evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 33 Wiki Activity
1859 commits 77 branches 57 tags 128 MiB
Commit graph

291 commits

Author SHA1 Message Date
Victor LABORIE 0794e6f620 redmine: refactoring of redmine role with use of rbenv 2019-01-28 14:29:01 +01:00
Victor LABORIE fabac07210 redis: add variable for configure unixsocketperm 2019-01-28 14:26:13 +01:00
Victor LABORIE 2c874afb3c proftpd: add FTPS and SFTP support 2019-01-24 11:47:03 +01:00
Ludovic Poujol af896fe1fc * ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config 
- Ensure the client won't respond to anybody but accept the timeserver 
answers
- Should work on both Jessie and Stretch
 2019-01-18 15:32:45 +01:00
Jérémy Lecour 87860d5b7f Release 9.7.0 2019-01-17 18:11:46 +01:00
Jérémy Lecour fc0b1d6968 update changelog 2019-01-17 17:42:18 +01:00
Patrick Marchand 59c479582e Adds ips tag to fail2ban/tasks/ip_whitelist.yml 
You can already skip nginx and apache ip_whitelist tasks with this
tags, it makes sense for fail2ban to follow suite.
 2019-01-10 17:03:14 -05:00
Ludovic Poujol 40b2654141 php: added php-zip in the installed package list for debian 9 (and later) 2019-01-10 19:12:53 +01:00
Ludovic Poujol c4c091b362 squid: added packagist.org in the whitelist 2019-01-10 18:12:03 +01:00
Victor LABORIE f6ca2279bf java: update Oracle java package to 8u192 2019-01-10 16:16:35 +01:00
Jérémy Lecour df308b0396 fail2ban: fix "ignoreip" update 2019-01-09 16:44:16 +01:00
Ludovic Poujol 67d7458ba6 nodejs: Update yarn repo GPG key (current key expired) 
Ref: https://github.com/yarnpkg/yarn/issues/6865
 2019-01-09 10:49:20 +01:00
Jérémy Lecour 7c2feea561 metricbeat: add a variable for the protocol to use with Elasticsearch 2019-01-08 11:05:27 +01:00
Victor LABORIE 719e9b35b2 evocheck: update evocheck.sh for source install 2019-01-08 10:25:10 +01:00
Jérémy Lecour 921c92fd5b redis: add a variable for renamed/disabled commands 2019-01-08 10:04:27 +01:00
Jérémy Lecour ebd65b2395 metricbeat: fix username/password replacement 2019-01-08 10:02:04 +01:00
Jérémy Lecour 1118486993 rbenv: add pkg-config to the list of packages to install 
Some Ruby gems (Nokogiri…) need this to detect system libraries.
 2019-01-03 10:16:46 +01:00
Jérémy Lecour 41c1ed5a70 apache: add Munin configuration for Apache server-status URL 2019-01-01 21:08:51 +01:00
Jérémy Lecour 92a25a9502 redis: add variables to prevent or force restart 2018-12-21 11:11:15 +01:00
Jérémy Lecour 3b63172532 redis: distinction between main and master password 2018-12-21 11:08:18 +01:00
Ludovic Poujol effdb4c7eb redis: Configure munin when working in instance mode 2018-12-17 14:47:07 +01:00
Ludovic Poujol fa49f249e7 redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account 2018-12-17 14:43:42 +01:00
Ludovic Poujol f46f5ccbde nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true) 2018-12-12 14:58:12 +01:00
Jérémy Lecour d0b3b6d6b8 evomaintenance: database variables must be set or the task fails 2018-12-11 12:08:04 +01:00
Victor LABORIE 2a6cb3b381 evoadmin-mail: complete refactoring, use Debian Package 2018-12-07 15:26:08 +01:00
Ludovic Poujol f2f595af13 redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script 2018-12-05 16:37:52 +01:00
Ludovic Poujol c9ba37614c nginx: Munin url config is now a template to insert the server-status prefix 2018-12-05 16:25:48 +01:00
Jérémy Lecour 69d9b949e2 Release 9.6.0 2018-12-04 14:51:17 +01:00
Jérémy Lecour 2bcc1133c0 minifirewall: all variables are configurable 
By default, a Null value keeps the variable current value as-is.
Set an Array (can be empty) to replace the value.
 2018-12-04 14:49:50 +01:00
Jérémy Lecour 50e16e0dee minifirewall: compare config before/after (for restart condition) 2018-12-04 14:46:32 +01:00
Jérémy Lecour 59dd03c91e squid: better replacement in minifirewall config 2018-12-04 14:46:32 +01:00
Jérémy Lecour 33e29657a7 update changelog 2018-12-04 14:46:32 +01:00
Victor LABORIE 74f25e8183 evolinux-base: deploy custom motd if template are present 2018-11-30 15:14:39 +01:00
Victor LABORIE 6469733d2f evoacme: fix error handling in sed_cert_path_for_(apache|nginx) 2018-11-22 15:06:23 +01:00
Jérémy Lecour d5e34a58d2 Release 9.5.0 2018-11-14 17:15:25 +01:00
Jérémy Lecour b3f9932c4d evolinux-users: add newaliases handler 2018-11-14 17:04:51 +01:00
Jérémy Lecour 2f8cad3c7c packweb-apache: mod-security config is already included elsewhere 2018-11-14 17:04:03 +01:00
Jérémy Lecour 5056f93283 mysql: logdir can be customized 2018-11-14 16:13:06 +01:00
Jérémy Lecour bd1b1a7775 update CHANGELOG 2018-11-14 16:13:06 +01:00
Jérémy Lecour 3425711ecf redis: update CHANGELOG 2018-11-14 15:35:11 +01:00
Victor LABORIE cfb87a7b65 haproxy: add vars for tls configuration 
Permit simply include of TLS configuration, eg. in [global] :

{{ haproxy_ssl_intermediate | indent(width=4) }}
 2018-11-13 11:07:06 +01:00
Jérémy Lecour df48a60684 evocheck: update script from upstream 2018-11-08 09:46:57 +01:00
Victor LABORIE c6a504c6c5 Add an SSL role for certificates deployment 2018-11-06 16:15:48 +01:00
Jérémy Lecour 4a411685ff evomaintenance: FROM domain is configurable 2018-11-06 10:39:30 +01:00
Jérémy Lecour 2f9348e3d1 update CHANGELOG 2018-11-02 18:16:29 +01:00
Jérémy Lecour 3d76454984 update CHANGELOG for postfix 2018-11-02 10:14:49 +01:00
Jérémy Lecour c03be65ed9 evomaintenance: update script from upstream 2018-11-02 10:13:40 +01:00
Victor LABORIE 83e9f12669 evolinux-base: install man package 2018-10-23 11:38:52 +02:00
Victor LABORIE 6e6820805d nginx: add tag for ips management 2018-10-19 10:31:45 +02:00
Jérémy Lecour 79aceac380 Release 9.4.2 2018-10-12 10:16:40 +02:00
Jérémy Lecour 85c779164a evomaintenance: fix role compatibility with OpenBSD 2018-10-12 10:13:27 +02:00
Victor LABORIE 357914b44e amavis: fix output result checking 2018-10-11 17:18:03 +02:00
Jérémy Lecour 1d06721b96 update CHANGELOG 2018-10-08 09:43:09 +02:00
Jérémy Lecour 20e8d9f432 evomaintenance: install dependencies when installing vendored version 2018-10-08 09:37:18 +02:00
Victor LABORIE f2469dbdd9 * spamassassin: add missing right for amavis 2018-10-03 14:41:41 +02:00
Victor LABORIE 8dd2fcac55 Update CHANGELOG for haproxy/nagios-nrpe 2018-09-28 15:33:56 +02:00
Jérémy Lecour d442473370 Release 9.4.1 2018-09-28 10:45:50 +02:00
Jérémy Lecour 40ac98cb79 mysql-oracle: better handle packages and users 2018-09-27 15:05:02 +02:00
Jérémy Lecour 829da4bb40 update CHANGELOG for evomaintenance 2018-09-25 12:15:51 +02:00
Victor LABORIE c7cc63444d redis: set masterauth when redis_password is defined 2018-09-20 16:42:35 +02:00
Jérémy Lecour 9ddb297961 Release 9.4.0 2018-09-20 12:30:52 +02:00
Jérémy Lecour 517d7c0d9a Update CHANGELOG with generate-ldif changes 2018-09-20 12:28:48 +02:00
Jérémy Lecour 21e24df8c8 Update CHANGELOG with logstash recent changes. 2018-09-20 12:24:19 +02:00
Victor LABORIE 5f4601f611 nagios-nrpe: add check_redis_instances 2018-09-20 10:21:49 +02:00
Victor LABORIE 8546f0f34f redis: add support for multi instances 2018-09-19 17:24:26 +02:00
Victor LABORIE 09e48516c6 redis: add missing tags 2018-09-19 16:25:47 +02:00
Jérémy Lecour d6e71353dd Add a role to switch from networkd to ifconfig 2018-09-14 14:53:38 +02:00
Jérémy Lecour b2596aad2a mysql: add a variable to prevent mysql from restarting 2018-09-13 18:32:23 +02:00
Jérémy Lecour 2a4a993f09 update CHANGELOG 2018-09-11 14:20:13 +02:00
Victor LABORIE 47bf0ed2d2 dovecot: stronger TLS configuration 2018-09-11 11:13:02 +02:00
Jérémy Lecour c76cbd1887 evolinux-users: add user to /etc/aliases 2018-09-09 23:42:38 +02:00
Jérémy Lecour 8c9c5782e1 webapps/evoadmin-web: add users to /etc/aliases 2018-09-09 23:42:15 +02:00
Jérémy Lecour ac1a3e5f09 nginx: cleaner way to overwrite the server status suffix 2018-09-09 23:02:02 +02:00
Jérémy Lecour bfb591dc74 apache: cleaner way to overwrite the server status suffix 2018-09-09 23:01:43 +02:00
Jérémy Lecour efcd2ed391 packweb-apache: don't regenerate phpMyAdmin suffix each time 2018-09-09 23:00:41 +02:00
Jérémy Lecour 92f14a496f etc-git: conditional for cron job 2018-09-08 00:27:03 +02:00
Jérémy Lecour 37ea8d292e Release 9.3.2 2018-09-06 15:14:34 +02:00
Victor LABORIE bf3e5b4cb6 dovecot: enable SSL/TLS by default with snakeoil certificate 2018-09-04 14:50:22 +02:00
Jérémy Lecour 9869a1f269 typo 2018-08-31 19:28:06 +02:00
Jérémy Lecour c25c3c6a31 minifirewall: improve variables values and documentation 2018-08-30 17:06:21 +02:00
Jérémy Lecour 9787328a0b minifirewall: add a variable to force a restart of the firewall 2018-08-30 17:05:30 +02:00
Jérémy Lecour 96cd04ae40 minifirewall: add a variable to disable the restart handler 2018-08-30 17:04:14 +02:00
Jérémy Lecour 944006e63c Release 9.3.1 2018-08-30 14:06:06 +02:00
Jérémy Lecour cfd5e3d7f2 metricbeat: new variables to configure elasticsearch hosts and auth 2018-08-30 13:47:48 +02:00
Jérémy Lecour cb9e48b41d update the CHANGELOG with a forgotten line for mysql 2018-08-24 18:38:12 +02:00
Jérémy Lecour 191a49784d Release 9.3.0 2018-08-24 18:27:03 +02:00
Jérémy Lecour d138c00db8 etc-git: some entries of .gitignore are mandatory 2018-08-24 14:44:51 +02:00
Jérémy Lecour fe064c16d1 update CHANGELOG for evolinux-todo 2018-08-24 14:43:14 +02:00
Jérémy Lecour 3e3c6437e8 etc-git: install a script to optimize the repository each month 2018-08-24 00:28:15 +02:00
Jérémy Lecour bb956fb5e7 apache: logrotate replacement is more subtle/precise 
It replaces only the proper directive and not every occurence of the 
word.
 2018-08-23 13:02:25 +02:00
Jérémy Lecour 12c49ed93b fail2ban: add a variable to update the list of ignored IP addresses 2018-08-23 11:43:34 +02:00
Jérémy Lecour e939198159 fail2ban: add a variable to disable the ssh filter (default: False) 2018-08-23 09:16:33 +02:00
Jérémy Lecour 012dabf657 fail2ban: fix fail2ban_ignore_ips definition 
If the final variable is combined in the defaults file, it's component 
can be overridden, but the final variable can't be overriden.
 2018-08-21 23:14:31 +02:00
Jérémy Lecour 77aeb60544 bind: chroot-bind.sh must not be executed in check mode 2018-08-21 18:46:16 +02:00
Jérémy Lecour 26c46bfb96 evocheck: the crontab is updated by the role 2018-08-18 09:41:59 +02:00
Jérémy Lecour 4d7e9b1c3f evocheck: detect installed packages even if "held" by APT (manual fix) 2018-08-17 14:59:22 +02:00
Jérémy Lecour 40160e0c6e generate-ldif: detect installed packages even if "held" by APT 2018-08-17 11:56:41 +02:00
Jérémy Lecour 46fed05fa2 evocheck: update upstream script 2018-08-17 10:04:07 +02:00
Jérémy Lecour bc8858fc0a evolinux-base: improve hostname configuration 
We can have a "real" hostname and domain, but also an "internal" hostnae 
and domain, used mostly for internal tools.
 2018-08-16 16:17:34 +02:00
Jérémy Lecour ccd8c00e3a CHANGELOG : add missing entries 2018-08-09 18:24:48 +02:00
Jérémy Lecour b9b0183ec5 remount-usr: mount doesn't report a change 
It is arguable that this is a real change or not,
but in practice we have playbooks that report changes only for this and
it's very fun to scroll back each time to see if it's remount-usr or
a "real" change.
 2018-08-06 15:01:52 +02:00
Victor LABORIE 57cf0a29ab kvm-host: install kvm-tools package instead of copying add-vm.sh 2018-07-27 11:27:50 +02:00
Jérémy Lecour c57b069bf5 Reorder lines in CHANGELOG 2018-07-10 16:28:56 +02:00
Jérémy Lecour d387ed660a munin: properly rename Munin cache directory 2018-07-10 16:27:10 +02:00
Jérémy Lecour 1439fdab8f metricbeat: add a role (copied from filebeat) 2018-07-10 16:27:10 +02:00
Victor LABORIE f3ab0b361b tomcat: better nrpe check output 2018-07-03 12:24:11 +02:00
Victor LABORIE b18b3d3404 roundcube: add missing slash to https redirection 2018-06-25 16:58:03 +02:00
Victor LABORIE f56f8f7615 evolinux-base: add mail related aliases 2018-06-25 11:20:37 +02:00
Victor LABORIE f32eee4b68 Update CHANGELOG 2018-06-25 11:12:33 +02:00
Jérémy Lecour 77b5f84567 evoacme: disable old certbot cron also in cron.daily 2018-06-21 17:22:40 +02:00
Victor LABORIE 9f34db8f9a evoacme: fix module detection in apache config 2018-06-20 11:07:23 +02:00
Jérémy Lecour 045492be85 Update changelog 2018-06-19 16:51:27 +02:00
Jérémy Lecour fb4a254b9c mysql-oracle: fix configuration directory variable 2018-06-15 14:41:24 +02:00
Victor LABORIE 6d9fbe8689 nagios-nrpe: add check_postgrey 2018-06-14 13:50:06 +02:00
Jérémy Lecour 17d0c9c6bf php: clarify configuration 
* Variables for config file names are normalized* With Sury, Evolix configs are linked to regular 7.0 paths
 2018-06-11 17:35:20 +02:00
Victor LABORIE fbd97a5f08 java: support for Oracle JRE 2018-06-11 10:39:52 +02:00
Jérémy Lecour 03431fc116 mysql: add an option to install the dev client libraries 2018-06-09 13:15:08 +02:00
Jérémy Lecour d917d867bb changelog: minor rewording 2018-06-07 10:39:29 +02:00
Jérémy Lecour d67abef13d minifirewall: the tail file can be overwritten, or not 2018-06-04 16:31:36 +02:00
Victor LABORIE 17c8093711 nagios-nrpe: use bkctld check subcommand for NRPE check 2018-05-30 17:13:39 +02:00
Bruno TATU 108cd0f597 squid: whiteliste some news sites 2018-05-29 10:56:24 +02:00
Jérémy Lecour 7738de6f41 rbenv: switch from copy to lineinfile for default gems 2018-05-23 16:20:46 +02:00
Jérémy Lecour 3e5ea015c4 rbenv: install Ruby 2.5.1 by default 2018-05-23 16:18:23 +02:00
Jérémy Lecour b4122be2b3 kibana: log messages go to /var/log/kibana/kibana.log 2018-05-22 15:17:16 +02:00
Jérémy Lecour 0054e4fdea elasticsearch: add http.publish_host variable 2018-05-22 15:16:27 +02:00
Jérémy Lecour f8babfd532 elasticsearch: tmpdir configuration compatible with 5.x also 2018-05-16 12:15:04 +02:00
Jérémy Lecour 4f4b7cd8dc Release 9.2.0 2018-05-16 11:10:31 +02:00
Jérémy Lecour 4d148579c4 Changelog for elasticsearch changes 2018-05-16 11:08:18 +02:00
Jérémy Lecour 3dd1df8236 Changelog for varnish changes 2018-05-16 11:07:12 +02:00
Jérémy Lecour 2451e4d3fa Changelog for NTP changes 2018-05-16 11:06:06 +02:00
Bruno TATU a47a787a81 squid: add some domains and fix broken restrictions 2018-05-11 15:37:05 +02:00
Jérémy Lecour 93642b4afa filebeat: cleanup unused code 2018-05-09 20:57:32 +02:00
Jérémy Lecour 10af35bf41 filebeat: install version 6.x by default 2018-05-09 20:56:48 +02:00
Jérémy Lecour 08d5ca5696 evolinux-users: fix secondary groups 
With ANsible 2.2 the list of groups must be comma-separated
 2018-05-02 17:16:36 +02:00
Jérémy Lecour 170bd6c2c1 Release 9.1.9 2018-04-24 16:45:05 +02:00
Jérémy Lecour 5c5361dbb5 apache: customize logrotate (52 weeks) 2018-04-22 18:10:47 +02:00
Jérémy Lecour 15ebb84bb6 mysql/mysql-oracle: mysqltuner cron scripts is 0755 2018-04-22 17:32:23 +02:00
Jérémy Lecour 8384e8ba43 evolinux: groups for SSH configuration are used with Debian 10 and later 2018-04-20 14:38:55 +02:00
Ludovic Poujol e37b3f569a generate-ldif: add a minifirewall service when /etc/default/minifirewall exists 2018-04-19 16:04:21 +02:00
Jérémy Lecour 2f631f1ae7 update Changelog 2018-04-18 12:16:57 +02:00
Jérémy Lecour b01d9178d0 evolinux-users: split AllowGroups/AllowUsers modes 
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.

In other situations, we use the AllowUsers directive.
 2018-04-18 12:16:04 +02:00
Jérémy Lecour b866b6fa0a evolinux-base: fail2ban is not enabled by default 2018-04-18 12:15:43 +02:00
Jérémy Lecour 423acc79fd mysql-oracle: copy evolinux config files in mysql.cond.d 2018-04-18 12:06:15 +02:00
Jérémy Lecour 4749667f58 Release 9.1.8 2018-04-16 00:00:13 +02:00
Jérémy Lecour ae6e376048 mysql: properly reload systemd 2018-04-15 23:58:31 +02:00
Victor LABORIE 4612c5ec89 packweb-apache: use check_mode for apg command 
* Fix usage of packweb-apache role with --check
 2018-04-13 12:13:43 +02:00
Victor LABORIE 81861bad80 mysql: use check_mode for apg command 
* Fix usage of mysql role with --check
 2018-04-13 12:08:58 +02:00
Victor LABORIE f5a914bf63 Fix CHANGELOG 2018-04-13 12:05:48 +02:00
Victor LABORIE ef127d89dc packweb-apache: use dependencies instead of include_role for apache and php roles 2018-04-13 11:54:42 +02:00
Jérémy Lecour 619a0a8c72 Release 9.1.7 2018-04-06 10:49:23 +02:00