Alan Orth
dc2e14a6a3
roles/mariadb: Use python3-pymysql for Ansible
...
For Python 3 Ansible needs a different library to help with MySQL
tasks.
2019-05-08 09:15:47 +03:00
Alan Orth
f129fdff8f
host_vars/web17: WordPress 5.2
2019-05-08 09:14:48 +03:00
Alan Orth
0f381d3993
host_vars/web17: Use Python 3 for Ansible
...
See: https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
2019-03-17 17:37:34 +02:00
Alan Orth
5957f5f2c5
roles: The apt cache_valid_time implies update_cache
...
See: https://docs.ansible.com/ansible/latest/modules/apt_module.html
2019-03-17 17:29:28 +02:00
Alan Orth
c5b5cda3d3
Smarter updating of apt index during playbook execution
...
We can register changes when adding repositories and keys and then
update the apt package index conditionally. This should make it be
more consistent between initial host setup and subsequent re-runs.
2019-03-17 17:29:15 +02:00
Alan Orth
dee90ed4bc
Run pipenv update
2019-03-17 17:12:27 +02:00
Alan Orth
bec79f18d1
roles/common: Ignore tarsnap key errors
...
Ansible errors on adding the tarsnap signing key because it is not
valid (expired a month ago). I contacted Colin Percival about this
on Twitter but he did not seem worried for some reason.
2019-03-13 12:36:47 +02:00
Alan Orth
9dc3396544
Pipfile.lock: run pipenv update
2019-03-13 12:36:30 +02:00
Alan Orth
464a24531a
host_vars/web17: WordPress 5.1.1
2019-03-13 12:36:11 +02:00
Alan Orth
3e1eddd4b8
Pipfile.lock: run pipenv update
2019-02-26 11:24:34 -08:00
Alan Orth
9bd6222654
host_vars/web17: WordPress 5.1
2019-02-26 11:00:39 -08:00
Alan Orth
18ee583261
roles/common: Don't log brute force SSH attempts
...
This is nice to see that the throttling is working, but the logs are
completely full of this useless crap now.
2019-02-26 10:30:03 -08:00
Alan Orth
329edaee87
roles/common: Rate limit SSH connections in firewalld
...
I think 5 connections per minute is more than enough. Any over this
and it will be logged to the systemd journal as a warning.
See: https://www.win.tue.nl/~vincenth/ssh_rate_limit_firewalld.htm
See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/configuring_complex_firewall_rules_with_the_rich-language_syntax
2019-01-28 14:09:18 +02:00
Alan Orth
bc88e05aa5
Pipfile.lock: Run pipenv update
2019-01-28 14:02:12 +02:00
Alan Orth
bbab45ae6f
Adjust ansible_managed to use comment filter
...
We don't need to comment the ansible_managed block manually.
2019-01-10 12:50:54 +02:00
Alan Orth
e6d5e81d29
ansible.cfg: Adjust ansible_managed template
...
See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html
2019-01-10 12:50:33 +02:00
Alan Orth
a4fe3698e8
pipenv update
2019-01-10 08:07:09 +02:00
Alan Orth
79c1f814ba
host_vars/web17: WordPress 5.0.3
2019-01-10 08:06:56 +02:00
Alan Orth
9921a40c19
roles/common: Update comment
2018-12-20 10:31:18 +02:00
Alan Orth
91356ab364
roles/common: Disable Canonical spam in MOTD
2018-12-20 10:27:52 +02:00
Alan Orth
49cfbc4c47
roles/common: Add missing systemd-journald config
...
I apparently forgot to add this when I committed the systemd-journald
changes a few weeks ago.
2018-12-20 09:59:13 +02:00
Alan Orth
96f14bdda7
roles/common: Remove blank line
2018-12-20 09:57:47 +02:00
Alan Orth
6aed22b633
roles/common: Use one task to remove Ubuntu packages
...
I had previously been removing some packages for security reasons,
then removing others because they were annoying, and yet *others*
because they were annoying on newer Ubuntus only. It is easier to
just unify these tasks and remove them all in one go.
On older Ubuntus where some packages don't exist the task will just
succeed because the package is absent anyways.
2018-12-20 09:54:46 +02:00
Alan Orth
a15faabe32
roles/common: Update apt cache only if it's older than 1 hour
2018-12-20 09:40:10 +02:00
Alan Orth
aeaa96b753
roles/common: Remove s3cmd from Ubuntu packages
...
I'm using tarsnap for backups so I don't need Amazon S3 stuff.
2018-12-20 09:38:51 +02:00
Alan Orth
67172138a1
roles/common: Fix typo
2018-12-20 09:38:10 +02:00
Alan Orth
400926821c
roles/common: Only update apt index if cache is older than 1 hour
2018-12-20 09:37:44 +02:00
Alan Orth
281689e506
roles/common: Use an Ansible fact for Ubuntu packages
2018-12-20 09:36:43 +02:00
Alan Orth
46bbb06527
roles/common: Remove more annoying packages on Ubuntu
...
Ubuntu 16.04 and up install a bunch of their technologies that I'm
not using, like lxc, lxd, and snaps.
2018-12-20 09:31:58 +02:00
Alan Orth
944c99102f
host_vars/web17: WordPress 5.0.2
2018-12-20 09:14:55 +02:00
Alan Orth
b8409ee896
host_vars/web17: WordPress 5.0.1
2018-12-14 11:07:20 +03:00
Alan Orth
691deb4fa7
roles/common: Use a persistent systemd journal
...
The default systemd journal configuration on CentOS 7 and Ubuntu
16.04 does not keep journal logs for multiple boots. This limits
the usefulness of the journal entirely (for example, try to see
sshd logs from even two or three months ago!).
Changing the storage to "persistent" makes systemd keep the logs
on disk in /var/log/journal for up to 2% of the partition size.
2018-12-07 23:46:18 +02:00
Alan Orth
9af82972f7
host_vars/web17: WordPress 5.0
2018-12-07 23:28:09 +02:00
Alan Orth
bdf0a19493
Pipfile.lock: pipenv update
2018-12-02 22:30:47 +02:00
Alan Orth
9b8662eb34
Pipfile.lock: Run pipenv update
...
Ansible 2.7.1
2018-10-28 08:35:55 +02:00
Alan Orth
484ea053cf
Re-create pipenv with Python 3.7 and reinstall packages
2018-10-25 12:01:30 +03:00
Alan Orth
6eb6ab3070
Pipfile.lock: pipenv update
2018-10-11 08:17:02 +03:00
Alan Orth
f19b987f99
host_vars/web17: Use nginx mainline
...
When I deployed this server on Ubuntu 18.04 there were no mainline
nginx builds so I was using stable. Now I see there are builds for
mainline.
2018-08-29 09:23:18 +03:00
Alan Orth
3006536e86
Update pipenv
...
Use Python 3.7 and run pipenv update to lock latest packages.
2018-08-29 09:09:26 +03:00
Alan Orth
6ef6f51966
Remove more Tor relayor stuff
2018-08-29 09:08:12 +03:00
Alan Orth
7aa6384055
host_vars/web17: WordPress 4.9.8
2018-08-05 11:36:27 +03:00
Alan Orth
da615fb368
roles/mariadb: Update my.cnf template
...
Sync from upstream's provided my.cnf.
2018-07-29 16:43:56 +03:00
Alan Orth
b47f66512d
roles/mariadb: Use MariaDB 10.3
...
Also disables the fetching of i386 packages because the mirror does
not appear to have them anymore (and I wasn't using them anyways).
2018-07-29 16:23:24 +03:00
Alan Orth
5d9577bc2d
Pipfile.lock: Run pipenv update
2018-07-29 16:13:43 +03:00
Alan Orth
963bf65099
roles/common: Limit number of SSH authentication attempts
...
The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.
Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.
2018-07-23 13:14:54 +03:00
Alan Orth
4f6d02922a
Run pipenv update and pipenv sync
2018-07-23 13:10:39 +03:00
Alan Orth
edd55124e8
Pipfile: Upgrade to Ansible 2.6.x
2018-07-23 13:09:00 +03:00
Alan Orth
c21207f704
host_vars/web17: WordPress 4.9.7
2018-07-06 10:45:33 +03:00
Alan Orth
9dfc0a2f1c
Pipfile: Pin Ansible < 2.6
...
I haven't tested Ansible 2.6 yet.
See: https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.6.html
2018-07-01 12:00:52 +03:00
Alan Orth
37a7ff4e72
Pipfile.lock: Run pipenv update
2018-06-24 08:59:33 +03:00