Commit Graph

952 Commits

Author SHA1 Message Date
0cd2735c82
roles/nginx: Rework Let's Encrypt stuff
Take an opinionated stance on HTTPS and assume that hosts are using
HTTPS for all vhosts. This can either be via custom TLS cert/key
pairs defined in the host's variables (could even be self-signed
certificates on dev boxes) or via Let's Encrypt.
2016-06-27 23:52:39 +03:00
1254cea195
roles/nginx: Replace "&" with "and" 2016-06-27 19:13:20 +03:00
da784467e1
host_vars/web08: Specify use_letsencrypt: 'yes' for vhosts 2016-06-27 19:11:06 +03:00
b7ab2da08a
roles/nginx: Allow usage of Let's Encrypt certs
Hosts can specify use_letsencrypt: 'yes' in their host_vars. For
now this assumes that the certificates already exist (ie, you have
to manually run Let's Encrypt first to register/create the certs).
2016-06-27 19:07:48 +03:00
8f43bf28fd
roles/nginx: Add IPv6 DNS resolvers
From Linode's Frankfurt datacenter.
2016-06-27 18:40:25 +03:00
a0b31ee86c
roles/nginx: Prioritize DNS resolvers in Frankfurt
The server is in Linode's DE datacenter so let's use those resolvers
instead of the ones in London.
2016-06-27 18:32:59 +03:00
09feb9a40c
roles/mariadb: Add "ansible managed" header to managed files 2016-06-27 18:09:04 +03:00
283cecf2a2
host_vars/web08: Use mariadb_databases instead of wordpress_blogs to enumerate databases 2016-06-27 18:08:38 +03:00
2efe2479ad
roles/mariadb: Use mariadb_databases instead of wordpress_blogs for variable 2016-06-27 18:08:02 +03:00
386482494d
Remove web07 2016-06-27 17:58:28 +03:00
b41bd432df
roles/nginx: Add "ansible managed" string to configs
Generates a placeholder text to say that the file is managed by
ansible.
2016-06-27 17:50:49 +03:00
17062c6ea7 Merge pull request #27 from alanorth/timezone
Timezone
2016-06-27 10:31:58 +03:00
715e9ed2e5
host_vars/web08: Add timezone variable 2016-06-27 10:30:31 +03:00
06034a8b8b
roles/common: Use systemd's timedatectl for time stuff
Debian 8 and Ubuntu 16.04 use systemd, so we can make use of its
NTP stuff rather than using the standalone `ntp` package.
2016-06-27 10:30:11 +03:00
91f97577c8
Add web08 2016-06-26 13:56:56 +03:00
7d455b7066
README.md: Clarify requirements note to add Ubuntu 16.04 2016-06-25 21:45:24 +03:00
03dc8610e9
host_vars/web07: Update WordPress to 4.5.3 2016-06-22 23:35:32 +02:00
24ca33c605
roles/nginx: Disable rules for Yoast SEO
Not using Yoast anymore. Now using the much simpler SEO Framework:

https://github.com/sybrew/the-seo-framework
2016-06-02 11:03:35 +03:00
1ed7d45c7f
roles/nginx: Fix comment about version numbers 2016-05-27 08:14:46 +03:00
93451e6c5e
roles/nginx: Use mainline branch by default
Has all the good stuff:

    http://nginx.org/en/CHANGES
2016-05-27 08:14:04 +03:00
064d277d03
host_vars/web07: Wordpress 4.5.2 2016-05-08 19:24:19 +03:00
33f22b32a4
roles/common: Update sources for cron-apt
The system's apt configuration is using restricted and multiverse
so the security sources list should as well.
2016-05-05 12:16:37 +03:00
6837b48fae
roles/nginx: Switch default version to 1.10.x (stable) 2016-04-27 15:05:19 +03:00
447db17e33
roles/nginx: Update apt sources for Ubuntu now that nginx 1.10.0 is out 2016-04-27 15:04:17 +03:00
38a972e085
host_vars/web07: WordPress 4.5 → 4.5.1 2016-04-27 10:38:50 +03:00
0ff8fb0c05
Remove web06 host 2016-04-26 13:30:19 +03:00
81e6af8f2b
roles/nginx: Add IPv6 listener in default HTTPS vhost 2016-04-25 21:49:41 +03:00
1ffc4eebc9
roles/nginx: Use default_server instead of default
Seems to be the new keyword for quite some time now, despite not
causing an error:

    http://nginx.org/en/docs/http/server_names.html
2016-04-25 21:48:36 +03:00
03519831cb
roles/nginx: Return HTTP 444 for requests to invalid hostnames
444 is a special nginx return code that means the request was
closed without a response, see:

    http://nginx.org/en/docs/http/request_processing.html
2016-04-25 21:45:21 +03:00
37b4809546 roles/nginx: Add IPv6 DNS resolvers for OCSP stapling 2016-04-25 13:25:05 +03:00
cd77b088e9
Fix a few references to php5-fpm
Unless we really mean php5-fpm, let's just say php-fpm.
2016-04-25 12:33:12 +03:00
336ff4c2e5
Add web07
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-04-24 19:04:55 +03:00
6bf9aec64e
roles/php-fpm: Add some packages needed by Piwik on PHP7 2016-04-24 19:04:29 +03:00
0bed8e4c0b
roles/nginx: Fix for path to PHP-FPM socket on Ubuntu 16.04 2016-04-22 18:19:30 +03:00
4a99c73d62 roles/php-fpm: Add php.ini and pool.conf for PHP 7 2016-04-22 11:25:35 +03:00
da63e67614 roles/php-fpm: Split up task for Debian and Ubuntu
Debian 8 and Ubuntu 16.04 use PHP 5.6 and 7.0, respectively, and
the php-fpm versions use slightly different configs and service
names.
2016-04-22 11:25:35 +03:00
904bb9c094 roles/php-fpm: Rename tags from php5-fpm to php-fpm 2016-04-22 11:25:35 +03:00
8d4ee6f430 Rename php5-fpm role to php-fpm
In Ubuntu 16.04 the package is now called just "php-fpm" and it
makes more sense to just have this role be called that.
2016-04-22 11:25:35 +03:00
f90eff6b1a roles/nginx: Update sources.list template for Ubuntu 16.04
Use Ubuntu 15.10 builds for now.
2016-04-22 11:25:35 +03:00
419d0c7e9a roles/mariadb: Remove old MariaDB sources.list 2016-04-22 11:25:35 +03:00
35d0bee6cf roles/mariadb: Use a template for sources
When you use the apt_repository module it adds a sources.list with
an annoying filename, and also it's just easier to use a template
when we have different distros/versions to support.
2016-04-22 11:25:35 +03:00
a0bb4c2f57 roles/common: Add sshd_config for Ubuntu 16.04 2016-04-22 11:25:35 +03:00
d265b522e8 roles/common: Update iptables for Ubuntu 16.04
Basically, anything after 15.04 is using firewalld.
2016-04-22 11:25:35 +03:00
ad232a7a8b
roles/common: Remove old SSH key 2016-04-22 11:24:35 +03:00
a107f44ee8 Merge pull request #25 from alanorth/maridb-template
roles/mariadb: Manage /etc/mysql/my.cnf
2016-04-22 10:11:48 +03:00
bedc820312
roles/mariadb: Manage /etc/mysql/my.cnf
Set some sane defaults and manage the config file with a template.
2016-04-22 10:08:32 +03:00
ebf79c5b07
roles/nginx: Add missing nginx tag
The creation of the fastcgi cache dir is part of the nginx role and
should be labled as such. In situations where you only run nginx
tasks with `-t nginx` nginx will fail to start due to the missing
cache dir.
2016-04-15 12:29:35 +03:00
fc66f8c354
host_vars/web06: Update WordPress to 4.5 2016-04-13 08:25:04 +03:00
c8d2783159
roles/php5-fpm: Update php.ini from latest upstream
Debian 8.4 shipped with a new php.ini. It's mostly just updates to
comments and default values.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-04-02 20:14:53 +03:00
d50212c66c roles/nginx: Remove extra semi colon in HSTS preload header
Google's preload check application pointed out that there was an
extra semi colon in the HTTP header:

    $ hstspreload checkdomain alaninkenya.org

    Warning:

    1. Syntax warning: Header includes an empty directive or extra semicolon.

The tool can be downloaded here: https://github.com/chromium/hstspreload

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-31 13:35:44 +03:00