evolix
/
EvoBSD
21
0
Fork 0
Code Issues 2 Pull Requests Releases 3 Wiki Activity

Release of EvoBSD 6.8.0 #37

Merged
jlecour merged 168 commits from dev into master 2020-10-23 12:13:36 +02:00
Conversation 0 Commits 168 Files Changed 92 +4542 -708

168 Commits

Author SHA1 Message Date
Tristan PILAT c54d0decb8 Update README file - amend version number and command examples
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-10-23 11:40:22 +02:00
Tristan PILAT 864f85a49a Change default Python version to 3.x 2020-10-23 11:38:56 +02:00
Tristan PILAT fd4bdf9dcc Update CHANGELOG and bump to version 6.8.0
continuous-integration/drone/push Build is failing Details
2020-10-23 11:29:31 +02:00
Jérémy Dubois 6613c70446 Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
continuous-integration/drone/push Build is failing Details 
This reverts commit 4012a014ce.
Versions older than 5.7 are … old.
We do not handle versions that old.
 2020-10-23 10:17:12 +02:00
Jérémy Dubois a26d6e13cb yamllint line-lenght and empty-line
continuous-integration/drone/push Build is failing Details
2020-10-23 10:15:57 +02:00
Jérémy Dubois 5540aea87d Add empty vars_files for them not to generate errors
continuous-integration/drone/push Build is failing Details
2020-10-23 10:02:26 +02:00
Jérémy Dubois f648f332dd Import 6.7.7 evocheck version
continuous-integration/drone/push Build is failing Details
2020-10-22 18:18:28 +02:00
Jérémy Dubois 4012a014ce Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
continuous-integration/drone/push Build is failing Details
2020-10-22 11:52:54 +02:00
Jérémy Dubois 4db9d006a2 Allow evolinux-sudo group to sudo
continuous-integration/drone/push Build is failing Details 
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
 2020-10-22 11:28:06 +02:00
Jérémy Dubois d7701d32da Comment on checks that cannot be used as is - v3
continuous-integration/drone/push Build is failing Details
2020-10-22 10:34:13 +02:00
Jérémy Dubois 42f5d2c10e Add "create; true" to other task, needed when running in check mode
continuous-integration/drone/push Build is failing Details
2020-10-21 15:47:23 +02:00
Jérémy Dubois 44d145e33b Add "create; true" to task, needed when running in check mode
continuous-integration/drone/push Build is failing Details
2020-10-21 10:52:39 +02:00
Jérémy Dubois 5ef4a403d2 We should be able to execute evomaintence.sh as soon as we can SSH to the server 2020-10-20 15:57:35 +02:00
Jérémy Dubois 9eeba0c0ab Add a doas authorization for NRPE 2020-10-20 15:10:12 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed 
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
 2020-10-15 11:01:52 +02:00
Jérémy Dubois 4a0e552691 Import evocheck v.6.7.6 2020-10-15 10:21:02 +02:00
Jérémy Dubois a7b96d9f67 Fstab : we now also add noatime to each partitions 2020-10-15 09:57:02 +02:00
Jérémy Dubois 4c902eda5a Fstab : change only ffs file system 2020-10-14 18:05:29 +02:00
Jérémy Dubois 4610661299 Fix add of multiple motd cron 
Do not add motd cron again if the same line is already there but uncommented
 2020-10-14 17:39:23 +02:00
Jérémy Dubois ff1f728102 Doas authorization for collectd 
We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
 2020-10-14 17:39:23 +02:00
Jérémy Dubois cc80aefac7 NRPE plugins dir was not created 2020-10-14 17:39:23 +02:00
Jérémy Dubois 6dd4b6b8aa Syspatch is not available before OpenBSD 6.1 2020-10-14 17:39:23 +02:00
Jérémy Dubois 556d98c170 Variable ansible_fqdn is often not the name of the server 2020-10-14 17:39:23 +02:00
Jérémy Dubois 7ecf7be4a4 Do not remove line that would have a customized subject 2020-10-14 17:39:09 +02:00
Jérémy Dubois 213e4a7bcd Comment on checks that cannot be used as is - v2
continuous-integration/drone/push Build is failing Details
2020-10-14 14:55:10 +02:00
Jérémy Dubois 592a2f8337 Comment on checks that cannot be used as is
continuous-integration/drone/push Build is failing Details
2020-10-14 12:25:55 +02:00
Jérémy Dubois 68586d6450 Fstab role : do not change lines beggining with "#"
continuous-integration/drone/push Build is failing Details
2020-10-14 12:14:58 +02:00
Jérémy Dubois 37ec518850 The pf_states NRPE check does not contain any variable, it can be in files folder
continuous-integration/drone/push Build is failing Details
2020-10-14 12:13:52 +02:00
Jérémy Dubois 5adeaa31e1 Add a pf tag that we skip for subsequent use
continuous-integration/drone/push Build is failing Details 
PacketFilter need to be customized only once, at the first use.
After that, pf.conf will be modified on the server for the needs of the
network. It must not be overwriten.
 2020-10-14 09:40:59 +02:00
Jérémy Dubois dc2707c004 Fix typo
continuous-integration/drone/push Build is failing Details
2020-10-13 16:16:52 +02:00
Jérémy Dubois 2bf8a7e872 Stricter ssh and doas access - better version
continuous-integration/drone/push Build is failing Details 
Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
 2020-10-13 16:03:54 +02:00
Jérémy Dubois a606230d93 We always need these Evolix vars_files which overwrite defaults values
continuous-integration/drone/push Build is failing Details
2020-10-13 16:01:16 +02:00
Tristan PILAT b925a9f84d Update CHANGELOG and bump to version 6.7.2
continuous-integration/drone/push Build is failing Details
2020-10-13 14:46:14 +02:00
Jérémy Dubois 7ddc1ab72f Fix NRPE check file name
continuous-integration/drone/push Build is failing Details
2020-10-13 12:02:48 +02:00
Jérémy Dubois a9ae1b57d4 Do not use litteral tab in configuration 
Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.
 2020-10-13 12:01:18 +02:00
Jérémy Dubois 57acbd6091 Add jinja2 variable for PATH variable environment 2020-10-13 11:44:53 +02:00
Tristan Pilat 20e7f950be Merge pull request 'Writing of collectd role' (#28) from collectd into dev
continuous-integration/drone/push Build is failing Details 
Reviewed-on: #28
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-10-13 11:24:05 +02:00
Jérémy Dubois 11d3331958 Collectd role : deletion of collectd_plugin_exec variable
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
This variable had to be activated only if collectd_plugin_exec_ifq_drops or
collectd_plugin_exec_dns_stats was also activated, for some configuration to be
taken into account. I changed the role so that the configuration is
automatically taken into account if one of these two variables is activated.
 2020-10-12 15:45:13 +02:00
Jérémy Dubois 7cc374ea9e yamllint : indentation, trailing-spaces and truthy value 2020-10-12 15:26:45 +02:00
Jérémy Dubois 337e80b670 Writing of collectd role 2020-10-12 15:12:31 +02:00
Jérémy Dubois 6abf573fae Merge pull request 'Customize fstab with noexec and softdep' (#36) from customize_fstab into dev
continuous-integration/drone/push Build is failing Details 
Reviewed-on: #36
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-10-12 14:48:22 +02:00
Jérémy Dubois a40e2b4750 Merge branch 'dev' into customize_fstab
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-10-12 14:47:02 +02:00
Jérémy Dubois 3255566edf yamllint : disable rule:line-length for complete file evolixisation.yml
continuous-integration/drone/push Build is failing Details
2020-10-12 14:29:37 +02:00
Jérémy Dubois 6b7c7b80c4 yamllint
continuous-integration/drone/push Build is failing Details
2020-10-12 14:20:59 +02:00
Jérémy Dubois bd22b0545b sudoers configuration : the tab was broken 2020-10-12 14:16:00 +02:00
Jérémy Dubois 0615d3b555 Specify order of cron command in daily.local and fix full deletion of the cron
continuous-integration/drone/push Build is failing Details
2020-10-12 12:00:28 +02:00
Jérémy Dubois c1f66a92e2 Fix add of multiple evobackup cron
continuous-integration/drone/push Build is failing Details 
Do not add evobackup cron again if the same line
is already there but uncommented
 2020-10-09 16:14:52 +02:00
Tristan Pilat 01158227eb Merge pull request 'Force replacement of some NRPE checks' (#33) from force_NRPE_checks_replacement into dev
continuous-integration/drone/push Build is failing Details 
Reviewed-on: #33
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-10-09 15:48:14 +02:00
Jérémy Dubois 92837424fb Fix weird commits
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-10-09 15:35:23 +02:00
Jérémy Dubois 5fa8e0c9bb Customize fstab with noexec and softdep
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:10 +02:00
Jérémy Dubois bd4748b403 Customize root crontab and daily.local 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 15:21:09 +02:00
Jérémy Dubois 0a4e970ab8 Customize fstab with noexec and softdep 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:08 +02:00
Jérémy Dubois 4f201d3a73 Customize root crontab and daily.local 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 15:21:07 +02:00
Jérémy Dubois e019b79723 yamllint + correction /tmp softdep 
softdep is not added anymore if noexec is
already defined after rw
 2020-10-09 15:21:06 +02:00
Jérémy Dubois 88df904282 Customize fstab with noexec and softdep 
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
 2020-10-09 15:21:06 +02:00
Jérémy Dubois c9d1bff1c6 Customize root crontab and daily.local
continuous-integration/drone/push Build is failing Details 
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
 2020-10-09 14:15:46 +02:00
Jérémy Dubois fe0c7f6add Import evocheck v.6.7.5 2020-10-09 14:15:14 +02:00
Jérémy Dubois 07d83d4994 Delete empty line - yamllint
continuous-integration/drone/push Build is failing Details
2020-10-09 10:45:23 +02:00
Jérémy Dubois fa497b280e Configure sudoers umask
continuous-integration/drone/push Build is failing Details 
This configuration is checked by evocheck,
so it should be present by default
 2020-10-08 15:42:52 +02:00
Jérémy Dubois 12b2f3d280 Delete evobackup root crontab replaced by daily.local cron 2020-10-08 15:39:50 +02:00
Jérémy Dubois f97317b767 Better rc.local configuration
continuous-integration/drone/push Build is failing Details 
Add line before the "echo '.'" line instead of the end
Delete old entry not precising the hostname if still there
 2020-10-08 15:19:52 +02:00
Jérémy Dubois b0f1f9c2ca Fix OSPF role : add deletion of old log files
continuous-integration/drone/push Build is failing Details
2020-09-24 16:11:49 +02:00
Tristan PILAT f4d9ec7359 New naming conventing based OpenBSD's one
continuous-integration/drone/push Build is failing Details
2020-09-10 11:58:25 +02:00
Tristan PILAT 070046b5ee Add a CHANGELOG file
continuous-integration/drone/push Build is failing Details
2020-09-10 11:55:43 +02:00
Tristan PILAT 8ecaf81314 Update evocheck to 6.7.4 2020-09-10 11:55:43 +02:00
Tristan PILAT a2aec3f4a6 Rewrite README.md file 2020-09-10 11:55:43 +02:00
Tristan PILAT 3f0b3cff1c Update copyright to 2020 2020-09-10 11:55:43 +02:00
Jérémy Dubois 655099101c LDAP script replace "ram0" name with "mem"
continuous-integration/drone/push Build is failing Details
2020-09-02 15:10:16 +02:00
Jérémy Dubois 04ffb90b0c Add NRPE check unbound since OpenBSD use it more than bind
continuous-integration/drone/push Build is failing Details
2020-08-31 17:29:57 +02:00
Jérémy Dubois 5bc2d87000 Fix commit_etc_git.yml task author
continuous-integration/drone/push Build is failing Details 
Author in two parts was considered as "author" + "<file>" instead of "author
<author>"
 2020-08-26 09:50:05 +02:00
Jérémy Dubois b586b1fafe Write and deploy motd-carp-state.sh
continuous-integration/drone/push Build is failing Details 
A script that checks the carp state and writes in the /etc/motd file if the
server is in backup or master state. Script is copied in /usr/share/scripts/
directory and a cron job is installed but disabled by default.
 2020-08-25 17:57:22 +02:00
Jérémy Dubois deafd82337 For local modifications of nrpe conf, use zzz_evolix.cfg instead of zzz-evolix.cfg which is buggy
continuous-integration/drone/push Build is failing Details
2020-08-21 15:26:32 +02:00
Jérémy Dubois 829df74567 ldap.sh : Fix computerOS and add case for HardwareSerial if computer is a VM
continuous-integration/drone/push Build is failing Details
2020-08-21 14:33:53 +02:00
Jérémy Dubois d956d5c6ba Import evocheck 6.7.3
continuous-integration/drone/push Build is failing Details
2020-07-31 14:32:44 +02:00
Jérémy Dubois 708ffcc538 Add packetfilter service and update other services version in LDIF creation for LDAP
continuous-integration/drone/push Build is failing Details
2020-07-29 14:52:46 +02:00
Jérémy Dubois 3a6cd20ab3 Configure the check_packetfilter in NRPE with doas
continuous-integration/drone/push Build is failing Details
2020-07-28 17:57:30 +02:00
Jérémy Dubois 5166977025 Change mode : make check_packetfilter.sh executable
continuous-integration/drone/push Build is failing Details
2020-07-28 17:47:01 +02:00
Jérémy Dubois 62515ca5b5 Add a new NRPE check : check_packetfilter
continuous-integration/drone/push Build is failing Details
2020-07-28 17:45:14 +02:00
Jérémy Dubois cdc811b3de New NRPE check : check_packetfilter
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-07-28 17:43:24 +02:00
Jérémy Dubois 05898cc188 Change NTP check host
continuous-integration/drone/push Build is failing Details
2020-07-21 14:12:45 +02:00
Jérémy Dubois c6e55ea4c0 Correct yamllint : spaces inside braces
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-07-09 16:09:19 +02:00
Jérémy Dubois 5c11472e9a Force replacement of some NRPE checks
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
We cannot simply put "force: true" because some
checks are customizable, some are not.
We do not force to replace customizable ones for
the customizations not to be lost.
 2020-07-09 15:44:25 +02:00
Jérémy Dubois 30c1b70e2b Modified openbgpd check to be in NRPE critical state when BGPD is not running
continuous-integration/drone/push Build is failing Details
2020-07-08 17:28:12 +02:00
Jérémy Dubois 3dd9e461c4 Corrects yaml line break.
continuous-integration/drone/push Build is failing Details 
Indentation is not allowed and breaks the tasks.
 2020-07-02 16:40:17 +02:00
Jérémy Dubois 7e977633bd Add arguments and details for first evolixisation 2020-07-02 16:37:25 +02:00
Jérémy Dubois dedbdf9822 Added a package needed for the OpenVPN check and changed the default location of the checks
continuous-integration/drone/push Build is failing Details
2020-06-23 15:38:21 +02:00
Jérémy Dubois 593df07f09 We do not net postgresql-client anymore
continuous-integration/drone/push Build is failing Details 
We now use an API for evomaintenance instead
of a direct call to postgresql
 2020-06-16 17:17:20 +02:00
Jérémy Dubois 87d0c8aca4 We do not use pfstatd anymore 2020-06-16 17:16:55 +02:00
Tristan Pilat 0b4e262f13 Merge pull request 'Ansible-lint and yamllint' (#32) from linting into dev
continuous-integration/drone/push Build is failing Details 
Reviewed-by: Jérémy Dubois <jdubois@noreply.gitea.evolix.org>
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-06-08 17:14:29 +02:00
Patrick Marchand 9f378fc1f9 Misunderstood syntax for unordered lists in markdown
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
So an unordered list needs three spaces and an ordered list needs
a dot and two spaces.
 2020-06-04 13:27:03 -04:00
Patrick Marchand b711154722 Apply fix in last commit to other markdown files
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
So a markdown list should be no indentation followed by two spaces. '  '

*  one
*  two
 2020-06-04 13:23:06 -04:00
Patrick Marchand 87ff4e635f Try to fix markdown indentation after reading issues
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
See https://github.com/remarkjs/remark-lint/issues/178
 2020-06-04 13:18:28 -04:00
Patrick Marchand ce09c3f81f Try to fix markdown indentation, again and again
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-06-04 13:16:08 -04:00
Patrick Marchand 245c80d73f Try to fix markdown indentation, again
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details
2020-06-04 13:14:23 -04:00
Patrick Marchand aaf22d450e Try to fix markdown indentation
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details
2020-06-04 13:12:38 -04:00
Patrick Marchand db488ba8ef Split long lines in git role
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details
2020-06-04 13:10:08 -04:00
Patrick Marchand c6410ca1f5 fix forgotten quote in .drone.yml
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-06-04 13:02:47 -04:00
Patrick Marchand 98089a3274 Fix yaml lint lines too long
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
 2020-06-04 12:51:53 -04:00
Patrick Marchand e877b721f9 Fix readme markdown
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
2020-06-04 11:47:08 -04:00
Patrick Marchand 896548c14c lint markdown files
continuous-integration/drone/pr Build is failing Details
continuous-integration/drone/push Build is failing Details 
Makes sure the documentation will render correctly
 2020-06-04 11:42:46 -04:00
Patrick Marchand f8d6a0be86 add a yaml linting step to the ci
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
catches problems in the drone ci file as well
 2020-06-04 11:41:49 -04:00
Patrick Marchand 4e8fca725c mention linting in CONTRIBUTING.md
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details 
more of a test for the drone ci hook honestly
 2020-06-04 11:21:21 -04:00
Patrick Marchand a6213719ae Add linting step to the ci 
We will need to go through code and ignore any warnings we dont want to fix.
 2020-06-03 16:45:42 -04:00
Jérémy Dubois e29e0e9e62 Ansible-lint and yamllint again 
Lot of truthy variables, indentation and trailing spaces
 2020-06-01 11:37:15 +02:00
Patrick Marchand af7b3b36fe Ansible-lint and yamllint 
Does not fix all warnings, but gets rid of the purely cosmetic ones.
(roles/accounts/tasks/main.yml)
 2020-05-22 11:49:18 -04:00
Jérémy Dubois 38e5c1bf70 Add OpenBSD version in computerOS field of ldap.sh 2020-05-22 11:34:47 +02:00
Jérémy Dubois 2177d43637 Import Evomaintenance 0.6.3 2020-05-18 17:30:54 +02:00
Jérémy Dubois 1014dab37b Escaping percent sign in crontab for bgp role 2020-05-15 16:25:58 +02:00
Tristan PILAT 6ae49f147d Fix group name in evocheck install task 2020-05-12 18:21:20 +02:00
Tristan PILAT 064055b5c8 Execute Evocheck at the end of the Evolixisation process 2020-05-12 15:05:07 +02:00
Tristan PILAT 1829b0b717 Add evocheck to the roles called during the Evolixisation process 2020-05-12 15:04:05 +02:00
Tristan PILAT 12f7e347da Add initial version of an evocheck role 2020-05-12 15:01:46 +02:00
Jérémy Dubois 2de4227651 Merge pull request 'Enhance ospfd_simple check' (#19) from enhance_check_ospfd_simple into dev 
Reviewed-by: Patrick Marchand <pmarchand@noreply.gitea.evolix.org>
 2020-04-29 15:46:20 +02:00
Tristan Pilat 2c9bad859d Merge pull request 'Writing of ospf and bgp roles' (#29) from ospf_and_bgp into dev 
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-04-24 15:00:31 +02:00
Tristan Pilat 96b3d43342 Merge pull request 'Reordering of the list of NRPE checks' (#30) from reorder_nrpe_checks into dev 
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
 2020-04-24 14:22:17 +02:00
Tristan Pilat d0108d6e3f Merge pull request 'Customize newsyslog' (#31) from customize_newsyslog into dev 
Reviewed-by: Patrick Marchand <pmarchand@noreply.gitea.evolix.org>
 2020-04-24 14:16:15 +02:00
Jérémy Dubois c45c68c1b0 Add execute permission to OpenVPN check 2020-04-22 15:43:56 +02:00
Jérémy Dubois cb2be6ecd2 Change wtmp rotation period 2020-04-22 15:17:46 +02:00
Jérémy Dubois 9b1f5c0f6c Customize newsyslog.conf 2020-04-22 15:06:53 +02:00
Jérémy Dubois 6cf81802be Reordering of the list of NRPE checks 
With deletion of unused check_onduleur
and correction of check_connections_state location
 2020-04-22 14:30:26 +02:00
Jérémy Dubois 71e0acb7e7 Functional and better ospfd check 2020-04-22 12:08:55 +02:00
Jérémy Dubois 634cfee774 Writing of ospf and bgp roles 2020-04-22 11:59:41 +02:00
Jérémy Dubois 58851556bf Add file to .gitignore 2020-04-21 19:24:02 +02:00
Jérémy Dubois 27006f8db7 Doas permissions rearrangement 2020-04-21 16:18:07 +02:00
Jérémy Dubois 267163ba93 Correcting a typo 2020-04-21 16:15:29 +02:00
Jérémy Dubois 05d2b707e1 Add OpenBGPD nrpe check with doas configuration 2020-04-21 14:25:42 +02:00
Jérémy Dubois 1ba892ef01 Improve NRPE OpenVPN check 2020-04-21 14:14:49 +02:00
Jérémy Dubois caf151d05c Import last evobackup client script 
The only difference from Debian version is that /srv does not exist on OpenBSD
and is removed from the backup directory list

Close #21
 2020-04-21 11:42:52 +02:00
Jérémy Dubois c6e3f06fd6 Add .gitignore file 2020-04-21 11:40:31 +02:00
Jérémy Dubois f57e0e24f0 Change in depreciated options 
Packages list and comparisons will have a new syntax with future ansible version
 2020-04-21 11:35:45 +02:00
Jérémy Dubois 29afa42c3d Deletion of mailevomaintenance.sh 
We now use the git status cron for uncommited changes
 2020-04-21 11:30:40 +02:00
Jérémy Dubois 10d56cad1e Correction of the stricter ssh access commit 
evolinux_ssh_group was missing
 2020-04-21 11:27:43 +02:00
Jérémy Dubois 337dcb9438 Make evolixisation playbook more complete 
- Specification of the different possible uses of the playbook
- Addition of the openvpn role, commented by default
- No use of the PKG_PATH variable, which is no longer useful since OpenBSD 6.1 installurl.
 2020-04-21 11:15:27 +02:00
Tristan Pilat 9c716c5d68 Merge branch 'stricter-access-control' of evolix/EvoBSD into dev 
The changes look good to me. Let's merge to dev!
 2019-11-25 10:03:45 +01:00
Tristan PILAT 70135252c0 Import Evomaintenance 0.6.1 2019-11-19 16:28:12 +01:00
Tristan PILAT f88538858b Import Evomaintenance 0.6.0 2019-11-14 15:07:09 +01:00
Tristan PILAT 02658b6b1d Add first version of an OpenVPN role 2019-10-30 11:00:29 +01:00
Tristan PILAT 8be45548a2 Since yspatch can apply stable patches, we no longer need to install openup 2019-10-29 17:59:33 +01:00
Patrick Marchand 67d6c0ab62 revert forgotten extra variables in main 2019-09-19 17:12:21 -04:00
Patrick Marchand 8b1ce861e3 Add stricter ssh and doas access 2019-09-19 17:07:01 -04:00
Tristan PILAT d736455327 Please, we don't want the mouse function enabled in vim 2019-09-17 10:43:37 +02:00
Tristan Pilat 6b309ee32c Merge branch 'evomaintenance_22_08_19' of evolix/EvoBSD into dev 
Cool
 2019-09-17 10:38:03 +02:00
Patrick Marchand 3e3eb695b4 Merge branch 'replace_sudo_with_doas' into dev 
Any new checks should use doas as well.
 2019-09-03 17:43:22 +02:00
Patrick Marchand 0160a259c1 Accept new 'check_dhcpd' check into dev 2019-09-03 17:39:36 +02:00
Patrick Marchand 18ac01cbb3 Apply latest dev branch to check_dhcpd branch 2019-09-03 11:38:34 -04:00
Patrick Marchand e1576b5861 Accept new check connections_state with doas 2019-09-03 17:36:54 +02:00
Patrick Marchand a994225c27 Merge check_connections_state into dev 2019-09-03 11:34:14 -04:00
Tristan PILAT 70e49781d9 Import evomaintenance after last overhaul 2019-08-22 17:24:03 +02:00
Jérémy Dubois f0c4b2f414 Enhance ospfd_simple check 
The condition did not work properly
 2019-07-22 15:56:35 +02:00
Jérémy Dubois f305b3420b Replace all sudo occurences with doas 2019-07-15 18:25:25 +02:00
Jérémy Dubois 6b55368234 Improve script and add comments 2019-07-15 17:48:51 +02:00
Jérémy Dubois a23a6efca8 Replace sudo with doas 2019-07-15 17:44:05 +02:00
Jérémy Dubois 1b5196d6a4 Replace sudo with doas 2019-07-15 17:29:36 +02:00
Patrick Marchand f456e4abf2 Fix typo in pkg name 
Wrote postgresql withouth the g...
 2019-05-13 14:52:54 +02:00
Patrick Marchand 1cab5efc1d Reverts erroneous removal of postrgres-client pkg 2019-05-13 14:52:54 +02:00
Tristan PILAT 0afd6b9b63 Add missing quotes 2019-05-13 14:52:54 +02:00
Tristan PILAT 38273ecf33 Add a title in the daily output mail for the git status report 2019-05-13 14:52:54 +02:00
Tristan PILAT b23a579603 We have to make sure the daily.local file exists otherwise the playbook fails 2019-05-13 14:52:54 +02:00
Tristan Pilat a7ec4597cb Merge branch 'increase_pf_states' of evolix/EvoBSD into dev 
That's just a small value change in the pf_states NRPE check. No need to test. ok by me.
 2019-05-11 21:00:42 +02:00
Tristan PILAT a6815408a8 Add a warning message in the NRPE configuration requesting to use an alternative configuration file for local modifications 2019-04-23 20:50:02 +02:00
Tristan PILAT 798a482787 Load root's environment when using doas 2019-04-23 20:50:02 +02:00
Jérémy Dubois 0f1b209370 Configure check_dhcpd 2019-04-19 15:21:08 +02:00
Jérémy Dubois d2e9a0f5fb Increase warning and critical pf_states threshold 2019-04-15 11:00:53 +02:00
Jérémy Dubois 4ef630285d Add check_connections_state 
Script to check if connections are UP, and if so,
check whether main connection is correctly used.
Also add configuration to use with nrpe and sudo.
 2019-04-09 15:53:45 +02:00
Tristan Pilat 2f63cbe0fa Merge branch 'enhancement' of evolix/EvoBSD into dev 
Defines .profile a bit more and deactivates sndiod(8) by default.

This has been taken care of.
 2019-03-22 16:16:25 +01:00
Tristan PILAT 01278281bd Bring some completion functions in root's profile dotfile 2019-03-22 16:05:33 +01:00
Tristan PILAT 1d6eaa1270 sndiod is not needed, let's disable it 2019-03-22 16:05:02 +01:00
Tristan PILAT 74464346a2 We don't need a separate task to install sudo 2019-03-22 16:04:44 +01:00