Commit Graph

937 Commits

Author SHA1 Message Date
Jérémy Lecour 97b0225232 Minifirewall can deal with evomaintenance
Each role has to know how to deal with the other.
Otherwise, depending on order of execution, the firewall might not
allow connections for evomaintenance
2017-10-08 00:00:24 +02:00
Jérémy Lecour 98c5619721 minifirewall: install dependencies in install.yml 2017-10-08 00:00:24 +02:00
Jérémy Lecour 64080ead23 evoadmin-web: document root should belong to group too 2017-10-07 23:05:20 +02:00
Jérémy Lecour 2a8e571f04 evoadmin-web: clarify ansible code 2017-10-07 23:04:47 +02:00
Jérémy Lecour 2480088f8b Change DIR_MODE only if adduser.conf is pristine 2017-10-07 22:59:06 +02:00
Jérémy Lecour ccaecf690c proftpd: don't overwrite z-evolinux.conf 2017-10-07 22:57:30 +02:00
Jérémy Lecour 518353268a evolinux-base: logname command doesn't change 2017-10-07 22:56:37 +02:00
Jérémy Lecour 094ad8c28d evolinux-base: improve AllowUsers for current user 2017-10-07 22:17:38 +02:00
Jérémy Lecour c4bdd88e27 evoadmin-web: stay privileged
Becoming an unprivilegied user is problemetic for Ansible.
We continue being root, but change the permissions on created files.
2017-10-07 21:48:00 +02:00
Jérémy Lecour 89fe1561b8 evoadmin-web depends on proftpd 2017-10-07 21:45:46 +02:00
Jérémy Lecour 3a34a78045 evoadmin-web: remove a trailing / 2017-10-07 21:43:36 +02:00
Jérémy Lecour 8e86429ea4 proftpd: enforce permissions on password file 2017-10-07 21:43:05 +02:00
Jérémy Lecour 3e12be6a0c poftpd is compatible with stretch 2017-10-07 21:42:33 +02:00
Jérémy Lecour c4e61a18d4 evolinux-base includes a few external roles
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
2017-10-07 18:13:52 +02:00
Jérémy Lecour dba77f3bbc packweb-apache: dependency on squid and mysql 2017-10-07 18:12:28 +02:00
Jérémy Lecour adade8ae3c formatting 2017-10-07 17:54:25 +02:00
Jérémy Lecour e7e9f9e125 Apache/Nginx: use ipaddr_whitelist 2017-10-07 13:48:04 +02:00
Jérémy Lecour 03bc456dfa evolinux-base: allow ssh for current user
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default
2017-10-07 13:12:03 +02:00
Jérémy Lecour 382d545d0d evolinux-base: fix netextreme device detection 2017-10-07 13:12:03 +02:00
Jérémy Lecour 0e9fab48f5 apache: fix ipaddr_whitelist path 2017-10-07 13:12:03 +02:00
Jérémy Lecour be84ab434e apache: install save_apache_status.sh 2017-10-07 13:12:01 +02:00
Jérémy Lecour 2395777194 apache: no need for server status suffix anymore
The location is restricted, so we don't need to obfuscate
2017-10-07 13:11:25 +02:00
Jérémy Lecour ddeb39b886 apache: phpmyadmin is not managed here anymore 2017-10-07 13:03:43 +02:00
Jérémy Lecour dc3b735445 apache: cleanup munin tasks 2017-10-07 11:54:31 +02:00
Jérémy Lecour 1776b4bc24 Apache: improve munin integration
* ansible syntax
* remove duplicate tasks
* improve tasks names
2017-10-07 11:17:02 +02:00
Jérémy Lecour 3d7a544820 minifirewall: restore default ports
Copied from
https://forge.evolix.org/projects/minifirewall/repository/revisions/master/entry/minifirewall.conf
2017-10-07 10:59:22 +02:00
Benoît S. 9a93e8d449 Merge remote-tracking branch 'origin/unstable' into unstable 2017-10-06 15:45:09 +02:00
Benoît S. 50cba28f7b Merge branch 'apache-munin' into unstable 2017-10-06 15:42:45 +02:00
Jérémy Lecour 7f4eb747de change alert5 only for buster 2017-10-06 15:27:22 +02:00
Jérémy Lecour ed17676432 A real systemd unit for alert5 2017-10-06 15:27:22 +02:00
Jérémy Lecour fedbc5b579 evolinux-users: no need to repeat condition 2017-10-06 12:05:07 +02:00
Jérémy Lecour 2b253e075c Users can be added to secondary groups 2017-10-06 01:06:59 +02:00
Jérémy Lecour f759b849a5 evolinux-users: install many ssh keys if needed 2017-10-06 01:06:59 +02:00
Jérémy Lecour ef93d56799 evolinux-base: better task name for postfix 2017-10-06 01:06:59 +02:00
Jérémy Lecour 7b88393ccf Refactoring of admin-users + evolinux-base roles
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
  to ensure ssh connections are possible for other users before
  cutting root's access
* evomaintenance is also included in evolinux-base to have it available
  when users are created
2017-10-06 01:06:59 +02:00
Jérémy Lecour 116f086b86 drbd: cleanup readme 2017-10-06 01:06:59 +02:00
Jérémy Lecour b180ca432b apt: remove a debug task 2017-10-06 01:06:59 +02:00
Jérémy Lecour 24948cf4fa proftpd: blank vpasswd if missing 2017-10-05 18:46:40 +02:00
Ludovic Poujol 713ca3fbf4 Merge branch 'redis-lpoujol' into unstable 2017-10-05 11:51:02 +02:00
Jérémy Lecour be32fd9a23 Remove useless comments 2017-10-05 00:29:14 +02:00
Jérémy Lecour 622698fb99 Don't disable root access by default
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
2017-10-05 00:29:14 +02:00
Jérémy Lecour ee80235e14 evolinux-base: etc-git is included after apt customization
APT sources must be customized before installing any package
2017-10-04 23:32:27 +02:00
Jérémy Lecour f050608596 evolinux-base/meta: compatible with stretch 2017-10-04 23:31:29 +02:00
Jérémy Lecour d35068cf11 postgresql: forgotten files, sorry 2017-10-04 17:20:33 +02:00
Jérémy Lecour 3f350e7955 nagios: don't overwrite the config file 2017-10-04 17:19:49 +02:00
Jérémy Lecour 72c1bb4834 postgresql: version 9.6 by default
For Jessie we use external repositories
For Stretch we install from Debian repositories
2017-10-04 14:54:46 +02:00
Jérémy Lecour 5ffc94281f evolinux-base: parse fstab with better regex
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
2017-10-04 14:31:01 +02:00
Gregory Colpart 46c1cbd1a4 update title 2017-10-03 23:45:17 +02:00
Ludovic Poujol 27e4512e50 Redis: Ensure that we do not modify munin-node config if there is multiple redis config blocs 2017-10-03 10:21:13 +02:00
Gregory Colpart 3e92696556 Improve evoacme, mainly evoacme.sh script 2017-10-03 00:02:19 +02:00