git pushMerge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
commit
fa9d5b8b81
|
@ -29,7 +29,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
* evocheck: install script according to Debian version
|
||||
* evolinux-base: utils.yml can be excluded
|
||||
* evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
|
||||
* evolinux-user: Add sudoers privilege for chck php\_fpm81
|
||||
* evolinux-user: Add sudoers privilege for check php\_fpm81
|
||||
* evomaintenance: allow missing API endpoint if APi is disabled
|
||||
* java: use default JRE package when version is not specified
|
||||
* listupgrade: better detection for PostgreSQL
|
||||
|
@ -44,8 +44,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
* squid: whitelist deb.freexian.com
|
||||
* varnish: better package facts usage with check mode and tags
|
||||
* varnish: systemd override depends on Varnish version instead of Debian version
|
||||
* keepalived: change exit code (warning if runnin but not on expected state ; critical if not running)
|
||||
* openvpn: shellpki upstream release 22.12
|
||||
* keepalived: change exit code (warning if running but not on expected state ; critical if not running)
|
||||
* openvpn: shellpki upstream release 22.12.2
|
||||
* openvpn: specifies that the mail for expirations is for OpenVPN
|
||||
|
||||
### Fixed
|
||||
|
@ -55,9 +55,12 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
* varnish: fix missing state, that blocked the task
|
||||
* proftpd: Fix format of public key files controlled by ansible
|
||||
* proftpd: Fix mode of public key directory and files (they have to be accessible by proftpd:nobody)
|
||||
* openvpn: Fix mode of shellpki script
|
||||
|
||||
### Removed
|
||||
|
||||
* openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
|
||||
|
||||
### Security
|
||||
|
||||
## [22.09] 2022-09-19
|
||||
|
|
|
@ -3,16 +3,13 @@
|
|||
service:
|
||||
name: apache2
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart munin-node
|
||||
service:
|
||||
name: munin-node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -22,7 +22,6 @@
|
|||
state: present
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
|
@ -45,7 +44,6 @@
|
|||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
|
@ -56,4 +54,3 @@
|
|||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
tags:
|
||||
- apache
|
||||
- ips
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
state: present
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Add log2mail config for Apache segfaults
|
||||
template:
|
||||
|
|
|
@ -53,7 +53,6 @@
|
|||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: basic modules are enabled
|
||||
apache2_module:
|
||||
|
@ -194,7 +193,6 @@
|
|||
replace: "{{ apache_logrotate_frequency }}"
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
|
||||
replace:
|
||||
|
@ -203,7 +201,6 @@
|
|||
replace: '\1 {{ apache_logrotate_rotate }}'
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: log2mail.yml
|
||||
when: apache_log2mail_include
|
||||
|
|
|
@ -23,7 +23,6 @@
|
|||
tags:
|
||||
- apache
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Install fcgi packages for Munin graphs"
|
||||
apt:
|
||||
|
@ -44,7 +43,6 @@
|
|||
tags:
|
||||
- apache
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Apache has access to /var/log/munin/"
|
||||
file:
|
||||
|
@ -53,4 +51,3 @@
|
|||
tags:
|
||||
- apache
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -26,12 +26,10 @@
|
|||
changed_when: False
|
||||
check_mode: no
|
||||
register: new_apache_serverstatus_suffix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: overwrite apache_serverstatus_suffix
|
||||
set_fact:
|
||||
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- debug:
|
||||
var: apache_serverstatus_suffix
|
||||
|
@ -42,14 +40,12 @@
|
|||
dest: /var/www/index.html
|
||||
regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
replace: "{{ apache_serverstatus_suffix }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: add server-status suffix in default site index if missing
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '"/server-status-?"'
|
||||
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: add server-status suffix in default VHost
|
||||
replace:
|
||||
|
@ -57,14 +53,12 @@
|
|||
regexp: '<Location /server-status-?>'
|
||||
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
|
||||
notify: reload apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Munin configuration has a section for apache
|
||||
lineinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
line: "[apache_*]"
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apache-status URL is configured for Munin
|
||||
lineinfile:
|
||||
|
@ -74,4 +68,3 @@
|
|||
insertafter: "[apache_*]"
|
||||
create: no
|
||||
notify: restart munin-node
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -8,7 +8,6 @@
|
|||
- etc-git
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: Install and configure utilities
|
||||
include: utils.yml
|
||||
|
@ -19,6 +18,4 @@
|
|||
include: repositories.yml
|
||||
tags:
|
||||
- etc-git
|
||||
when:
|
||||
- etc_git_config_repositories | bool
|
||||
- not ansible_check_mode
|
||||
when: etc_git_config_repositories | bool
|
|
@ -22,7 +22,6 @@
|
|||
value: "root@{{ ansible_fqdn | default('localhost') }}"
|
||||
tags:
|
||||
- etc-git
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ repository_path }}/.git is restricted to root"
|
||||
file:
|
||||
|
@ -50,7 +49,6 @@
|
|||
loop: "{{ gitignore_items | default([]) }}"
|
||||
tags:
|
||||
- etc-git
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "does {{ repository_path }}/ have any commit?"
|
||||
command: "git log"
|
||||
|
|
|
@ -1,17 +1,14 @@
|
|||
- name: newaliases
|
||||
command: newaliases
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Test Apache conf
|
||||
command: apache2ctl -t
|
||||
notify: "Reload Apache conf"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload apache2
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apt update
|
||||
apt:
|
||||
|
@ -21,10 +18,8 @@
|
|||
service:
|
||||
name: squid3
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload squid
|
||||
service:
|
||||
name: squid
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -10,8 +10,6 @@
|
|||
|
||||
- debug:
|
||||
var: evocheck_run.stdout_lines
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- evocheck_run.stdout | length > 0
|
||||
when: evocheck_run.stdout | length > 0
|
||||
tags:
|
||||
- evocheck-exec
|
||||
|
|
|
@ -38,7 +38,6 @@
|
|||
owner: root
|
||||
group: ssl-cert
|
||||
mode: "0640"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create certificate for default site
|
||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
||||
|
|
|
@ -43,9 +43,7 @@
|
|||
state: present
|
||||
tags:
|
||||
- packages
|
||||
when:
|
||||
- ansible_virtualization_role == "host"
|
||||
- not ansible_check_mode
|
||||
when: ansible_virtualization_role == "host"
|
||||
|
||||
## RAID
|
||||
# Dell and others: MegaRAID SAS
|
||||
|
@ -110,7 +108,6 @@
|
|||
name: ssacli
|
||||
tags:
|
||||
- packages
|
||||
when: not ansible_check_mode
|
||||
when:
|
||||
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
|
||||
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
|
||||
|
@ -137,7 +134,6 @@
|
|||
state: present
|
||||
tags:
|
||||
- packages
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: cciss-vol-statusd init script is present (HP gen <10)
|
||||
template:
|
||||
|
@ -250,7 +246,6 @@
|
|||
allow_unauthenticated: yes
|
||||
tags:
|
||||
- packages
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Configure packages for DELL/LSI hardware
|
||||
template:
|
||||
|
@ -268,7 +263,6 @@
|
|||
tags:
|
||||
- packages
|
||||
- config
|
||||
when: not ansible_check_mode
|
||||
when:
|
||||
- "'MegaRAID' in raidmodel.stdout"
|
||||
- evolinux_packages_hardware_raid | bool
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
daemon-reload: yes
|
||||
state: started
|
||||
enabled: yes
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: log2mail config is present
|
||||
blockinfile:
|
||||
|
@ -33,5 +32,4 @@
|
|||
notify: restart log2mail
|
||||
tags:
|
||||
- log2mail
|
||||
when: not ansible_check_mode
|
||||
|
||||
|
|
|
@ -89,9 +89,7 @@
|
|||
apt:
|
||||
name: serveur-base
|
||||
allow_unauthenticated: yes
|
||||
when:
|
||||
- evolinux_packages_serveur_base | bool
|
||||
- not ansible_check_mode
|
||||
when: evolinux_packages_serveur_base | bool
|
||||
|
||||
- name: Install/Update packages for Stretch and later
|
||||
apt:
|
||||
|
|
|
@ -20,7 +20,6 @@
|
|||
notify: reload postfix
|
||||
tags:
|
||||
- postfix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: configure postfix mynetworks
|
||||
lineinfile:
|
||||
|
@ -31,7 +30,6 @@
|
|||
notify: reload postfix
|
||||
tags:
|
||||
- postfix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: fetch users list
|
||||
shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
|
||||
|
@ -50,9 +48,7 @@
|
|||
line: "{{ item }}: root"
|
||||
loop: "{{ non_root_users_list.stdout_lines }}"
|
||||
notify: newaliases
|
||||
when:
|
||||
- evolinux_postfix_users_alias_root | bool
|
||||
- not ansible_check_mode
|
||||
when: evolinux_postfix_users_alias_root | bool
|
||||
tags:
|
||||
- postfix
|
||||
|
||||
|
@ -69,9 +65,7 @@
|
|||
- error
|
||||
- bounce
|
||||
notify: newaliases
|
||||
when:
|
||||
- evolinux_postfix_mailer_alias_root | bool
|
||||
- not ansible_check_mode
|
||||
when: evolinux_postfix_mailer_alias_root | bool
|
||||
tags:
|
||||
- postfix
|
||||
|
||||
|
@ -81,9 +75,7 @@
|
|||
regexp: "^root:"
|
||||
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
|
||||
notify: newaliases
|
||||
when:
|
||||
- evolinux_postfix_root_alias | bool
|
||||
- not ansible_check_mode
|
||||
when: evolinux_postfix_root_alias | bool
|
||||
tags:
|
||||
- postfix
|
||||
|
||||
|
|
|
@ -161,7 +161,6 @@
|
|||
insertafter: EOF
|
||||
line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
|
||||
when: grep_profile_evomaintenance.rc != 0
|
||||
when: not ansible_check_mode
|
||||
|
||||
# SSH keys
|
||||
|
||||
|
@ -193,6 +192,5 @@
|
|||
when:
|
||||
- user.ssh_keys is defined
|
||||
- user.ssh_keys | length > 0
|
||||
- not ansible_check_mode
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -3,16 +3,13 @@
|
|||
service:
|
||||
name: haproxy
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart haproxy
|
||||
service:
|
||||
name: haproxy
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart munin-node
|
||||
service:
|
||||
name: munin-node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -123,7 +123,6 @@
|
|||
tags:
|
||||
- haproxy
|
||||
- logrotate
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Rotate logs with nodelaycompress
|
||||
lineinfile:
|
||||
|
@ -134,7 +133,6 @@
|
|||
tags:
|
||||
- haproxy
|
||||
- logrotate
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Set net.ipv4.ip_nonlocal_bind
|
||||
sysctl:
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
template:
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||
lineinfile:
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||
lineinfile:
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
changed_when: false
|
||||
check_mode: no
|
||||
register: container_exists
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Create container {{ name }}"
|
||||
lxc_container:
|
||||
|
@ -14,7 +13,6 @@
|
|||
state: stopped
|
||||
template_options: "--arch amd64 --release {{ release }}"
|
||||
when: container_exists.stdout_lines | length == 0
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Disable network configuration inside container {{ name }}"
|
||||
replace:
|
||||
|
@ -22,14 +20,12 @@
|
|||
regexp: "^#CONFIGURE_INTERFACES=yes"
|
||||
replace: CONFIGURE_INTERFACES=no
|
||||
when: lxc_network_type == "none"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
|
||||
lineinfile:
|
||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
|
||||
line: "NETDOWN=no"
|
||||
when: lxc_network_type == "none" and release == "jessie"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
|
||||
file:
|
||||
|
@ -48,7 +44,6 @@
|
|||
lineinfile:
|
||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
|
||||
line: "127.0.0.1 {{ name }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Fix permission on /dev for container {{ name }}"
|
||||
lineinfile:
|
||||
|
@ -56,7 +51,6 @@
|
|||
line: "chmod 755 /dev"
|
||||
insertbefore: "^exit 0$"
|
||||
when: release == 'jessie'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Ensure that {{ name }} container is running"
|
||||
lxc_container:
|
||||
|
|
|
@ -48,7 +48,6 @@
|
|||
changed_when: false
|
||||
check_mode: no
|
||||
register: check_fs_options
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Check if options are correct
|
||||
assert:
|
||||
|
@ -57,7 +56,6 @@
|
|||
- "'noexec' not in check_fs_options.stdout"
|
||||
- "'nosuid' not in check_fs_options.stdout"
|
||||
msg: "LXC directory is in a filesystem with incompatible options"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create containers
|
||||
include: create-container.yml
|
||||
|
|
|
@ -30,7 +30,6 @@
|
|||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
|
||||
insertbefore: '^# Main interface'
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: End marker for IP addresses
|
||||
lineinfile:
|
||||
|
@ -38,7 +37,6 @@
|
|||
create: no
|
||||
line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
|
||||
insertafter: '^PRIVILEGIEDIPS='
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Verify that at least 1 trusted IP is provided
|
||||
assert:
|
||||
|
@ -86,7 +84,6 @@
|
|||
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
|
||||
create: no
|
||||
register: minifirewall_config_ips
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Begin marker for ports
|
||||
lineinfile:
|
||||
|
@ -94,7 +91,6 @@
|
|||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||
insertbefore: '^# Protected services'
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: End marker for ports
|
||||
lineinfile:
|
||||
|
@ -102,7 +98,6 @@
|
|||
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||
insertafter: '^SERVICESUDP3='
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Configure ports
|
||||
blockinfile:
|
||||
|
@ -127,7 +122,6 @@
|
|||
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
||||
create: no
|
||||
register: minifirewall_config_ports
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Configure DNSSERVEURS
|
||||
lineinfile:
|
||||
|
@ -199,9 +193,7 @@
|
|||
line: "PROXY='{{ minifirewall_proxy }}'"
|
||||
regexp: "PROXY=('|\").*('|\")"
|
||||
create: no
|
||||
when:
|
||||
- minifirewall_proxy is not none
|
||||
- not ansible_check_mode
|
||||
when: minifirewall_proxy is not none
|
||||
|
||||
- name: Configure PROXYPORT
|
||||
lineinfile:
|
||||
|
@ -209,9 +201,7 @@
|
|||
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
|
||||
regexp: "PROXYPORT=('|\").*('|\")"
|
||||
create: no
|
||||
when:
|
||||
- minifirewall_proxyport is not none
|
||||
- not ansible_check_mode
|
||||
when: minifirewall_proxyport is not none
|
||||
|
||||
# Warning: keep double quotes for the value,
|
||||
# since we often reference a shell variable that needs to be interpolated
|
||||
|
@ -221,9 +211,7 @@
|
|||
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
|
||||
regexp: "PROXYBYPASS=('|\").*('|\")"
|
||||
create: no
|
||||
when:
|
||||
- minifirewall_proxyport is not none
|
||||
- not ansible_check_mode
|
||||
when: minifirewall_proxybypass is not none
|
||||
|
||||
- name: Configure BACKUPSERVERS
|
||||
lineinfile:
|
||||
|
@ -231,9 +219,7 @@
|
|||
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
|
||||
regexp: "BACKUPSERVERS=('|\").*('|\")"
|
||||
create: no
|
||||
when:
|
||||
- minifirewall_backupservers is not none
|
||||
- not ansible_check_mode
|
||||
when: minifirewall_backupservers is not none
|
||||
|
||||
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
|
||||
lineinfile:
|
||||
|
|
|
@ -4,13 +4,11 @@
|
|||
service:
|
||||
name: munin-node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart munin_node
|
||||
service:
|
||||
name: munin_node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: systemd daemon-reload
|
||||
systemd:
|
||||
|
|
|
@ -33,7 +33,6 @@
|
|||
notify: restart munin-node
|
||||
|
||||
when: not ansible_hostname == "localdomain"
|
||||
when: not ansible_check_mode
|
||||
tags:
|
||||
- munin
|
||||
|
||||
|
@ -80,7 +79,6 @@
|
|||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Enable sensors_ plugin on dedicated hardware
|
||||
file:
|
||||
|
@ -94,7 +92,6 @@
|
|||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Enable ipmi_ plugin on dedicated hardware
|
||||
file:
|
||||
|
@ -108,7 +105,6 @@
|
|||
- temp
|
||||
- power
|
||||
- volts
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: adjustments for grsec kernel
|
||||
blockinfile:
|
||||
|
|
|
@ -43,4 +43,3 @@
|
|||
- mysql_custom_datadir | length > 0
|
||||
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||
- not mysql_custom_datadir_test.stat.exists
|
||||
- not ansible_check_mode
|
||||
|
|
|
@ -43,4 +43,3 @@
|
|||
- mysql_custom_logdir | length > 0
|
||||
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
||||
- not mysql_custom_logdir_test.stat.exists
|
||||
- not ansible_check_mode
|
||||
|
|
|
@ -42,7 +42,6 @@
|
|||
tags:
|
||||
- mysql
|
||||
- services
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apg package is installed
|
||||
apt:
|
||||
|
|
|
@ -28,7 +28,6 @@
|
|||
tags:
|
||||
- mysql
|
||||
- services
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apg package is installed
|
||||
apt:
|
||||
|
|
|
@ -156,7 +156,6 @@
|
|||
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
||||
state: link
|
||||
when: mysql_cron_optimize | bool
|
||||
when: not ansible_check_mode
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
|
|
|
@ -4,10 +4,8 @@
|
|||
service:
|
||||
name: nagios-nrpe-server
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart nrpe
|
||||
service:
|
||||
name: nrpe
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -21,4 +21,3 @@
|
|||
notify: restart ntp
|
||||
tags:
|
||||
- ntp
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# VERSION="22.04"
|
||||
# VERSION="22.12.2"
|
||||
|
||||
[ ca ]
|
||||
default_ca = CA_default
|
||||
|
@ -14,7 +14,7 @@ crl = $dir/crl.pem
|
|||
private_key = $dir/cakey.key
|
||||
RANDFILE = $dir/.rand
|
||||
default_days = 365
|
||||
default_crl_days= 365
|
||||
default_crl_days= 730
|
||||
default_md = sha256
|
||||
preserve = no
|
||||
policy = policy_match
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
set -u
|
||||
|
||||
VERSION="22.12"
|
||||
VERSION="22.12.2"
|
||||
|
||||
show_version() {
|
||||
cat <<END
|
||||
|
@ -224,7 +224,7 @@ replace_existing_or_abort() {
|
|||
init() {
|
||||
umask 0177
|
||||
|
||||
[ -d "${CA_DIR}" ] || mkdir -m 0750 "${CA_DIR}"
|
||||
[ -d "${CA_DIR}" ] || mkdir -m 0751 "${CA_DIR}"
|
||||
[ -d "${CRT_DIR}" ] || mkdir -m 0750 "${CRT_DIR}"
|
||||
[ -f "${INDEX_FILE}" ] || touch "${INDEX_FILE}"
|
||||
[ -f "${INDEX_FILE}.attr" ] || touch "${INDEX_FILE}.attr"
|
||||
|
@ -1103,9 +1103,11 @@ main() {
|
|||
|
||||
# fix right
|
||||
chown -R "${PKI_USER}":"${PKI_USER}" "${CA_DIR}"
|
||||
chmod 750 "${CA_DIR}" "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
|
||||
chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}" "${CRL}"
|
||||
chmod 750 "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
|
||||
chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}"
|
||||
chmod 640 "${CA_CERT}"
|
||||
chmod 604 "${CRL}"
|
||||
chmod 751 "${CA_DIR}"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
group: "{{ item.group }}"
|
||||
with_items:
|
||||
- { source: "openssl.cnf", destination: "/etc/shellpki/openssl.cnf", mode: "0640", owner: "shellpki", group: "shellpki" }
|
||||
- { source: "shellpki", destination: "/usr/local/sbin/shellpki", mode: "0755", owner: "root", group: "root" }
|
||||
- { source: "shellpki", destination: "/usr/local/sbin/shellpki", mode: "0750", owner: "root", group: "root" }
|
||||
|
||||
- name: Add sudo rights
|
||||
lineinfile:
|
||||
|
@ -77,16 +77,6 @@
|
|||
- include_role:
|
||||
name: evolix/remount-usr
|
||||
|
||||
- name: Fix CRL rights in shellpki command
|
||||
lineinfile:
|
||||
dest: "/usr/local/sbin/shellpki"
|
||||
regexp: '{{ item.regexp }}'
|
||||
insertafter: "{{ item.insertafter }}"
|
||||
line: "{{ item.line }}"
|
||||
with_items:
|
||||
- { regexp: '^ chmod 604 /etc/shellpki/crl.pem$', line: " chmod 604 /etc/shellpki/crl.pem", insertafter: '^ chmod 640 "\${CACERT}"$' }
|
||||
- { regexp: '^ chmod 751 /etc/shellpki/$', line: " chmod 751 /etc/shellpki/", insertafter: '^ chmod 604 /etc/shellpki/crl.pem$' }
|
||||
|
||||
- name: Deploy OpenVPN server config
|
||||
template:
|
||||
src: "server.conf.j2"
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
group: "{{ item.group }}"
|
||||
with_items:
|
||||
- { source: "openssl.cnf", destination: "/etc/shellpki/openssl.cnf", mode: "0640", owner: "_shellpki", group: "_shellpki" }
|
||||
- { source: "shellpki", destination: "/usr/local/sbin/shellpki", mode: "0755", owner: "root", group: "wheel" }
|
||||
- { source: "shellpki", destination: "/usr/local/sbin/shellpki", mode: "0750", owner: "root", group: "wheel" }
|
||||
|
||||
- name: Add sudo rights
|
||||
lineinfile:
|
||||
|
@ -60,16 +60,6 @@
|
|||
path: /etc/shellpki/dh2048.pem
|
||||
size: 2048
|
||||
|
||||
- name: Fix CRL rights in shellpki command
|
||||
lineinfile:
|
||||
dest: "/usr/local/sbin/shellpki"
|
||||
regexp: '{{ item.regexp }}'
|
||||
insertafter: "{{ item.insertafter }}"
|
||||
line: "{{ item.line }}"
|
||||
with_items:
|
||||
- { regexp: '^ chmod 604 /etc/shellpki/crl.pem$', line: " chmod 604 /etc/shellpki/crl.pem", insertafter: '^ chmod 640 "\${CACERT}"$' }
|
||||
- { regexp: '^ chmod 751 /etc/shellpki/$', line: " chmod 751 /etc/shellpki/", insertafter: '^ chmod 604 /etc/shellpki/crl.pem$' }
|
||||
|
||||
- name: Deploy OpenVPN server config
|
||||
template:
|
||||
src: "server.conf.j2"
|
||||
|
|
|
@ -14,9 +14,7 @@
|
|||
block: |
|
||||
# Used for Evoadmin-web
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
when:
|
||||
- envvar_grep_path.rc != 0
|
||||
- not ansible_check_mode
|
||||
when: envvar_grep_path.rc != 0
|
||||
|
||||
- name: Additional packages are installed
|
||||
apt:
|
||||
|
@ -36,7 +34,6 @@
|
|||
- negotiation
|
||||
- alias
|
||||
- log_forensic
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Copy Apache settings for modules
|
||||
copy:
|
||||
|
@ -63,4 +60,3 @@
|
|||
loop:
|
||||
- evolinux-evasive
|
||||
- evolinux-modsec
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -22,7 +22,6 @@
|
|||
AllowFullYearView=3
|
||||
ErrorMessages="An error occured. Contact your Administrator"
|
||||
mode: "0644"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create conf-available/awstats-icon.conf file
|
||||
copy:
|
||||
|
@ -40,7 +39,6 @@
|
|||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
notify: reload apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create awstats cron
|
||||
lineinfile:
|
||||
|
@ -48,7 +46,6 @@
|
|||
create: yes
|
||||
regexp: '-config=awstats'
|
||||
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Comment default awstat cron's tasks
|
||||
lineinfile:
|
||||
|
@ -57,4 +54,3 @@
|
|||
line: '#\1'
|
||||
backrefs: yes
|
||||
state: present
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -26,7 +26,6 @@
|
|||
dest: /var/www/index.html
|
||||
line: ' <li><a href="/info.php">Infos PHP</a></li>'
|
||||
regexp: "Infos PHP"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: install opcache.php
|
||||
copy:
|
||||
|
@ -39,7 +38,6 @@
|
|||
dest: /var/www/index.html
|
||||
line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
|
||||
regexp: "Infos OpCache PHP"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Add elements to user account template
|
||||
file:
|
||||
|
@ -66,7 +64,6 @@
|
|||
loop:
|
||||
- access.log
|
||||
- error.log
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Install userlogrotate (jessie)"
|
||||
copy:
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
state: present
|
||||
name: proxy_fcgi
|
||||
notify: restart apache2
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
|
|
|
@ -65,12 +65,10 @@
|
|||
changed_when: False
|
||||
check_mode: no
|
||||
register: new_packweb_phpmyadmin_suffix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: overwrite packweb_phpmyadmin_suffix
|
||||
set_fact:
|
||||
packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- debug:
|
||||
var: packweb_phpmyadmin_suffix
|
||||
|
@ -88,18 +86,15 @@
|
|||
Require all denied
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: enable phpmyadmin link in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
|
||||
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: replace phpmyadmin suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
replace: "{{ packweb_phpmyadmin_suffix }}"
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -4,28 +4,23 @@
|
|||
service:
|
||||
name: php5-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php7.0-fpm
|
||||
service:
|
||||
name: php7.0-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php7.3-fpm
|
||||
service:
|
||||
name: php7.3-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php7.4-fpm
|
||||
service:
|
||||
name: php7.4-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php8.1-fpm
|
||||
service:
|
||||
name: php8.1-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -25,7 +25,6 @@
|
|||
file:
|
||||
dest: "{{ php_cli_custom_ini_file }}"
|
||||
mode: "0644"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Set custom values for PHP to enable Symfony"
|
||||
ini_file:
|
||||
|
@ -37,4 +36,3 @@
|
|||
loop:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements | bool
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -79,14 +79,12 @@
|
|||
with_items:
|
||||
- /etc/php
|
||||
- /etc/php/{{ php_version }}
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: "Enforce permissions on PHP cli directory (Debian 12)"
|
||||
file:
|
||||
dest: /etc/php/{{ php_version }}/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable
|
||||
|
@ -96,7 +94,6 @@
|
|||
dest: /etc/php/{{ php_version }}/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable
|
||||
|
@ -106,7 +103,6 @@
|
|||
dest: /etc/php/{{ php_version }}/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable
|
||||
|
|
|
@ -68,14 +68,12 @@
|
|||
with_items:
|
||||
- /etc/php
|
||||
- /etc/php/7.4
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: "Enforce permissions on PHP cli directory (Debian 11)"
|
||||
file:
|
||||
dest: /etc/php/7.4/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable
|
||||
|
@ -85,7 +83,6 @@
|
|||
dest: /etc/php/7.4/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable
|
||||
|
@ -95,7 +92,6 @@
|
|||
dest: /etc/php/7.4/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable
|
||||
|
|
|
@ -68,14 +68,12 @@
|
|||
loop:
|
||||
- /etc/php
|
||||
- /etc/php/7.3
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: "Enforce permissions on PHP cli directory (Debian 10)"
|
||||
file:
|
||||
dest: /etc/php/7.3/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable | bool
|
||||
|
@ -85,7 +83,6 @@
|
|||
dest: /etc/php/7.3/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable | bool
|
||||
|
@ -95,7 +92,6 @@
|
|||
dest: /etc/php/7.3/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable | bool
|
||||
|
|
|
@ -56,7 +56,6 @@
|
|||
file:
|
||||
dest: /etc/php5
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
|
||||
|
@ -64,7 +63,6 @@
|
|||
file:
|
||||
dest: /etc/php5/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable | bool
|
||||
|
@ -74,7 +72,6 @@
|
|||
dest: /etc/php5/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable | bool
|
||||
|
@ -84,4 +81,3 @@
|
|||
dest: /etc/php5/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -68,7 +68,6 @@
|
|||
loop:
|
||||
- /etc/php
|
||||
- /etc/php/7.0
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
|
||||
|
@ -76,7 +75,6 @@
|
|||
file:
|
||||
dest: /etc/php/7.0/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable | bool
|
||||
|
@ -86,7 +84,6 @@
|
|||
dest: /etc/php/7.0/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable | bool
|
||||
|
@ -96,7 +93,6 @@
|
|||
dest: /etc/php/7.0/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable | bool
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
file:
|
||||
dest: /etc/php/7.4/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Symlink Evolix Apache config files from 7.4 to 7.0
|
||||
file:
|
||||
|
@ -32,7 +31,6 @@
|
|||
dest: /etc/php/7.4/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Symlink Evolix FPM config files from 7.4 to 7.0
|
||||
file:
|
||||
|
@ -52,4 +50,3 @@
|
|||
dest: /etc/php/7.4/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -3,4 +3,3 @@
|
|||
service:
|
||||
name: proftpd
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -70,7 +70,6 @@
|
|||
notify: restart proftpd
|
||||
tags:
|
||||
- proftpd
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Put empty vpasswd file if missing
|
||||
copy:
|
||||
|
@ -93,7 +92,6 @@
|
|||
notify: restart proftpd
|
||||
tags:
|
||||
- proftpd
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: accounts.yml
|
||||
when: proftpd_accounts | length > 0
|
||||
|
|
|
@ -3,38 +3,31 @@
|
|||
service:
|
||||
name: munin-node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart squid
|
||||
service:
|
||||
name: squid
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload squid
|
||||
service:
|
||||
name: squid
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart squid3
|
||||
service:
|
||||
name: squid3
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload squid3
|
||||
service:
|
||||
name: squid3
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart log2mail
|
||||
service:
|
||||
name: log2mail
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart minifirewall
|
||||
command: /etc/init.d/minifirewall restart
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -121,7 +121,6 @@
|
|||
when:
|
||||
- squid_localproxy_enable | bool
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: "evolinux custom overrides (Debian 9 or later)"
|
||||
copy:
|
||||
|
|
|
@ -10,4 +10,3 @@
|
|||
remote_src: False
|
||||
src: ftp/evolinux.conf.diff
|
||||
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -3,9 +3,7 @@
|
|||
- name: "Ensure that evoadmin_contact_email is defined"
|
||||
fail:
|
||||
msg: Please configure var evoadmin_contact_email
|
||||
when:
|
||||
- evoadmin_contact_email is none or evoadmin_contact_email | length == 0
|
||||
- not ansible_check_mode
|
||||
when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0
|
||||
|
||||
- include: packages.yml
|
||||
|
||||
|
@ -25,4 +23,3 @@
|
|||
marker: "<!-- {mark} evoadmin-web section -->"
|
||||
block: |
|
||||
<li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li>
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -17,7 +17,6 @@
|
|||
owner: root
|
||||
group: ssl-cert
|
||||
mode: "0640"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create certificate for default site
|
||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt
|
||||
|
|
|
@ -54,9 +54,7 @@
|
|||
dest: "{{ evoadmin_document_root }}"
|
||||
version: jessie
|
||||
update: False
|
||||
when:
|
||||
- ansible_distribution_release == "jessie"
|
||||
- not ansible_check_mode
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: "Clone evoadmin repository (Debian 9 or later)"
|
||||
git:
|
||||
|
@ -64,9 +62,7 @@
|
|||
dest: "{{ evoadmin_document_root }}"
|
||||
version: master
|
||||
update: False
|
||||
when:
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
- not ansible_check_mode
|
||||
when: ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- name: Change ownership on git repository
|
||||
file:
|
||||
|
|
Loading…
Reference in a new issue