Commit Graph

969 Commits

Author SHA1 Message Date
24ae5eaab1
host_vars/web22: WordPress 6.5.3 2024-05-13 14:51:45 +03:00
dac23f1427
Pipfile: use Python 3.12 2024-05-13 14:51:34 +03:00
41fbc73dd1
host_vars/web22: WordPress 6.4.3 2024-03-20 20:28:13 +03:00
fee794bcf0
Update Pipfile 2024-03-20 20:28:00 +03:00
8bce1d8b1b
host_vars/web22: WordPress 6.4.1 2023-12-02 22:40:06 +03:00
6dc2ea36b6
roles/nginx: fix path to php 8.2 socket 2023-09-11 19:55:24 +03:00
af71a9b5f8
roles/php-fpm: remove fmt strings
Ansible confuses them for jinja2 tokens.
2023-09-11 19:52:18 +03:00
4dd57803e2
roles/php-fpm: fix user/group for php 8.2 configs 2023-09-11 19:51:59 +03:00
18d4245fc0
roles/common: fix tarsnap signing of apt repo 2023-09-11 19:37:49 +03:00
1bddf3cccd
Pipfile.lock: run pipenv update 2023-09-11 18:52:25 +03:00
20dbe61fe1
roles/mariadb: use MariaDB 10.11
The server has already been updated from 10.6 to 10.11.

See: https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/
2023-09-10 22:53:10 +03:00
899e87321b
host_vars/web22: WordPress 6.3.1 2023-09-10 22:44:23 +03:00
06416a3b64
roles: run ansible-lint --write 2023-08-23 22:22:51 +03:00
7a9a24ef5d
roles/common: rework fail2ban again
Actually, we do want to run fail2ban on all hosts because the sshd
monitoring via systemd is nice. At the very least it reduces spam
from failed logins in our systemd journal.
2023-08-23 22:15:24 +03:00
067adcd9f5
roles/common: rework fail2ban tasks
We can only run fail2ban when we have logs to monitor. When a host
is running Caddy we don't have logs, so fail2ban doesn't have any-
thing to monitor out of the box. For now I will restrict the task
to hosts running nginx.
2023-08-23 21:59:28 +03:00
84d210cfab
roles/common: re-format handlers
Use the newer Ansible format.
2023-08-23 21:35:28 +03:00
17736a4f14
roles/common: run ansible-lint --write 2023-08-23 21:33:22 +03:00
b9e91c4a3d
roles/common: minor updates to tarsnap task
Use modern Ansible task format
2023-08-23 21:20:22 +03:00
51c95e5d4c
roles/common: update tarsnap task
Update tarsnap task to use apt signed-by for package signing keys
instead of adding keys directly to apt-key.
2023-08-23 21:18:27 +03:00
8dbec29d2a
roles/nginx: prepare letsencrypt task for Debian 12 2023-08-23 21:01:12 +03:00
d3bf3dab04
roles/php-fpm: add support for PHP 8.2
This is used in Debian 12.
2023-08-23 20:56:35 +03:00
8f50b7756b
host_vars/web22: WordPress 6.3 2023-08-22 21:33:49 +03:00
e86ccc9979
roles/nginx: minor rework of apt key stuff 2023-08-22 21:33:19 +03:00
cea8529f49
Pipfile.lock: run pipenv update 2023-08-22 21:02:17 +03:00
d77718edae
host_vars: add fail2ban_ignoreip 2023-08-14 16:37:07 +02:00
14d57fc477
roles/nginx: reformat main tasks 2023-08-10 22:44:47 +02:00
5c39f1abd8
roles/common: minor changes to Debian sshd_config files 2023-08-10 22:10:04 +02:00
6794eb0432
roles/common: default to disabling SSH passwords 2023-08-10 22:09:03 +02:00
11614e3725
host_vars: replace nomad02 with nomad03
The former is Ubuntu 20.04, the latter is Debian 12. Running Drone
CI.
2023-08-10 08:37:09 +02:00
b106f9d9e5
roles/common: ignore apt sources.list on Scaleway
While testing Debian 12 on Scaleway I noticed their apt sources.list
is in some weird format I've never seen before, so let's skip it on
those hosts.
2023-08-10 08:08:42 +02:00
3c8250e6ac
Pipfile.lock: run pipenv update 2023-08-09 22:07:54 +02:00
d280859b0d
roles/common: minor updates to Debian 11 sshd_config 2023-08-09 21:55:04 +02:00
bca1629d2f
Minor comment updates for Debian 12 2023-08-09 21:51:53 +02:00
4fa82faf18
roles/common: adjust sshd_config for Debian 12
Adjust sshd_config based on ssh-audit profile for OpenSSH 9.2.
2023-08-09 21:27:19 +02:00
b8f0b4b1fb
roles/common: add vanilla sshd_config for Debian 12 2023-08-09 21:16:50 +02:00
68e5d05bbb
host_vars/web22: WordPress 6.2.2 2023-07-27 18:48:37 +03:00
446d402778
roles: minor fix to Debian version comparisons 2023-07-27 18:48:07 +03:00
67379fc2e4
host_vars/web22: WordPress 6.2 2023-05-04 07:10:40 +03:00
73546967b6
Pipfile.lock: run pipenv update 2023-05-04 06:58:25 +03:00
16b661efe1
Pipfile.lock: run pipenv update 2023-04-14 10:09:29 -07:00
fdb9a75489
roles/common: update tarsnap GPG key 2023-04-14 10:09:11 -07:00
232d7a0348
host_vars/web22: WordPress 6.1.1 2022-11-24 18:31:48 +03:00
6e4bb5bc34
host_vars/web21: use caddy 2022-11-13 18:58:57 +03:00
c840ffe018
roles/caddy: improve vhost template
Support domain aliases that redirect to the main domain and allow
sites to say they are static sites where they only need a document
root.
2022-11-13 18:54:03 +03:00
45c9d7ea0a
Pipfile.lock: run pipenv update 2022-11-13 16:50:07 +03:00
a62bc446e8
host_vars/web22: WordPress 6.1 2022-11-06 23:00:41 +03:00
62a6a491db
host_vars/web23: use caddy 2022-11-02 22:30:32 +03:00
4867d6da6a
Add basic caddy role 2022-11-02 22:29:30 +03:00
d9f7c7a93b
group_vars/web: set default webserver to nginx
While I'm still getting experience with caddy and adapting it to my
workloads.
2022-11-02 22:12:36 +03:00
bc8c030700
roles/common: update Tarsnap GPG key 2022-11-02 22:11:37 +03:00