Jérémy Lecour
5e71da94d3
evoacme: fix typo
2017-10-13 11:16:46 +02:00
Jérémy Lecour
bced7561c9
make-csr: extract a few functions
2017-10-13 11:16:21 +02:00
Jérémy Lecour
fb0c22dfd1
evoacme: refactoring for make-csr
...
inspired from recent refactoring or evoacme itself
2017-10-13 00:47:02 +02:00
Jérémy Lecour
9fccd7e682
evoacme: improve variables
2017-10-12 18:22:43 +02:00
Jérémy Lecour
65ccc2c0b5
evoacme: use env variables for execution modes
2017-10-12 18:22:06 +02:00
Jérémy Lecour
30434a70d8
evoacme: csr verification is a different function call
2017-10-12 18:20:49 +02:00
Jérémy Lecour
118a9759af
evoacme: change function name to be more specific
2017-10-12 18:19:53 +02:00
Jérémy Lecour
3c61484448
evoacme: don't allow uninitialized variables
2017-10-12 18:19:09 +02:00
Victor LABORIE
5e9795435b
nginx: fix ip filtering in default vhost
2017-10-12 15:38:07 +02:00
Jérémy Lecour
0d0c21f908
Evoacme: refactoring
...
* add a lot of variables, to reduce possible typos
* add a lot of debug statements
* add many comments and line breaks for readability
* extract functions for complex openssl commands
* explode the big certbot command into multiple lines
* allow certbot to make test certs (for API query limits)
* allow certbot to run in "dry run" mode
* regroup some lines together when they do related things
2017-10-12 00:29:21 +02:00
Jérémy Lecour
1091dfeeed
evolinux-users: Handle "PermitRootLogin prohibit-password"
2017-10-11 22:17:52 +02:00
Victor LABORIE
1c244f556b
evoacme: better apache/nginx reload
2017-10-11 18:50:20 +02:00
Victor LABORIE
2dbdfb6600
evoacme: add error and debug function
2017-10-11 18:50:19 +02:00
Jérémy Lecour
9527aff68a
apache/nginx: remove compatibility mode
2017-10-11 18:13:15 +02:00
Jérémy Lecour
c77bc14e95
Evolinux: don't remove root from AllowUsers list
2017-10-11 17:58:59 +02:00
Jérémy Lecour
8518902ec9
Elasticsearch-head: no need to have a shell
2017-10-11 17:58:59 +02:00
Ludovic Poujol
745c45f88d
Fix remount_usr_rw/yml
2017-10-11 17:58:18 +02:00
Jérémy Lecour
4bc7635502
Include generate-ldif in evolinux-base
2017-10-11 13:10:15 +02:00
Jérémy Lecour
cca3b2921f
Public role for "generate-ldif"
2017-10-11 13:10:15 +02:00
Jérémy Lecour
20e8a852fa
Handle "PermitRootLogin prohibit-password"
2017-10-10 23:50:14 +02:00
Jérémy Lecour
ae4b9675c2
evolix-users: disable root ssh login by default
2017-10-10 22:01:44 +02:00
Jérémy Lecour
8435ac192d
evolinux-users: better detection of AllowUsers
2017-10-10 22:01:12 +02:00
Jérémy Lecour
707aabb404
evolinux-base : remove root from AllowUsers directive
...
when disabling root login, also remove it from AllowUsers if present
2017-10-10 22:00:28 +02:00
Jérémy Lecour
79e57b7787
evolinux-base: don't disable root ssh by default
2017-10-10 21:58:03 +02:00
Jérémy Lecour
bf2cd96793
evolinux-users must not be included as is
...
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
2017-10-10 20:52:49 +02:00
Jérémy Lecour
e09a6ace31
evolinux-base: use apt role for all APT configuration
2017-10-10 16:35:23 +02:00
Jérémy Lecour
fae9cd9208
extract APT configuration into apt role
2017-10-10 16:34:53 +02:00
Jérémy Lecour
517c0e672b
Nginx: completely rename ipaddr_whitelist
2017-10-10 09:57:29 +02:00
Jérémy Lecour
2a95325dc6
systemd unit for elasticsearch-head
2017-10-09 17:45:51 +02:00
Jérémy Lecour
9af98e7ebe
ES/head: use https to clone the repository
2017-10-09 16:36:03 +02:00
Jérémy Lecour
ae745d89ff
Nginx: don't overwrite the default vhost
2017-10-09 16:35:38 +02:00
Jérémy Lecour
9798022192
Nginx: fix ipaddr_whitelist path
2017-10-09 16:13:26 +02:00
Jérémy Lecour
9fe76d40da
Let's keep the currently deployed line
2017-10-09 15:57:38 +02:00
Ludovic Poujol
1e68bcb2fc
Nginx: fix missing double quote
2017-10-09 11:56:34 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
3d22cbf927
java8: we only need the headless variant
2017-10-08 22:33:49 +02:00
Jérémy Lecour
c4ca8c3764
cleanup with dependencies on java8
2017-10-08 22:31:22 +02:00
Jérémy Lecour
8c1024c23c
No need to add individual users, a group is enough
2017-10-08 14:23:21 +02:00
Jérémy Lecour
a07d1d873a
evolinux-base: bad group for password restrictions
2017-10-08 12:49:55 +02:00
Jérémy Lecour
6984c121c2
evolinux-base/ssh: syntax clarity
...
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
2017-10-08 12:48:56 +02:00
Jérémy Lecour
97b0225232
Minifirewall can deal with evomaintenance
...
Each role has to know how to deal with the other.
Otherwise, depending on order of execution, the firewall might not
allow connections for evomaintenance
2017-10-08 00:00:24 +02:00
Jérémy Lecour
98c5619721
minifirewall: install dependencies in install.yml
2017-10-08 00:00:24 +02:00
Jérémy Lecour
64080ead23
evoadmin-web: document root should belong to group too
2017-10-07 23:05:20 +02:00
Jérémy Lecour
2a8e571f04
evoadmin-web: clarify ansible code
2017-10-07 23:04:47 +02:00
Jérémy Lecour
2480088f8b
Change DIR_MODE only if adduser.conf is pristine
2017-10-07 22:59:06 +02:00
Jérémy Lecour
ccaecf690c
proftpd: don't overwrite z-evolinux.conf
2017-10-07 22:57:30 +02:00
Jérémy Lecour
518353268a
evolinux-base: logname command doesn't change
2017-10-07 22:56:37 +02:00
Jérémy Lecour
094ad8c28d
evolinux-base: improve AllowUsers for current user
2017-10-07 22:17:38 +02:00
Jérémy Lecour
c4bdd88e27
evoadmin-web: stay privileged
...
Becoming an unprivilegied user is problemetic for Ansible.
We continue being root, but change the permissions on created files.
2017-10-07 21:48:00 +02:00
Jérémy Lecour
89fe1561b8
evoadmin-web depends on proftpd
2017-10-07 21:45:46 +02:00