evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
2531 commits 76 branches 56 tags 128 MiB
Commit graph

292 commits

Author SHA1 Message Date
Jérémy Lecour 7f4eb747de change alert5 only for buster 2017-10-06 15:27:22 +02:00
Jérémy Lecour ed17676432 A real systemd unit for alert5 2017-10-06 15:27:22 +02:00
Jérémy Lecour ef93d56799 evolinux-base: better task name for postfix 2017-10-06 01:06:59 +02:00
Jérémy Lecour 7b88393ccf Refactoring of admin-users + evolinux-base roles 
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
  to ensure ssh connections are possible for other users before
  cutting root's access
* evomaintenance is also included in evolinux-base to have it available
  when users are created
 2017-10-06 01:06:59 +02:00
Jérémy Lecour be32fd9a23 Remove useless comments 2017-10-05 00:29:14 +02:00
Jérémy Lecour 622698fb99 Don't disable root access by default 
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
 2017-10-05 00:29:14 +02:00
Jérémy Lecour ee80235e14 evolinux-base: etc-git is included after apt customization 
APT sources must be customized before installing any package
 2017-10-04 23:32:27 +02:00
Jérémy Lecour f050608596 evolinux-base/meta: compatible with stretch 2017-10-04 23:31:29 +02:00
Jérémy Lecour 5ffc94281f evolinux-base: parse fstab with better regex 
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
 2017-10-04 14:31:01 +02:00
Benoît S. c1b719f16a Merge branch 'unstable' into 'bash-completion' 
# Conflicts:
#   evolinux-base/tasks/packages.yml
 2017-09-20 15:56:45 +02:00
Jérémy Lecour 3a9b95cedc evolinux-base: fallback with warning for ssh without addresses 2017-09-14 14:26:00 +02:00
Gregory Colpart 06184a44bf remove *ssl_subject vars to avoid errors 2017-09-08 01:26:53 +02:00
Gregory Colpart d4e800a263 enable evoadmin-web link in default site index 2017-09-08 01:26:53 +02:00
Gregory Colpart a074f6488a we use now evolinux-sudo group to set sudo rights 2017-09-08 01:26:53 +02:00
Gregory Colpart 87ef758891 we need force=no for files who will be lineinfile/blockinfile 2017-09-07 02:32:08 +02:00
Gregory Colpart 26b76aed17 review default vhost 2017-09-07 02:31:48 +02:00
Gregory Colpart be4e811c47 phpMyAdmin configuration 2017-09-07 02:26:35 +02:00
Gregory Colpart 4eb891b8b7 use role ntpd in evolinux-base 2017-08-31 03:31:00 +02:00
Gregory Colpart b801c883ac minor fix: true -> True 2017-08-31 03:23:07 +02:00
Gregory Colpart ca4b0d5b1d log2mail need to be started and not restarted each time 2017-08-30 04:07:26 +02:00
Gregory Colpart 859822709d Revert "Fix: openssl req -subj arg need to be "/CN="" because bad var during test 
This reverts commit 8cfa0a6ef2.
 2017-08-30 04:07:26 +02:00
Gregory Colpart 8cfa0a6ef2 Fix: openssl req -subj arg need to be "/CN=" 2017-08-29 02:32:20 +02:00
Gregory Colpart 207a2f6011 Improve distribution verification 2017-08-23 01:49:27 +02:00
Gregory Colpart 5226082db0 evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all 
(will be probably generalized to others modules if needed)
 2017-08-22 01:37:04 +02:00
Benoît S. a95d7893c5 Add a comment about AcceptEnv 2017-08-18 14:37:34 +02:00
Gregory Colpart d82b12b614 fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall) 2017-08-18 04:13:56 +02:00
Gregory Colpart 2bb7367edf standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible 2017-08-18 03:50:30 +02:00
Jérémy Lecour 4b8456c5b7 Fix ssh security policy 2017-08-05 12:13:42 -04:00
Jérémy Lecour db2b418be4 evolinux-base: fix typo in README 2017-08-05 12:13:42 -04:00
Gregory Colpart e212f3043f Set right URL for our custom role 2017-07-23 00:55:23 +02:00
Gregory Colpart bbb0e579a6 Fix #2154 : we don't need lsb-invalid-mta and package is not anymore in stretch 2017-07-22 08:19:14 +02:00
Victor LABORIE 64a134355b evolinux-base: override logmail service 2017-07-19 16:03:36 +02:00
Jérémy Lecour adc3bd7a93 Fix ssh LogLevel 
* the directive can be present but commented
* the version comparison was wrong
 2017-07-19 13:49:08 +02:00
Jérémy Lecour 62fbbd2016 Rename role "apt-repositories" to "apt" 2017-07-19 08:56:46 +02:00
Jérémy Lecour 3e3e1c368e Lighter /root/.vimrc 2017-07-18 20:03:57 +02:00
Jérémy Lecour 388a2c058e Over-simplified /root/.gitconfig 2017-07-18 20:00:20 +02:00
Jérémy Lecour 0c2170cf5c Remove some backups, again 2017-07-18 19:38:03 +02:00
Benoît S. fa3047bdc4 Fix #2198. Purge openntpd 2017-07-17 16:18:10 +02:00
Jérémy Lecour be68f9ac0a remove a few useless "backup: yes" 2017-07-17 14:46:01 +02:00
Gregory Colpart a189b7935b NTPD : Listen only on lo interface by default 2017-07-17 14:21:46 +02:00
Gregory Colpart f78e93e0ff we want always packages ssl-cert et ca-certificates (probably will go to serveur-base package, we will see) 2017-07-13 02:41:12 +02:00
Gregory Colpart ea4ec27f08 Oops, last commit was broken. I think "when: TAG" need always to be boolean, then I patch for that. 2017-07-13 02:20:28 +02:00
Gregory Colpart fcfea428b7 pet commit: remove not ecessary params 2017-07-13 01:18:25 +02:00
Jérémy Lecour e23edbd5f4 this have nothing to do in the previous commit 2017-07-12 10:24:09 +02:00
Jérémy Lecour ce37282feb Effectively change the timezone 2017-07-12 10:23:21 +02:00
Jérémy Lecour a318e6065c Disable new vim defaults 2017-07-12 10:15:47 +02:00
Jérémy Lecour 6514f64a1f Better english 2017-07-12 09:34:46 +02:00
Jérémy Lecour 1cdbcaa5fb Install packages for Stretch and later 2017-07-11 18:43:22 +02:00
Gregory Colpart 12b5d9a97a Fix #2207 : set -L 15 for Cron 2017-07-11 00:42:38 +02:00
Gregory Colpart eab03993d0 improvment, don't touch to /etc/profile and instead use /etc/profile.d/evolinux.sh 2017-07-11 00:29:06 +02:00
Gregory Colpart 05b7588953 no more apt-listchanges in Stretch 2017-07-10 22:17:58 +02:00
Gregory Colpart 0d79db4ed5 Improve dpkg pre / post - invoke 2017-07-10 21:52:57 +02:00
Gregory Colpart 8505ef5b5e exit 0 -> true 2017-07-09 19:59:12 +02:00
Gregory Colpart 0d0937aa4e Use "false" instead of "0" to be more explicit 2017-07-09 19:59:12 +02:00
Jérémy Lecour 0fdc1565a8 Default site CSS slightly beautified 2017-07-06 17:14:29 +02:00
Jérémy Lecour 553025d199 enable server-status in default site 2017-07-06 17:14:29 +02:00
Jérémy Lecour 0e0bc1cbbd Split default vhost into nginx ad apache roles 2017-07-06 17:14:28 +02:00
Jérémy Lecour de37aac243 Don't overwrite default apache vhost 2017-07-06 17:14:27 +02:00
Benoît S. effbfc3189 Be sure to have the bash-completion package 
It is very handy to have this package to have completion of commands like
systemctl.
 2017-07-06 11:58:48 +02:00
Jérémy Lecour bae8961e99 packweb/evoadmin: cleanup 
* extracted tasks
* more variables
* more templates
* less bugs
 2017-07-03 18:23:39 +02:00
Jérémy Lecour 664a926caa evolinux: fix rotate value customization 
with "[0-9]*" too much lines would be changed
 2017-07-03 17:57:00 +02:00
Jérémy Lecour d3af1320c9 SSH: log level to verbose for Stretch and later 2017-06-14 15:53:15 +02:00
Jérémy Lecour 13fccb1f3f Fix Ansible syntax for include_role 2017-06-13 11:45:34 +02:00
Jérémy Lecour 25e017fa28 Add contrib/non-free components for APT sources if needed 2017-06-13 11:21:27 +02:00
Jérémy Lecour 65f91f09b0 Disable warnings for mount commands related to /usr read-only 2017-06-12 15:11:40 +02:00
Jérémy Lecour 4d9961b0f9 evolinux-base: configure apt-repositories role 2017-06-07 09:59:55 +02:00
Victor LABORIE a1c69bdf84 apt-repositories/evolinux-base: fix default sources.list configuration 2017-06-05 11:43:25 +02:00
Jérémy Lecour c66438a2a3 evolinux-base: remount /usr when needed 2017-05-23 14:55:31 +02:00
Jérémy Lecour 6e104d8689 evolinux-base: include_role apt-repositories 2017-05-23 14:55:15 +02:00
Jérémy Lecour 17be773822 Extract Evolix public APT sources 2017-05-21 11:00:46 +02:00
Jérémy Lecour 89d8ac32c4 Non octal notation 
When permissions octal notation doesn't begin with 0, prefer the text
notation.
 2017-05-19 22:46:34 +02:00
Jérémy Lecour e2452cdf6c Don't warn for some known commands 2017-05-19 22:30:51 +02:00
Jérémy Lecour 9fae99f8dc Minor syntax and whitespaces fixes 2017-05-19 22:29:53 +02:00
Jérémy Lecour 23f0b97897 evolinux-base: add logrotate package 
It should be installed by default, but make sure that it is really
present.
 2017-05-18 13:57:30 +02:00
Jérémy Lecour 82c4c9d745 Use apt module with 2.2 option "allow_unauthenticated" 2017-05-16 15:36:46 +02:00
Victor LABORIE 8227e7a617 evolinux-base: add curl and telnet to diagnostic tool 2017-05-02 17:12:08 +02:00
Jérémy Lecour c0d43f72ef evolinx-base: no comma for postfix config 2017-05-02 13:56:20 +02:00
Victor LABORIE 9dfe6fd175 evolinux-base: use fqdn in default postfix config and add handler 2017-04-27 10:51:21 +02:00
Victor LABORIE 0ad39a1be7 evolinux-base: update hostname in default postfix config 2017-04-25 15:50:22 +02:00
Jérémy Lecour 3f09d938eb disable some parts of evolinux-base in tests 2017-04-24 09:46:43 +02:00
Jérémy Lecour 53a1134b6f detect presence of hotplug network interface 2017-04-24 09:46:42 +02:00
Jérémy Lecour eec84fca8a detect absence of acl in filesystem 2017-04-24 09:46:42 +02:00
Jérémy Lecour 2427fcc7f3 Respect hostname variable value 2017-04-24 09:46:42 +02:00
Jérémy Lecour 72d0f6ddc4 No change recorded when updating apt cache 2017-04-24 09:46:42 +02:00
Jérémy Lecour d23d2f6080 evolinux-base: improve the kitchen recipe 
but it's still disabled for the omment
 2017-04-20 15:51:48 +02:00
Jérémy Lecour 47f8f5d75f evolinux-base can't be tested within Docker yet 
because of sshd not being a proper service in the Docker container
 2017-04-20 13:57:11 +02:00
Jérémy Lecour 4c1c0c6c23 [WIP] tests for evolinux-base 2017-04-20 13:48:23 +02:00
Jérémy Lecour fad4b78775 evolinux-base: better regexp for fstab customization 
- we must exclude lines containing a # before the partition name
- it's better to use "not space" (\S) instead of "word character" (\w)
  between the partition name and the fs type
 2017-04-19 10:59:25 +02:00
Jérémy Lecour c30e6b189c evolinux-base: fstab is more customizable 2017-04-05 17:50:50 +02:00
Jérémy Lecour 8ba9c0081a evolinux: finer grained kernel configuration 2017-03-30 15:33:23 +02:00
Jérémy Lecour 4eab8c319a evolinux: custom email for logcheck 2017-03-30 15:32:59 +02:00
Jérémy Lecour 5b2ab0d8d3 Ansible >= 2.2 supported 2017-03-24 14:15:09 +01:00
Jérémy Lecour 294cea44e8 Change mode with leading 0, but still as String 2017-03-23 16:59:43 +01:00
Jérémy Lecour c666099ef8 Evolinux-base: dynamic release name 2017-03-16 16:50:21 +01:00
Benoît S. f3d1f5b04c Fix #2159. Wrong path for cciss-vol-statusd. 2017-03-10 11:24:19 +01:00
Tristan PILAT 78a2fd9830 Fix error in handler 2017-03-08 16:33:23 +01:00
Jérémy Lecour 6ed870e94e Can't dynamically choose module based on version 
If the condition is in a when attribute, the module is still
evaluated. If it doesn't exist in the current verison of Ansible
it will blow up.
 2017-02-09 17:36:49 +01:00
Jérémy Lecour 8920ff1ee4 Add "always_run: yes" where it's pertinent 
There is also the "check_mode: no", but commented,
for when we switch to Ansible 2.2
 2017-01-31 11:45:35 +01:00
Benoît S. e173407baa Typo sysctl vs systemd. 2017-01-18 15:53:43 +01:00
Jérémy Lecour 478e9a8272 replace "state: installed" with "state: present" 2017-01-12 17:37:48 +01:00
Jérémy Lecour 61f5219f48 Improve documentation 
Each role has a README and a meta/main.yml file
 2017-01-05 18:22:06 +01:00
Jérémy Lecour 5a4f838375 Unix mode MUST be a quoted string when using octal notation 2017-01-05 12:03:54 +01:00
Jérémy Lecour 5277f58598 evolinux-base: enable service according to ansible_version 2017-01-05 12:03:53 +01:00
Jérémy Lecour 0ff5467bce add a "reload sshd" handler 2017-01-04 10:21:41 +01:00
Jérémy Lecour e1654414ea evolinux-base: flush handlers at end of each include 2017-01-03 17:02:23 +01:00
Jérémy Lecour 91c8fad950 Extract logrotate configurations in roles 2017-01-03 16:58:19 +01:00
Jérémy Lecour 130e1f2b0e evolinux-base: add conditions for most of tasks 2017-01-03 16:38:04 +01:00
Jérémy Lecour e2460c10d1 evolinux-base: tasks groups disabling 2017-01-03 12:11:01 +01:00
Jérémy Lecour 17ed9bc28e evolinux-base: SSH MatchAddress skips when empty array 2017-01-03 11:44:20 +01:00
Jérémy Lecour ead09ad4e8 evolinux-base: apt upgrade can be disabled 2017-01-03 11:43:31 +01:00
Gregory Colpart 6c5e880938 add slow_transport configuration for Postfix role 
and disable Postfix customization in evolinux-base role
 2017-01-02 01:14:18 +01:00
Jérémy Lecour 5bad738df9 evolinux-base : add some tags 2016-12-30 10:40:59 +01:00
Jérémy Lecour 25e69efd24 evolinux_base: configure /etc/mailname with current FQDN 2016-12-30 10:40:44 +01:00
Jérémy Lecour 8a20ec5ca2 evolinux_base/postfix: add some variables 
* myhostname
* mydestination
* myorigin
 2016-12-30 10:40:18 +01:00
Jérémy Lecour 001d066c38 evolinux-base: add /root/.selected_editor 2016-12-28 17:55:35 +01:00
Daniel Jakots e7287feb3f typo 2016-12-28 10:59:41 -05:00
Jérémy Lecour b7afc859b8 evolinux-base: configure listchanges in packages.yml 2016-12-28 15:15:09 +01:00
Jérémy Lecour 34669fdfd0 evolinux-base: configure tzdata 2016-12-28 15:06:56 +01:00
Gregory Colpart 4f97f17387 evolinux-base: disable deb-src repositories in sources.list 2016-12-27 20:55:17 +01:00
Gregory Colpart 6cdab4e68b evolinux-base: don't use /etc/apt/listchanges.conf before apt-listchanges install 2016-12-27 20:55:11 +01:00
Jérémy Lecour 3f2fe68189 evolinux-base: remove 127.0.1.1 unconditionally 2016-12-27 18:40:24 +01:00
Jérémy Lecour 6517a234d6 evolinux-base: fqdn replacement in /etc/hosts 
If the FQDN changes, it is changed in /etc/hosts instead and not added
 2016-12-27 16:45:46 +01:00
Jérémy Lecour b2c6847019 evolinux-base: apt/listchanges with lineinfile 
Ansible < 2.1 puts an extra space around "="
It might be a problem for APT.

Until we can use Ansible >= 2.1 we use lineinfile instead
even if it less precise (doesn't manage sections)
 2016-12-27 14:44:34 +01:00
Jérémy Lecour 29ea23247d evolinux-base: configure apt/listchanges 2016-12-27 14:33:21 +01:00
Jérémy Lecour b2971d1f7d evolinux-base: add ssh.yml 
* disable root login
* list authorized addresses
* disable AcceptEnv
 2016-12-27 14:04:12 +01:00
Jérémy Lecour 542cc0ef33 evolinux-base: remove aptitude in apt.yml 2016-12-27 14:04:12 +01:00
Jérémy Lecour 497d90519e evolinux-base: don't overwrite alert5 init script 2016-12-26 12:11:46 +01:00
Jérémy Lecour 65b9865510 evolinux-base: copy logorotate files 
there was a syntax error, the source was copied inside the target
 2016-12-26 12:11:46 +01:00
Jérémy Lecour 706d247360 evolinux-base: remove aptitude 2016-12-26 12:11:46 +01:00
Jérémy Lecour 001b58e1fe evolinux-base: fix /var/tmp mount point 2016-12-26 12:11:46 +01:00
Jérémy Lecour dc40993291 Use command instead of shell 2016-12-23 22:45:42 +01:00
Jérémy Lecour 5bc88ae0f0 evolinux-base: fix /tmp rights 2016-12-23 20:05:06 +01:00
Jérémy Lecour 38f962d754 evolinux-base: install apt hooks by default 2016-12-23 16:24:56 +01:00
Jérémy Lecour 7e9065e172 evolinux-base: the locales package might be missing 2016-12-23 14:12:13 +01:00
Jérémy Lecour a0a5920f99 evolinux-base: megacli packages are not authenticated 2016-12-23 14:11:11 +01:00
Jérémy Lecour 9fc56586fe Evolinux-base: group packages 2016-12-21 16:12:31 +01:00
Jérémy Lecour 79792ec0ed Postfix is back into evolinux-base 2016-12-21 16:12:31 +01:00
Jérémy Lecour d6545d91c6 evolinux-base: better check for installed MTA 2016-12-21 16:12:31 +01:00
Jérémy Lecour 01d9b629ec evolinux-base: better variable name 2016-12-21 16:12:31 +01:00
Jérémy Lecour 578a2d423d evolinux-base: finer grained packages management 
* install lsb-invlid-mta if Postfix is not present
* differenciate unauthenticated packages
 2016-12-21 16:12:30 +01:00
Jérémy Lecour c64e89e0d1 evolinux-base: fix variable name 
evolinux_apt_components → evolinux_apt_repositories_components
 2016-12-21 16:12:30 +01:00
Jérémy Lecour c0ab8f99ce Squash: conventions, evolinux, etc-git… 2016-12-21 16:12:30 +01:00