Alan Orth
4ad4d79b3d
roles/munin: Fix issue raised by ansible-lint
...
[ANSIBLE0010] Package installs should not use latest
2017-10-31 22:41:40 +02:00
Alan Orth
f362207616
roles/munin: Fix issue raised by ansible-lint
...
[ANSIBLE0002] Trailing whitespace
2017-10-31 22:39:34 +02:00
Alan Orth
e043cd7dfe
roles/munin: Fix issue raised by ansible-lint
...
[ANSIBLE0010] Package installs should not use latest
2017-10-31 22:38:32 +02:00
Alan Orth
f7393b0ca9
host_vars/web12: WordPress 4.8.3
2017-10-31 19:42:49 +02:00
Alan Orth
4f357f336f
ansible.cfg: Temporary workaround for Ansible > 2.4.0.0 connection issue
...
Not sure what causes it but I get timeouts when connecting to my hosts
with Ansible > 2.4.0.0 (tested 2.4.1.0 and current 2.5.0-devel). For
some reason switching to paramiko fixes it.
2017-10-30 16:21:35 +02:00
Alan Orth
a312166da9
misc-plays/change_password.yml: Use become
2017-10-14 14:20:34 +03:00
Alan Orth
15bf4727c1
roles/common: Add names to include tasks
...
I'm not sure why these weren't caught by ansible-lint.
2017-10-03 17:46:55 +03:00
Alan Orth
e86e2c081b
roles/nginx: Use 'present' instead of 'latest' to install nginx
...
Raised by the following rule in ansible-lint:
[ANSIBLE0010] Package installs should not use latest
2017-10-03 15:04:54 +03:00
Alan Orth
5281d41445
Add names to include tasks
...
Raised by ansible-lint in the following rule:
[ANSIBLE0011] All tasks should be named
2017-10-03 15:03:09 +03:00
Alan Orth
643c89891e
web.yml: Use 'remote_user' instead of 'user'
...
The use of 'user' was deprecated in Ansible 1.4.
2017-10-03 14:05:15 +03:00
Alan Orth
bdf32df28e
host_vars/web12: Remove mjanja.org
2017-10-01 09:17:08 +03:00
Alan Orth
b3fa930019
host_vars/web12: ansible_ssh_host → ansible_host
...
This was apparently deprecated in ansible 2.0.
See: https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#2.0
2017-09-26 15:27:27 +03:00
Alan Orth
a38e2a4ff6
roles/mariadb: Use MariaDB 10.2 from vendor repo
...
I can't remember right now why I needed to use Debian's MariaDB build
but now I just want to use upstream's latest stable. Debian's version
is 10.1 and upstream has moved on to 10.2.
2017-09-26 15:15:27 +03:00
Alan Orth
ff6253213a
roles/common: Rename "iptables" task to "firewall"
2017-09-26 14:32:21 +03:00
Alan Orth
818cbfd533
roles/common: Enable firewalld in Debian 9
2017-09-26 14:30:18 +03:00
Alan Orth
58245e3480
roles/common/tasks/main.yml: Remove comment
2017-09-22 15:53:01 +03:00
Alan Orth
16a9ebf97f
Adjust playbooks for Ansible 2.4 import changes
...
Ansible 2.4 changes the way includes work. Now you have to use "import"
for playbooks and tasks that are static, and "include" for those that
are dynamic (ie, those that use variables, loops, etc).
See: http://docs.ansible.com/ansible/devel/playbooks_reuse_includes.html
2017-09-21 21:30:47 +03:00
Alan Orth
3e581f9a46
README.md: Remove options from example invocation
...
They are now embedded inside ansible.cfg.
2017-09-20 13:01:12 +03:00
Alan Orth
0cd06a8298
ansible.cfg: Add option to always ask become pass
...
Saves having to remember to type -K during normal playbook runs.
2017-09-20 12:59:46 +03:00
Alan Orth
3d1022cd23
ansible.cfg: Add option to ask for vault pass
...
One less thing to remember to type during normal invocations.
2017-09-20 12:43:53 +03:00
Alan Orth
5867d6038c
ansible.cfg: Add inventory option
...
As of Ansible 2.4 the ANSIBLE_HOSTS environment variable is deprecated
so we need to specify this some other way.
2017-09-20 12:35:13 +03:00
Alan Orth
53eade7ab1
host_vars/web12: WordPress 4.8.2
2017-09-20 07:57:42 +03:00
Alan Orth
d124bd0dad
host_vars/web12: WordPress 4.8.1
2017-08-14 16:47:10 +03:00
Alan Orth
02f7510f5f
Remove web08
2017-06-20 12:51:36 +03:00
Alan Orth
d518bc51a4
Use nginx user instead of www-data on Debian 9
...
Using www-data was a temporary measure while I was waiting for the
official nginx.org packages to be released for Debian 9 and we had
to use Debian's own nginx package.
2017-06-19 18:36:13 +03:00
Alan Orth
b945240756
roles/common: Harden sshd_config template for Debian 9 and Ubuntu 16.04
...
From: https://wiki.mozilla.org/Security/Guidelines/OpenSSH
2017-06-19 10:13:24 +03:00
Alan Orth
e5939c830a
Add new web server web12
2017-06-18 11:05:19 +03:00
Alan Orth
b2d3984c5a
roles/nginx: Fix PHP-FPM socket location on Debian 9
...
Debian 9 and Ubuntu 16.04 use the same PHP-FPM configuration so we
can make use of that here.
2017-06-18 11:04:30 +03:00
Alan Orth
4f22052afe
roles/common: Remove duplicate timezone task
...
We set it in the separate ntp.yml playbook now, as there are a few
different systems we cater to (systemd, old ntp, etc).
2017-06-18 09:30:05 +03:00
Alan Orth
ffac0b8afd
roles/common: Update apt cache in tarsnap step
...
This fails on clean installs otherwise.
2017-06-18 09:27:53 +03:00
Alan Orth
4c6e45f93b
host_vars/web08: WordPress 4.8
2017-06-12 18:29:46 +03:00
Alan Orth
f9a0f9e6bf
roles/php-fpm: Update php7.0-php.ini.j2
...
Minor comment updates from the latest version from Ubuntu 16.04.
2017-05-28 15:46:15 +03:00
Alan Orth
f85c5f3605
roles/php-fpm: Update defaults
...
Latest defaults from the PHP.net opcache documentation:
https://secure.php.net/manual/en/opcache.installation.php
2017-05-28 15:45:05 +03:00
Alan Orth
02d63d7701
host_vars/web08: WordPress 4.7.5
2017-05-28 09:34:21 +03:00
Alan Orth
39afca4bb2
host_vars/web08: WordPress 4.7.4
2017-04-22 15:31:19 +03:00
Alan Orth
4ff2ac1737
roles/nginx: Update comment about nginx versions
...
Version 1.12.x is now stable and 1.13.x is now mainline.
See: https://www.nginx.com/blog/nginx-1-12-1-13-released/
2017-04-14 16:07:33 +03:00
Alan Orth
a7a6fa38c9
roles/nginx: Official builds for Debian Stretch
...
Now that there are official nginx.org builds for Debian 9 we don't
need to use Debian's own nginx packages.
2017-04-14 16:06:32 +03:00
Alan Orth
a6034fda0c
host_vars/web08: WordPress 4.7.3
2017-03-06 22:54:05 +02:00
Alan Orth
f53f3c8e7a
roles/php-fpm: Update php7.0-php.ini template
...
Sync with latest packaged version from Debian 9. Effectively this
only updates comments and disabled options, but having less changes
to look at during an apt upgrade is nice and reduces the chance of
adding errors.
2017-03-06 12:53:17 +02:00
Alan Orth
5b51fcedc2
roles/nginx: Sort packages for Let's Encrypt deps on Ubuntu
2017-02-16 18:16:09 +02:00
Alan Orth
a6f0d5f7d3
roles/nginx: Add package deps for Let's Encrypt on Debian 9
...
Taken from running certbot-auto on a clean Debian 9 installation.
2017-02-16 18:15:06 +02:00
Alan Orth
d766c3dbbe
roles/common: Add tasks to install tarsnap
...
Now that Tarsnap has official packages this is one less thing that
needs to be manually installed from source after bringing a machine
up.
See: http://mail.tarsnap.com/tarsnap-announce/msg00037.html
2017-02-07 07:28:35 -08:00
Alan Orth
4afb29c06e
README.md: Update copyright year
2017-01-30 17:09:11 +02:00
Alan Orth
7b4f47a42b
README.md: Add notes for Debian 9
2017-01-30 17:08:33 +02:00
Alan Orth
47407188cb
roles/mariadb: Use Debian's MariaDB packages for now
...
MariaDB actually already has Debian 9 (stretch) packages, but they
seem to cause issues with how I'm deploying. I'll skip them for now
I think.
2017-01-30 16:54:22 +02:00
Alan Orth
e13ef95f70
roles/nginx: Update nginx.conf.j2
...
This is to accomodate Debian's 9 nginx package, as it provides a
different system user/group than nginx.org's packages.
2017-01-30 15:45:50 +02:00
Alan Orth
6de385021d
roles/nginx: Updates to accomodate Debian 9 (stretch)
...
There are currently no nginx.org builds for Debian 9, so we need to
use the package from Debian's repository. This package provides a
www-data user and group instead of an nginx one.
We can revert some of this after Debian 9 is released and official
builds come from nginx.org (though it might be useful to keep the
main nginx.conf as a template).
2017-01-30 15:43:03 +02:00
Alan Orth
8c3a8fc26a
roles/php-fpm: Updates for Debian 9 (stretch)
...
Debian 9 is still in beta and doesn't have nginx.org builds yet, so
we need to use the nginx package in Debian's repositories, and that
required a bit of a different configuration.
After official nginx.org builds are released we can revert this.
2017-01-30 15:11:39 +02:00
Alan Orth
1fef5c9b5a
roles/common: Add sshd_config for Debian 9 (stretch)
...
Taken from base install and diffed against the current Ubuntu 16.04
and Debian 8 config templates.
2017-01-30 14:56:27 +02:00
Alan Orth
9ca685a6af
roles/common: Adjust allowed user logic for Ubuntu 16.04 sshd_config
2017-01-30 12:54:35 +02:00