alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
558 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

558 Commits

Author SHA1 Message Date
Alan Orth 6ef6f51966
Remove more Tor relayor stuff 2018-08-29 09:08:12 +03:00
Alan Orth 7aa6384055
host_vars/web17: WordPress 4.9.8 2018-08-05 11:36:27 +03:00
Alan Orth da615fb368
roles/mariadb: Update my.cnf template 
Sync from upstream's provided my.cnf.
 2018-07-29 16:43:56 +03:00
Alan Orth b47f66512d
roles/mariadb: Use MariaDB 10.3 
Also disables the fetching of i386 packages because the mirror does
not appear to have them anymore (and I wasn't using them anyways).
 2018-07-29 16:23:24 +03:00
Alan Orth 5d9577bc2d
Pipfile.lock: Run pipenv update 2018-07-29 16:13:43 +03:00
Alan Orth 963bf65099
roles/common: Limit number of SSH authentication attempts 
The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.

Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.
 2018-07-23 13:14:54 +03:00
Alan Orth 4f6d02922a
Run pipenv update and pipenv sync 2018-07-23 13:10:39 +03:00
Alan Orth edd55124e8
Pipfile: Upgrade to Ansible 2.6.x 2018-07-23 13:09:00 +03:00
Alan Orth c21207f704
host_vars/web17: WordPress 4.9.7 2018-07-06 10:45:33 +03:00
Alan Orth 9dfc0a2f1c
Pipfile: Pin Ansible < 2.6 
I haven't tested Ansible 2.6 yet.

See: https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.6.html
 2018-07-01 12:00:52 +03:00
Alan Orth 37a7ff4e72
Pipfile.lock: Run pipenv update 2018-06-24 08:59:33 +03:00
Alan Orth f22b6af273
roles/common: Change mode of SSH public key 2018-05-30 08:32:11 -07:00
Alan Orth 37a88f676b
roles/common: Add new SSH public key for aorth 2018-05-30 07:48:38 -07:00
Alan Orth 8f0ce74307
Remove host_vars/web12 2018-05-22 23:27:59 +03:00
Alan Orth ca15b27789
Add host_vars/web17 2018-05-20 14:58:27 +03:00
Alan Orth 131420be17
roles/common: Add task to copy tarsnaprc 
One less thing to do manually after server provisioning, and there is
nothing sensitive in here anyways.
 2018-05-20 12:51:02 +03:00
Alan Orth c29d37c159
roles/mariadb: Use German mirror 2018-05-20 12:05:35 +03:00
Alan Orth 05e853d0ad
README.md: Add note about Python 2 being installed 2018-05-20 11:46:18 +03:00
Alan Orth 314a33d37c
Use official MariaDB builds for Ubuntu bionic 
We had been using the Ubuntu 17.10 "artful" builds for Ubuntu 18.04
"bionic" but there are now official bionic builds.
 2018-05-19 23:12:35 +03:00
Alan Orth 533b9c60e7
Use ansible >= 2.5.1 for pipenv 2018-05-18 17:35:07 +03:00
Alan Orth 073e02f875
host_vars/web12: WordPress 4.9.6 2018-05-18 12:41:50 +03:00
Alan Orth 23073100ce
Remove tor-relay stuff 
Harder to run one of these than I thought. Mostly it takes a lot of
bandwidth, and it's probably better to spend the $5/month you'd sp-
end on the VPS by donating $50 to the torservers.net project.
 2018-05-16 09:58:08 +03:00
Alan Orth 2837de4e3f
roles/php-fpm: Update defaults 
From latest PHP 7.2 on Ubuntu 18.04's php.ini-production.
 2018-05-15 00:00:27 +03:00
Alan Orth 70abcb2051
roles/php-fpm: Import new php.ini-production 
From latest Ubuntu 18.04 PHP 7.2 package.
 2018-05-14 23:58:45 +03:00
Alan Orth 92e0b67149
Remove relay03 2018-05-13 12:30:41 +03:00
Alan Orth 6e9fa0a213
Add relay03 2018-05-13 10:45:48 +03:00
Alan Orth 207856d587
Remove relay02 2018-05-13 09:25:31 +03:00
Alan Orth c8f0421ff7
host_vars/relay02: Reduce bandwidth to 75 KBytes 
This is the minimum for Tor relays according to the torrc man page.
 2018-05-13 08:17:20 +03:00
Alan Orth 3a4bd1e5c4
host_vars/relay02: Increase bandwidth to 1 megabit 2018-05-12 23:35:17 +03:00
Alan Orth 142ae35904
host_vars/relay02: Reduce speed to 700 kilobits 2018-05-12 21:58:59 +03:00
Alan Orth d6340a3c09
README.md: Update todo 2018-05-09 00:06:21 +03:00
Alan Orth 1a9033dece
roles/common: Use bionic tarsnap builds on Ubuntu 18.04 
Tarsnap finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
 2018-05-09 00:05:42 +03:00
Alan Orth 42fcd933a8
roles/nginx: Fix Jinja2 logic in apt sources template 2018-05-08 23:53:47 +03:00
Alan Orth 5a8b7f0425
README.md: Update todo 2018-05-08 23:43:54 +03:00
Alan Orth 3f0c45d504
roles/nginx: Force amd64 builds on apt sources 
Avoids the following error in apt:

Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository 'https://nginx.org/packages/ubuntu bionic InRelease' doesn't support architecture 'i386'
 2018-05-08 23:41:25 +03:00
Alan Orth f5fbc4b8f1
roles/nginx: Use bionic builds on Ubuntu 18.04 
NGINX finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
 2018-05-08 23:39:59 +03:00
Alan Orth 70c279ea81
Add host_vars/relay02 2018-05-07 11:04:38 +03:00
Alan Orth d4a0dab704
Add netaddr to pipenv configuration 
Required by the ansible-relayor role.
 2018-05-07 11:04:22 +03:00
Alan Orth 42501acb74
Add install instructions for ansible-relayor 
There are several ways to install external roles, ie via ansible-galaxy,
git submodules, etc. I found that adding this role to a requirements.yml
file and adding instructions to the README.md is probably the best way.

Using ansible-galaxy actually had issues because the ansible-relayor git
repository has version tags that use mixed styles, like v0.3.3 and 0.1.0
without a v.
 2018-05-07 10:54:40 +03:00
Alan Orth 1277f422c8
Add playbook for configuring Tor relays 
Utilizes the ansible-relayor role developed by nusenu.

See: https://github.com/nusenu/ansible-relayor
 2018-05-07 10:53:36 +03:00
Alan Orth f9ea7d30f5
host_vars/web12: Update DNS resolvers for TLS stapling 2018-04-30 18:12:29 +03:00
Alan Orth 0a39051a95
roles/nginx: Allow custom resolvers for TLS stapling 
Allows to specify custom DNS resolvers for TLS stapling, with a default
of Cloudflare's public DNS servers.
 2018-04-30 18:04:17 +03:00
Alan Orth bda95b6a1c
roles/nginx: Default to Cloudflare public DNS for TLS stapling 
No need to give Google even more data or free advertising by using
this as the default! In practice I always use the DNS servers from
the VPS provider anyways.
 2018-04-30 17:51:59 +03:00
Alan Orth 54d62feead
README.md: Add note about unattended-upgrades 2018-04-29 21:16:03 +03:00
Alan Orth 7aed78016c
roles/php-fpm: Use set_fact to set packages 
Instead of looping over a list of items to install, we can actually
just give a list directly to the apt module. This allows the module
to install all packages in one transaction, which is faster as well
as slightly safer for some dependency resolution scenarios.
 2018-04-29 16:10:53 +03:00
Alan Orth 45517a1421
roles/php-fpm: Remove "packages" tag 
This tag is no longer reachable after switching to the new dynamic
includes in Ansible 2.4 and 2.5. Anyways, I've been questioning my
decision to add the "packages" tag to any task that uses the apt
module.
 2018-04-29 16:04:47 +03:00
Alan Orth 434fe59a63
roles/php-fpm: Use blocks to tag children of dynamic tasks 
When using dynamic includes, child tasks do not inherit tags from their
parents. You must tag the parent and each child task separately, or use
a block to group children and then apply a tag to a block.

See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
 2018-04-29 16:04:03 +03:00
Alan Orth 03700596bc
README.md: Update notes 2018-04-29 15:51:21 +03:00
Alan Orth 436e823415
Update Ansible to 2.5.2 in pipenv 2018-04-29 11:41:24 +03:00
Alan Orth 6208d1518c
roles/nginx: Use set_fact to set certbot dependencies 
Instead of looping over a list of items to install, we can actually
just give a list directly to the apt module. This allows the module
to install all packages in one transaction, which is faster as well
as slightly safer for some dependency resolution scenarios.
 2018-04-26 19:48:05 +03:00