Gregory Colpart
859822709d
Revert "Fix: openssl req -subj arg need to be "/CN="" because bad var during test
...
This reverts commit 8cfa0a6ef2
.
2017-08-30 04:07:26 +02:00
Gregory Colpart
8cfa0a6ef2
Fix: openssl req -subj arg need to be "/CN="
2017-08-29 02:32:20 +02:00
Gregory Colpart
207a2f6011
Improve distribution verification
2017-08-23 01:49:27 +02:00
Gregory Colpart
5226082db0
evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all
...
(will be probably generalized to others modules if needed)
2017-08-22 01:37:04 +02:00
Benoît S.
a95d7893c5
Add a comment about AcceptEnv
2017-08-18 14:37:34 +02:00
Gregory Colpart
d82b12b614
fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall)
2017-08-18 04:13:56 +02:00
Gregory Colpart
2bb7367edf
standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible
2017-08-18 03:50:30 +02:00
Jérémy Lecour
4b8456c5b7
Fix ssh security policy
2017-08-05 12:13:42 -04:00
Jérémy Lecour
db2b418be4
evolinux-base: fix typo in README
2017-08-05 12:13:42 -04:00
Gregory Colpart
e212f3043f
Set right URL for our custom role
2017-07-23 00:55:23 +02:00
Gregory Colpart
bbb0e579a6
Fix #2154 : we don't need lsb-invalid-mta and package is not anymore in stretch
2017-07-22 08:19:14 +02:00
Victor LABORIE
64a134355b
evolinux-base: override logmail service
2017-07-19 16:03:36 +02:00
Jérémy Lecour
adc3bd7a93
Fix ssh LogLevel
...
* the directive can be present but commented
* the version comparison was wrong
2017-07-19 13:49:08 +02:00
Jérémy Lecour
62fbbd2016
Rename role "apt-repositories" to "apt"
2017-07-19 08:56:46 +02:00
Jérémy Lecour
3e3e1c368e
Lighter /root/.vimrc
2017-07-18 20:03:57 +02:00
Jérémy Lecour
388a2c058e
Over-simplified /root/.gitconfig
2017-07-18 20:00:20 +02:00
Jérémy Lecour
0c2170cf5c
Remove some backups, again
2017-07-18 19:38:03 +02:00
Benoît S.
fa3047bdc4
Fix #2198 . Purge openntpd
2017-07-17 16:18:10 +02:00
Jérémy Lecour
be68f9ac0a
remove a few useless "backup: yes"
2017-07-17 14:46:01 +02:00
Gregory Colpart
a189b7935b
NTPD : Listen only on lo interface by default
2017-07-17 14:21:46 +02:00
Gregory Colpart
f78e93e0ff
we want always packages ssl-cert et ca-certificates (probably will go to serveur-base package, we will see)
2017-07-13 02:41:12 +02:00
Gregory Colpart
ea4ec27f08
Oops, last commit was broken. I think "when: TAG" need always to be boolean, then I patch for that.
2017-07-13 02:20:28 +02:00
Gregory Colpart
fcfea428b7
pet commit: remove not ecessary params
2017-07-13 01:18:25 +02:00
Jérémy Lecour
e23edbd5f4
this have nothing to do in the previous commit
2017-07-12 10:24:09 +02:00
Jérémy Lecour
ce37282feb
Effectively change the timezone
2017-07-12 10:23:21 +02:00
Jérémy Lecour
a318e6065c
Disable new vim defaults
2017-07-12 10:15:47 +02:00
Jérémy Lecour
6514f64a1f
Better english
2017-07-12 09:34:46 +02:00
Jérémy Lecour
1cdbcaa5fb
Install packages for Stretch and later
2017-07-11 18:43:22 +02:00
Gregory Colpart
12b5d9a97a
Fix #2207 : set -L 15 for Cron
2017-07-11 00:42:38 +02:00
Gregory Colpart
eab03993d0
improvment, don't touch to /etc/profile and instead use /etc/profile.d/evolinux.sh
2017-07-11 00:29:06 +02:00
Gregory Colpart
05b7588953
no more apt-listchanges in Stretch
2017-07-10 22:17:58 +02:00
Gregory Colpart
0d79db4ed5
Improve dpkg pre / post - invoke
2017-07-10 21:52:57 +02:00
Gregory Colpart
8505ef5b5e
exit 0 -> true
2017-07-09 19:59:12 +02:00
Gregory Colpart
0d0937aa4e
Use "false" instead of "0" to be more explicit
2017-07-09 19:59:12 +02:00
Jérémy Lecour
0fdc1565a8
Default site CSS slightly beautified
2017-07-06 17:14:29 +02:00
Jérémy Lecour
553025d199
enable server-status in default site
2017-07-06 17:14:29 +02:00
Jérémy Lecour
0e0bc1cbbd
Split default vhost into nginx ad apache roles
2017-07-06 17:14:28 +02:00
Jérémy Lecour
de37aac243
Don't overwrite default apache vhost
2017-07-06 17:14:27 +02:00
Benoît S.
effbfc3189
Be sure to have the bash-completion package
...
It is very handy to have this package to have completion of commands like
systemctl.
2017-07-06 11:58:48 +02:00
Jérémy Lecour
bae8961e99
packweb/evoadmin: cleanup
...
* extracted tasks
* more variables
* more templates
* less bugs
2017-07-03 18:23:39 +02:00
Jérémy Lecour
664a926caa
evolinux: fix rotate value customization
...
with "[0-9]*" too much lines would be changed
2017-07-03 17:57:00 +02:00
Jérémy Lecour
d3af1320c9
SSH: log level to verbose for Stretch and later
2017-06-14 15:53:15 +02:00
Jérémy Lecour
13fccb1f3f
Fix Ansible syntax for include_role
2017-06-13 11:45:34 +02:00
Jérémy Lecour
25e017fa28
Add contrib/non-free components for APT sources if needed
2017-06-13 11:21:27 +02:00
Jérémy Lecour
65f91f09b0
Disable warnings for mount commands related to /usr read-only
2017-06-12 15:11:40 +02:00
Jérémy Lecour
4d9961b0f9
evolinux-base: configure apt-repositories role
2017-06-07 09:59:55 +02:00
Victor LABORIE
a1c69bdf84
apt-repositories/evolinux-base: fix default sources.list configuration
2017-06-05 11:43:25 +02:00
Jérémy Lecour
c66438a2a3
evolinux-base: remount /usr when needed
2017-05-23 14:55:31 +02:00
Jérémy Lecour
6e104d8689
evolinux-base: include_role apt-repositories
2017-05-23 14:55:15 +02:00
Jérémy Lecour
17be773822
Extract Evolix public APT sources
2017-05-21 11:00:46 +02:00
Jérémy Lecour
89d8ac32c4
Non octal notation
...
When permissions octal notation doesn't begin with 0, prefer the text
notation.
2017-05-19 22:46:34 +02:00
Jérémy Lecour
e2452cdf6c
Don't warn for some known commands
2017-05-19 22:30:51 +02:00
Jérémy Lecour
9fae99f8dc
Minor syntax and whitespaces fixes
2017-05-19 22:29:53 +02:00
Jérémy Lecour
23f0b97897
evolinux-base: add logrotate package
...
It should be installed by default, but make sure that it is really
present.
2017-05-18 13:57:30 +02:00
Jérémy Lecour
82c4c9d745
Use apt module with 2.2 option "allow_unauthenticated"
2017-05-16 15:36:46 +02:00
Victor LABORIE
8227e7a617
evolinux-base: add curl and telnet to diagnostic tool
2017-05-02 17:12:08 +02:00
Jérémy Lecour
c0d43f72ef
evolinx-base: no comma for postfix config
2017-05-02 13:56:20 +02:00
Victor LABORIE
9dfe6fd175
evolinux-base: use fqdn in default postfix config and add handler
2017-04-27 10:51:21 +02:00
Victor LABORIE
0ad39a1be7
evolinux-base: update hostname in default postfix config
2017-04-25 15:50:22 +02:00
Jérémy Lecour
3f09d938eb
disable some parts of evolinux-base in tests
2017-04-24 09:46:43 +02:00
Jérémy Lecour
53a1134b6f
detect presence of hotplug network interface
2017-04-24 09:46:42 +02:00
Jérémy Lecour
eec84fca8a
detect absence of acl in filesystem
2017-04-24 09:46:42 +02:00
Jérémy Lecour
2427fcc7f3
Respect hostname variable value
2017-04-24 09:46:42 +02:00
Jérémy Lecour
72d0f6ddc4
No change recorded when updating apt cache
2017-04-24 09:46:42 +02:00
Jérémy Lecour
d23d2f6080
evolinux-base: improve the kitchen recipe
...
but it's still disabled for the omment
2017-04-20 15:51:48 +02:00
Jérémy Lecour
47f8f5d75f
evolinux-base can't be tested within Docker yet
...
because of sshd not being a proper service in the Docker container
2017-04-20 13:57:11 +02:00
Jérémy Lecour
4c1c0c6c23
[WIP] tests for evolinux-base
2017-04-20 13:48:23 +02:00
Jérémy Lecour
fad4b78775
evolinux-base: better regexp for fstab customization
...
- we must exclude lines containing a # before the partition name
- it's better to use "not space" (\S) instead of "word character" (\w)
between the partition name and the fs type
2017-04-19 10:59:25 +02:00
Jérémy Lecour
c30e6b189c
evolinux-base: fstab is more customizable
2017-04-05 17:50:50 +02:00
Jérémy Lecour
8ba9c0081a
evolinux: finer grained kernel configuration
2017-03-30 15:33:23 +02:00
Jérémy Lecour
4eab8c319a
evolinux: custom email for logcheck
2017-03-30 15:32:59 +02:00
Jérémy Lecour
5b2ab0d8d3
Ansible >= 2.2 supported
2017-03-24 14:15:09 +01:00
Jérémy Lecour
294cea44e8
Change mode with leading 0, but still as String
2017-03-23 16:59:43 +01:00
Jérémy Lecour
c666099ef8
Evolinux-base: dynamic release name
2017-03-16 16:50:21 +01:00
Benoît S.
f3d1f5b04c
Fix #2159 . Wrong path for cciss-vol-statusd.
2017-03-10 11:24:19 +01:00
Tristan PILAT
78a2fd9830
Fix error in handler
2017-03-08 16:33:23 +01:00
Jérémy Lecour
6ed870e94e
Can't dynamically choose module based on version
...
If the condition is in a when attribute, the module is still
evaluated. If it doesn't exist in the current verison of Ansible
it will blow up.
2017-02-09 17:36:49 +01:00
Jérémy Lecour
8920ff1ee4
Add "always_run: yes" where it's pertinent
...
There is also the "check_mode: no", but commented,
for when we switch to Ansible 2.2
2017-01-31 11:45:35 +01:00
Benoît S.
e173407baa
Typo sysctl vs systemd.
2017-01-18 15:53:43 +01:00
Jérémy Lecour
478e9a8272
replace "state: installed" with "state: present"
2017-01-12 17:37:48 +01:00
Jérémy Lecour
61f5219f48
Improve documentation
...
Each role has a README and a meta/main.yml file
2017-01-05 18:22:06 +01:00
Jérémy Lecour
5a4f838375
Unix mode MUST be a quoted string when using octal notation
2017-01-05 12:03:54 +01:00
Jérémy Lecour
5277f58598
evolinux-base: enable service according to ansible_version
2017-01-05 12:03:53 +01:00
Jérémy Lecour
0ff5467bce
add a "reload sshd" handler
2017-01-04 10:21:41 +01:00
Jérémy Lecour
e1654414ea
evolinux-base: flush handlers at end of each include
2017-01-03 17:02:23 +01:00
Jérémy Lecour
91c8fad950
Extract logrotate configurations in roles
2017-01-03 16:58:19 +01:00
Jérémy Lecour
130e1f2b0e
evolinux-base: add conditions for most of tasks
2017-01-03 16:38:04 +01:00
Jérémy Lecour
e2460c10d1
evolinux-base: tasks groups disabling
2017-01-03 12:11:01 +01:00
Jérémy Lecour
17ed9bc28e
evolinux-base: SSH MatchAddress skips when empty array
2017-01-03 11:44:20 +01:00
Jérémy Lecour
ead09ad4e8
evolinux-base: apt upgrade can be disabled
2017-01-03 11:43:31 +01:00
Gregory Colpart
6c5e880938
add slow_transport configuration for Postfix role
...
and disable Postfix customization in evolinux-base role
2017-01-02 01:14:18 +01:00
Jérémy Lecour
5bad738df9
evolinux-base : add some tags
2016-12-30 10:40:59 +01:00
Jérémy Lecour
25e69efd24
evolinux_base: configure /etc/mailname with current FQDN
2016-12-30 10:40:44 +01:00
Jérémy Lecour
8a20ec5ca2
evolinux_base/postfix: add some variables
...
* myhostname
* mydestination
* myorigin
2016-12-30 10:40:18 +01:00
Jérémy Lecour
001d066c38
evolinux-base: add /root/.selected_editor
2016-12-28 17:55:35 +01:00
Daniel Jakots
e7287feb3f
typo
2016-12-28 10:59:41 -05:00
Jérémy Lecour
b7afc859b8
evolinux-base: configure listchanges in packages.yml
2016-12-28 15:15:09 +01:00
Jérémy Lecour
34669fdfd0
evolinux-base: configure tzdata
2016-12-28 15:06:56 +01:00
Gregory Colpart
4f97f17387
evolinux-base: disable deb-src repositories in sources.list
2016-12-27 20:55:17 +01:00
Gregory Colpart
6cdab4e68b
evolinux-base: don't use /etc/apt/listchanges.conf before apt-listchanges install
2016-12-27 20:55:11 +01:00
Jérémy Lecour
3f2fe68189
evolinux-base: remove 127.0.1.1 unconditionally
2016-12-27 18:40:24 +01:00
Jérémy Lecour
6517a234d6
evolinux-base: fqdn replacement in /etc/hosts
...
If the FQDN changes, it is changed in /etc/hosts instead and not added
2016-12-27 16:45:46 +01:00
Jérémy Lecour
b2c6847019
evolinux-base: apt/listchanges with lineinfile
...
Ansible < 2.1 puts an extra space around "="
It might be a problem for APT.
Until we can use Ansible >= 2.1 we use lineinfile instead
even if it less precise (doesn't manage sections)
2016-12-27 14:44:34 +01:00
Jérémy Lecour
29ea23247d
evolinux-base: configure apt/listchanges
2016-12-27 14:33:21 +01:00
Jérémy Lecour
b2971d1f7d
evolinux-base: add ssh.yml
...
* disable root login
* list authorized addresses
* disable AcceptEnv
2016-12-27 14:04:12 +01:00
Jérémy Lecour
542cc0ef33
evolinux-base: remove aptitude in apt.yml
2016-12-27 14:04:12 +01:00
Jérémy Lecour
497d90519e
evolinux-base: don't overwrite alert5 init script
2016-12-26 12:11:46 +01:00
Jérémy Lecour
65b9865510
evolinux-base: copy logorotate files
...
there was a syntax error, the source was copied inside the target
2016-12-26 12:11:46 +01:00
Jérémy Lecour
706d247360
evolinux-base: remove aptitude
2016-12-26 12:11:46 +01:00
Jérémy Lecour
001b58e1fe
evolinux-base: fix /var/tmp mount point
2016-12-26 12:11:46 +01:00
Jérémy Lecour
dc40993291
Use command instead of shell
2016-12-23 22:45:42 +01:00
Jérémy Lecour
5bc88ae0f0
evolinux-base: fix /tmp rights
2016-12-23 20:05:06 +01:00
Jérémy Lecour
38f962d754
evolinux-base: install apt hooks by default
2016-12-23 16:24:56 +01:00
Jérémy Lecour
7e9065e172
evolinux-base: the locales package might be missing
2016-12-23 14:12:13 +01:00
Jérémy Lecour
a0a5920f99
evolinux-base: megacli packages are not authenticated
2016-12-23 14:11:11 +01:00
Jérémy Lecour
9fc56586fe
Evolinux-base: group packages
2016-12-21 16:12:31 +01:00
Jérémy Lecour
79792ec0ed
Postfix is back into evolinux-base
2016-12-21 16:12:31 +01:00
Jérémy Lecour
d6545d91c6
evolinux-base: better check for installed MTA
2016-12-21 16:12:31 +01:00
Jérémy Lecour
01d9b629ec
evolinux-base: better variable name
2016-12-21 16:12:31 +01:00
Jérémy Lecour
578a2d423d
evolinux-base: finer grained packages management
...
* install lsb-invlid-mta if Postfix is not present
* differenciate unauthenticated packages
2016-12-21 16:12:30 +01:00
Jérémy Lecour
c64e89e0d1
evolinux-base: fix variable name
...
evolinux_apt_components → evolinux_apt_repositories_components
2016-12-21 16:12:30 +01:00
Jérémy Lecour
c0ab8f99ce
Squash: conventions, evolinux, etc-git…
2016-12-21 16:12:30 +01:00