Alan Orth
101c05d248
web.yml: Only run MariaDB role if it is needed
...
Not all web hosts need this. Some are static sites, for example.
2021-01-01 19:28:40 +02:00
Alan Orth
1b75679496
roles/mariadb: The service is mariadb
2020-12-29 11:25:30 +02:00
Alan Orth
ebf4a4c2ac
roles/mariadb: Disable name lookups
...
Add skip-name-resolve=1 to disable lookups of hostnames to IPs. We
need to make sure all accounts are using IPs like 127.0.0.1 instead
of "localhost" now.
2020-12-29 11:19:01 +02:00
Alan Orth
57a83cef26
roles/mariadb: Tweak temp table size
...
mysqltuner.pl said:
When making adjustments, make tmp_table_size/max_heap_table_size equal
2020-12-29 11:10:31 +02:00
Alan Orth
8ee52143fc
roles/mariadb: Disable the query cache by default
...
It seems that the usefulness of the query cache is diminishing in
recent years. If your cache is large then the time taken to scan
the cache can be longer than the SQL query itself.
See: https://haydenjames.io/mysql-query-cache-size-performance/
2020-12-29 11:07:33 +02:00
Alan Orth
67a18c4f49
roles/mariadb: Reduce key buffer size
...
mysqltuner.pl shows currently 6M out of 33M being used.
2020-12-29 10:58:12 +02:00
Alan Orth
b8428e67a8
roles/mariadb: Install MariaDB 10.5
2020-12-29 10:41:27 +02:00
Alan Orth
e18529e6e1
roles/mariadb: Update service name
...
As of MariaDB 10.5 the service name and binaries have changed from
mysql, mysqld, etc to mariadbd.
See: https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/
2020-12-29 10:40:13 +02:00
Alan Orth
89db1449d1
roles/mariadb: Fetch signing key from mariadb.org
...
I downloaded the key and checked the fingerprint with gpg:
$ gpg --dry-run --import mariadb_release_signing_key.asc
gpg: key F1656F24C74CD1D8: 6 signatures not checked due to missing keys
gpg: Total number processed: 1
2020-12-29 10:36:33 +02:00
Alan Orth
6660a0cd36
roles/mariadb: Remove innodb_buffer_pool_instances
...
This was deprecated in MariaDB 10.5. The setting is now ignored and
will be removed in a future version.
See: https://mariadb.com/kb/en/changes-improvements-in-mariadb-105/#innodb-removed-or-deprecated-variables
2020-12-29 10:18:23 +02:00
Alan Orth
e7d5cb1edb
host_vars/web19: Override root for picturingjordan.com
2020-12-28 22:55:57 +02:00
Alan Orth
73d6abd15f
roles/nginx: Allow sites to override the root
2020-12-28 22:53:32 +02:00
Alan Orth
e1b412bfff
roles/common: Update list of abusive IP addresses
...
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:
$ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
-H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
-e '/:/d' > /tmp/ipv4.txt
I manually add the XML formatting to each file and run them through
tidy:
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-12-23 09:01:08 +02:00
Alan Orth
39994f118c
host_vars/web19: WordPress 5.6
2020-12-22 15:44:01 +02:00
Alan Orth
10b6b11be5
Pipfile.lock: Run pipenv update
2020-12-22 15:35:26 +02:00
Alan Orth
d4fd06862a
roles/nginx: Fix Let's Encrypt pre/post renewal hooks
2020-12-10 15:20:23 +02:00
Alan Orth
d553f80a00
Run pipenv update
2020-12-09 22:47:44 +02:00
Alan Orth
b5921b6b34
host_vars/nomad02: Add drone.io deployment notes
2020-12-09 22:14:52 +02:00
Alan Orth
08aaeb1395
Add host_vars/nomad02
...
To run drone.io
2020-12-09 16:27:47 +02:00
Alan Orth
ae98fc5cf1
host_vars/nomad01: Fix ports
2020-12-09 16:04:24 +02:00
Alan Orth
ca952b6948
host_vars/nomad01: Add notes about deployment
2020-12-09 14:24:56 +02:00
Alan Orth
4862fa33ac
host_vars/nomad01: Add gitea user to ssh_allowed_users
2020-12-08 23:16:10 +02:00
Alan Orth
4edf92fe0d
roles/common: Allow adding extra SSH users
2020-12-08 23:15:51 +02:00
Alan Orth
a105923f4b
host_vars/nomad01: Open TCP 80 and 443
2020-12-08 20:57:59 +02:00
Alan Orth
a49dc82da6
host_vars/nomad01: Add comments
2020-12-08 20:56:56 +02:00
Alan Orth
5055e425be
Add host_vars/nomad01
2020-12-08 20:56:03 +02:00
Alan Orth
66de556d83
Add a "nomads" group of hosts
...
Hosts that I want to run common config stuff like SSH, firewalls,
etc.
2020-12-08 20:55:24 +02:00
Alan Orth
90a8c1c8db
Remove host_vars/web18
...
Replaced by web19 months ago.
2020-12-08 18:52:11 +02:00
Alan Orth
08ae79ae88
Use Python 3.9 in pipenv setup
2020-12-02 11:33:10 +02:00
Alan Orth
776fd7cc76
Pipfile.lock: Update dependencies with pipenv update
2020-11-29 10:31:13 +02:00
Alan Orth
dd2f65947d
roles/common: Update list of abusive IP addresses
...
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:
$ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
-H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
-e '/:/d' > /tmp/ipv4.txt
I manually add the XML formatting to each file and run them through
tidy:
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
$ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-11-06 15:44:57 +02:00
Alan Orth
31ffda5466
Re-create Pipfile
...
Something about upgrading from Ansible 2.9 to 2.10 wasn't working.
2020-11-01 19:04:07 +02:00
Alan Orth
7087d68459
host_vars/web19: WordPress 5.5.3
2020-11-01 19:03:49 +02:00
Alan Orth
d3c2b0559a
Pipfile.lock: Run pipenv update
...
Ansible 2.9.13
2020-09-02 15:31:01 +03:00
Alan Orth
2e77780ae3
host_vars/web19: WordPress 5.5.1
2020-09-02 15:30:42 +03:00
Alan Orth
f4b104953c
roles/common: Use correct Ansible version comparison
...
The major version is "16", not "16.04".
2020-07-27 14:23:58 +03:00
Alan Orth
c9ea286fff
roles/mariadb: Simplify sources.list
2020-07-14 09:51:35 +03:00
Alan Orth
b366b0af3d
roles/nginx: Update version comment
2020-07-14 09:48:12 +03:00
Alan Orth
0c192e6c4a
roles/munin: Remove tomcat config
...
We don't use tomcat here.
2020-07-14 09:47:39 +03:00
Alan Orth
f5b6fa74c6
roles/munin: Use systemd module instead of service
...
All hosts are running systemd.
2020-07-14 09:47:18 +03:00
Alan Orth
dbb4dd7098
roles/php-fpm: Add missing Ubuntu 20.04 PHP-FPM task
2020-07-14 09:45:51 +03:00
Alan Orth
72b8b193b5
Remove support for Debian 9 and Ubuntu 16.04
2020-07-14 09:45:33 +03:00
Alan Orth
539f081d4d
roles/common: Remove storage-specific tweaks
...
We don't have any "storage" group. This was ported from somewhere
else and I didn't notice that code.
2020-07-14 09:10:07 +03:00
Alan Orth
950b949eac
README.md: Update copyright year
2020-07-14 09:04:26 +03:00
Alan Orth
a1f110c8bc
Add PHP 7.4 FPM support
2020-07-13 23:25:32 +03:00
Alan Orth
20ab27e1d2
roles/php-fpm: Fix 7.4 pool config
2020-07-13 23:25:09 +03:00
Alan Orth
7f5499c307
roles/php-fpm: Import config changes for PHP 7.4
2020-07-13 22:37:12 +03:00
Alan Orth
057e98ab47
roles/php-fpm: Import Ubuntu 20.04 PHP 7.4 FPM configs
2020-07-13 22:34:02 +03:00
Alan Orth
5282154d7d
roles/common: Disable Canonical spam in MOTD
2020-06-25 21:12:00 +03:00
Alan Orth
f4da35acee
Pipfile.lock: Run pipenv update
...
Ansible 2.9.10
2020-06-25 20:56:18 +03:00