Commit Graph

977 Commits

Author SHA1 Message Date
7ea3ab46f8 host_vars/web22: WordPress 6.7.1 2025-01-27 21:48:16 +03:00
0561bd5b52 Pipfile.lock: run pipenv update 2025-01-27 21:36:13 +03:00
d62572f02c Pipfile: python 3.13 2025-01-27 21:35:58 +03:00
2ffe5e87d9 host_vars/web22: WordPress 6.6.2 2024-12-30 11:03:47 +03:00
38d4f1a303 Pipfile.lock: run pipenv update 2024-12-30 11:03:35 +03:00
ed8cb88038 host_vars/web22: WordPress 6.5.5 2024-06-25 08:18:22 +03:00
c31e447861 roles/nginx: update signing key 2024-06-25 08:11:59 +03:00
545684467c host_vars/nomad03: remove 2024-06-05 20:35:29 +03:00
24ae5eaab1 host_vars/web22: WordPress 6.5.3 2024-05-13 14:51:45 +03:00
dac23f1427 Pipfile: use Python 3.12 2024-05-13 14:51:34 +03:00
41fbc73dd1 host_vars/web22: WordPress 6.4.3 2024-03-20 20:28:13 +03:00
fee794bcf0 Update Pipfile 2024-03-20 20:28:00 +03:00
8bce1d8b1b host_vars/web22: WordPress 6.4.1 2023-12-02 22:40:06 +03:00
6dc2ea36b6 roles/nginx: fix path to php 8.2 socket 2023-09-11 19:55:24 +03:00
af71a9b5f8 roles/php-fpm: remove fmt strings
Ansible confuses them for jinja2 tokens.
2023-09-11 19:52:18 +03:00
4dd57803e2 roles/php-fpm: fix user/group for php 8.2 configs 2023-09-11 19:51:59 +03:00
18d4245fc0 roles/common: fix tarsnap signing of apt repo 2023-09-11 19:37:49 +03:00
1bddf3cccd Pipfile.lock: run pipenv update 2023-09-11 18:52:25 +03:00
20dbe61fe1 roles/mariadb: use MariaDB 10.11
The server has already been updated from 10.6 to 10.11.

See: https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/
2023-09-10 22:53:10 +03:00
899e87321b host_vars/web22: WordPress 6.3.1 2023-09-10 22:44:23 +03:00
06416a3b64 roles: run ansible-lint --write 2023-08-23 22:22:51 +03:00
7a9a24ef5d roles/common: rework fail2ban again
Actually, we do want to run fail2ban on all hosts because the sshd
monitoring via systemd is nice. At the very least it reduces spam
from failed logins in our systemd journal.
2023-08-23 22:15:24 +03:00
067adcd9f5 roles/common: rework fail2ban tasks
We can only run fail2ban when we have logs to monitor. When a host
is running Caddy we don't have logs, so fail2ban doesn't have any-
thing to monitor out of the box. For now I will restrict the task
to hosts running nginx.
2023-08-23 21:59:28 +03:00
84d210cfab roles/common: re-format handlers
Use the newer Ansible format.
2023-08-23 21:35:28 +03:00
17736a4f14 roles/common: run ansible-lint --write 2023-08-23 21:33:22 +03:00
b9e91c4a3d roles/common: minor updates to tarsnap task
Use modern Ansible task format
2023-08-23 21:20:22 +03:00
51c95e5d4c roles/common: update tarsnap task
Update tarsnap task to use apt signed-by for package signing keys
instead of adding keys directly to apt-key.
2023-08-23 21:18:27 +03:00
8dbec29d2a roles/nginx: prepare letsencrypt task for Debian 12 2023-08-23 21:01:12 +03:00
d3bf3dab04 roles/php-fpm: add support for PHP 8.2
This is used in Debian 12.
2023-08-23 20:56:35 +03:00
8f50b7756b host_vars/web22: WordPress 6.3 2023-08-22 21:33:49 +03:00
e86ccc9979 roles/nginx: minor rework of apt key stuff 2023-08-22 21:33:19 +03:00
cea8529f49 Pipfile.lock: run pipenv update 2023-08-22 21:02:17 +03:00
d77718edae host_vars: add fail2ban_ignoreip 2023-08-14 16:37:07 +02:00
14d57fc477 roles/nginx: reformat main tasks 2023-08-10 22:44:47 +02:00
5c39f1abd8 roles/common: minor changes to Debian sshd_config files 2023-08-10 22:10:04 +02:00
6794eb0432 roles/common: default to disabling SSH passwords 2023-08-10 22:09:03 +02:00
11614e3725 host_vars: replace nomad02 with nomad03
The former is Ubuntu 20.04, the latter is Debian 12. Running Drone
CI.
2023-08-10 08:37:09 +02:00
b106f9d9e5 roles/common: ignore apt sources.list on Scaleway
While testing Debian 12 on Scaleway I noticed their apt sources.list
is in some weird format I've never seen before, so let's skip it on
those hosts.
2023-08-10 08:08:42 +02:00
3c8250e6ac Pipfile.lock: run pipenv update 2023-08-09 22:07:54 +02:00
d280859b0d roles/common: minor updates to Debian 11 sshd_config 2023-08-09 21:55:04 +02:00
bca1629d2f Minor comment updates for Debian 12 2023-08-09 21:51:53 +02:00
4fa82faf18 roles/common: adjust sshd_config for Debian 12
Adjust sshd_config based on ssh-audit profile for OpenSSH 9.2.
2023-08-09 21:27:19 +02:00
b8f0b4b1fb roles/common: add vanilla sshd_config for Debian 12 2023-08-09 21:16:50 +02:00
68e5d05bbb host_vars/web22: WordPress 6.2.2 2023-07-27 18:48:37 +03:00
446d402778 roles: minor fix to Debian version comparisons 2023-07-27 18:48:07 +03:00
67379fc2e4 host_vars/web22: WordPress 6.2 2023-05-04 07:10:40 +03:00
73546967b6 Pipfile.lock: run pipenv update 2023-05-04 06:58:25 +03:00
16b661efe1 Pipfile.lock: run pipenv update 2023-04-14 10:09:29 -07:00
fdb9a75489 roles/common: update tarsnap GPG key 2023-04-14 10:09:11 -07:00
232d7a0348 host_vars/web22: WordPress 6.1.1 2022-11-24 18:31:48 +03:00