evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity
3624 commits 76 branches 57 tags 129 MiB
Commit graph

197 commits

Author SHA1 Message Date
Gregory Colpart fb6cb79b41 Keep read right on group for software with non-root access like OpenLDAP 2018-01-28 17:13:23 +01:00
Jérémy Lecour 19b2da5b92 evoacme: exclude typical certbot directories 2018-01-22 18:27:37 +01:00
Jérémy Lecour 8f88a48e15 evoacme cron task : improve readability 
* use long form options
* break line before pipe
 2018-01-03 10:12:14 +01:00
Benoît S. edf7bceee6 Add -r to xargs arguments 
Why? Because if there is no certificates in /etc/letsencrypt it will call
evoacme with no args, resulting in an error.
 2018-01-03 10:00:22 +01:00
Jérémy Lecour 37f701eb54 evoacme: typos 2017-12-08 10:22:32 +01:00
Jérémy Lecour 5980593470 evoacme: move nginx acme challenge conf 2017-12-08 09:46:16 +01:00
Jérémy Lecour 2ac7b60a39 evoacme: better documentation 2017-11-25 14:17:36 +01:00
Jérémy Lecour 708428d088 evoacme: store Nginx letsencrypt config file in snippets 2017-11-25 14:17:36 +01:00
Jérémy Lecour 375c3e6760 evoacme: crontab management 
* simply rename certbot script to disable it
* use "evoacme" as file name for our custom cron script
 2017-11-25 14:17:36 +01:00
Jérémy Lecour 7fee69ca22 evoacme: remove $() 2017-11-21 16:17:21 +01:00
Bruno TATU ad9a15827f evoacme: invert conditions in sed_cert_path_XXX() 2017-11-21 14:45:50 +01:00
Bruno TATU 9519e226e9 evoacme: remove double caret in sed pattern 2017-11-21 14:44:36 +01:00
Ludovic Poujol 49d3118976 evoacme: Fix nginx on deb9 for LE challenge 2017-11-16 16:00:27 +01:00
Jérémy Lecour 5c6c92ab69 evoacme: install hooks in a loop 2017-11-15 11:40:42 +01:00
Victor LABORIE ce3b5b7cbd evoacme: use xargs instead of while 2017-11-14 17:19:15 +01:00
Victor LABORIE b801bdb576 evoacme: use -printf instead of -exec basename 2017-11-14 17:01:51 +01:00
Victor LABORIE 1c48df025c Move /usr rw remount into remount-usr role 2017-11-07 13:34:05 +01:00
Victor LABORIE 0ef627e4bd evoacme: add dovecot hook 2017-11-06 11:04:26 +01:00
Victor LABORIE b0df53a6ee evoacme: add postix hook 2017-11-06 11:04:13 +01:00
Jérémy Lecour 2aa26e2d68 copy vhosts-domains script 2017-10-24 17:39:49 +02:00
Jérémy Lecour 608b0a5bbc evoacme: fix hooks tasks 2017-10-24 17:39:32 +02:00
Jérémy Lecour 330d500de6 evoacme: fix hooks execution 
Disable regex for grep with "-F"
 2017-10-24 17:38:59 +02:00
Jérémy Lecour 56e5cfc06d evoacme: directories must be owned by "acme" 2017-10-24 17:38:05 +02:00
Jérémy Lecour 131eac4499 Fix: return if file is not readable 2017-10-24 17:37:46 +02:00
Jérémy Lecour 0e5396faa7 change from CRON to QUIET 2017-10-24 17:37:15 +02:00
Jérémy Lecour 8567160596 evoacme: don't execute hooks with dots in file name 2017-10-20 10:15:12 +02:00
Jérémy Lecour 0ed1ca1356 evoacme: install hooks 2017-10-20 10:14:46 +02:00
Jérémy Lecour 1b50dfb0b3 evoacme: inline hooks calls + export variables 2017-10-19 23:23:51 +02:00
Jérémy Lecour 3d3e45faef evoacme: use local variable 2017-10-19 23:18:11 +02:00
Jérémy Lecour 4d6853f844 evoacme: use hooks after certificate creation 2017-10-19 22:21:18 +02:00
Jérémy Lecour 1fa4ccc338 make-csr: create important directories 2017-10-19 11:08:35 +02:00
Jérémy Lecour d2f86f7950 evoacme: check for arguments first 2017-10-19 11:08:16 +02:00
Jérémy Lecour 37cd22a466 evoacme: remove useless variables 2017-10-19 11:08:01 +02:00
Jérémy Lecour 266ac7fc07 evoacme: create important directories 2017-10-19 11:07:45 +02:00
Jérémy Lecour e47371f347 Use bash, for proper readonly/local support 
"readonly" is a safety bonus, but "local" is really important
not to overwrite variables from functions.
 2017-10-19 11:05:54 +02:00
Jérémy Lecour 4d3ed7ed97 evoacme: remove a debug statement 2017-10-19 07:59:55 +02:00
Gregory Colpart 34365a145c Typo: rename script 2017-10-19 01:39:08 +02:00
Jérémy Lecour 95e16287c8 Extract hook scripts for Apache and Nginx 2017-10-18 22:48:22 +02:00
Jérémy Lecour d8960e2afa simplify CSR generation 2017-10-18 00:44:04 +02:00
Jérémy Lecour cd8ea40336 readability and whitespaces 2017-10-18 00:43:33 +02:00
Jérémy Lecour 232648a9b0 readlink -> realpath 
better portability on BSD systems
 2017-10-18 00:42:15 +02:00
Jérémy Lecour beff333a1a Evoacme: big refactoring 
* debug messages are sent to stdout
* domains discovery from vhosts is extracted to "vhost-domains"
* fixes suggested by shellcheck
* variables are "local" or "readonly" wherever possible
 2017-10-17 14:46:37 +02:00
Jérémy Lecour 1941f9a3f9 evoacme: improve webserver config logic 2017-10-13 17:14:03 +02:00
Jérémy Lecour 2066a79f2e evoacme: exit after certbot in dry-run mode 2017-10-13 17:13:14 +02:00
Jérémy Lecour 350abe5787 evoacme: invert test logic 2017-10-13 14:05:05 +02:00
Jérémy Lecour baa5eae784 evoacme: add many tests 2017-10-13 12:46:40 +02:00
Jérémy Lecour 1c5e5e965b evoacme: fix typo 2017-10-13 12:32:16 +02:00
Jérémy Lecour 06a3965fde whitespaces 2017-10-13 12:30:34 +02:00
Jérémy Lecour 31a19114e5 evoacme: readability of tests 
change from :
"what I don't want" && error
to :
"what I want" || error
 2017-10-13 12:30:24 +02:00
Jérémy Lecour 9bccbd9496 evoacme: check for readability, not just presence 2017-10-13 12:28:44 +02:00
Jérémy Lecour 3c283d2bb4 evoacme: execute evoacme in cron mode 2017-10-13 12:09:12 +02:00
Jérémy Lecour 0022071462 evoacme: add tests to fail with proper messages 2017-10-13 12:08:47 +02:00
Jérémy Lecour e11958d101 evoacme: fix web servers config check 2017-10-13 11:18:37 +02:00
Jérémy Lecour 6d6d0760cd evoacme: sed cert path after cert creation 2017-10-13 11:18:15 +02:00
Jérémy Lecour 88600039d3 evoacme: daily iterations are not enough 2017-10-13 11:17:32 +02:00
Jérémy Lecour 5e71da94d3 evoacme: fix typo 2017-10-13 11:16:46 +02:00
Jérémy Lecour bced7561c9 make-csr: extract a few functions 2017-10-13 11:16:21 +02:00
Jérémy Lecour fb0c22dfd1 evoacme: refactoring for make-csr 
inspired from recent refactoring or evoacme itself
 2017-10-13 00:47:02 +02:00
Jérémy Lecour 9fccd7e682 evoacme: improve variables 2017-10-12 18:22:43 +02:00
Jérémy Lecour 65ccc2c0b5 evoacme: use env variables for execution modes 2017-10-12 18:22:06 +02:00
Jérémy Lecour 30434a70d8 evoacme: csr verification is a different function call 2017-10-12 18:20:49 +02:00
Jérémy Lecour 118a9759af evoacme: change function name to be more specific 2017-10-12 18:19:53 +02:00
Jérémy Lecour 3c61484448 evoacme: don't allow uninitialized variables 2017-10-12 18:19:09 +02:00
Jérémy Lecour 0d0c21f908 Evoacme: refactoring 
* add a lot of variables, to reduce possible typos
* add a lot of debug statements
* add many comments and line breaks for readability
* extract functions for complex openssl commands
* explode the big certbot command into multiple lines
* allow certbot to make test certs (for API query limits)
* allow certbot to run in "dry run" mode
* regroup some lines together when they do related things
 2017-10-12 00:29:21 +02:00
Victor LABORIE 1c244f556b evoacme: better apache/nginx reload 2017-10-11 18:50:20 +02:00
Victor LABORIE 2dbdfb6600 evoacme: add error and debug function 2017-10-11 18:50:19 +02:00
Gregory Colpart 30c47fcd50 A lot of improvments: add comments, add tests/tests/tests, add --cron option, drop HAProxy support, modify Apache/Nginx conf only first time 2017-09-21 03:50:24 +02:00
Gregory Colpart 7ea5982611 empty commit, only :retab 2017-09-21 03:48:24 +02:00
Gregory Colpart 81698d03de by default copy use files/ directory 2017-09-21 03:48:17 +02:00
Gregory Colpart 26d823174f use {{ evoacme_crt_dir }} var everywhere 2017-09-21 03:48:11 +02:00
Gregory Colpart a006a604f2 Rename /etc/cron.d/certbot to .disabled as written in https://wiki.evolix.org/HowtoLetsEncrypt 2017-09-21 03:48:05 +02:00
Gregory Colpart cdf0861821 More clear without include for determining apache/nginx presence 2017-09-21 03:47:57 +02:00
Victor LABORIE d96e2ea5bf evoacme: renew certs 30 days before expiration by default 2017-09-18 15:02:20 +02:00
Victor LABORIE 8a139b07b2 evoacme: fix SRV_IP overriding in make-csr 2017-09-13 11:38:38 +02:00
Victor LABORIE f5fdd71681 evoacme: fix invalid domain printing in make-csr 2017-09-12 15:49:35 +02:00
Victor LABORIE 069e675c6b evoacme: add basic check to evoacme.sh 2017-09-11 17:05:46 +02:00
Victor LABORIE ab177c2dad evoacme: add pem extension to dhparam file 2017-09-11 17:05:46 +02:00
Victor LABORIE 6c399ca60e evoacme: fix live link path 2017-09-11 17:05:46 +02:00
Victor LABORIE 1fbcb61559 evoacme: fix typo 2017-09-11 17:05:45 +02:00
Victor LABORIE ff392d8e26 evoacme: fix symlink generation 2017-09-11 17:05:45 +02:00
Victor LABORIE 0726d29796 evoacme: purge same day cert before recreating it 2017-09-11 17:05:45 +02:00
Victor LABORIE 740b60d838 evoacme: make-csr stdout is more verbose 2017-09-11 17:05:45 +02:00
Victor LABORIE e16eafc1a0 evoacme: complete refactoring of make-csr.sh 2017-09-11 17:05:45 +02:00
Victor LABORIE 05afeea894 evoacme: remove obsolete sudoers file 2017-09-11 17:05:44 +02:00
Victor LABORIE 8d7cbab3a9 evoacme: refactoring of certbot.cron 2017-09-11 17:05:44 +02:00
Victor LABORIE 9deb594834 evoacme: move scripts in /usr/local/sbin 2017-09-11 17:05:44 +02:00
Victor LABORIE e210de5f53 evoacme: complete refactoring of evoacme.sh 2017-09-11 17:05:44 +02:00
Gregory Colpart 207a2f6011 Improve distribution verification 2017-08-23 01:49:27 +02:00
Gregory Colpart 41329af173 Remove dynamic add of whitelist Squid proxy 2017-08-23 01:26:57 +02:00
Gregory Colpart 2bb7367edf standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible 2017-08-18 03:50:30 +02:00
Jérémy Lecour 62fbbd2016 Rename role "apt-repositories" to "apt" 2017-07-19 08:56:46 +02:00
Jérémy Lecour 3a8093fb12 Apache: use "Require" 
http://httpd.apache.org/docs/2.4/howto/auth.html
 2017-07-18 20:13:58 +02:00
Jérémy Lecour bc99227259 Better squid/squid3 whitelist and reload 2017-07-12 12:17:33 +02:00
Victor LABORIE 08b4b2fa4a evoacme: change location priority for nginx 2017-07-03 17:37:05 +02:00
Victor LABORIE f14ee0424e evoacme: fix certbot verbosity 2017-06-12 14:09:29 +02:00
Victor LABORIE 267f1ffc88 evoacme: refactoring 2017-06-12 13:14:30 +02:00
Daniel Jakots 2eb194577f use the correct var 2017-06-06 16:36:09 -04:00
Gabriel Periard-Tremblay 87ebadcadd Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
Victor LABORIE 41f93bcd5d evoacme: fix sed for nginx self-signed cert 2017-05-30 15:13:00 +02:00
Jérémy Lecour 404f4445d4 install backports with "tasks_from" 
When including a specific tasks file, we bypass the "main" tasks of the role and the conditionals.
That way we don't play useless tasks and don't rely on default values.
 2017-05-23 15:13:11 +02:00