Alan Orth
f16b143eac
roles/munin: Update munin-node.conf template
...
We actually need to use /var/log/munin for munin-node on Debian
too, as that's what is created by the package manager during
installation.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-26 23:30:22 +03:00
Alan Orth
24a3724dfe
roles/nginx: Remove spdy_headers_comp
...
It was deprecated when nginx added support for HTTP/2.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-23 18:20:38 +03:00
Alan Orth
a3e71e75d2
roles/nginx: SPDY -> HTTP/2
...
nginx 1.9.5 mainline adds support for HTTP/2 and deprecates SPDY.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-22 19:40:30 +03:00
Alan Orth
110981d9c3
host_vars/web06: Update to WordPress 4.3.1
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-16 10:32:14 +03:00
Alan Orth
973b37be4e
roles/common: Tweak sshd_config to match NSA Suite B recommendations
...
NSA stopped recommending AES-128 in August, 2015...
Before: https://web.archive.org/web/20150403110658/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
After: https://web.archive.org/web/20150815072948/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
I don't see why we shouldn't follow suit; maybe they know something
we don't!
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-02 16:55:51 +03:00
Alan Orth
5c0a7c2c72
group_vars/all: Update TLS cipher suite
...
Use latest Mozilla intermediate suite:
https://wiki.mozilla.org/Security/Server_Side_TLS
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-02 15:11:57 +03:00
Alan Orth
5a92694d5b
host_vars/web06: Remove list of ssh users
...
Only allow access by the provisioning user.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-02 12:25:24 +03:00
Alan Orth
8b336352d7
roles/common: Only allow ssh access by provisioning user
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-02 12:24:11 +03:00
Alan Orth
4b18f91438
Remove host_vars/web05
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-01 11:17:24 +03:00
Alan Orth
bc28cd008c
roles/munin: Allow running on Debian hosts
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-01 00:10:16 +03:00
Alan Orth
abbc9f5073
README.md: Increase header sizes
...
The document is its own namespace, so we should just start with H1
tags. When GitHub displays them in the repo view it wraps the read-
me in an <article> tag anyways.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-31 23:01:35 +03:00
Alan Orth
90d7f239c0
Add web06
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-31 22:51:17 +03:00
Alan Orth
9c70ab29e3
roles/nginx: Rename nginx sources.list template
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 13:24:43 +03:00
Alan Orth
b214bdfae8
roles/nginx: Add Debian support to nginx sources.list template
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 13:22:36 +03:00
Alan Orth
9ad8209fd4
roles/mariadb: Allow MariaDB repo installation on Debian and Ubuntu
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 13:14:46 +03:00
Alan Orth
c480075789
roles/common: Use "interface" instead of "alias" to get interface name in firewalld template
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 12:06:47 +03:00
Alan Orth
9266d48c9f
roles/common: Separate firewalld tasks for Ubuntu and Debian
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 12:06:25 +03:00
Alan Orth
18ca44193d
roles/common: Add sysctl template for Debian hosts
...
Note: I've only tested this on a Debian container, and you can't
set these sysctls on containers (the host controls them). To make
matters worse, there is no fact to make ansible skip this on hosts
that are running in containers. For now I will just skip it on
hosts that are "virtualization" servers... even though we actually
do have KVM running on Debian on real hardware. *sigh*
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:12:17 +03:00
Alan Orth
56df8b38ca
roles/common: Use new cron-apt tasks
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:40 +03:00
Alan Orth
96fe209843
roles/common: Fix mode on Debian 8 sshd_config
...
Accidentally added it with 777.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
7519995153
roles/common: Add Debian 8 sshd_config
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
b4310cfc89
Allow Debian hosts to run Ubuntu stuff
...
Sometimes we mean Ubuntu, other times we mean Debian family. Use
ansible_os_family where we mean Debian family.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
dc24285ec6
roles/common: Use apt_mirror variable in Debian sources
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
28f61d589e
roles/common: Add Debian support to sources.list template
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
e15d1be867
roles/common: Add playbook for Debian packages
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
1fc2453703
roles/common: Add firewalld support
...
Needed in Ubuntu 15.04 where iptables-persistent is going away. I
have added translations of the current IPv4 and IPv6 iptables rules.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
cc3b6d5026
Vagrantfile: Update to vivid (15.04)
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:39 +03:00
Alan Orth
16a0bb9086
roles/nginx: Use utopic (14.10) nginx builds on 15.04
...
Upstream hasn't made 15.04 builds yet...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
Alan Orth
9aaad366f5
roles/common: Only add extras repo on Ubuntu 14.04
...
The Extras repo was discontinued after 14.10 (but the latest we
deploy is 14.04).
See: https://lists.ubuntu.com/archives/technical-board/2015-January/002063.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
Alan Orth
e84f777a6b
roles/common: Bring Ubuntu 15.04 sshd_config up to date with standards
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
Alan Orth
b2dbd138f7
roles/common: Add Ubuntu 15.04 sshd_config
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:02:38 +03:00
Alan Orth
68493beba3
roles/common: Reload sshd instead of restarting
...
No need to restart for a config change.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:01:17 +03:00
Alan Orth
8e0a292b1d
roles/common: Move sshd tasks to their own playbook
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-23 00:00:43 +03:00
Alan Orth
7f929d5b80
roles/common: Remove unused cron-apt files
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-22 23:42:03 +03:00
Alan Orth
fc586a2297
roles/common: Adjust cron-apt stuff
...
- Don't run the static files as templates
- Use a separate playbook for related tasks
- Use a template for security.sources.list
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-22 23:39:22 +03:00
Alan Orth
c535cce6a5
host_vars/web05: Upgrade to WordPress 4.3
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-19 22:54:55 +03:00
Alan Orth
45bf41dc35
host_vars/web05: Update TLS cert for mjanja.ch
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-17 12:37:22 +03:00
Alan Orth
18cca7c203
host_vars/web05: Renew TLS cert for alaninkenya.org
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-15 12:41:45 +03:00
Alan Orth
ce1d64ce66
roles/php5-fpm: Hide HTTP X-Powered-By PHP header
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-09 20:10:11 +03:00
Alan Orth
b904f65cb1
host_vars/web05: Update WordPress to 4.2.4
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-04 18:44:30 +03:00
Alan Orth
e052650443
host_vars/web05: Update to WordPress 4.2.3
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-07-25 12:31:20 +03:00
Alan Orth
d8ac5a7914
Merge pull request #21 from oguya/readme-fixes
...
README.md: Make minor formatting changes
2015-06-28 23:05:15 +03:00
Alan Orth
5989a8873e
Merge pull request #20 from oguya/limit-roles
...
Run roles on Ubuntu hosts only
2015-06-28 23:03:04 +03:00
James Oguya
d4b04ca789
README.md: Make minor formatting changes
...
To enhance readability of long commands, break them into multiple lines
& skip new lines using '\' character.
Use system default libvirt images path & sample preseed file from
ubuntu.com.
Signed-off-by: James Oguya <oguyajames@gmail.com>
2015-06-27 21:35:40 +03:00
James Oguya
95e702e388
Run roles on Ubuntu hosts only
...
I think it's a good idea to only run/include a role if the remote host
is running Ubuntu OS - doesn't hurt to do an extra check even though
the README clearly assumes so.
Signed-off-by: James Oguya <oguyajames@gmail.com>
2015-06-27 20:50:09 +03:00
Alan Orth
75cda0a066
host_vars: Delete old hosts
...
web01, web02, and web04 are no longer used.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-07 12:44:05 +03:00
Alan Orth
6b75d0c87e
README.md: Shorten Vagrant text
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:14:40 +03:00
Alan Orth
78cb49c88b
roles/nginx: Add missing nginx tag to blank vhost task
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:07:50 +03:00
Alan Orth
151fb29687
roles/nginx: Add blank vhost
...
For security and predictability clients should only get a reponse
if they request a hostname we are actually hosting.
If TLS is in use then this will use a self-signed snakeoil cert for
an HTTPS-enabled blank, default vhost.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:07:50 +03:00
Alan Orth
8b77fd7f94
roles/nginx: Templatize SSL parameters using role defaults
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:07:50 +03:00