Commit Graph

847 Commits

Author SHA1 Message Date
9c70ab29e3
roles/nginx: Rename nginx sources.list template
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 13:24:43 +03:00
b214bdfae8
roles/nginx: Add Debian support to nginx sources.list template
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 13:22:36 +03:00
9ad8209fd4
roles/mariadb: Allow MariaDB repo installation on Debian and Ubuntu
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 13:14:46 +03:00
c480075789
roles/common: Use "interface" instead of "alias" to get interface name in firewalld template
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 12:06:47 +03:00
9266d48c9f
roles/common: Separate firewalld tasks for Ubuntu and Debian
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 12:06:25 +03:00
18ca44193d
roles/common: Add sysctl template for Debian hosts
Note: I've only tested this on a Debian container, and you can't
set these sysctls on containers (the host controls them). To make
matters worse, there is no fact to make ansible skip this on hosts
that are running in containers. For now I will just skip it on
hosts that are "virtualization" servers... even though we actually
do have KVM running on Debian on real hardware. *sigh*

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:12:17 +03:00
56df8b38ca roles/common: Use new cron-apt tasks
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:40 +03:00
96fe209843 roles/common: Fix mode on Debian 8 sshd_config
Accidentally added it with 777.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
7519995153 roles/common: Add Debian 8 sshd_config
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
b4310cfc89 Allow Debian hosts to run Ubuntu stuff
Sometimes we mean Ubuntu, other times we mean Debian family. Use
ansible_os_family where we mean Debian family.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
dc24285ec6 roles/common: Use apt_mirror variable in Debian sources
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
28f61d589e roles/common: Add Debian support to sources.list template
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
e15d1be867 roles/common: Add playbook for Debian packages
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
1fc2453703 roles/common: Add firewalld support
Needed in Ubuntu 15.04 where iptables-persistent is going away. I
have added translations of the current IPv4 and IPv6 iptables rules.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
cc3b6d5026 Vagrantfile: Update to vivid (15.04)
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
16a0bb9086 roles/nginx: Use utopic (14.10) nginx builds on 15.04
Upstream hasn't made 15.04 builds yet...

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
9aaad366f5 roles/common: Only add extras repo on Ubuntu 14.04
The Extras repo was discontinued after 14.10 (but the latest we
deploy is 14.04).

See: https://lists.ubuntu.com/archives/technical-board/2015-January/002063.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
e84f777a6b roles/common: Bring Ubuntu 15.04 sshd_config up to date with standards
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
b2dbd138f7 roles/common: Add Ubuntu 15.04 sshd_config
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
68493beba3
roles/common: Reload sshd instead of restarting
No need to restart for a config change.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:01:17 +03:00
8e0a292b1d
roles/common: Move sshd tasks to their own playbook
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:00:43 +03:00
7f929d5b80
roles/common: Remove unused cron-apt files
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-22 23:42:03 +03:00
fc586a2297
roles/common: Adjust cron-apt stuff
- Don't run the static files as templates
- Use a separate playbook for related tasks
- Use a template for security.sources.list

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-22 23:39:22 +03:00
c535cce6a5
host_vars/web05: Upgrade to WordPress 4.3
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-19 22:54:55 +03:00
45bf41dc35
host_vars/web05: Update TLS cert for mjanja.ch
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-17 12:37:22 +03:00
18cca7c203
host_vars/web05: Renew TLS cert for alaninkenya.org
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-15 12:41:45 +03:00
ce1d64ce66
roles/php5-fpm: Hide HTTP X-Powered-By PHP header
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-09 20:10:11 +03:00
b904f65cb1
host_vars/web05: Update WordPress to 4.2.4
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-04 18:44:30 +03:00
e052650443
host_vars/web05: Update to WordPress 4.2.3
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-07-25 12:31:20 +03:00
d8ac5a7914 Merge pull request #21 from oguya/readme-fixes
README.md: Make minor formatting changes
2015-06-28 23:05:15 +03:00
5989a8873e Merge pull request #20 from oguya/limit-roles
Run roles on Ubuntu hosts only
2015-06-28 23:03:04 +03:00
James Oguya
d4b04ca789
README.md: Make minor formatting changes
To enhance readability of long commands, break them into multiple lines
& skip new lines using '\' character.
Use system default libvirt images path & sample preseed file from
ubuntu.com.

Signed-off-by: James Oguya <oguyajames@gmail.com>
2015-06-27 21:35:40 +03:00
James Oguya
95e702e388
Run roles on Ubuntu hosts only
I think it's a good idea to only run/include a role if the remote host
is running Ubuntu OS - doesn't hurt to do an extra check even though
the README clearly assumes so.

Signed-off-by: James Oguya <oguyajames@gmail.com>
2015-06-27 20:50:09 +03:00
75cda0a066
host_vars: Delete old hosts
web01, web02, and web04 are no longer used.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-07 12:44:05 +03:00
6b75d0c87e README.md: Shorten Vagrant text
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:14:40 +03:00
78cb49c88b roles/nginx: Add missing nginx tag to blank vhost task
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:07:50 +03:00
151fb29687 roles/nginx: Add blank vhost
For security and predictability clients should only get a reponse
if they request a hostname we are actually hosting.

If TLS is in use then this will use a self-signed snakeoil cert for
an HTTPS-enabled blank, default vhost.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:07:50 +03:00
8b77fd7f94 roles/nginx: Templatize SSL parameters using role defaults
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:07:50 +03:00
bd4f2ae5b6
README.md: Use simple syntax for code blocks
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-05 18:18:28 +03:00
afa15c9671
README.md: Update instructions for usage with Vagrant
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-05 18:17:13 +03:00
eae33a26d7 Add Vagrantfile
Quickly bring up an Ubuntu 14.04 box then SSH in and add the provisioning
user. Then provision it with ansible like any other machine.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-05 08:34:30 +03:00
b701e9641c
host_vars/web05: Override apt_mirror
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-04 21:59:13 +03:00
ae10677b65
roles/common: Specify default apt_mirror for fallback in sources.list template
New hosts often fail due to not having an apt_mirror, because there
isn't one defined for their group and their host_vars haven't over-
ridden it.

We want new hosts to deploy successfully, so let's just use a default
apt_mirror if there isn't one defined. Rather have a slow mirror than
a failed deployment. And in any case, Linode can download from KENET's
mirror at 10MB/sec. ;)

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-04 21:57:11 +03:00
fe765f5d3a
roles/nginx: Fix TLS cert loop to use the current item
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-01 14:46:06 +03:00
4b74964963
roles/nginx: Do a shallow clone of WordPress git
I realized there was no need to do a full clone when I was working
in a Vagrant environment in a coffee shop with slow Internet. ;)

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-01 14:32:05 +03:00
636d37f5a3
Add miscellaneous playbook to change the provisioning user's password
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-01 14:27:58 +03:00
def8d83d49
roles/munin: Use apt module explicitly
Instead of using dynamic hack to use the package manager for the
current host. We only have Ubuntu here anyways.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-05-26 00:02:43 +03:00
a8f4500567 Add IPv6 support to firewall tasks / template
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-05-25 18:17:23 +03:00
a17cb2a0a0 roles/nginx: Add initial IPv6 support to vhost template
Still need to add ip6tables rules

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-05-25 11:53:57 +03:00
3746e798b6
roles/nginx: Use template for nginx repo
A template is better than ansible's `apt_repository` module because
we can idempotently control the contents of the file based on vari-
ables.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-05-25 00:15:49 +03:00