d77718edae
host_vars: add fail2ban_ignoreip
2023-08-14 16:37:07 +02:00
14d57fc477
roles/nginx: reformat main tasks
2023-08-10 22:44:47 +02:00
5c39f1abd8
roles/common: minor changes to Debian sshd_config files
2023-08-10 22:10:04 +02:00
6794eb0432
roles/common: default to disabling SSH passwords
2023-08-10 22:09:03 +02:00
11614e3725
host_vars: replace nomad02 with nomad03
...
The former is Ubuntu 20.04, the latter is Debian 12. Running Drone
CI.
2023-08-10 08:37:09 +02:00
b106f9d9e5
roles/common: ignore apt sources.list on Scaleway
...
While testing Debian 12 on Scaleway I noticed their apt sources.list
is in some weird format I've never seen before, so let's skip it on
those hosts.
2023-08-10 08:08:42 +02:00
3c8250e6ac
Pipfile.lock: run pipenv update
2023-08-09 22:07:54 +02:00
d280859b0d
roles/common: minor updates to Debian 11 sshd_config
2023-08-09 21:55:04 +02:00
bca1629d2f
Minor comment updates for Debian 12
2023-08-09 21:51:53 +02:00
4fa82faf18
roles/common: adjust sshd_config for Debian 12
...
Adjust sshd_config based on ssh-audit profile for OpenSSH 9.2.
2023-08-09 21:27:19 +02:00
b8f0b4b1fb
roles/common: add vanilla sshd_config for Debian 12
2023-08-09 21:16:50 +02:00
68e5d05bbb
host_vars/web22: WordPress 6.2.2
2023-07-27 18:48:37 +03:00
446d402778
roles: minor fix to Debian version comparisons
2023-07-27 18:48:07 +03:00
67379fc2e4
host_vars/web22: WordPress 6.2
2023-05-04 07:10:40 +03:00
73546967b6
Pipfile.lock: run pipenv update
2023-05-04 06:58:25 +03:00
16b661efe1
Pipfile.lock: run pipenv update
2023-04-14 10:09:29 -07:00
fdb9a75489
roles/common: update tarsnap GPG key
2023-04-14 10:09:11 -07:00
232d7a0348
host_vars/web22: WordPress 6.1.1
2022-11-24 18:31:48 +03:00
6e4bb5bc34
host_vars/web21: use caddy
2022-11-13 18:58:57 +03:00
c840ffe018
roles/caddy: improve vhost template
...
Support domain aliases that redirect to the main domain and allow
sites to say they are static sites where they only need a document
root.
2022-11-13 18:54:03 +03:00
45c9d7ea0a
Pipfile.lock: run pipenv update
2022-11-13 16:50:07 +03:00
a62bc446e8
host_vars/web22: WordPress 6.1
2022-11-06 23:00:41 +03:00
62a6a491db
host_vars/web23: use caddy
2022-11-02 22:30:32 +03:00
4867d6da6a
Add basic caddy role
2022-11-02 22:29:30 +03:00
d9f7c7a93b
group_vars/web: set default webserver to nginx
...
While I'm still getting experience with caddy and adapting it to my
workloads.
2022-11-02 22:12:36 +03:00
bc8c030700
roles/common: update Tarsnap GPG key
2022-11-02 22:11:37 +03:00
f7598d8f1c
Pipfile.lock: run pipenv update
2022-11-02 20:50:59 +03:00
c353e84a84
site.yml: use fully-qualified modules
2022-10-25 21:08:27 +03:00
99ca23f258
Pipfile.lock: run pipenv update
2022-10-17 19:56:30 +03:00
b663d27fd8
roles/common: rework firewall_Debian.yml playbook
...
Use newer Ansible task format, move from apt to package module, and
do package installs in one transaction using a list instead of a
loop.
2022-09-12 17:25:40 +03:00
67c99dacf6
roles/common: rework firewall_Ubuntu.yml playbook
...
Use newer Ansible task format, move from apt to package module, and
do package installs in one transaction using a list instead of a loop.
2022-09-12 17:18:33 +03:00
4abf2b10e4
ansible.cfg: smart fact gathering
2022-09-12 17:18:19 +03:00
f5199264f9
ansible.cfg: disable SSH host key checking
2022-09-12 17:14:39 +03:00
b259f09cbd
roles/common: add SSH public key from other machine
2022-09-12 17:06:31 +03:00
f4b32e516b
roles/mariadb: use newer Ansible task syntax
2022-09-12 10:16:42 +03:00
fcb12ecee0
roles/mariadb: remove sources.list template
2022-09-12 10:13:27 +03:00
5bc03ceacc
roles/mariadb: install packages in single transaction
...
Using a list we can install these in a single apt transaction. Also
use the newer task format.
2022-09-12 10:12:07 +03:00
c317429f6d
roles/mariadb: rework package signing key and repo
2022-09-12 10:09:41 +03:00
b512a7f765
roles/common: create /etc/apt/keyrings
...
According the the Debian docs for third-party repositories we must
create this manually on distros before Debian 12 and Ubuntu 22.04.
This is due to changes in apt-secure and the deprecation of apt-key.
See: https://wiki.debian.org/DebianRepository/UseThirdParty
2022-09-12 10:05:12 +03:00
e3a87d4f79
roles/mariadb: MariaDB 10.6
...
See: https://mariadb.com/kb/en/mariadb-1069-release-notes/
See: https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/
2022-09-12 09:25:46 +03:00
dec2d50fbc
host_vars/web22: WordPress 6.0.2
2022-09-12 09:00:05 +03:00
34be0013b7
Remove Debian 10 support
2022-09-11 09:21:08 +03:00
399585f4e7
roles: don't compare literal true and false
...
I changed these yesterday when editing the truthy values, but acco-
rding to ansible-link we can just rely on them being true or false
without comparing.
2022-09-11 08:41:25 +03:00
0240897b1b
Remove Ubuntu 18.04 support
2022-09-10 23:30:04 +03:00
1da0da53ec
roles: use longer format for when conditionals
...
When the condition is an AND we can use this more succinct format.
2022-09-10 23:12:49 +03:00
677cc9f160
roles/php-fpm: fix truthy-ness in when
2022-09-10 23:12:26 +03:00
ffe7a872dd
roles: strict truthy values
...
According to Ansible we can use yes, true, True, "or any quoted st-
ring" for a boolean true, but ansible-lint wants us to use either
true or false.
See: https://chronicler.tech/red-hat-ansible-yes-no-and/
2022-09-10 22:33:19 +03:00
95d0005978
Add ansible-lint
2022-09-10 18:36:53 +03:00
498766fdc4
Pipfile.lock: run pipenv update
2022-09-10 18:36:07 +03:00
fc0fcc5742
roles/common: fix unnamed blocks
2022-09-10 18:35:27 +03:00
