Merge branch 'unstable' into stable
This commit is contained in:
commit
8a027f9521
|
@ -1,8 +1,7 @@
|
||||||
---
|
---
|
||||||
evolix_trusted_ips: []
|
apache_default_ipaddr_whitelist_ips: []
|
||||||
additional_trusted_ips: []
|
apache_additional_ipaddr_whitelist_ips: []
|
||||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
apache_ipaddr_whitelist_present: "{{ apache_default_ipaddr_whitelist_ips | union(apache_additional_ipaddr_whitelist_ips) | unique }}"
|
||||||
apache_ipaddr_whitelist_present: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
|
|
||||||
apache_ipaddr_whitelist_absent: []
|
apache_ipaddr_whitelist_absent: []
|
||||||
|
|
||||||
apache_private_htpasswd_present: []
|
apache_private_htpasswd_present: []
|
||||||
|
|
|
@ -5,5 +5,5 @@ LOG_DIR=/var/log/elasticsearch
|
||||||
USER=elasticsearch
|
USER=elasticsearch
|
||||||
MAX_AGE={{ elasticsearch_log_rotate_days | mandatory }}
|
MAX_AGE={{ elasticsearch_log_rotate_days | mandatory }}
|
||||||
|
|
||||||
find ${LOG_DIR} -type f -user ${USER} -name "*.log.????-??-??" -exec gzip --best {} \;
|
find ${LOG_DIR} -type f -user ${USER} \( -name "*.log.????-??-??" -o -name "*-????-??-??.log" \) -exec gzip --best {} \;
|
||||||
find ${LOG_DIR} -type f -user ${USER} -name "*.log.????-??-??.gz" -mtime +${MAX_AGE} -delete
|
find ${LOG_DIR} -type f -user ${USER} \( -name "*.log.????-??-??.gz" -o -name "*-????-??-??.log.gz" \) -ctime +${MAX_AGE} -delete
|
||||||
|
|
|
@ -108,10 +108,9 @@ evolinux_evomaintenance_include: True
|
||||||
|
|
||||||
evolinux_ssh_include: True
|
evolinux_ssh_include: True
|
||||||
|
|
||||||
evolix_trusted_ips: []
|
evolinux_default_ssh_password_auth_addresses: []
|
||||||
additional_trusted_ips: []
|
evolinux_additional_ssh_password_auth_addresses: []
|
||||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
evolinux_ssh_password_auth_addresses: "{{ evolinux_default_ssh_password_auth_addresses | union(evolinux_additional_ssh_password_auth_addresses) | unique }}"
|
||||||
evolinux_ssh_password_auth_addresses: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
|
|
||||||
evolinux_ssh_match_address: True
|
evolinux_ssh_match_address: True
|
||||||
evolinux_ssh_disable_acceptenv: True
|
evolinux_ssh_disable_acceptenv: True
|
||||||
evolinux_ssh_allow_current_user: False
|
evolinux_ssh_allow_current_user: False
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: default_www/img
|
src: default_www/img
|
||||||
dest: /var/www/
|
dest: /var/www/
|
||||||
mode: "0755"
|
mode: "0644"
|
||||||
directory_mode: "0755"
|
directory_mode: "0755"
|
||||||
follow: yes
|
follow: yes
|
||||||
when: evolinux_default_www_files
|
when: evolinux_default_www_files
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
template:
|
template:
|
||||||
src: default_www/index.html.j2
|
src: default_www/index.html.j2
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
mode: "0755"
|
mode: "0644"
|
||||||
force: no
|
force: no
|
||||||
when: evolinux_default_www_files
|
when: evolinux_default_www_files
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,6 @@ evomaintenance_urgency_tel: "06.00.00.00.00"
|
||||||
|
|
||||||
evomaintenance_realm: "{{ ansible_domain }}"
|
evomaintenance_realm: "{{ ansible_domain }}"
|
||||||
|
|
||||||
evolix_trusted_ips: []
|
evomaintenance_default_hosts: []
|
||||||
additional_trusted_ips: []
|
evomaintenance_additional_hosts: []
|
||||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
|
||||||
evomaintenance_hosts: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
|
|
||||||
|
|
|
@ -2,10 +2,9 @@
|
||||||
general_alert_email: "root@localhost"
|
general_alert_email: "root@localhost"
|
||||||
fail2ban_alert_email: Null
|
fail2ban_alert_email: Null
|
||||||
|
|
||||||
evolix_trusted_ips: []
|
fail2ban_default_ignore_ips: []
|
||||||
additional_trusted_ips: []
|
fail2ban_additional_ignore_ips: []
|
||||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
|
||||||
fail2ban_ignore_ips: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
|
|
||||||
|
|
||||||
fail2ban_wordpress: False
|
fail2ban_wordpress: False
|
||||||
fail2ban_roundcube: False
|
fail2ban_roundcube: False
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
ldap_hostname: "{{ ansible_hostname }}"
|
ldap_hostname: "{{ ansible_hostname }}"
|
||||||
|
ldap_listen: "ldap://127.0.0.1:389/"
|
||||||
ldap_domain: "{{ ansible_domain }}"
|
ldap_domain: "{{ ansible_domain }}"
|
||||||
ldap_suffix: "dc={{ ldap_hostname }},dc={{ ldap_domain.split('.')[-2] }},dc={{ ldap_domain.split('.')[-1] }}"
|
ldap_suffix: "dc={{ ldap_hostname }},dc={{ ldap_domain.split('.')[-2] }},dc={{ ldap_domain.split('.')[-1] }}"
|
||||||
|
|
|
@ -8,6 +8,13 @@
|
||||||
- ldapvi
|
- ldapvi
|
||||||
- shelldap
|
- shelldap
|
||||||
|
|
||||||
|
- name: change sldap listen ip:port
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/default/slapd
|
||||||
|
regexp: 'SLAPD_SERVICES=.*'
|
||||||
|
line: "SLAPD_SERVICES=\"{{ ldap_listen }}\""
|
||||||
|
notify: restart slapd
|
||||||
|
|
||||||
- name: "Is /root/.ldapvirc present ?"
|
- name: "Is /root/.ldapvirc present ?"
|
||||||
stat:
|
stat:
|
||||||
path: /root/.ldapvirc
|
path: /root/.ldapvirc
|
||||||
|
|
|
@ -7,11 +7,10 @@ minifirewall_int: "{{ ansible_default_ipv4.interface }}"
|
||||||
minifirewall_ipv6: "on"
|
minifirewall_ipv6: "on"
|
||||||
minifirewall_intlan: "{{ ansible_default_ipv4.address }}/32"
|
minifirewall_intlan: "{{ ansible_default_ipv4.address }}/32"
|
||||||
|
|
||||||
evolix_trusted_ips: []
|
minifirewall_default_trusted_ips: []
|
||||||
additional_trusted_ips: []
|
minifirewall_additional_trusted_ips: []
|
||||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
|
||||||
# and default to ['0.0.0.0/0'] if the result is still empty
|
# and default to ['0.0.0.0/0'] if the result is still empty
|
||||||
minifirewall_trusted_ips: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique | default(['0.0.0.0/0'], true) }}"
|
minifirewall_trusted_ips: "{{ minifirewall_default_trusted_ips | union(minifirewall_additional_trusted_ips) | unique | default(['0.0.0.0/0'], true) }}"
|
||||||
minifirewall_privilegied_ips: []
|
minifirewall_privilegied_ips: []
|
||||||
|
|
||||||
minifirewall_protected_ports_tcp: [22]
|
minifirewall_protected_ports_tcp: [22]
|
||||||
|
|
|
@ -77,7 +77,8 @@ NTPOK='0.0.0.0/0'
|
||||||
# Example: allow SSH from Trusted IPv6 addresses
|
# Example: allow SSH from Trusted IPv6 addresses
|
||||||
/sbin/ip6tables -A INPUT -i $INT -p tcp --dport 22 -s 2a01:9500:37:129::/64 -j ACCEPT
|
/sbin/ip6tables -A INPUT -i $INT -p tcp --dport 22 -s 2a01:9500:37:129::/64 -j ACCEPT
|
||||||
|
|
||||||
# Example: allow input HTTP/HTTPS/SMTP/DNS traffic
|
# Example: allow outgoing SSH/HTTP/HTTPS/SMTP/DNS traffic
|
||||||
|
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 22 --match state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 80 --match state --state ESTABLISHED,RELATED -j ACCEPT
|
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 80 --match state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 443 --match state --state ESTABLISHED,RELATED -j ACCEPT
|
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 443 --match state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 25 --match state --state ESTABLISHED,RELATED -j ACCEPT
|
/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 25 --match state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
---
|
---
|
||||||
evolix_trusted_ips: []
|
nagios_nrpe_default_allowed_hosts: []
|
||||||
additional_trusted_ips: []
|
nagios_nrpe_additional_allowed_hosts: []
|
||||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
nagios_nrpe_allowed_hosts: "{{ nagios_nrpe_default_allowed_hosts | union(nagios_nrpe_additional_allowed_hosts) | unique }}"
|
||||||
nagios_nrpe_allowed_hosts: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
|
|
||||||
nagios_nrpe_ldap_dc: "dc=DOMAIN,dc=EXT"
|
nagios_nrpe_ldap_dc: "dc=DOMAIN,dc=EXT"
|
||||||
nagios_nrpe_ldap_passwd: LDAP_PASSWD
|
nagios_nrpe_ldap_passwd: LDAP_PASSWD
|
||||||
nagios_nrpe_pgsql_passwd: PGSQL_PASSWD
|
nagios_nrpe_pgsql_passwd: PGSQL_PASSWD
|
||||||
|
|
|
@ -24,6 +24,7 @@ command[check_mailq]=/usr/lib/nagios/plugins/check_mailq -M postfix -w 10 -c 20
|
||||||
# Specific services checks
|
# Specific services checks
|
||||||
command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p '{{ nagios_nrpe_pgsql_passwd }}'
|
command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p '{{ nagios_nrpe_pgsql_passwd }}'
|
||||||
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf
|
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf
|
||||||
|
command[check_mysql_slave]=/usr/lib/nagios/plugins/check_mysql --check-slave -H localhost -f ~nagios/.my.cnf -w 1800 -c 3600
|
||||||
command[check_ldap]=/usr/lib/nagios/plugins/check_ldap -3 -H localhost -D cn=nagios,ou=ldapusers,{{ nagios_nrpe_ldap_dc }} -P {{ nagios_nrpe_ldap_passwd }} -b {{ nagios_nrpe_ldap_dc }}
|
command[check_ldap]=/usr/lib/nagios/plugins/check_ldap -3 -H localhost -D cn=nagios,ou=ldapusers,{{ nagios_nrpe_ldap_dc }} -P {{ nagios_nrpe_ldap_passwd }} -b {{ nagios_nrpe_ldap_dc }}
|
||||||
command[check_ldaps]=/usr/lib/nagios/plugins/check_ldaps -3 -H localhost -b {{ nagios_nrpe_ldap_dc }}
|
command[check_ldaps]=/usr/lib/nagios/plugins/check_ldaps -3 -H localhost -b {{ nagios_nrpe_ldap_dc }}
|
||||||
command[check_imap]=/usr/lib/nagios/plugins/check_imap -H localhost
|
command[check_imap]=/usr/lib/nagios/plugins/check_imap -H localhost
|
||||||
|
|
|
@ -3,10 +3,10 @@
|
||||||
nginx_minimal: False
|
nginx_minimal: False
|
||||||
nginx_jessie_backports: False
|
nginx_jessie_backports: False
|
||||||
|
|
||||||
evolix_trusted_ips: []
|
nginx_default_ipaddr_whitelist_ips: []
|
||||||
additional_trusted_ips: []
|
nginx_additional_ipaddr_whitelist_ips: []
|
||||||
# Let's merge evolix_trusted_ips with additional_trusted_ips
|
nginx_ipaddr_whitelist_present: "{{ nginx_default_ipaddr_whitelist_ips | union(nginx_additional_ipaddr_whitelist_ips) | unique }}"
|
||||||
nginx_ipaddr_whitelist_present: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
|
|
||||||
nginx_ipaddr_whitelist_absent: []
|
nginx_ipaddr_whitelist_absent: []
|
||||||
|
|
||||||
nginx_private_htpasswd_present: []
|
nginx_private_htpasswd_present: []
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
- name: Node sources list ({{ nodejs_apt_version }}) is available
|
- name: Node sources list ({{ nodejs_apt_version }}) is available
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
|
repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
|
||||||
filename: nodesource.list
|
filename: nodesource
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -12,6 +12,7 @@ galaxy_info:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
|
- stretch
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
- php5-mysql
|
- php5-mysql
|
||||||
- php5-pgsql
|
- php5-pgsql
|
||||||
- php-gettext
|
- php-gettext
|
||||||
|
- php5-intl
|
||||||
- php5-curl
|
- php5-curl
|
||||||
- php5-ssh2
|
- php5-ssh2
|
||||||
- libphp-phpmailer
|
- libphp-phpmailer
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- php-cli
|
- php-cli
|
||||||
- php-gd
|
- php-gd
|
||||||
|
- php-intl
|
||||||
- php-imap
|
- php-imap
|
||||||
- php-ldap
|
- php-ldap
|
||||||
- php-mcrypt
|
- php-mcrypt
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
template:
|
template:
|
||||||
src: config.local.php.j2
|
src: config.local.php.j2
|
||||||
dest: "{{ evoadmin_document_root}}/conf/config.local.php"
|
dest: "{{ evoadmin_document_root}}/conf/config.local.php"
|
||||||
mode: "0644"
|
mode: "0640"
|
||||||
owner: evoadmin
|
owner: evoadmin
|
||||||
group: evoadmin
|
group: evoadmin
|
||||||
force: no
|
force: no
|
||||||
|
|
Loading…
Reference in a new issue