Compare commits

...

22 Commits

Author SHA1 Message Date
73fd06fe3a roles/common: remove cron-apt
Use unattended-upgrades instead. It has sane defaults on Debian at
least (I haven't checked Ubuntu).
2025-04-07 09:51:09 +03:00
88cb3a370e Remove logic for Ubuntu 20.04 and Debian 11 2025-03-29 23:09:44 +03:00
027a43ddbe roles/caddy: use default for encode 2025-03-29 22:49:30 +03:00
bb30c3be20 host_vars/web22: update vhosts 2025-03-29 22:48:19 +03:00
d8d9790d21 roles/nginx: enable nginx ssl_session_tickets
This has apparently been supported since nginx 1.23.2 and is safe
to use the default (on) now.

See: https://github.com/mozilla/server-side-tls/issues/284
2025-03-29 22:35:56 +03:00
9a500ebc0d roles/nginx: disable nginx ssl_prefer_server_ciphers
This is apparently the default and recommended by Mozilla's server-
side SSL configurator also recommends. This lets the client choose
the ciphers best for them (and the ciphers in TLS 1.2 and 1.3 are
not currently known to be dangerous).
2025-03-29 22:34:41 +03:00
4bae942585 roles/nginx: add nginx ssl_ecdh_curve
This seems to be new since I last looked at the Mozilla server-side
SSL configurator.
2025-03-29 22:34:37 +03:00
99866c0c90 roles/nginx: use one day for nginx ssl_session_timeout
This is a new default since I last looked at the Mozilla server-side
SSL configurator.
2025-03-29 22:34:32 +03:00
0afb8a4493 roles/nginx: update nginx ssl_buffer_size
The old default has not been changed in eight years and I see that
there have been some discussions over the years about this. I will
change this from the slightly extreme 1400 bytes to 4k (nginx def-
ault is still 16k so this is more "optimal" for HTML/CSS content).

See: https://github.com/igrigorik/istlsfastyet.com/issues/63
2025-03-29 22:34:27 +03:00
506695da31 roles/nginx/defaults: update version comments 2025-03-29 22:24:49 +03:00
f67ed7762c roles/nginx: fix http2 syntax 2025-03-29 22:20:49 +03:00
014f4d9502 roles/nginx: add newline 2025-03-29 22:19:41 +03:00
22c16e1ed3 roles/caddy/templates: closer to supporting WordPress
I still wouldn't want to deploy WordPress on Caddy until it's more
obvious and standard to block paths that shouldn't be accessible.
It seems that this is still left as an exercise to the site admin.

This discussion has some tips, but it is four years old and hasn't
changed since I last looked.

See: https://caddy.community/t/using-caddy-to-harden-wordpress/13575
2025-03-29 22:09:37 +03:00
5aa6a33e51 roles/php-fpm: set user and group based on webserver
We use either caddy or nginx, which are conveniently named the same
as the Unix user and group.
2025-03-29 21:01:56 +03:00
7f9b06af9c roles/nginx: smarter setting of document root 2025-03-29 19:34:53 +03:00
84db337fea roles/caddy: smarter setting of document root 2025-03-29 19:33:02 +03:00
7b23f5f94f roles/caddy: add missing tag 2025-03-29 19:16:03 +03:00
9830338be3 Use one default root prefix for nginx and caddy 2025-03-29 19:15:56 +03:00
e3eed26765 roles/caddy: update vhost template 2025-03-29 18:37:28 +03:00
8b31c7e148 host_vars/web22: WordPress 6.7.2 2025-03-29 16:10:23 +03:00
3ff8043aaf Pipfile.lock: run pipenv update 2025-03-29 15:30:08 +03:00
cb79f7ef70 roles/common: minor change to firehol update script
They include bogons like 127.0.0.1 that should not be routed on the
public Internet, but this blocks local applications we proxy to.
2025-01-28 09:14:48 +03:00
24 changed files with 413 additions and 2891 deletions

387
Pipfile.lock generated
View File

@ -18,73 +18,73 @@
"default": {
"ansible": {
"hashes": [
"sha256:bbaf7073993f019fc0293fc8b76c7b215081831957c28eb020f12c270a16e8f0",
"sha256:d01b425990d960d2a33fc378e1b73dbca1c0e28bc22f4056ab6b3c8e9ae74fba"
"sha256:d25a7f26bf5821f8043bc806019822fd2810bd65e6b6bafb698bbeedadba72bf",
"sha256:fb56f6e5d5b08f69499a76f0972ac0b88ddc488ada1f386129ba40cb0b5c6ec7"
],
"index": "pypi",
"markers": "python_version >= '3.11'",
"version": "==11.1.0"
"version": "==11.4.0"
},
"ansible-compat": {
"hashes": [
"sha256:d8befd5c632c5ea0486f0537dea0fd0bb3340aabcc079025a373689150890b57",
"sha256:e6d696b0ffe098af2fae7c5b2085fe8fd92c9ed8cb938fe77c8c87af0f2da056"
"sha256:25acf1bb49d8072e2737fc109fa9aa981ca9fed17b075af3c812635dad48ba2a",
"sha256:ebf8620021dd25c2d7c3e8e9382efbe7328db58ea396cbbe688ebef80dc8f8ae"
],
"markers": "python_version >= '3.10'",
"version": "==25.1.0"
"version": "==25.1.4"
},
"ansible-core": {
"hashes": [
"sha256:14cac1f92bbdae881cb0616eddeb17925e8cb507e486087975e724533d9de74f",
"sha256:4a312e416e09c7271188d6b8e2b1062fc6834fefd6a1814d0e02fb8aadb3e1ba"
"sha256:c642d484c1d3486a923b152150034eddd5cdf4bea58039c928183900fb35d8ba",
"sha256:e1f8f5c33546362b0ee933e0969a3ba364b486515a6fa1bc25ebb5d95f8ec5f4"
],
"markers": "python_version >= '3.11'",
"version": "==2.18.1"
"version": "==2.18.4"
},
"ansible-lint": {
"hashes": [
"sha256:9553b2aee124999b2005140bf27619793910454fcf2381e25ceb5b21f7384eed",
"sha256:e4d657578a8354832a84a1d5a2b9225a78b9c5fefa8880506b7fa0347d6b5f7e"
"sha256:b68b2149423246ec6369be86df2b79e3555b2b71507e4f7915671ec77381fa2b",
"sha256:ff92b31c83a2366381907e21c9a9d4de57f0cd7574e9943ea1b7e32b371f31a2"
],
"index": "pypi",
"markers": "python_version >= '3.10'",
"version": "==25.1.0"
"version": "==25.1.3"
},
"attrs": {
"hashes": [
"sha256:1c97078a80c814273a76b2a298a932eb681c87415c11dee0a6921de7f1b02c3e",
"sha256:c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a"
"sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3",
"sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b"
],
"markers": "python_version >= '3.8'",
"version": "==25.1.0"
"version": "==25.3.0"
},
"black": {
"hashes": [
"sha256:14b3502784f09ce2443830e3133dacf2c0110d45191ed470ecb04d0f5f6fcb0f",
"sha256:17374989640fbca88b6a448129cd1745c5eb8d9547b464f281b251dd00155ccd",
"sha256:1c536fcf674217e87b8cc3657b81809d3c085d7bf3ef262ead700da345bfa6ea",
"sha256:1cbacacb19e922a1d75ef2b6ccaefcd6e93a2c05ede32f06a21386a04cedb981",
"sha256:1f93102e0c5bb3907451063e08b9876dbeac810e7da5a8bfb7aeb5a9ef89066b",
"sha256:2cd9c95431d94adc56600710f8813ee27eea544dd118d45896bb734e9d7a0dc7",
"sha256:30d2c30dc5139211dda799758559d1b049f7f14c580c409d6ad925b74a4208a8",
"sha256:394d4ddc64782e51153eadcaaca95144ac4c35e27ef9b0a42e121ae7e57a9175",
"sha256:3bb2b7a1f7b685f85b11fed1ef10f8a9148bceb49853e47a294a3dd963c1dd7d",
"sha256:4007b1393d902b48b36958a216c20c4482f601569d19ed1df294a496eb366392",
"sha256:5a2221696a8224e335c28816a9d331a6c2ae15a2ee34ec857dcf3e45dbfa99ad",
"sha256:63f626344343083322233f175aaf372d326de8436f5928c042639a4afbbf1d3f",
"sha256:649fff99a20bd06c6f727d2a27f401331dc0cc861fb69cde910fe95b01b5928f",
"sha256:680359d932801c76d2e9c9068d05c6b107f2584b2a5b88831c83962eb9984c1b",
"sha256:846ea64c97afe3bc677b761787993be4991810ecc7a4a937816dd6bddedc4875",
"sha256:b5e39e0fae001df40f95bd8cc36b9165c5e2ea88900167bddf258bacef9bbdc3",
"sha256:ccfa1d0cb6200857f1923b602f978386a3a2758a65b52e0950299ea014be6800",
"sha256:d37d422772111794b26757c5b55a3eade028aa3fde43121ab7b673d050949d65",
"sha256:ddacb691cdcdf77b96f549cf9591701d8db36b2f19519373d60d31746068dbf2",
"sha256:e6668650ea4b685440857138e5fe40cde4d652633b1bdffc62933d0db4ed9812",
"sha256:f9da3333530dbcecc1be13e69c250ed8dfa67f43c4005fb537bb426e19200d50",
"sha256:fe4d6476887de70546212c99ac9bd803d90b42fc4767f058a0baa895013fbb3e"
"sha256:030b9759066a4ee5e5aca28c3c77f9c64789cdd4de8ac1df642c40b708be6171",
"sha256:055e59b198df7ac0b7efca5ad7ff2516bca343276c466be72eb04a3bcc1f82d7",
"sha256:0e519ecf93120f34243e6b0054db49c00a35f84f195d5bce7e9f5cfc578fc2da",
"sha256:172b1dbff09f86ce6f4eb8edf9dede08b1fce58ba194c87d7a4f1a5aa2f5b3c2",
"sha256:1e2978f6df243b155ef5fa7e558a43037c3079093ed5d10fd84c43900f2d8ecc",
"sha256:33496d5cd1222ad73391352b4ae8da15253c5de89b93a80b3e2c8d9a19ec2666",
"sha256:3b48735872ec535027d979e8dcb20bf4f70b5ac75a8ea99f127c106a7d7aba9f",
"sha256:4b60580e829091e6f9238c848ea6750efed72140b91b048770b64e74fe04908b",
"sha256:759e7ec1e050a15f89b770cefbf91ebee8917aac5c20483bc2d80a6c3a04df32",
"sha256:8f0b18a02996a836cc9c9c78e5babec10930862827b1b724ddfe98ccf2f2fe4f",
"sha256:95e8176dae143ba9097f351d174fdaf0ccd29efb414b362ae3fd72bf0f710717",
"sha256:96c1c7cd856bba8e20094e36e0f948718dc688dba4a9d78c3adde52b9e6c2299",
"sha256:a1ee0a0c330f7b5130ce0caed9936a904793576ef4d2b98c40835d6a65afa6a0",
"sha256:a22f402b410566e2d1c950708c77ebf5ebd5d0d88a6a2e87c86d9fb48afa0d18",
"sha256:a39337598244de4bae26475f77dda852ea00a93bd4c728e09eacd827ec929df0",
"sha256:afebb7098bfbc70037a053b91ae8437c3857482d3a690fefc03e9ff7aa9a5fd3",
"sha256:bacabb307dca5ebaf9c118d2d2f6903da0d62c9faa82bd21a33eecc319559355",
"sha256:bce2e264d59c91e52d8000d507eb20a9aca4a778731a08cfff7e5ac4a4bb7096",
"sha256:d9e6827d563a2c820772b32ce8a42828dc6790f095f441beef18f96aa6f8294e",
"sha256:db8ea9917d6f8fc62abd90d944920d95e73c83a5ee3383493e35d271aca872e9",
"sha256:ea0213189960bda9cf99be5b8c8ce66bb054af5e9e861249cd23471bd7b0b3ba",
"sha256:f3df5f1bf91d36002b0a75389ca8663510cf0531cca8aa5c1ef695b46d98655f"
],
"markers": "python_version >= '3.9'",
"version": "==24.10.0"
"version": "==25.1.0"
},
"bracex": {
"hashes": [
@ -177,44 +177,52 @@
},
"cryptography": {
"hashes": [
"sha256:1923cb251c04be85eec9fda837661c67c1049063305d6be5721643c22dd4e2b7",
"sha256:37d76e6863da3774cd9db5b409a9ecfd2c71c981c38788d3fcfaf177f447b731",
"sha256:3c672a53c0fb4725a29c303be906d3c1fa99c32f58abe008a82705f9ee96f40b",
"sha256:404fdc66ee5f83a1388be54300ae978b2efd538018de18556dde92575e05defc",
"sha256:4ac4c9f37eba52cb6fbeaf5b59c152ea976726b865bd4cf87883a7e7006cc543",
"sha256:62901fb618f74d7d81bf408c8719e9ec14d863086efe4185afd07c352aee1d2c",
"sha256:660cb7312a08bc38be15b696462fa7cc7cd85c3ed9c576e81f4dc4d8b2b31591",
"sha256:708ee5f1bafe76d041b53a4f95eb28cdeb8d18da17e597d46d7833ee59b97ede",
"sha256:761817a3377ef15ac23cd7834715081791d4ec77f9297ee694ca1ee9c2c7e5eb",
"sha256:831c3c4d0774e488fdc83a1923b49b9957d33287de923d58ebd3cec47a0ae43f",
"sha256:84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123",
"sha256:8b3e6eae66cf54701ee7d9c83c30ac0a1e3fa17be486033000f2a73a12ab507c",
"sha256:9e6fc8a08e116fb7c7dd1f040074c9d7b51d74a8ea40d4df2fc7aa08b76b9e6c",
"sha256:a01956ddfa0a6790d594f5b34fc1bfa6098aca434696a03cfdbe469b8ed79285",
"sha256:abc998e0c0eee3c8a1904221d3f67dcfa76422b23620173e28c11d3e626c21bd",
"sha256:b15492a11f9e1b62ba9d73c210e2416724633167de94607ec6069ef724fad092",
"sha256:be4ce505894d15d5c5037167ffb7f0ae90b7be6f2a98f9a5c3442395501c32fa",
"sha256:c5eb858beed7835e5ad1faba59e865109f3e52b3783b9ac21e7e47dc5554e289",
"sha256:cd4e834f340b4293430701e772ec543b0fbe6c2dea510a5286fe0acabe153a02",
"sha256:d2436114e46b36d00f8b72ff57e598978b37399d2786fd39793c36c6d5cb1c64",
"sha256:eb33480f1bad5b78233b0ad3e1b0be21e8ef1da745d8d2aecbb20671658b9053",
"sha256:eca27345e1214d1b9f9490d200f9db5a874479be914199194e746c893788d417",
"sha256:ed3534eb1090483c96178fcb0f8893719d96d5274dfde98aa6add34614e97c8e",
"sha256:f3f6fdfa89ee2d9d496e2c087cebef9d4fcbb0ad63c40e821b39f74bf48d9c5e",
"sha256:f53c2c87e0fb4b0c00fa9571082a057e37690a8f12233306161c8f4b819960b7",
"sha256:f5e7cb1e5e56ca0933b4873c0220a78b773b24d40d186b6738080b73d3d0a756",
"sha256:f677e1268c4e23420c3acade68fac427fffcb8d19d7df95ed7ad17cdef8404f4"
"sha256:04abd71114848aa25edb28e225ab5f268096f44cf0127f3d36975bdf1bdf3390",
"sha256:0529b1d5a0105dd3731fa65680b45ce49da4d8115ea76e9da77a875396727b41",
"sha256:1bc312dfb7a6e5d66082c87c34c8a62176e684b6fe3d90fcfe1568de675e6688",
"sha256:268e4e9b177c76d569e8a145a6939eca9a5fec658c932348598818acf31ae9a5",
"sha256:29ecec49f3ba3f3849362854b7253a9f59799e3763b0c9d0826259a88efa02f1",
"sha256:2bf7bf75f7df9715f810d1b038870309342bff3069c5bd8c6b96128cb158668d",
"sha256:3b721b8b4d948b218c88cb8c45a01793483821e709afe5f622861fc6182b20a7",
"sha256:3c00b6b757b32ce0f62c574b78b939afab9eecaf597c4d624caca4f9e71e7843",
"sha256:3dc62975e31617badc19a906481deacdeb80b4bb454394b4098e3f2525a488c5",
"sha256:4973da6ca3db4405c54cd0b26d328be54c7747e89e284fcff166132eb7bccc9c",
"sha256:4e389622b6927d8133f314949a9812972711a111d577a5d1f4bee5e58736b80a",
"sha256:51e4de3af4ec3899d6d178a8c005226491c27c4ba84101bfb59c901e10ca9f79",
"sha256:5f6f90b72d8ccadb9c6e311c775c8305381db88374c65fa1a68250aa8a9cb3a6",
"sha256:6210c05941994290f3f7f175a4a57dbbb2afd9273657614c506d5976db061181",
"sha256:6f101b1f780f7fc613d040ca4bdf835c6ef3b00e9bd7125a4255ec574c7916e4",
"sha256:7bdcd82189759aba3816d1f729ce42ffded1ac304c151d0a8e89b9996ab863d5",
"sha256:7ca25849404be2f8e4b3c59483d9d3c51298a22c1c61a0e84415104dacaf5562",
"sha256:81276f0ea79a208d961c433a947029e1a15948966658cf6710bbabb60fcc2639",
"sha256:8cadc6e3b5a1f144a039ea08a0bdb03a2a92e19c46be3285123d32029f40a922",
"sha256:8e0ddd63e6bf1161800592c71ac794d3fb8001f2caebe0966e77c5234fa9efc3",
"sha256:909c97ab43a9c0c0b0ada7a1281430e4e5ec0458e6d9244c0e821bbf152f061d",
"sha256:96e7a5e9d6e71f9f4fca8eebfd603f8e86c5225bb18eb621b2c1e50b290a9471",
"sha256:9a1e657c0f4ea2a23304ee3f964db058c9e9e635cc7019c4aa21c330755ef6fd",
"sha256:9eb9d22b0a5d8fd9925a7764a054dca914000607dff201a24c791ff5c799e1fa",
"sha256:af4ff3e388f2fa7bff9f7f2b31b87d5651c45731d3e8cfa0944be43dff5cfbdb",
"sha256:b042d2a275c8cee83a4b7ae30c45a15e6a4baa65a179a0ec2d78ebb90e4f6699",
"sha256:bc821e161ae88bfe8088d11bb39caf2916562e0a2dc7b6d56714a48b784ef0bb",
"sha256:c505d61b6176aaf982c5717ce04e87da5abc9a36a5b39ac03905c4aafe8de7aa",
"sha256:c63454aa261a0cf0c5b4718349629793e9e634993538db841165b3df74f37ec0",
"sha256:c7362add18b416b69d58c910caa217f980c5ef39b23a38a0880dfd87bdf8cd23",
"sha256:d03806036b4f89e3b13b6218fefea8d5312e450935b1a2d55f0524e2ed7c59d9",
"sha256:d1b3031093a366ac767b3feb8bcddb596671b3aaff82d4050f984da0c248b615",
"sha256:d1c3572526997b36f245a96a2b1713bf79ce99b271bbcf084beb6b9b075f29ea",
"sha256:efcfe97d1b3c79e486554efddeb8f6f53a4cdd4cf6086642784fa31fc384e1d7",
"sha256:f514ef4cd14bb6fb484b4a60203e912cfcb64f2ab139e88c2274511514bf7308"
],
"markers": "python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'",
"version": "==44.0.0"
"version": "==44.0.2"
},
"filelock": {
"hashes": [
"sha256:533dc2f7ba78dc2f0f531fc6c4940addf7b70a481e269a5a3b93be94ffbe8338",
"sha256:ee4e77401ef576ebb38cd7f13b9b28893194acc20a8e68e18730ba9c0e54660e"
"sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2",
"sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de"
],
"markers": "python_version >= '3.9'",
"version": "==3.17.0"
"version": "==3.18.0"
},
"importlib-metadata": {
"hashes": [
@ -226,11 +234,11 @@
},
"jinja2": {
"hashes": [
"sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb",
"sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"
"sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d",
"sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67"
],
"markers": "python_version >= '3.7'",
"version": "==3.1.5"
"version": "==3.1.6"
},
"jsonschema": {
"hashes": [
@ -357,11 +365,11 @@
},
"platformdirs": {
"hashes": [
"sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907",
"sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb"
"sha256:a03875334331946f13c549dbd8f4bac7a13a50a895a0eb1e8c6a8ace80d40a94",
"sha256:eb437d586b6a0986388f0d6f74aa0cde27b48d0e3d66843640bfb6bdcdb6e351"
],
"markers": "python_version >= '3.8'",
"version": "==4.3.6"
"markers": "python_version >= '3.9'",
"version": "==4.3.7"
},
"pycparser": {
"hashes": [
@ -463,112 +471,123 @@
},
"rpds-py": {
"hashes": [
"sha256:009de23c9c9ee54bf11303a966edf4d9087cd43a6003672e6aa7def643d06518",
"sha256:02fbb9c288ae08bcb34fb41d516d5eeb0455ac35b5512d03181d755d80810059",
"sha256:0a0461200769ab3b9ab7e513f6013b7a97fdeee41c29b9db343f3c5a8e2b9e61",
"sha256:0b09865a9abc0ddff4e50b5ef65467cd94176bf1e0004184eb915cbc10fc05c5",
"sha256:0b8db6b5b2d4491ad5b6bdc2bc7c017eec108acbf4e6785f42a9eb0ba234f4c9",
"sha256:0c150c7a61ed4a4f4955a96626574e9baf1adf772c2fb61ef6a5027e52803543",
"sha256:0f3cec041684de9a4684b1572fe28c7267410e02450f4561700ca5a3bc6695a2",
"sha256:1352ae4f7c717ae8cba93421a63373e582d19d55d2ee2cbb184344c82d2ae55a",
"sha256:177c7c0fce2855833819c98e43c262007f42ce86651ffbb84f37883308cb0e7d",
"sha256:1978d0021e943aae58b9b0b196fb4895a25cc53d3956b8e35e0b7682eefb6d56",
"sha256:1a60bce91f81ddaac922a40bbb571a12c1070cb20ebd6d49c48e0b101d87300d",
"sha256:1aef18820ef3e4587ebe8b3bc9ba6e55892a6d7b93bac6d29d9f631a3b4befbd",
"sha256:1e9663daaf7a63ceccbbb8e3808fe90415b0757e2abddbfc2e06c857bf8c5e2b",
"sha256:20070c65396f7373f5df4005862fa162db5d25d56150bddd0b3e8214e8ef45b4",
"sha256:214b7a953d73b5e87f0ebece4a32a5bd83c60a3ecc9d4ec8f1dca968a2d91e99",
"sha256:22bebe05a9ffc70ebfa127efbc429bc26ec9e9b4ee4d15a740033efda515cf3d",
"sha256:24e8abb5878e250f2eb0d7859a8e561846f98910326d06c0d51381fed59357bd",
"sha256:26fd7cac7dd51011a245f29a2cc6489c4608b5a8ce8d75661bb4a1066c52dfbe",
"sha256:27b1d3b3915a99208fee9ab092b8184c420f2905b7d7feb4aeb5e4a9c509b8a1",
"sha256:27e98004595899949bd7a7b34e91fa7c44d7a97c40fcaf1d874168bb652ec67e",
"sha256:2b8f60e1b739a74bab7e01fcbe3dddd4657ec685caa04681df9d562ef15b625f",
"sha256:2de29005e11637e7a2361fa151f780ff8eb2543a0da1413bb951e9f14b699ef3",
"sha256:2e8b55d8517a2fda8d95cb45d62a5a8bbf9dd0ad39c5b25c8833efea07b880ca",
"sha256:2fa4331c200c2521512595253f5bb70858b90f750d39b8cbfd67465f8d1b596d",
"sha256:3445e07bf2e8ecfeef6ef67ac83de670358abf2996916039b16a218e3d95e97e",
"sha256:3453e8d41fe5f17d1f8e9c383a7473cd46a63661628ec58e07777c2fff7196dc",
"sha256:378753b4a4de2a7b34063d6f95ae81bfa7b15f2c1a04a9518e8644e81807ebea",
"sha256:3af6e48651c4e0d2d166dc1b033b7042ea3f871504b6805ba5f4fe31581d8d38",
"sha256:3dfcbc95bd7992b16f3f7ba05af8a64ca694331bd24f9157b49dadeeb287493b",
"sha256:3f21f0495edea7fdbaaa87e633a8689cd285f8f4af5c869f27bc8074638ad69c",
"sha256:4041711832360a9b75cfb11b25a6a97c8fb49c07b8bd43d0d02b45d0b499a4ff",
"sha256:44d61b4b7d0c2c9ac019c314e52d7cbda0ae31078aabd0f22e583af3e0d79723",
"sha256:4617e1915a539a0d9a9567795023de41a87106522ff83fbfaf1f6baf8e85437e",
"sha256:4b232061ca880db21fa14defe219840ad9b74b6158adb52ddf0e87bead9e8493",
"sha256:5246b14ca64a8675e0a7161f7af68fe3e910e6b90542b4bfb5439ba752191df6",
"sha256:5725dd9cc02068996d4438d397e255dcb1df776b7ceea3b9cb972bdb11260a83",
"sha256:583f6a1993ca3369e0f80ba99d796d8e6b1a3a2a442dd4e1a79e652116413091",
"sha256:59259dc58e57b10e7e18ce02c311804c10c5a793e6568f8af4dead03264584d1",
"sha256:593eba61ba0c3baae5bc9be2f5232430453fb4432048de28399ca7376de9c627",
"sha256:59f4a79c19232a5774aee369a0c296712ad0e77f24e62cad53160312b1c1eaa1",
"sha256:5f0e260eaf54380380ac3808aa4ebe2d8ca28b9087cf411649f96bad6900c728",
"sha256:62d9cfcf4948683a18a9aff0ab7e1474d407b7bab2ca03116109f8464698ab16",
"sha256:64607d4cbf1b7e3c3c8a14948b99345eda0e161b852e122c6bb71aab6d1d798c",
"sha256:655ca44a831ecb238d124e0402d98f6212ac527a0ba6c55ca26f616604e60a45",
"sha256:666ecce376999bf619756a24ce15bb14c5bfaf04bf00abc7e663ce17c3f34fe7",
"sha256:68049202f67380ff9aa52f12e92b1c30115f32e6895cd7198fa2a7961621fc5a",
"sha256:69803198097467ee7282750acb507fba35ca22cc3b85f16cf45fb01cb9097730",
"sha256:6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967",
"sha256:6dd9412824c4ce1aca56c47b0991e65bebb7ac3f4edccfd3f156150c96a7bf25",
"sha256:70eb60b3ae9245ddea20f8a4190bd79c705a22f8028aaf8bbdebe4716c3fab24",
"sha256:70fb28128acbfd264eda9bf47015537ba3fe86e40d046eb2963d75024be4d055",
"sha256:7b2513ba235829860b13faa931f3b6846548021846ac808455301c23a101689d",
"sha256:7ef9d9da710be50ff6809fed8f1963fecdfecc8b86656cadfca3bc24289414b0",
"sha256:81e69b0a0e2537f26d73b4e43ad7bc8c8efb39621639b4434b76a3de50c6966e",
"sha256:8633e471c6207a039eff6aa116e35f69f3156b3989ea3e2d755f7bc41754a4a7",
"sha256:8bd7c8cfc0b8247c8799080fbff54e0b9619e17cdfeb0478ba7295d43f635d7c",
"sha256:9253fc214112405f0afa7db88739294295f0e08466987f1d70e29930262b4c8f",
"sha256:99b37292234e61325e7a5bb9689e55e48c3f5f603af88b1642666277a81f1fbd",
"sha256:9bd7228827ec7bb817089e2eb301d907c0d9827a9e558f22f762bb690b131652",
"sha256:9beeb01d8c190d7581a4d59522cd3d4b6887040dcfc744af99aa59fef3e041a8",
"sha256:a63cbdd98acef6570c62b92a1e43266f9e8b21e699c363c0fef13bd530799c11",
"sha256:a76e42402542b1fae59798fab64432b2d015ab9d0c8c47ba7addddbaf7952333",
"sha256:ac0a03221cdb5058ce0167ecc92a8c89e8d0decdc9e99a2ec23380793c4dcb96",
"sha256:b0b4136a252cadfa1adb705bb81524eee47d9f6aab4f2ee4fa1e9d3cd4581f64",
"sha256:b25bc607423935079e05619d7de556c91fb6adeae9d5f80868dde3468657994b",
"sha256:b3d504047aba448d70cf6fa22e06cb09f7cbd761939fdd47604f5e007675c24e",
"sha256:bb47271f60660803ad11f4c61b42242b8c1312a31c98c578f79ef9387bbde21c",
"sha256:bbb232860e3d03d544bc03ac57855cd82ddf19c7a07651a7c0fdb95e9efea8b9",
"sha256:bc27863442d388870c1809a87507727b799c8460573cfbb6dc0eeaef5a11b5ec",
"sha256:bc51abd01f08117283c5ebf64844a35144a0843ff7b2983e0648e4d3d9f10dbb",
"sha256:be2eb3f2495ba669d2a985f9b426c1797b7d48d6963899276d22f23e33d47e37",
"sha256:bf9db5488121b596dbfc6718c76092fda77b703c1f7533a226a5a9f65248f8ad",
"sha256:c58e2339def52ef6b71b8f36d13c3688ea23fa093353f3a4fee2556e62086ec9",
"sha256:cfbc454a2880389dbb9b5b398e50d439e2e58669160f27b60e5eca11f68ae17c",
"sha256:cff63a0272fcd259dcc3be1657b07c929c466b067ceb1c20060e8d10af56f5bf",
"sha256:d115bffdd417c6d806ea9069237a4ae02f513b778e3789a359bc5856e0404cc4",
"sha256:d20cfb4e099748ea39e6f7b16c91ab057989712d31761d3300d43134e26e165f",
"sha256:d48424e39c2611ee1b84ad0f44fb3b2b53d473e65de061e3f460fc0be5f1939d",
"sha256:e0fa2d4ec53dc51cf7d3bb22e0aa0143966119f42a0c3e4998293a3dd2856b09",
"sha256:e32fee8ab45d3c2db6da19a5323bc3362237c8b653c70194414b892fd06a080d",
"sha256:e35ba67d65d49080e8e5a1dd40101fccdd9798adb9b050ff670b7d74fa41c566",
"sha256:e3fb866d9932a3d7d0c82da76d816996d1667c44891bd861a0f97ba27e84fc74",
"sha256:e61b02c3f7a1e0b75e20c3978f7135fd13cb6cf551bf4a6d29b999a88830a338",
"sha256:e67ba3c290821343c192f7eae1d8fd5999ca2dc99994114643e2f2d3e6138b15",
"sha256:e79dd39f1e8c3504be0607e5fc6e86bb60fe3584bec8b782578c3b0fde8d932c",
"sha256:e89391e6d60251560f0a8f4bd32137b077a80d9b7dbe6d5cab1cd80d2746f648",
"sha256:ea7433ce7e4bfc3a85654aeb6747babe3f66eaf9a1d0c1e7a4435bbdf27fea84",
"sha256:eaf16ae9ae519a0e237a0f528fd9f0197b9bb70f40263ee57ae53c2b8d48aeb3",
"sha256:eb0c341fa71df5a4595f9501df4ac5abfb5a09580081dffbd1ddd4654e6e9123",
"sha256:f276b245347e6e36526cbd4a266a417796fc531ddf391e43574cf6466c492520",
"sha256:f47ad3d5f3258bd7058d2d506852217865afefe6153a36eb4b6928758041d831",
"sha256:f56a6b404f74ab372da986d240e2e002769a7d7102cc73eb238a4f72eec5284e",
"sha256:f5cf2a0c2bdadf3791b5c205d55a37a54025c6e18a71c71f82bb536cf9a454bf",
"sha256:f5d36399a1b96e1a5fdc91e0522544580dbebeb1f77f27b2b0ab25559e103b8b",
"sha256:f60bd8423be1d9d833f230fdbccf8f57af322d96bcad6599e5a771b151398eb2",
"sha256:f612463ac081803f243ff13cccc648578e2279295048f2a8d5eb430af2bae6e3",
"sha256:f73d3fef726b3243a811121de45193c0ca75f6407fe66f3f4e183c983573e130",
"sha256:f82a116a1d03628a8ace4859556fb39fd1424c933341a08ea3ed6de1edb0283b",
"sha256:fb0ba113b4983beac1a2eb16faffd76cb41e176bf58c4afe3e14b9c681f702de",
"sha256:fb4f868f712b2dd4bcc538b0a0c1f63a2b1d584c925e69a224d759e7070a12d5",
"sha256:fb6116dfb8d1925cbdb52595560584db42a7f664617a1f7d7f6e32f138cdf37d",
"sha256:fda7cb070f442bf80b642cd56483b5548e43d366fe3f39b98e67cce780cded00",
"sha256:feea821ee2a9273771bae61194004ee2fc33f8ec7db08117ef9147d4bbcbca8e"
"sha256:0047638c3aa0dbcd0ab99ed1e549bbf0e142c9ecc173b6492868432d8989a046",
"sha256:006f4342fe729a368c6df36578d7a348c7c716be1da0a1a0f86e3021f8e98724",
"sha256:041f00419e1da7a03c46042453598479f45be3d787eb837af382bfc169c0db33",
"sha256:04ecf5c1ff4d589987b4d9882872f80ba13da7d42427234fce8f22efb43133bc",
"sha256:04f2b712a2206e13800a8136b07aaedc23af3facab84918e7aa89e4be0260032",
"sha256:0aeb3329c1721c43c58cae274d7d2ca85c1690d89485d9c63a006cb79a85771a",
"sha256:0e374c0ce0ca82e5b67cd61fb964077d40ec177dd2c4eda67dba130de09085c7",
"sha256:0f00c16e089282ad68a3820fd0c831c35d3194b7cdc31d6e469511d9bffc535c",
"sha256:174e46569968ddbbeb8a806d9922f17cd2b524aa753b468f35b97ff9c19cb718",
"sha256:1b221c2457d92a1fb3c97bee9095c874144d196f47c038462ae6e4a14436f7bc",
"sha256:208b3a70a98cf3710e97cabdc308a51cd4f28aa6e7bb11de3d56cd8b74bab98d",
"sha256:20f2712bd1cc26a3cc16c5a1bfee9ed1abc33d4cdf1aabd297fe0eb724df4272",
"sha256:24795c099453e3721fda5d8ddd45f5dfcc8e5a547ce7b8e9da06fecc3832e26f",
"sha256:2a0f156e9509cee987283abd2296ec816225145a13ed0391df8f71bf1d789e2d",
"sha256:2b2356688e5d958c4d5cb964af865bea84db29971d3e563fb78e46e20fe1848b",
"sha256:2c13777ecdbbba2077670285dd1fe50828c8742f6a4119dbef6f83ea13ad10fb",
"sha256:2d3ee4615df36ab8eb16c2507b11e764dcc11fd350bbf4da16d09cda11fcedef",
"sha256:2d53747da70a4e4b17f559569d5f9506420966083a31c5fbd84e764461c4444b",
"sha256:32bab0a56eac685828e00cc2f5d1200c548f8bc11f2e44abf311d6b548ce2e45",
"sha256:34d90ad8c045df9a4259c47d2e16a3f21fdb396665c94520dbfe8766e62187a4",
"sha256:369d9c6d4c714e36d4a03957b4783217a3ccd1e222cdd67d464a3a479fc17796",
"sha256:3a55fc10fdcbf1a4bd3c018eea422c52cf08700cf99c28b5cb10fe97ab77a0d3",
"sha256:3d2d8e4508e15fc05b31285c4b00ddf2e0eb94259c2dc896771966a163122a0c",
"sha256:3fab5f4a2c64a8fb64fc13b3d139848817a64d467dd6ed60dcdd6b479e7febc9",
"sha256:43dba99f00f1d37b2a0265a259592d05fcc8e7c19d140fe51c6e6f16faabeb1f",
"sha256:44d51febb7a114293ffd56c6cf4736cb31cd68c0fddd6aa303ed09ea5a48e029",
"sha256:493fe54318bed7d124ce272fc36adbf59d46729659b2c792e87c3b95649cdee9",
"sha256:4b28e5122829181de1898c2c97f81c0b3246d49f585f22743a1246420bb8d399",
"sha256:4cd031e63bc5f05bdcda120646a0d32f6d729486d0067f09d79c8db5368f4586",
"sha256:528927e63a70b4d5f3f5ccc1fa988a35456eb5d15f804d276709c33fc2f19bda",
"sha256:564c96b6076a98215af52f55efa90d8419cc2ef45d99e314fddefe816bc24f91",
"sha256:5db385bacd0c43f24be92b60c857cf760b7f10d8234f4bd4be67b5b20a7c0b6b",
"sha256:5ef877fa3bbfb40b388a5ae1cb00636a624690dcb9a29a65267054c9ea86d88a",
"sha256:5f6e3cec44ba05ee5cbdebe92d052f69b63ae792e7d05f1020ac5e964394080c",
"sha256:5fc13b44de6419d1e7a7e592a4885b323fbc2f46e1f22151e3a8ed3b8b920405",
"sha256:60748789e028d2a46fc1c70750454f83c6bdd0d05db50f5ae83e2db500b34da5",
"sha256:60d9b630c8025b9458a9d114e3af579a2c54bd32df601c4581bd054e85258143",
"sha256:619ca56a5468f933d940e1bf431c6f4e13bef8e688698b067ae68eb4f9b30e3a",
"sha256:630d3d8ea77eabd6cbcd2ea712e1c5cecb5b558d39547ac988351195db433f6c",
"sha256:63981feca3f110ed132fd217bf7768ee8ed738a55549883628ee3da75bb9cb78",
"sha256:66420986c9afff67ef0c5d1e4cdc2d0e5262f53ad11e4f90e5e22448df485bf0",
"sha256:675269d407a257b8c00a6b58205b72eec8231656506c56fd429d924ca00bb350",
"sha256:6a4a535013aeeef13c5532f802708cecae8d66c282babb5cd916379b72110cf7",
"sha256:6a727fd083009bc83eb83d6950f0c32b3c94c8b80a9b667c87f4bd1274ca30ba",
"sha256:6e1daf5bf6c2be39654beae83ee6b9a12347cb5aced9a29eecf12a2d25fff664",
"sha256:6eea559077d29486c68218178ea946263b87f1c41ae7f996b1f30a983c476a5a",
"sha256:75a810b7664c17f24bf2ffd7f92416c00ec84b49bb68e6a0d93e542406336b56",
"sha256:772cc1b2cd963e7e17e6cc55fe0371fb9c704d63e44cacec7b9b7f523b78919e",
"sha256:78884d155fd15d9f64f5d6124b486f3d3f7fd7cd71a78e9670a0f6f6ca06fb2d",
"sha256:79e8d804c2ccd618417e96720ad5cd076a86fa3f8cb310ea386a3e6229bae7d1",
"sha256:7e80d375134ddb04231a53800503752093dbb65dad8dabacce2c84cccc78e964",
"sha256:8097b3422d020ff1c44effc40ae58e67d93e60d540a65649d2cdaf9466030791",
"sha256:8205ee14463248d3349131bb8099efe15cd3ce83b8ef3ace63c7e976998e7124",
"sha256:8212ff58ac6dfde49946bea57474a386cca3f7706fc72c25b772b9ca4af6b79e",
"sha256:823e74ab6fbaa028ec89615ff6acb409e90ff45580c45920d4dfdddb069f2120",
"sha256:84e0566f15cf4d769dade9b366b7b87c959be472c92dffb70462dd0844d7cbad",
"sha256:896c41007931217a343eff197c34513c154267636c8056fb409eafd494c3dcdc",
"sha256:8aa362811ccdc1f8dadcc916c6d47e554169ab79559319ae9fae7d7752d0d60c",
"sha256:8b3b397eefecec8e8e39fa65c630ef70a24b09141a6f9fc17b3c3a50bed6b50e",
"sha256:8ebc7e65ca4b111d928b669713865f021b7773350eeac4a31d3e70144297baba",
"sha256:9168764133fd919f8dcca2ead66de0105f4ef5659cbb4fa044f7014bed9a1797",
"sha256:921ae54f9ecba3b6325df425cf72c074cd469dea843fb5743a26ca7fb2ccb149",
"sha256:92558d37d872e808944c3c96d0423b8604879a3d1c86fdad508d7ed91ea547d5",
"sha256:951cc481c0c395c4a08639a469d53b7d4afa252529a085418b82a6b43c45c240",
"sha256:998c01b8e71cf051c28f5d6f1187abbdf5cf45fc0efce5da6c06447cba997034",
"sha256:9abc80fe8c1f87218db116016de575a7998ab1629078c90840e8d11ab423ee25",
"sha256:9be4f99bee42ac107870c61dfdb294d912bf81c3c6d45538aad7aecab468b6b7",
"sha256:9c39438c55983d48f4bb3487734d040e22dad200dab22c41e331cee145e7a50d",
"sha256:9d7e8ce990ae17dda686f7e82fd41a055c668e13ddcf058e7fb5e9da20b57793",
"sha256:9ea7f4174d2e4194289cb0c4e172d83e79a6404297ff95f2875cf9ac9bced8ba",
"sha256:a18fc371e900a21d7392517c6f60fe859e802547309e94313cd8181ad9db004d",
"sha256:a36b452abbf29f68527cf52e181fced56685731c86b52e852053e38d8b60bc8d",
"sha256:a5b66d1b201cc71bc3081bc2f1fc36b0c1f268b773e03bbc39066651b9e18391",
"sha256:a824d2c7a703ba6daaca848f9c3d5cb93af0505be505de70e7e66829affd676e",
"sha256:a88c0d17d039333a41d9bf4616bd062f0bd7aa0edeb6cafe00a2fc2a804e944f",
"sha256:aa6800adc8204ce898c8a424303969b7aa6a5e4ad2789c13f8648739830323b7",
"sha256:aad911555286884be1e427ef0dc0ba3929e6821cbeca2194b13dc415a462c7fd",
"sha256:afc6e35f344490faa8276b5f2f7cbf71f88bc2cda4328e00553bd451728c571f",
"sha256:b9a4df06c35465ef4d81799999bba810c68d29972bf1c31db61bfdb81dd9d5bb",
"sha256:bb2954155bb8f63bb19d56d80e5e5320b61d71084617ed89efedb861a684baea",
"sha256:bbc4362e06f950c62cad3d4abf1191021b2ffaf0b31ac230fbf0526453eee75e",
"sha256:c0145295ca415668420ad142ee42189f78d27af806fcf1f32a18e51d47dd2052",
"sha256:c30ff468163a48535ee7e9bf21bd14c7a81147c0e58a36c1078289a8ca7af0bd",
"sha256:c347a20d79cedc0a7bd51c4d4b7dbc613ca4e65a756b5c3e57ec84bd43505b47",
"sha256:c43583ea8517ed2e780a345dd9960896afc1327e8cf3ac8239c167530397440d",
"sha256:c61a2cb0085c8783906b2f8b1f16a7e65777823c7f4d0a6aaffe26dc0d358dd9",
"sha256:c9ca89938dff18828a328af41ffdf3902405a19f4131c88e22e776a8e228c5a8",
"sha256:cc31e13ce212e14a539d430428cd365e74f8b2d534f8bc22dd4c9c55b277b875",
"sha256:cdabcd3beb2a6dca7027007473d8ef1c3b053347c76f685f5f060a00327b8b65",
"sha256:cf86f72d705fc2ef776bb7dd9e5fbba79d7e1f3e258bf9377f8204ad0fc1c51e",
"sha256:d09dc82af2d3c17e7dd17120b202a79b578d79f2b5424bda209d9966efeed114",
"sha256:d3aa13bdf38630da298f2e0d77aca967b200b8cc1473ea05248f6c5e9c9bdb44",
"sha256:d69d003296df4840bd445a5d15fa5b6ff6ac40496f956a221c4d1f6f7b4bc4d9",
"sha256:d6e109a454412ab82979c5b1b3aee0604eca4bbf9a02693bb9df027af2bfa91a",
"sha256:d8551e733626afec514b5d15befabea0dd70a343a9f23322860c4f16a9430205",
"sha256:d8754d872a5dfc3c5bf9c0e059e8107451364a30d9fd50f1f1a85c4fb9481164",
"sha256:d8f9a6e7fd5434817526815f09ea27f2746c4a51ee11bb3439065f5fc754db58",
"sha256:dbcbb6db5582ea33ce46a5d20a5793134b5365110d84df4e30b9d37c6fd40ad3",
"sha256:e0f3ef95795efcd3b2ec3fe0a5bcfb5dadf5e3996ea2117427e524d4fbf309c6",
"sha256:e13ae74a8a3a0c2f22f450f773e35f893484fcfacb00bb4344a7e0f4f48e1f97",
"sha256:e274f62cbd274359eff63e5c7e7274c913e8e09620f6a57aae66744b3df046d6",
"sha256:e838bf2bb0b91ee67bf2b889a1a841e5ecac06dd7a2b1ef4e6151e2ce155c7ae",
"sha256:e8acd55bd5b071156bae57b555f5d33697998752673b9de554dd82f5b5352727",
"sha256:e8e5ab32cf9eb3647450bc74eb201b27c185d3857276162c101c0f8c6374e098",
"sha256:ebcb786b9ff30b994d5969213a8430cbb984cdd7ea9fd6df06663194bd3c450c",
"sha256:ebea2821cdb5f9fef44933617be76185b80150632736f3d76e54829ab4a3b4d1",
"sha256:ed0ef550042a8dbcd657dfb284a8ee00f0ba269d3f2286b0493b15a5694f9fe8",
"sha256:eda5c1e2a715a4cbbca2d6d304988460942551e4e5e3b7457b50943cd741626d",
"sha256:f5c0ed12926dec1dfe7d645333ea59cf93f4d07750986a586f511c0bc61fe103",
"sha256:f6016bd950be4dcd047b7475fdf55fb1e1f59fc7403f387be0e8123e4a576d30",
"sha256:f9e0057a509e096e47c87f753136c9b10d7a91842d8042c2ee6866899a717c0d",
"sha256:fc1c892b1ec1f8cbd5da8de287577b455e388d9c328ad592eabbdcb6fc93bee5",
"sha256:fc2c1e1b00f88317d9de6b2c2b39b012ebbfe35fe5e7bef980fd2a91f6100a07",
"sha256:fd822f019ccccd75c832deb7aa040bb02d70a92eb15a2f16c7987b7ad4ee8d83"
],
"markers": "python_version >= '3.9'",
"version": "==0.22.3"
"version": "==0.24.0"
},
"ruamel.yaml": {
"hashes": [
@ -652,11 +671,11 @@
},
"yamllint": {
"hashes": [
"sha256:2e16e504bb129ff515b37823b472750b36b6de07963bd74b307341ef5ad8bdc3",
"sha256:7a003809f88324fd2c877734f2d575ee7881dd9043360657cc8049c809eba6cd"
"sha256:c03ab4e79ab4af964c8eb16ac9746880fc76a3bb0ffb14925b9a55220ae7dda0",
"sha256:ead81921d4d87216b2528b7a055664708f9fb8267beb0c427cb706ac6ab93580"
],
"markers": "python_version >= '3.8'",
"version": "==1.35.1"
"markers": "python_version >= '3.9'",
"version": "==1.37.0"
},
"zipp": {
"hashes": [

View File

@ -4,7 +4,7 @@ Ansible playbook for base and initial configuration of the web server hosting my
## Assumptions
Before you can run this, a few things are assumed:
- You have a clean, minimal Ubuntu 20.04 or Debian 11/12 host up and running
- You have a clean, minimal Debian 12 host up and running
- Python 3 is installed on the remote server (requirement of Ansible)
- You have a user account with password-less SSH access to the machine
- You have sudo privileges on the remote host

View File

@ -8,4 +8,7 @@ webserver: nginx
extra_fail2ban_filters:
- nginx
# root prefix for all web servers
web_root_prefix: /var/www
# vim: set ts=2 sw=2:

View File

@ -1,138 +1,141 @@
$ANSIBLE_VAULT;1.1;AES256
30323862646334626231363530353238333165653862356463386233326433393265643132353262
3561386632316261383561323831343334363532643566380a333961383133383838343333323937
39303866616132383334663732393663386236393732386238376464373964373865653538353633
3863356261663430360a303131373063656136616166363065326563363462656634356666373661
61663734303833306231393766633338316634383339356436666465313966643635623732643432
34393633393736353261316232393761613931313537356166646634626137353863353930366130
63323662653933383537643861623035326166306235343937393764316635613339663132633039
66643163653739333665396263333332313863616136613132393462346136666163663039333963
61396562633964653063333338643531373264323739353738346639623433323162356633353538
38633964363466303433663731303261656166626432366231373464353138383465616539623665
35666462653864346334316163656232363166303630333238613161646131316338663336323134
31363139306432653030613661623133626533653261376366633030643734633635396335323332
66363433613165333761323335333964326431616631343035633062643731616366623532643261
61376562323863353636643439666133643662336132663938653532323965613163346233356438
30613639616265633131656436323830353031653265323836303561306561363236613262363532
61666631663632353162336536323930353637643031353764633438613436393838363533663565
61386631343965626464623934363865303364363532303937383762393831373265306664626362
32306365643664363537623065643031666333363564303531613662653734336438343933613361
61336163646565303339336235366361653665616233396364373565666536313034343661393766
65313137663832356166626438643638653138303166393633373565633065393639363631316364
33623764613431646335326338386130626132643233333165323635346638613133383434383134
66363362363835376336616365376336383138643538666365383831653366393632336264643536
30346332336163306563303964393463306436643261326232653739313731656537326362386233
34306433396262633266646562313361666263353831393230393832313135303331393032656564
66313832643539653865663332613166383334303430376530343962656331633537633131646535
31666137353461643363353834306662643735303466626366396164393139663739666430386139
32316566626264663236633336303437626136333535316231633430656663623661306266613566
39383730636262333439376634313137333331303332633164636533333537366664626165393730
65366636366464653064666436343334363762303032393233656638356432356664313235353038
65613730323938393763653735353732643363663637633234343465393264313865373536313031
63666263326339623662323464346231383535333736333338336562396361633439343964616234
33373837646262333639393164366336666662343362336330373532306638353464363931303961
62363730333739346562333333376164663235316262363666396631323430303835636434313036
30376333383036373639343461666436643632653030623264393163643433333162626439393861
66333037363738343932323666393061653236376338643762393933366430323036636438333962
38396432366566343038303533353936363934313866646665313764336433656361363137613233
37393737663465336638623439373262313366623638336239373961356262653735643935613238
32343331316630646366306132663337373162363937323535323737313035326233303332316134
61313838346636353437666630653030316563626134626433306364313765613832343434663335
33336139303265336461396632633835366538663462393536383361656566393737383961653131
65393833313737383439356464653638393566646238636539393963313031373435663839613736
37346434336630366632306230393565363662353263643833613338623064646265313464346435
34663935353662393734313830316665663432303734313037373963363231636335313130363039
66383230633538323663333632633334636430393830666638373839633830393865363234626161
62366564386234623731643930656531353238633237666438623961656661613736333231656165
33336263386466393064633664613437336631313961633362613864366637376132363131393536
37373632326237623531636330666237363736643339396132333464643162373636346232366132
38303833623537393136643131323938623038353030626136373265303762373036653765656462
33636334623361313136633964346431666261616364643435323131643562333438626133646139
38373633393732333761633463646561613634313363623235323330323233386265393639383261
64343465373666306537383431353834386238633134366131376465363231366265383432383338
33366635363964336663623235316635353961393166313333343432363962636465356639643130
38336363626666613763336639346534373634323661656366393163653630323131313564643530
66643235313364376133323832313838363537353738313430396466343535663632396237313862
35313030376632333034323765316435636331303635386631343534373634376135643664393134
34366162303432323038376261346231313632356630633937333635343635663964613362343232
65643533643565383762656636623064346165323231313663636363323365303037636635326134
34663737316335373166343266303633663565616234613530613430323238303830663538353663
65663261653633346637656564643937323864393664633830356437353631656233306461306436
34313765313266336536626630383332343063303738316238626137376435656630663331663839
39393364613735313033633664616562636530366630306530386432356431663537643864363364
38633237646564306231653334633032393464653637316139356339316666343436633337613733
63346465316365366138306562336666333939663335623837326430363736396638333631376535
30663735306134653064633133326264336638313161623034356165656435626135393739633339
66623536373632323461343435636539313737313831366433393335396634396539663362356165
39653330663163323330616165346438393435366362353336316537613036323639613439623361
63343837303861613733353132373632313330333133316638303064316362316233366439316661
33326131656539393964643939353161626566666632306133393531313630356262646136613135
65336238386432336439306366636463373766646263613463373464663762396331303461326432
65666263373639626635623562343538636434663936666330333638333362333138376230333433
30666638343766656462366432373632306335393239663337646233653438393362663737613566
39626239643134623035336634316463313935646262663139643963636335663833386266616465
35306133383438633134356164633935663439336364373633326336346431353330373137626233
65663063373839333234663032666263633261346562373561633731343665333364303164306232
35333434343861666465623834653630396663363435336533336435613037623266623262343265
36313937363334363365613435633962613764366531626632613735306336613930633134383632
34366435313862373333396136363764643761646635663064336430636363316234613133643261
36353136343438646437613064333631626435613465356332346265363030323331343766366363
66656137346261343131653565356333326336363731393838613536333133643863363033383433
36663539366238333166303132633939313638656536653230626565646238666433373836353035
35613638393366373763643266626139316561313561353039613464353962353031643533646238
38303735663536623230383237653766323935343338393965306237363466653933393536303861
63366564373461366163373934323063366135633266373364396130376230383136666234616533
64343032336663646535333265616361656135326238666166353266393833366162333235363432
33373836373338323934626161613536363162363862396563643864613035643231383936616231
32386339633436613231663765663366626236656261643033313237386135666138343561663566
38303163313565313462636363303337653061316335393038643161616539336235363736396435
34356530633739346661306662376236353336613932323331326164623432393231333863323362
64623264316161313938666635373235653139663561316462323238333534363332666431626239
32386630353832303830366331616462656432393362666633383233666439663730316532323765
61623832366161666166633334623462666531303865313065396638646434396231363739366338
33616433613866376265333564336266626337616233636265386438313362366439336633306434
66363063376166663039366334666238333932386434653631313336366564366636363964366538
35346362353138613961313936306438326632656566613966663138613233356364383837373235
32313439636136313130313136333865653336383866626231636630316365313838636330376263
32623931313431373137343463626432393834353462333661656564333238646334323761333663
34653037366639393363383866626363663838643132663266346335656431303237653832663161
39653633626139343130393735393539393864356336636163363231633332303232323165646466
31383831333963393866343937643635376135303835353730656436333432373266303830613661
35636134333561626133333335323131373031616636373439393337316338656331316564303039
37343265393030633931346131313730303463383165303933323038363062343030363637646261
64366661663064643761666539623632333036393631656634333062313535663864376361333639
39323136656461323163663161643863626336306334343230326236343539633462363533343863
63313331393838343934643734373937366537626138336439653364346630323530323264336233
61643637393166316633323139326535366337623666386631316532333735363664353730376462
34333538323236643063623661333537393837373761636562323661366432373137393732363034
37323237633563353162653330666162613232376363623238383463376461313662346261323934
36623163393330303037626566373239643164626634383162646562313533343836653461303238
62356363666439306438373766633335376362636533333063656335333539343963356631616131
39303362383532386339663938313534353635633438626437343166376662343731316539316334
31666133623638376163396161623636373363303436353064336136366634613437396232643836
35303939316135646361393136366430626435613830656264393832316566303563366163313038
30613636343062393938373765313063363437383238346132396261376135366531336561303836
66303034646266383332316161613635366338313835363764376564323530376466633263396161
32373061303062393564636264616234383336373839616330306531363638356362666664306137
30393737653061643932346561306239303335646533353432383734626566333331363763313934
30646465363332306439383635376635343831336435313663343066313963616532366632363832
64663662363236333035313865393638623534646336326433323034356637643965336430316337
64383566333663346334373461356138663066623864643430346538343964653838383066313039
39336164333139646264363366303362353135623633616134636633383865623336386163336230
37306136663032313430323765393631613036383634383735343837353735333931353666623862
63306336383137353165343031313361613932323065623930626161373062303864333931623361
33366330306264636163373236636338353139363438353466326430373635616332336365346562
65356163366266663636623935343330366161353562633234303661633663343361643764313264
38666265316138613761353732386230353661643834646364326139373063646362366465333236
33643765663730646332616463383931363738656636313932666163623733343363393736646562
63393134613465396134333836656333383763353031383633636336656164316533343735663664
34363465353832386632323036643935366662636631616261336637336361663864313432363564
66656633353061613137393861663930366532343730353230626530656430346562383964393964
63636166396337346636666630363537363332313663346135386138616135356135613131393130
39383036646563386562326461333037643162396537396637336537623035613734336539326137
66336130633732383439346262313732336139376633383266633834663130373138363064316564
33393831333736653236356537623134396532336463336232393463396361363439323731393266
38643539376531343266336330366263656266393337333139363761623163316238643466356339
32333837346166333332633738376563303132626130376361383530363165613266373039336332
63376137343966333264336135333636643231643464633836636433363831393066373466643338
6335
64313136396662396631396561646634386134313337316166376264346466386533383934393130
6339663736653462613737323932396664643132383036370a343032653931343063326337626336
38383332346637633636663865333031636166643161323335363663653033646234656332333462
3833643037313134320a613332303261356363363138636138323661633233353365623665663632
30616166383161663534666337303632663532343866366261393935373935666536616530373862
66653836393966346463393061646431336666316537613364643939663938303135386463616661
31633330663364353663646338386338323039646530373165386663646235303963623837646533
30316236313736303837353536633161326564643566643533363431303130376338383034623365
34303861356264333463613739373635616363366362333738383838326162313238313966313765
35356637623833663437373765333237323961383133336161363439316632363634623734373962
32326466303536363164666532313264343661336364396562383630653865316132366538313066
65666661343632383434346639353462623735373933303263613938363635353666656139663832
66333638636136393166636332623934613938656336663431323032333339336165366664636334
65363166616462303939383838363363623530313539386635313664333136643035623262663333
35643335346639623363323535633735613965333133323639383339323166366635303536376265
35613939376135393165653466366462656162353632393139376666666334386166366162643438
31313033353661313031303961313032613539396561303734356533373234633233613465306431
31303332643931333037343164643162663738393466346639306632306534613065376138323564
31326462666336633938396230666231356439343630336132313064363636333563373637313666
32303230616235653733323032343238303230396232623364643765613764336137646630363462
64343239343530636333663764643338623630366163636232353734616333306339626136313338
35616632326436663734376263366437356236343339663430323632646136373066373961666135
38313838316266313830626234366262383037646661386537663534633263633239306461346535
32643032316266373931346232356162336437623137623365616132643731666361313637316536
39656332383466346236633461366437386538373734646337393666346562323139663734326436
65623633363266323563666437633666326363626561313133633031623632633333346332623334
31396365333336313939633161613639383963633136616562333236636666306139663430363265
63353261306332346439313534393363626638633531633532363365663265353331336231316238
37323439383930346136383036303833316565306139613235333633373832313130316534666435
30323262623037623939336265303866356532653064303436653131633162616630326362616430
33343538353139326663653735343436623834653264376264363761313835376433653531623266
34386266613733653634363135616335303138303062316664623666643263323939643939303133
32393564323833666132626664646436333733396565623164646363343065343464363465383330
33636562613734303665343366656630303732323739363339306337316266356635323262643031
63393261363764613638666231663837373263353137643265336134646364343130353237336463
62306363373339363235343034393230623035373366656531666663323936323366643938646135
62643135383734663766353230356463373337613936633037396538643365393738363234313166
62303038326236656332663939333364633132386266383665363632386235643731616631313431
37613566616463613662633734316461386261646464636539353439373431323133663435333763
63333230663431323136373564613239386531356463646366313537303861616234626561663133
32643134666337633938633530323034653131663663643732623636633834323064633832396339
35613738366666653765333434616336383635323765626561376232363062373761383665313735
30643165633930656566633339383439353931303836333537343634353434653433333933386338
64393566616166353731313261386239646531316563623363646537653964366631663266353366
65666638393337663633366132663933376135396334303461653232353765626365303464626338
30653334393439373632393662653032633264363238626431326136653561636164646237373033
32646464616137366163313634623864656666346336383037373562633333633432313439323631
34646132643834323261316166303531666238333964396165313936393937366533396436633832
34663538613139623063346666306165306530646363353732353431343831303161343535623539
38663537323132653034393335623232623530343432336531643538356430636262313132356430
33363062333931306633643733313239373934313635336465643139616266613237353166626334
35643138633561393531313835623665303531313437323664616561633764316332393435373065
38633766623633666362633336326466343938623461393736666137313965386133396433303236
34366339326637323934323236346239373565623565313433376433303061353763383732663239
65313636646539623037653761316662303565636262376262333332316136623737613338303036
37623837313636333464626664323163633136343762306462323339646535636237326138613132
33613761646237396265616135346639636566316633646165616332656333383233343836316163
36313736343263343534656533646463343933333031666433393635623461633639356430303434
34663033333933333439386532623664316364343066646232353335643536353733326165623231
66306661343939616235313238353761643034623062326632393161336462333365636536343934
63343866666237636563363561366339623161643362326632333532613562336238653562346231
33623337386233636331326232393465346362336439303336303638643430623864323434633333
63623036623764646234636433383364333763613866626230316533643535356662306136346664
36353734663866306336303439623537336266383131303365383439356462306237363030306432
38623738643434396138373837386334616435383662363032663930363038666536653334613261
36623730666333393564346539653533656434346439346632643730356665313865396463343737
31326633646661666461396365643061333361643638363835343235646231633637616464343265
36646439383737336531303236666136313063653563653433306563643362353536663863653266
38613461363432333666343264333461396461653231646133383861363763353763626334373635
35313431346465336636363531363766633234653066376366636263306238393361343936663066
61653739303230316232626335383865636235363638663463396435623737616661346666613037
32666436333937356530326566626237303065363834313837383837306432383833643632376564
39623937653631656562306565376232333463626563336630633331663764346138323466303433
38303965386635386565653035666631616239306231616530363965306134633034623936396135
32366430333763333039613734343563663065636538616139646239303533336437616162366532
38343137366563333866343537393532353835386230623536663966643730663031636639313232
33636133303432343531626539633862646466653864393737363333366238666536303663343837
39363330383432353465633132346165333564646262383736366664303239366365643533353738
65656163313966306464633237383530316338666665666236656164636433653735353739393363
30633462393933646436356365323864383239633963306366356534333036663438643438303365
37366638383066653965383764323436336230363336303233303433656563656563343630613935
64373965366662323137353631323233643463366338393639663833633635313531616539366333
30656663666561353938393761353266386533383361326439383338363762633538396638386630
31383131316137346234336462333032366337393438343237613231323164306132373136323233
38643133356166303661363761646430363734373130363334376535356565386638366630306362
63626539336134356539366166616331626361356335616665336564636638316137316230643961
65623465336232326533616538653561646263626536333738346531366661336134366362386239
39643665663566376264356332653062313536353635656231656566386333636330353765373664
34616338623161333232653832386436343361636461653338363932633337623537303261396334
30386663613335303438376234333138363432633234646133646466323930656330623161373530
36383261373139663932623933626164313765613930323035326334373231303033616665346337
32353235663465336433666539333032376365373266363436353063366139616232373037383664
31323062383063373932623030356461353039326363336165326138353335326436363165393639
33643830353734616164653833613830333066626161636130323861643866386234383136313336
37333337363462313831633437636633383137303736303264393236333633383933303939383533
38626138396537663463633961303766663636353737336365393638383832303735323266646337
62643665353431326465386162633737613935353261633963616531306233613966643862316166
38316164383433333263363630386462313639336464653061373239633235346633613237646563
62383836393063613365653635663136356538623962623961326434646635633464313932626333
36383666653264366236396638626265356338653630303930383861386534393732633437363663
38623739313131643038396335326437323231636661346164353433303235356432306532353066
63373662313366376363653039316361366266616466663663313732303962336339616235366432
32643832366231396132333236313962313932343230333832616664356333646533323732656466
34393862393434383362303531653638303366323530656661623236336630383064663135373862
61313761643038333035376535633964303564616532646139393964353165353763626235303662
65633465626365393033376437633134333532656262366462323365653466616462316664323837
64346533366238656637366665303339666433623261623635383631303862616438353166353866
66346366316562316230306233323937313364656537393063306537353237353737626164663365
38636331363138326336646434653238636463633138343134373937373835373232356363663366
37386633353439656162613736303932633333313131653364616364343761363335343430396432
39636630343066616633376237643062616666666135363232376632666132396333363334623036
63323531626632383062353162346536663233656132383734643761396264623165663738616564
61316234386135656538363861363531373232303163643364366136616130643737346438353334
63653234376562663937663135363763656236346663363738313836383466656162643131636138
63383430653030383232333830656333373765333639303265643938323833613262643863643835
66326466313730323666643939623539326639663838663737326665326164366262323731623037
33383631616530383238626431333033366134383839613761656264366331663539363131396361
64316333373134636163666634656561306130616337383030653063626161303930653730623130
33653730656332616135663631653336386166363866303932643163353963396466646662626439
39653562613461353633313533356336393334643066626137306164643530343331666430636330
63613763336663613639343036363332626232346530366633646536396338613164666163663235
37333334313436326233653866316438626366633632653336393633333931353961353132376639
66343362646630376537356638396263623262363138323630363834386162656236313365393766
39616135303337303166313663383635636165373333313463623731346561356430326164663164
30333839386564616133393630396538633032616332646639616161643739626437306532356136
34383432626136336261666166633739313663333664663035333533626334623132373037663239
38393638323833643730353432656365396161353161613733653562303731616462623436643832
35376133653665333432303132383966333362313262393931373264616664643438346566333764
34303439633538376439646435646631336361316436306330653838363665366461333366656239
33303038643139643431613764333864306134666166376164623038333330613933333766643830
30653637666533363234626465353734303538623233623532393936303566306434346537343932
39393863373635626530326139376339653764623265636530323330376633363265636439353738
32353634316162656461353666666338633233393039343935613539623766363237656161383364
61356165313637343134363932333136643464353436323333653939613666653164303363656637
32386561326461353665633339373038616464633430303763666234313032653735373832393539
33333334663336346139373064633364353530366166636465343734633465623065666563383539
30316166356239316530633239313765623438306234666235616464313765356165363435303336
39633532393965646539356439396132616637383430653762616562323065343233383034363130
32623331343035306165313637356131633963353035313838363439343133636631626532613366
33323364616262303962

View File

@ -2,7 +2,7 @@
# file: roles/caddy/defaults/main.yml
# parent directory of vhost document roots
caddy_root_prefix: /var/www
caddy_root_prefix: "{{ web_root_prefix }}"
# Email address to use for the ACME account managing the site's certificates.
# Not sure what Caddy does if this doesn't exist.

View File

@ -71,6 +71,7 @@
mode: "0755"
owner: root
group: root
tags: caddy
# TODO: the variable is still named nginx_vhosts
- name: Configure Caddy virtual hosts

View File

@ -8,6 +8,12 @@
{% set needs_php = item.needs_php | default(false) %}
{% set has_gitea = item.has_gitea | default(false) %}
{% set static_site = item.static_site | default(false) %}
{# Allow sites to override the document root #}
{% if item.document_root is defined %}
{% set document_root = item.document_root %}
{% else %}
{% set document_root = (caddy_root_prefix, domain_name) | ansible.builtin.path_join %}
{% endif %}
{% if domain_aliases %}
{# domain_aliases is a string, so we split on space #}
@ -21,15 +27,20 @@
{{ domain_name }} {
{% if has_gitea %}
reverse_proxy :3000
{% endif %}
{% elif static_site -%}
root * {{ document_root }}
{% if static_site -%}
root * {{ item.document_root }}
encode zstd gzip
encode
file_server
{% endif %}
{% elif has_wordpress -%}
root * {{ document_root }}
encode
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') -%}
php_fastcgi unix//run/php/php8.2-fpm-{{ domain_name }}.sock
{% endif -%}
file_server
{% endif -%}
import security-headers
}

View File

@ -1,2 +0,0 @@
autoclean -y
upgrade -y -o APT::Get::Show-Upgraded=true

View File

@ -1,5 +0,0 @@
# Configuration for cron-apt. For further information about the possible
# configuration settings see the README file.
MAILON="never"
OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list -o Dir::Etc::SourceParts=\"/dev/null\""

View File

@ -1,11 +1,17 @@
---
- name: Configure cron-apt (config)
ansible.builtin.copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }} owner={{ item.owner }} group={{ item.group }}
loop:
- { src: etc/cron-apt/config, dest: /etc/cron-apt/config, mode: "0644", owner: root, group: root }
- { src: etc/cron-apt/3-download, dest: /etc/cron-apt/action.d/3-download, mode: "0644", owner: root, group: root }
- name: Remove cron-apt
ansible.builtin.apt:
name: cron-apt
state: absent
cache_valid_time: 3600
- name: Configure cron-apt (security)
ansible.builtin.template: src=security.sources.list.j2 dest=/etc/apt/security.sources.list mode=0644 owner=root group=root
- name: Remove cron-apt configs
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- /etc/cron-apt/config
- /etc/cron-apt/action.d/3-download
- /etc/apt/security.sources.list
# vim: set ts=2 sw=2:

View File

@ -1,19 +1,6 @@
---
- name: Configure Debian packages
block:
# Create directory for third-party package signing keys. Required on distros
# older than Debian 12 / Ubuntu 22.04.
#
# See: https://wiki.debian.org/DebianRepository/UseThirdParty
- name: Create /etc/apt/keyrings
file:
path: /etc/apt/keyrings
mode: "0755"
owner: root
group: root
state: directory
when: ansible_distribution_major_version is version('12', '<')
# Scaleway seems to use a weird sources.list format as of Debian 12?
- name: Check for weird Debian sources
ansible.builtin.stat:
@ -35,7 +22,6 @@
- iotop
- htop
- strace
- cron-apt
- safe-rm
- debian-goodies
- mosh
@ -47,11 +33,12 @@
- zstd
- rsync
- lsof
- unattended-upgrades
- name: Install base packages
ansible.builtin.apt: name={{ base_packages }} state=present cache_valid_time=3600
- name: Configure cron-apt
- name: Remove cron-apt
ansible.builtin.import_tasks: cron-apt.yml
tags: cron-apt

View File

@ -1,19 +1,6 @@
---
- name: Configure Ubuntu packages
block:
# Create directory for third-party package signing keys. Required on distros
# older than Debian 12 / Ubuntu 22.04.
#
# See: https://wiki.debian.org/DebianRepository/UseThirdParty
- name: Create /etc/apt/keyrings
file:
path: /etc/apt/keyrings
mode: "0755"
owner: root
group: root
state: directory
when: ansible_distribution_major_version is version('22.04', '<')
- name: Configure apt mirror
ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
when: ansible_architecture != 'armv7l'
@ -45,38 +32,6 @@
- name: Install base packages
ansible.builtin.apt: pkg={{ ubuntu_base_packages }} state=present cache_valid_time=3600
# We have to remove snaps one by one in a specific order because some depend
# on others. Only after that can we remove the corresponding system packages.
- name: Remove lxd snap
community.general.snap: name=lxd state=absent
when: ansible_distribution_version is version('20.04', '==')
ignore_errors: true
- name: Remove core18 snap
community.general.snap: name=core18 state=absent
when: ansible_distribution_version is version('20.04', '==')
ignore_errors: true
- name: Remove snapd snap
community.general.snap: name=snapd state=absent
when: ansible_distribution_version is version('20.04', '==')
ignore_errors: true
- name: Set fact for packages to remove (Ubuntu 20.04)
ansible.builtin.set_fact:
ubuntu_annoying_packages:
- whoopsie # security (CIS 4.1)
- apport # security (CIS 4.1)
- command-not-found # annoying
- command-not-found-data # annoying
- python3-commandnotfound # annoying
- snapd # annoying (Ubuntu >= 16.04)
- lxd-agent-loader # annoying (Ubuntu 20.04)
when: ansible_distribution_version is version('20.04', '==')
- name: Remove packages
ansible.builtin.apt: name={{ ubuntu_annoying_packages }} state=absent purge=true
- name: Disable annoying Canonical spam in MOTD
ansible.builtin.file: path={{ item }} mode=0644 state=absent
loop:

View File

@ -1,5 +0,0 @@
{% if ansible_distribution == 'Ubuntu' %}
deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted universe multiverse
{% elif ansible_distribution == 'Debian' %}
deb http://security.debian.org/debian-security {{ ansible_distribution_release }}/updates main contrib non-free
{% endif %}

View File

@ -28,11 +28,14 @@ if [[ -f "firehol_level1.netset" ]]; then
firehol_level1_ipv4_list_temp=$(mktemp)
firehol_level1_ipv4_set_temp=$(mktemp)
# Filter blank lines and comments
# Filter blank lines, comments, and bogons we use inside the LAN, DMZ, and
# for local services like systemd-resolved and others on localhost. Ideally
# these are blocked already at the WAN side by network administrators.
cat firehol_level1.netset \
| sed \
-e '/^$/d' \
-e '/^#.*/d' \
-e '/^127\.0\.0\.0\/8/d' \
> "$firehol_level1_ipv4_list_temp"
echo "Building firehol_level1-ipv4 set"
@ -56,12 +59,7 @@ NFT_HEAD
fi
echo "Reloading nftables"
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '<=') %}
{% set systemctl_bin = '/bin/systemctl' %}
{% else %}
{% set systemctl_bin = '/usr/bin/systemctl' %}
{% endif -%}
{{ systemctl_bin }} reload nftables.service
/usr/bin/systemctl reload nftables.service
rm -v firehol_level1.netset

View File

@ -5,16 +5,16 @@
nginx_confd_path: /etc/nginx/conf.d
# parent directory of vhost roots
nginx_root_prefix: /var/www
nginx_root_prefix: "{{ web_root_prefix }}"
# 1 hour timeout
nginx_ssl_session_timeout: 1h
# 1 day timeout
nginx_ssl_session_timeout: 1d
# 10MB -> 40,000 sessions
nginx_ssl_session_cache: shared:SSL:10m
# 1400 bytes to fit in one MTU (default is 16k!)
nginx_ssl_buffer_size: 1400
nginx_ssl_buffer_size: 4k
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
nginx_ssl_protocols: TLSv1.2 TLSv1.3
nginx_ssl_ecdh_curve: X25519:prime256v1:secp384r1
# DNS resolvers for OCSP stapling (default to Cloudflare public DNS)
# See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
@ -37,8 +37,8 @@ letsencrypt_root: /etc/ssl
letsencrypt_acme_script_temp: /root/acme.sh
letsencrypt_acme_home: /root/.acme.sh
# stable is 1.20.x
# mainline is 1.21.x
# stable is 1.26.x
# mainline is 1.27.x
nginx_version: mainline
# vim: set ts=2 sw=2:

View File

@ -11,9 +11,11 @@ server {
return 444;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
http2 on;
server_name _;
# self-signed "snakeoil" certificate

View File

@ -27,8 +27,9 @@
ssl_dhparam {{ nginx_ssl_dhparam }};
ssl_protocols {{ nginx_ssl_protocols }};
ssl_ecdh_curve {{ nginx_ssl_ecdh_curve }};
ssl_ciphers "{{ tls_cipher_suite }}";
ssl_prefer_server_ciphers on;
ssl_prefer_server_ciphers off;
{# OSCP stapling only works with real certs #}
{% if use_letsencrypt == true or item.tls_certificate_path %}
@ -38,15 +39,6 @@
resolver {{ nginx_ssl_stapling_resolver }};
{% endif %} {# end: use_letsencrypt #}
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous
# sessions. The fix for this is to setup a manual rotation mechanism:
# http://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
#
# Note that you'll have to define and rotate the keys securely by yourself. In absence
# of such infrastructure, consider turning off session tickets:
ssl_session_tickets off;
{% if enable_hsts == true %}
# Enable this if you want HSTS (recommended, but be careful)
# Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store

View File

@ -8,6 +8,12 @@
{% set has_wordpress = item.has_wordpress | default(false) %}
{% set needs_php = item.needs_php | default(false) %}
{% set has_gitea = item.has_gitea | default(false) %}
{# Allow sites to override the document root #}
{% if item.document_root is defined %}
{% set document_root = item.document_root %}
{% else %}
{% set document_root = (nginx_root_prefix, domain_name) | ansible.builtin.path_join %}
{% endif %}
# http -> https vhost
server {
@ -26,15 +32,11 @@ server {
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
{# Allow sites to override the nginx document root #}
{% if item.document_root is defined %}
root {{ item.document_root }};
{% else %}
root {{ nginx_root_prefix }}/{{ domain_name }};
{% endif %}
root {{ document_root }};
{# will only work if the TLS cert covers the domain + aliases, like example.com and www.example.com #}
server_name {{ domain_name }} {{ domain_aliases }};
@ -77,10 +79,6 @@ server {
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') %}
fastcgi_pass unix:/run/php/php8.2-fpm-{{ domain_name }}.sock;
{% elif (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')) or (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11', '==')) %}
fastcgi_pass unix:/run/php/php7.4-fpm-{{ domain_name }}.sock;
{% else %}
fastcgi_pass unix:/var/run/php5-fpm-{{ domain_name }}.sock;
{% endif %}
fastcgi_index index.php;
# set script path relative to document root in server block

View File

@ -1,8 +1,4 @@
---
# For Ubuntu 20.04 and Debian 11
- name: reload php7.4-fpm
ansible.builtin.systemd: name=php7.4-fpm state=reloaded
# For Debian 12
- name: reload php8.2-fpm
ansible.builtin.systemd:

View File

@ -1,35 +0,0 @@
---
- block:
- name: Set php-fpm packages
ansible.builtin.set_fact:
php_fpm_packages:
- php7.4-fpm
# for WordPress
- php7.4-mysql
- php7.4-gd
- php7.4-curl
- php7.4-xml
- name: Install php-fpm and deps
ansible.builtin.apt: name={{ php_fpm_packages }} state=present update_cache=true
# only copy php-fpm config for vhosts that need WordPress or PHP
- name: Copy php-fpm pool config
ansible.builtin.template: src=php7.4-pool.conf.j2 dest=/etc/php/7.4/fpm/pool.d/{{ item.domain_name }}.conf owner=root group=root mode=0644
loop: "{{ nginx_vhosts }}"
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
notify: reload php7.4-fpm
- name: Remove default www pool
ansible.builtin.file: path=/etc/php/7.4/fpm/pool.d/www.conf state=absent
notify: reload php7.4-fpm
# re-configure php.ini
- name: Update php.ini
ansible.builtin.template: src=php7.4-php.ini.j2 dest=/etc/php/7.4/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.4-fpm
tags: php-fpm
when: install_php
# vim: set ts=2 sw=2:

View File

@ -1,6 +1,4 @@
---
# Ubuntu 20.04 uses PHP 7.4
# Debian 11 uses PHP 7.4
# Debian 12 uses PHP 8.2
# If any of the vhosts on this host need WordPress then we need to install PHP.
@ -26,22 +24,6 @@
install_php: false
when: install_php is not defined
- name: Configure php-fpm on Ubuntu 20.04
ansible.builtin.include_tasks: Ubuntu_20.04.yml
when:
- ansible_distribution == 'Ubuntu'
- ansible_distribution_version is version('20.04', '==')
- install_php
tags: php-fpm
- name: Configure php-fpm on Debian 11
ansible.builtin.include_tasks: Ubuntu_20.04.yml
when:
- ansible_distribution == 'Debian'
- ansible_distribution_major_version is version('11', '==')
- install_php
tags: php-fpm
- name: Configure php-fpm on Debian 12
ansible.builtin.include_tasks: Debian_12.yml
when:

File diff suppressed because it is too large Load Diff

View File

@ -1,436 +0,0 @@
{% set domain_name = item.domain_name %}
; Start a new pool named '{{ domain_name }}'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('{{ domain_name }}' here)
[{{ domain_name }}]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = nginx
group = nginx
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php/php7.4-fpm-{{ domain_name }}.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = nginx
listen.group = nginx
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/7.4/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

View File

@ -27,8 +27,8 @@
; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used.
user = nginx
group = nginx
user = {{ webserver }}
group = {{ webserver }}
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
@ -52,8 +52,8 @@ listen = /run/php/php8.2-fpm-{{ domain_name }}.sock
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660.
listen.owner = nginx
listen.group = nginx
listen.owner = {{ webserver }}
listen.group = {{ webserver }}
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using