alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
965 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

965 Commits

Author SHA1 Message Date
Alan Orth 8bce1d8b1b
host_vars/web22: WordPress 6.4.1 2023-12-02 22:40:06 +03:00
Alan Orth 6dc2ea36b6
roles/nginx: fix path to php 8.2 socket 2023-09-11 19:55:24 +03:00
Alan Orth af71a9b5f8
roles/php-fpm: remove fmt strings 
Ansible confuses them for jinja2 tokens.
 2023-09-11 19:52:18 +03:00
Alan Orth 4dd57803e2
roles/php-fpm: fix user/group for php 8.2 configs 2023-09-11 19:51:59 +03:00
Alan Orth 18d4245fc0
roles/common: fix tarsnap signing of apt repo 2023-09-11 19:37:49 +03:00
Alan Orth 1bddf3cccd
Pipfile.lock: run pipenv update 2023-09-11 18:52:25 +03:00
Alan Orth 20dbe61fe1
roles/mariadb: use MariaDB 10.11 
The server has already been updated from 10.6 to 10.11.

See: https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/
 2023-09-10 22:53:10 +03:00
Alan Orth 899e87321b
host_vars/web22: WordPress 6.3.1 2023-09-10 22:44:23 +03:00
Alan Orth 06416a3b64
roles: run ansible-lint --write 2023-08-23 22:22:51 +03:00
Alan Orth 7a9a24ef5d
roles/common: rework fail2ban again 
Actually, we do want to run fail2ban on all hosts because the sshd
monitoring via systemd is nice. At the very least it reduces spam
from failed logins in our systemd journal.
 2023-08-23 22:15:24 +03:00
Alan Orth 067adcd9f5
roles/common: rework fail2ban tasks 
We can only run fail2ban when we have logs to monitor. When a host
is running Caddy we don't have logs, so fail2ban doesn't have any-
thing to monitor out of the box. For now I will restrict the task
to hosts running nginx.
 2023-08-23 21:59:28 +03:00
Alan Orth 84d210cfab
roles/common: re-format handlers 
Use the newer Ansible format.
 2023-08-23 21:35:28 +03:00
Alan Orth 17736a4f14
roles/common: run ansible-lint --write 2023-08-23 21:33:22 +03:00
Alan Orth b9e91c4a3d
roles/common: minor updates to tarsnap task 
Use modern Ansible task format
 2023-08-23 21:20:22 +03:00
Alan Orth 51c95e5d4c
roles/common: update tarsnap task 
Update tarsnap task to use apt signed-by for package signing keys
instead of adding keys directly to apt-key.
 2023-08-23 21:18:27 +03:00
Alan Orth 8dbec29d2a
roles/nginx: prepare letsencrypt task for Debian 12 2023-08-23 21:01:12 +03:00
Alan Orth d3bf3dab04
roles/php-fpm: add support for PHP 8.2 
This is used in Debian 12.
 2023-08-23 20:56:35 +03:00
Alan Orth 8f50b7756b
host_vars/web22: WordPress 6.3 2023-08-22 21:33:49 +03:00
Alan Orth e86ccc9979
roles/nginx: minor rework of apt key stuff 2023-08-22 21:33:19 +03:00
Alan Orth cea8529f49
Pipfile.lock: run pipenv update 2023-08-22 21:02:17 +03:00
Alan Orth d77718edae
host_vars: add fail2ban_ignoreip 2023-08-14 16:37:07 +02:00
Alan Orth 14d57fc477
roles/nginx: reformat main tasks 2023-08-10 22:44:47 +02:00
Alan Orth 5c39f1abd8
roles/common: minor changes to Debian sshd_config files 2023-08-10 22:10:04 +02:00
Alan Orth 6794eb0432
roles/common: default to disabling SSH passwords 2023-08-10 22:09:03 +02:00
Alan Orth 11614e3725
host_vars: replace nomad02 with nomad03 
The former is Ubuntu 20.04, the latter is Debian 12. Running Drone
CI.
 2023-08-10 08:37:09 +02:00
Alan Orth b106f9d9e5
roles/common: ignore apt sources.list on Scaleway 
While testing Debian 12 on Scaleway I noticed their apt sources.list
is in some weird format I've never seen before, so let's skip it on
those hosts.
 2023-08-10 08:08:42 +02:00
Alan Orth 3c8250e6ac
Pipfile.lock: run pipenv update 2023-08-09 22:07:54 +02:00
Alan Orth d280859b0d
roles/common: minor updates to Debian 11 sshd_config 2023-08-09 21:55:04 +02:00
Alan Orth bca1629d2f
Minor comment updates for Debian 12 2023-08-09 21:51:53 +02:00
Alan Orth 4fa82faf18
roles/common: adjust sshd_config for Debian 12 
Adjust sshd_config based on ssh-audit profile for OpenSSH 9.2.
 2023-08-09 21:27:19 +02:00
Alan Orth b8f0b4b1fb
roles/common: add vanilla sshd_config for Debian 12 2023-08-09 21:16:50 +02:00
Alan Orth 68e5d05bbb
host_vars/web22: WordPress 6.2.2 2023-07-27 18:48:37 +03:00
Alan Orth 446d402778
roles: minor fix to Debian version comparisons 2023-07-27 18:48:07 +03:00
Alan Orth 67379fc2e4
host_vars/web22: WordPress 6.2 2023-05-04 07:10:40 +03:00
Alan Orth 73546967b6
Pipfile.lock: run pipenv update 2023-05-04 06:58:25 +03:00
Alan Orth 16b661efe1
Pipfile.lock: run pipenv update 2023-04-14 10:09:29 -07:00
Alan Orth fdb9a75489
roles/common: update tarsnap GPG key 2023-04-14 10:09:11 -07:00
Alan Orth 232d7a0348
host_vars/web22: WordPress 6.1.1 2022-11-24 18:31:48 +03:00
Alan Orth 6e4bb5bc34
host_vars/web21: use caddy 2022-11-13 18:58:57 +03:00
Alan Orth c840ffe018
roles/caddy: improve vhost template 
Support domain aliases that redirect to the main domain and allow
sites to say they are static sites where they only need a document
root.
 2022-11-13 18:54:03 +03:00
Alan Orth 45c9d7ea0a
Pipfile.lock: run pipenv update 2022-11-13 16:50:07 +03:00
Alan Orth a62bc446e8
host_vars/web22: WordPress 6.1 2022-11-06 23:00:41 +03:00
Alan Orth 62a6a491db
host_vars/web23: use caddy 2022-11-02 22:30:32 +03:00
Alan Orth 4867d6da6a
Add basic caddy role 2022-11-02 22:29:30 +03:00
Alan Orth d9f7c7a93b
group_vars/web: set default webserver to nginx 
While I'm still getting experience with caddy and adapting it to my
workloads.
 2022-11-02 22:12:36 +03:00
Alan Orth bc8c030700
roles/common: update Tarsnap GPG key 2022-11-02 22:11:37 +03:00
Alan Orth f7598d8f1c
Pipfile.lock: run pipenv update 2022-11-02 20:50:59 +03:00
Alan Orth c353e84a84
site.yml: use fully-qualified modules 2022-10-25 21:08:27 +03:00
Alan Orth 99ca23f258
Pipfile.lock: run pipenv update 2022-10-17 19:56:30 +03:00
Alan Orth b663d27fd8
roles/common: rework firewall_Debian.yml playbook 
Use newer Ansible task format, move from apt to package module, and
do package installs in one transaction using a list instead of a
loop.
 2022-09-12 17:25:40 +03:00