Jérémy Lecour
ad3383a510
Install ncurses-term for additional terminal types
...
When connecting to a server from urxvt, the session behaves like one
with xterm.
2018-03-29 16:42:33 +02:00
Ludovic Poujol
3c2443181b
evolinux-base: Exec the firewall tasks sooner to avoid dependency issues
2018-03-15 12:04:35 +01:00
Jérémy Lecour
b634840b42
apache/nginx: server status suffix
2018-01-03 10:05:20 +01:00
Jérémy Lecour
08d544668b
evolinux-base: create /etc/evolinux
2018-01-03 10:05:20 +01:00
Victor LABORIE
f09d93aadb
evolinux-base: purge locate/mlocate by default
2018-01-02 15:11:27 +01:00
Jérémy Lecour
aeba94bcba
default/additional variables
...
List of hosts/ip are a combination of 2 lists allowing overrides
2017-12-20 18:04:54 +01:00
Ludovic Poujol
a2acd250a6
evolinux-base: have default_www files chmoded as 644
2017-12-13 15:44:16 +01:00
Jérémy Lecour
1faf0faa6b
Remove openntpd before installing serveur-base
2017-12-06 00:09:08 +01:00
Jérémy Lecour
5e1268ad65
Install traceroute
2017-12-05 14:42:07 +01:00
Jérémy Lecour
b3f4e4683e
hostname customization needs the dbus package
2017-11-22 14:08:54 +01:00
Jérémy Lecour
b15b06d458
add name for some fail modules
2017-11-21 10:17:46 +01:00
Jérémy Lecour
8ef9554746
Combine evolix and additional trusted IP addresses
2017-11-15 23:57:58 +01:00
Jérémy Lecour
46d70b3cd5
evolnux-base: cache pgp key locally
2017-11-15 11:40:42 +01:00
Victor LABORIE
1c48df025c
Move /usr rw remount into remount-usr role
2017-11-07 13:34:05 +01:00
Ludovic Poujol
3532cb3f2d
evolinux-base: harware tasks. Add http://hwraid.le-vert.net/debian repo
...
on stretch for megacli packages
2017-10-26 15:07:28 +02:00
Jérémy Lecour
b4e4b14fc6
Invert SSH Match User directives
2017-10-17 10:28:48 +02:00
Jérémy Lecour
c77bc14e95
Evolinux: don't remove root from AllowUsers list
2017-10-11 17:58:59 +02:00
Ludovic Poujol
745c45f88d
Fix remount_usr_rw/yml
2017-10-11 17:58:18 +02:00
Jérémy Lecour
4bc7635502
Include generate-ldif in evolinux-base
2017-10-11 13:10:15 +02:00
Jérémy Lecour
20e8a852fa
Handle "PermitRootLogin prohibit-password"
2017-10-10 23:50:14 +02:00
Jérémy Lecour
707aabb404
evolinux-base : remove root from AllowUsers directive
...
when disabling root login, also remove it from AllowUsers if present
2017-10-10 22:00:28 +02:00
Jérémy Lecour
79e57b7787
evolinux-base: don't disable root ssh by default
2017-10-10 21:58:03 +02:00
Jérémy Lecour
bf2cd96793
evolinux-users must not be included as is
...
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
2017-10-10 20:52:49 +02:00
Jérémy Lecour
e09a6ace31
evolinux-base: use apt role for all APT configuration
2017-10-10 16:35:23 +02:00
Jérémy Lecour
9fe76d40da
Let's keep the currently deployed line
2017-10-09 15:57:38 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
a07d1d873a
evolinux-base: bad group for password restrictions
2017-10-08 12:49:55 +02:00
Jérémy Lecour
6984c121c2
evolinux-base/ssh: syntax clarity
...
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
2017-10-08 12:48:56 +02:00
Jérémy Lecour
2480088f8b
Change DIR_MODE only if adduser.conf is pristine
2017-10-07 22:59:06 +02:00
Jérémy Lecour
518353268a
evolinux-base: logname command doesn't change
2017-10-07 22:56:37 +02:00
Jérémy Lecour
094ad8c28d
evolinux-base: improve AllowUsers for current user
2017-10-07 22:17:38 +02:00
Jérémy Lecour
c4e61a18d4
evolinux-base includes a few external roles
...
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
2017-10-07 18:13:52 +02:00
Jérémy Lecour
adade8ae3c
formatting
2017-10-07 17:54:25 +02:00
Jérémy Lecour
03bc456dfa
evolinux-base: allow ssh for current user
...
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant
This is disabled by default
2017-10-07 13:12:03 +02:00
Jérémy Lecour
382d545d0d
evolinux-base: fix netextreme device detection
2017-10-07 13:12:03 +02:00
Jérémy Lecour
7f4eb747de
change alert5 only for buster
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ed17676432
A real systemd unit for alert5
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ef93d56799
evolinux-base: better task name for postfix
2017-10-06 01:06:59 +02:00
Jérémy Lecour
7b88393ccf
Refactoring of admin-users + evolinux-base roles
...
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
to ensure ssh connections are possible for other users before
cutting root's access
* evomaintenance is also included in evolinux-base to have it available
when users are created
2017-10-06 01:06:59 +02:00
Jérémy Lecour
be32fd9a23
Remove useless comments
2017-10-05 00:29:14 +02:00
Jérémy Lecour
622698fb99
Don't disable root access by default
...
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
2017-10-05 00:29:14 +02:00
Jérémy Lecour
ee80235e14
evolinux-base: etc-git is included after apt customization
...
APT sources must be customized before installing any package
2017-10-04 23:32:27 +02:00
Jérémy Lecour
f050608596
evolinux-base/meta: compatible with stretch
2017-10-04 23:31:29 +02:00
Jérémy Lecour
5ffc94281f
evolinux-base: parse fstab with better regex
...
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
2017-10-04 14:31:01 +02:00
Benoît S.
c1b719f16a
Merge branch 'unstable' into 'bash-completion'
...
# Conflicts:
# evolinux-base/tasks/packages.yml
2017-09-20 15:56:45 +02:00
Jérémy Lecour
3a9b95cedc
evolinux-base: fallback with warning for ssh without addresses
2017-09-14 14:26:00 +02:00
Gregory Colpart
06184a44bf
remove *ssl_subject vars to avoid errors
2017-09-08 01:26:53 +02:00
Gregory Colpart
d4e800a263
enable evoadmin-web link in default site index
2017-09-08 01:26:53 +02:00
Gregory Colpart
a074f6488a
we use now evolinux-sudo group to set sudo rights
2017-09-08 01:26:53 +02:00
Gregory Colpart
87ef758891
we need force=no for files who will be lineinfile/blockinfile
2017-09-07 02:32:08 +02:00