Alan Orth
7a9a24ef5d
roles/common: rework fail2ban again
...
Actually, we do want to run fail2ban on all hosts because the sshd
monitoring via systemd is nice. At the very least it reduces spam
from failed logins in our systemd journal.
2023-08-23 22:15:24 +03:00
Alan Orth
067adcd9f5
roles/common: rework fail2ban tasks
...
We can only run fail2ban when we have logs to monitor. When a host
is running Caddy we don't have logs, so fail2ban doesn't have any-
thing to monitor out of the box. For now I will restrict the task
to hosts running nginx.
2023-08-23 21:59:28 +03:00
Alan Orth
84d210cfab
roles/common: re-format handlers
...
Use the newer Ansible format.
2023-08-23 21:35:28 +03:00
Alan Orth
17736a4f14
roles/common: run ansible-lint --write
2023-08-23 21:33:22 +03:00
Alan Orth
b9e91c4a3d
roles/common: minor updates to tarsnap task
...
Use modern Ansible task format
2023-08-23 21:20:22 +03:00
Alan Orth
51c95e5d4c
roles/common: update tarsnap task
...
Update tarsnap task to use apt signed-by for package signing keys
instead of adding keys directly to apt-key.
2023-08-23 21:18:27 +03:00
Alan Orth
8dbec29d2a
roles/nginx: prepare letsencrypt task for Debian 12
2023-08-23 21:01:12 +03:00
Alan Orth
d3bf3dab04
roles/php-fpm: add support for PHP 8.2
...
This is used in Debian 12.
2023-08-23 20:56:35 +03:00
Alan Orth
8f50b7756b
host_vars/web22: WordPress 6.3
2023-08-22 21:33:49 +03:00
Alan Orth
e86ccc9979
roles/nginx: minor rework of apt key stuff
2023-08-22 21:33:19 +03:00
Alan Orth
cea8529f49
Pipfile.lock: run pipenv update
2023-08-22 21:02:17 +03:00
Alan Orth
d77718edae
host_vars: add fail2ban_ignoreip
2023-08-14 16:37:07 +02:00
Alan Orth
14d57fc477
roles/nginx: reformat main tasks
2023-08-10 22:44:47 +02:00
Alan Orth
5c39f1abd8
roles/common: minor changes to Debian sshd_config files
2023-08-10 22:10:04 +02:00
Alan Orth
6794eb0432
roles/common: default to disabling SSH passwords
2023-08-10 22:09:03 +02:00
Alan Orth
11614e3725
host_vars: replace nomad02 with nomad03
...
The former is Ubuntu 20.04, the latter is Debian 12. Running Drone
CI.
2023-08-10 08:37:09 +02:00
Alan Orth
b106f9d9e5
roles/common: ignore apt sources.list on Scaleway
...
While testing Debian 12 on Scaleway I noticed their apt sources.list
is in some weird format I've never seen before, so let's skip it on
those hosts.
2023-08-10 08:08:42 +02:00
Alan Orth
3c8250e6ac
Pipfile.lock: run pipenv update
2023-08-09 22:07:54 +02:00
Alan Orth
d280859b0d
roles/common: minor updates to Debian 11 sshd_config
2023-08-09 21:55:04 +02:00
Alan Orth
bca1629d2f
Minor comment updates for Debian 12
2023-08-09 21:51:53 +02:00
Alan Orth
4fa82faf18
roles/common: adjust sshd_config for Debian 12
...
Adjust sshd_config based on ssh-audit profile for OpenSSH 9.2.
2023-08-09 21:27:19 +02:00
Alan Orth
b8f0b4b1fb
roles/common: add vanilla sshd_config for Debian 12
2023-08-09 21:16:50 +02:00
Alan Orth
68e5d05bbb
host_vars/web22: WordPress 6.2.2
2023-07-27 18:48:37 +03:00
Alan Orth
446d402778
roles: minor fix to Debian version comparisons
2023-07-27 18:48:07 +03:00
Alan Orth
67379fc2e4
host_vars/web22: WordPress 6.2
2023-05-04 07:10:40 +03:00
Alan Orth
73546967b6
Pipfile.lock: run pipenv update
2023-05-04 06:58:25 +03:00
Alan Orth
16b661efe1
Pipfile.lock: run pipenv update
2023-04-14 10:09:29 -07:00
Alan Orth
fdb9a75489
roles/common: update tarsnap GPG key
2023-04-14 10:09:11 -07:00
Alan Orth
232d7a0348
host_vars/web22: WordPress 6.1.1
2022-11-24 18:31:48 +03:00
Alan Orth
6e4bb5bc34
host_vars/web21: use caddy
2022-11-13 18:58:57 +03:00
Alan Orth
c840ffe018
roles/caddy: improve vhost template
...
Support domain aliases that redirect to the main domain and allow
sites to say they are static sites where they only need a document
root.
2022-11-13 18:54:03 +03:00
Alan Orth
45c9d7ea0a
Pipfile.lock: run pipenv update
2022-11-13 16:50:07 +03:00
Alan Orth
a62bc446e8
host_vars/web22: WordPress 6.1
2022-11-06 23:00:41 +03:00
Alan Orth
62a6a491db
host_vars/web23: use caddy
2022-11-02 22:30:32 +03:00
Alan Orth
4867d6da6a
Add basic caddy role
2022-11-02 22:29:30 +03:00
Alan Orth
d9f7c7a93b
group_vars/web: set default webserver to nginx
...
While I'm still getting experience with caddy and adapting it to my
workloads.
2022-11-02 22:12:36 +03:00
Alan Orth
bc8c030700
roles/common: update Tarsnap GPG key
2022-11-02 22:11:37 +03:00
Alan Orth
f7598d8f1c
Pipfile.lock: run pipenv update
2022-11-02 20:50:59 +03:00
Alan Orth
c353e84a84
site.yml: use fully-qualified modules
2022-10-25 21:08:27 +03:00
Alan Orth
99ca23f258
Pipfile.lock: run pipenv update
2022-10-17 19:56:30 +03:00
Alan Orth
b663d27fd8
roles/common: rework firewall_Debian.yml playbook
...
Use newer Ansible task format, move from apt to package module, and
do package installs in one transaction using a list instead of a
loop.
2022-09-12 17:25:40 +03:00
Alan Orth
67c99dacf6
roles/common: rework firewall_Ubuntu.yml playbook
...
Use newer Ansible task format, move from apt to package module, and
do package installs in one transaction using a list instead of a loop.
2022-09-12 17:18:33 +03:00
Alan Orth
4abf2b10e4
ansible.cfg: smart fact gathering
2022-09-12 17:18:19 +03:00
Alan Orth
f5199264f9
ansible.cfg: disable SSH host key checking
2022-09-12 17:14:39 +03:00
Alan Orth
b259f09cbd
roles/common: add SSH public key from other machine
2022-09-12 17:06:31 +03:00
Alan Orth
f4b32e516b
roles/mariadb: use newer Ansible task syntax
2022-09-12 10:16:42 +03:00
Alan Orth
fcb12ecee0
roles/mariadb: remove sources.list template
2022-09-12 10:13:27 +03:00
Alan Orth
5bc03ceacc
roles/mariadb: install packages in single transaction
...
Using a list we can install these in a single apt transaction. Also
use the newer task format.
2022-09-12 10:12:07 +03:00
Alan Orth
c317429f6d
roles/mariadb: rework package signing key and repo
2022-09-12 10:09:41 +03:00
Alan Orth
b512a7f765
roles/common: create /etc/apt/keyrings
...
According the the Debian docs for third-party repositories we must
create this manually on distros before Debian 12 and Ubuntu 22.04.
This is due to changes in apt-secure and the deprecation of apt-key.
See: https://wiki.debian.org/DebianRepository/UseThirdParty
2022-09-12 10:05:12 +03:00