ansible-personal

Author	SHA1	Message	Date
Alan Orth	81a98596e3	Downgrade TLS configuration to Mozilla's "intermediate" spec From looking at the list of clients who would be allowed to connect when using the "modern" spec, I think I'd be doing more harm than good to use that config right now... https://www.ssllabs.com/ssltest/analyze.html?d=alaninkenya.org https://wiki.mozilla.org/Security/Server_Side_TLS Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-09 21:09:18 +03:00
Alan Orth	d06ddf8a81	roles/nginx: Update TLS vhost task for Ansible > 1.7.1 Seems there is some YAML sublety that causes this syntax to insert double spaces on the destination file... using native YAML hashes are a workaround, see GitHub issues: https://github.com/ansible/ansible/issues/9067 https://github.com/ansible/ansible/issues/9172 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-09 20:57:24 +03:00
Alan Orth	ad8a704470	Update TLS configuration to Mozilla's "modern" spec Details, see: - https://jve.linuxwall.info/blog/index.php?post/2014/10/09/Automated-configuration-analysis-for-Mozilla-s-TLS-guidelines - https://wiki.mozilla.org/Security/Server_Side_TLS Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-09 20:56:08 +03:00
Alan Orth	ad90f7f0fb	roles/nginx: Use HSTS for https vhosts Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-06 10:46:04 +03:00
Alan Orth	06543b10d5	host_vars/web04: Re-generate alaninkenya TLS chain Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-05 15:58:05 +03:00
Alan Orth	fd9c6f31cb	roles/nginx: Add index to munin vhost Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-05 15:47:14 +03:00
Alan Orth	7956a1c6f6	web.yml: Use ubuntu user for now This is the default with OpenStack hosts like Kili.io... Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-05 15:39:12 +03:00
Alan Orth	da2c8fc043	vars/Debian.yml: Switch to KENET Ubuntu mirror Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-05 15:25:45 +03:00
Alan Orth	e741a77c00	roles/common: Add unzip to Ubuntu base packages Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-05 15:21:47 +03:00
Alan Orth	c6ce4e6630	Add host_vars for web04 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-05 13:25:42 +03:00
Alan Orth	ba751625d6	host_vars/web02: Remove anchor from chained TLS cert Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-15 22:00:26 +03:00
Alan Orth	3c4aa85319	host_vars/web02: Update TLS certs for alaninkenya.org Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-14 23:54:00 +03:00
Alan Orth	8362af0a02	Add web02 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-14 22:26:34 +03:00
Alan Orth	6d07af97f3	roles/php5-fpm: Fix php.ini reconfiguration (pathinfo) Use replace instead of lineinfile, addresses GitHub issue #1. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-14 12:34:44 +03:00
Alan Orth	3d3b6c8a3f	roles/php5-fpm: Fix pool creation for vhosts Now loops over both http and https vhosts properly. Fixes GitHub issue #2. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-14 12:19:26 +03:00
Alan Orth	e6ffdf8652	roles/nginx: Update nginx https stuff - re-organize tls vhost configuration - copy TLS cert from host_vars directly to file Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-13 23:16:54 +03:00
Alan Orth	4e4f415acd	vars/Debian.yml: Add vim modeline Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-11 00:14:53 +03:00
Alan Orth	bf25229555	vars/Debian.yml: Switch to Liquid Telecom Ubuntu mirror This should really be in an Ubuntu.yml file... but we currently include it with ansible_os_family, instead of ansible_os_distribution. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-11 00:13:54 +03:00
Alan Orth	dbf3bcfb0c	Add ipsets.yml Contains "ghetto" ipsets which we use in firewall rules etc. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-11 00:12:55 +03:00
Alan Orth	be0e0ea21a	roles/common: Remove irqbalance We're a VM, we don't have IRQs. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-07 23:51:52 +03:00
Alan Orth	2156f8b07d	roles/nginx: Tweaks for vhosts with WordPress My WordPress blogs have a /wordpress subdirectory in the document root, but I don't serve from the /wordpress URI. Technically, all we need is the tweaks to the try_files: - `?args` passes query strings to php5-fpm - removing 404 from the vhost's try_files so we don't return 404 when the requested file doesn't exist (obviously not all request URI's in WordPress are actual files on the disk) Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-07 22:51:34 +03:00
Alan Orth	df65172952	roles/common: Add lrzip to base packages Provides good mix of compression/decompression speed with size, see: http://ck.kolivas.org/apps/lrzip/README.benchmarks Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-07 16:32:06 +03:00
Alan Orth	162197ad25	roles/nginx: Re-work vhost template to support HTTPS Assumes you have a TLS cert for one domain, but not the others, ie: http://blah.com \ http://blah.net -> https://blah.io http://blah.org / Otherwise, without https, it creates a vhost with all domain names. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-06 21:32:37 +03:00
Alan Orth	b6d4f090ec	host_vars/web01: Update WordPress version and vhosts Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-06 20:49:41 +03:00
Alan Orth	05faeecc5d	roles/mariadb: Quote the password in .my.conf template Ansible's mysql module can get this password and connect fine, but `mysql` on the command line chokes if the password is slightly complicated and is not quoted. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-01 12:41:56 +03:00
Alan Orth	5166ebf219	roles/munin: Fix nginx template Accidental syntax error came in when I removed the dns domain Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 22:08:32 +03:00
Alan Orth	ef4a9edbd7	Add host_vars/web01 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 22:08:05 +03:00
Alan Orth	8e1c2c5518	Remove host_vars/.gitignore I'll just use ansible-vault and encrypt it instead. If I had more host_vars this would suck, as you can't grep the vars there... Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 21:37:37 +03:00
Alan Orth	e24464941f	roles/mariadb: Create WordPress db/users when necessary Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 14:29:23 +03:00
Alan Orth	850a6a8da3	roles/mariadb: Add plays for creating WordPress db/users Relies on the host having a dict with appropriate values defined, for example: wordpress_blogs: - site_name: blah.com wordpress_version: 3.9.2 wordpress_db_user: db_user wordpress_db_name: db_name wordpress_db_pass: V9&XvvKu1hYl Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 12:47:30 +03:00
Alan Orth	fafd475f6b	roles/nginx: Add index to vhost config Without this, all requests to directory URIs throw 403 errors due to directory listings not being allowed. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 12:27:24 +03:00
Alan Orth	03d0288a78	web.yml: Remove wordpress role Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 11:26:08 +03:00
Alan Orth	41b1ab79c2	roles/php5-fpm: Update comment Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-28 11:25:35 +03:00
Alan Orth	0b8e0c38bf	roles/nginx: Per-vhost logs Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 20:26:12 +03:00
Alan Orth	5bbec6716c	roles/nginx: Use template to configure nginx vhosts Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 20:03:34 +03:00
Alan Orth	75a705ac87	roles/nginx: Add defaults for nginx role Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 20:02:29 +03:00
Alan Orth	ff95a34605	roles/nginx: Add vim modeline to main.yml Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 20:00:42 +03:00
Alan Orth	0689153bd9	roles/php5-fpm: Use template for pools Each vhost has a separate pool. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 19:48:21 +03:00
Alan Orth	2afa1ef2f3	roles/munin: Remove dns domain Don't really need this, as we only have one server. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 15:57:28 +03:00
Alan Orth	775f0e7f5f	roles/mariadb: Install python bindings for ansible's mysql module Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 15:56:54 +03:00
Alan Orth	9fcdb89261	README.md: Spelling Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 15:24:00 +03:00
Alan Orth	b41b581601	README.md: Revamp and rennovate Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 15:16:29 +03:00
Alan Orth	2c25d8c3e1	Add top-level .gitignore Ignore hosts file. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 15:15:55 +03:00
Alan Orth	f6f0b77a78	Remove hosts file Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 14:54:34 +03:00
Alan Orth	5bcdfdd15a	README.md: Fix ansible-playbook invocation Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 14:49:53 +03:00
Alan Orth	4867a2398f	Add site yml file Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 13:21:00 +03:00
Alan Orth	c6546f37a3	web.yml: Add os_family vars to includes Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 13:20:43 +03:00
Alan Orth	160337bd4d	web.yml: Clean up Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 13:19:14 +03:00
Alan Orth	b45479066b	Rename site.yml to web.yml Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 13:18:27 +03:00
Alan Orth	1e54507b05	group_vars/all: Remove host-specific configs Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-25 11:45:08 +03:00

... 14 15 16 17 18

855 Commits