roles/mariadb: Only create users on 127.0.0.1 and ::1

A few months ago I disabled hostname lookups so only IP addresses work now anyways.
roles/common: Update Tarsnap GPG key
2021-02-13 13:11:28 +02:00 · 2021-02-13 12:57:17 +02:00
7 changed files with 1 additions and 66 deletions
--- a/roles/common/tasks/firewall_Alpine.yml
+++ b/roles/common/tasks/firewall_Alpine.yml
@@ -1,15 +0,0 @@
 ---
 # TODO: configure awall (ipsets?)
 # TODO: configure fail2ban
 - block:
  - name: Set Alpine firewall packages
    set_fact:
      alpine_firewall_packages:
        - awall
        - fail2ban
  - name: Install Alpine firewall packages
    apk: name={{ alpine_firewall_packages }} state=present
 # vim: set sw=2 ts=2:
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -17,11 +17,6 @@
  when: ansible_distribution == 'Ubuntu'
  tags: packages
 - name: Install common packages
  include_tasks: packages_Alpine.yml
  when: ansible_distribution == 'Alpine'
  tags: packages
 - name: Configure firewall
  include_tasks: firewall_Debian.yml
  when: ansible_distribution == 'Debian'
--- a/roles/common/tasks/ntp.yml
+++ b/roles/common/tasks/ntp.yml
@@ -1,7 +1,6 @@
 ---
 # Hosts running Ubuntu 16.04+ and Debian 9+ use systemd init system and should
 # use timedatectl as a network time client instead of the standalone ntp client.
 # Alpine can use chrony.
 - name: Set timezone
  when: timezone is defined and ansible_service_mgr == 'systemd'
@@ -16,8 +15,4 @@
  apt: name=ntp state=absent update_cache=yes
  when: ansible_service_mgr == 'systemd'
 - name: Install chronyd on Alpine
  apt: name=chrony state=present
  when: ansible_distribution == 'Alpine'
 # vim: set ts=2 sw=2:
--- a/roles/common/tasks/packages_Alpine.yml
+++ b/roles/common/tasks/packages_Alpine.yml
@@ -1,28 +0,0 @@
 ---
 # requires: ansible-galaxy collection install community.general
 # TODO: configure tarsnap
 - block:
  - name: Upgrade base OS
    apk: upgrade=yes update_cache=yes
  - name: Set Alpine base packages
    set_fact:
      alpine_base_packages:
      - git
      - tmux
      - htop
      - strace
      - mosh
      - vim
      - unzip
      - zstd
  - name: Install Alpine base packages
    apk: name={{ alpine_base_packages }} state=present update_cache=yes
  #- name: Install tarsnap
  #  import_tasks: tarsnap.yml
  tags: packages
 # vim: set sw=2 ts=2:
--- a/roles/common/tasks/tarsnap.yml
+++ b/roles/common/tasks/tarsnap.yml
@@ -5,7 +5,7 @@
  when: ansible_architecture != 'armv7l'
 - name: Add GPG key for Tarsnap
-  apt_key: id=0xFC72A10BF6B692AA url=https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc state=present
+  apt_key: id=0xBF75EEAB040E447C url=https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc state=present
  register: add_tarsnap_apt_key
 - name: Update apt cache
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -34,10 +34,8 @@
 - name: Update MariaDB root password for all root accounts
  mysql_user: name=root host={{ item }} password={{ mariadb_root_password }} login_unix_socket={{ mariadb_login_unix_socket }}
  loop:
    - "{{ inventory_hostname }}"
    - 127.0.0.1
    - ::1
    - localhost
  tags: mariadb
 - name: Create .my.conf file with root credentials
--- a/vars/Alpine.yml
+++ b/vars/Alpine.yml
@@ -1,10 +0,0 @@
 ---
 # sshd service name is `ssh` on Debian/Ubuntu, but it's
 # `sshd` on CentOS and Alpine
 sshd_service_name: sshd
 # provisioning user vars
 provisioning_user: { name: 'provisioning', home: '/home/provisioning' }
 # vim: set ts=2 sw=2:
Author	SHA1	Message	Date
Alan Orth	db412066b3	roles/mariadb: Only create users on 127.0.0.1 and ::1 A few months ago I disabled hostname lookups so only IP addresses work now anyways.	2021-02-13 13:11:28 +02:00
Alan Orth	63a836e2a7	roles/common: Update Tarsnap GPG key Apparently this changed since I last ran the tarsnap task.	2021-02-13 12:57:17 +02:00