alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
843 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

843 Commits

Author SHA1 Message Date
Alan Orth 0b8f82ba12
Remove web17 2019-09-26 18:11:20 +03:00
Alan Orth a488972729
README.md: Update notes for Debian 10 2019-09-16 15:02:11 +03:00
Alan Orth eb7998fd12
roles/nginx: Fix hardcoded "stretch" release in sources 
This was causing the stretch version to get installed on buster, w-
hich led to the cipher suite and ssl protocol support to behave st-
rangeley.
 2019-09-15 16:03:17 +03:00
Alan Orth 1ec6d07232
roles/nginx: Fix php7.3-fpm socket location on Debian 10 2019-09-15 15:55:42 +03:00
Alan Orth 2740f050fc
roles/common: Increase ssh MaxAuthTries from 3 to 4 
If a user has RSA, ECDSA, and ED25519 private keys present on their
system then the ssh client will offer all of these to the server
and they may not get a chance to try password auth before it fails.
 2019-09-15 15:17:00 +03:00
Alan Orth cf16264f53
roles/common: Update sshd_config template for Debian 10 
It seems I had imported the stock one from a default install, but I
never configured it.
 2019-09-15 15:15:30 +03:00
Alan Orth cbdd779af0
roles/common: Remove lzop and lrzip from packages 
zstd is a much better all-purpose compression utility.
 2019-09-15 13:23:52 +03:00
Alan Orth 4faeb79b5c
roles/common: Add zstd to base packages 2019-09-14 20:36:40 +03:00
Alan Orth a7231bcf5f
roles/mariadb: Remove login_unix_socket from .my.cnf 
It is causing an error at client runtime.
 2019-09-14 18:32:26 +03:00
Alan Orth d55b1d1cd1
host_vars/web18: WordPress 5.2.3 2019-09-14 18:27:31 +03:00
Alan Orth 7b3de0ef0f
host_vars/web17: WordPress 5.2.3 2019-09-14 18:08:04 +03:00
Alan Orth 240b0c5954
Pipfile.lock: Run pipenv update 
Brings Ansible 2.8.5, among other things.
 2019-09-13 22:17:38 +03:00
Alan Orth 43715dd392
roles/common: Use stable tarsnap 2019-09-13 22:14:49 +03:00
Alan Orth 7551b803f6
roles/common: Use iptables 1.8.3 on Debian Buster 
There is a bug in iptables 1.8.2 in Debian 10 "Buster" that causes
firewalld to fail when restoring rules. The bug has been fixed in
iptables 1.8.3, which is currently in buster-backports.

See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914694
 2019-08-01 15:36:15 +03:00
Alan Orth 5d0648a360
Add web18 
New server running Debian 10 to replace web17.
 2019-07-23 18:47:21 +03:00
Alan Orth b59f7c0702
roles/nginx: Update certbot dependencies for Debian 10 
Taken after a clean Debian 10 install on Linode.
 2019-07-23 18:38:33 +03:00
Alan Orth 0bff851311
roles/php-fpm: Fix Ansible template parsing issue 
Remove time formatting strings because Ansible errors when trying
to parse them, even though we are not using them!
 2019-07-23 18:32:27 +03:00
Alan Orth 2d98d70e02
Update nginx cipher suite and TLS protocols 
Use latest Mozilla "intermediate" TLS settings. This configuration
works on (at least) Ubuntu 18.04 and Debian 10.

See: https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.2&config=intermediate&openssl-version=1.1.1
 2019-07-23 17:53:22 +03:00
Alan Orth 2fadb9029a
roles/mariadb: Use Unix socket for MariaDB tasks 
Otherwise Ansible fails due to PyMySQL using a TCP connection.

See: https://github.com/ansible/ansible/issues/47736
 2019-07-23 17:26:23 +03:00
Alan Orth 7d8457e5b3
roles/common: Remove old SSH public key 2019-07-23 16:07:39 +03:00
Alan Orth c148da73e7
roles/common: Use experimental Tarsnap on Debian buster 
Tarsnap currently provides experimental packages for Debian Buster.

See: https://www.tarsnap.com/pkg-deb.html#experimental
 2019-07-19 12:07:27 +03:00
Alan Orth e124cac945
roles/nginx: Adjust formatting of apt sources template 2019-07-08 18:44:21 +03:00
Alan Orth 70e736bdc5
roles/nginx: Use buster builds 
nginx.org has buster builds now.
 2019-07-08 18:43:43 +03:00
Alan Orth ca293289aa
roles/nginx: Fix logic error in apt sources template 2019-07-07 17:59:00 +03:00
Alan Orth 372eb26450
host_vars/web17: WordPress 5.2.2 2019-07-07 17:58:40 +03:00
Alan Orth c843ce1de5
README.md: Update copyright year 2019-07-07 16:07:16 +03:00
Alan Orth 03e2abc4fb roles/common: Install gnupg2 on Debian 
Needed by Ansible to add and verify apt package signing keys.
 2019-07-07 15:52:25 +03:00
Alan Orth 12b6f3aaa2
roles/common: Don't ignore errors on Tarsnap key add 
It turns out that I had the wrong key ID so it's no wonder this was
failing...
 2019-07-07 15:51:04 +03:00
Alan Orth 704b02ce0a
roles/common: Fix tarsnap package key 
For some reason the key ID I had here was wrong. According to the
Tarsnap website the key ID is 0x6D97F5A4CA38CF33.

ee: https://www.tarsnap.com/pkg-deb.html
 2019-07-07 15:49:45 +03:00
Alan Orth 709a947987
Merge branch 'debian10' 2019-07-06 21:43:41 +03:00
Alan Orth 3b95730417
roles/common: Synchronize Debian package task with Ubuntu 2019-07-06 21:36:04 +03:00
Alan Orth 10200e52ab
roles/common: Use a fact for base packages on Debian 
This is safer and ends up being faster because all packages get in-
stalled in one apt transaction.
 2019-07-06 21:31:59 +03:00
Alan Orth 460c1df65b roles/php-fpm: Update for PHP 7.3 in Debian 10 2019-07-06 21:16:19 +03:00
Alan Orth 5fe583541a roles/nginx: Set Let's Encrypt packages for Debian 10 
Taken from the list of packages that the certbot-auto script wants
to bootstrap on a fresh Debian 10 "buster" install.
 2019-07-06 21:16:19 +03:00
Alan Orth 619f536cd8 roles/nginx: Use Debian 9 "stretch" builds on Debian 10 "buster" 
There are no Debian 10 "buster" builds from nginx.org yet.
 2019-07-06 21:16:19 +03:00
Alan Orth 39622077cd roles/common: Use Debian 9 tarsnap packages 
There are no tarsnap binaries for Debian 10 yet.
 2019-07-06 21:16:19 +03:00
Alan Orth b79001f97a roles/common: Update security.sources.list for cron-apt 
We need to make sure to get security updates for packages that are
not in main!
 2019-07-06 21:16:19 +03:00
Alan Orth 207296b1f8 roles/common: Update Debian security apt repository 
See: https://www.debian.org/security/
 2019-07-06 21:16:19 +03:00
Alan Orth 1b4e9ae87c roles/common: Install Python 3 version of pycurl on Debian 10 
Debian 10 comes with Python 2 and Python 3 (at least from the ISO),
so we should prefer the Python 3 version of pycurl. We'll see whet-
her cloud providers like Linode and Digital Ocean ship with Python
3 or not in their default image.
 2019-07-06 21:16:19 +03:00
Alan Orth da4a6660fb roles/common: Update comment in tasks/ntp.yml 2019-07-06 21:16:19 +03:00
Alan Orth dd5662911e roles/common: Import sshd_config from Debian 10 
OpenSSH version is 7.9p1-10.
 2019-07-06 21:16:19 +03:00
Alan Orth d46c64ca29
Run pipenv update 2019-07-06 21:15:34 +03:00
Alan Orth 4fb2d48e10
roles/mariadb: Install MariaDB 10.4 
MariaDB 10.4 is now GA.

See: https://mariadb.com/kb/en/library/changes-improvements-in-mariadb-104/
See: https://mariadb.com/kb/en/library/upgrading-from-mariadb-103-to-mariadb-104/
 2019-07-05 20:39:17 +03:00
Alan Orth 4f1d413477
Pipfile.lock: Run pipenv update 2019-06-08 23:19:35 +03:00
Alan Orth 7b395c4039
host_vars/web17: WordPress 5.2.1 2019-06-08 23:19:23 +03:00
Alan Orth ea936673d9
Pipfile.lock: Run pipenv update 2019-05-08 09:16:28 +03:00
Alan Orth dc2e14a6a3
roles/mariadb: Use python3-pymysql for Ansible 
For Python 3 Ansible needs a different library to help with MySQL
tasks.
 2019-05-08 09:15:47 +03:00
Alan Orth f129fdff8f
host_vars/web17: WordPress 5.2 2019-05-08 09:14:48 +03:00
Alan Orth 0f381d3993
host_vars/web17: Use Python 3 for Ansible 
See: https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
 2019-03-17 17:37:34 +02:00
Alan Orth 5957f5f2c5
roles: The apt cache_valid_time implies update_cache 
See: https://docs.ansible.com/ansible/latest/modules/apt_module.html
 2019-03-17 17:29:28 +02:00