alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
569 Commits 2 Branches 0 Tags
46bbb06527658e4ef78c282ea23e9dc6b48f14f6
Commit Graph

569 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alan Orth
46bbb06527 roles/common: Remove more annoying packages on Ubuntu 
Ubuntu 16.04 and up install a bunch of their technologies that I'm
not using, like lxc, lxd, and snaps.
 2018-12-20 09:31:58 +02:00
Alan Orth
944c99102f host_vars/web17: WordPress 5.0.2 2018-12-20 09:14:55 +02:00
Alan Orth
b8409ee896 host_vars/web17: WordPress 5.0.1 2018-12-14 11:07:20 +03:00
Alan Orth
691deb4fa7 roles/common: Use a persistent systemd journal 
The default systemd journal configuration on CentOS 7 and Ubuntu
16.04 does not keep journal logs for multiple boots. This limits
the usefulness of the journal entirely (for example, try to see
sshd logs from even two or three months ago!).

Changing the storage to "persistent" makes systemd keep the logs
on disk in /var/log/journal for up to 2% of the partition size.
 2018-12-07 23:46:18 +02:00
Alan Orth
9af82972f7 host_vars/web17: WordPress 5.0 2018-12-07 23:28:09 +02:00
Alan Orth
bdf0a19493 Pipfile.lock: pipenv update 2018-12-02 22:30:47 +02:00
Alan Orth
9b8662eb34 Pipfile.lock: Run pipenv update 
Ansible 2.7.1
 2018-10-28 08:35:55 +02:00
Alan Orth
484ea053cf Re-create pipenv with Python 3.7 and reinstall packages 2018-10-25 12:01:30 +03:00
Alan Orth
6eb6ab3070 Pipfile.lock: pipenv update 2018-10-11 08:17:02 +03:00
Alan Orth
f19b987f99 host_vars/web17: Use nginx mainline 
When I deployed this server on Ubuntu 18.04 there were no mainline
nginx builds so I was using stable. Now I see there are builds for
mainline.
 2018-08-29 09:23:18 +03:00
Alan Orth
3006536e86 Update pipenv 
Use Python 3.7 and run pipenv update to lock latest packages.
 2018-08-29 09:09:26 +03:00
Alan Orth
6ef6f51966 Remove more Tor relayor stuff 2018-08-29 09:08:12 +03:00
Alan Orth
7aa6384055 host_vars/web17: WordPress 4.9.8 2018-08-05 11:36:27 +03:00
Alan Orth
da615fb368 roles/mariadb: Update my.cnf template 
Sync from upstream's provided my.cnf.
 2018-07-29 16:43:56 +03:00
Alan Orth
b47f66512d roles/mariadb: Use MariaDB 10.3 
Also disables the fetching of i386 packages because the mirror does
not appear to have them anymore (and I wasn't using them anyways).
 2018-07-29 16:23:24 +03:00
Alan Orth
5d9577bc2d Pipfile.lock: Run pipenv update 2018-07-29 16:13:43 +03:00
Alan Orth
963bf65099 roles/common: Limit number of SSH authentication attempts 
The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.

Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.
 2018-07-23 13:14:54 +03:00
Alan Orth
4f6d02922a Run pipenv update and pipenv sync 2018-07-23 13:10:39 +03:00
Alan Orth
edd55124e8 Pipfile: Upgrade to Ansible 2.6.x 2018-07-23 13:09:00 +03:00
Alan Orth
c21207f704 host_vars/web17: WordPress 4.9.7 2018-07-06 10:45:33 +03:00
Alan Orth
9dfc0a2f1c Pipfile: Pin Ansible < 2.6 
I haven't tested Ansible 2.6 yet.

See: https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.6.html
 2018-07-01 12:00:52 +03:00
Alan Orth
37a7ff4e72 Pipfile.lock: Run pipenv update 2018-06-24 08:59:33 +03:00
Alan Orth
f22b6af273 roles/common: Change mode of SSH public key 2018-05-30 08:32:11 -07:00
Alan Orth
37a88f676b roles/common: Add new SSH public key for aorth 2018-05-30 07:48:38 -07:00
Alan Orth
8f0ce74307 Remove host_vars/web12 2018-05-22 23:27:59 +03:00
Alan Orth
ca15b27789 Add host_vars/web17 2018-05-20 14:58:27 +03:00
Alan Orth
131420be17 roles/common: Add task to copy tarsnaprc 
One less thing to do manually after server provisioning, and there is
nothing sensitive in here anyways.
 2018-05-20 12:51:02 +03:00
Alan Orth
c29d37c159 roles/mariadb: Use German mirror 2018-05-20 12:05:35 +03:00
Alan Orth
05e853d0ad README.md: Add note about Python 2 being installed 2018-05-20 11:46:18 +03:00
Alan Orth
314a33d37c Use official MariaDB builds for Ubuntu bionic 
We had been using the Ubuntu 17.10 "artful" builds for Ubuntu 18.04
"bionic" but there are now official bionic builds.
 2018-05-19 23:12:35 +03:00
Alan Orth
533b9c60e7 Use ansible >= 2.5.1 for pipenv 2018-05-18 17:35:07 +03:00
Alan Orth
073e02f875 host_vars/web12: WordPress 4.9.6 2018-05-18 12:41:50 +03:00
Alan Orth
23073100ce Remove tor-relay stuff 
Harder to run one of these than I thought. Mostly it takes a lot of
bandwidth, and it's probably better to spend the $5/month you'd sp-
end on the VPS by donating $50 to the torservers.net project.
 2018-05-16 09:58:08 +03:00
Alan Orth
2837de4e3f roles/php-fpm: Update defaults 
From latest PHP 7.2 on Ubuntu 18.04's php.ini-production.
 2018-05-15 00:00:27 +03:00
Alan Orth
70abcb2051 roles/php-fpm: Import new php.ini-production 
From latest Ubuntu 18.04 PHP 7.2 package.
 2018-05-14 23:58:45 +03:00
Alan Orth
92e0b67149 Remove relay03 2018-05-13 12:30:41 +03:00
Alan Orth
6e9fa0a213 Add relay03 2018-05-13 10:45:48 +03:00
Alan Orth
207856d587 Remove relay02 2018-05-13 09:25:31 +03:00
Alan Orth
c8f0421ff7 host_vars/relay02: Reduce bandwidth to 75 KBytes 
This is the minimum for Tor relays according to the torrc man page.
 2018-05-13 08:17:20 +03:00
Alan Orth
3a4bd1e5c4 host_vars/relay02: Increase bandwidth to 1 megabit 2018-05-12 23:35:17 +03:00
Alan Orth
142ae35904 host_vars/relay02: Reduce speed to 700 kilobits 2018-05-12 21:58:59 +03:00
Alan Orth
d6340a3c09 README.md: Update todo 2018-05-09 00:06:21 +03:00
Alan Orth
1a9033dece roles/common: Use bionic tarsnap builds on Ubuntu 18.04 
Tarsnap finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
 2018-05-09 00:05:42 +03:00
Alan Orth
42fcd933a8 roles/nginx: Fix Jinja2 logic in apt sources template 2018-05-08 23:53:47 +03:00
Alan Orth
5a8b7f0425 README.md: Update todo 2018-05-08 23:43:54 +03:00
Alan Orth
3f0c45d504 roles/nginx: Force amd64 builds on apt sources 
Avoids the following error in apt:

Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository 'https://nginx.org/packages/ubuntu bionic InRelease' doesn't support architecture 'i386'
 2018-05-08 23:41:25 +03:00
Alan Orth
f5fbc4b8f1 roles/nginx: Use bionic builds on Ubuntu 18.04 
NGINX finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
 2018-05-08 23:39:59 +03:00
Alan Orth
70c279ea81 Add host_vars/relay02 2018-05-07 11:04:38 +03:00
Alan Orth
d4a0dab704 Add netaddr to pipenv configuration 
Required by the ansible-relayor role.
 2018-05-07 11:04:22 +03:00
Alan Orth
42501acb74 Add install instructions for ansible-relayor 
There are several ways to install external roles, ie via ansible-galaxy,
git submodules, etc. I found that adding this role to a requirements.yml
file and adding instructions to the README.md is probably the best way.

Using ansible-galaxy actually had issues because the ansible-relayor git
repository has version tags that use mixed styles, like v0.3.3 and 0.1.0
without a v.
 2018-05-07 10:54:40 +03:00