alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
750 Commits 2 Branches 0 Tags 4.2 MiB
8ee52143fc
Commit Graph

750 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alan Orth
8ee52143fc
roles/mariadb: Disable the query cache by default 
It seems that the usefulness of the query cache is diminishing in
recent years. If your cache is large then the time taken to scan
the cache can be longer than the SQL query itself.

See: https://haydenjames.io/mysql-query-cache-size-performance/
 2020-12-29 11:07:33 +02:00
Alan Orth
67a18c4f49
roles/mariadb: Reduce key buffer size 
mysqltuner.pl shows currently 6M out of 33M being used.
 2020-12-29 10:58:12 +02:00
Alan Orth
b8428e67a8
roles/mariadb: Install MariaDB 10.5 2020-12-29 10:41:27 +02:00
Alan Orth
e18529e6e1
roles/mariadb: Update service name 
As of MariaDB 10.5 the service name and binaries have changed from
mysql, mysqld, etc to mariadbd.

See: https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/
 2020-12-29 10:40:13 +02:00
Alan Orth
89db1449d1
roles/mariadb: Fetch signing key from mariadb.org 
I downloaded the key and checked the fingerprint with gpg:

    $ gpg --dry-run --import mariadb_release_signing_key.asc
    gpg: key F1656F24C74CD1D8: 6 signatures not checked due to missing keys
    gpg: Total number processed: 1
 2020-12-29 10:36:33 +02:00
Alan Orth
6660a0cd36
roles/mariadb: Remove innodb_buffer_pool_instances 
This was deprecated in MariaDB 10.5. The setting is now ignored and
will be removed in a future version.

See: https://mariadb.com/kb/en/changes-improvements-in-mariadb-105/#innodb-removed-or-deprecated-variables
 2020-12-29 10:18:23 +02:00
Alan Orth
e7d5cb1edb
host_vars/web19: Override root for picturingjordan.com 2020-12-28 22:55:57 +02:00
Alan Orth
73d6abd15f
roles/nginx: Allow sites to override the root 2020-12-28 22:53:32 +02:00
Alan Orth
e1b412bfff
roles/common: Update list of abusive IP addresses 
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

  $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
    confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
    -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
    -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
 2020-12-23 09:01:08 +02:00
Alan Orth
39994f118c
host_vars/web19: WordPress 5.6 2020-12-22 15:44:01 +02:00
Alan Orth
10b6b11be5
Pipfile.lock: Run pipenv update 2020-12-22 15:35:26 +02:00
Alan Orth
d4fd06862a
roles/nginx: Fix Let's Encrypt pre/post renewal hooks 2020-12-10 15:20:23 +02:00
Alan Orth
d553f80a00
Run pipenv update 2020-12-09 22:47:44 +02:00
Alan Orth
b5921b6b34
host_vars/nomad02: Add drone.io deployment notes 2020-12-09 22:14:52 +02:00
Alan Orth
08aaeb1395
Add host_vars/nomad02 
To run drone.io
 2020-12-09 16:27:47 +02:00
Alan Orth
ae98fc5cf1
host_vars/nomad01: Fix ports 2020-12-09 16:04:24 +02:00
Alan Orth
ca952b6948
host_vars/nomad01: Add notes about deployment 2020-12-09 14:24:56 +02:00
Alan Orth
4862fa33ac
host_vars/nomad01: Add gitea user to ssh_allowed_users 2020-12-08 23:16:10 +02:00
Alan Orth
4edf92fe0d
roles/common: Allow adding extra SSH users 2020-12-08 23:15:51 +02:00
Alan Orth
a105923f4b
host_vars/nomad01: Open TCP 80 and 443 2020-12-08 20:57:59 +02:00
Alan Orth
a49dc82da6
host_vars/nomad01: Add comments 2020-12-08 20:56:56 +02:00
Alan Orth
5055e425be
Add host_vars/nomad01 2020-12-08 20:56:03 +02:00
Alan Orth
66de556d83
Add a "nomads" group of hosts 
Hosts that I want to run common config stuff like SSH, firewalls,
etc.
 2020-12-08 20:55:24 +02:00
Alan Orth
90a8c1c8db
Remove host_vars/web18 
Replaced by web19 months ago.
 2020-12-08 18:52:11 +02:00
Alan Orth
08ae79ae88
Use Python 3.9 in pipenv setup 2020-12-02 11:33:10 +02:00
Alan Orth
776fd7cc76
Pipfile.lock: Update dependencies with pipenv update 2020-11-29 10:31:13 +02:00
Alan Orth
dd2f65947d
roles/common: Update list of abusive IP addresses 
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

    $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
      confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
      -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
      -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
 2020-11-06 15:44:57 +02:00
Alan Orth
31ffda5466
Re-create Pipfile 
Something about upgrading from Ansible 2.9 to 2.10 wasn't working.
 2020-11-01 19:04:07 +02:00
Alan Orth
7087d68459
host_vars/web19: WordPress 5.5.3 2020-11-01 19:03:49 +02:00
Alan Orth
d3c2b0559a
Pipfile.lock: Run pipenv update 
Ansible 2.9.13
 2020-09-02 15:31:01 +03:00
Alan Orth
2e77780ae3
host_vars/web19: WordPress 5.5.1 2020-09-02 15:30:42 +03:00
Alan Orth
f4b104953c
roles/common: Use correct Ansible version comparison 
The major version is "16", not "16.04".
 2020-07-27 14:23:58 +03:00
Alan Orth
c9ea286fff
roles/mariadb: Simplify sources.list 2020-07-14 09:51:35 +03:00
Alan Orth
b366b0af3d
roles/nginx: Update version comment 2020-07-14 09:48:12 +03:00
Alan Orth
0c192e6c4a
roles/munin: Remove tomcat config 
We don't use tomcat here.
 2020-07-14 09:47:39 +03:00
Alan Orth
f5b6fa74c6
roles/munin: Use systemd module instead of service 
All hosts are running systemd.
 2020-07-14 09:47:18 +03:00
Alan Orth
dbb4dd7098
roles/php-fpm: Add missing Ubuntu 20.04 PHP-FPM task 2020-07-14 09:45:51 +03:00
Alan Orth
72b8b193b5
Remove support for Debian 9 and Ubuntu 16.04 2020-07-14 09:45:33 +03:00
Alan Orth
539f081d4d
roles/common: Remove storage-specific tweaks 
We don't have any "storage" group. This was ported from somewhere
else and I didn't notice that code.
 2020-07-14 09:10:07 +03:00
Alan Orth
950b949eac
README.md: Update copyright year 2020-07-14 09:04:26 +03:00
Alan Orth
a1f110c8bc
Add PHP 7.4 FPM support 2020-07-13 23:25:32 +03:00
Alan Orth
20ab27e1d2
roles/php-fpm: Fix 7.4 pool config 2020-07-13 23:25:09 +03:00
Alan Orth
7f5499c307
roles/php-fpm: Import config changes for PHP 7.4 2020-07-13 22:37:12 +03:00
Alan Orth
057e98ab47
roles/php-fpm: Import Ubuntu 20.04 PHP 7.4 FPM configs 2020-07-13 22:34:02 +03:00
Alan Orth
5282154d7d
roles/common: Disable Canonical spam in MOTD 2020-06-25 21:12:00 +03:00
Alan Orth
f4da35acee
Pipfile.lock: Run pipenv update 
Ansible 2.9.10
 2020-06-25 20:56:18 +03:00
Alan Orth
e286866a6a
host_vars/web18: WordPress 5.4.2 2020-06-21 19:22:17 +03:00
Alan Orth
99b55403d3
roles/common: Update list of abusive IP addresses 
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

$ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
  confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
  -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
  -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
 2020-06-21 16:31:09 +03:00
Alan Orth
9abfe80245 roles/nginx: Add pre and post hooks for Let's Encrypt on Ubuntu 20.04 
Certbot will run any executables in the pre and post directories
during certificate renewal.
 2020-06-08 12:15:29 +03:00
Alan Orth
0587841476 roles/nginx: Adjust certbot tasks 
It seems that it is no longer recommended/supported to install the
standalone certbot-auto client on Ubuntu 20.04. We apparently need
to use the one provided by Ubuntu, which luckily includes a service
and timer to renew the certs.
 2020-06-08 12:15:29 +03:00