alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
178 Commits 2 Branches 0 Tags 4.2 MiB
68493beba3
Commit Graph

10 Commits

Author SHA1 Message Date
Alan Orth
fc586a2297
roles/common: Adjust cron-apt stuff 
- Don't run the static files as templates
- Use a separate playbook for related tasks
- Use a template for security.sources.list

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-22 23:39:22 +03:00
Alan Orth
ae10677b65
roles/common: Specify default apt_mirror for fallback in sources.list template 
New hosts often fail due to not having an apt_mirror, because there
isn't one defined for their group and their host_vars haven't over-
ridden it.

We want new hosts to deploy successfully, so let's just use a default
apt_mirror if there isn't one defined. Rather have a slow mirror than
a failed deployment. And in any case, Linode can download from KENET's
mirror at 10MB/sec. ;)

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-06-04 21:57:11 +03:00
Alan Orth
a8f4500567 Add IPv6 support to firewall tasks / template 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-05-25 18:17:23 +03:00
Alan Orth
3a5b50f941
roles/common: Set I/O scheduler via udev 
All servers with non-rotating disks (SSDs) should be running noop,
and the rest should be running deadline.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:52:05 +03:00
Alan Orth
2367b843d9
roles/common: Remove I/O scheduler logic from rc.local 
It's better to set this using udev rules anyways

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:40:54 +03:00
Alan Orth
58222706ba
roles/common: Remove logic for TCP congestion avoidance on early kernels in sysctl 
We don't have anything near 2.6.32 anymore.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:25:33 +03:00
Alan Orth
60ba4dacbd
roles/common: Add TCP/IP tweaks to sysctl template 
Disable TCP slow start and increase the number of ports available
for client connections.

See: http://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html
See: http://www.chromium.org/spdy/spdy-best-practices

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:23:10 +03:00
Alan Orth
13b592dfcd roles/common: Tune sshd_config to be more strict 
Disable ECDSA as a signature algorithm and drop some older message
authentication algorithms.

See: https://stribika.github.io/2015/01/04/secure-secure-shell.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-07 01:47:06 +03:00
Alan Orth
a80cb49957 roles/common: Update sshd_config template to explicitly allow the provisioning user 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-06 17:45:06 +03:00
Alan Orth
60b8ecdd4c
Initial commit 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-17 00:35:57 +03:00