Commit Graph

950 Commits

Author SHA1 Message Date
8ee52143fc
roles/mariadb: Disable the query cache by default
It seems that the usefulness of the query cache is diminishing in
recent years. If your cache is large then the time taken to scan
the cache can be longer than the SQL query itself.

See: https://haydenjames.io/mysql-query-cache-size-performance/
2020-12-29 11:07:33 +02:00
67a18c4f49
roles/mariadb: Reduce key buffer size
mysqltuner.pl shows currently 6M out of 33M being used.
2020-12-29 10:58:12 +02:00
b8428e67a8
roles/mariadb: Install MariaDB 10.5 2020-12-29 10:41:27 +02:00
e18529e6e1
roles/mariadb: Update service name
As of MariaDB 10.5 the service name and binaries have changed from
mysql, mysqld, etc to mariadbd.

See: https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/
2020-12-29 10:40:13 +02:00
89db1449d1
roles/mariadb: Fetch signing key from mariadb.org
I downloaded the key and checked the fingerprint with gpg:

    $ gpg --dry-run --import mariadb_release_signing_key.asc
    gpg: key F1656F24C74CD1D8: 6 signatures not checked due to missing keys
    gpg: Total number processed: 1
2020-12-29 10:36:33 +02:00
6660a0cd36
roles/mariadb: Remove innodb_buffer_pool_instances
This was deprecated in MariaDB 10.5. The setting is now ignored and
will be removed in a future version.

See: https://mariadb.com/kb/en/changes-improvements-in-mariadb-105/#innodb-removed-or-deprecated-variables
2020-12-29 10:18:23 +02:00
e7d5cb1edb
host_vars/web19: Override root for picturingjordan.com 2020-12-28 22:55:57 +02:00
73d6abd15f
roles/nginx: Allow sites to override the root 2020-12-28 22:53:32 +02:00
e1b412bfff
roles/common: Update list of abusive IP addresses
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

  $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
    confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
    -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
    -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-12-23 09:01:08 +02:00
39994f118c
host_vars/web19: WordPress 5.6 2020-12-22 15:44:01 +02:00
10b6b11be5
Pipfile.lock: Run pipenv update 2020-12-22 15:35:26 +02:00
d4fd06862a
roles/nginx: Fix Let's Encrypt pre/post renewal hooks 2020-12-10 15:20:23 +02:00
d553f80a00
Run pipenv update 2020-12-09 22:47:44 +02:00
b5921b6b34
host_vars/nomad02: Add drone.io deployment notes 2020-12-09 22:14:52 +02:00
08aaeb1395
Add host_vars/nomad02
To run drone.io
2020-12-09 16:27:47 +02:00
ae98fc5cf1
host_vars/nomad01: Fix ports 2020-12-09 16:04:24 +02:00
ca952b6948
host_vars/nomad01: Add notes about deployment 2020-12-09 14:24:56 +02:00
4862fa33ac
host_vars/nomad01: Add gitea user to ssh_allowed_users 2020-12-08 23:16:10 +02:00
4edf92fe0d
roles/common: Allow adding extra SSH users 2020-12-08 23:15:51 +02:00
a105923f4b
host_vars/nomad01: Open TCP 80 and 443 2020-12-08 20:57:59 +02:00
a49dc82da6
host_vars/nomad01: Add comments 2020-12-08 20:56:56 +02:00
5055e425be
Add host_vars/nomad01 2020-12-08 20:56:03 +02:00
66de556d83
Add a "nomads" group of hosts
Hosts that I want to run common config stuff like SSH, firewalls,
etc.
2020-12-08 20:55:24 +02:00
90a8c1c8db
Remove host_vars/web18
Replaced by web19 months ago.
2020-12-08 18:52:11 +02:00
08ae79ae88
Use Python 3.9 in pipenv setup 2020-12-02 11:33:10 +02:00
776fd7cc76
Pipfile.lock: Update dependencies with pipenv update 2020-11-29 10:31:13 +02:00
dd2f65947d
roles/common: Update list of abusive IP addresses
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

    $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
      confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
      -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
      -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-11-06 15:44:57 +02:00
31ffda5466
Re-create Pipfile
Something about upgrading from Ansible 2.9 to 2.10 wasn't working.
2020-11-01 19:04:07 +02:00
7087d68459
host_vars/web19: WordPress 5.5.3 2020-11-01 19:03:49 +02:00
d3c2b0559a
Pipfile.lock: Run pipenv update
Ansible 2.9.13
2020-09-02 15:31:01 +03:00
2e77780ae3
host_vars/web19: WordPress 5.5.1 2020-09-02 15:30:42 +03:00
f4b104953c
roles/common: Use correct Ansible version comparison
The major version is "16", not "16.04".
2020-07-27 14:23:58 +03:00
c9ea286fff
roles/mariadb: Simplify sources.list 2020-07-14 09:51:35 +03:00
b366b0af3d
roles/nginx: Update version comment 2020-07-14 09:48:12 +03:00
0c192e6c4a
roles/munin: Remove tomcat config
We don't use tomcat here.
2020-07-14 09:47:39 +03:00
f5b6fa74c6
roles/munin: Use systemd module instead of service
All hosts are running systemd.
2020-07-14 09:47:18 +03:00
dbb4dd7098
roles/php-fpm: Add missing Ubuntu 20.04 PHP-FPM task 2020-07-14 09:45:51 +03:00
72b8b193b5
Remove support for Debian 9 and Ubuntu 16.04 2020-07-14 09:45:33 +03:00
539f081d4d
roles/common: Remove storage-specific tweaks
We don't have any "storage" group. This was ported from somewhere
else and I didn't notice that code.
2020-07-14 09:10:07 +03:00
950b949eac
README.md: Update copyright year 2020-07-14 09:04:26 +03:00
a1f110c8bc
Add PHP 7.4 FPM support 2020-07-13 23:25:32 +03:00
20ab27e1d2
roles/php-fpm: Fix 7.4 pool config 2020-07-13 23:25:09 +03:00
7f5499c307
roles/php-fpm: Import config changes for PHP 7.4 2020-07-13 22:37:12 +03:00
057e98ab47
roles/php-fpm: Import Ubuntu 20.04 PHP 7.4 FPM configs 2020-07-13 22:34:02 +03:00
5282154d7d
roles/common: Disable Canonical spam in MOTD 2020-06-25 21:12:00 +03:00
f4da35acee
Pipfile.lock: Run pipenv update
Ansible 2.9.10
2020-06-25 20:56:18 +03:00
e286866a6a
host_vars/web18: WordPress 5.4.2 2020-06-21 19:22:17 +03:00
99b55403d3
roles/common: Update list of abusive IP addresses
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

$ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
  confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
  -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
  -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-06-21 16:31:09 +03:00
9abfe80245 roles/nginx: Add pre and post hooks for Let's Encrypt on Ubuntu 20.04
Certbot will run any executables in the pre and post directories
during certificate renewal.
2020-06-08 12:15:29 +03:00
0587841476 roles/nginx: Adjust certbot tasks
It seems that it is no longer recommended/supported to install the
standalone certbot-auto client on Ubuntu 20.04. We apparently need
to use the one provided by Ubuntu, which luckily includes a service
and timer to renew the certs.
2020-06-08 12:15:29 +03:00