Ansible roles by Evolix
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Ludovic Poujol 4c36fd075c webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined 4 years ago
amavis postfix: always include amavis and opendkim config when packmail 5 years ago
amazon-ec2 amazon-ec2: whitespaces 5 years ago
apache Apache: Don't turn on modsec if it's available on default vhost 4 years ago
apt add name for some fail modules 5 years ago
bind bind: keep 52 weeks of logs 5 years ago
clamav clamav: configure debconf before install packages 5 years ago
dhcpd Rename dhcp to dhcpd 5 years ago
docker-host Clean override of docker systemd unit 5 years ago
dovecot dovecot: login_max_processes_count is obsolete 5 years ago
drbd Move /usr rw remount into remount-usr role 5 years ago
elasticsearch fixup! elasticsearch: RESTART_ON_UPGRADE is configurable 4 years ago
etc-git etc-git: add tags for Ansible 4 years ago
evoacme Show the certificate path when exiting with an error 4 years ago
evocheck evocheck: add tags 5 years ago
evolinux-base evolinux-base: Exec the firewall tasks sooner to avoid dependency issues 4 years ago
evolinux-users evolinux-users: create .profile for evomaintenance if missing 4 years ago
evomaintenance evomaintenance: explicit quotes 5 years ago
fail2ban fail2ban: fix horrible typo, Python is not Ruby 4 years ago
filebeat elastic: option for stack main version 5 years ago
generate-ldif generate-ldif: add clamd service instead of clamav_db 5 years ago
haproxy haproxy: fix Munin plugin dependencies 4 years ago
java8 java8: we only need the headless variant 5 years ago
jenkins jenkins: remember squid whitelist 5 years ago
kibana elastic: option for stack main version 5 years ago
kvm-host Move /usr rw remount into remount-usr role 5 years ago
ldap ldap|nagios-nrpe: use external file for NRPE credentials 4 years ago
listupgrade listupgrade: remount /usr as rw 5 years ago
logstash logstash: fix permissions on pipeline configuration 5 years ago
lxc Fix multiple bugs in lxc role after testing 5 years ago
memcached update title 5 years ago
meta Add meta/main.yml file for ansible galaxy cloning 5 years ago
minifirewall Add to HTTPSITES whitelist 4 years ago
mongodb mongodb: don't overwrite config by default 4 years ago
monit minor fix: true -> True 5 years ago
munin Ensure munin plugins for Postfix are enabled 4 years ago
mysql mysql/mysql-oracle: mysqltuner cron task is executable 4 years ago
mysql-oracle mysql/mysql-oracle: mysqltuner cron task is executable 4 years ago
nagios-nrpe Set +x on theses executables plugins 4 years ago
nameserver Add nameserver role 5 years ago
newrelic Remove dynamic add of whitelist Squid proxy 5 years ago
nginx nginx: package name can be specified (default: nginx-full) 4 years ago
nodejs follow and default to node_8.x version 4 years ago
ntpd Fix #2345 : apply fix for v4 *and* v6 for syntax bug in conf file 5 years ago
opendkim Move /usr rw remount into remount-usr role 5 years ago
packweb-apache packweb-apache can use MySQL from Oracle. 4 years ago
php PHP: Install php-intl module (useful for modern frameworks) 5 years ago
postfix Patch dovecot deliver to handle + sign in address. 4 years ago
postgresql postgresql: use ".j2" extension for jinja templates 4 years ago
proftpd proftpd: update README and CHANGELOG 4 years ago
rabbitmq rabbitmq: add a munin plugin 5 years ago
rbenv Rbenv: use Ruby 2.5 by default 5 years ago
redis Redis: fix typo in shell command 5 years ago
redmine redmine: force xpath < 3.0.0 (for ruby 2.1 support) 5 years ago
remount-usr remount-usr: Add README 5 years ago
spamassasin packmail (postfix + spamassassin): fix cron.d spam and sa-update 5 years ago
squid Squid: Add to default whitelist 4 years ago
supervisord Supervisor: handlers name + tags 5 years ago
tomcat tomcat: compatible with Tomcat7 and Tomcat8 5 years ago
tomcat-instance tomcat-instance: default rng set to /dev/urandom 5 years ago
unbound unbound: retrieve list of root DNS servers 5 years ago
varnish varnish: add a restart handler 5 years ago
vrrpd Rename role "apt-repositories" to "apt" 5 years ago
webapps webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined 4 years ago
.gitignore gitignore cleanup 5 years ago webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined 4 years ago
LICENSE Add the GPLv2 licence 6 years ago ansible-roles is now only-Linux compatible, and add precision for compatibility (Debian 9 and accidentally Debian 8) 5 years ago


A repository for Ansible roles used by Evolix on Debian GNU/Linux 9 (stretch) servers. Few roles are also be compatible with Debian GNU/Linux 8 (jessie) servers.

It contains only roles, everything else is available at


The stable branch contains roles that we consider ready for production.

The unstable branch contains not sufficiently tested roles (or evolutions on existing roles) that we don't consider ready for production yet.

Many feature branches may exist in the repository. They represent "work in progress". They may be used, for testing purposes.

Install and usage

First, check-out the repository :

$ cd ~/GIT/
$ git clone

Then, add its path to your ansible load path :

$ vim ~/.ansible.cfg
roles_path = $HOME/GIT/ansible-roles

Then, include roles in your playbooks :

- hosts: all
  gather_facts: yes
  become: yes
    - etc-git
    - evolinux-base


Contributions are welcome, especially bug fixes and "ansible good practices". They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".

Before starting anything of importance, we suggest contacting us to discuss what you'd like to add or change.

Our conventions are available in the "ansible-public": repository, in the file.


The ideal and most typical workflow is to create a branch, based on the "unstable" branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into "unstable".

Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into "unstable".

Hotfixes, can be prepared on a new branch, based on "stable" or "unstable" (to be decided by the author). When ready, it can be merged back to "stable" for immediate deployment and to "unstable" for proper backporting.

Other workflow are not forbidden, but should be discussed in advance.