evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity
1063 commits 76 branches 57 tags 128 MiB
Commit graph

162 commits

Author SHA1 Message Date
Jérémy Lecour b4e4b14fc6 Invert SSH Match User directives 2017-10-17 10:28:48 +02:00
Jérémy Lecour c77bc14e95 Evolinux: don't remove root from AllowUsers list 2017-10-11 17:58:59 +02:00
Ludovic Poujol 745c45f88d Fix remount_usr_rw/yml 2017-10-11 17:58:18 +02:00
Jérémy Lecour 4bc7635502 Include generate-ldif in evolinux-base 2017-10-11 13:10:15 +02:00
Jérémy Lecour 20e8a852fa Handle "PermitRootLogin prohibit-password" 2017-10-10 23:50:14 +02:00
Jérémy Lecour 707aabb404 evolinux-base : remove root from AllowUsers directive 
when disabling root login, also remove it from AllowUsers if present
 2017-10-10 22:00:28 +02:00
Jérémy Lecour 79e57b7787 evolinux-base: don't disable root ssh by default 2017-10-10 21:58:03 +02:00
Jérémy Lecour bf2cd96793 evolinux-users must not be included as is 
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
 2017-10-10 20:52:49 +02:00
Jérémy Lecour e09a6ace31 evolinux-base: use apt role for all APT configuration 2017-10-10 16:35:23 +02:00
Jérémy Lecour 9fe76d40da Let's keep the currently deployed line 2017-10-09 15:57:38 +02:00
Jérémy Lecour 13e1c0486b "egrep" is deprecated, use "grep -E" 2017-10-08 22:47:03 +02:00
Jérémy Lecour a07d1d873a evolinux-base: bad group for password restrictions 2017-10-08 12:49:55 +02:00
Jérémy Lecour 6984c121c2 evolinux-base/ssh: syntax clarity 
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
 2017-10-08 12:48:56 +02:00
Jérémy Lecour 2480088f8b Change DIR_MODE only if adduser.conf is pristine 2017-10-07 22:59:06 +02:00
Jérémy Lecour 518353268a evolinux-base: logname command doesn't change 2017-10-07 22:56:37 +02:00
Jérémy Lecour 094ad8c28d evolinux-base: improve AllowUsers for current user 2017-10-07 22:17:38 +02:00
Jérémy Lecour c4e61a18d4 evolinux-base includes a few external roles 
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
 2017-10-07 18:13:52 +02:00
Jérémy Lecour adade8ae3c formatting 2017-10-07 17:54:25 +02:00
Jérémy Lecour 03bc456dfa evolinux-base: allow ssh for current user 
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default
 2017-10-07 13:12:03 +02:00
Jérémy Lecour 382d545d0d evolinux-base: fix netextreme device detection 2017-10-07 13:12:03 +02:00
Jérémy Lecour 7f4eb747de change alert5 only for buster 2017-10-06 15:27:22 +02:00
Jérémy Lecour ed17676432 A real systemd unit for alert5 2017-10-06 15:27:22 +02:00
Jérémy Lecour ef93d56799 evolinux-base: better task name for postfix 2017-10-06 01:06:59 +02:00
Jérémy Lecour 7b88393ccf Refactoring of admin-users + evolinux-base roles 
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
  to ensure ssh connections are possible for other users before
  cutting root's access
* evomaintenance is also included in evolinux-base to have it available
  when users are created
 2017-10-06 01:06:59 +02:00
Jérémy Lecour be32fd9a23 Remove useless comments 2017-10-05 00:29:14 +02:00
Jérémy Lecour 622698fb99 Don't disable root access by default 
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
 2017-10-05 00:29:14 +02:00
Jérémy Lecour ee80235e14 evolinux-base: etc-git is included after apt customization 
APT sources must be customized before installing any package
 2017-10-04 23:32:27 +02:00
Jérémy Lecour f050608596 evolinux-base/meta: compatible with stretch 2017-10-04 23:31:29 +02:00
Jérémy Lecour 5ffc94281f evolinux-base: parse fstab with better regex 
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
 2017-10-04 14:31:01 +02:00
Benoît S. c1b719f16a Merge branch 'unstable' into 'bash-completion' 
# Conflicts:
#   evolinux-base/tasks/packages.yml
 2017-09-20 15:56:45 +02:00
Jérémy Lecour 3a9b95cedc evolinux-base: fallback with warning for ssh without addresses 2017-09-14 14:26:00 +02:00
Gregory Colpart 06184a44bf remove *ssl_subject vars to avoid errors 2017-09-08 01:26:53 +02:00
Gregory Colpart d4e800a263 enable evoadmin-web link in default site index 2017-09-08 01:26:53 +02:00
Gregory Colpart a074f6488a we use now evolinux-sudo group to set sudo rights 2017-09-08 01:26:53 +02:00
Gregory Colpart 87ef758891 we need force=no for files who will be lineinfile/blockinfile 2017-09-07 02:32:08 +02:00
Gregory Colpart 26b76aed17 review default vhost 2017-09-07 02:31:48 +02:00
Gregory Colpart be4e811c47 phpMyAdmin configuration 2017-09-07 02:26:35 +02:00
Gregory Colpart 4eb891b8b7 use role ntpd in evolinux-base 2017-08-31 03:31:00 +02:00
Gregory Colpart b801c883ac minor fix: true -> True 2017-08-31 03:23:07 +02:00
Gregory Colpart ca4b0d5b1d log2mail need to be started and not restarted each time 2017-08-30 04:07:26 +02:00
Gregory Colpart 859822709d Revert "Fix: openssl req -subj arg need to be "/CN="" because bad var during test 
This reverts commit 8cfa0a6ef2.
 2017-08-30 04:07:26 +02:00
Gregory Colpart 8cfa0a6ef2 Fix: openssl req -subj arg need to be "/CN=" 2017-08-29 02:32:20 +02:00
Gregory Colpart 207a2f6011 Improve distribution verification 2017-08-23 01:49:27 +02:00
Gregory Colpart 5226082db0 evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all 
(will be probably generalized to others modules if needed)
 2017-08-22 01:37:04 +02:00
Benoît S. a95d7893c5 Add a comment about AcceptEnv 2017-08-18 14:37:34 +02:00
Gregory Colpart d82b12b614 fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall) 2017-08-18 04:13:56 +02:00
Gregory Colpart 2bb7367edf standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible 2017-08-18 03:50:30 +02:00
Jérémy Lecour 4b8456c5b7 Fix ssh security policy 2017-08-05 12:13:42 -04:00
Jérémy Lecour db2b418be4 evolinux-base: fix typo in README 2017-08-05 12:13:42 -04:00
Gregory Colpart e212f3043f Set right URL for our custom role 2017-07-23 00:55:23 +02:00