6dc2ea36b6
roles/nginx: fix path to php 8.2 socket
2023-09-11 19:55:24 +03:00
af71a9b5f8
roles/php-fpm: remove fmt strings
...
Ansible confuses them for jinja2 tokens.
2023-09-11 19:52:18 +03:00
4dd57803e2
roles/php-fpm: fix user/group for php 8.2 configs
2023-09-11 19:51:59 +03:00
18d4245fc0
roles/common: fix tarsnap signing of apt repo
2023-09-11 19:37:49 +03:00
1bddf3cccd
Pipfile.lock: run pipenv update
2023-09-11 18:52:25 +03:00
20dbe61fe1
roles/mariadb: use MariaDB 10.11
...
The server has already been updated from 10.6 to 10.11.
See: https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/
2023-09-10 22:53:10 +03:00
899e87321b
host_vars/web22: WordPress 6.3.1
2023-09-10 22:44:23 +03:00
06416a3b64
roles: run ansible-lint --write
2023-08-23 22:22:51 +03:00
7a9a24ef5d
roles/common: rework fail2ban again
...
Actually, we do want to run fail2ban on all hosts because the sshd
monitoring via systemd is nice. At the very least it reduces spam
from failed logins in our systemd journal.
2023-08-23 22:15:24 +03:00
067adcd9f5
roles/common: rework fail2ban tasks
...
We can only run fail2ban when we have logs to monitor. When a host
is running Caddy we don't have logs, so fail2ban doesn't have any-
thing to monitor out of the box. For now I will restrict the task
to hosts running nginx.
2023-08-23 21:59:28 +03:00
84d210cfab
roles/common: re-format handlers
...
Use the newer Ansible format.
2023-08-23 21:35:28 +03:00
17736a4f14
roles/common: run ansible-lint --write
2023-08-23 21:33:22 +03:00
b9e91c4a3d
roles/common: minor updates to tarsnap task
...
Use modern Ansible task format
2023-08-23 21:20:22 +03:00
51c95e5d4c
roles/common: update tarsnap task
...
Update tarsnap task to use apt signed-by for package signing keys
instead of adding keys directly to apt-key.
2023-08-23 21:18:27 +03:00
8dbec29d2a
roles/nginx: prepare letsencrypt task for Debian 12
2023-08-23 21:01:12 +03:00
d3bf3dab04
roles/php-fpm: add support for PHP 8.2
...
This is used in Debian 12.
2023-08-23 20:56:35 +03:00
8f50b7756b
host_vars/web22: WordPress 6.3
2023-08-22 21:33:49 +03:00
e86ccc9979
roles/nginx: minor rework of apt key stuff
2023-08-22 21:33:19 +03:00
cea8529f49
Pipfile.lock: run pipenv update
2023-08-22 21:02:17 +03:00
d77718edae
host_vars: add fail2ban_ignoreip
2023-08-14 16:37:07 +02:00
14d57fc477
roles/nginx: reformat main tasks
2023-08-10 22:44:47 +02:00
5c39f1abd8
roles/common: minor changes to Debian sshd_config files
2023-08-10 22:10:04 +02:00
6794eb0432
roles/common: default to disabling SSH passwords
2023-08-10 22:09:03 +02:00
11614e3725
host_vars: replace nomad02 with nomad03
...
The former is Ubuntu 20.04, the latter is Debian 12. Running Drone
CI.
2023-08-10 08:37:09 +02:00
b106f9d9e5
roles/common: ignore apt sources.list on Scaleway
...
While testing Debian 12 on Scaleway I noticed their apt sources.list
is in some weird format I've never seen before, so let's skip it on
those hosts.
2023-08-10 08:08:42 +02:00
3c8250e6ac
Pipfile.lock: run pipenv update
2023-08-09 22:07:54 +02:00
d280859b0d
roles/common: minor updates to Debian 11 sshd_config
2023-08-09 21:55:04 +02:00
bca1629d2f
Minor comment updates for Debian 12
2023-08-09 21:51:53 +02:00
4fa82faf18
roles/common: adjust sshd_config for Debian 12
...
Adjust sshd_config based on ssh-audit profile for OpenSSH 9.2.
2023-08-09 21:27:19 +02:00
b8f0b4b1fb
roles/common: add vanilla sshd_config for Debian 12
2023-08-09 21:16:50 +02:00
68e5d05bbb
host_vars/web22: WordPress 6.2.2
2023-07-27 18:48:37 +03:00
446d402778
roles: minor fix to Debian version comparisons
2023-07-27 18:48:07 +03:00
67379fc2e4
host_vars/web22: WordPress 6.2
2023-05-04 07:10:40 +03:00
73546967b6
Pipfile.lock: run pipenv update
2023-05-04 06:58:25 +03:00
16b661efe1
Pipfile.lock: run pipenv update
2023-04-14 10:09:29 -07:00
fdb9a75489
roles/common: update tarsnap GPG key
2023-04-14 10:09:11 -07:00
232d7a0348
host_vars/web22: WordPress 6.1.1
2022-11-24 18:31:48 +03:00
6e4bb5bc34
host_vars/web21: use caddy
2022-11-13 18:58:57 +03:00
c840ffe018
roles/caddy: improve vhost template
...
Support domain aliases that redirect to the main domain and allow
sites to say they are static sites where they only need a document
root.
2022-11-13 18:54:03 +03:00
45c9d7ea0a
Pipfile.lock: run pipenv update
2022-11-13 16:50:07 +03:00
a62bc446e8
host_vars/web22: WordPress 6.1
2022-11-06 23:00:41 +03:00
62a6a491db
host_vars/web23: use caddy
2022-11-02 22:30:32 +03:00
4867d6da6a
Add basic caddy role
2022-11-02 22:29:30 +03:00
d9f7c7a93b
group_vars/web: set default webserver to nginx
...
While I'm still getting experience with caddy and adapting it to my
workloads.
2022-11-02 22:12:36 +03:00
bc8c030700
roles/common: update Tarsnap GPG key
2022-11-02 22:11:37 +03:00
f7598d8f1c
Pipfile.lock: run pipenv update
2022-11-02 20:50:59 +03:00
c353e84a84
site.yml: use fully-qualified modules
2022-10-25 21:08:27 +03:00
99ca23f258
Pipfile.lock: run pipenv update
2022-10-17 19:56:30 +03:00
b663d27fd8
roles/common: rework firewall_Debian.yml playbook
...
Use newer Ansible task format, move from apt to package module, and
do package installs in one transaction using a list instead of a
loop.
2022-09-12 17:25:40 +03:00
67c99dacf6
roles/common: rework firewall_Ubuntu.yml playbook
...
Use newer Ansible task format, move from apt to package module, and
do package installs in one transaction using a list instead of a loop.
2022-09-12 17:18:33 +03:00