8cb232a765
Pipfile.lock: Run pipenv update
2021-02-07 15:53:10 +02:00
d4ca119265
Pipfile.lock: run pipenv update
...
Minor Ansible update
2021-01-27 11:06:12 +02:00
f72f8c7a8d
host_vars/web19: Remove piwik nginx host
2021-01-06 09:07:41 +02:00
d7fa1697a1
host_vars/web19: Remove piwik database
2021-01-06 09:00:54 +02:00
b0420d2adb
roles: Remove mentions of Piwik
...
I never check the damn analytics stats and the database is huge.
2021-01-06 09:00:18 +02:00
c70ebba151
Add host_vars/web20
2021-01-01 19:55:14 +02:00
ac860e72f2
roles/php-fpm: Only run PHP tasks if we need them
2021-01-01 19:54:12 +02:00
101c05d248
web.yml: Only run MariaDB role if it is needed
...
Not all web hosts need this. Some are static sites, for example.
2021-01-01 19:28:40 +02:00
1b75679496
roles/mariadb: The service is mariadb
2020-12-29 11:25:30 +02:00
ebf4a4c2ac
roles/mariadb: Disable name lookups
...
Add skip-name-resolve=1 to disable lookups of hostnames to IPs. We
need to make sure all accounts are using IPs like 127.0.0.1 instead
of "localhost" now.
2020-12-29 11:19:01 +02:00
57a83cef26
roles/mariadb: Tweak temp table size
...
mysqltuner.pl said:
When making adjustments, make tmp_table_size/max_heap_table_size equal
2020-12-29 11:10:31 +02:00
8ee52143fc
roles/mariadb: Disable the query cache by default
...
It seems that the usefulness of the query cache is diminishing in
recent years. If your cache is large then the time taken to scan
the cache can be longer than the SQL query itself.
See: https://haydenjames.io/mysql-query-cache-size-performance/
2020-12-29 11:07:33 +02:00
67a18c4f49
roles/mariadb: Reduce key buffer size
...
mysqltuner.pl shows currently 6M out of 33M being used.
2020-12-29 10:58:12 +02:00
b8428e67a8
roles/mariadb: Install MariaDB 10.5
2020-12-29 10:41:27 +02:00
e18529e6e1
roles/mariadb: Update service name
...
As of MariaDB 10.5 the service name and binaries have changed from
mysql, mysqld, etc to mariadbd.
See: https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/
2020-12-29 10:40:13 +02:00
89db1449d1
roles/mariadb: Fetch signing key from mariadb.org
...
I downloaded the key and checked the fingerprint with gpg:
$ gpg --dry-run --import mariadb_release_signing_key.asc
gpg: key F1656F24C74CD1D8: 6 signatures not checked due to missing keys
gpg: Total number processed: 1
2020-12-29 10:36:33 +02:00
6660a0cd36
roles/mariadb: Remove innodb_buffer_pool_instances
...
This was deprecated in MariaDB 10.5. The setting is now ignored and
will be removed in a future version.
See: https://mariadb.com/kb/en/changes-improvements-in-mariadb-105/#innodb-removed-or-deprecated-variables
2020-12-29 10:18:23 +02:00
e7d5cb1edb
host_vars/web19: Override root for picturingjordan.com
2020-12-28 22:55:57 +02:00
73d6abd15f
roles/nginx: Allow sites to override the root
2020-12-28 22:53:32 +02:00
e1b412bfff
roles/common: Update list of abusive IP addresses
...
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:
$ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
-H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
-e '/:/d' > /tmp/ipv4.txt
I manually add the XML formatting to each file and run them through
tidy:
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-12-23 09:01:08 +02:00
39994f118c
host_vars/web19: WordPress 5.6
2020-12-22 15:44:01 +02:00
10b6b11be5
Pipfile.lock: Run pipenv update
2020-12-22 15:35:26 +02:00
d4fd06862a
roles/nginx: Fix Let's Encrypt pre/post renewal hooks
2020-12-10 15:20:23 +02:00
d553f80a00
Run pipenv update
2020-12-09 22:47:44 +02:00
b5921b6b34
host_vars/nomad02: Add drone.io deployment notes
2020-12-09 22:14:52 +02:00
08aaeb1395
Add host_vars/nomad02
...
To run drone.io
2020-12-09 16:27:47 +02:00
ae98fc5cf1
host_vars/nomad01: Fix ports
2020-12-09 16:04:24 +02:00
ca952b6948
host_vars/nomad01: Add notes about deployment
2020-12-09 14:24:56 +02:00
4862fa33ac
host_vars/nomad01: Add gitea user to ssh_allowed_users
2020-12-08 23:16:10 +02:00
4edf92fe0d
roles/common: Allow adding extra SSH users
2020-12-08 23:15:51 +02:00
a105923f4b
host_vars/nomad01: Open TCP 80 and 443
2020-12-08 20:57:59 +02:00
a49dc82da6
host_vars/nomad01: Add comments
2020-12-08 20:56:56 +02:00
5055e425be
Add host_vars/nomad01
2020-12-08 20:56:03 +02:00
66de556d83
Add a "nomads" group of hosts
...
Hosts that I want to run common config stuff like SSH, firewalls,
etc.
2020-12-08 20:55:24 +02:00
90a8c1c8db
Remove host_vars/web18
...
Replaced by web19 months ago.
2020-12-08 18:52:11 +02:00
08ae79ae88
Use Python 3.9 in pipenv setup
2020-12-02 11:33:10 +02:00
776fd7cc76
Pipfile.lock: Update dependencies with pipenv update
2020-11-29 10:31:13 +02:00
dd2f65947d
roles/common: Update list of abusive IP addresses
...
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:
$ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
-H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
-e '/:/d' > /tmp/ipv4.txt
I manually add the XML formatting to each file and run them through
tidy:
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-11-06 15:44:57 +02:00
31ffda5466
Re-create Pipfile
...
Something about upgrading from Ansible 2.9 to 2.10 wasn't working.
2020-11-01 19:04:07 +02:00
7087d68459
host_vars/web19: WordPress 5.5.3
2020-11-01 19:03:49 +02:00
d3c2b0559a
Pipfile.lock: Run pipenv update
...
Ansible 2.9.13
2020-09-02 15:31:01 +03:00
2e77780ae3
host_vars/web19: WordPress 5.5.1
2020-09-02 15:30:42 +03:00
f4b104953c
roles/common: Use correct Ansible version comparison
...
The major version is "16", not "16.04".
2020-07-27 14:23:58 +03:00
c9ea286fff
roles/mariadb: Simplify sources.list
2020-07-14 09:51:35 +03:00
b366b0af3d
roles/nginx: Update version comment
2020-07-14 09:48:12 +03:00
0c192e6c4a
roles/munin: Remove tomcat config
...
We don't use tomcat here.
2020-07-14 09:47:39 +03:00
f5b6fa74c6
roles/munin: Use systemd module instead of service
...
All hosts are running systemd.
2020-07-14 09:47:18 +03:00
dbb4dd7098
roles/php-fpm: Add missing Ubuntu 20.04 PHP-FPM task
2020-07-14 09:45:51 +03:00
72b8b193b5
Remove support for Debian 9 and Ubuntu 16.04
2020-07-14 09:45:33 +03:00
539f081d4d
roles/common: Remove storage-specific tweaks
...
We don't have any "storage" group. This was ported from somewhere
else and I didn't notice that code.
2020-07-14 09:10:07 +03:00