evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
1467 commits 76 branches 56 tags 128 MiB
Commit graph

189 commits

Author SHA1 Message Date
Gregory Colpart 51f41ff14a Workaround by Evolix security team for old kernels and vulnerabiliy CVE-2018-5391 (FragmentSmack) 2018-08-17 21:28:14 +02:00
Jérémy Lecour 4461281945 evolinux-base: add internal FQDN/hostname in /etc/hosts if needed 2018-08-17 10:07:36 +02:00
Jérémy Lecour bc8858fc0a evolinux-base: improve hostname configuration 
We can have a "real" hostname and domain, but also an "internal" hostnae 
and domain, used mostly for internal tools.
 2018-08-16 16:17:34 +02:00
Tristan PILAT 99747e72b5 500px is too narrow, let's switch to 768px 2018-07-24 12:17:07 +02:00
Victor LABORIE f56f8f7615 evolinux-base: add mail related aliases 2018-06-25 11:20:37 +02:00
Jérémy Lecour ec535b036c apt module: Use "state: present" instead of "state: installed" 
"state: installed" is deprecated in Ansible 2.5
 2018-05-18 09:33:25 +02:00
Gregory Colpart 20f6371980 typo 2018-05-01 19:38:55 +02:00
Jérémy Lecour 8384e8ba43 evolinux: groups for SSH configuration are used with Debian 10 and later 2018-04-20 14:38:55 +02:00
Jérémy Lecour e79640d770 evolinux: Name and improve compatibility checks 2018-04-20 14:38:55 +02:00
Jérémy Lecour b01d9178d0 evolinux-users: split AllowGroups/AllowUsers modes 
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.

In other situations, we use the AllowUsers directive.
 2018-04-18 12:16:04 +02:00
Jérémy Lecour b866b6fa0a evolinux-base: fail2ban is not enabled by default 2018-04-18 12:15:43 +02:00
Jérémy Lecour 8abed3e258 Use "command" instead of "shell" where possible 2018-04-04 23:36:00 +02:00
Jérémy Lecour ad3383a510 Install ncurses-term for additional terminal types 
When connecting to a server from urxvt, the session behaves like one
with xterm.
 2018-03-29 16:42:33 +02:00
Ludovic Poujol 3c2443181b evolinux-base: Exec the firewall tasks sooner to avoid dependency issues 2018-03-15 12:04:35 +01:00
Jérémy Lecour b634840b42 apache/nginx: server status suffix 2018-01-03 10:05:20 +01:00
Jérémy Lecour 08d544668b evolinux-base: create /etc/evolinux 2018-01-03 10:05:20 +01:00
Victor LABORIE f09d93aadb evolinux-base: purge locate/mlocate by default 2018-01-02 15:11:27 +01:00
Jérémy Lecour aeba94bcba default/additional variables 
List of hosts/ip are a combination of 2 lists allowing overrides
 2017-12-20 18:04:54 +01:00
Ludovic Poujol a2acd250a6 evolinux-base: have default_www files chmoded as 644 2017-12-13 15:44:16 +01:00
Jérémy Lecour 1faf0faa6b Remove openntpd before installing serveur-base 2017-12-06 00:09:08 +01:00
Jérémy Lecour 5e1268ad65 Install traceroute 2017-12-05 14:42:07 +01:00
Jérémy Lecour b3f4e4683e hostname customization needs the dbus package 2017-11-22 14:08:54 +01:00
Jérémy Lecour b15b06d458 add name for some fail modules 2017-11-21 10:17:46 +01:00
Jérémy Lecour 8ef9554746 Combine evolix and additional trusted IP addresses 2017-11-15 23:57:58 +01:00
Jérémy Lecour 46d70b3cd5 evolnux-base: cache pgp key locally 2017-11-15 11:40:42 +01:00
Victor LABORIE 1c48df025c Move /usr rw remount into remount-usr role 2017-11-07 13:34:05 +01:00
Ludovic Poujol 3532cb3f2d evolinux-base: harware tasks. Add http://hwraid.le-vert.net/debian repo 
on stretch for megacli packages
 2017-10-26 15:07:28 +02:00
Jérémy Lecour b4e4b14fc6 Invert SSH Match User directives 2017-10-17 10:28:48 +02:00
Jérémy Lecour c77bc14e95 Evolinux: don't remove root from AllowUsers list 2017-10-11 17:58:59 +02:00
Ludovic Poujol 745c45f88d Fix remount_usr_rw/yml 2017-10-11 17:58:18 +02:00
Jérémy Lecour 4bc7635502 Include generate-ldif in evolinux-base 2017-10-11 13:10:15 +02:00
Jérémy Lecour 20e8a852fa Handle "PermitRootLogin prohibit-password" 2017-10-10 23:50:14 +02:00
Jérémy Lecour 707aabb404 evolinux-base : remove root from AllowUsers directive 
when disabling root login, also remove it from AllowUsers if present
 2017-10-10 22:00:28 +02:00
Jérémy Lecour 79e57b7787 evolinux-base: don't disable root ssh by default 2017-10-10 21:58:03 +02:00
Jérémy Lecour bf2cd96793 evolinux-users must not be included as is 
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
 2017-10-10 20:52:49 +02:00
Jérémy Lecour e09a6ace31 evolinux-base: use apt role for all APT configuration 2017-10-10 16:35:23 +02:00
Jérémy Lecour 9fe76d40da Let's keep the currently deployed line 2017-10-09 15:57:38 +02:00
Jérémy Lecour 13e1c0486b "egrep" is deprecated, use "grep -E" 2017-10-08 22:47:03 +02:00
Jérémy Lecour a07d1d873a evolinux-base: bad group for password restrictions 2017-10-08 12:49:55 +02:00
Jérémy Lecour 6984c121c2 evolinux-base/ssh: syntax clarity 
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
 2017-10-08 12:48:56 +02:00
Jérémy Lecour 2480088f8b Change DIR_MODE only if adduser.conf is pristine 2017-10-07 22:59:06 +02:00
Jérémy Lecour 518353268a evolinux-base: logname command doesn't change 2017-10-07 22:56:37 +02:00
Jérémy Lecour 094ad8c28d evolinux-base: improve AllowUsers for current user 2017-10-07 22:17:38 +02:00
Jérémy Lecour c4e61a18d4 evolinux-base includes a few external roles 
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
 2017-10-07 18:13:52 +02:00
Jérémy Lecour adade8ae3c formatting 2017-10-07 17:54:25 +02:00
Jérémy Lecour 03bc456dfa evolinux-base: allow ssh for current user 
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default
 2017-10-07 13:12:03 +02:00
Jérémy Lecour 382d545d0d evolinux-base: fix netextreme device detection 2017-10-07 13:12:03 +02:00
Jérémy Lecour 7f4eb747de change alert5 only for buster 2017-10-06 15:27:22 +02:00
Jérémy Lecour ed17676432 A real systemd unit for alert5 2017-10-06 15:27:22 +02:00
Jérémy Lecour ef93d56799 evolinux-base: better task name for postfix 2017-10-06 01:06:59 +02:00