ansible-personal

Author	SHA1	Message	Date
Alan Orth	24a3724dfe	roles/nginx: Remove spdy_headers_comp It was deprecated when nginx added support for HTTP/2. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-23 18:20:38 +03:00
Alan Orth	a3e71e75d2	roles/nginx: SPDY -> HTTP/2 nginx 1.9.5 mainline adds support for HTTP/2 and deprecates SPDY. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-22 19:40:30 +03:00
Alan Orth	110981d9c3	host_vars/web06: Update to WordPress 4.3.1 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-16 10:32:14 +03:00
Alan Orth	973b37be4e	roles/common: Tweak sshd_config to match NSA Suite B recommendations NSA stopped recommending AES-128 in August, 2015... Before: https://web.archive.org/web/20150403110658/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml After: https://web.archive.org/web/20150815072948/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml I don't see why we shouldn't follow suit; maybe they know something we don't! Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 16:55:51 +03:00
Alan Orth	5c0a7c2c72	group_vars/all: Update TLS cipher suite Use latest Mozilla intermediate suite: https://wiki.mozilla.org/Security/Server_Side_TLS Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 15:11:57 +03:00
Alan Orth	5a92694d5b	host_vars/web06: Remove list of ssh users Only allow access by the provisioning user. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 12:25:24 +03:00
Alan Orth	8b336352d7	roles/common: Only allow ssh access by provisioning user Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 12:24:11 +03:00
Alan Orth	4b18f91438	Remove host_vars/web05 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-01 11:17:24 +03:00
Alan Orth	bc28cd008c	roles/munin: Allow running on Debian hosts Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-01 00:10:16 +03:00
Alan Orth	abbc9f5073	README.md: Increase header sizes The document is its own namespace, so we should just start with H1 tags. When GitHub displays them in the repo view it wraps the read- me in an <article> tag anyways. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-31 23:01:35 +03:00
Alan Orth	90d7f239c0	Add web06 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-31 22:51:17 +03:00
Alan Orth	9c70ab29e3	roles/nginx: Rename nginx sources.list template Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 13:24:43 +03:00
Alan Orth	b214bdfae8	roles/nginx: Add Debian support to nginx sources.list template Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 13:22:36 +03:00
Alan Orth	9ad8209fd4	roles/mariadb: Allow MariaDB repo installation on Debian and Ubuntu Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 13:14:46 +03:00
Alan Orth	c480075789	roles/common: Use "interface" instead of "alias" to get interface name in firewalld template Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 12:06:47 +03:00
Alan Orth	9266d48c9f	roles/common: Separate firewalld tasks for Ubuntu and Debian Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 12:06:25 +03:00
Alan Orth	18ca44193d	roles/common: Add sysctl template for Debian hosts Note: I've only tested this on a Debian container, and you can't set these sysctls on containers (the host controls them). To make matters worse, there is no fact to make ansible skip this on hosts that are running in containers. For now I will just skip it on hosts that are "virtualization" servers... even though we actually do have KVM running on Debian on real hardware. sigh Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:12:17 +03:00
Alan Orth	56df8b38ca	roles/common: Use new cron-apt tasks Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:40 +03:00
Alan Orth	96fe209843	roles/common: Fix mode on Debian 8 sshd_config Accidentally added it with 777. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	7519995153	roles/common: Add Debian 8 sshd_config Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	b4310cfc89	Allow Debian hosts to run Ubuntu stuff Sometimes we mean Ubuntu, other times we mean Debian family. Use ansible_os_family where we mean Debian family. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	dc24285ec6	roles/common: Use apt_mirror variable in Debian sources Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	28f61d589e	roles/common: Add Debian support to sources.list template Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	e15d1be867	roles/common: Add playbook for Debian packages Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	1fc2453703	roles/common: Add firewalld support Needed in Ubuntu 15.04 where iptables-persistent is going away. I have added translations of the current IPv4 and IPv6 iptables rules. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	cc3b6d5026	Vagrantfile: Update to vivid (15.04) Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:39 +03:00
Alan Orth	16a0bb9086	roles/nginx: Use utopic (14.10) nginx builds on 15.04 Upstream hasn't made 15.04 builds yet... Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:38 +03:00
Alan Orth	9aaad366f5	roles/common: Only add extras repo on Ubuntu 14.04 The Extras repo was discontinued after 14.10 (but the latest we deploy is 14.04). See: https://lists.ubuntu.com/archives/technical-board/2015-January/002063.html Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:38 +03:00
Alan Orth	e84f777a6b	roles/common: Bring Ubuntu 15.04 sshd_config up to date with standards Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:38 +03:00
Alan Orth	b2dbd138f7	roles/common: Add Ubuntu 15.04 sshd_config Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:02:38 +03:00
Alan Orth	68493beba3	roles/common: Reload sshd instead of restarting No need to restart for a config change. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:01:17 +03:00
Alan Orth	8e0a292b1d	roles/common: Move sshd tasks to their own playbook Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 00:00:43 +03:00
Alan Orth	7f929d5b80	roles/common: Remove unused cron-apt files Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-22 23:42:03 +03:00
Alan Orth	fc586a2297	roles/common: Adjust cron-apt stuff - Don't run the static files as templates - Use a separate playbook for related tasks - Use a template for security.sources.list Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-22 23:39:22 +03:00
Alan Orth	c535cce6a5	host_vars/web05: Upgrade to WordPress 4.3 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-19 22:54:55 +03:00
Alan Orth	45bf41dc35	host_vars/web05: Update TLS cert for mjanja.ch Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-17 12:37:22 +03:00
Alan Orth	18cca7c203	host_vars/web05: Renew TLS cert for alaninkenya.org Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-15 12:41:45 +03:00
Alan Orth	ce1d64ce66	roles/php5-fpm: Hide HTTP X-Powered-By PHP header Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-09 20:10:11 +03:00
Alan Orth	b904f65cb1	host_vars/web05: Update WordPress to 4.2.4 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-04 18:44:30 +03:00
Alan Orth	e052650443	host_vars/web05: Update to WordPress 4.2.3 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-07-25 12:31:20 +03:00
Alan Orth	d8ac5a7914	Merge pull request #21 from oguya/readme-fixes README.md: Make minor formatting changes	2015-06-28 23:05:15 +03:00
Alan Orth	5989a8873e	Merge pull request #20 from oguya/limit-roles Run roles on Ubuntu hosts only	2015-06-28 23:03:04 +03:00
James Oguya	d4b04ca789	README.md: Make minor formatting changes To enhance readability of long commands, break them into multiple lines & skip new lines using '\' character. Use system default libvirt images path & sample preseed file from ubuntu.com. Signed-off-by: James Oguya <oguyajames@gmail.com>	2015-06-27 21:35:40 +03:00
James Oguya	95e702e388	Run roles on Ubuntu hosts only I think it's a good idea to only run/include a role if the remote host is running Ubuntu OS - doesn't hurt to do an extra check even though the README clearly assumes so. Signed-off-by: James Oguya <oguyajames@gmail.com>	2015-06-27 20:50:09 +03:00
Alan Orth	75cda0a066	host_vars: Delete old hosts web01, web02, and web04 are no longer used. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-07 12:44:05 +03:00
Alan Orth	6b75d0c87e	README.md: Shorten Vagrant text Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-06 00:14:40 +03:00
Alan Orth	78cb49c88b	roles/nginx: Add missing nginx tag to blank vhost task Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-06 00:07:50 +03:00
Alan Orth	151fb29687	roles/nginx: Add blank vhost For security and predictability clients should only get a reponse if they request a hostname we are actually hosting. If TLS is in use then this will use a self-signed snakeoil cert for an HTTPS-enabled blank, default vhost. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-06 00:07:50 +03:00
Alan Orth	8b77fd7f94	roles/nginx: Templatize SSL parameters using role defaults Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-06 00:07:50 +03:00
Alan Orth	bd4f2ae5b6	README.md: Use simple syntax for code blocks Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-05 18:18:28 +03:00

... 12 13 14 15 16 ...

858 Commits