Jérémy Lecour
ae4b9675c2
evolix-users: disable root ssh login by default
2017-10-10 22:01:44 +02:00
Jérémy Lecour
8435ac192d
evolinux-users: better detection of AllowUsers
2017-10-10 22:01:12 +02:00
Jérémy Lecour
707aabb404
evolinux-base : remove root from AllowUsers directive
...
when disabling root login, also remove it from AllowUsers if present
2017-10-10 22:00:28 +02:00
Jérémy Lecour
79e57b7787
evolinux-base: don't disable root ssh by default
2017-10-10 21:58:03 +02:00
Jérémy Lecour
bf2cd96793
evolinux-users must not be included as is
...
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
2017-10-10 20:52:49 +02:00
Jérémy Lecour
e09a6ace31
evolinux-base: use apt role for all APT configuration
2017-10-10 16:35:23 +02:00
Jérémy Lecour
fae9cd9208
extract APT configuration into apt role
2017-10-10 16:34:53 +02:00
Jérémy Lecour
517c0e672b
Nginx: completely rename ipaddr_whitelist
2017-10-10 09:57:29 +02:00
Jérémy Lecour
2a95325dc6
systemd unit for elasticsearch-head
2017-10-09 17:45:51 +02:00
Jérémy Lecour
9af98e7ebe
ES/head: use https to clone the repository
2017-10-09 16:36:03 +02:00
Jérémy Lecour
ae745d89ff
Nginx: don't overwrite the default vhost
2017-10-09 16:35:38 +02:00
Jérémy Lecour
9798022192
Nginx: fix ipaddr_whitelist path
2017-10-09 16:13:26 +02:00
Jérémy Lecour
9fe76d40da
Let's keep the currently deployed line
2017-10-09 15:57:38 +02:00
Ludovic Poujol
1e68bcb2fc
Nginx: fix missing double quote
2017-10-09 11:56:34 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
3d22cbf927
java8: we only need the headless variant
2017-10-08 22:33:49 +02:00
Jérémy Lecour
c4ca8c3764
cleanup with dependencies on java8
2017-10-08 22:31:22 +02:00
Jérémy Lecour
8c1024c23c
No need to add individual users, a group is enough
2017-10-08 14:23:21 +02:00
Jérémy Lecour
a07d1d873a
evolinux-base: bad group for password restrictions
2017-10-08 12:49:55 +02:00
Jérémy Lecour
6984c121c2
evolinux-base/ssh: syntax clarity
...
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
2017-10-08 12:48:56 +02:00
Jérémy Lecour
97b0225232
Minifirewall can deal with evomaintenance
...
Each role has to know how to deal with the other.
Otherwise, depending on order of execution, the firewall might not
allow connections for evomaintenance
2017-10-08 00:00:24 +02:00
Jérémy Lecour
98c5619721
minifirewall: install dependencies in install.yml
2017-10-08 00:00:24 +02:00
Jérémy Lecour
64080ead23
evoadmin-web: document root should belong to group too
2017-10-07 23:05:20 +02:00
Jérémy Lecour
2a8e571f04
evoadmin-web: clarify ansible code
2017-10-07 23:04:47 +02:00
Jérémy Lecour
2480088f8b
Change DIR_MODE only if adduser.conf is pristine
2017-10-07 22:59:06 +02:00
Jérémy Lecour
ccaecf690c
proftpd: don't overwrite z-evolinux.conf
2017-10-07 22:57:30 +02:00
Jérémy Lecour
518353268a
evolinux-base: logname command doesn't change
2017-10-07 22:56:37 +02:00
Jérémy Lecour
094ad8c28d
evolinux-base: improve AllowUsers for current user
2017-10-07 22:17:38 +02:00
Jérémy Lecour
c4bdd88e27
evoadmin-web: stay privileged
...
Becoming an unprivilegied user is problemetic for Ansible.
We continue being root, but change the permissions on created files.
2017-10-07 21:48:00 +02:00
Jérémy Lecour
89fe1561b8
evoadmin-web depends on proftpd
2017-10-07 21:45:46 +02:00
Jérémy Lecour
3a34a78045
evoadmin-web: remove a trailing /
2017-10-07 21:43:36 +02:00
Jérémy Lecour
8e86429ea4
proftpd: enforce permissions on password file
2017-10-07 21:43:05 +02:00
Jérémy Lecour
3e12be6a0c
poftpd is compatible with stretch
2017-10-07 21:42:33 +02:00
Jérémy Lecour
c4e61a18d4
evolinux-base includes a few external roles
...
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
2017-10-07 18:13:52 +02:00
Jérémy Lecour
dba77f3bbc
packweb-apache: dependency on squid and mysql
2017-10-07 18:12:28 +02:00
Jérémy Lecour
adade8ae3c
formatting
2017-10-07 17:54:25 +02:00
Jérémy Lecour
e7e9f9e125
Apache/Nginx: use ipaddr_whitelist
2017-10-07 13:48:04 +02:00
Jérémy Lecour
03bc456dfa
evolinux-base: allow ssh for current user
...
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant
This is disabled by default
2017-10-07 13:12:03 +02:00
Jérémy Lecour
382d545d0d
evolinux-base: fix netextreme device detection
2017-10-07 13:12:03 +02:00
Jérémy Lecour
0e9fab48f5
apache: fix ipaddr_whitelist path
2017-10-07 13:12:03 +02:00
Jérémy Lecour
be84ab434e
apache: install save_apache_status.sh
2017-10-07 13:12:01 +02:00
Jérémy Lecour
2395777194
apache: no need for server status suffix anymore
...
The location is restricted, so we don't need to obfuscate
2017-10-07 13:11:25 +02:00
Jérémy Lecour
ddeb39b886
apache: phpmyadmin is not managed here anymore
2017-10-07 13:03:43 +02:00
Jérémy Lecour
dc3b735445
apache: cleanup munin tasks
2017-10-07 11:54:31 +02:00
Jérémy Lecour
1776b4bc24
Apache: improve munin integration
...
* ansible syntax
* remove duplicate tasks
* improve tasks names
2017-10-07 11:17:02 +02:00
Jérémy Lecour
3d7a544820
minifirewall: restore default ports
...
Copied from
https://forge.evolix.org/projects/minifirewall/repository/revisions/master/entry/minifirewall.conf
2017-10-07 10:59:22 +02:00
Benoît S.
9a93e8d449
Merge remote-tracking branch 'origin/unstable' into unstable
2017-10-06 15:45:09 +02:00
Benoît S.
50cba28f7b
Merge branch 'apache-munin' into unstable
2017-10-06 15:42:45 +02:00
Jérémy Lecour
7f4eb747de
change alert5 only for buster
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ed17676432
A real systemd unit for alert5
2017-10-06 15:27:22 +02:00