Commit Graph

907 Commits

Author SHA1 Message Date
b79001f97a roles/common: Update security.sources.list for cron-apt
We need to make sure to get security updates for packages that are
not in main!
2019-07-06 21:16:19 +03:00
207296b1f8 roles/common: Update Debian security apt repository
See: https://www.debian.org/security/
2019-07-06 21:16:19 +03:00
1b4e9ae87c roles/common: Install Python 3 version of pycurl on Debian 10
Debian 10 comes with Python 2 and Python 3 (at least from the ISO),
so we should prefer the Python 3 version of pycurl. We'll see whet-
her cloud providers like Linode and Digital Ocean ship with Python
3 or not in their default image.
2019-07-06 21:16:19 +03:00
da4a6660fb roles/common: Update comment in tasks/ntp.yml 2019-07-06 21:16:19 +03:00
dd5662911e roles/common: Import sshd_config from Debian 10
OpenSSH version is 7.9p1-10.
2019-07-06 21:16:19 +03:00
d46c64ca29
Run pipenv update 2019-07-06 21:15:34 +03:00
4fb2d48e10
roles/mariadb: Install MariaDB 10.4
MariaDB 10.4 is now GA.

See: https://mariadb.com/kb/en/library/changes-improvements-in-mariadb-104/
See: https://mariadb.com/kb/en/library/upgrading-from-mariadb-103-to-mariadb-104/
2019-07-05 20:39:17 +03:00
4f1d413477
Pipfile.lock: Run pipenv update 2019-06-08 23:19:35 +03:00
7b395c4039
host_vars/web17: WordPress 5.2.1 2019-06-08 23:19:23 +03:00
ea936673d9
Pipfile.lock: Run pipenv update 2019-05-08 09:16:28 +03:00
dc2e14a6a3
roles/mariadb: Use python3-pymysql for Ansible
For Python 3 Ansible needs a different library to help with MySQL
tasks.
2019-05-08 09:15:47 +03:00
f129fdff8f
host_vars/web17: WordPress 5.2 2019-05-08 09:14:48 +03:00
0f381d3993
host_vars/web17: Use Python 3 for Ansible
See: https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
2019-03-17 17:37:34 +02:00
5957f5f2c5
roles: The apt cache_valid_time implies update_cache
See: https://docs.ansible.com/ansible/latest/modules/apt_module.html
2019-03-17 17:29:28 +02:00
c5b5cda3d3
Smarter updating of apt index during playbook execution
We can register changes when adding repositories and keys and then
update the apt package index conditionally. This should make it be
more consistent between initial host setup and subsequent re-runs.
2019-03-17 17:29:15 +02:00
dee90ed4bc
Run pipenv update 2019-03-17 17:12:27 +02:00
bec79f18d1
roles/common: Ignore tarsnap key errors
Ansible errors on adding the tarsnap signing key because it is not
valid (expired a month ago). I contacted Colin Percival about this
on Twitter but he did not seem worried for some reason.
2019-03-13 12:36:47 +02:00
9dc3396544
Pipfile.lock: run pipenv update 2019-03-13 12:36:30 +02:00
464a24531a
host_vars/web17: WordPress 5.1.1 2019-03-13 12:36:11 +02:00
3e1eddd4b8
Pipfile.lock: run pipenv update 2019-02-26 11:24:34 -08:00
9bd6222654
host_vars/web17: WordPress 5.1 2019-02-26 11:00:39 -08:00
18ee583261
roles/common: Don't log brute force SSH attempts
This is nice to see that the throttling is working, but the logs are
completely full of this useless crap now.
2019-02-26 10:30:03 -08:00
329edaee87
roles/common: Rate limit SSH connections in firewalld
I think 5 connections per minute is more than enough. Any over this
and it will be logged to the systemd journal as a warning.

See: https://www.win.tue.nl/~vincenth/ssh_rate_limit_firewalld.htm
See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/configuring_complex_firewall_rules_with_the_rich-language_syntax
2019-01-28 14:09:18 +02:00
bc88e05aa5
Pipfile.lock: Run pipenv update 2019-01-28 14:02:12 +02:00
bbab45ae6f
Adjust ansible_managed to use comment filter
We don't need to comment the ansible_managed block manually.
2019-01-10 12:50:54 +02:00
e6d5e81d29
ansible.cfg: Adjust ansible_managed template
See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html
2019-01-10 12:50:33 +02:00
a4fe3698e8
pipenv update 2019-01-10 08:07:09 +02:00
79c1f814ba
host_vars/web17: WordPress 5.0.3 2019-01-10 08:06:56 +02:00
9921a40c19
roles/common: Update comment 2018-12-20 10:31:18 +02:00
91356ab364
roles/common: Disable Canonical spam in MOTD 2018-12-20 10:27:52 +02:00
49cfbc4c47
roles/common: Add missing systemd-journald config
I apparently forgot to add this when I committed the systemd-journald
changes a few weeks ago.
2018-12-20 09:59:13 +02:00
96f14bdda7
roles/common: Remove blank line 2018-12-20 09:57:47 +02:00
6aed22b633
roles/common: Use one task to remove Ubuntu packages
I had previously been removing some packages for security reasons,
then removing others because they were annoying, and yet *others*
because they were annoying on newer Ubuntus only. It is easier to
just unify these tasks and remove them all in one go.

On older Ubuntus where some packages don't exist the task will just
succeed because the package is absent anyways.
2018-12-20 09:54:46 +02:00
a15faabe32
roles/common: Update apt cache only if it's older than 1 hour 2018-12-20 09:40:10 +02:00
aeaa96b753
roles/common: Remove s3cmd from Ubuntu packages
I'm using tarsnap for backups so I don't need Amazon S3 stuff.
2018-12-20 09:38:51 +02:00
67172138a1
roles/common: Fix typo 2018-12-20 09:38:10 +02:00
400926821c
roles/common: Only update apt index if cache is older than 1 hour 2018-12-20 09:37:44 +02:00
281689e506
roles/common: Use an Ansible fact for Ubuntu packages 2018-12-20 09:36:43 +02:00
46bbb06527
roles/common: Remove more annoying packages on Ubuntu
Ubuntu 16.04 and up install a bunch of their technologies that I'm
not using, like lxc, lxd, and snaps.
2018-12-20 09:31:58 +02:00
944c99102f
host_vars/web17: WordPress 5.0.2 2018-12-20 09:14:55 +02:00
b8409ee896
host_vars/web17: WordPress 5.0.1 2018-12-14 11:07:20 +03:00
691deb4fa7
roles/common: Use a persistent systemd journal
The default systemd journal configuration on CentOS 7 and Ubuntu
16.04 does not keep journal logs for multiple boots. This limits
the usefulness of the journal entirely (for example, try to see
sshd logs from even two or three months ago!).

Changing the storage to "persistent" makes systemd keep the logs
on disk in /var/log/journal for up to 2% of the partition size.
2018-12-07 23:46:18 +02:00
9af82972f7
host_vars/web17: WordPress 5.0 2018-12-07 23:28:09 +02:00
bdf0a19493
Pipfile.lock: pipenv update 2018-12-02 22:30:47 +02:00
9b8662eb34
Pipfile.lock: Run pipenv update
Ansible 2.7.1
2018-10-28 08:35:55 +02:00
484ea053cf
Re-create pipenv with Python 3.7 and reinstall packages 2018-10-25 12:01:30 +03:00
6eb6ab3070
Pipfile.lock: pipenv update 2018-10-11 08:17:02 +03:00
f19b987f99
host_vars/web17: Use nginx mainline
When I deployed this server on Ubuntu 18.04 there were no mainline
nginx builds so I was using stable. Now I see there are builds for
mainline.
2018-08-29 09:23:18 +03:00
3006536e86
Update pipenv
Use Python 3.7 and run pipenv update to lock latest packages.
2018-08-29 09:09:26 +03:00
6ef6f51966
Remove more Tor relayor stuff 2018-08-29 09:08:12 +03:00