Alan Orth
6ef6f51966
Remove more Tor relayor stuff
2018-08-29 09:08:12 +03:00
Alan Orth
7aa6384055
host_vars/web17: WordPress 4.9.8
2018-08-05 11:36:27 +03:00
Alan Orth
da615fb368
roles/mariadb: Update my.cnf template
...
Sync from upstream's provided my.cnf.
2018-07-29 16:43:56 +03:00
Alan Orth
b47f66512d
roles/mariadb: Use MariaDB 10.3
...
Also disables the fetching of i386 packages because the mirror does
not appear to have them anymore (and I wasn't using them anyways).
2018-07-29 16:23:24 +03:00
Alan Orth
5d9577bc2d
Pipfile.lock: Run pipenv update
2018-07-29 16:13:43 +03:00
Alan Orth
963bf65099
roles/common: Limit number of SSH authentication attempts
...
The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.
Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.
2018-07-23 13:14:54 +03:00
Alan Orth
4f6d02922a
Run pipenv update and pipenv sync
2018-07-23 13:10:39 +03:00
Alan Orth
edd55124e8
Pipfile: Upgrade to Ansible 2.6.x
2018-07-23 13:09:00 +03:00
Alan Orth
c21207f704
host_vars/web17: WordPress 4.9.7
2018-07-06 10:45:33 +03:00
Alan Orth
9dfc0a2f1c
Pipfile: Pin Ansible < 2.6
...
I haven't tested Ansible 2.6 yet.
See: https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.6.html
2018-07-01 12:00:52 +03:00
Alan Orth
37a7ff4e72
Pipfile.lock: Run pipenv update
2018-06-24 08:59:33 +03:00
Alan Orth
f22b6af273
roles/common: Change mode of SSH public key
2018-05-30 08:32:11 -07:00
Alan Orth
37a88f676b
roles/common: Add new SSH public key for aorth
2018-05-30 07:48:38 -07:00
Alan Orth
8f0ce74307
Remove host_vars/web12
2018-05-22 23:27:59 +03:00
Alan Orth
ca15b27789
Add host_vars/web17
2018-05-20 14:58:27 +03:00
Alan Orth
131420be17
roles/common: Add task to copy tarsnaprc
...
One less thing to do manually after server provisioning, and there is
nothing sensitive in here anyways.
2018-05-20 12:51:02 +03:00
Alan Orth
c29d37c159
roles/mariadb: Use German mirror
2018-05-20 12:05:35 +03:00
Alan Orth
05e853d0ad
README.md: Add note about Python 2 being installed
2018-05-20 11:46:18 +03:00
Alan Orth
314a33d37c
Use official MariaDB builds for Ubuntu bionic
...
We had been using the Ubuntu 17.10 "artful" builds for Ubuntu 18.04
"bionic" but there are now official bionic builds.
2018-05-19 23:12:35 +03:00
Alan Orth
533b9c60e7
Use ansible >= 2.5.1 for pipenv
2018-05-18 17:35:07 +03:00
Alan Orth
073e02f875
host_vars/web12: WordPress 4.9.6
2018-05-18 12:41:50 +03:00
Alan Orth
23073100ce
Remove tor-relay stuff
...
Harder to run one of these than I thought. Mostly it takes a lot of
bandwidth, and it's probably better to spend the $5/month you'd sp-
end on the VPS by donating $50 to the torservers.net project.
2018-05-16 09:58:08 +03:00
Alan Orth
2837de4e3f
roles/php-fpm: Update defaults
...
From latest PHP 7.2 on Ubuntu 18.04's php.ini-production.
2018-05-15 00:00:27 +03:00
Alan Orth
70abcb2051
roles/php-fpm: Import new php.ini-production
...
From latest Ubuntu 18.04 PHP 7.2 package.
2018-05-14 23:58:45 +03:00
Alan Orth
92e0b67149
Remove relay03
2018-05-13 12:30:41 +03:00
Alan Orth
6e9fa0a213
Add relay03
2018-05-13 10:45:48 +03:00
Alan Orth
207856d587
Remove relay02
2018-05-13 09:25:31 +03:00
Alan Orth
c8f0421ff7
host_vars/relay02: Reduce bandwidth to 75 KBytes
...
This is the minimum for Tor relays according to the torrc man page.
2018-05-13 08:17:20 +03:00
Alan Orth
3a4bd1e5c4
host_vars/relay02: Increase bandwidth to 1 megabit
2018-05-12 23:35:17 +03:00
Alan Orth
142ae35904
host_vars/relay02: Reduce speed to 700 kilobits
2018-05-12 21:58:59 +03:00
Alan Orth
d6340a3c09
README.md: Update todo
2018-05-09 00:06:21 +03:00
Alan Orth
1a9033dece
roles/common: Use bionic tarsnap builds on Ubuntu 18.04
...
Tarsnap finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
2018-05-09 00:05:42 +03:00
Alan Orth
42fcd933a8
roles/nginx: Fix Jinja2 logic in apt sources template
2018-05-08 23:53:47 +03:00
Alan Orth
5a8b7f0425
README.md: Update todo
2018-05-08 23:43:54 +03:00
Alan Orth
3f0c45d504
roles/nginx: Force amd64 builds on apt sources
...
Avoids the following error in apt:
Skipping acquire of configured file 'nginx/binary-i386/Packages' as repository 'https://nginx.org/packages/ubuntu bionic InRelease' doesn't support architecture 'i386'
2018-05-08 23:41:25 +03:00
Alan Orth
f5fbc4b8f1
roles/nginx: Use bionic builds on Ubuntu 18.04
...
NGINX finally published builds for Ubuntu 18.04 "bionic" so we don't
need to use the 17.10 "artful" ones anymore.
2018-05-08 23:39:59 +03:00
Alan Orth
70c279ea81
Add host_vars/relay02
2018-05-07 11:04:38 +03:00
Alan Orth
d4a0dab704
Add netaddr to pipenv configuration
...
Required by the ansible-relayor role.
2018-05-07 11:04:22 +03:00
Alan Orth
42501acb74
Add install instructions for ansible-relayor
...
There are several ways to install external roles, ie via ansible-galaxy,
git submodules, etc. I found that adding this role to a requirements.yml
file and adding instructions to the README.md is probably the best way.
Using ansible-galaxy actually had issues because the ansible-relayor git
repository has version tags that use mixed styles, like v0.3.3 and 0.1.0
without a v.
2018-05-07 10:54:40 +03:00
Alan Orth
1277f422c8
Add playbook for configuring Tor relays
...
Utilizes the ansible-relayor role developed by nusenu.
See: https://github.com/nusenu/ansible-relayor
2018-05-07 10:53:36 +03:00
Alan Orth
f9ea7d30f5
host_vars/web12: Update DNS resolvers for TLS stapling
2018-04-30 18:12:29 +03:00
Alan Orth
0a39051a95
roles/nginx: Allow custom resolvers for TLS stapling
...
Allows to specify custom DNS resolvers for TLS stapling, with a default
of Cloudflare's public DNS servers.
2018-04-30 18:04:17 +03:00
Alan Orth
bda95b6a1c
roles/nginx: Default to Cloudflare public DNS for TLS stapling
...
No need to give Google even more data or free advertising by using
this as the default! In practice I always use the DNS servers from
the VPS provider anyways.
2018-04-30 17:51:59 +03:00
Alan Orth
54d62feead
README.md: Add note about unattended-upgrades
2018-04-29 21:16:03 +03:00
Alan Orth
7aed78016c
roles/php-fpm: Use set_fact to set packages
...
Instead of looping over a list of items to install, we can actually
just give a list directly to the apt module. This allows the module
to install all packages in one transaction, which is faster as well
as slightly safer for some dependency resolution scenarios.
2018-04-29 16:10:53 +03:00
Alan Orth
45517a1421
roles/php-fpm: Remove "packages" tag
...
This tag is no longer reachable after switching to the new dynamic
includes in Ansible 2.4 and 2.5. Anyways, I've been questioning my
decision to add the "packages" tag to any task that uses the apt
module.
2018-04-29 16:04:47 +03:00
Alan Orth
434fe59a63
roles/php-fpm: Use blocks to tag children of dynamic tasks
...
When using dynamic includes, child tasks do not inherit tags from their
parents. You must tag the parent and each child task separately, or use
a block to group children and then apply a tag to a block.
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-04-29 16:04:03 +03:00
Alan Orth
03700596bc
README.md: Update notes
2018-04-29 15:51:21 +03:00
Alan Orth
436e823415
Update Ansible to 2.5.2 in pipenv
2018-04-29 11:41:24 +03:00
Alan Orth
6208d1518c
roles/nginx: Use set_fact to set certbot dependencies
...
Instead of looping over a list of items to install, we can actually
just give a list directly to the apt module. This allows the module
to install all packages in one transaction, which is faster as well
as slightly safer for some dependency resolution scenarios.
2018-04-26 19:48:05 +03:00