alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
515 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

515 Commits

Author SHA1 Message Date
Alan Orth 4ad4d79b3d
roles/munin: Fix issue raised by ansible-lint 
[ANSIBLE0010] Package installs should not use latest
 2017-10-31 22:41:40 +02:00
Alan Orth f362207616
roles/munin: Fix issue raised by ansible-lint 
[ANSIBLE0002] Trailing whitespace
 2017-10-31 22:39:34 +02:00
Alan Orth e043cd7dfe
roles/munin: Fix issue raised by ansible-lint 
[ANSIBLE0010] Package installs should not use latest
 2017-10-31 22:38:32 +02:00
Alan Orth f7393b0ca9
host_vars/web12: WordPress 4.8.3 2017-10-31 19:42:49 +02:00
Alan Orth 4f357f336f
ansible.cfg: Temporary workaround for Ansible > 2.4.0.0 connection issue 
Not sure what causes it but I get timeouts when connecting to my hosts
with Ansible > 2.4.0.0 (tested 2.4.1.0 and current 2.5.0-devel). For
some reason switching to paramiko fixes it.
 2017-10-30 16:21:35 +02:00
Alan Orth a312166da9
misc-plays/change_password.yml: Use become 2017-10-14 14:20:34 +03:00
Alan Orth 15bf4727c1
roles/common: Add names to include tasks 
I'm not sure why these weren't caught by ansible-lint.
 2017-10-03 17:46:55 +03:00
Alan Orth e86e2c081b
roles/nginx: Use 'present' instead of 'latest' to install nginx 
Raised by the following rule in ansible-lint:

[ANSIBLE0010] Package installs should not use latest
 2017-10-03 15:04:54 +03:00
Alan Orth 5281d41445
Add names to include tasks 
Raised by ansible-lint in the following rule:

[ANSIBLE0011] All tasks should be named
 2017-10-03 15:03:09 +03:00
Alan Orth 643c89891e
web.yml: Use 'remote_user' instead of 'user' 
The use of 'user' was deprecated in Ansible 1.4.
 2017-10-03 14:05:15 +03:00
Alan Orth bdf32df28e
host_vars/web12: Remove mjanja.org 2017-10-01 09:17:08 +03:00
Alan Orth b3fa930019
host_vars/web12: ansible_ssh_host → ansible_host 
This was apparently deprecated in ansible 2.0.

See: https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#2.0
 2017-09-26 15:27:27 +03:00
Alan Orth a38e2a4ff6
roles/mariadb: Use MariaDB 10.2 from vendor repo 
I can't remember right now why I needed to use Debian's MariaDB build
but now I just want to use upstream's latest stable. Debian's version
is 10.1 and upstream has moved on to 10.2.
 2017-09-26 15:15:27 +03:00
Alan Orth ff6253213a
roles/common: Rename "iptables" task to "firewall" 2017-09-26 14:32:21 +03:00
Alan Orth 818cbfd533
roles/common: Enable firewalld in Debian 9 2017-09-26 14:30:18 +03:00
Alan Orth 58245e3480
roles/common/tasks/main.yml: Remove comment 2017-09-22 15:53:01 +03:00
Alan Orth 16a9ebf97f
Adjust playbooks for Ansible 2.4 import changes 
Ansible 2.4 changes the way includes work. Now you have to use "import"
for playbooks and tasks that are static, and "include" for those that
are dynamic (ie, those that use variables, loops, etc).

See: http://docs.ansible.com/ansible/devel/playbooks_reuse_includes.html
 2017-09-21 21:30:47 +03:00
Alan Orth 3e581f9a46
README.md: Remove options from example invocation 
They are now embedded inside ansible.cfg.
 2017-09-20 13:01:12 +03:00
Alan Orth 0cd06a8298
ansible.cfg: Add option to always ask become pass 
Saves having to remember to type -K during normal playbook runs.
 2017-09-20 12:59:46 +03:00
Alan Orth 3d1022cd23
ansible.cfg: Add option to ask for vault pass 
One less thing to remember to type during normal invocations.
 2017-09-20 12:43:53 +03:00
Alan Orth 5867d6038c
ansible.cfg: Add inventory option 
As of Ansible 2.4 the ANSIBLE_HOSTS environment variable is deprecated
so we need to specify this some other way.
 2017-09-20 12:35:13 +03:00
Alan Orth 53eade7ab1
host_vars/web12: WordPress 4.8.2 2017-09-20 07:57:42 +03:00
Alan Orth d124bd0dad
host_vars/web12: WordPress 4.8.1 2017-08-14 16:47:10 +03:00
Alan Orth 02f7510f5f
Remove web08 2017-06-20 12:51:36 +03:00
Alan Orth d518bc51a4
Use nginx user instead of www-data on Debian 9 
Using www-data was a temporary measure while I was waiting for the
official nginx.org packages to be released for Debian 9 and we had
to use Debian's own nginx package.
 2017-06-19 18:36:13 +03:00
Alan Orth b945240756
roles/common: Harden sshd_config template for Debian 9 and Ubuntu 16.04 
From: https://wiki.mozilla.org/Security/Guidelines/OpenSSH
 2017-06-19 10:13:24 +03:00
Alan Orth e5939c830a
Add new web server web12 2017-06-18 11:05:19 +03:00
Alan Orth b2d3984c5a
roles/nginx: Fix PHP-FPM socket location on Debian 9 
Debian 9 and Ubuntu 16.04 use the same PHP-FPM configuration so we
can make use of that here.
 2017-06-18 11:04:30 +03:00
Alan Orth 4f22052afe
roles/common: Remove duplicate timezone task 
We set it in the separate ntp.yml playbook now, as there are a few
different systems we cater to (systemd, old ntp, etc).
 2017-06-18 09:30:05 +03:00
Alan Orth ffac0b8afd
roles/common: Update apt cache in tarsnap step 
This fails on clean installs otherwise.
 2017-06-18 09:27:53 +03:00
Alan Orth 4c6e45f93b
host_vars/web08: WordPress 4.8 2017-06-12 18:29:46 +03:00
Alan Orth f9a0f9e6bf
roles/php-fpm: Update php7.0-php.ini.j2 
Minor comment updates from the latest version from Ubuntu 16.04.
 2017-05-28 15:46:15 +03:00
Alan Orth f85c5f3605
roles/php-fpm: Update defaults 
Latest defaults from the PHP.net opcache documentation:

    https://secure.php.net/manual/en/opcache.installation.php
 2017-05-28 15:45:05 +03:00
Alan Orth 02d63d7701
host_vars/web08: WordPress 4.7.5 2017-05-28 09:34:21 +03:00
Alan Orth 39afca4bb2
host_vars/web08: WordPress 4.7.4 2017-04-22 15:31:19 +03:00
Alan Orth 4ff2ac1737
roles/nginx: Update comment about nginx versions 
Version 1.12.x is now stable and 1.13.x is now mainline.

See: https://www.nginx.com/blog/nginx-1-12-1-13-released/
 2017-04-14 16:07:33 +03:00
Alan Orth a7a6fa38c9
roles/nginx: Official builds for Debian Stretch 
Now that there are official nginx.org builds for Debian 9 we don't
need to use Debian's own nginx packages.
 2017-04-14 16:06:32 +03:00
Alan Orth a6034fda0c
host_vars/web08: WordPress 4.7.3 2017-03-06 22:54:05 +02:00
Alan Orth f53f3c8e7a
roles/php-fpm: Update php7.0-php.ini template 
Sync with latest packaged version from Debian 9. Effectively this
only updates comments and disabled options, but having less changes
to look at during an apt upgrade is nice and reduces the chance of
adding errors.
 2017-03-06 12:53:17 +02:00
Alan Orth 5b51fcedc2
roles/nginx: Sort packages for Let's Encrypt deps on Ubuntu 2017-02-16 18:16:09 +02:00
Alan Orth a6f0d5f7d3
roles/nginx: Add package deps for Let's Encrypt on Debian 9 
Taken from running certbot-auto on a clean Debian 9 installation.
 2017-02-16 18:15:06 +02:00
Alan Orth d766c3dbbe
roles/common: Add tasks to install tarsnap 
Now that Tarsnap has official packages this is one less thing that
needs to be manually installed from source after bringing a machine
up.

See: http://mail.tarsnap.com/tarsnap-announce/msg00037.html
 2017-02-07 07:28:35 -08:00
Alan Orth 4afb29c06e
README.md: Update copyright year 2017-01-30 17:09:11 +02:00
Alan Orth 7b4f47a42b
README.md: Add notes for Debian 9 2017-01-30 17:08:33 +02:00
Alan Orth 47407188cb
roles/mariadb: Use Debian's MariaDB packages for now 
MariaDB actually already has Debian 9 (stretch) packages, but they
seem to cause issues with how I'm deploying. I'll skip them for now
I think.
 2017-01-30 16:54:22 +02:00
Alan Orth e13ef95f70
roles/nginx: Update nginx.conf.j2 
This is to accomodate Debian's 9 nginx package, as it provides a
different system user/group than nginx.org's packages.
 2017-01-30 15:45:50 +02:00
Alan Orth 6de385021d
roles/nginx: Updates to accomodate Debian 9 (stretch) 
There are currently no nginx.org builds for Debian 9, so we need to
use the package from Debian's repository. This package provides a
www-data user and group instead of an nginx one.

We can revert some of this after Debian 9 is released and official
builds come from nginx.org (though it might be useful to keep the
main nginx.conf as a template).
 2017-01-30 15:43:03 +02:00
Alan Orth 8c3a8fc26a
roles/php-fpm: Updates for Debian 9 (stretch) 
Debian 9 is still in beta and doesn't have nginx.org builds yet, so
we need to use the nginx package in Debian's repositories, and that
required a bit of a different configuration.

After official nginx.org builds are released we can revert this.
 2017-01-30 15:11:39 +02:00
Alan Orth 1fef5c9b5a roles/common: Add sshd_config for Debian 9 (stretch) 
Taken from base install and diffed against the current Ubuntu 16.04
and Debian 8 config templates.
 2017-01-30 14:56:27 +02:00
Alan Orth 9ca685a6af
roles/common: Adjust allowed user logic for Ubuntu 16.04 sshd_config 2017-01-30 12:54:35 +02:00