alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
642 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

642 Commits

Author SHA1 Message Date
Alan Orth a488972729
README.md: Update notes for Debian 10 2019-09-16 15:02:11 +03:00
Alan Orth eb7998fd12
roles/nginx: Fix hardcoded "stretch" release in sources 
This was causing the stretch version to get installed on buster, w-
hich led to the cipher suite and ssl protocol support to behave st-
rangeley.
 2019-09-15 16:03:17 +03:00
Alan Orth 1ec6d07232
roles/nginx: Fix php7.3-fpm socket location on Debian 10 2019-09-15 15:55:42 +03:00
Alan Orth 2740f050fc
roles/common: Increase ssh MaxAuthTries from 3 to 4 
If a user has RSA, ECDSA, and ED25519 private keys present on their
system then the ssh client will offer all of these to the server
and they may not get a chance to try password auth before it fails.
 2019-09-15 15:17:00 +03:00
Alan Orth cf16264f53
roles/common: Update sshd_config template for Debian 10 
It seems I had imported the stock one from a default install, but I
never configured it.
 2019-09-15 15:15:30 +03:00
Alan Orth cbdd779af0
roles/common: Remove lzop and lrzip from packages 
zstd is a much better all-purpose compression utility.
 2019-09-15 13:23:52 +03:00
Alan Orth 4faeb79b5c
roles/common: Add zstd to base packages 2019-09-14 20:36:40 +03:00
Alan Orth a7231bcf5f
roles/mariadb: Remove login_unix_socket from .my.cnf 
It is causing an error at client runtime.
 2019-09-14 18:32:26 +03:00
Alan Orth d55b1d1cd1
host_vars/web18: WordPress 5.2.3 2019-09-14 18:27:31 +03:00
Alan Orth 7b3de0ef0f
host_vars/web17: WordPress 5.2.3 2019-09-14 18:08:04 +03:00
Alan Orth 240b0c5954
Pipfile.lock: Run pipenv update 
Brings Ansible 2.8.5, among other things.
 2019-09-13 22:17:38 +03:00
Alan Orth 43715dd392
roles/common: Use stable tarsnap 2019-09-13 22:14:49 +03:00
Alan Orth 7551b803f6
roles/common: Use iptables 1.8.3 on Debian Buster 
There is a bug in iptables 1.8.2 in Debian 10 "Buster" that causes
firewalld to fail when restoring rules. The bug has been fixed in
iptables 1.8.3, which is currently in buster-backports.

See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914694
 2019-08-01 15:36:15 +03:00
Alan Orth 5d0648a360
Add web18 
New server running Debian 10 to replace web17.
 2019-07-23 18:47:21 +03:00
Alan Orth b59f7c0702
roles/nginx: Update certbot dependencies for Debian 10 
Taken after a clean Debian 10 install on Linode.
 2019-07-23 18:38:33 +03:00
Alan Orth 0bff851311
roles/php-fpm: Fix Ansible template parsing issue 
Remove time formatting strings because Ansible errors when trying
to parse them, even though we are not using them!
 2019-07-23 18:32:27 +03:00
Alan Orth 2d98d70e02
Update nginx cipher suite and TLS protocols 
Use latest Mozilla "intermediate" TLS settings. This configuration
works on (at least) Ubuntu 18.04 and Debian 10.

See: https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.2&config=intermediate&openssl-version=1.1.1
 2019-07-23 17:53:22 +03:00
Alan Orth 2fadb9029a
roles/mariadb: Use Unix socket for MariaDB tasks 
Otherwise Ansible fails due to PyMySQL using a TCP connection.

See: https://github.com/ansible/ansible/issues/47736
 2019-07-23 17:26:23 +03:00
Alan Orth 7d8457e5b3
roles/common: Remove old SSH public key 2019-07-23 16:07:39 +03:00
Alan Orth c148da73e7
roles/common: Use experimental Tarsnap on Debian buster 
Tarsnap currently provides experimental packages for Debian Buster.

See: https://www.tarsnap.com/pkg-deb.html#experimental
 2019-07-19 12:07:27 +03:00
Alan Orth e124cac945
roles/nginx: Adjust formatting of apt sources template 2019-07-08 18:44:21 +03:00
Alan Orth 70e736bdc5
roles/nginx: Use buster builds 
nginx.org has buster builds now.
 2019-07-08 18:43:43 +03:00
Alan Orth ca293289aa
roles/nginx: Fix logic error in apt sources template 2019-07-07 17:59:00 +03:00
Alan Orth 372eb26450
host_vars/web17: WordPress 5.2.2 2019-07-07 17:58:40 +03:00
Alan Orth c843ce1de5
README.md: Update copyright year 2019-07-07 16:07:16 +03:00
Alan Orth 03e2abc4fb roles/common: Install gnupg2 on Debian 
Needed by Ansible to add and verify apt package signing keys.
 2019-07-07 15:52:25 +03:00
Alan Orth 12b6f3aaa2
roles/common: Don't ignore errors on Tarsnap key add 
It turns out that I had the wrong key ID so it's no wonder this was
failing...
 2019-07-07 15:51:04 +03:00
Alan Orth 704b02ce0a
roles/common: Fix tarsnap package key 
For some reason the key ID I had here was wrong. According to the
Tarsnap website the key ID is 0x6D97F5A4CA38CF33.

ee: https://www.tarsnap.com/pkg-deb.html
 2019-07-07 15:49:45 +03:00
Alan Orth 709a947987
Merge branch 'debian10' 2019-07-06 21:43:41 +03:00
Alan Orth 3b95730417
roles/common: Synchronize Debian package task with Ubuntu 2019-07-06 21:36:04 +03:00
Alan Orth 10200e52ab
roles/common: Use a fact for base packages on Debian 
This is safer and ends up being faster because all packages get in-
stalled in one apt transaction.
 2019-07-06 21:31:59 +03:00
Alan Orth 460c1df65b roles/php-fpm: Update for PHP 7.3 in Debian 10 2019-07-06 21:16:19 +03:00
Alan Orth 5fe583541a roles/nginx: Set Let's Encrypt packages for Debian 10 
Taken from the list of packages that the certbot-auto script wants
to bootstrap on a fresh Debian 10 "buster" install.
 2019-07-06 21:16:19 +03:00
Alan Orth 619f536cd8 roles/nginx: Use Debian 9 "stretch" builds on Debian 10 "buster" 
There are no Debian 10 "buster" builds from nginx.org yet.
 2019-07-06 21:16:19 +03:00
Alan Orth 39622077cd roles/common: Use Debian 9 tarsnap packages 
There are no tarsnap binaries for Debian 10 yet.
 2019-07-06 21:16:19 +03:00
Alan Orth b79001f97a roles/common: Update security.sources.list for cron-apt 
We need to make sure to get security updates for packages that are
not in main!
 2019-07-06 21:16:19 +03:00
Alan Orth 207296b1f8 roles/common: Update Debian security apt repository 
See: https://www.debian.org/security/
 2019-07-06 21:16:19 +03:00
Alan Orth 1b4e9ae87c roles/common: Install Python 3 version of pycurl on Debian 10 
Debian 10 comes with Python 2 and Python 3 (at least from the ISO),
so we should prefer the Python 3 version of pycurl. We'll see whet-
her cloud providers like Linode and Digital Ocean ship with Python
3 or not in their default image.
 2019-07-06 21:16:19 +03:00
Alan Orth da4a6660fb roles/common: Update comment in tasks/ntp.yml 2019-07-06 21:16:19 +03:00
Alan Orth dd5662911e roles/common: Import sshd_config from Debian 10 
OpenSSH version is 7.9p1-10.
 2019-07-06 21:16:19 +03:00
Alan Orth d46c64ca29
Run pipenv update 2019-07-06 21:15:34 +03:00
Alan Orth 4fb2d48e10
roles/mariadb: Install MariaDB 10.4 
MariaDB 10.4 is now GA.

See: https://mariadb.com/kb/en/library/changes-improvements-in-mariadb-104/
See: https://mariadb.com/kb/en/library/upgrading-from-mariadb-103-to-mariadb-104/
 2019-07-05 20:39:17 +03:00
Alan Orth 4f1d413477
Pipfile.lock: Run pipenv update 2019-06-08 23:19:35 +03:00
Alan Orth 7b395c4039
host_vars/web17: WordPress 5.2.1 2019-06-08 23:19:23 +03:00
Alan Orth ea936673d9
Pipfile.lock: Run pipenv update 2019-05-08 09:16:28 +03:00
Alan Orth dc2e14a6a3
roles/mariadb: Use python3-pymysql for Ansible 
For Python 3 Ansible needs a different library to help with MySQL
tasks.
 2019-05-08 09:15:47 +03:00
Alan Orth f129fdff8f
host_vars/web17: WordPress 5.2 2019-05-08 09:14:48 +03:00
Alan Orth 0f381d3993
host_vars/web17: Use Python 3 for Ansible 
See: https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
 2019-03-17 17:37:34 +02:00
Alan Orth 5957f5f2c5
roles: The apt cache_valid_time implies update_cache 
See: https://docs.ansible.com/ansible/latest/modules/apt_module.html
 2019-03-17 17:29:28 +02:00
Alan Orth c5b5cda3d3
Smarter updating of apt index during playbook execution 
We can register changes when adding repositories and keys and then
update the apt package index conditionally. This should make it be
more consistent between initial host setup and subsequent re-runs.
 2019-03-17 17:29:15 +02:00