ansible-roles

Author	SHA1	Message	Date
Jérémy Lecour	06a3965fde	whitespaces	2017-10-13 12:30:34 +02:00
Jérémy Lecour	31a19114e5	evoacme: readability of tests change from : "what I don't want" && error to : "what I want" \|\| error	2017-10-13 12:30:24 +02:00
Jérémy Lecour	9bccbd9496	evoacme: check for readability, not just presence	2017-10-13 12:28:44 +02:00
Jérémy Lecour	3c283d2bb4	evoacme: execute evoacme in cron mode	2017-10-13 12:09:12 +02:00
Jérémy Lecour	0022071462	evoacme: add tests to fail with proper messages	2017-10-13 12:08:47 +02:00
Jérémy Lecour	e11958d101	evoacme: fix web servers config check	2017-10-13 11:18:37 +02:00
Jérémy Lecour	6d6d0760cd	evoacme: sed cert path after cert creation	2017-10-13 11:18:15 +02:00
Jérémy Lecour	88600039d3	evoacme: daily iterations are not enough	2017-10-13 11:17:32 +02:00
Jérémy Lecour	5e71da94d3	evoacme: fix typo	2017-10-13 11:16:46 +02:00
Jérémy Lecour	bced7561c9	make-csr: extract a few functions	2017-10-13 11:16:21 +02:00
Jérémy Lecour	fb0c22dfd1	evoacme: refactoring for make-csr inspired from recent refactoring or evoacme itself	2017-10-13 00:47:02 +02:00
Jérémy Lecour	9fccd7e682	evoacme: improve variables	2017-10-12 18:22:43 +02:00
Jérémy Lecour	65ccc2c0b5	evoacme: use env variables for execution modes	2017-10-12 18:22:06 +02:00
Jérémy Lecour	30434a70d8	evoacme: csr verification is a different function call	2017-10-12 18:20:49 +02:00
Jérémy Lecour	118a9759af	evoacme: change function name to be more specific	2017-10-12 18:19:53 +02:00
Jérémy Lecour	3c61484448	evoacme: don't allow uninitialized variables	2017-10-12 18:19:09 +02:00
Victor LABORIE	5e9795435b	nginx: fix ip filtering in default vhost	2017-10-12 15:38:07 +02:00
Jérémy Lecour	0d0c21f908	Evoacme: refactoring * add a lot of variables, to reduce possible typos * add a lot of debug statements * add many comments and line breaks for readability * extract functions for complex openssl commands * explode the big certbot command into multiple lines * allow certbot to make test certs (for API query limits) * allow certbot to run in "dry run" mode * regroup some lines together when they do related things	2017-10-12 00:29:21 +02:00
Jérémy Lecour	1091dfeeed	evolinux-users: Handle "PermitRootLogin prohibit-password"	2017-10-11 22:17:52 +02:00
Victor LABORIE	1c244f556b	evoacme: better apache/nginx reload	2017-10-11 18:50:20 +02:00
Victor LABORIE	2dbdfb6600	evoacme: add error and debug function	2017-10-11 18:50:19 +02:00
Jérémy Lecour	9527aff68a	apache/nginx: remove compatibility mode	2017-10-11 18:13:15 +02:00
Jérémy Lecour	c77bc14e95	Evolinux: don't remove root from AllowUsers list	2017-10-11 17:58:59 +02:00
Jérémy Lecour	8518902ec9	Elasticsearch-head: no need to have a shell	2017-10-11 17:58:59 +02:00
Ludovic Poujol	745c45f88d	Fix remount_usr_rw/yml	2017-10-11 17:58:18 +02:00
Jérémy Lecour	4bc7635502	Include generate-ldif in evolinux-base	2017-10-11 13:10:15 +02:00
Jérémy Lecour	cca3b2921f	Public role for "generate-ldif"	2017-10-11 13:10:15 +02:00
Jérémy Lecour	20e8a852fa	Handle "PermitRootLogin prohibit-password"	2017-10-10 23:50:14 +02:00
Jérémy Lecour	ae4b9675c2	evolix-users: disable root ssh login by default	2017-10-10 22:01:44 +02:00
Jérémy Lecour	8435ac192d	evolinux-users: better detection of AllowUsers	2017-10-10 22:01:12 +02:00
Jérémy Lecour	707aabb404	evolinux-base : remove root from AllowUsers directive when disabling root login, also remove it from AllowUsers if present	2017-10-10 22:00:28 +02:00
Jérémy Lecour	79e57b7787	evolinux-base: don't disable root ssh by default	2017-10-10 21:58:03 +02:00
Jérémy Lecour	bf2cd96793	evolinux-users must not be included as is There is a major problem with memory consumption, probably a leak, when the role is included. If it is played in the playbook, the whole run takes ~200 MB. If it is played as an included role, the run takes 2.4GB.	2017-10-10 20:52:49 +02:00
Jérémy Lecour	e09a6ace31	evolinux-base: use apt role for all APT configuration	2017-10-10 16:35:23 +02:00
Jérémy Lecour	fae9cd9208	extract APT configuration into apt role	2017-10-10 16:34:53 +02:00
Jérémy Lecour	517c0e672b	Nginx: completely rename ipaddr_whitelist	2017-10-10 09:57:29 +02:00
Jérémy Lecour	2a95325dc6	systemd unit for elasticsearch-head	2017-10-09 17:45:51 +02:00
Jérémy Lecour	9af98e7ebe	ES/head: use https to clone the repository	2017-10-09 16:36:03 +02:00
Jérémy Lecour	ae745d89ff	Nginx: don't overwrite the default vhost	2017-10-09 16:35:38 +02:00
Jérémy Lecour	9798022192	Nginx: fix ipaddr_whitelist path	2017-10-09 16:13:26 +02:00
Jérémy Lecour	9fe76d40da	Let's keep the currently deployed line	2017-10-09 15:57:38 +02:00
Ludovic Poujol	1e68bcb2fc	Nginx: fix missing double quote	2017-10-09 11:56:34 +02:00
Jérémy Lecour	13e1c0486b	"egrep" is deprecated, use "grep -E"	2017-10-08 22:47:03 +02:00
Jérémy Lecour	3d22cbf927	java8: we only need the headless variant	2017-10-08 22:33:49 +02:00
Jérémy Lecour	c4ca8c3764	cleanup with dependencies on java8	2017-10-08 22:31:22 +02:00
Jérémy Lecour	8c1024c23c	No need to add individual users, a group is enough	2017-10-08 14:23:21 +02:00
Jérémy Lecour	a07d1d873a	evolinux-base: bad group for password restrictions	2017-10-08 12:49:55 +02:00
Jérémy Lecour	6984c121c2	evolinux-base/ssh: syntax clarity "X != []" seems better than "not X == []" when the variable name is quite long and even more when we already use "X == []" in a previous condition	2017-10-08 12:48:56 +02:00
Jérémy Lecour	97b0225232	Minifirewall can deal with evomaintenance Each role has to know how to deal with the other. Otherwise, depending on order of execution, the firewall might not allow connections for evomaintenance	2017-10-08 00:00:24 +02:00
Jérémy Lecour	98c5619721	minifirewall: install dependencies in install.yml	2017-10-08 00:00:24 +02:00

1 2 3 4 5 ...

1035 commits