alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
583 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

583 Commits

Author SHA1 Message Date
Alan Orth bbab45ae6f
Adjust ansible_managed to use comment filter 
We don't need to comment the ansible_managed block manually.
 2019-01-10 12:50:54 +02:00
Alan Orth e6d5e81d29
ansible.cfg: Adjust ansible_managed template 
See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html
 2019-01-10 12:50:33 +02:00
Alan Orth a4fe3698e8
pipenv update 2019-01-10 08:07:09 +02:00
Alan Orth 79c1f814ba
host_vars/web17: WordPress 5.0.3 2019-01-10 08:06:56 +02:00
Alan Orth 9921a40c19
roles/common: Update comment 2018-12-20 10:31:18 +02:00
Alan Orth 91356ab364
roles/common: Disable Canonical spam in MOTD 2018-12-20 10:27:52 +02:00
Alan Orth 49cfbc4c47
roles/common: Add missing systemd-journald config 
I apparently forgot to add this when I committed the systemd-journald
changes a few weeks ago.
 2018-12-20 09:59:13 +02:00
Alan Orth 96f14bdda7
roles/common: Remove blank line 2018-12-20 09:57:47 +02:00
Alan Orth 6aed22b633
roles/common: Use one task to remove Ubuntu packages 
I had previously been removing some packages for security reasons,
then removing others because they were annoying, and yet *others*
because they were annoying on newer Ubuntus only. It is easier to
just unify these tasks and remove them all in one go.

On older Ubuntus where some packages don't exist the task will just
succeed because the package is absent anyways.
 2018-12-20 09:54:46 +02:00
Alan Orth a15faabe32
roles/common: Update apt cache only if it's older than 1 hour 2018-12-20 09:40:10 +02:00
Alan Orth aeaa96b753
roles/common: Remove s3cmd from Ubuntu packages 
I'm using tarsnap for backups so I don't need Amazon S3 stuff.
 2018-12-20 09:38:51 +02:00
Alan Orth 67172138a1
roles/common: Fix typo 2018-12-20 09:38:10 +02:00
Alan Orth 400926821c
roles/common: Only update apt index if cache is older than 1 hour 2018-12-20 09:37:44 +02:00
Alan Orth 281689e506
roles/common: Use an Ansible fact for Ubuntu packages 2018-12-20 09:36:43 +02:00
Alan Orth 46bbb06527
roles/common: Remove more annoying packages on Ubuntu 
Ubuntu 16.04 and up install a bunch of their technologies that I'm
not using, like lxc, lxd, and snaps.
 2018-12-20 09:31:58 +02:00
Alan Orth 944c99102f
host_vars/web17: WordPress 5.0.2 2018-12-20 09:14:55 +02:00
Alan Orth b8409ee896
host_vars/web17: WordPress 5.0.1 2018-12-14 11:07:20 +03:00
Alan Orth 691deb4fa7
roles/common: Use a persistent systemd journal 
The default systemd journal configuration on CentOS 7 and Ubuntu
16.04 does not keep journal logs for multiple boots. This limits
the usefulness of the journal entirely (for example, try to see
sshd logs from even two or three months ago!).

Changing the storage to "persistent" makes systemd keep the logs
on disk in /var/log/journal for up to 2% of the partition size.
 2018-12-07 23:46:18 +02:00
Alan Orth 9af82972f7
host_vars/web17: WordPress 5.0 2018-12-07 23:28:09 +02:00
Alan Orth bdf0a19493
Pipfile.lock: pipenv update 2018-12-02 22:30:47 +02:00
Alan Orth 9b8662eb34
Pipfile.lock: Run pipenv update 
Ansible 2.7.1
 2018-10-28 08:35:55 +02:00
Alan Orth 484ea053cf
Re-create pipenv with Python 3.7 and reinstall packages 2018-10-25 12:01:30 +03:00
Alan Orth 6eb6ab3070
Pipfile.lock: pipenv update 2018-10-11 08:17:02 +03:00
Alan Orth f19b987f99
host_vars/web17: Use nginx mainline 
When I deployed this server on Ubuntu 18.04 there were no mainline
nginx builds so I was using stable. Now I see there are builds for
mainline.
 2018-08-29 09:23:18 +03:00
Alan Orth 3006536e86
Update pipenv 
Use Python 3.7 and run pipenv update to lock latest packages.
 2018-08-29 09:09:26 +03:00
Alan Orth 6ef6f51966
Remove more Tor relayor stuff 2018-08-29 09:08:12 +03:00
Alan Orth 7aa6384055
host_vars/web17: WordPress 4.9.8 2018-08-05 11:36:27 +03:00
Alan Orth da615fb368
roles/mariadb: Update my.cnf template 
Sync from upstream's provided my.cnf.
 2018-07-29 16:43:56 +03:00
Alan Orth b47f66512d
roles/mariadb: Use MariaDB 10.3 
Also disables the fetching of i386 packages because the mirror does
not appear to have them anymore (and I wasn't using them anyways).
 2018-07-29 16:23:24 +03:00
Alan Orth 5d9577bc2d
Pipfile.lock: Run pipenv update 2018-07-29 16:13:43 +03:00
Alan Orth 963bf65099
roles/common: Limit number of SSH authentication attempts 
The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.

Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.
 2018-07-23 13:14:54 +03:00
Alan Orth 4f6d02922a
Run pipenv update and pipenv sync 2018-07-23 13:10:39 +03:00
Alan Orth edd55124e8
Pipfile: Upgrade to Ansible 2.6.x 2018-07-23 13:09:00 +03:00
Alan Orth c21207f704
host_vars/web17: WordPress 4.9.7 2018-07-06 10:45:33 +03:00
Alan Orth 9dfc0a2f1c
Pipfile: Pin Ansible < 2.6 
I haven't tested Ansible 2.6 yet.

See: https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.6.html
 2018-07-01 12:00:52 +03:00
Alan Orth 37a7ff4e72
Pipfile.lock: Run pipenv update 2018-06-24 08:59:33 +03:00
Alan Orth f22b6af273
roles/common: Change mode of SSH public key 2018-05-30 08:32:11 -07:00
Alan Orth 37a88f676b
roles/common: Add new SSH public key for aorth 2018-05-30 07:48:38 -07:00
Alan Orth 8f0ce74307
Remove host_vars/web12 2018-05-22 23:27:59 +03:00
Alan Orth ca15b27789
Add host_vars/web17 2018-05-20 14:58:27 +03:00
Alan Orth 131420be17
roles/common: Add task to copy tarsnaprc 
One less thing to do manually after server provisioning, and there is
nothing sensitive in here anyways.
 2018-05-20 12:51:02 +03:00
Alan Orth c29d37c159
roles/mariadb: Use German mirror 2018-05-20 12:05:35 +03:00
Alan Orth 05e853d0ad
README.md: Add note about Python 2 being installed 2018-05-20 11:46:18 +03:00
Alan Orth 314a33d37c
Use official MariaDB builds for Ubuntu bionic 
We had been using the Ubuntu 17.10 "artful" builds for Ubuntu 18.04
"bionic" but there are now official bionic builds.
 2018-05-19 23:12:35 +03:00
Alan Orth 533b9c60e7
Use ansible >= 2.5.1 for pipenv 2018-05-18 17:35:07 +03:00
Alan Orth 073e02f875
host_vars/web12: WordPress 4.9.6 2018-05-18 12:41:50 +03:00
Alan Orth 23073100ce
Remove tor-relay stuff 
Harder to run one of these than I thought. Mostly it takes a lot of
bandwidth, and it's probably better to spend the $5/month you'd sp-
end on the VPS by donating $50 to the torservers.net project.
 2018-05-16 09:58:08 +03:00
Alan Orth 2837de4e3f
roles/php-fpm: Update defaults 
From latest PHP 7.2 on Ubuntu 18.04's php.ini-production.
 2018-05-15 00:00:27 +03:00
Alan Orth 70abcb2051
roles/php-fpm: Import new php.ini-production 
From latest Ubuntu 18.04 PHP 7.2 package.
 2018-05-14 23:58:45 +03:00
Alan Orth 92e0b67149
Remove relay03 2018-05-13 12:30:41 +03:00