ansible-personal

Author	SHA1	Message	Date
Alan Orth	250b196bf8	roles/nginx: Add comment for sendfile option From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-12 19:27:56 +02:00
Alan Orth	89bee2e6db	roles/nginx: Add comment for gzip_vary From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-12 19:25:57 +02:00
Alan Orth	27a3ee9651	roles/nginx: Add cache control header for SVG images Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-12 19:17:40 +02:00
Alan Orth	c6cc1f57bb	roles/nginx: Add image/svg+xml to gzip types Google's PageSpeed Insights tool pointed out that the Genericons in WordPress' Jetpack module could be compressed. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-12 19:16:23 +02:00
Alan Orth	926cdf58cf	roles/nginx: keepalive_timeout is in seconds See: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-12 19:02:57 +02:00
Alan Orth	b9a9d415f1	host_vars/web06: Add vars for new Piwik database Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-11 19:09:55 +02:00
Alan Orth	6a3b8f0918	Update some bare variables in with_items loops to use Ansible 2.0 syntax See: https://docs.ansible.com/ansible/porting_guide_2.0.html Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-11 18:53:07 +02:00
Alan Orth	869d7f6c7e	roles/php5-fpm: Disable always_populate_raw_post_data Deprecated in PHP 5.6 and causes problems with Piwik. I'm not sure if WordPress needs this, but I did find some references in its code to $HTTP_RAW_POST_DATA. See: https://secure.php.net/manual/en/migration56.deprecated.php#migration56.deprecated.raw-post-data See: https://www.bram.us/2014/10/26/php-5-6-automatically-populating-http_raw_post_data-is-deprecated-and-will-be-removed-in-a-future-version/ Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-11 18:50:32 +02:00
Alan Orth	c3dc5dc0aa	group_vars/all: Update TLS cipher suite to latest Mozilla "Intermediate" recommendations See: https://wiki.mozilla.org/Security/Server_Side_TLS Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-08 12:45:58 +02:00
Alan Orth	7d61262a76	README.md: Update copyright to 2016 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-02-27 18:45:36 +02:00
Alan Orth	94abbc3cd0	README.md: Update playbook invocation for ansible become See: https://docs.ansible.com/ansible/become.html Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-02-09 16:43:08 +02:00
Alan Orth	237bf50ac7	host_vars/web06: Update to WordPress 4.4.2 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-02-04 18:17:19 +02:00
Alan Orth	ee0621fc20	web.yml: sudo -> become for Ansible 2.0 Some language changed in Ansible 2.0. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-01-12 22:55:58 +02:00
Alan Orth	2da8876caa	host_vars/web06: Update to WordPress 4.4.1 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-01-07 12:37:36 +02:00
Alan Orth	65d4c28396	README.md: Grammar Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-10 00:44:14 +02:00
Alan Orth	43a7039dc9	roles/nginx: Remove "enable_https" config logic Everything is HTTPS now, whether self-signed or otherwise, so it doesn't make sense to have a config switch for this. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-10 00:38:53 +02:00
Alan Orth	940b2720da	Rename nginx_* variables underneath nginx_vhosts It's just deduplication, since it's already obvious that the dict is for nginx-related vars: - nginx_domain_name→domain_name - nginx_domain_aliases→domain_aliases - nginx_enable_https→enable_https - nginx_enable_hsts→enable_hsts Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-10 00:25:44 +02:00
Alan Orth	41547defb9	Finish moving logic and variables from nginx_tls_vhosts to nginx_vhosts Everything is TLS now (whether self-signed or not), so it's pointless to distinguish. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-10 00:14:47 +02:00
Alan Orth	7b9536838c	roles/nginx: Move nginx tls_vhosts.yml to vhosts.yml Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 23:56:50 +02:00
Alan Orth	dc5c09036c	Change pattern from nginx_tls_vhosts→nginx_vhosts All hosts should have TLS now, whether self-signed "snakeoil" certs or otherwise. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 23:54:18 +02:00
Alan Orth	27a4abfcfd	roles/nginx: Add comments about defaults in templates It would be bettwe to set these defaults in the role's defaults, but we can't because they exist in dicts for each of the host's sites. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 23:29:33 +02:00
Alan Orth	86ee36da77	roles/nginx: Clean up template spacing Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 23:25:38 +02:00
Alan Orth	a8005404f1	roles/nginx: Use more consistent naming for per-host nginx options The `enable_https` option in host_vars becomes `nginx_enable_https` to be more consistent with other nginx options used in host_vars. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 23:21:19 +02:00
Alan Orth	1701937006	host_vars/web06: Update to WordPress 4.4 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 11:00:51 +02:00
Alan Orth	178d633794	host_vars/web06: Add HSTS to englishbulgaria.net Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 22:42:41 +02:00
Alan Orth	d80399d152	roles/php5-fpm: Increase memory allocation I added another WordPress blog so I need more memory for caching now. Eventually I wonder if I should deduplicate these somehow... Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 21:08:34 +02:00
Alan Orth	a9cabe693b	host_vars/web06: Add englishbulgaria.net Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 17:47:41 +02:00
Alan Orth	805db6a9ef	roles/mariadb: Create utf8mb4 databases by default This is better for supporting Unicode values in the database, see: https://mathiasbynens.be/notes/mysql-utf8mb4 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 17:27:37 +02:00
Alan Orth	a7094e0964	roles/nginx: Adjust spacing in template Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 17:19:46 +02:00
Alan Orth	98afeddbbf	roles/nginx: Allow using self-signed TLS certs with dev hosts Set `use_snakeoil_cert: 'yes'` in host_vars. This is good for dev hosts where we don't have real domains or real certs. But everything should have TLS. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 17:18:21 +02:00
Alan Orth	4507e20155	roles/nginx: Change owner/group of WordPress folder to nginx after cloning Otherwise stuff like theme and plugin installs won't work. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 16:58:54 +02:00
Alan Orth	60c37821d6	roles/nginx: Only use Linode DNS resolvers for OCSP if it's a linode host Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-11-30 17:40:32 +02:00
Alan Orth	5f71991259	roles/common: Use httpredir.debian.org as default Debian mirror Automatically uses the best mirror for your location, see: http://httpredir.debian.org/demo.html Should be much better than any hardcoded default for most hosts. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-11-30 09:34:16 +02:00
Alan Orth	c0431d4247	Switch HTTPS vhosts to Let's Encrypt certificates For now I generated the certs manually, but in the future the play- book should run the letsencrypt-auto client for us! Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-11-07 20:53:39 +03:00
Alan Orth	13a1889017	roles/mariadb: Upgrade to MariaDB 10.1 10.1 was marked as stable: https://blog.mariadb.org/mariadb-10-1-is-stable-ga/ Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-10-19 21:54:26 +01:00
Alan Orth	229dd499dd	roles/php5-fpm: Remove default www pool Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-27 01:28:47 +03:00
Alan Orth	cb67d6aa40	Rename 'use_https' to 'enable_https' To be consistent with other similar variables. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-27 00:34:40 +03:00
Alan Orth	7cb3adf11c	host_vars/web06: Move HSTS variable to host_vars Moved out of role defaults, as it is really a per-vhost thing. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-27 00:31:01 +03:00
Alan Orth	52dc0c357b	roles/nginx: Add HSTS check to vhost template We need to actually check if HSTS was requested before setting the header in the block handing PHP requests. We check in the main vhost block, but nginx headers are only inherited if you don't set ANY headers in child blocks (ie, headers set in parent blocks are cleared if you set any new ones in the child). Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-27 00:27:41 +03:00
Alan Orth	48978407b8	roles/nginx: Move HTTP Strict Transport Security toggle to vhosts This is really a per-site setting, so it doesn't make sense to have a role default. Anyways, HSTS is kinda tricky and potentially dang- erous, so unless a vhost explicitly sets it to "yes" we shouldn't enable it. Note: also switch from using a boolean to using a string; it is st- ill declarative, but at least now I don't have to guess whether it is being treated as a bool or not. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-27 00:24:58 +03:00
Alan Orth	f098b114d3	README.md: Minor syntax cleanups Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-26 23:37:09 +03:00
Alan Orth	295a9b4924	Remove references to Ubuntu for requirements Now I am doing most of the work on Debian boxes. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-26 23:35:12 +03:00
Alan Orth	f16b143eac	roles/munin: Update munin-node.conf template We actually need to use /var/log/munin for munin-node on Debian too, as that's what is created by the package manager during installation. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-26 23:30:22 +03:00
Alan Orth	24a3724dfe	roles/nginx: Remove spdy_headers_comp It was deprecated when nginx added support for HTTP/2. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-23 18:20:38 +03:00
Alan Orth	a3e71e75d2	roles/nginx: SPDY -> HTTP/2 nginx 1.9.5 mainline adds support for HTTP/2 and deprecates SPDY. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-22 19:40:30 +03:00
Alan Orth	110981d9c3	host_vars/web06: Update to WordPress 4.3.1 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-16 10:32:14 +03:00
Alan Orth	973b37be4e	roles/common: Tweak sshd_config to match NSA Suite B recommendations NSA stopped recommending AES-128 in August, 2015... Before: https://web.archive.org/web/20150403110658/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml After: https://web.archive.org/web/20150815072948/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml I don't see why we shouldn't follow suit; maybe they know something we don't! Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 16:55:51 +03:00
Alan Orth	5c0a7c2c72	group_vars/all: Update TLS cipher suite Use latest Mozilla intermediate suite: https://wiki.mozilla.org/Security/Server_Side_TLS Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 15:11:57 +03:00
Alan Orth	5a92694d5b	host_vars/web06: Remove list of ssh users Only allow access by the provisioning user. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 12:25:24 +03:00
Alan Orth	8b336352d7	roles/common: Only allow ssh access by provisioning user Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-09-02 12:24:11 +03:00

1 2 3 4 5 ...

301 Commits