Ansible roles by Evolix
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jérémy Lecour a84bc70b79 Merge branch 'unstable' into stable 3 years ago
amavis Hot fix: remove .conf suffix because Amavis don't read it! 3 years ago
amazon-ec2 whitespaces 4 years ago
apache apache/nginx/fail2ban: mention ip_whitelist.yml in 3 years ago
apt add name for some fail modules 4 years ago
bind bind: must not be executed in check mode 3 years ago
clamav whitespaces 4 years ago
dhcpd Rename dhcp to dhcpd 4 years ago
docker-host Clean override of docker systemd unit 4 years ago
dovecot dovecot: stronger TLS configuration 3 years ago
drbd Move /usr rw remount into remount-usr role 4 years ago
elasticsearch elasticsearch: fix condition for tmpdir 3 years ago
etc-git etc-git: status cron job is run by root 3 years ago
evoacme Merge branch 'unstable' into stable 3 years ago
evocheck evocheck: update script from upstream 3 years ago
evolinux-base evolinux-base: deploy custom motd if template are present 3 years ago
evolinux-todo evolinux-todo: don't echo "nothing…" when verbosity=0 3 years ago
evolinux-users evolinux-users: add newaliases handler 3 years ago
evomaintenance evomaintenance: FROM domain is configurable 3 years ago
fail2ban apache/nginx/fail2ban: mention ip_whitelist.yml in 3 years ago
filebeat filebeat: cleanup unused code 3 years ago
generate-ldif Add postgresql service to generateldif script 3 years ago
haproxy haproxy: add vars for tls configuration 3 years ago
java java: support for Oracle JRE 3 years ago
jenkins java: support for Oracle JRE 3 years ago
kibana kibana: log messages go to /var/log/kibana/kibana.log 3 years ago
kvm-host kvm-host: install kvm-tools package instead of copying 3 years ago
ldap ldap|nagios-nrpe: use external file for NRPE credentials 4 years ago
listupgrade listupgrade: Add service restart notification for squid 4 years ago
logstash logstash: limit to 512M by default 3 years ago
lxc Fix multiple bugs in lxc role after testing 4 years ago
memcached memcached: improve systemd units management 3 years ago
meta Add meta/main.yml file for ansible galaxy cloning 4 years ago
metricbeat metricbeat: new variables to configure elasticsearch hosts and auth 3 years ago
minifirewall minifirewall: all variables are configurable 3 years ago
mongodb apt module: Use "state: present" instead of "state: installed" 3 years ago
monit minor fix: true -> True 4 years ago
munin add quotes for shell command 3 years ago
mysql mysql: logdir can be customized 3 years ago
mysql-oracle mysql-oracle: remove mysql-apt-config 0.8.10 3 years ago
nagios-nrpe amavis: fix output result checking 3 years ago
nameserver Add nameserver role 4 years ago
networkd-to-ifconfig Add a role to switch from networkd to ifconfig 3 years ago
newrelic apt module: Use "state: present" instead of "state: installed" 3 years ago
nginx apache/nginx/fail2ban: mention ip_whitelist.yml in 3 years ago
nodejs nodejs: extract yarn tasks in a file 4 years ago
ntpd ntpd: Follow the example config given on 4 years ago
opendkim whitespaces 4 years ago
packweb-apache packweb-apache: mod-security config is already included elsewhere 3 years ago
php php: fix php-fpm service name for Stretch 3 years ago
postfix enable SSL/TLS client, cf 3 years ago
postgresql apt module: Use "state: present" instead of "state: installed" 3 years ago
proftpd whitespaces 4 years ago
rabbitmq apt module: Use "state: present" instead of "state: installed" 3 years ago
rbenv rbenv: switch from copy to lineinfile for default gems 3 years ago
redis redis: fix shell for redis users 3 years ago
redmine redmine: use .my.cnf for mysql password 3 years ago
remount-usr remount-usr: mount doesn't report a change 3 years ago
spamassasin * spamassassin: add missing right for amavis 3 years ago
squid squid: better replacement in minifirewall config 3 years ago
ssl ssl: add handler for haproxy reload 3 years ago
supervisord Supervisor: handlers name + tags 4 years ago
tomcat tomcat: better nrpe check output 3 years ago
tomcat-instance whitespaces 4 years ago
unbound unbound: retrieve list of root DNS servers 4 years ago
varnish varnish: Add -F to the sustemd unit to not fork at start 4 years ago
vrrpd Rename role "apt-repositories" to "apt" 4 years ago
webapps Add Nginx support to roundcube role 3 years ago
.gitignore gitignore cleanup 4 years ago Release 9.6.0 3 years ago
LICENSE Add the GPLv2 licence 5 years ago ansible-roles is now only-Linux compatible, and add precision for compatibility (Debian 9 and accidentally Debian 8) 4 years ago
evolix Add an evolix symlink for prefixed roles 4 years ago
java8 java: support for Oracle JRE 3 years ago


A repository for Ansible roles used by Evolix on Debian GNU/Linux 9 (stretch) servers. Few roles are also be compatible with Debian GNU/Linux 8 (jessie) servers.

It contains only roles, everything else is available at


The stable branch contains roles that we consider ready for production.

The unstable branch contains not sufficiently tested roles (or evolutions on existing roles) that we don't consider ready for production yet.

Many feature branches may exist in the repository. They represent "work in progress". They may be used, for testing purposes.

Install and usage

First, check-out the repository :

$ cd ~/GIT/
$ git clone

Then, add its path to your ansible load path :

$ vim ~/.ansible.cfg
roles_path = $HOME/GIT/ansible-roles

Then, include roles in your playbooks :

- hosts: all
  gather_facts: yes
  become: yes
    - etc-git
    - evolinux-base


Contributions are welcome, especially bug fixes and "ansible good practices". They will be merged in if they are consistent with our conventions and use cases. They might be rejected if they introduce complexity, cover features we don't need or don't fit "style".

Before starting anything of importance, we suggest contacting us to discuss what you'd like to add or change.

Our conventions are available in the "ansible-public": repository, in the file.


The ideal and most typical workflow is to create a branch, based on the "unstable" branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into "unstable".

Changes that don't introduce significant changes — or that must go faster that the typical workflow — can be commited directly into "unstable".

Hotfixes, can be prepared on a new branch, based on "stable" or "unstable" (to be decided by the author). When ready, it can be merged back to "stable" for immediate deployment and to "unstable" for proper backporting.

Other workflow are not forbidden, but should be discussed in advance.