evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
3582 commits 76 branches 56 tags 128 MiB
Commit graph

420 commits

Author SHA1 Message Date
Ludovic Poujol dc1c78e08a evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
All checks were successful
continuous-integration/drone/push Build is passing
Details 
I've noticed that some log files, especially /var/log/syslog were empty.
After investigating, I've realized that it was happening after a log
rotation by logrotate.

The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on
Debian 10. It will fail with a not so explicit message :

[FAIL] Closing open files: rsyslogd failed!

Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't
created any more, so start-stop-daemon as used by /etc/init.d/rsyslog
will fail. Explaining the error message.

Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is
used by logrotate. It will send the signal HUP the 'right' way, so
rsyslog will be aware of the log rotation.

Sadly, this script isn't present in Debian 9 nor 8, so the logrotate
configuration for rsyslog is now a template, using the right command for
the right version.
 2019-11-22 16:48:19 +01:00
Eric Morino c15f8963e4 Add compatibility for debian 9 and debian 10 in HW tool and megacli package
All checks were successful
continuous-integration/drone/push Build is passing
Details
2019-11-14 14:29:04 +01:00
Ludovic Poujol 174bfa5ba0 Fix a syntax error in a task name (a missplaced double quote)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2019-11-12 17:59:36 +01:00
Jérémy Lecour f2dacac139 evolinux-base: add /usr/share/scripts in root's PATH (Debian 10+) 2019-10-30 14:32:32 +01:00
Jérémy Lecour 8679da4cb6 evolinux-base: install /sbin/deny 2019-10-30 14:32:32 +01:00
Jérémy Lecour 78ea4a61e1 typo 2019-10-30 14:32:32 +01:00
Jérémy Lecour 24edbd680a Add crontabs only when cron package is installed (many roles)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2019-10-21 15:26:03 +02:00
Jérémy Lecour bea11352be Merge branch 'buster' into unstable 2019-09-23 18:34:35 +02:00
Jérémy Lecour b31159c9d2 evolinux-base: use "evolinux_internal_group" for SSH authentication 2019-09-22 22:26:21 +02:00
Jérémy Lecour 8f868b8612 evolinux-base: default value for "evolinux_ssh_group" 2019-09-22 22:25:30 +02:00
Ludovic Poujol f630d93587 evolinux-base: On debian 10 and later, add noexec on /dev/shm
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
2019-07-23 18:18:29 +02:00
Benoît S. d5751150af evolinux-base: spectre-meltdown-checker need binutils
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
continuous-integration/drone/pr Build is passing
Details
2019-07-03 09:56:17 +02:00
Benoît S. 771c75c1de all-roles: Dot not use ansible_lsb as it is deprecated
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
continuous-integration/drone/pr Build is passing
Details 
We move from `ansible_lsb.codename` to `ansible_distribution_release`.
 2019-07-03 09:41:35 +02:00
Jérémy Lecour fecdbb0406 evolinux-base: use the variable for the "ssh" group name
Some checks reported errors
continuous-integration/drone/pr Build encountered an error
Details
continuous-integration/drone/push Build is passing
Details
2019-06-24 17:08:01 +02:00
Jérémy Lecour a8ef97fcde Revert "evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)" 
This reverts commit 65414d8ae7.
 2019-06-20 17:29:48 +02:00
Jérémy Lecour b362f422df evolinux-base: packages for Buster and later
All checks were successful
continuous-integration/drone/push Build is passing
Details
2019-06-19 15:08:54 +02:00
Jérémy Lecour bee57a0b3c change distribution release codename
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
continuous-integration/drone/pr Build is failing
Details 
Ansible 2.2 is too old to know about buster.
Let's use LSB for that.
 2019-06-18 17:35:28 +02:00
Jérémy Lecour 65414d8ae7 evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2019-06-17 14:22:00 +02:00
Ludovic Poujol 75a8c90258 evolinux-base: Ensure rename is present 2019-06-17 09:58:10 +02:00
Ludovic Poujol 334b8a3f0d evolinux-base: Validate sshd config with "sshd -t" 
See #52 - It seems the behaviour changed with the recent releases, -T 
that does an extended test now fails on "Match" blocks when no context 
is given through -C
 2019-06-17 09:47:22 +02:00
Jérémy Lecour aa28e9c1b8 change repositories URL 2019-03-21 15:31:58 +01:00
Jérémy Lecour 3e37800994 evolinux-base: remove apt-listchanges on Stretch and later 2019-03-05 11:10:12 +01:00
Jérémy Lecour a94c94018c normalize some arguments positions 2019-01-01 20:02:50 +01:00
Benoît S. 776839fe61 Typo: rcpbind and not rcpbin 2018-12-19 15:58:47 +01:00
Victor LABORIE 74f25e8183 evolinux-base: deploy custom motd if template are present 2018-11-30 15:14:39 +01:00
Patrick Marchand 9198c1e2c0 ansible-lint does not like trailing whitespace 2018-11-13 16:56:31 -05:00
Victor LABORIE 83e9f12669 evolinux-base: install man package 2018-10-23 11:38:52 +02:00
Jérémy Lecour 81e9b3d33c don't reload history on each prompt 2018-09-13 16:54:07 +02:00
Jérémy Lecour 2a89b8ff22 evolinux-base: better shell history 
* remove duplicates from history
* reload/save history at prompt time
 2018-09-11 14:13:29 +02:00
Jérémy Lecour fe064c16d1 update CHANGELOG for evolinux-todo 2018-08-24 14:43:14 +02:00
Jérémy Lecour b6fa349394 evolinux-base: compact multiple systctl tasks into one 2018-08-21 13:34:03 +02:00
Gregory Colpart 51f41ff14a Workaround by Evolix security team for old kernels and vulnerabiliy CVE-2018-5391 (FragmentSmack) 2018-08-17 21:28:14 +02:00
Jérémy Lecour 4461281945 evolinux-base: add internal FQDN/hostname in /etc/hosts if needed 2018-08-17 10:07:36 +02:00
Jérémy Lecour bc8858fc0a evolinux-base: improve hostname configuration 
We can have a "real" hostname and domain, but also an "internal" hostnae 
and domain, used mostly for internal tools.
 2018-08-16 16:17:34 +02:00
Tristan PILAT 99747e72b5 500px is too narrow, let's switch to 768px 2018-07-24 12:17:07 +02:00
Victor LABORIE f56f8f7615 evolinux-base: add mail related aliases 2018-06-25 11:20:37 +02:00
Jérémy Lecour ec535b036c apt module: Use "state: present" instead of "state: installed" 
"state: installed" is deprecated in Ansible 2.5
 2018-05-18 09:33:25 +02:00
Gregory Colpart 20f6371980 typo 2018-05-01 19:38:55 +02:00
Jérémy Lecour 8384e8ba43 evolinux: groups for SSH configuration are used with Debian 10 and later 2018-04-20 14:38:55 +02:00
Jérémy Lecour e79640d770 evolinux: Name and improve compatibility checks 2018-04-20 14:38:55 +02:00
Jérémy Lecour b01d9178d0 evolinux-users: split AllowGroups/AllowUsers modes 
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.

In other situations, we use the AllowUsers directive.
 2018-04-18 12:16:04 +02:00
Jérémy Lecour b866b6fa0a evolinux-base: fail2ban is not enabled by default 2018-04-18 12:15:43 +02:00
Jérémy Lecour 8abed3e258 Use "command" instead of "shell" where possible 2018-04-04 23:36:00 +02:00
Jérémy Lecour ad3383a510 Install ncurses-term for additional terminal types 
When connecting to a server from urxvt, the session behaves like one
with xterm.
 2018-03-29 16:42:33 +02:00
Ludovic Poujol 3c2443181b evolinux-base: Exec the firewall tasks sooner to avoid dependency issues 2018-03-15 12:04:35 +01:00
Jérémy Lecour b634840b42 apache/nginx: server status suffix 2018-01-03 10:05:20 +01:00
Jérémy Lecour 08d544668b evolinux-base: create /etc/evolinux 2018-01-03 10:05:20 +01:00
Victor LABORIE f09d93aadb evolinux-base: purge locate/mlocate by default 2018-01-02 15:11:27 +01:00
Jérémy Lecour aeba94bcba default/additional variables 
List of hosts/ip are a combination of 2 lists allowing overrides
 2017-12-20 18:04:54 +01:00
Ludovic Poujol a2acd250a6 evolinux-base: have default_www files chmoded as 644 2017-12-13 15:44:16 +01:00
Jérémy Lecour 1faf0faa6b Remove openntpd before installing serveur-base 2017-12-06 00:09:08 +01:00
Jérémy Lecour 5e1268ad65 Install traceroute 2017-12-05 14:42:07 +01:00
Jérémy Lecour b3f4e4683e hostname customization needs the dbus package 2017-11-22 14:08:54 +01:00
Jérémy Lecour b15b06d458 add name for some fail modules 2017-11-21 10:17:46 +01:00
Jérémy Lecour 8ef9554746 Combine evolix and additional trusted IP addresses 2017-11-15 23:57:58 +01:00
Jérémy Lecour 46d70b3cd5 evolnux-base: cache pgp key locally 2017-11-15 11:40:42 +01:00
Victor LABORIE 1c48df025c Move /usr rw remount into remount-usr role 2017-11-07 13:34:05 +01:00
Ludovic Poujol 3532cb3f2d evolinux-base: harware tasks. Add http://hwraid.le-vert.net/debian repo 
on stretch for megacli packages
 2017-10-26 15:07:28 +02:00
Jérémy Lecour b4e4b14fc6 Invert SSH Match User directives 2017-10-17 10:28:48 +02:00
Jérémy Lecour c77bc14e95 Evolinux: don't remove root from AllowUsers list 2017-10-11 17:58:59 +02:00
Ludovic Poujol 745c45f88d Fix remount_usr_rw/yml 2017-10-11 17:58:18 +02:00
Jérémy Lecour 4bc7635502 Include generate-ldif in evolinux-base 2017-10-11 13:10:15 +02:00
Jérémy Lecour 20e8a852fa Handle "PermitRootLogin prohibit-password" 2017-10-10 23:50:14 +02:00
Jérémy Lecour 707aabb404 evolinux-base : remove root from AllowUsers directive 
when disabling root login, also remove it from AllowUsers if present
 2017-10-10 22:00:28 +02:00
Jérémy Lecour 79e57b7787 evolinux-base: don't disable root ssh by default 2017-10-10 21:58:03 +02:00
Jérémy Lecour bf2cd96793 evolinux-users must not be included as is 
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
 2017-10-10 20:52:49 +02:00
Jérémy Lecour e09a6ace31 evolinux-base: use apt role for all APT configuration 2017-10-10 16:35:23 +02:00
Jérémy Lecour 9fe76d40da Let's keep the currently deployed line 2017-10-09 15:57:38 +02:00
Jérémy Lecour 13e1c0486b "egrep" is deprecated, use "grep -E" 2017-10-08 22:47:03 +02:00
Jérémy Lecour a07d1d873a evolinux-base: bad group for password restrictions 2017-10-08 12:49:55 +02:00
Jérémy Lecour 6984c121c2 evolinux-base/ssh: syntax clarity 
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
 2017-10-08 12:48:56 +02:00
Jérémy Lecour 2480088f8b Change DIR_MODE only if adduser.conf is pristine 2017-10-07 22:59:06 +02:00
Jérémy Lecour 518353268a evolinux-base: logname command doesn't change 2017-10-07 22:56:37 +02:00
Jérémy Lecour 094ad8c28d evolinux-base: improve AllowUsers for current user 2017-10-07 22:17:38 +02:00
Jérémy Lecour c4e61a18d4 evolinux-base includes a few external roles 
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
 2017-10-07 18:13:52 +02:00
Jérémy Lecour adade8ae3c formatting 2017-10-07 17:54:25 +02:00
Jérémy Lecour 03bc456dfa evolinux-base: allow ssh for current user 
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default
 2017-10-07 13:12:03 +02:00
Jérémy Lecour 382d545d0d evolinux-base: fix netextreme device detection 2017-10-07 13:12:03 +02:00
Jérémy Lecour 7f4eb747de change alert5 only for buster 2017-10-06 15:27:22 +02:00
Jérémy Lecour ed17676432 A real systemd unit for alert5 2017-10-06 15:27:22 +02:00
Jérémy Lecour ef93d56799 evolinux-base: better task name for postfix 2017-10-06 01:06:59 +02:00
Jérémy Lecour 7b88393ccf Refactoring of admin-users + evolinux-base roles 
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
  to ensure ssh connections are possible for other users before
  cutting root's access
* evomaintenance is also included in evolinux-base to have it available
  when users are created
 2017-10-06 01:06:59 +02:00
Jérémy Lecour be32fd9a23 Remove useless comments 2017-10-05 00:29:14 +02:00
Jérémy Lecour 622698fb99 Don't disable root access by default 
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
 2017-10-05 00:29:14 +02:00
Jérémy Lecour ee80235e14 evolinux-base: etc-git is included after apt customization 
APT sources must be customized before installing any package
 2017-10-04 23:32:27 +02:00
Jérémy Lecour f050608596 evolinux-base/meta: compatible with stretch 2017-10-04 23:31:29 +02:00
Jérémy Lecour 5ffc94281f evolinux-base: parse fstab with better regex 
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
 2017-10-04 14:31:01 +02:00
Benoît S. c1b719f16a Merge branch 'unstable' into 'bash-completion' 
# Conflicts:
#   evolinux-base/tasks/packages.yml
 2017-09-20 15:56:45 +02:00
Jérémy Lecour 3a9b95cedc evolinux-base: fallback with warning for ssh without addresses 2017-09-14 14:26:00 +02:00
Gregory Colpart 06184a44bf remove *ssl_subject vars to avoid errors 2017-09-08 01:26:53 +02:00
Gregory Colpart d4e800a263 enable evoadmin-web link in default site index 2017-09-08 01:26:53 +02:00
Gregory Colpart a074f6488a we use now evolinux-sudo group to set sudo rights 2017-09-08 01:26:53 +02:00
Gregory Colpart 87ef758891 we need force=no for files who will be lineinfile/blockinfile 2017-09-07 02:32:08 +02:00
Gregory Colpart 26b76aed17 review default vhost 2017-09-07 02:31:48 +02:00
Gregory Colpart be4e811c47 phpMyAdmin configuration 2017-09-07 02:26:35 +02:00
Gregory Colpart 4eb891b8b7 use role ntpd in evolinux-base 2017-08-31 03:31:00 +02:00
Gregory Colpart b801c883ac minor fix: true -> True 2017-08-31 03:23:07 +02:00
Gregory Colpart ca4b0d5b1d log2mail need to be started and not restarted each time 2017-08-30 04:07:26 +02:00
Gregory Colpart 859822709d Revert "Fix: openssl req -subj arg need to be "/CN="" because bad var during test 
This reverts commit 8cfa0a6ef2.
 2017-08-30 04:07:26 +02:00
Gregory Colpart 8cfa0a6ef2 Fix: openssl req -subj arg need to be "/CN=" 2017-08-29 02:32:20 +02:00
Gregory Colpart 207a2f6011 Improve distribution verification 2017-08-23 01:49:27 +02:00
Gregory Colpart 5226082db0 evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all 
(will be probably generalized to others modules if needed)
 2017-08-22 01:37:04 +02:00
Benoît S. a95d7893c5 Add a comment about AcceptEnv 2017-08-18 14:37:34 +02:00
Gregory Colpart d82b12b614 fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall) 2017-08-18 04:13:56 +02:00
Gregory Colpart 2bb7367edf standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible 2017-08-18 03:50:30 +02:00
Jérémy Lecour 4b8456c5b7 Fix ssh security policy 2017-08-05 12:13:42 -04:00
Jérémy Lecour db2b418be4 evolinux-base: fix typo in README 2017-08-05 12:13:42 -04:00
Gregory Colpart e212f3043f Set right URL for our custom role 2017-07-23 00:55:23 +02:00
Gregory Colpart bbb0e579a6 Fix #2154 : we don't need lsb-invalid-mta and package is not anymore in stretch 2017-07-22 08:19:14 +02:00
Victor LABORIE 64a134355b evolinux-base: override logmail service 2017-07-19 16:03:36 +02:00
Jérémy Lecour adc3bd7a93 Fix ssh LogLevel 
* the directive can be present but commented
* the version comparison was wrong
 2017-07-19 13:49:08 +02:00
Jérémy Lecour 62fbbd2016 Rename role "apt-repositories" to "apt" 2017-07-19 08:56:46 +02:00
Jérémy Lecour 3e3e1c368e Lighter /root/.vimrc 2017-07-18 20:03:57 +02:00
Jérémy Lecour 388a2c058e Over-simplified /root/.gitconfig 2017-07-18 20:00:20 +02:00
Jérémy Lecour 0c2170cf5c Remove some backups, again 2017-07-18 19:38:03 +02:00
Benoît S. fa3047bdc4 Fix #2198. Purge openntpd 2017-07-17 16:18:10 +02:00
Jérémy Lecour be68f9ac0a remove a few useless "backup: yes" 2017-07-17 14:46:01 +02:00
Gregory Colpart a189b7935b NTPD : Listen only on lo interface by default 2017-07-17 14:21:46 +02:00
Gregory Colpart f78e93e0ff we want always packages ssl-cert et ca-certificates (probably will go to serveur-base package, we will see) 2017-07-13 02:41:12 +02:00
Gregory Colpart ea4ec27f08 Oops, last commit was broken. I think "when: TAG" need always to be boolean, then I patch for that. 2017-07-13 02:20:28 +02:00
Gregory Colpart fcfea428b7 pet commit: remove not ecessary params 2017-07-13 01:18:25 +02:00
Jérémy Lecour e23edbd5f4 this have nothing to do in the previous commit 2017-07-12 10:24:09 +02:00
Jérémy Lecour ce37282feb Effectively change the timezone 2017-07-12 10:23:21 +02:00
Jérémy Lecour a318e6065c Disable new vim defaults 2017-07-12 10:15:47 +02:00
Jérémy Lecour 6514f64a1f Better english 2017-07-12 09:34:46 +02:00
Jérémy Lecour 1cdbcaa5fb Install packages for Stretch and later 2017-07-11 18:43:22 +02:00
Gregory Colpart 12b5d9a97a Fix #2207 : set -L 15 for Cron 2017-07-11 00:42:38 +02:00
Gregory Colpart eab03993d0 improvment, don't touch to /etc/profile and instead use /etc/profile.d/evolinux.sh 2017-07-11 00:29:06 +02:00
Gregory Colpart 05b7588953 no more apt-listchanges in Stretch 2017-07-10 22:17:58 +02:00
Gregory Colpart 0d79db4ed5 Improve dpkg pre / post - invoke 2017-07-10 21:52:57 +02:00
Gregory Colpart 8505ef5b5e exit 0 -> true 2017-07-09 19:59:12 +02:00
Gregory Colpart 0d0937aa4e Use "false" instead of "0" to be more explicit 2017-07-09 19:59:12 +02:00
Jérémy Lecour 0fdc1565a8 Default site CSS slightly beautified 2017-07-06 17:14:29 +02:00
Jérémy Lecour 553025d199 enable server-status in default site 2017-07-06 17:14:29 +02:00
Jérémy Lecour 0e0bc1cbbd Split default vhost into nginx ad apache roles 2017-07-06 17:14:28 +02:00
Jérémy Lecour de37aac243 Don't overwrite default apache vhost 2017-07-06 17:14:27 +02:00
Benoît S. effbfc3189 Be sure to have the bash-completion package 
It is very handy to have this package to have completion of commands like
systemctl.
 2017-07-06 11:58:48 +02:00
Jérémy Lecour bae8961e99 packweb/evoadmin: cleanup 
* extracted tasks
* more variables
* more templates
* less bugs
 2017-07-03 18:23:39 +02:00
Jérémy Lecour 664a926caa evolinux: fix rotate value customization 
with "[0-9]*" too much lines would be changed
 2017-07-03 17:57:00 +02:00
Jérémy Lecour d3af1320c9 SSH: log level to verbose for Stretch and later 2017-06-14 15:53:15 +02:00
Jérémy Lecour 13fccb1f3f Fix Ansible syntax for include_role 2017-06-13 11:45:34 +02:00
Jérémy Lecour 25e017fa28 Add contrib/non-free components for APT sources if needed 2017-06-13 11:21:27 +02:00
Jérémy Lecour 65f91f09b0 Disable warnings for mount commands related to /usr read-only 2017-06-12 15:11:40 +02:00
Jérémy Lecour 4d9961b0f9 evolinux-base: configure apt-repositories role 2017-06-07 09:59:55 +02:00
Victor LABORIE a1c69bdf84 apt-repositories/evolinux-base: fix default sources.list configuration 2017-06-05 11:43:25 +02:00
Jérémy Lecour c66438a2a3 evolinux-base: remount /usr when needed 2017-05-23 14:55:31 +02:00
Jérémy Lecour 6e104d8689 evolinux-base: include_role apt-repositories 2017-05-23 14:55:15 +02:00
Jérémy Lecour 17be773822 Extract Evolix public APT sources 2017-05-21 11:00:46 +02:00
Jérémy Lecour 89d8ac32c4 Non octal notation 
When permissions octal notation doesn't begin with 0, prefer the text
notation.
 2017-05-19 22:46:34 +02:00
Jérémy Lecour e2452cdf6c Don't warn for some known commands 2017-05-19 22:30:51 +02:00
Jérémy Lecour 9fae99f8dc Minor syntax and whitespaces fixes 2017-05-19 22:29:53 +02:00
Jérémy Lecour 23f0b97897 evolinux-base: add logrotate package 
It should be installed by default, but make sure that it is really
present.
 2017-05-18 13:57:30 +02:00
Jérémy Lecour 82c4c9d745 Use apt module with 2.2 option "allow_unauthenticated" 2017-05-16 15:36:46 +02:00
Victor LABORIE 8227e7a617 evolinux-base: add curl and telnet to diagnostic tool 2017-05-02 17:12:08 +02:00
Jérémy Lecour c0d43f72ef evolinx-base: no comma for postfix config 2017-05-02 13:56:20 +02:00
Victor LABORIE 9dfe6fd175 evolinux-base: use fqdn in default postfix config and add handler 2017-04-27 10:51:21 +02:00
Victor LABORIE 0ad39a1be7 evolinux-base: update hostname in default postfix config 2017-04-25 15:50:22 +02:00
Jérémy Lecour 3f09d938eb disable some parts of evolinux-base in tests 2017-04-24 09:46:43 +02:00
Jérémy Lecour 53a1134b6f detect presence of hotplug network interface 2017-04-24 09:46:42 +02:00
Jérémy Lecour eec84fca8a detect absence of acl in filesystem 2017-04-24 09:46:42 +02:00
Jérémy Lecour 2427fcc7f3 Respect hostname variable value 2017-04-24 09:46:42 +02:00
Jérémy Lecour 72d0f6ddc4 No change recorded when updating apt cache 2017-04-24 09:46:42 +02:00
Jérémy Lecour d23d2f6080 evolinux-base: improve the kitchen recipe 
but it's still disabled for the omment
 2017-04-20 15:51:48 +02:00
Jérémy Lecour 47f8f5d75f evolinux-base can't be tested within Docker yet 
because of sshd not being a proper service in the Docker container
 2017-04-20 13:57:11 +02:00
Jérémy Lecour 4c1c0c6c23 [WIP] tests for evolinux-base 2017-04-20 13:48:23 +02:00
Jérémy Lecour fad4b78775 evolinux-base: better regexp for fstab customization 
- we must exclude lines containing a # before the partition name
- it's better to use "not space" (\S) instead of "word character" (\w)
  between the partition name and the fs type
 2017-04-19 10:59:25 +02:00
Jérémy Lecour c30e6b189c evolinux-base: fstab is more customizable 2017-04-05 17:50:50 +02:00
Jérémy Lecour 8ba9c0081a evolinux: finer grained kernel configuration 2017-03-30 15:33:23 +02:00
Jérémy Lecour 4eab8c319a evolinux: custom email for logcheck 2017-03-30 15:32:59 +02:00
Jérémy Lecour 5b2ab0d8d3 Ansible >= 2.2 supported 2017-03-24 14:15:09 +01:00
Jérémy Lecour 294cea44e8 Change mode with leading 0, but still as String 2017-03-23 16:59:43 +01:00
Jérémy Lecour c666099ef8 Evolinux-base: dynamic release name 2017-03-16 16:50:21 +01:00
Benoît S. f3d1f5b04c Fix #2159. Wrong path for cciss-vol-statusd. 2017-03-10 11:24:19 +01:00
Tristan PILAT 78a2fd9830 Fix error in handler 2017-03-08 16:33:23 +01:00
Jérémy Lecour 6ed870e94e Can't dynamically choose module based on version 
If the condition is in a when attribute, the module is still
evaluated. If it doesn't exist in the current verison of Ansible
it will blow up.
 2017-02-09 17:36:49 +01:00
Jérémy Lecour 8920ff1ee4 Add "always_run: yes" where it's pertinent 
There is also the "check_mode: no", but commented,
for when we switch to Ansible 2.2
 2017-01-31 11:45:35 +01:00
Benoît S. e173407baa Typo sysctl vs systemd. 2017-01-18 15:53:43 +01:00
Jérémy Lecour 478e9a8272 replace "state: installed" with "state: present" 2017-01-12 17:37:48 +01:00
Jérémy Lecour 61f5219f48 Improve documentation 
Each role has a README and a meta/main.yml file
 2017-01-05 18:22:06 +01:00
Jérémy Lecour 5a4f838375 Unix mode MUST be a quoted string when using octal notation 2017-01-05 12:03:54 +01:00
Jérémy Lecour 5277f58598 evolinux-base: enable service according to ansible_version 2017-01-05 12:03:53 +01:00
Jérémy Lecour 0ff5467bce add a "reload sshd" handler 2017-01-04 10:21:41 +01:00
Jérémy Lecour e1654414ea evolinux-base: flush handlers at end of each include 2017-01-03 17:02:23 +01:00
Jérémy Lecour 91c8fad950 Extract logrotate configurations in roles 2017-01-03 16:58:19 +01:00
Jérémy Lecour 130e1f2b0e evolinux-base: add conditions for most of tasks 2017-01-03 16:38:04 +01:00
Jérémy Lecour e2460c10d1 evolinux-base: tasks groups disabling 2017-01-03 12:11:01 +01:00
Jérémy Lecour 17ed9bc28e evolinux-base: SSH MatchAddress skips when empty array 2017-01-03 11:44:20 +01:00
Jérémy Lecour ead09ad4e8 evolinux-base: apt upgrade can be disabled 2017-01-03 11:43:31 +01:00
Gregory Colpart 6c5e880938 add slow_transport configuration for Postfix role 
and disable Postfix customization in evolinux-base role
 2017-01-02 01:14:18 +01:00
Jérémy Lecour 5bad738df9 evolinux-base : add some tags 2016-12-30 10:40:59 +01:00
Jérémy Lecour 25e69efd24 evolinux_base: configure /etc/mailname with current FQDN 2016-12-30 10:40:44 +01:00
Jérémy Lecour 8a20ec5ca2 evolinux_base/postfix: add some variables 
* myhostname
* mydestination
* myorigin
 2016-12-30 10:40:18 +01:00
Jérémy Lecour 001d066c38 evolinux-base: add /root/.selected_editor 2016-12-28 17:55:35 +01:00
Daniel Jakots e7287feb3f typo 2016-12-28 10:59:41 -05:00
Jérémy Lecour b7afc859b8 evolinux-base: configure listchanges in packages.yml 2016-12-28 15:15:09 +01:00
Jérémy Lecour 34669fdfd0 evolinux-base: configure tzdata 2016-12-28 15:06:56 +01:00
Gregory Colpart 4f97f17387 evolinux-base: disable deb-src repositories in sources.list 2016-12-27 20:55:17 +01:00
Gregory Colpart 6cdab4e68b evolinux-base: don't use /etc/apt/listchanges.conf before apt-listchanges install 2016-12-27 20:55:11 +01:00
Jérémy Lecour 3f2fe68189 evolinux-base: remove 127.0.1.1 unconditionally 2016-12-27 18:40:24 +01:00
Jérémy Lecour 6517a234d6 evolinux-base: fqdn replacement in /etc/hosts 
If the FQDN changes, it is changed in /etc/hosts instead and not added
 2016-12-27 16:45:46 +01:00
Jérémy Lecour b2c6847019 evolinux-base: apt/listchanges with lineinfile 
Ansible < 2.1 puts an extra space around "="
It might be a problem for APT.

Until we can use Ansible >= 2.1 we use lineinfile instead
even if it less precise (doesn't manage sections)
 2016-12-27 14:44:34 +01:00
Jérémy Lecour 29ea23247d evolinux-base: configure apt/listchanges 2016-12-27 14:33:21 +01:00
Jérémy Lecour b2971d1f7d evolinux-base: add ssh.yml 
* disable root login
* list authorized addresses
* disable AcceptEnv
 2016-12-27 14:04:12 +01:00
Jérémy Lecour 542cc0ef33 evolinux-base: remove aptitude in apt.yml 2016-12-27 14:04:12 +01:00
Jérémy Lecour 497d90519e evolinux-base: don't overwrite alert5 init script 2016-12-26 12:11:46 +01:00
Jérémy Lecour 65b9865510 evolinux-base: copy logorotate files 
there was a syntax error, the source was copied inside the target
 2016-12-26 12:11:46 +01:00
Jérémy Lecour 706d247360 evolinux-base: remove aptitude 2016-12-26 12:11:46 +01:00
Jérémy Lecour 001b58e1fe evolinux-base: fix /var/tmp mount point 2016-12-26 12:11:46 +01:00
Jérémy Lecour dc40993291 Use command instead of shell 2016-12-23 22:45:42 +01:00
Jérémy Lecour 5bc88ae0f0 evolinux-base: fix /tmp rights 2016-12-23 20:05:06 +01:00
Jérémy Lecour 38f962d754 evolinux-base: install apt hooks by default 2016-12-23 16:24:56 +01:00
Jérémy Lecour 7e9065e172 evolinux-base: the locales package might be missing 2016-12-23 14:12:13 +01:00
Jérémy Lecour a0a5920f99 evolinux-base: megacli packages are not authenticated 2016-12-23 14:11:11 +01:00
Jérémy Lecour 9fc56586fe Evolinux-base: group packages 2016-12-21 16:12:31 +01:00
Jérémy Lecour 79792ec0ed Postfix is back into evolinux-base 2016-12-21 16:12:31 +01:00
Jérémy Lecour d6545d91c6 evolinux-base: better check for installed MTA 2016-12-21 16:12:31 +01:00
Jérémy Lecour 01d9b629ec evolinux-base: better variable name 2016-12-21 16:12:31 +01:00
Jérémy Lecour 578a2d423d evolinux-base: finer grained packages management 
* install lsb-invlid-mta if Postfix is not present
* differenciate unauthenticated packages
 2016-12-21 16:12:30 +01:00
Jérémy Lecour c64e89e0d1 evolinux-base: fix variable name 
evolinux_apt_components → evolinux_apt_repositories_components
 2016-12-21 16:12:30 +01:00
Jérémy Lecour c0ab8f99ce Squash: conventions, evolinux, etc-git… 2016-12-21 16:12:30 +01:00