter-access-control' of evolix/EvoBSD into dev
...
The changes look good to me. Let's merge to dev!
2019-11-25 10:03:45 +01:00
Tristan PILAT
70135252c0
Import Evomaintenance 0.6.1
2019-11-19 16:28:12 +01:00
Tristan PILAT
f88538858b
Import Evomaintenance 0.6.0
2019-11-14 15:07:09 +01:00
Patrick Marchand
8b1ce861e3
Add stricter ssh and doas access
2019-09-19 17:07:01 -04:00
Tristan PILAT
d736455327
Please, we don't want the mouse function enabled in vim
2019-09-17 10:43:37 +02:00
Tristan Pilat
6b309ee32c
Merge branch 'evomaintenance_22_08_19' of evolix/EvoBSD into dev
...
Cool
2019-09-17 10:38:03 +02:00
Patrick Marchand
3e3eb695b4
Merge branch 'replace_sudo_with_doas' into dev
...
Any new checks should use doas as well.
2019-09-03 17:43:22 +02:00
Patrick Marchand
18ac01cbb3
Apply latest dev branch to check_dhcpd branch
2019-09-03 11:38:34 -04:00
Patrick Marchand
a994225c27
Merge check_connections_state into dev
2019-09-03 11:34:14 -04:00
Tristan PILAT
70e49781d9
Import evomaintenance after last overhaul
2019-08-22 17:24:03 +02:00
Jérémy Dubois
f305b3420b
Replace all sudo occurences with doas
2019-07-15 18:25:25 +02:00
Jérémy Dubois
a23a6efca8
Replace sudo with doas
2019-07-15 17:44:05 +02:00
Jérémy Dubois
1b5196d6a4
Replace sudo with doas
2019-07-15 17:29:36 +02:00
Patrick Marchand
f456e4abf2
Fix typo in pkg name
...
Wrote postgresql withouth the g...
2019-05-13 14:52:54 +02:00
Patrick Marchand
1cab5efc1d
Reverts erroneous removal of postrgres-client pkg
2019-05-13 14:52:54 +02:00
Tristan PILAT
38273ecf33
Add a title in the daily output mail for the git status report
2019-05-13 14:52:54 +02:00
Tristan PILAT
b23a579603
We have to make sure the daily.local file exists otherwise the playbook fails
2019-05-13 14:52:54 +02:00
Tristan PILAT
798a482787
Load root's environment when using doas
2019-04-23 20:50:02 +02:00
Jérémy Dubois
0f1b209370
Configure check_dhcpd
2019-04-19 15:21:08 +02:00
Jérémy Dubois
4ef630285d
Add check_connections_state
...
Script to check if connections are UP, and if so,
check whether main connection is correctly used.
Also add configuration to use with nrpe and sudo.
2019-04-09 15:53:45 +02:00
Tristan PILAT
01278281bd
Bring some completion functions in root's profile dotfile
2019-03-22 16:05:33 +01:00
Tristan PILAT
1d6eaa1270
sndiod is not needed, let's disable it
2019-03-22 16:05:02 +01:00
Tristan PILAT
74464346a2
We don't need a separate task to install sudo
2019-03-22 16:04:44 +01:00
Tristan PILAT
3ce0addd59
Fix daily.local file permissions
2019-01-22 10:31:29 +01:00
Tristan PILAT
b555fb1222
Add initial project
2018-12-28 11:23:49 +01:00