Merge branch 'unstable' into stable
This commit is contained in:
commit
6ac4bdf734
|
@ -27,5 +27,5 @@ There is also an independant task that can be executed to commit changes made in
|
|||
name: etc-git
|
||||
tasks_from: commit.yml
|
||||
vars:
|
||||
commit_message: "Ansible pre-run my splendid playbook"
|
||||
commit_message: "Ansible post-run my splendid playbook"
|
||||
```
|
||||
|
|
|
@ -4,13 +4,6 @@
|
|||
apt:
|
||||
name: git
|
||||
state: present
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Git is installed (OpenBSD)
|
||||
openbsd_pkg:
|
||||
name: git
|
||||
state: present
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
|
||||
- name: /etc is versioned with git
|
||||
command: "git init ."
|
||||
|
|
|
@ -5,7 +5,6 @@ Install and run evocheck ; a script for checking various settings automatically.
|
|||
## Tasks
|
||||
|
||||
The roles does not install evocheck by default as it should be installed through dependencies.
|
||||
For OpenBSD, it should be packaged, but the work is not done yet.
|
||||
|
||||
A separate `exec.yml` file can be imported manually in playbooks or roles to execute the script. Example :
|
||||
|
||||
|
|
|
@ -33,7 +33,6 @@ Main variables are:
|
|||
* `evolinux_apt_hooks`: install APT hooks (default: `True`)
|
||||
* `evolinux_apt_remove_aptitude`: uninstall aptitude (default: `True`)
|
||||
* `evolinux_delete_nfs`: delete NFS tools (default: `True`)
|
||||
* `evolinux_ntp_server`: custom NTP server host or IP (default: `Null`)
|
||||
* `evolinux_additional_packages`: optional additional packages to install (default: `[]`)
|
||||
* `evolinux_postfix_purge_exim`: purge Exim packages (default: `True`) ;
|
||||
* `evolinux_ssh_password_auth_addresses`: list of addresses that can authenticate with a password (default: `[]`)
|
||||
|
|
|
@ -83,7 +83,7 @@ evolinux_system_locales: True
|
|||
evolinux_system_set_timezone: True
|
||||
evolinux_system_timezone: "Europe/Paris"
|
||||
|
||||
evolinux_system_vim_skip_defaults: true
|
||||
evolinux_system_vim_skip_defaults: True
|
||||
evolinux_system_vim_default_editor: True
|
||||
evolinux_system_profile: True
|
||||
evolinux_system_dirmode_adduser: True
|
||||
|
@ -96,10 +96,6 @@ evolinux_system_alert5_init: True
|
|||
evolinux_system_alert5_enable: True
|
||||
evolinux_system_eni_auto: True
|
||||
|
||||
evolinux_system_ntprestrict: True
|
||||
evolinux_system_set_ntpserver: True
|
||||
evolinux_system_ntpserver: "ntp.evolix.net"
|
||||
|
||||
# root
|
||||
|
||||
evolinux_root_include: True
|
||||
|
|
|
@ -72,7 +72,3 @@
|
|||
name: postfix
|
||||
state: reloaded
|
||||
|
||||
- name: restart ntp
|
||||
service:
|
||||
name: ntp
|
||||
state: restarted
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
- block:
|
||||
|
||||
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ evolinux_default_www_ssl_subject }}"
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "{{ evolinux_default_www_ssl_subject }}"
|
||||
args:
|
||||
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
|
||||
|
||||
|
|
|
@ -14,5 +14,5 @@
|
|||
systemd:
|
||||
name: log2mail
|
||||
daemon-reload: yes
|
||||
state: restarted
|
||||
state: started
|
||||
enabled: yes
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
with_items:
|
||||
- locales
|
||||
- sudo
|
||||
- ntp
|
||||
- ntpdate
|
||||
- lsb-release
|
||||
- dnsutils
|
||||
|
|
|
@ -111,23 +111,8 @@
|
|||
- { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
||||
when: evolinux_system_cron_random
|
||||
|
||||
# NTP listen retriction
|
||||
- name: Listen only on lo interface
|
||||
|
||||
# NTP server address
|
||||
lineinfile:
|
||||
dest: /etc/ntp.conf
|
||||
line: "interface ignore wildcard"
|
||||
notify: restart ntp
|
||||
when: evolinux_system_ntprestrict
|
||||
|
||||
- name: Configure NTP
|
||||
replace:
|
||||
dest: /etc/ntp.conf
|
||||
regexp: "^server .*$"
|
||||
replace: "server {{ evolinux_system_ntpserver }}"
|
||||
notify: restart ntp
|
||||
when: evolinux_system_set_ntpserver
|
||||
- include_role:
|
||||
name: ntpd
|
||||
|
||||
## alert5
|
||||
|
||||
|
|
|
@ -11,9 +11,9 @@ minifirewall_privilegied_ips: []
|
|||
|
||||
minifirewall_protected_ports_tcp: [22]
|
||||
minifirewall_protected_ports_udp: []
|
||||
minifirewall_public_ports_tcp: [25, 53, 443, 993, 995, 2222]
|
||||
minifirewall_public_ports_udp: [53]
|
||||
minifirewall_semipublic_ports_tcp: [20, 21, 22, 80, 110, 143]
|
||||
minifirewall_public_ports_tcp: [22, 80, 443]
|
||||
minifirewall_public_ports_udp: []
|
||||
minifirewall_semipublic_ports_tcp: [20, 21, 25]
|
||||
minifirewall_semipublic_ports_udp: []
|
||||
minifirewall_private_ports_tcp: [5666]
|
||||
minifirewall_private_ports_udp: []
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
monit_daemon_time: 60
|
||||
monit_alert_dest:
|
||||
monit_httpd_enable: true
|
||||
monit_httpd_enable: True
|
||||
monit_httpd_port: 2812
|
||||
monit_httpd_allow_items:
|
||||
- localhost
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure that Munin is installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- munin
|
||||
- munin-node
|
||||
- munin-plugins-core
|
||||
- munin-plugins-extra
|
||||
tags:
|
||||
- munin
|
||||
- packages
|
||||
|
||||
- block:
|
||||
- name: Replace localdomain in Munin config
|
||||
replace:
|
||||
dest: /etc/munin/munin.conf
|
||||
regexp: 'localhost.localdomain'
|
||||
replace: '{{ ansible_fqdn }}'
|
||||
notify: restart munin-node
|
||||
|
||||
- name: Rename the localdomain data dir
|
||||
command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }}
|
||||
args:
|
||||
creates: /var/lib/munin/{{ ansible_domain }}
|
||||
removes: /var/lib/munin/localdomain
|
||||
notify: restart munin-node
|
||||
|
||||
when: not ansible_hostname == "localdomain"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are disabled
|
||||
file:
|
||||
path: '/etc/munin/plugins/{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
- http_loadtime
|
||||
- exim_mailqueue
|
||||
- exim_mailstats
|
||||
- nfsd
|
||||
- nfsd4
|
||||
- nfs_client
|
||||
- nfs4_client
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are enabled
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- meminfo
|
||||
- netstat_multi
|
||||
- tcp
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable sensors plugin unless VM detected
|
||||
file:
|
||||
src: /usr/share/munin/plugins/sensors_
|
||||
dest: /etc/munin/plugins/sensors_temp
|
||||
state: link
|
||||
when: ansible_virtualization_role != "guest"
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: adjustments for grsec kernel
|
||||
blockinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
block: |
|
||||
|
||||
[processes]
|
||||
user root
|
||||
|
||||
[vmstat]
|
||||
user root
|
||||
|
||||
[swap]
|
||||
user root
|
||||
when: ansible_kernel | search("-grs-")
|
|
@ -1,6 +1,87 @@
|
|||
---
|
||||
- include: debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- include: openbsd.yml
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
- name: Ensure that Munin is installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- munin
|
||||
- munin-node
|
||||
- munin-plugins-core
|
||||
- munin-plugins-extra
|
||||
tags:
|
||||
- munin
|
||||
- packages
|
||||
|
||||
- block:
|
||||
- name: Replace localdomain in Munin config
|
||||
replace:
|
||||
dest: /etc/munin/munin.conf
|
||||
regexp: 'localhost.localdomain'
|
||||
replace: '{{ ansible_fqdn }}'
|
||||
notify: restart munin-node
|
||||
|
||||
- name: Rename the localdomain data dir
|
||||
command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }}
|
||||
args:
|
||||
creates: /var/lib/munin/{{ ansible_domain }}
|
||||
removes: /var/lib/munin/localdomain
|
||||
notify: restart munin-node
|
||||
|
||||
when: not ansible_hostname == "localdomain"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are disabled
|
||||
file:
|
||||
path: '/etc/munin/plugins/{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
- http_loadtime
|
||||
- exim_mailqueue
|
||||
- exim_mailstats
|
||||
- nfsd
|
||||
- nfsd4
|
||||
- nfs_client
|
||||
- nfs4_client
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are enabled
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- meminfo
|
||||
- netstat_multi
|
||||
- tcp
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable sensors plugin unless VM detected
|
||||
file:
|
||||
src: /usr/share/munin/plugins/sensors_
|
||||
dest: /etc/munin/plugins/sensors_temp
|
||||
state: link
|
||||
when: ansible_virtualization_role != "guest"
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: adjustments for grsec kernel
|
||||
blockinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
block: |
|
||||
|
||||
[processes]
|
||||
user root
|
||||
|
||||
[vmstat]
|
||||
user root
|
||||
|
||||
[swap]
|
||||
user root
|
||||
when: ansible_kernel | search("-grs-")
|
||||
|
|
|
@ -1,100 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure that Munin is installed
|
||||
openbsd_pkg:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- munin-server
|
||||
- munin-node
|
||||
tags:
|
||||
- munin
|
||||
- packages
|
||||
|
||||
- name: Set munin.conf file
|
||||
template:
|
||||
src: munin.conf.j2
|
||||
dest: /etc/munin/munin.conf
|
||||
mode: "0644"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Create munin www directory
|
||||
file:
|
||||
path: '{{ munin_dir }}'
|
||||
state: directory
|
||||
owner: _munin
|
||||
group: www
|
||||
mode: "0755"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Set munin-node config
|
||||
template:
|
||||
src: munin-node.conf.j2
|
||||
dest: /etc/munin/munin-node.conf
|
||||
mode: "0644"
|
||||
notify: restart munin_node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Install munin cron
|
||||
copy:
|
||||
src: "crontab"
|
||||
dest: "/var/cron/tabs/_munin"
|
||||
owner: "_munin"
|
||||
group: "crontab"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable munin plugins
|
||||
file:
|
||||
src: "/usr/local/libexec/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- cpu
|
||||
- df
|
||||
- df_inode
|
||||
- load
|
||||
- memory
|
||||
- munin_stats
|
||||
- netstat
|
||||
- open_files
|
||||
- pf_changes
|
||||
- pf_searches
|
||||
- pf_states
|
||||
- processes
|
||||
- systat
|
||||
- uptime
|
||||
- users
|
||||
- vmstat
|
||||
notify: restart munin_node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable network graphs
|
||||
file:
|
||||
src: "/usr/local/libexec/munin/plugins/if_"
|
||||
dest: "/etc/munin/plugins/if_{{ item }}"
|
||||
state: link
|
||||
notify: restart munin_node
|
||||
with_items: "{{ ansible_interfaces }}"
|
||||
|
||||
- name: Enable sensors plugin unless VM detected
|
||||
file:
|
||||
src: /usr/local/libexec/munin/plugins/sensors_
|
||||
dest: /etc/munin/plugins/sensors_temp
|
||||
state: link
|
||||
when: ansible_vio0 is undefined
|
||||
notify: restart munin_node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Activating munin_node
|
||||
service:
|
||||
name: munin_node
|
||||
enabled: yes
|
||||
state: started
|
||||
tags:
|
||||
- munin
|
|
@ -1,51 +0,0 @@
|
|||
---
|
||||
- name: packages are installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nagios-nrpe-server
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-common
|
||||
- nagios-plugins-contrib
|
||||
- nagios-plugins-standard
|
||||
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix.cfg.j2
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
group: nagios
|
||||
mode: "0640"
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios config is secured
|
||||
file:
|
||||
dest: /etc/nagios/
|
||||
mode: "0750"
|
||||
group: nagios
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- include: remount_usr_rw.yml
|
||||
when: nagios_plugins_directory | search ("/usr")
|
||||
tags:
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins/
|
||||
dest: "{{ nagios_plugins_directory }}/"
|
||||
mode: "0755"
|
||||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios lib is secured
|
||||
file:
|
||||
dest: /usr/local/lib/nagios/
|
||||
mode: "0755"
|
||||
group: nagios
|
||||
recurse: yes
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
|
@ -1,10 +1,51 @@
|
|||
---
|
||||
- include: debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
tags:
|
||||
- nagios
|
||||
- name: packages are installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nagios-nrpe-server
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-common
|
||||
- nagios-plugins-contrib
|
||||
- nagios-plugins-standard
|
||||
|
||||
- include: openbsd.yml
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix.cfg.j2
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
group: nagios
|
||||
mode: "0640"
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios config is secured
|
||||
file:
|
||||
dest: /etc/nagios/
|
||||
mode: "0750"
|
||||
group: nagios
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- include: remount_usr_rw.yml
|
||||
when: nagios_plugins_directory | search ("/usr")
|
||||
tags:
|
||||
- nagios
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins/
|
||||
dest: "{{ nagios_plugins_directory }}/"
|
||||
mode: "0755"
|
||||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios lib is secured
|
||||
file:
|
||||
dest: /usr/local/lib/nagios/
|
||||
mode: "0755"
|
||||
group: nagios
|
||||
recurse: yes
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
---
|
||||
- name: packages are installed
|
||||
openbsd_pkg:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nrpe--
|
||||
- monitoring-plugins
|
||||
|
||||
- name: Create nrpe.d dir
|
||||
file:
|
||||
path: /etc/nrpe.d
|
||||
state: directory
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: "0755"
|
||||
|
||||
- name: Include nrpe.d dir in nrpe.cfg
|
||||
lineinfile:
|
||||
dest: /etc/nrpe.cfg
|
||||
line: 'include_dir=/etc/nrpe.d'
|
||||
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix_bsd.cfg.j2
|
||||
dest: /etc/nrpe.d/evolix.cfg
|
||||
notify: restart nrpe
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins_bsd/
|
||||
dest: /usr/local/libexec/nagios/plugins/
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: "0755"
|
||||
notify: restart nrpe
|
||||
|
||||
- name: Starting and enabling nrpe
|
||||
service:
|
||||
name: nrpe
|
||||
enabled: yes
|
||||
state: started
|
|
@ -1,5 +0,0 @@
|
|||
Role Name
|
||||
=========
|
||||
|
||||
Configure newsyslog by Evolix standard
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
# Syslog for Pack Evolix
|
||||
# MANAGED BY ANSIBLE, MODIFICATIONS WILL BE LOST
|
||||
# logfile_name owner:group mode count size when flags
|
||||
/var/cron/log root:wheel 600 52 * 168 Z
|
||||
/var/log/authlog root:wheel 640 52 * 168 Z
|
||||
/var/log/daemon 640 52 * 168 Z
|
||||
/var/log/lpd-errs 640 7 * 24 Z
|
||||
/var/log/maillog 640 52 * 168 Z
|
||||
/var/log/messages 644 52 * 168 Z
|
||||
/var/log/secure 600 52 * 168 Z
|
||||
/var/log/wtmp 644 7 * $W6D4 ZB
|
||||
/var/log/xferlog 640 7 250 * Z
|
||||
/var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd"
|
||||
/var/www/logs/access.log 644 4 * $W0 Z "pkill -USR1 -u root -U root -x httpd"
|
||||
/var/www/logs/error.log 644 7 250 * Z "pkill -USR1 -u root -U root -x httpd"
|
|
@ -1,15 +0,0 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
description: Basic configuration of newsyslog
|
||||
|
||||
issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
|
||||
platforms:
|
||||
- name: OpenBSD
|
||||
versions:
|
||||
- 6.1
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
|
||||
#- include: debian.yml
|
||||
# when: ansible_os_family == "Debian"
|
||||
|
||||
- include: openbsd.yml
|
||||
when: ansible_os_family == "OpenBSD"
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
# no need to enable any daemon, it's run (by default) with cron(8)
|
||||
- name: Configuring newsyslog
|
||||
copy:
|
||||
src: newsyslog.conf
|
||||
dest: /etc/newsyslog.conf
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: "0644"
|
||||
tags:
|
||||
- log
|
||||
- newsyslog
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
ntpd_only_local: True
|
||||
ntpd_servers:
|
||||
- 'pool.ntp.org'
|
||||
- 'ntp.evolix.net'
|
||||
ntpd_acls:
|
||||
- '127.0.0.1'
|
||||
- '::1'
|
||||
|
|
|
@ -2,6 +2,11 @@
|
|||
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
|
||||
{% if ntpd_only_local is defined and ntpd_only_local %}
|
||||
# Only listen on 127.0.0.1 and ::1
|
||||
interface ignore wildcard
|
||||
|
||||
{% endif %}
|
||||
# Enable this if you want statistics to be logged.
|
||||
#statsdir /var/log/ntpstats/
|
||||
|
||||
|
|
|
@ -33,3 +33,4 @@ refresh_pattern . 0 20% 4320
|
|||
|
||||
logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
|
||||
access_log /var/log/squid/access.log combined
|
||||
include /etc/squid/evolinux-custom.conf
|
||||
|
|
|
@ -15,11 +15,7 @@ server:
|
|||
|
||||
# root-hints: "/var/unbound/etc/named.cache"
|
||||
# Uncomment to enable DNSSEC validation.
|
||||
{% if ansible_os_family == "OpenBSD" %}
|
||||
auto-trust-anchor-file: "/var/unbound/db/root.key"
|
||||
{% else %}
|
||||
#auto-trust-anchor-file: "/etc/unbound/root.key"
|
||||
{% endif %}
|
||||
# Serve zones authoritatively from Unbound to resolver clients.
|
||||
# Not for external service.
|
||||
|
||||
|
|
|
@ -43,6 +43,8 @@
|
|||
src: config.local.php.j2
|
||||
dest: "{{ evoadmin_document_root}}/conf/config.local.php"
|
||||
mode: "0644"
|
||||
owner: evoadmin
|
||||
group: evoadmin
|
||||
force: no
|
||||
|
||||
- name: add www-evoadmin to shadow group
|
||||
|
|
Loading…
Reference in a new issue