evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity
937 commits 76 branches 57 tags 128 MiB
Commit graph

149 commits

Author SHA1 Message Date
Jérémy Lecour 2480088f8b Change DIR_MODE only if adduser.conf is pristine 2017-10-07 22:59:06 +02:00
Jérémy Lecour 518353268a evolinux-base: logname command doesn't change 2017-10-07 22:56:37 +02:00
Jérémy Lecour 094ad8c28d evolinux-base: improve AllowUsers for current user 2017-10-07 22:17:38 +02:00
Jérémy Lecour c4e61a18d4 evolinux-base includes a few external roles 
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
 2017-10-07 18:13:52 +02:00
Jérémy Lecour adade8ae3c formatting 2017-10-07 17:54:25 +02:00
Jérémy Lecour 03bc456dfa evolinux-base: allow ssh for current user 
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default
 2017-10-07 13:12:03 +02:00
Jérémy Lecour 382d545d0d evolinux-base: fix netextreme device detection 2017-10-07 13:12:03 +02:00
Jérémy Lecour 7f4eb747de change alert5 only for buster 2017-10-06 15:27:22 +02:00
Jérémy Lecour ed17676432 A real systemd unit for alert5 2017-10-06 15:27:22 +02:00
Jérémy Lecour ef93d56799 evolinux-base: better task name for postfix 2017-10-06 01:06:59 +02:00
Jérémy Lecour 7b88393ccf Refactoring of admin-users + evolinux-base roles 
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
  to ensure ssh connections are possible for other users before
  cutting root's access
* evomaintenance is also included in evolinux-base to have it available
  when users are created
 2017-10-06 01:06:59 +02:00
Jérémy Lecour be32fd9a23 Remove useless comments 2017-10-05 00:29:14 +02:00
Jérémy Lecour 622698fb99 Don't disable root access by default 
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
 2017-10-05 00:29:14 +02:00
Jérémy Lecour ee80235e14 evolinux-base: etc-git is included after apt customization 
APT sources must be customized before installing any package
 2017-10-04 23:32:27 +02:00
Jérémy Lecour f050608596 evolinux-base/meta: compatible with stretch 2017-10-04 23:31:29 +02:00
Jérémy Lecour 5ffc94281f evolinux-base: parse fstab with better regex 
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
 2017-10-04 14:31:01 +02:00
Benoît S. c1b719f16a Merge branch 'unstable' into 'bash-completion' 
# Conflicts:
#   evolinux-base/tasks/packages.yml
 2017-09-20 15:56:45 +02:00
Jérémy Lecour 3a9b95cedc evolinux-base: fallback with warning for ssh without addresses 2017-09-14 14:26:00 +02:00
Gregory Colpart 06184a44bf remove *ssl_subject vars to avoid errors 2017-09-08 01:26:53 +02:00
Gregory Colpart d4e800a263 enable evoadmin-web link in default site index 2017-09-08 01:26:53 +02:00
Gregory Colpart a074f6488a we use now evolinux-sudo group to set sudo rights 2017-09-08 01:26:53 +02:00
Gregory Colpart 87ef758891 we need force=no for files who will be lineinfile/blockinfile 2017-09-07 02:32:08 +02:00
Gregory Colpart 26b76aed17 review default vhost 2017-09-07 02:31:48 +02:00
Gregory Colpart be4e811c47 phpMyAdmin configuration 2017-09-07 02:26:35 +02:00
Gregory Colpart 4eb891b8b7 use role ntpd in evolinux-base 2017-08-31 03:31:00 +02:00
Gregory Colpart b801c883ac minor fix: true -> True 2017-08-31 03:23:07 +02:00
Gregory Colpart ca4b0d5b1d log2mail need to be started and not restarted each time 2017-08-30 04:07:26 +02:00
Gregory Colpart 859822709d Revert "Fix: openssl req -subj arg need to be "/CN="" because bad var during test 
This reverts commit 8cfa0a6ef2.
 2017-08-30 04:07:26 +02:00
Gregory Colpart 8cfa0a6ef2 Fix: openssl req -subj arg need to be "/CN=" 2017-08-29 02:32:20 +02:00
Gregory Colpart 207a2f6011 Improve distribution verification 2017-08-23 01:49:27 +02:00
Gregory Colpart 5226082db0 evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all 
(will be probably generalized to others modules if needed)
 2017-08-22 01:37:04 +02:00
Benoît S. a95d7893c5 Add a comment about AcceptEnv 2017-08-18 14:37:34 +02:00
Gregory Colpart d82b12b614 fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall) 2017-08-18 04:13:56 +02:00
Gregory Colpart 2bb7367edf standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible 2017-08-18 03:50:30 +02:00
Jérémy Lecour 4b8456c5b7 Fix ssh security policy 2017-08-05 12:13:42 -04:00
Jérémy Lecour db2b418be4 evolinux-base: fix typo in README 2017-08-05 12:13:42 -04:00
Gregory Colpart e212f3043f Set right URL for our custom role 2017-07-23 00:55:23 +02:00
Gregory Colpart bbb0e579a6 Fix #2154 : we don't need lsb-invalid-mta and package is not anymore in stretch 2017-07-22 08:19:14 +02:00
Victor LABORIE 64a134355b evolinux-base: override logmail service 2017-07-19 16:03:36 +02:00
Jérémy Lecour adc3bd7a93 Fix ssh LogLevel 
* the directive can be present but commented
* the version comparison was wrong
 2017-07-19 13:49:08 +02:00
Jérémy Lecour 62fbbd2016 Rename role "apt-repositories" to "apt" 2017-07-19 08:56:46 +02:00
Jérémy Lecour 3e3e1c368e Lighter /root/.vimrc 2017-07-18 20:03:57 +02:00
Jérémy Lecour 388a2c058e Over-simplified /root/.gitconfig 2017-07-18 20:00:20 +02:00
Jérémy Lecour 0c2170cf5c Remove some backups, again 2017-07-18 19:38:03 +02:00
Benoît S. fa3047bdc4 Fix #2198. Purge openntpd 2017-07-17 16:18:10 +02:00
Jérémy Lecour be68f9ac0a remove a few useless "backup: yes" 2017-07-17 14:46:01 +02:00
Gregory Colpart a189b7935b NTPD : Listen only on lo interface by default 2017-07-17 14:21:46 +02:00
Gregory Colpart f78e93e0ff we want always packages ssl-cert et ca-certificates (probably will go to serveur-base package, we will see) 2017-07-13 02:41:12 +02:00
Gregory Colpart ea4ec27f08 Oops, last commit was broken. I think "when: TAG" need always to be boolean, then I patch for that. 2017-07-13 02:20:28 +02:00
Gregory Colpart fcfea428b7 pet commit: remove not ecessary params 2017-07-13 01:18:25 +02:00