Commit Graph

964 Commits

Author SHA1 Message Date
bdf0a19493
Pipfile.lock: pipenv update 2018-12-02 22:30:47 +02:00
9b8662eb34
Pipfile.lock: Run pipenv update
Ansible 2.7.1
2018-10-28 08:35:55 +02:00
484ea053cf
Re-create pipenv with Python 3.7 and reinstall packages 2018-10-25 12:01:30 +03:00
6eb6ab3070
Pipfile.lock: pipenv update 2018-10-11 08:17:02 +03:00
f19b987f99
host_vars/web17: Use nginx mainline
When I deployed this server on Ubuntu 18.04 there were no mainline
nginx builds so I was using stable. Now I see there are builds for
mainline.
2018-08-29 09:23:18 +03:00
3006536e86
Update pipenv
Use Python 3.7 and run pipenv update to lock latest packages.
2018-08-29 09:09:26 +03:00
6ef6f51966
Remove more Tor relayor stuff 2018-08-29 09:08:12 +03:00
7aa6384055
host_vars/web17: WordPress 4.9.8 2018-08-05 11:36:27 +03:00
da615fb368
roles/mariadb: Update my.cnf template
Sync from upstream's provided my.cnf.
2018-07-29 16:43:56 +03:00
b47f66512d
roles/mariadb: Use MariaDB 10.3
Also disables the fetching of i386 packages because the mirror does
not appear to have them anymore (and I wasn't using them anyways).
2018-07-29 16:23:24 +03:00
5d9577bc2d
Pipfile.lock: Run pipenv update 2018-07-29 16:13:43 +03:00
963bf65099
roles/common: Limit number of SSH authentication attempts
The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.

Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.
2018-07-23 13:14:54 +03:00
4f6d02922a
Run pipenv update and pipenv sync 2018-07-23 13:10:39 +03:00
edd55124e8
Pipfile: Upgrade to Ansible 2.6.x 2018-07-23 13:09:00 +03:00
c21207f704
host_vars/web17: WordPress 4.9.7 2018-07-06 10:45:33 +03:00
9dfc0a2f1c
Pipfile: Pin Ansible < 2.6
I haven't tested Ansible 2.6 yet.

See: https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.6.html
2018-07-01 12:00:52 +03:00
37a7ff4e72
Pipfile.lock: Run pipenv update 2018-06-24 08:59:33 +03:00
f22b6af273
roles/common: Change mode of SSH public key 2018-05-30 08:32:11 -07:00
37a88f676b
roles/common: Add new SSH public key for aorth 2018-05-30 07:48:38 -07:00
8f0ce74307
Remove host_vars/web12 2018-05-22 23:27:59 +03:00
ca15b27789
Add host_vars/web17 2018-05-20 14:58:27 +03:00
131420be17
roles/common: Add task to copy tarsnaprc
One less thing to do manually after server provisioning, and there is
nothing sensitive in here anyways.
2018-05-20 12:51:02 +03:00
c29d37c159
roles/mariadb: Use German mirror 2018-05-20 12:05:35 +03:00
05e853d0ad
README.md: Add note about Python 2 being installed 2018-05-20 11:46:18 +03:00
314a33d37c
Use official MariaDB builds for Ubuntu bionic
We had been using the Ubuntu 17.10 "artful" builds for Ubuntu 18.04
"bionic" but there are now official bionic builds.
2018-05-19 23:12:35 +03:00
533b9c60e7
Use ansible >= 2.5.1 for pipenv 2018-05-18 17:35:07 +03:00
073e02f875
host_vars/web12: WordPress 4.9.6 2018-05-18 12:41:50 +03:00
23073100ce
Remove tor-relay stuff
Harder to run one of these than I thought. Mostly it takes a lot of
bandwidth, and it's probably better to spend the $5/month you'd sp-
end on the VPS by donating $50 to the torservers.net project.
2018-05-16 09:58:08 +03:00
2837de4e3f
roles/php-fpm: Update defaults
From latest PHP 7.2 on Ubuntu 18.04's php.ini-production.
2018-05-15 00:00:27 +03:00
70abcb2051
roles/php-fpm: Import new php.ini-production
From latest Ubuntu 18.04 PHP 7.2 package.
2018-05-14 23:58:45 +03:00
92e0b67149
Remove relay03 2018-05-13 12:30:41 +03:00
6e9fa0a213
Add relay03 2018-05-13 10:45:48 +03:00
207856d587
Remove relay02 2018-05-13 09:25:31 +03:00
c8f0421ff7
host_vars/relay02: Reduce bandwidth to 75 KBytes
This is the minimum for Tor relays according to the torrc man page.
2018-05-13 08:17:20 +03:00
3a4bd1e5c4
host_vars/relay02: Increase bandwidth to 1 megabit 2018-05-12 23:35:17 +03:00
142ae35904
host_vars/relay02: Reduce speed to 700 kilobits 2018-05-12 21:58:59 +03:00
d6340a3c09
README.md: Update todo 2018-05-09 00:06:21 +03:00
1a9033dece
roles/common: Use bionic tarsnap builds on Ubuntu 18.04
Tarsnap finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
2018-05-09 00:05:42 +03:00
42fcd933a8
roles/nginx: Fix Jinja2 logic in apt sources template 2018-05-08 23:53:47 +03:00
5a8b7f0425
README.md: Update todo 2018-05-08 23:43:54 +03:00
3f0c45d504
roles/nginx: Force amd64 builds on apt sources
Avoids the following error in apt:

Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository 'https://nginx.org/packages/ubuntu bionic InRelease' doesn't support architecture 'i386'
2018-05-08 23:41:25 +03:00
f5fbc4b8f1
roles/nginx: Use bionic builds on Ubuntu 18.04
NGINX finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
2018-05-08 23:39:59 +03:00
70c279ea81
Add host_vars/relay02 2018-05-07 11:04:38 +03:00
d4a0dab704
Add netaddr to pipenv configuration
Required by the ansible-relayor role.
2018-05-07 11:04:22 +03:00
42501acb74
Add install instructions for ansible-relayor
There are several ways to install external roles, ie via ansible-galaxy,
git submodules, etc. I found that adding this role to a requirements.yml
file and adding instructions to the README.md is probably the best way.

Using ansible-galaxy actually had issues because the ansible-relayor git
repository has version tags that use mixed styles, like v0.3.3 and 0.1.0
without a v.
2018-05-07 10:54:40 +03:00
1277f422c8
Add playbook for configuring Tor relays
Utilizes the ansible-relayor role developed by nusenu.

See: https://github.com/nusenu/ansible-relayor
2018-05-07 10:53:36 +03:00
f9ea7d30f5
host_vars/web12: Update DNS resolvers for TLS stapling 2018-04-30 18:12:29 +03:00
0a39051a95
roles/nginx: Allow custom resolvers for TLS stapling
Allows to specify custom DNS resolvers for TLS stapling, with a default
of Cloudflare's public DNS servers.
2018-04-30 18:04:17 +03:00
bda95b6a1c
roles/nginx: Default to Cloudflare public DNS for TLS stapling
No need to give Google even more data or free advertising by using
this as the default! In practice I always use the DNS servers from
the VPS provider anyways.
2018-04-30 17:51:59 +03:00
54d62feead
README.md: Add note about unattended-upgrades 2018-04-29 21:16:03 +03:00