Commit Graph

999 Commits

Author SHA1 Message Date
Jérémy Lecour b7cede7654 Don't add the trap if it is present or commented 2017-10-17 18:07:51 +02:00
Jérémy Lecour beff333a1a Evoacme: big refactoring
* debug messages are sent to stdout
* domains discovery from vhosts is extracted to "vhost-domains"
* fixes suggested by shellcheck
* variables are "local" or "readonly" wherever possible
2017-10-17 14:46:37 +02:00
Victor LABORIE c5844fa193 wordpress: fix summary mail 2017-10-17 11:18:02 +02:00
Victor LABORIE 8f9151c66e wordpress: don't use special caracter in admin password 2017-10-17 11:01:53 +02:00
Victor LABORIE 35f1ec91d8 wordpress: configure site before update it 2017-10-17 11:01:53 +02:00
Jérémy Lecour 71cd04029c Insert "Match User" if missing (Jessie only) 2017-10-17 10:28:49 +02:00
Jérémy Lecour b4e4b14fc6 Invert SSH Match User directives 2017-10-17 10:28:48 +02:00
Victor LABORIE 104a5c962e wordpress: refactoring into role 2017-10-17 10:24:19 +02:00
Victor LABORIE 3b4bf6d13a php: fix right on custom conf files 2017-10-16 17:46:55 +02:00
Jérémy Lecour 1941f9a3f9 evoacme: improve webserver config logic 2017-10-13 17:14:03 +02:00
Jérémy Lecour 2066a79f2e evoacme: exit after certbot in dry-run mode 2017-10-13 17:13:14 +02:00
Jérémy Lecour 350abe5787 evoacme: invert test logic 2017-10-13 14:05:05 +02:00
Jérémy Lecour baa5eae784 evoacme: add many tests 2017-10-13 12:46:40 +02:00
Jérémy Lecour 1c5e5e965b evoacme: fix typo 2017-10-13 12:32:16 +02:00
Jérémy Lecour 06a3965fde whitespaces 2017-10-13 12:30:34 +02:00
Jérémy Lecour 31a19114e5 evoacme: readability of tests
change from :
"what I don't want" && error
to :
"what I want" || error
2017-10-13 12:30:24 +02:00
Jérémy Lecour 9bccbd9496 evoacme: check for readability, not just presence 2017-10-13 12:28:44 +02:00
Jérémy Lecour 3c283d2bb4 evoacme: execute evoacme in cron mode 2017-10-13 12:09:12 +02:00
Jérémy Lecour 0022071462 evoacme: add tests to fail with proper messages 2017-10-13 12:08:47 +02:00
Jérémy Lecour e11958d101 evoacme: fix web servers config check 2017-10-13 11:18:37 +02:00
Jérémy Lecour 6d6d0760cd evoacme: sed cert path after cert creation 2017-10-13 11:18:15 +02:00
Jérémy Lecour 88600039d3 evoacme: daily iterations are not enough 2017-10-13 11:17:32 +02:00
Jérémy Lecour 5e71da94d3 evoacme: fix typo 2017-10-13 11:16:46 +02:00
Jérémy Lecour bced7561c9 make-csr: extract a few functions 2017-10-13 11:16:21 +02:00
Jérémy Lecour fb0c22dfd1 evoacme: refactoring for make-csr
inspired from recent refactoring or evoacme itself
2017-10-13 00:47:02 +02:00
Jérémy Lecour 9fccd7e682 evoacme: improve variables 2017-10-12 18:22:43 +02:00
Jérémy Lecour 65ccc2c0b5 evoacme: use env variables for execution modes 2017-10-12 18:22:06 +02:00
Jérémy Lecour 30434a70d8 evoacme: csr verification is a different function call 2017-10-12 18:20:49 +02:00
Jérémy Lecour 118a9759af evoacme: change function name to be more specific 2017-10-12 18:19:53 +02:00
Jérémy Lecour 3c61484448 evoacme: don't allow uninitialized variables 2017-10-12 18:19:09 +02:00
Victor LABORIE 5e9795435b nginx: fix ip filtering in default vhost 2017-10-12 15:38:07 +02:00
Jérémy Lecour 0d0c21f908 Evoacme: refactoring
* add a lot of variables, to reduce possible typos
* add a lot of debug statements
* add many comments and line breaks for readability
* extract functions for complex openssl commands
* explode the big certbot command into multiple lines
* allow certbot to make test certs (for API query limits)
* allow certbot to run in "dry run" mode
* regroup some lines together when they do related things
2017-10-12 00:29:21 +02:00
Jérémy Lecour 1091dfeeed evolinux-users: Handle "PermitRootLogin prohibit-password" 2017-10-11 22:17:52 +02:00
Victor LABORIE 1c244f556b evoacme: better apache/nginx reload 2017-10-11 18:50:20 +02:00
Victor LABORIE 2dbdfb6600 evoacme: add error and debug function 2017-10-11 18:50:19 +02:00
Jérémy Lecour 9527aff68a apache/nginx: remove compatibility mode 2017-10-11 18:13:15 +02:00
Jérémy Lecour c77bc14e95 Evolinux: don't remove root from AllowUsers list 2017-10-11 17:58:59 +02:00
Jérémy Lecour 8518902ec9 Elasticsearch-head: no need to have a shell 2017-10-11 17:58:59 +02:00
Ludovic Poujol 745c45f88d Fix remount_usr_rw/yml 2017-10-11 17:58:18 +02:00
Jérémy Lecour 4bc7635502 Include generate-ldif in evolinux-base 2017-10-11 13:10:15 +02:00
Jérémy Lecour cca3b2921f Public role for "generate-ldif" 2017-10-11 13:10:15 +02:00
Jérémy Lecour 20e8a852fa Handle "PermitRootLogin prohibit-password" 2017-10-10 23:50:14 +02:00
Jérémy Lecour ae4b9675c2 evolix-users: disable root ssh login by default 2017-10-10 22:01:44 +02:00
Jérémy Lecour 8435ac192d evolinux-users: better detection of AllowUsers 2017-10-10 22:01:12 +02:00
Jérémy Lecour 707aabb404 evolinux-base : remove root from AllowUsers directive
when disabling root login, also remove it from AllowUsers if present
2017-10-10 22:00:28 +02:00
Jérémy Lecour 79e57b7787 evolinux-base: don't disable root ssh by default 2017-10-10 21:58:03 +02:00
Jérémy Lecour bf2cd96793 evolinux-users must not be included as is
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
2017-10-10 20:52:49 +02:00
Jérémy Lecour e09a6ace31 evolinux-base: use apt role for all APT configuration 2017-10-10 16:35:23 +02:00
Jérémy Lecour fae9cd9208 extract APT configuration into apt role 2017-10-10 16:34:53 +02:00
Jérémy Lecour 517c0e672b Nginx: completely rename ipaddr_whitelist 2017-10-10 09:57:29 +02:00