Ansible roles by Evolix
Find a file
Jérémy Lecour 71e8b4ed1e
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |0|0|0|0|:clap:
gitea/ansible-roles/pipeline/tag This commit looks good
Merge pull request 'Release 25.01.4' (#205) from unstable into stable
Reviewed-on: #205
2025-01-31 16:24:24 +01:00
.vscode vscode: ansible/yaml formatter 2023-06-01 09:43:43 +02:00
amavis postfix/amavis: max servers is now 3 (previously 2) 2024-04-17 17:09:12 +02:00
amazon-ec2 change syntax "become: [yes,no]" → "become: [true,false]" 2023-07-03 14:21:22 +02:00
apache Add log2mail tags 2024-11-29 11:36:11 +01:00
apt apt: Only install evolix-archive-keyring when necessary, Fix #201 2025-01-24 15:55:57 +01:00
autosysadmin-agent autosysadmin-agent: split tasks files to include install.yml from a playbook 2024-11-08 16:44:45 +01:00
autosysadmin-restart_nrpe autosysadmin-agent: remove restart_nrpe (deployed separately) and add examples 2024-09-23 17:00:45 +02:00
bind fix(bind): fix apparmor profile when not chrooted 2025-01-28 11:40:37 +01:00
bullseye-detect/tasks Use FQCN 2023-03-20 23:33:19 +01:00
certbot certbot: various fixes for haproxy renewal hook 2024-09-06 08:46:01 +02:00
check_free_space check_free_space: don't store outgoing emails (they can be quite big) 2025-01-03 11:28:43 +01:00
clamav Use FQCN 2023-03-20 23:33:19 +01:00
dhcpd Use FQCN 2023-03-20 23:33:19 +01:00
docker-host updated README with useful vars for docker-host 2024-10-04 15:43:18 +02:00
docker-rootless-instance Ajout rôle docker-rootless-instance 2024-07-30 18:09:25 +02:00
dovecot dovecot: add variables for LDAP 2024-02-07 16:14:29 +01:00
drbd Use FQCN 2023-03-20 23:33:19 +01:00
elasticsearch elasticsearch: fix role 2024-10-30 14:22:13 +01:00
etc-git cron is not $PATH friendly 2024-10-02 10:56:29 +02:00
evoacme evoacme: Certificates directory path 2024-08-16 11:48:40 +02:00
evobackup-client evobackup-client: upstream release 25.01 2025-01-07 17:35:25 +01:00
evocheck evocheck: upstream release 25.01 2025-01-23 12:08:46 +01:00
evolinux-base evolinux-base: install/enable fail2ban by default 2025-01-31 16:22:57 +01:00
evolinux-todo Revert "evolinux-todo: add task activate check pressure" 2024-12-20 13:29:05 +01:00
evolinux-users evolinux-users: add missing sudo rule for check_minifirewall_config 2025-01-24 11:09:57 +01:00
evomaintenance evomaintenance: rm dead task, document manual enable in README 2024-10-15 11:53:26 +02:00
fail2ban Fix Debian 12 roundcube error log path 2024-12-17 10:37:48 +01:00
filebeat fix(filebeat): remove inexistent state argument in a template task 2024-11-20 15:29:51 +01:00
fluentd all checks: assume alerts_wrapper (ie. monitoringctl) is present, which simplifies NRPE checks definition 2024-11-19 11:19:45 +01:00
generate-ldif generate-ldif: enforce ipv4 for ssh-keyscan 2024-10-30 16:41:04 +01:00
graylog Add role for Graylog 2023-03-30 17:58:30 +02:00
haproxy Fix typecase 2024-10-17 15:45:45 +02:00
java Allow Java 17 2023-09-26 18:00:57 +02:00
jenkins Ensure {{ apt_keyring_dir }} directory exists 2023-07-25 10:59:53 +02:00
keepalived all checks: assume alerts_wrapper (ie. monitoringctl) is present, which simplifies NRPE checks definition 2024-11-19 11:19:45 +01:00
kibana Elastic Stack : default to version 8.x 2024-06-17 10:46:34 +02:00
kvm-host lvm: rewrite the filter composition 2025-01-31 11:11:17 +01:00
ldap amavis/ldap: make ldap_suffix mandatory 2024-02-07 16:15:32 +01:00
listupgrade listupgrade: upstream release 25.01 2025-01-23 14:48:01 +01:00
log2mail Add log2mail tags 2024-11-29 11:36:11 +01:00
logstash Elastic Stack : default to version 8.x 2024-06-17 10:46:34 +02:00
lxc lxc: Use lxc-templates from Backports to install old releases on Bullseye 2025-01-14 15:38:20 +01:00
lxc-php lxc-php: use apt-get instead of apt 2025-01-09 17:29:29 +01:00
lxc-solr lxc-solr: update solr9 version + fix URL in README 2024-06-05 15:42:16 +02:00
memcached all checks: assume alerts_wrapper (ie. monitoringctl) is present, which simplifies NRPE checks definition 2024-11-19 11:19:45 +01:00
meta Add meta/main.yml file for ansible galaxy cloning 2017-11-14 22:16:17 +01:00
metricbeat metricbeat: Drop spurious state for template 2024-12-03 15:45:52 +01:00
minifirewall minifirewall: fix fail2ban restart 2025-01-31 16:11:44 +01:00
mongodb mongodb: add gpg key for 7.0 2023-12-18 16:36:09 +01:00
monit force: [yes,no] → force [true,false] 2023-06-28 13:25:30 +02:00
munin Munin role: custom ipmi_ plugin file copied to /usr/local/share/munin/plugins/ 2025-01-29 14:09:29 -05:00
mysql mysql: patch mysql_ (mysql2) Munin plugin, upstream discontinued 2025-01-23 15:00:25 +01:00
mysql-oracle force: [yes,no] → force [true,false] 2023-06-28 13:25:30 +02:00
nagios-nrpe nagios-nrpe: monitoringctl upstream update 2025-01-15 11:17:04 +01:00
nameserver Use FQCN 2023-03-20 23:33:19 +01:00
networkd-to-ifconfig Use FQCN 2023-03-20 23:33:19 +01:00
newrelic Ensure {{ apt_keyring_dir }} directory exists 2023-07-25 10:59:53 +02:00
nginx improve Nginx bad bots filter 2024-12-31 00:42:03 +01:00
nodejs Fix wrong module params when templating apt sources on Debian 12+ 2024-06-12 20:00:12 +02:00
ntpd Use FQCN 2023-03-20 23:33:19 +01:00
opendkim opendkim: update apt cache before install 2023-07-20 16:33:15 +02:00
openvpn all checks: assume alerts_wrapper (ie. monitoringctl) is present, which simplifies NRPE checks definition 2024-11-19 11:19:45 +01:00
packweb-apache packweb-apache: enable php83 and php84 2024-12-18 11:07:59 +01:00
percona Ensure {{ apt_keyring_dir }} directory exists 2023-07-25 10:59:53 +02:00
pgbouncer rename handler 2023-06-05 14:28:06 +02:00
php php: Use keyring packages 2025-01-09 17:29:29 +01:00
policy_pam policy_pam > Add support for Debian 10/9 2023-06-12 11:35:53 +02:00
postfix postfix/amavis: max servers is now 3 (previously 2) 2024-04-17 17:09:12 +02:00
postgresql all checks: assume alerts_wrapper (ie. monitoringctl) is present, which simplifies NRPE checks definition 2024-11-19 11:19:45 +01:00
proftpd IdentLookups is part of mod_ident 2024-12-24 16:41:14 +01:00
project-users project-users: rewrite logic regarding UID handling 2024-09-05 23:12:46 +02:00
rabbitmq all checks: assume alerts_wrapper (ie. monitoringctl) is present, which simplifies NRPE checks definition 2024-11-19 11:19:45 +01:00
rbenv rbenv: Installer libyaml-dev 2023-10-12 17:49:00 +02:00
redis all checks: assume alerts_wrapper (ie. monitoringctl) is present, which simplifies NRPE checks definition 2024-11-19 11:19:45 +01:00
redmine change syntax "become: [yes,no]" → "become: [true,false]" 2023-07-03 14:21:22 +02:00
remount-usr remount-usr: back to a simpler implementation 2024-02-07 15:43:23 +01:00
spamassasin spamassassin: fix missing directory for bayes rules 2024-09-09 10:38:52 +02:00
squid squid: disable netdb journal #75115 2024-12-05 17:53:57 +01:00
ssl Fix typecase 2024-10-17 15:45:45 +02:00
supervisord force: [yes,no] → force [true,false] 2023-06-28 13:25:30 +02:00
timesyncd timesyncd: fix autostart at boot 2024-12-26 16:26:21 +01:00
tomcat tomcat: fix check_tomcat_instance 2025-01-06 10:42:29 +01:00
tomcat-instance force: [yes,no] → force [true,false] 2023-06-28 13:25:30 +02:00
trixie-detect/tasks Drop bookworm-detect 2025-01-20 16:40:22 +01:00
unbound unbound: Add a apt cache validity to enforce an apt update if needed 2023-12-19 17:55:36 +01:00
userlogrotate keep rights from current log 2023-09-26 11:42:21 +02:00
varnish force: [yes,no] → force [true,false] 2023-06-28 13:25:30 +02:00
vrrpd whitespaces 2024-05-13 10:22:03 +02:00
webapps Mattermost role: use certbot --cert-name option + use handler instead of task 2025-01-24 10:40:00 -05:00
.gitignore .gitignore .vscode directory 2023-06-15 15:26:07 +02:00
.Jenkinsfile Jenkinsfile > Creating a temp file to collect lint result is not required 2022-12-27 18:43:37 +01:00
.markdownlint.json Linting CHANGELOG 2023-10-14 07:36:29 +02:00
CHANGELOG.md Release 25.01.4 2025-01-31 16:23:46 +01:00
Dockerfile Dockerfile: replace stretch with bookworm 2024-12-20 11:36:34 +01:00
evolix Revert "Suppression lien symbolique boucle récursive (créé par Victor en mars 2018)" 2022-05-25 09:37:46 +02:00
java8 java: support for Oracle JRE 2018-06-11 10:39:52 +02:00
LICENSE Add the GPLv2 licence 2017-01-05 18:22:06 +01:00
README.md Mention the CHANGELOG in the README 2021-02-04 11:13:05 +01:00

Ansible-roles

A repository for Ansible roles used by Evolix on Debian GNU/Linux 9 (stretch) servers. Few roles are also be compatible with Debian GNU/Linux 8 (jessie) servers.

It contains only roles, everything else is available at https://gitea.evolix.org/evolix/ansible-public

Branches

The stable branch contains roles that we consider ready for production.

The unstable branch contains not sufficiently tested roles (or evolutions on existing roles) that we don't consider ready for production yet.

Many feature branches may exist in the repository. They represent "work in progress". They may be used, for testing purposes.

Install and usage

First, check-out the repository :

$ cd ~/GIT/
$ git clone https://gitea.evolix.org/evolix/ansible-roles

Then, add its path to your ansible load path :

$ vim ~/.ansible.cfg
[defaults]
roles_path = $HOME/GIT/ansible-roles

Then, include roles in your playbooks :

- hosts: all
  gather_facts: yes
  become: yes
  roles:
    - etc-git
    - evolinux-base

Contributing

Contributions are welcome, especially bug fixes and "ansible good practices". They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".

Before starting anything of importance, we suggest contacting us to discuss what you'd like to add or change.

Our conventions are available in the "ansible-public":https://gitea.evolix.org/evolix/ansible-public repository, in the CONVENTIONS.md file.

All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits, on a single role, and with the CHANGELOG in the same commit.

Workflow

The ideal and most typical workflow is to create a branch, based on the "unstable" branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into "unstable".

Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into "unstable".

Hotfixes, can be prepared on a new branch, based on "stable" or "unstable" (to be decided by the author). When ready, it can be merged back to "stable" for immediate deployment and to "unstable" for proper backporting.

Other workflow are not forbidden, but should be discussed in advance.