alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Compare commits

base: alanorth:bb14f05d2ac7084a895d167b827e2f761b64d726
Branches Tags
alanorth:master alanorth:alpine
..
compare: alanorth:master
Branches Tags
alanorth:master alanorth:alpine

26 Commits
bb14f05d2a ... master

Author SHA1 Message Date
Alan Orth
00558c7dea roles/common: re-work fail2ban and nftables 
Re-work the fail2ban and nftables interaction. Use systemd's PartOf
to indicate that fail2ban is part of the nftables service, which
tells systemd to propogate stop/start signals to it. Then we tell
the firehol update script to restart nftables instead of reload.
The different between restart and reload is meaningless for nftables
but we want systemd to propagate the stop/start signals to fail2ban.
 2025-07-08 10:39:17 +03:00
Alan Orth
c927186837 roles/common: adjust update-firehol-nftables.service 
This service does not actually depend on nftables, at least not in
the systemd sense of dependency. Furthermore, this hard dependency
was causing the service to fail when it restarts nftables at the
end, which causes systemd to start it again and again until it hits
a restarting too quickly error.
 2025-07-08 10:37:39 +03:00
Alan Orth
690774c862 host_vars/web22: WordPress 6.8.1 2025-07-08 10:34:34 +03:00
Alan Orth
cc021bd14a Pipfile.lock: run pipenv update 2025-07-08 10:25:09 +03:00
Alan Orth
73fd06fe3a roles/common: remove cron-apt 
Use unattended-upgrades instead. It has sane defaults on Debian at
least (I haven't checked Ubuntu).
 2025-04-07 09:51:09 +03:00
Alan Orth
88cb3a370e Remove logic for Ubuntu 20.04 and Debian 11 2025-03-29 23:09:44 +03:00
Alan Orth
027a43ddbe roles/caddy: use default for encode 2025-03-29 22:49:30 +03:00
Alan Orth
bb30c3be20 host_vars/web22: update vhosts 2025-03-29 22:48:19 +03:00
Alan Orth
d8d9790d21 roles/nginx: enable nginx ssl_session_tickets 
This has apparently been supported since nginx 1.23.2 and is safe
to use the default (on) now.

See: https://github.com/mozilla/server-side-tls/issues/284
 2025-03-29 22:35:56 +03:00
Alan Orth
9a500ebc0d roles/nginx: disable nginx ssl_prefer_server_ciphers 
This is apparently the default and recommended by Mozilla's server-
side SSL configurator also recommends. This lets the client choose
the ciphers best for them (and the ciphers in TLS 1.2 and 1.3 are
not currently known to be dangerous).
 2025-03-29 22:34:41 +03:00
Alan Orth
4bae942585 roles/nginx: add nginx ssl_ecdh_curve 
This seems to be new since I last looked at the Mozilla server-side
SSL configurator.
 2025-03-29 22:34:37 +03:00
Alan Orth
99866c0c90 roles/nginx: use one day for nginx ssl_session_timeout 
This is a new default since I last looked at the Mozilla server-side
SSL configurator.
 2025-03-29 22:34:32 +03:00
Alan Orth
0afb8a4493 roles/nginx: update nginx ssl_buffer_size 
The old default has not been changed in eight years and I see that
there have been some discussions over the years about this. I will
change this from the slightly extreme 1400 bytes to 4k (nginx def-
ault is still 16k so this is more "optimal" for HTML/CSS content).

See: https://github.com/igrigorik/istlsfastyet.com/issues/63
 2025-03-29 22:34:27 +03:00
Alan Orth
506695da31 roles/nginx/defaults: update version comments 2025-03-29 22:24:49 +03:00
Alan Orth
f67ed7762c roles/nginx: fix http2 syntax 2025-03-29 22:20:49 +03:00
Alan Orth
014f4d9502 roles/nginx: add newline 2025-03-29 22:19:41 +03:00
Alan Orth
22c16e1ed3 roles/caddy/templates: closer to supporting WordPress 
I still wouldn't want to deploy WordPress on Caddy until it's more
obvious and standard to block paths that shouldn't be accessible.
It seems that this is still left as an exercise to the site admin.

This discussion has some tips, but it is four years old and hasn't
changed since I last looked.

See: https://caddy.community/t/using-caddy-to-harden-wordpress/13575
 2025-03-29 22:09:37 +03:00
Alan Orth
5aa6a33e51 roles/php-fpm: set user and group based on webserver 
We use either caddy or nginx, which are conveniently named the same
as the Unix user and group.
 2025-03-29 21:01:56 +03:00
Alan Orth
7f9b06af9c roles/nginx: smarter setting of document root 2025-03-29 19:34:53 +03:00
Alan Orth
84db337fea roles/caddy: smarter setting of document root 2025-03-29 19:33:02 +03:00
Alan Orth
7b23f5f94f roles/caddy: add missing tag 2025-03-29 19:16:03 +03:00
Alan Orth
9830338be3 Use one default root prefix for nginx and caddy 2025-03-29 19:15:56 +03:00
Alan Orth
e3eed26765 roles/caddy: update vhost template 2025-03-29 18:37:28 +03:00
Alan Orth
8b31c7e148 host_vars/web22: WordPress 6.7.2 2025-03-29 16:10:23 +03:00
Alan Orth
3ff8043aaf Pipfile.lock: run pipenv update 2025-03-29 15:30:08 +03:00
Alan Orth
cb79f7ef70 roles/common: minor change to firehol update script 
They include bogons like 127.0.0.1 that should not be routed on the
public Internet, but this blocks local applications we proxy to.
 2025-01-28 09:14:48 +03:00
26 changed files with 536 additions and 3017 deletions
Expand all files Collapse all files

623
Pipfile.lock generated
View File

@ -18,81 +18,81 @@
"default": { "default": {
"ansible": { "ansible": {
"hashes": [ "hashes": [
"sha256:bbaf7073993f019fc0293fc8b76c7b215081831957c28eb020f12c270a16e8f0", "sha256:caa56fc92e5bea012abf37f08aa348da27d2fcaf94bf398e24cadcb618a4dc3b",
"sha256:d01b425990d960d2a33fc378e1b73dbca1c0e28bc22f4056ab6b3c8e9ae74fba" "sha256:f9df37c71d407f65bcb9c5c06c9918e297d9ea74b5cdaf5926c4c9aa9e44db5f"
], ],
"index": "pypi", "index": "pypi",
"markers": "python_version >= '3.11'", "markers": "python_version >= '3.11'",
"version": "==11.1.0" "version": "==11.7.0"
}, },
"ansible-compat": { "ansible-compat": {
"hashes": [ "hashes": [
"sha256:d8befd5c632c5ea0486f0537dea0fd0bb3340aabcc079025a373689150890b57", "sha256:c2b4bfeca6383b2047b2e1dea473cec4f1f9f2dd59beef71d6c47f632eaf97c9",
"sha256:e6d696b0ffe098af2fae7c5b2085fe8fd92c9ed8cb938fe77c8c87af0f2da056" "sha256:cced722001bd7b617d418e54017e308c8b27ef3815f377843c00e020fa07165e"
], ],
"markers": "python_version >= '3.10'", "markers": "python_version >= '3.10'",
"version": "==25.1.0" "version": "==25.6.0"
}, },
"ansible-core": { "ansible-core": {
"hashes": [ "hashes": [
"sha256:14cac1f92bbdae881cb0616eddeb17925e8cb507e486087975e724533d9de74f", "sha256:12a34749a7b20f0f1536bd3e3b2e137341867e4642e351273e96647161f595c0",
"sha256:4a312e416e09c7271188d6b8e2b1062fc6834fefd6a1814d0e02fb8aadb3e1ba" "sha256:25bb20ce1516a1b7307831b263cef684043b3720711466bd9d4164e5fd576557"
], ],
"markers": "python_version >= '3.11'", "markers": "python_version >= '3.11'",
"version": "==2.18.1" "version": "==2.18.6"
}, },
"ansible-lint": { "ansible-lint": {
"hashes": [ "hashes": [
"sha256:9553b2aee124999b2005140bf27619793910454fcf2381e25ceb5b21f7384eed", "sha256:69fe294a3cc30d8819b5a30625a7e25225f48558cadb83ad3d4dec597c1b8c2c",
"sha256:e4d657578a8354832a84a1d5a2b9225a78b9c5fefa8880506b7fa0347d6b5f7e" "sha256:6a1dd2b7a9f3f202c9e92a6c80296ff33ca863348c3acf978f80fb0d4536dce4"
], ],
"index": "pypi", "index": "pypi",
"markers": "python_version >= '3.10'", "markers": "python_version >= '3.10'",
"version": "==25.1.0" "version": "==25.6.1"
}, },
"attrs": { "attrs": {
"hashes": [ "hashes": [
"sha256:1c97078a80c814273a76b2a298a932eb681c87415c11dee0a6921de7f1b02c3e", "sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3",
"sha256:c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a" "sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b"
], ],
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.8'",
"version": "==25.1.0" "version": "==25.3.0"
}, },
"black": { "black": {
"hashes": [ "hashes": [
"sha256:14b3502784f09ce2443830e3133dacf2c0110d45191ed470ecb04d0f5f6fcb0f", "sha256:030b9759066a4ee5e5aca28c3c77f9c64789cdd4de8ac1df642c40b708be6171",
"sha256:17374989640fbca88b6a448129cd1745c5eb8d9547b464f281b251dd00155ccd", "sha256:055e59b198df7ac0b7efca5ad7ff2516bca343276c466be72eb04a3bcc1f82d7",
"sha256:1c536fcf674217e87b8cc3657b81809d3c085d7bf3ef262ead700da345bfa6ea", "sha256:0e519ecf93120f34243e6b0054db49c00a35f84f195d5bce7e9f5cfc578fc2da",
"sha256:1cbacacb19e922a1d75ef2b6ccaefcd6e93a2c05ede32f06a21386a04cedb981", "sha256:172b1dbff09f86ce6f4eb8edf9dede08b1fce58ba194c87d7a4f1a5aa2f5b3c2",
"sha256:1f93102e0c5bb3907451063e08b9876dbeac810e7da5a8bfb7aeb5a9ef89066b", "sha256:1e2978f6df243b155ef5fa7e558a43037c3079093ed5d10fd84c43900f2d8ecc",
"sha256:2cd9c95431d94adc56600710f8813ee27eea544dd118d45896bb734e9d7a0dc7", "sha256:33496d5cd1222ad73391352b4ae8da15253c5de89b93a80b3e2c8d9a19ec2666",
"sha256:30d2c30dc5139211dda799758559d1b049f7f14c580c409d6ad925b74a4208a8", "sha256:3b48735872ec535027d979e8dcb20bf4f70b5ac75a8ea99f127c106a7d7aba9f",
"sha256:394d4ddc64782e51153eadcaaca95144ac4c35e27ef9b0a42e121ae7e57a9175", "sha256:4b60580e829091e6f9238c848ea6750efed72140b91b048770b64e74fe04908b",
"sha256:3bb2b7a1f7b685f85b11fed1ef10f8a9148bceb49853e47a294a3dd963c1dd7d", "sha256:759e7ec1e050a15f89b770cefbf91ebee8917aac5c20483bc2d80a6c3a04df32",
"sha256:4007b1393d902b48b36958a216c20c4482f601569d19ed1df294a496eb366392", "sha256:8f0b18a02996a836cc9c9c78e5babec10930862827b1b724ddfe98ccf2f2fe4f",
"sha256:5a2221696a8224e335c28816a9d331a6c2ae15a2ee34ec857dcf3e45dbfa99ad", "sha256:95e8176dae143ba9097f351d174fdaf0ccd29efb414b362ae3fd72bf0f710717",
"sha256:63f626344343083322233f175aaf372d326de8436f5928c042639a4afbbf1d3f", "sha256:96c1c7cd856bba8e20094e36e0f948718dc688dba4a9d78c3adde52b9e6c2299",
"sha256:649fff99a20bd06c6f727d2a27f401331dc0cc861fb69cde910fe95b01b5928f", "sha256:a1ee0a0c330f7b5130ce0caed9936a904793576ef4d2b98c40835d6a65afa6a0",
"sha256:680359d932801c76d2e9c9068d05c6b107f2584b2a5b88831c83962eb9984c1b", "sha256:a22f402b410566e2d1c950708c77ebf5ebd5d0d88a6a2e87c86d9fb48afa0d18",
"sha256:846ea64c97afe3bc677b761787993be4991810ecc7a4a937816dd6bddedc4875", "sha256:a39337598244de4bae26475f77dda852ea00a93bd4c728e09eacd827ec929df0",
"sha256:b5e39e0fae001df40f95bd8cc36b9165c5e2ea88900167bddf258bacef9bbdc3", "sha256:afebb7098bfbc70037a053b91ae8437c3857482d3a690fefc03e9ff7aa9a5fd3",
"sha256:ccfa1d0cb6200857f1923b602f978386a3a2758a65b52e0950299ea014be6800", "sha256:bacabb307dca5ebaf9c118d2d2f6903da0d62c9faa82bd21a33eecc319559355",
"sha256:d37d422772111794b26757c5b55a3eade028aa3fde43121ab7b673d050949d65", "sha256:bce2e264d59c91e52d8000d507eb20a9aca4a778731a08cfff7e5ac4a4bb7096",
"sha256:ddacb691cdcdf77b96f549cf9591701d8db36b2f19519373d60d31746068dbf2", "sha256:d9e6827d563a2c820772b32ce8a42828dc6790f095f441beef18f96aa6f8294e",
"sha256:e6668650ea4b685440857138e5fe40cde4d652633b1bdffc62933d0db4ed9812", "sha256:db8ea9917d6f8fc62abd90d944920d95e73c83a5ee3383493e35d271aca872e9",
"sha256:f9da3333530dbcecc1be13e69c250ed8dfa67f43c4005fb537bb426e19200d50", "sha256:ea0213189960bda9cf99be5b8c8ce66bb054af5e9e861249cd23471bd7b0b3ba",
"sha256:fe4d6476887de70546212c99ac9bd803d90b42fc4767f058a0baa895013fbb3e" "sha256:f3df5f1bf91d36002b0a75389ca8663510cf0531cca8aa5c1ef695b46d98655f"
], ],
"markers": "python_version >= '3.9'", "markers": "python_version >= '3.9'",
"version": "==24.10.0" "version": "==25.1.0"
}, },
"bracex": { "bracex": {
"hashes": [ "hashes": [
"sha256:12c50952415bfa773d2d9ccb8e79651b8cdb1f31a42f6091b804f6ba2b4a66b6", "sha256:0b0049264e7340b3ec782b5cb99beb325f36c3782a32e36e876452fd49a09952",
"sha256:13e5732fec27828d6af308628285ad358047cec36801598368cb28bc631dbaf6" "sha256:98f1347cd77e22ee8d967a30ad4e310b233f7754dbf31ff3fceb76145ba47dc7"
], ],
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.9'",
"version": "==2.5.post1" "version": "==2.6"
}, },
"cffi": { "cffi": {
"hashes": [ "hashes": [
@ -169,92 +169,94 @@
}, },
"click": { "click": {
"hashes": [ "hashes": [
"sha256:63c132bbbed01578a06712a2d1f497bb62d9c1c0d329b7903a866228027263b2", "sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202",
"sha256:ed53c9d8990d83c2a27deae68e4ee337473f6330c040a31d4225c9574d16096a" "sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b"
], ],
"markers": "python_version >= '3.7'", "markers": "python_version >= '3.10'",
"version": "==8.1.8" "version": "==8.2.1"
}, },
"cryptography": { "cryptography": {
"hashes": [ "hashes": [
"sha256:1923cb251c04be85eec9fda837661c67c1049063305d6be5721643c22dd4e2b7", "sha256:0027d566d65a38497bc37e0dd7c2f8ceda73597d2ac9ba93810204f56f52ebc7",
"sha256:37d76e6863da3774cd9db5b409a9ecfd2c71c981c38788d3fcfaf177f447b731", "sha256:101ee65078f6dd3e5a028d4f19c07ffa4dd22cce6a20eaa160f8b5219911e7d8",
"sha256:3c672a53c0fb4725a29c303be906d3c1fa99c32f58abe008a82705f9ee96f40b", "sha256:12e55281d993a793b0e883066f590c1ae1e802e3acb67f8b442e721e475e6463",
"sha256:404fdc66ee5f83a1388be54300ae978b2efd538018de18556dde92575e05defc", "sha256:14d96584701a887763384f3c47f0ca7c1cce322aa1c31172680eb596b890ec30",
"sha256:4ac4c9f37eba52cb6fbeaf5b59c152ea976726b865bd4cf87883a7e7006cc543", "sha256:1e1da5accc0c750056c556a93c3e9cb828970206c68867712ca5805e46dc806f",
"sha256:62901fb618f74d7d81bf408c8719e9ec14d863086efe4185afd07c352aee1d2c", "sha256:206210d03c1193f4e1ff681d22885181d47efa1ab3018766a7b32a7b3d6e6afd",
"sha256:660cb7312a08bc38be15b696462fa7cc7cd85c3ed9c576e81f4dc4d8b2b31591", "sha256:2089cc8f70a6e454601525e5bf2779e665d7865af002a5dec8d14e561002e135",
"sha256:708ee5f1bafe76d041b53a4f95eb28cdeb8d18da17e597d46d7833ee59b97ede", "sha256:3a264aae5f7fbb089dbc01e0242d3b67dffe3e6292e1f5182122bdf58e65215d",
"sha256:761817a3377ef15ac23cd7834715081791d4ec77f9297ee694ca1ee9c2c7e5eb", "sha256:3af26738f2db354aafe492fb3869e955b12b2ef2e16908c8b9cb928128d42c57",
"sha256:831c3c4d0774e488fdc83a1923b49b9957d33287de923d58ebd3cec47a0ae43f", "sha256:3fcfbefc4a7f332dece7272a88e410f611e79458fab97b5efe14e54fe476f4fd",
"sha256:84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123", "sha256:460f8c39ba66af7db0545a8c6f2eabcbc5a5528fc1cf6c3fa9a1e44cec33385e",
"sha256:8b3e6eae66cf54701ee7d9c83c30ac0a1e3fa17be486033000f2a73a12ab507c", "sha256:57c816dfbd1659a367831baca4b775b2a5b43c003daf52e9d57e1d30bc2e1b0e",
"sha256:9e6fc8a08e116fb7c7dd1f040074c9d7b51d74a8ea40d4df2fc7aa08b76b9e6c", "sha256:5aa1e32983d4443e310f726ee4b071ab7569f58eedfdd65e9675484a4eb67bd1",
"sha256:a01956ddfa0a6790d594f5b34fc1bfa6098aca434696a03cfdbe469b8ed79285", "sha256:6ff8728d8d890b3dda5765276d1bc6fb099252915a2cd3aff960c4c195745dd0",
"sha256:abc998e0c0eee3c8a1904221d3f67dcfa76422b23620173e28c11d3e626c21bd", "sha256:7259038202a47fdecee7e62e0fd0b0738b6daa335354396c6ddebdbe1206af2a",
"sha256:b15492a11f9e1b62ba9d73c210e2416724633167de94607ec6069ef724fad092", "sha256:72e76caa004ab63accdf26023fccd1d087f6d90ec6048ff33ad0445abf7f605a",
"sha256:be4ce505894d15d5c5037167ffb7f0ae90b7be6f2a98f9a5c3442395501c32fa", "sha256:7760c1c2e1a7084153a0f68fab76e754083b126a47d0117c9ed15e69e2103492",
"sha256:c5eb858beed7835e5ad1faba59e865109f3e52b3783b9ac21e7e47dc5554e289", "sha256:8c4a6ff8a30e9e3d38ac0539e9a9e02540ab3f827a3394f8852432f6b0ea152e",
"sha256:cd4e834f340b4293430701e772ec543b0fbe6c2dea510a5286fe0acabe153a02", "sha256:9024beb59aca9d31d36fcdc1604dd9bbeed0a55bface9f1908df19178e2f116e",
"sha256:d2436114e46b36d00f8b72ff57e598978b37399d2786fd39793c36c6d5cb1c64", "sha256:90cb0a7bb35959f37e23303b7eed0a32280510030daba3f7fdfbb65defde6a97",
"sha256:eb33480f1bad5b78233b0ad3e1b0be21e8ef1da745d8d2aecbb20671658b9053", "sha256:91098f02ca81579c85f66df8a588c78f331ca19089763d733e34ad359f474174",
"sha256:eca27345e1214d1b9f9490d200f9db5a874479be914199194e746c893788d417", "sha256:926c3ea71a6043921050eaa639137e13dbe7b4ab25800932a8498364fc1abec9",
"sha256:ed3534eb1090483c96178fcb0f8893719d96d5274dfde98aa6add34614e97c8e", "sha256:982518cd64c54fcada9d7e5cf28eabd3ee76bd03ab18e08a48cad7e8b6f31b18",
"sha256:f3f6fdfa89ee2d9d496e2c087cebef9d4fcbb0ad63c40e821b39f74bf48d9c5e", "sha256:9b4cf6318915dccfe218e69bbec417fdd7c7185aa7aab139a2c0beb7468c89f0",
"sha256:f53c2c87e0fb4b0c00fa9571082a057e37690a8f12233306161c8f4b819960b7", "sha256:ad0caded895a00261a5b4aa9af828baede54638754b51955a0ac75576b831b27",
"sha256:f5e7cb1e5e56ca0933b4873c0220a78b773b24d40d186b6738080b73d3d0a756", "sha256:b85980d1e345fe769cfc57c57db2b59cff5464ee0c045d52c0df087e926fbe63",
"sha256:f677e1268c4e23420c3acade68fac427fffcb8d19d7df95ed7ad17cdef8404f4" "sha256:b8fa8b0a35a9982a3c60ec79905ba5bb090fc0b9addcfd3dc2dd04267e45f25e",
"sha256:b9e38e0a83cd51e07f5a48ff9691cae95a79bea28fe4ded168a8e5c6c77e819d",
"sha256:bd4c45986472694e5121084c6ebbd112aa919a25e783b87eb95953c9573906d6",
"sha256:be97d3a19c16a9be00edf79dca949c8fa7eff621763666a145f9f9535a5d7f42",
"sha256:c648025b6840fe62e57107e0a25f604db740e728bd67da4f6f060f03017d5097",
"sha256:d05a38884db2ba215218745f0781775806bde4f32e07b135348355fe8e4991d9",
"sha256:dd420e577921c8c2d31289536c386aaa30140b473835e97f83bc71ea9d2baf2d",
"sha256:e357286c1b76403dd384d938f93c46b2b058ed4dfcdce64a770f0537ed3feb6f",
"sha256:e6c00130ed423201c5bc5544c23359141660b07999ad82e34e7bb8f882bb78e0",
"sha256:e74d30ec9c7cb2f404af331d5b4099a9b322a8a6b25c4632755c8757345baac5",
"sha256:f3562c2f23c612f2e4a6964a61d942f891d29ee320edb62ff48ffb99f3de9ae8"
], ],
"markers": "python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'", "markers": "python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'",
"version": "==44.0.0" "version": "==45.0.5"
}, },
"filelock": { "filelock": {
"hashes": [ "hashes": [
"sha256:533dc2f7ba78dc2f0f531fc6c4940addf7b70a481e269a5a3b93be94ffbe8338", "sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2",
"sha256:ee4e77401ef576ebb38cd7f13b9b28893194acc20a8e68e18730ba9c0e54660e" "sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de"
], ],
"markers": "python_version >= '3.9'", "markers": "python_version >= '3.9'",
"version": "==3.17.0" "version": "==3.18.0"
}, },
"importlib-metadata": { "importlib-metadata": {
"hashes": [ "hashes": [
"sha256:02a89390c1e15fdfdc0d7c6b25cb3e62650d0494005c97d6f148bf5b9787525e", "sha256:d13b81ad223b890aa16c5471f2ac3056cf76c5f10f82d6f9292f0b415f389000",
"sha256:310b41d755445d74569f993ccfc22838295d9fe005425094fad953d7f15c8580" "sha256:e5dd1551894c77868a30651cef00984d50e1002d06942a7101d34870c5f02afd"
], ],
"markers": "python_version >= '3.9'", "markers": "python_version >= '3.9'",
"version": "==8.6.1" "version": "==8.7.0"
}, },
"jinja2": { "jinja2": {
"hashes": [ "hashes": [
"sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb", "sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d",
"sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb" "sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67"
], ],
"markers": "python_version >= '3.7'", "markers": "python_version >= '3.7'",
"version": "==3.1.5" "version": "==3.1.6"
}, },
"jsonschema": { "jsonschema": {
"hashes": [ "hashes": [
"sha256:d71497fef26351a33265337fa77ffeb82423f3ea21283cd9467bb03999266bc4", "sha256:0b4e8069eb12aedfa881333004bccaec24ecef5a8a6a4b6df142b2cc9599d196",
"sha256:fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566" "sha256:a462455f19f5faf404a7902952b6f0e3ce868f3ee09a359b05eca6673bd8412d"
], ],
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.9'",
"version": "==4.23.0" "version": "==4.24.0"
}, },
"jsonschema-specifications": { "jsonschema-specifications": {
"hashes": [ "hashes": [
"sha256:0f38b83639958ce1152d02a7f062902c41c8fd20d558b0c34344292d417ae272", "sha256:4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af",
"sha256:a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf" "sha256:630159c9f4dbea161a6a2205c3011cc4f18ff381b189fff48bb39b9bf26ae608"
], ],
"markers": "python_version >= '3.9'", "markers": "python_version >= '3.9'",
"version": "==2024.10.1" "version": "==2025.4.1"
},
"markdown-it-py": {
"hashes": [
"sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1",
"sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"
],
"markers": "python_version >= '3.8'",
"version": "==3.0.0"
}, },
"markupsafe": { "markupsafe": {
"hashes": [ "hashes": [
@ -323,29 +325,21 @@
"markers": "python_version >= '3.9'", "markers": "python_version >= '3.9'",
"version": "==3.0.2" "version": "==3.0.2"
}, },
"mdurl": {
"hashes": [
"sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8",
"sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"
],
"markers": "python_version >= '3.7'",
"version": "==0.1.2"
},
"mypy-extensions": { "mypy-extensions": {
"hashes": [ "hashes": [
"sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d", "sha256:1be4cccdb0f2482337c4743e60421de3a356cd97508abadd57d47403e94f5505",
"sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782" "sha256:52e68efc3284861e772bbcd66823fde5ae21fd2fdb51c62a211403730b916558"
], ],
"markers": "python_version >= '3.5'", "markers": "python_version >= '3.8'",
"version": "==1.0.0" "version": "==1.1.0"
}, },
"packaging": { "packaging": {
"hashes": [ "hashes": [
"sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759", "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484",
"sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f" "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f"
], ],
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.8'",
"version": "==24.2" "version": "==25.0"
}, },
"pathspec": { "pathspec": {
"hashes": [ "hashes": [
@ -357,11 +351,11 @@
}, },
"platformdirs": { "platformdirs": {
"hashes": [ "hashes": [
"sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907", "sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc",
"sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb" "sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4"
], ],
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.9'",
"version": "==4.3.6" "version": "==4.3.8"
}, },
"pycparser": { "pycparser": {
"hashes": [ "hashes": [
@ -371,14 +365,6 @@
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.8'",
"version": "==2.22" "version": "==2.22"
}, },
"pygments": {
"hashes": [
"sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199",
"sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
],
"markers": "python_version >= '3.8'",
"version": "==2.18.0"
},
"pyyaml": { "pyyaml": {
"hashes": [ "hashes": [
"sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff", "sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff",
@ -453,186 +439,215 @@
], ],
"version": "==1.0.1" "version": "==1.0.1"
}, },
"rich": {
"hashes": [
"sha256:2e85306a063b9492dffc86278197a60cbece75bcb766022f3436f567cae11bdc",
"sha256:a5ac1f1cd448ade0d59cc3356f7db7a7ccda2c8cbae9c7a90c28ff463d3e91f4"
],
"markers": "python_full_version >= '3.7.0'",
"version": "==13.8.0"
},
"rpds-py": { "rpds-py": {
"hashes": [ "hashes": [
"sha256:009de23c9c9ee54bf11303a966edf4d9087cd43a6003672e6aa7def643d06518", "sha256:0919f38f5542c0a87e7b4afcafab6fd2c15386632d249e9a087498571250abe3",
"sha256:02fbb9c288ae08bcb34fb41d516d5eeb0455ac35b5512d03181d755d80810059", "sha256:093d63b4b0f52d98ebae33b8c50900d3d67e0666094b1be7a12fffd7f65de74b",
"sha256:0a0461200769ab3b9ab7e513f6013b7a97fdeee41c29b9db343f3c5a8e2b9e61", "sha256:0a0b60701f2300c81b2ac88a5fb893ccfa408e1c4a555a77f908a2596eb875a5",
"sha256:0b09865a9abc0ddff4e50b5ef65467cd94176bf1e0004184eb915cbc10fc05c5", "sha256:0c71c2f6bf36e61ee5c47b2b9b5d47e4d1baad6426bfed9eea3e858fc6ee8806",
"sha256:0b8db6b5b2d4491ad5b6bdc2bc7c017eec108acbf4e6785f42a9eb0ba234f4c9", "sha256:0dc23bbb3e06ec1ea72d515fb572c1fea59695aefbffb106501138762e1e915e",
"sha256:0c150c7a61ed4a4f4955a96626574e9baf1adf772c2fb61ef6a5027e52803543", "sha256:0dfa6115c6def37905344d56fb54c03afc49104e2ca473d5dedec0f6606913b4",
"sha256:0f3cec041684de9a4684b1572fe28c7267410e02450f4561700ca5a3bc6695a2", "sha256:12bff2ad9447188377f1b2794772f91fe68bb4bbfa5a39d7941fbebdbf8c500f",
"sha256:1352ae4f7c717ae8cba93421a63373e582d19d55d2ee2cbb184344c82d2ae55a", "sha256:1533b7eb683fb5f38c1d68a3c78f5fdd8f1412fa6b9bf03b40f450785a0ab915",
"sha256:177c7c0fce2855833819c98e43c262007f42ce86651ffbb84f37883308cb0e7d", "sha256:1766b5724c3f779317d5321664a343c07773c8c5fd1532e4039e6cc7d1a815be",
"sha256:1978d0021e943aae58b9b0b196fb4895a25cc53d3956b8e35e0b7682eefb6d56", "sha256:181ef9b6bbf9845a264f9aa45c31836e9f3c1f13be565d0d010e964c661d1e2b",
"sha256:1a60bce91f81ddaac922a40bbb571a12c1070cb20ebd6d49c48e0b101d87300d", "sha256:183f857a53bcf4b1b42ef0f57ca553ab56bdd170e49d8091e96c51c3d69ca696",
"sha256:1aef18820ef3e4587ebe8b3bc9ba6e55892a6d7b93bac6d29d9f631a3b4befbd", "sha256:191aa858f7d4902e975d4cf2f2d9243816c91e9605070aeb09c0a800d187e323",
"sha256:1e9663daaf7a63ceccbbb8e3808fe90415b0757e2abddbfc2e06c857bf8c5e2b", "sha256:1a8b0dd8648709b62d9372fc00a57466f5fdeefed666afe3fea5a6c9539a0331",
"sha256:20070c65396f7373f5df4005862fa162db5d25d56150bddd0b3e8214e8ef45b4", "sha256:1c962145c7473723df9722ba4c058de12eb5ebedcb4e27e7d902920aa3831ee8",
"sha256:214b7a953d73b5e87f0ebece4a32a5bd83c60a3ecc9d4ec8f1dca968a2d91e99", "sha256:1cc81d14ddfa53d7f3906694d35d54d9d3f850ef8e4e99ee68bc0d1e5fed9a9c",
"sha256:22bebe05a9ffc70ebfa127efbc429bc26ec9e9b4ee4d15a740033efda515cf3d", "sha256:1d815d48b1804ed7867b539236b6dd62997850ca1c91cad187f2ddb1b7bbef19",
"sha256:24e8abb5878e250f2eb0d7859a8e561846f98910326d06c0d51381fed59357bd", "sha256:1e6c15d2080a63aaed876e228efe4f814bc7889c63b1e112ad46fdc8b368b9e1",
"sha256:26fd7cac7dd51011a245f29a2cc6489c4608b5a8ce8d75661bb4a1066c52dfbe", "sha256:20ab1ae4fa534f73647aad289003f1104092890849e0266271351922ed5574f8",
"sha256:27b1d3b3915a99208fee9ab092b8184c420f2905b7d7feb4aeb5e4a9c509b8a1", "sha256:20dae58a859b0906f0685642e591056f1e787f3a8b39c8e8749a45dc7d26bdb0",
"sha256:27e98004595899949bd7a7b34e91fa7c44d7a97c40fcaf1d874168bb652ec67e", "sha256:238e8c8610cb7c29460e37184f6799547f7e09e6a9bdbdab4e8edb90986a2318",
"sha256:2b8f60e1b739a74bab7e01fcbe3dddd4657ec685caa04681df9d562ef15b625f", "sha256:24a4146ccb15be237fdef10f331c568e1b0e505f8c8c9ed5d67759dac58ac246",
"sha256:2de29005e11637e7a2361fa151f780ff8eb2543a0da1413bb951e9f14b699ef3", "sha256:257d011919f133a4746958257f2c75238e3ff54255acd5e3e11f3ff41fd14256",
"sha256:2e8b55d8517a2fda8d95cb45d62a5a8bbf9dd0ad39c5b25c8833efea07b880ca", "sha256:2a343f91b17097c546b93f7999976fd6c9d5900617aa848c81d794e062ab302b",
"sha256:2fa4331c200c2521512595253f5bb70858b90f750d39b8cbfd67465f8d1b596d", "sha256:2abe21d8ba64cded53a2a677e149ceb76dcf44284202d737178afe7ba540c1eb",
"sha256:3445e07bf2e8ecfeef6ef67ac83de670358abf2996916039b16a218e3d95e97e", "sha256:2c03c9b0c64afd0320ae57de4c982801271c0c211aa2d37f3003ff5feb75bb04",
"sha256:3453e8d41fe5f17d1f8e9c383a7473cd46a63661628ec58e07777c2fff7196dc", "sha256:2c9c1b92b774b2e68d11193dc39620d62fd8ab33f0a3c77ecdabe19c179cdbc1",
"sha256:378753b4a4de2a7b34063d6f95ae81bfa7b15f2c1a04a9518e8644e81807ebea", "sha256:3021933c2cb7def39d927b9862292e0f4c75a13d7de70eb0ab06efed4c508c19",
"sha256:3af6e48651c4e0d2d166dc1b033b7042ea3f871504b6805ba5f4fe31581d8d38", "sha256:3100b3090269f3a7ea727b06a6080d4eb7439dca4c0e91a07c5d133bb1727ea7",
"sha256:3dfcbc95bd7992b16f3f7ba05af8a64ca694331bd24f9157b49dadeeb287493b", "sha256:313cfcd6af1a55a286a3c9a25f64af6d0e46cf60bc5798f1db152d97a216ff6f",
"sha256:3f21f0495edea7fdbaaa87e633a8689cd285f8f4af5c869f27bc8074638ad69c", "sha256:35e9a70a0f335371275cdcd08bc5b8051ac494dd58bff3bbfb421038220dc871",
"sha256:4041711832360a9b75cfb11b25a6a97c8fb49c07b8bd43d0d02b45d0b499a4ff", "sha256:38721d4c9edd3eb6670437d8d5e2070063f305bfa2d5aa4278c51cedcd508a84",
"sha256:44d61b4b7d0c2c9ac019c314e52d7cbda0ae31078aabd0f22e583af3e0d79723", "sha256:390e3170babf42462739a93321e657444f0862c6d722a291accc46f9d21ed04e",
"sha256:4617e1915a539a0d9a9567795023de41a87106522ff83fbfaf1f6baf8e85437e", "sha256:39bfea47c375f379d8e87ab4bb9eb2c836e4f2069f0f65731d85e55d74666387",
"sha256:4b232061ca880db21fa14defe219840ad9b74b6158adb52ddf0e87bead9e8493", "sha256:3ac51b65e8dc76cf4949419c54c5528adb24fc721df722fd452e5fbc236f5c40",
"sha256:5246b14ca64a8675e0a7161f7af68fe3e910e6b90542b4bfb5439ba752191df6", "sha256:3c0909c5234543ada2515c05dc08595b08d621ba919629e94427e8e03539c958",
"sha256:5725dd9cc02068996d4438d397e255dcb1df776b7ceea3b9cb972bdb11260a83", "sha256:3da5852aad63fa0c6f836f3359647870e21ea96cf433eb393ffa45263a170d44",
"sha256:583f6a1993ca3369e0f80ba99d796d8e6b1a3a2a442dd4e1a79e652116413091", "sha256:3e1157659470aa42a75448b6e943c895be8c70531c43cb78b9ba990778955582",
"sha256:59259dc58e57b10e7e18ce02c311804c10c5a793e6568f8af4dead03264584d1", "sha256:4019a9d473c708cf2f16415688ef0b4639e07abaa569d72f74745bbeffafa2c7",
"sha256:593eba61ba0c3baae5bc9be2f5232430453fb4432048de28399ca7376de9c627", "sha256:43f10b007033f359bc3fa9cd5e6c1e76723f056ffa9a6b5c117cc35720a80292",
"sha256:59f4a79c19232a5774aee369a0c296712ad0e77f24e62cad53160312b1c1eaa1", "sha256:49028aa684c144ea502a8e847d23aed5e4c2ef7cadfa7d5eaafcb40864844b7a",
"sha256:5f0e260eaf54380380ac3808aa4ebe2d8ca28b9087cf411649f96bad6900c728", "sha256:4916dc96489616a6f9667e7526af8fa693c0fdb4f3acb0e5d9f4400eb06a47ba",
"sha256:62d9cfcf4948683a18a9aff0ab7e1474d407b7bab2ca03116109f8464698ab16", "sha256:4a59e5bc386de021f56337f757301b337d7ab58baa40174fb150accd480bc953",
"sha256:64607d4cbf1b7e3c3c8a14948b99345eda0e161b852e122c6bb71aab6d1d798c", "sha256:4b1f66eb81eab2e0ff5775a3a312e5e2e16bf758f7b06be82fb0d04078c7ac51",
"sha256:655ca44a831ecb238d124e0402d98f6212ac527a0ba6c55ca26f616604e60a45", "sha256:4c5fe114a6dd480a510b6d3661d09d67d1622c4bf20660a474507aaee7eeeee9",
"sha256:666ecce376999bf619756a24ce15bb14c5bfaf04bf00abc7e663ce17c3f34fe7", "sha256:4c70c70f9169692b36307a95f3d8c0a9fcd79f7b4a383aad5eaa0e9718b79b37",
"sha256:68049202f67380ff9aa52f12e92b1c30115f32e6895cd7198fa2a7961621fc5a", "sha256:4d11382bcaf12f80b51d790dee295c56a159633a8e81e6323b16e55d81ae37e9",
"sha256:69803198097467ee7282750acb507fba35ca22cc3b85f16cf45fb01cb9097730", "sha256:4f01a5d6444a3258b00dc07b6ea4733e26f8072b788bef750baa37b370266137",
"sha256:6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967", "sha256:4f789e32fa1fb6a7bf890e0124e7b42d1e60d28ebff57fe806719abb75f0e9a3",
"sha256:6dd9412824c4ce1aca56c47b0991e65bebb7ac3f4edccfd3f156150c96a7bf25", "sha256:4feb7511c29f8442cbbc28149a92093d32e815a28aa2c50d333826ad2a20fdf0",
"sha256:70eb60b3ae9245ddea20f8a4190bd79c705a22f8028aaf8bbdebe4716c3fab24", "sha256:511d15193cbe013619dd05414c35a7dedf2088fcee93c6bbb7c77859765bd4e8",
"sha256:70fb28128acbfd264eda9bf47015537ba3fe86e40d046eb2963d75024be4d055", "sha256:519067e29f67b5c90e64fb1a6b6e9d2ec0ba28705c51956637bac23a2f4ddae1",
"sha256:7b2513ba235829860b13faa931f3b6846548021846ac808455301c23a101689d", "sha256:521ccf56f45bb3a791182dc6b88ae5f8fa079dd705ee42138c76deb1238e554e",
"sha256:7ef9d9da710be50ff6809fed8f1963fecdfecc8b86656cadfca3bc24289414b0", "sha256:529c8156d7506fba5740e05da8795688f87119cce330c244519cf706a4a3d618",
"sha256:81e69b0a0e2537f26d73b4e43ad7bc8c8efb39621639b4434b76a3de50c6966e", "sha256:582462833ba7cee52e968b0341b85e392ae53d44c0f9af6a5927c80e539a8b67",
"sha256:8633e471c6207a039eff6aa116e35f69f3156b3989ea3e2d755f7bc41754a4a7", "sha256:5963b72ccd199ade6ee493723d18a3f21ba7d5b957017607f815788cef50eaf1",
"sha256:8bd7c8cfc0b8247c8799080fbff54e0b9619e17cdfeb0478ba7295d43f635d7c", "sha256:59b2093224a18c6508d95cfdeba8db9cbfd6f3494e94793b58972933fcee4c6d",
"sha256:9253fc214112405f0afa7db88739294295f0e08466987f1d70e29930262b4c8f", "sha256:5afaddaa8e8c7f1f7b4c5c725c0070b6eed0228f705b90a1732a48e84350f4e9",
"sha256:99b37292234e61325e7a5bb9689e55e48c3f5f603af88b1642666277a81f1fbd", "sha256:5afea17ab3a126006dc2f293b14ffc7ef3c85336cf451564a0515ed7648033da",
"sha256:9bd7228827ec7bb817089e2eb301d907c0d9827a9e558f22f762bb690b131652", "sha256:5e09330b21d98adc8ccb2dbb9fc6cb434e8908d4c119aeaa772cb1caab5440a0",
"sha256:9beeb01d8c190d7581a4d59522cd3d4b6887040dcfc744af99aa59fef3e041a8", "sha256:6188de70e190847bb6db3dc3981cbadff87d27d6fe9b4f0e18726d55795cee9b",
"sha256:a63cbdd98acef6570c62b92a1e43266f9e8b21e699c363c0fef13bd530799c11", "sha256:68ffcf982715f5b5b7686bdd349ff75d422e8f22551000c24b30eaa1b7f7ae84",
"sha256:a76e42402542b1fae59798fab64432b2d015ab9d0c8c47ba7addddbaf7952333", "sha256:696764a5be111b036256c0b18cd29783fab22154690fc698062fc1b0084b511d",
"sha256:ac0a03221cdb5058ce0167ecc92a8c89e8d0decdc9e99a2ec23380793c4dcb96", "sha256:69a607203441e07e9a8a529cff1d5b73f6a160f22db1097211e6212a68567d11",
"sha256:b0b4136a252cadfa1adb705bb81524eee47d9f6aab4f2ee4fa1e9d3cd4581f64", "sha256:69b312fecc1d017b5327afa81d4da1480f51c68810963a7336d92203dbb3d4f1",
"sha256:b25bc607423935079e05619d7de556c91fb6adeae9d5f80868dde3468657994b", "sha256:69f0c0a3df7fd3a7eec50a00396104bb9a843ea6d45fcc31c2d5243446ffd7a7",
"sha256:b3d504047aba448d70cf6fa22e06cb09f7cbd761939fdd47604f5e007675c24e", "sha256:6a1cb5d6ce81379401bbb7f6dbe3d56de537fb8235979843f0d53bc2e9815a79",
"sha256:bb47271f60660803ad11f4c61b42242b8c1312a31c98c578f79ef9387bbde21c", "sha256:6d3498ad0df07d81112aa6ec6c95a7e7b1ae00929fb73e7ebee0f3faaeabad2f",
"sha256:bbb232860e3d03d544bc03ac57855cd82ddf19c7a07651a7c0fdb95e9efea8b9", "sha256:72a8d9564a717ee291f554eeb4bfeafe2309d5ec0aa6c475170bdab0f9ee8e88",
"sha256:bc27863442d388870c1809a87507727b799c8460573cfbb6dc0eeaef5a11b5ec", "sha256:777c62479d12395bfb932944e61e915741e364c843afc3196b694db3d669fcd0",
"sha256:bc51abd01f08117283c5ebf64844a35144a0843ff7b2983e0648e4d3d9f10dbb", "sha256:77a7711fa562ba2da1aa757e11024ad6d93bad6ad7ede5afb9af144623e5f76a",
"sha256:be2eb3f2495ba669d2a985f9b426c1797b7d48d6963899276d22f23e33d47e37", "sha256:79061ba1a11b6a12743a2b0f72a46aa2758613d454aa6ba4f5a265cc48850158",
"sha256:bf9db5488121b596dbfc6718c76092fda77b703c1f7533a226a5a9f65248f8ad", "sha256:7a48af25d9b3c15684059d0d1fc0bc30e8eee5ca521030e2bffddcab5be40226",
"sha256:c58e2339def52ef6b71b8f36d13c3688ea23fa093353f3a4fee2556e62086ec9", "sha256:7ab504c4d654e4a29558eaa5bb8cea5fdc1703ea60a8099ffd9c758472cf913f",
"sha256:cfbc454a2880389dbb9b5b398e50d439e2e58669160f27b60e5eca11f68ae17c", "sha256:7bdb17009696214c3b66bb3590c6d62e14ac5935e53e929bcdbc5a495987a84f",
"sha256:cff63a0272fcd259dcc3be1657b07c929c466b067ceb1c20060e8d10af56f5bf", "sha256:7da84c2c74c0f5bc97d853d9e17bb83e2dcafcff0dc48286916001cc114379a1",
"sha256:d115bffdd417c6d806ea9069237a4ae02f513b778e3789a359bc5856e0404cc4", "sha256:801a71f70f9813e82d2513c9a96532551fce1e278ec0c64610992c49c04c2dad",
"sha256:d20cfb4e099748ea39e6f7b16c91ab057989712d31761d3300d43134e26e165f", "sha256:824e6d3503ab990d7090768e4dfd9e840837bae057f212ff9f4f05ec6d1975e7",
"sha256:d48424e39c2611ee1b84ad0f44fb3b2b53d473e65de061e3f460fc0be5f1939d", "sha256:82b165b07f416bdccf5c84546a484cc8f15137ca38325403864bfdf2b5b72f6a",
"sha256:e0fa2d4ec53dc51cf7d3bb22e0aa0143966119f42a0c3e4998293a3dd2856b09", "sha256:84cfbd4d4d2cdeb2be61a057a258d26b22877266dd905809e94172dff01a42ae",
"sha256:e32fee8ab45d3c2db6da19a5323bc3362237c8b653c70194414b892fd06a080d", "sha256:84d142d2d6cf9b31c12aa4878d82ed3b2324226270b89b676ac62ccd7df52d08",
"sha256:e35ba67d65d49080e8e5a1dd40101fccdd9798adb9b050ff670b7d74fa41c566", "sha256:87a5531de9f71aceb8af041d72fc4cab4943648d91875ed56d2e629bef6d4c03",
"sha256:e3fb866d9932a3d7d0c82da76d816996d1667c44891bd861a0f97ba27e84fc74", "sha256:893b022bfbdf26d7bedb083efeea624e8550ca6eb98bf7fea30211ce95b9201a",
"sha256:e61b02c3f7a1e0b75e20c3978f7135fd13cb6cf551bf4a6d29b999a88830a338", "sha256:894514d47e012e794f1350f076c427d2347ebf82f9b958d554d12819849a369d",
"sha256:e67ba3c290821343c192f7eae1d8fd5999ca2dc99994114643e2f2d3e6138b15", "sha256:8a7898b6ca3b7d6659e55cdac825a2e58c638cbf335cde41f4619e290dd0ad11",
"sha256:e79dd39f1e8c3504be0607e5fc6e86bb60fe3584bec8b782578c3b0fde8d932c", "sha256:8ad7fd2258228bf288f2331f0a6148ad0186b2e3643055ed0db30990e59817a6",
"sha256:e89391e6d60251560f0a8f4bd32137b077a80d9b7dbe6d5cab1cd80d2746f648", "sha256:92c8db839367ef16a662478f0a2fe13e15f2227da3c1430a782ad0f6ee009ec9",
"sha256:ea7433ce7e4bfc3a85654aeb6747babe3f66eaf9a1d0c1e7a4435bbdf27fea84", "sha256:941c1cfdf4799d623cf3aa1d326a6b4fdb7a5799ee2687f3516738216d2262fb",
"sha256:eaf16ae9ae519a0e237a0f528fd9f0197b9bb70f40263ee57ae53c2b8d48aeb3", "sha256:9bc596b30f86dc6f0929499c9e574601679d0341a0108c25b9b358a042f51bca",
"sha256:eb0c341fa71df5a4595f9501df4ac5abfb5a09580081dffbd1ddd4654e6e9123", "sha256:9c55b0a669976cf258afd718de3d9ad1b7d1fe0a91cd1ab36f38b03d4d4aeaaf",
"sha256:f276b245347e6e36526cbd4a266a417796fc531ddf391e43574cf6466c492520", "sha256:9da4e873860ad5bab3291438525cae80169daecbfafe5657f7f5fb4d6b3f96b9",
"sha256:f47ad3d5f3258bd7058d2d506852217865afefe6153a36eb4b6928758041d831", "sha256:9def736773fd56b305c0eef698be5192c77bfa30d55a0e5885f80126c4831a15",
"sha256:f56a6b404f74ab372da986d240e2e002769a7d7102cc73eb238a4f72eec5284e", "sha256:9dfbe56b299cf5875b68eb6f0ebaadc9cac520a1989cac0db0765abfb3709c19",
"sha256:f5cf2a0c2bdadf3791b5c205d55a37a54025c6e18a71c71f82bb536cf9a454bf", "sha256:9e851920caab2dbcae311fd28f4313c6953993893eb5c1bb367ec69d9a39e7ed",
"sha256:f5d36399a1b96e1a5fdc91e0522544580dbebeb1f77f27b2b0ab25559e103b8b", "sha256:9e8cb77286025bdb21be2941d64ac6ca016130bfdcd228739e8ab137eb4406ed",
"sha256:f60bd8423be1d9d833f230fdbccf8f57af322d96bcad6599e5a771b151398eb2", "sha256:a547e21c5610b7e9093d870be50682a6a6cf180d6da0f42c47c306073bfdbbf6",
"sha256:f612463ac081803f243ff13cccc648578e2279295048f2a8d5eb430af2bae6e3", "sha256:a90a13408a7a856b87be8a9f008fff53c5080eea4e4180f6c2e546e4a972fb5d",
"sha256:f73d3fef726b3243a811121de45193c0ca75f6407fe66f3f4e183c983573e130", "sha256:a9a63785467b2d73635957d32a4f6e73d5e4df497a16a6392fa066b753e87387",
"sha256:f82a116a1d03628a8ace4859556fb39fd1424c933341a08ea3ed6de1edb0283b", "sha256:aa81873e2c8c5aa616ab8e017a481a96742fdf9313c40f14338ca7dbf50cb55f",
"sha256:fb0ba113b4983beac1a2eb16faffd76cb41e176bf58c4afe3e14b9c681f702de", "sha256:ac64f4b2bdb4ea622175c9ab7cf09444e412e22c0e02e906978b3b488af5fde8",
"sha256:fb4f868f712b2dd4bcc538b0a0c1f63a2b1d584c925e69a224d759e7070a12d5", "sha256:aea1f9741b603a8d8fedb0ed5502c2bc0accbc51f43e2ad1337fe7259c2b77a5",
"sha256:fb6116dfb8d1925cbdb52595560584db42a7f664617a1f7d7f6e32f138cdf37d", "sha256:b0afb8cdd034150d4d9f53926226ed27ad15b7f465e93d7468caaf5eafae0d37",
"sha256:fda7cb070f442bf80b642cd56483b5548e43d366fe3f39b98e67cce780cded00", "sha256:b37a04d9f52cb76b6b78f35109b513f6519efb481d8ca4c321f6a3b9580b3f45",
"sha256:feea821ee2a9273771bae61194004ee2fc33f8ec7db08117ef9147d4bbcbca8e" "sha256:b5f7a446ddaf6ca0fad9a5535b56fbfc29998bf0e0b450d174bbec0d600e1d72",
"sha256:b6d9e5a2ed9c4988c8f9b28b3bc0e3e5b1aaa10c28d210a594ff3a8c02742daf",
"sha256:b6e2c12160c72aeda9d1283e612f68804621f448145a210f1bf1d79151c47090",
"sha256:b818a592bd69bfe437ee8368603d4a2d928c34cffcdf77c2e761a759ffd17d20",
"sha256:c1851f429b822831bd2edcbe0cfd12ee9ea77868f8d3daf267b189371671c80e",
"sha256:c1fb0cda2abcc0ac62f64e2ea4b4e64c57dfd6b885e693095460c61bde7bb18e",
"sha256:c5ab0ee51f560d179b057555b4f601b7df909ed31312d301b99f8b9fc6028284",
"sha256:c70d9ec912802ecfd6cd390dadb34a9578b04f9bcb8e863d0a7598ba5e9e7ccc",
"sha256:c741107203954f6fc34d3066d213d0a0c40f7bb5aafd698fb39888af277c70d8",
"sha256:ca3f059f4ba485d90c8dc75cb5ca897e15325e4e609812ce57f896607c1c0867",
"sha256:caf51943715b12af827696ec395bfa68f090a4c1a1d2509eb4e2cb69abbbdb33",
"sha256:cb28c1f569f8d33b2b5dcd05d0e6ef7005d8639c54c2f0be824f05aedf715255",
"sha256:cdad4ea3b4513b475e027be79e5a0ceac8ee1c113a1a11e5edc3c30c29f964d8",
"sha256:cf47cfdabc2194a669dcf7a8dbba62e37a04c5041d2125fae0233b720da6f05c",
"sha256:d04cab0a54b9dba4d278fe955a1390da3cf71f57feb78ddc7cb67cbe0bd30323",
"sha256:d422b945683e409000c888e384546dbab9009bb92f7c0b456e217988cf316107",
"sha256:d80bf832ac7b1920ee29a426cdca335f96a2b5caa839811803e999b41ba9030d",
"sha256:da619979df60a940cd434084355c514c25cf8eb4cf9a508510682f6c851a4f7a",
"sha256:dafd4c44b74aa4bed4b250f1aed165b8ef5de743bcca3b88fc9619b6087093d2",
"sha256:dca83c498b4650a91efcf7b88d669b170256bf8017a5db6f3e06c2bf031f57e0",
"sha256:de2713f48c1ad57f89ac25b3cb7daed2156d8e822cf0eca9b96a6f990718cc41",
"sha256:de4ed93a8c91debfd5a047be327b7cc8b0cc6afe32a716bbbc4aedca9e2a83af",
"sha256:df52098cde6d5e02fa75c1f6244f07971773adb4a26625edd5c18fee906fa84d",
"sha256:dfbf280da5f876d0b00c81f26bedce274e72a678c28845453885a9b3c22ae632",
"sha256:e3730a48e5622e598293eee0762b09cff34dd3f271530f47b0894891281f051d",
"sha256:e5162afc9e0d1f9cae3b577d9c29ddbab3505ab39012cb794d94a005825bde21",
"sha256:e5d524d68a474a9688336045bbf76cb0def88549c1b2ad9dbfec1fb7cfbe9170",
"sha256:e99685fc95d386da368013e7fb4269dd39c30d99f812a8372d62f244f662709c",
"sha256:ea89a2458a1a75f87caabefe789c87539ea4e43b40f18cff526052e35bbb4fdf",
"sha256:ec671691e72dff75817386aa02d81e708b5a7ec0dec6669ec05213ff6b77e1bd",
"sha256:eed5ac260dd545fbc20da5f4f15e7efe36a55e0e7cf706e4ec005b491a9546a0",
"sha256:f14440b9573a6f76b4ee4770c13f0b5921f71dde3b6fcb8dabbefd13b7fe05d7",
"sha256:f405c93675d8d4c5ac87364bb38d06c988e11028a64b52a47158a355079661f3",
"sha256:f53ec51f9d24e9638a40cabb95078ade8c99251945dad8d57bf4aabe86ecee35",
"sha256:f61a9326f80ca59214d1cceb0a09bb2ece5b2563d4e0cd37bfd5515c28510674",
"sha256:f7bf2496fa563c046d05e4d232d7b7fd61346e2402052064b773e5c378bf6f73",
"sha256:fbaa70553ca116c77717f513e08815aec458e6b69a028d4028d403b3bc84ff37",
"sha256:fc3e55a7db08dc9a6ed5fb7103019d2c1a38a349ac41901f9f66d7f95750942f",
"sha256:fc921b96fa95a097add244da36a1d9e4f3039160d1d30f1b35837bf108c21136",
"sha256:fd0641abca296bc1a00183fe44f7fced8807ed49d501f188faa642d0e4975b83",
"sha256:feac1045b3327a45944e7dcbeb57530339f6b17baff154df51ef8b0da34c8c12",
"sha256:ff110acded3c22c033e637dd8896e411c7d3a11289b2edf041f86663dbc791e9"
], ],
"markers": "python_version >= '3.9'", "markers": "python_version >= '3.9'",
"version": "==0.22.3" "version": "==0.26.0"
}, },
"ruamel.yaml": { "ruamel.yaml": {
"hashes": [ "hashes": [
"sha256:20c86ab29ac2153f80a428e1254a8adf686d3383df04490514ca3b79a362db58", "sha256:710ff198bb53da66718c7db27eec4fbcc9aa6ca7204e4c1df2f282b6fe5eb6b2",
"sha256:30f22513ab2301b3d2b577adc121c6471f28734d3d9728581245f1e76468b4f1" "sha256:7227b76aaec364df15936730efbf7d72b30c0b79b1d578bbb8e3dcb2d81f52b7"
], ],
"markers": "python_version >= '3.7'", "markers": "python_version >= '3.8'",
"version": "==0.18.10" "version": "==0.18.14"
}, },
"ruamel.yaml.clib": { "ruamel.yaml.clib": {
"hashes": [ "hashes": [
"sha256:024cfe1fc7c7f4e1aff4a81e718109e13409767e4f871443cbff3dba3578203d", "sha256:040ae85536960525ea62868b642bdb0c2cc6021c9f9d507810c0c604e66f5a7b",
"sha256:03d1162b6d1df1caa3a4bd27aa51ce17c9afc2046c31b0ad60a0a96ec22f8001", "sha256:0467c5965282c62203273b838ae77c0d29d7638c8a4e3a1c8bdd3602c10904e4",
"sha256:07238db9cbdf8fc1e9de2489a4f68474e70dffcb32232db7c08fa61ca0c7c462", "sha256:0b7e75b4965e1d4690e93021adfcecccbca7d61c7bddd8e22406ef2ff20d74ef",
"sha256:09b055c05697b38ecacb7ac50bdab2240bfca1a0c4872b0fd309bb07dc9aa3a9", "sha256:11f891336688faf5156a36293a9c362bdc7c88f03a8a027c2c1d8e0bcde998e5",
"sha256:1707814f0d9791df063f8c19bb51b0d1278b8e9a2353abbb676c2f685dee6afe", "sha256:1492a6051dab8d912fc2adeef0e8c72216b24d57bd896ea607cb90bb0c4981d3",
"sha256:1758ce7d8e1a29d23de54a16ae867abd370f01b5a69e1a3ba75223eaa3ca1a1b", "sha256:20b0f8dc160ba83b6dcc0e256846e1a02d044e13f7ea74a3d1d56ede4e48c632",
"sha256:184565012b60405d93838167f425713180b949e9d8dd0bbc7b49f074407c5a8b", "sha256:22353049ba4181685023b25b5b51a574bce33e7f51c759371a7422dcae5402a6",
"sha256:1b617618914cb00bf5c34d4357c37aa15183fa229b24767259657746c9077615", "sha256:2c59aa6170b990d8d2719323e628aaf36f3bfbc1c26279c0eeeb24d05d2d11c7",
"sha256:1dc67314e7e1086c9fdf2680b7b6c2be1c0d8e3a8279f2e993ca2a7545fecf62", "sha256:32621c177bbf782ca5a18ba4d7af0f1082a3f6e517ac2a18b3974d4edf349680",
"sha256:25ac8c08322002b06fa1d49d1646181f0b2c72f5cbc15a85e80b4c30a544bb15", "sha256:3bc2a80e6420ca8b7d3590791e2dfc709c88ab9152c00eeb511c9875ce5778bf",
"sha256:25c515e350e5b739842fc3228d662413ef28f295791af5e5110b543cf0b57d9b", "sha256:3eac5a91891ceb88138c113f9db04f3cebdae277f5d44eaa3651a4f573e6a5da",
"sha256:305889baa4043a09e5b76f8e2a51d4ffba44259f6b4c72dec8ca56207d9c6fe1", "sha256:4a6679521a58256a90b0d89e03992c15144c5f3858f40d7c18886023d7943db6",
"sha256:3213ece08ea033eb159ac52ae052a4899b56ecc124bb80020d9bbceeb50258e9", "sha256:4c8c5d82f50bb53986a5e02d1b3092b03622c02c2eb78e29bec33fd9593bae1a",
"sha256:3f215c5daf6a9d7bbed4a0a4f760f3113b10e82ff4c5c44bec20a68c8014f675", "sha256:4f6f3eac23941b32afccc23081e1f50612bdbe4e982012ef4f5797986828cd01",
"sha256:46d378daaac94f454b3a0e3d8d78cafd78a026b1d71443f4966c696b48a6d899", "sha256:5a0e060aace4c24dcaf71023bbd7d42674e3b230f7e7b97317baf1e953e5b519",
"sha256:4ecbf9c3e19f9562c7fdd462e8d18dd902a47ca046a2e64dba80699f0b6c09b7", "sha256:6442cb36270b3afb1b4951f060eccca1ce49f3d087ca1ca4563a6eb479cb3de6",
"sha256:53a300ed9cea38cf5a2a9b069058137c2ca1ce658a874b79baceb8f892f915a7", "sha256:6c8fbb13ec503f99a91901ab46e0b07ae7941cd527393187039aec586fdfd36f",
"sha256:56f4252222c067b4ce51ae12cbac231bce32aee1d33fbfc9d17e5b8d6966c312", "sha256:749c16fcc4a2b09f28843cda5a193e0283e47454b63ec4b81eaa2242f50e4ccd",
"sha256:5c365d91c88390c8d0a8545df0b5857172824b1c604e867161e6b3d59a827eaa", "sha256:7dd5adc8b930b12c8fc5b99e2d535a09889941aa0d0bd06f4749e9a9397c71d2",
"sha256:700e4ebb569e59e16a976857c8798aee258dceac7c7d6b50cab63e080058df91", "sha256:811ea1594b8a0fb466172c384267a4e5e367298af6b228931f273b111f17ef52",
"sha256:75e1ed13e1f9de23c5607fe6bd1aeaae21e523b32d83bb33918245361e9cc51b", "sha256:932205970b9f9991b34f55136be327501903f7c66830e9760a8ffb15b07f05cd",
"sha256:77159f5d5b5c14f7c34073862a6b7d34944075d9f93e681638f6d753606c6ce6", "sha256:943f32bc9dedb3abff9879edc134901df92cfce2c3d5c9348f172f62eb2d771d",
"sha256:7f67a1ee819dc4562d444bbafb135832b0b909f81cc90f7aa00260968c9ca1b3", "sha256:95c3829bb364fdb8e0332c9931ecf57d9be3519241323c5274bd82f709cebc0c",
"sha256:840f0c7f194986a63d2c2465ca63af8ccbbc90ab1c6001b1978f05119b5e7334", "sha256:96777d473c05ee3e5e3c3e999f5d23c6f4ec5b0c38c098b3a5229085f74236c6",
"sha256:84b554931e932c46f94ab306913ad7e11bba988104c5cff26d90d03f68258cd5", "sha256:a274fb2cb086c7a3dea4322ec27f4cb5cc4b6298adb583ab0e211a4682f241eb",
"sha256:87ea5ff66d8064301a154b3933ae406b0863402a799b16e4a1d24d9fbbcbe0d3", "sha256:a52d48f4e7bf9005e8f0a89209bf9a73f7190ddf0489eee5eb51377385f59f2a",
"sha256:955eae71ac26c1ab35924203fda6220f84dce57d6d7884f189743e2abe3a9fbe", "sha256:a606ef75a60ecf3d924613892cc603b154178ee25abb3055db5062da811fd969",
"sha256:a1a45e0bb052edf6a1d3a93baef85319733a888363938e1fc9924cb00c8df24c", "sha256:ab007f2f5a87bd08ab1499bdf96f3d5c6ad4dcfa364884cb4549aa0154b13a28",
"sha256:a5aa27bad2bb83670b71683aae140a1f52b0857a2deff56ad3f6c13a017a26ed", "sha256:b82a7c94a498853aa0b272fd5bc67f29008da798d4f93a2f9f289feb8426a58d",
"sha256:a6a9ffd280b71ad062eae53ac1659ad86a17f59a0fdc7699fd9be40525153337", "sha256:bb43a269eb827806502c7c8efb7ae7e9e9d0573257a46e8e952f4d4caba4f31e",
"sha256:a75879bacf2c987c003368cf14bed0ffe99e8e85acfa6c0bfffc21a090f16880", "sha256:bc5f1e1c28e966d61d2519f2a3d451ba989f9ea0f2307de7bc45baa526de9e45",
"sha256:aa2267c6a303eb483de8d02db2871afb5c5fc15618d894300b88958f729ad74f", "sha256:bd0a08f0bab19093c54e18a14a10b4322e1eacc5217056f3c063bd2f59853ce4",
"sha256:aab7fd643f71d7946f2ee58cc88c9b7bfc97debd71dcc93e03e2d174628e7e2d", "sha256:beffaed67936fbbeffd10966a4eb53c402fafd3d6833770516bf7314bc6ffa12",
"sha256:b16420e621d26fdfa949a8b4b47ade8810c56002f5389970db4ddda51dbff248", "sha256:bf165fef1f223beae7333275156ab2022cffe255dcc51c27f066b4370da81e31",
"sha256:b42169467c42b692c19cf539c38d4602069d8c1505e97b86387fcf7afb766e1d", "sha256:cf12567a7b565cbf65d438dec6cfbe2917d3c1bdddfce84a9930b7d35ea59642",
"sha256:bba64af9fa9cebe325a62fa398760f5c7206b215201b0ec825005f1b18b9bccf", "sha256:d84318609196d6bd6da0edfa25cedfbabd8dbde5140a0a23af29ad4b8f91fb1e",
"sha256:beb2e0404003de9a4cab9753a8805a8fe9320ee6673136ed7f04255fe60bb512", "sha256:d85252669dc32f98ebcd5d36768f5d4faeaeaa2d655ac0473be490ecdae3c285",
"sha256:bef08cd86169d9eafb3ccb0a39edb11d8e25f3dae2b28f5c52fd997521133069", "sha256:e143ada795c341b56de9418c58d028989093ee611aa27ffb9b7f609c00d813ed",
"sha256:c2a72e9109ea74e511e29032f3b670835f8a59bbdc9ce692c5b4ed91ccf1eedb", "sha256:e188d2699864c11c36cdfdada94d781fd5d6b0071cd9c427bceb08ad3d7c70e1",
"sha256:c58ecd827313af6864893e7af0a3bb85fd529f862b6adbefe14643947cfe2942", "sha256:e2f1c3765db32be59d18ab3953f43ab62a761327aafc1594a2a1fbe038b8b8a7",
"sha256:c69212f63169ec1cfc9bb44723bf2917cbbd8f6191a00ef3410f5a7fe300722d", "sha256:e5b8daf27af0b90da7bb903a876477a9e6d7270be6146906b276605997c7e9a3",
"sha256:cabddb8d8ead485e255fe80429f833172b4cadf99274db39abc080e068cbcc31", "sha256:e7e3736715fbf53e9be2a79eb4db68e4ed857017344d697e8b9749444ae57475",
"sha256:d176b57452ab5b7028ac47e7b3cf644bcfdc8cacfecf7e71759f7f51a59e5c92", "sha256:e8c4ebfcfd57177b572e2040777b8abc537cdef58a2120e830124946aa9b42c5",
"sha256:da09ad1c359a728e112d60116f626cc9f29730ff3e0e7db72b9a2dbc2e4beed5", "sha256:f66efbc1caa63c088dead1c4170d148eabc9b80d95fb75b6c92ac0aad2437d76",
"sha256:e2b4c44b60eadec492926a7270abb100ef9f72798e18743939bdbf037aab8c28", "sha256:fc4b630cd3fa2cf7fce38afa91d7cfe844a9f75d7f0f36393fa98815e911d987",
"sha256:e79e5db08739731b0ce4850bed599235d601701d5694c36570a99a0c5ca41a9d", "sha256:fd5415dded15c3822597455bc02bcd66e81ef8b7a48cb71a33628fc9fdde39df"
"sha256:ebc06178e8821efc9692ea7544aa5644217358490145629914d8020042c24aa1",
"sha256:edaef1c1200c4b4cb914583150dcaa3bc30e592e907c01117c08b13a07255ec2",
"sha256:f481f16baec5290e45aebdc2a5168ebc6d35189ae6fea7a58787613a25f6e875",
"sha256:fff3573c2db359f091e1589c3d7c5fc2f86f5bdb6f24252c2d8e539d4e45f412"
], ],
"markers": "python_version < '3.13' and platform_python_implementation == 'CPython'", "markers": "python_version >= '3.9'",
"version": "==0.2.8" "version": "==0.2.12"
}, },
"subprocess-tee": { "subprocess-tee": {
"hashes": [ "hashes": [
@ -644,27 +659,27 @@
}, },
"wcmatch": { "wcmatch": {
"hashes": [ "hashes": [
"sha256:0dd927072d03c0a6527a20d2e6ad5ba8d0380e60870c383bc533b71744df7b7a", "sha256:5848ace7dbb0476e5e55ab63c6bbd529745089343427caa5537f230cc01beb8a",
"sha256:e72f0de09bba6a04e0de70937b0cf06e55f36f37b3deb422dfaf854b867b840a" "sha256:f11f94208c8c8484a16f4f48638a85d771d9513f4ab3f37595978801cb9465af"
], ],
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.9'",
"version": "==10.0" "version": "==10.1"
}, },
"yamllint": { "yamllint": {
"hashes": [ "hashes": [
"sha256:2e16e504bb129ff515b37823b472750b36b6de07963bd74b307341ef5ad8bdc3", "sha256:364f0d79e81409f591e323725e6a9f4504c8699ddf2d7263d8d2b539cd66a583",
"sha256:7a003809f88324fd2c877734f2d575ee7881dd9043360657cc8049c809eba6cd" "sha256:81f7c0c5559becc8049470d86046b36e96113637bcbe4753ecef06977c00245d"
], ],
"markers": "python_version >= '3.8'", "markers": "python_version >= '3.9'",
"version": "==1.35.1" "version": "==1.37.1"
}, },
"zipp": { "zipp": {
"hashes": [ "hashes": [
"sha256:2c9958f6430a2040341a52eb608ed6dd93ef4392e02ffe219417c1b28b5dd1f4", "sha256:071652d6115ed432f5ce1d34c336c0adfd6a884660d1e9712a256d3d3bd4b14e",
"sha256:ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931" "sha256:a07157588a12518c9d4034df3fbbee09c814741a33ff63c05fa29d26a2404166"
], ],
"markers": "python_version >= '3.9'", "markers": "python_version >= '3.9'",
"version": "==3.21.0" "version": "==3.23.0"
} }
}, },
"develop": {} "develop": {}

2
README.md
View File

@ -4,7 +4,7 @@ Ansible playbook for base and initial configuration of the web server hosting my
## Assumptions ## Assumptions
Before you can run this, a few things are assumed: Before you can run this, a few things are assumed:
- You have a clean, minimal Ubuntu 20.04 or Debian 11/12 host up and running - You have a clean, minimal Debian 12 host up and running
- Python 3 is installed on the remote server (requirement of Ansible) - Python 3 is installed on the remote server (requirement of Ansible)
- You have a user account with password-less SSH access to the machine - You have a user account with password-less SSH access to the machine
- You have sudo privileges on the remote host - You have sudo privileges on the remote host

3
group_vars/web
View File

@ -8,4 +8,7 @@ webserver: nginx
extra_fail2ban_filters: extra_fail2ban_filters:
- nginx - nginx
# root prefix for all web servers
web_root_prefix: /var/www
# vim: set ts=2 sw=2: # vim: set ts=2 sw=2:

277
host_vars/web22
View File

@ -1,138 +1,141 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30323862646334626231363530353238333165653862356463386233326433393265643132353262 61623539626162633765633037643066613863623631336534396535353439376238646263306463
3561386632316261383561323831343334363532643566380a333961383133383838343333323937 3762323765316137356636623430333662386564626536350a333334393630653733353864636162
39303866616132383334663732393663386236393732386238376464373964373865653538353633 64623562623462373337363339343832336439363832653666316335313633343663396438346365
3863356261663430360a303131373063656136616166363065326563363462656634356666373661 6531343731363736340a373839663837396138366237303636326363663366656564306663663934
61663734303833306231393766633338316634383339356436666465313966643635623732643432 34333862643232383566306335363462653035313039353764643261663165613861623333663136
34393633393736353261316232393761613931313537356166646634626137353863353930366130 31333131303630356239636334346466643433356661383234383132653865326634643138613666
63323662653933383537643861623035326166306235343937393764316635613339663132633039 35386430646239643535373264386535316135623633303863646564313538323532333739653636
66643163653739333665396263333332313863616136613132393462346136666163663039333963 37393833363564323533333963376334326536666535626530383165613938353232356539633732
61396562633964653063333338643531373264323739353738346639623433323162356633353538 30633761336638636265353764643063316538353065376431616165343936323834303733326433
38633964363466303433663731303261656166626432366231373464353138383465616539623665 62626233643630643835323834343461333365333232373236376234376532636431396232633034
35666462653864346334316163656232363166303630333238613161646131316338663336323134 34303538313331383332643731653634313736383261393563393232643466386339363836623466
31363139306432653030613661623133626533653261376366633030643734633635396335323332 33383633353239623930363765326638643066373332653264633437323536366233383030346135
66363433613165333761323335333964326431616631343035633062643731616366623532643261 61353636353239376564396336353538616135663237613137366263353730366263643961373461
61376562323863353636643439666133643662336132663938653532323965613163346233356438 36646132646563646133373563653034646330653931396562643832666634383439313764646535
30613639616265633131656436323830353031653265323836303561306561363236613262363532 35643161356263316638363662626662346232633230363731633263333566376262396236363161
61666631663632353162336536323930353637643031353764633438613436393838363533663565 38636138306366666163663861346639323630663039353863346161613336363730633738386635
61386631343965626464623934363865303364363532303937383762393831373265306664626362 31356638623938353964346436353565363431636238326266373863316464396563336461336162
32306365643664363537623065643031666333363564303531613662653734336438343933613361 37323962343637626634386539643062343565313431386265323166623437346639363630343739
61336163646565303339336235366361653665616233396364373565666536313034343661393766 63613738656465346261653538643932666235356635346564356234613265353761393263373965
65313137663832356166626438643638653138303166393633373565633065393639363631316364 37326438346432306165616538363334653732643138643864633731363936626433303961373465
33623764613431646335326338386130626132643233333165323635346638613133383434383134 38383535396665643037363665623739346230666539643835343862646464303436303561313035
66363362363835376336616365376336383138643538666365383831653366393632336264643536 31356462656230326137616531363461316365333432326230373632356632313765333464313164
30346332336163306563303964393463306436643261326232653739313731656537326362386233 65393537656364656464343237646137396331643165343639643330353264333066633432363066
34306433396262633266646562313361666263353831393230393832313135303331393032656564 31336132373162393033363636386632313938333039393533313038623633613362646134363162
66313832643539653865663332613166383334303430376530343962656331633537633131646535 36346532306166346335643636353439323732663763396432613537316234376366616262626638
31666137353461643363353834306662643735303466626366396164393139663739666430386139 38613936626237343464373937383464356439383934353264643632386239353666396133656635
32316566626264663236633336303437626136333535316231633430656663623661306266613566 37666534383461663433653139383732383062643939653066656231646532666262386239616433
39383730636262333439376634313137333331303332633164636533333537366664626165393730 34386335363663313933663465623534633163316635353439616532386565613234373039653364
65366636366464653064666436343334363762303032393233656638356432356664313235353038 62376565613863656232643631343634636366643034386466323963643837653831653635333865
65613730323938393763653735353732643363663637633234343465393264313865373536313031 37383834626362613235623264613234653236323236383632356666643465313561626137343330
63666263326339623662323464346231383535333736333338336562396361633439343964616234 61643963306363366638306335653364616264613766346539316337623466666537616535333363
33373837646262333639393164366336666662343362336330373532306638353464363931303961 35306665383339643834616463396362663538303031386639343932346537363866663536373634
62363730333739346562333333376164663235316262363666396631323430303835636434313036 32623738363234326361336436626330363962316163653733663663316139393134666632633438
30376333383036373639343461666436643632653030623264393163643433333162626439393861 32303463343363383663636165643730653138356538326137613730383863373635646533373066
66333037363738343932323666393061653236376338643762393933366430323036636438333962 38323361373665376435313266373439636533646634326533626135313462303739313430383730
38396432366566343038303533353936363934313866646665313764336433656361363137613233 32333636633737376566623663323234376235623039313865663232323761616532666466306264
37393737663465336638623439373262313366623638336239373961356262653735643935613238 39623434333638323065623830656535353331326435643464333035326338366136666136663337
32343331316630646366306132663337373162363937323535323737313035326233303332316134 34336366333539333232653263396231633234313935396366646639383465326333653236383362
61313838346636353437666630653030316563626134626433306364313765613832343434663335 36656563653465346439653230333534656530373766653733373765623234336466663631323765
33336139303265336461396632633835366538663462393536383361656566393737383961653131 38636262373831393633343262356538393736666134633264353037383033343436346333306565
65393833313737383439356464653638393566646238636539393963313031373435663839613736 38663637333062653565666163616330393637616434666634633839373966373666323831353338
37346434336630366632306230393565363662353263643833613338623064646265313464346435 33666235646162343234343336356563663430643035306333623136323461636135386238396137
34663935353662393734313830316665663432303734313037373963363231636335313130363039 63323830316634653666333735663533336262303931653666356531343464656132326134313831
66383230633538323663333632633334636430393830666638373839633830393865363234626161 30666466373833313331316330353539646534333135373364343066643536636335633264306334
62366564386234623731643930656531353238633237666438623961656661613736333231656165 63396133626234323734666162343835613436393763303836383839323338323339313261383033
33336263386466393064633664613437336631313961633362613864366637376132363131393536 33616430376436663966626230343436643032353636363765303032333637396531623265393064
37373632326237623531636330666237363736643339396132333464643162373636346232366132 62336330396533346462313638613262363435306330366561303336316239313731623562316366
38303833623537393136643131323938623038353030626136373265303762373036653765656462 36373864373763383236663163363335373435636431613562373334396432323633373063346564
33636334623361313136633964346431666261616364643435323131643562333438626133646139 38616637316162396638356234323436383765663036366363323964613264373638656161393661
38373633393732333761633463646561613634313363623235323330323233386265393639383261 38623234356137383936303738306263376632393533613739613636613561333262333537616336
64343465373666306537383431353834386238633134366131376465363231366265383432383338 35393739636533373865343533633961316137626337363336316333616162643538343362613634
33366635363964336663623235316635353961393166313333343432363962636465356639643130 34376334393134643963383634646432643763316232656135663031373361346332636662653266
38336363626666613763336639346534373634323661656366393163653630323131313564643530 38663931663239666462626664373064666366613834623033346133306335333462623931646535
66643235313364376133323832313838363537353738313430396466343535663632396237313862 65343966313966386632333133363965623436313237343331366565323133343833623232326337
35313030376632333034323765316435636331303635386631343534373634376135643664393134 38363234336137633035333362383164656238326434366330336662653435343639663438613062
34366162303432323038376261346231313632356630633937333635343635663964613362343232 30346336353964346362393832653835303730383934316563333538376333353830376661313065
65643533643565383762656636623064346165323231313663636363323365303037636635326134 31353837333563363561663931386264346263323665616231383538353937393330303163306433
34663737316335373166343266303633663565616234613530613430323238303830663538353663 64376662393464643836636162373564376664306161656539626132313232343861396537386462
65663261653633346637656564643937323864393664633830356437353631656233306461306436 32376636333564323137623862396135313863306337346131323834396633333261633438646561
34313765313266336536626630383332343063303738316238626137376435656630663331663839 31613734343839373735356464643865663061363338346663353932313635393138613538303463
39393364613735313033633664616562636530366630306530386432356431663537643864363364 33373333373230383336336462636333353137303563366234363737343437323336386335633739
38633237646564306231653334633032393464653637316139356339316666343436633337613733 61363266633065383738336537346331376663313133393761633530633932643739636238633565
63346465316365366138306562336666333939663335623837326430363736396638333631376535 33343236633834383933336466636663383566633932643464353665643733613137633538346437
30663735306134653064633133326264336638313161623034356165656435626135393739633339 33366361663537343931653537333737633463336135623836373261663538303532633763646432
66623536373632323461343435636539313737313831366433393335396634396539663362356165 39343361383335636433666431616363373161646265393231353265393436633238303066613963
39653330663163323330616165346438393435366362353336316537613036323639613439623361 39633765663339643864386334613337666138333538333762353866333464386232396530306335
63343837303861613733353132373632313330333133316638303064316362316233366439316661 64306461363730313061633831343839613065313061326132613563666563656131383236623032
33326131656539393964643939353161626566666632306133393531313630356262646136613135 33346234333966653732643263313138333262343461623736386334356662383536633062653832
65336238386432336439306366636463373766646263613463373464663762396331303461326432 37626132376336643563396561626636346237393138343133656565643631646530326166613061
65666263373639626635623562343538636434663936666330333638333362333138376230333433 31353863623430656433356636616636303961336262613063616464313832343030333937356662
30666638343766656462366432373632306335393239663337646233653438393362663737613566 61353136633539306265386335393035313864366464303131663337383636363431636537646461
39626239643134623035336634316463313935646262663139643963636335663833386266616465 37646431643862646262623038336635653764383165376433666639363337623035616562663561
35306133383438633134356164633935663439336364373633326336346431353330373137626233 36613165393931336639306662656136663231316530663266666135353461613538653734316661
65663063373839333234663032666263633261346562373561633731343665333364303164306232 36363065663261323439653733336266613539363732323230346433353363333637616635666234
35333434343861666465623834653630396663363435336533336435613037623266623262343265 36373439343762336161313965396537363332316561303235666264653038353132633561393038
36313937363334363365613435633962613764366531626632613735306336613930633134383632 30373366303136656661353664396261393136623436323930666430636435623362396636646161
34366435313862373333396136363764643761646635663064336430636363316234613133643261 63613734663964656139393531316465623130666663376266616137316137616233373630396663
36353136343438646437613064333631626435613465356332346265363030323331343766366363 32326166663731643837623262393835656532393139396535393732626164316136626239663230
66656137346261343131653565356333326336363731393838613536333133643863363033383433 35326166346162626134626566313963333661643531353437666139396333343335306633643531
36663539366238333166303132633939313638656536653230626565646238666433373836353035 63386437646536633430643539623164306139316364646136306366373732373065376561303431
35613638393366373763643266626139316561313561353039613464353962353031643533646238 65363237353163656162393264316263303366633630303532623130343066636132613865363662
38303735663536623230383237653766323935343338393965306237363466653933393536303861 63323233323064633238356236616665373933626465393032326134363434613262653165343166
63366564373461366163373934323063366135633266373364396130376230383136666234616533 38313263376637383163336565376538326532353766626264346536353563663464623737653430
64343032336663646535333265616361656135326238666166353266393833366162333235363432 66373866343865326331333833353261386132393234303536353864343934353039323038363630
33373836373338323934626161613536363162363862396563643864613035643231383936616231 37373632356461633137336230353762316562353430323761623861343639393030653038313632
32386339633436613231663765663366626236656261643033313237386135666138343561663566 66636133643566306432333038623866333531613334396432306666316439366435383661336531
38303163313565313462636363303337653061316335393038643161616539336235363736396435 36373333623266353461383431333462343037306563616231663563353833653839313538613631
34356530633739346661306662376236353336613932323331326164623432393231333863323362 30646130383932343865363062313836323365616639346537663461343164363934653737613466
64623264316161313938666635373235653139663561316462323238333534363332666431626239 38326234356261343764323063613366313633313766613736663033666664613433363438646366
32386630353832303830366331616462656432393362666633383233666439663730316532323765 64366333373164333838363934636366336430343032316562653137323634303833616363393063
61623832366161666166633334623462666531303865313065396638646434396231363739366338 35343330663434356530333535663664336463396533393564663138623162666563323736366135
33616433613866376265333564336266626337616233636265386438313362366439336633306434 63653662306265326238363266393864393630333064303861376432333432386262306363336135
66363063376166663039366334666238333932386434653631313336366564366636363964366538 32333762333339383662303931376631326638666635353433636461386264633166313336636663
35346362353138613961313936306438326632656566613966663138613233356364383837373235 36313336663730363937316539623132313937633032396462616634346630383937353034343332
32313439636136313130313136333865653336383866626231636630316365313838636330376263 32346164363362346264353965633761306163343131323661313836636438646337396238653962
32623931313431373137343463626432393834353462333661656564333238646334323761333663 66306666366663343731333338666463313139373033306137643631313930353932616339636337
34653037366639393363383866626363663838643132663266346335656431303237653832663161 39363337376232616139663863303430353530643964633333376561326339373334663862383230
39653633626139343130393735393539393864356336636163363231633332303232323165646466 37613861373836643762386339666434623931376266643361383761373235393035303137613838
31383831333963393866343937643635376135303835353730656436333432373266303830613661 39383230393831373836396435323734316332663465376136333365393433633065666565393033
35636134333561626133333335323131373031616636373439393337316338656331316564303039 62356661346433643532633366313132313137623134626431343532373461396462653738613030
37343265393030633931346131313730303463383165303933323038363062343030363637646261 39323566326239383434616663626330646136386463646331616431386235633435333838363732
64366661663064643761666539623632333036393631656634333062313535663864376361333639 33633063363065343032383736643634313034663632373237663132373561656530396661326366
39323136656461323163663161643863626336306334343230326236343539633462363533343863 31313738633662616663646163386461336537313236313930336466346161306535373965366137
63313331393838343934643734373937366537626138336439653364346630323530323264336233 32383934626563663033356466653162333732633639363563663464353466383233373830633361
61643637393166316633323139326535366337623666386631316532333735363664353730376462 37326531636262313337333665626233303263633461356331343261353838396661656138323130
34333538323236643063623661333537393837373761636562323661366432373137393732363034 39316634666432656638623733333531303662613062323430333933626264376138393665363964
37323237633563353162653330666162613232376363623238383463376461313662346261323934 62633765313262653165393332336539363263636362383262303766373331353363363564333037
36623163393330303037626566373239643164626634383162646562313533343836653461303238 39373164633563303461313830383632623438666333333938613066313562623233353665653631
62356363666439306438373766633335376362636533333063656335333539343963356631616131 62313634373537356365633065333763333533313730353235363963643131316364323031643235
39303362383532386339663938313534353635633438626437343166376662343731316539316334 64313731343735346533646430346565393365363334626563353030313663363930363966313339
31666133623638376163396161623636373363303436353064336136366634613437396232643836 34346130626633333239663935376663393962363761663935303639346333326230363730363366
35303939316135646361393136366430626435613830656264393832316566303563366163313038 39313230353130373733396264616530303534383466633231303661663635623266346235363163
30613636343062393938373765313063363437383238346132396261376135366531336561303836 61383761623039666462383266666565643930303664616432393434666566636437616536626365
66303034646266383332316161613635366338313835363764376564323530376466633263396161 33336366333139633138386366333938343630373965613865663830366333363363303565633238
32373061303062393564636264616234383336373839616330306531363638356362666664306137 32313762303739356433383534653966376231316366396333616435343539376432633837666635
30393737653061643932346561306239303335646533353432383734626566333331363763313934 31396137373263386365616237396232376664653266663562356533613263323131356266666264
30646465363332306439383635376635343831336435313663343066313963616532366632363832 36636266623338323861303237623361666130373938306539343438316662326536376438306465
64663662363236333035313865393638623534646336326433323034356637643965336430316337 62656463356364363837353738663539316163346565333431343363303564376436666631383435
64383566333663346334373461356138663066623864643430346538343964653838383066313039 65333066383335633462613034383139336262393865383534323032323730343865303339343239
39336164333139646264363366303362353135623633616134636633383865623336386163336230 62343962363566643566356433623133333363343535376534333938623033656334613432326533
37306136663032313430323765393631613036383634383735343837353735333931353666623862 63666339373135353331326363303064666137383439663738373236623137383562346439356432
63306336383137353165343031313361613932323065623930626161373062303864333931623361 62383365373063376637313437346333643637376234376434613666353734333039353463313335
33366330306264636163373236636338353139363438353466326430373635616332336365346562 32326564343139383035313261646635313939366531323530393434303735306138633435333037
65356163366266663636623935343330366161353562633234303661633663343361643764313264 65666533366634666665393838616533656338353938333437363939616435636538313937303631
38666265316138613761353732386230353661643834646364326139373063646362366465333236 32663439396165333633653531353835366436323062326535366432313936323031613639633164
33643765663730646332616463383931363738656636313932666163623733343363393736646562 66323234613139626433326130396232366231623135366462393366616365653337346261663836
63393134613465396134333836656333383763353031383633636336656164316533343735663664 61386435636361336334333235663865343262633333633162376433383062336663396162303133
34363465353832386632323036643935366662636631616261336637336361663864313432363564 32666437336634323132396664373930316365626131646636366632616138626366613737616131
66656633353061613137393861663930366532343730353230626530656430346562383964393964 64386439386265373631373232626538323936383162333535383134643438336336636435613033
63636166396337346636666630363537363332313663346135386138616135356135613131393130 31336139376434316432343139363464616136626463396534646239646633363164646330373161
39383036646563386562326461333037643162396537396637336537623035613734336539326137 31663233393234393837356133316462346563303435663262363532333963333535373031656434
66336130633732383439346262313732336139376633383266633834663130373138363064316564 64303262633166346534396166643365326262636431353065613236666463336238633838633636
33393831333736653236356537623134396532336463336232393463396361363439323731393266 35356265653935663963343737616563373663376239613436663138386566393438323735393362
38643539376531343266336330366263656266393337333139363761623163316238643466356339 32616238623538366639373762336363353638306539336263316338323666303866633935386433
32333837346166333332633738376563303132626130376361383530363165613266373039336332 62313865303732613266393066386533313263313432356434363734626365643338646438646633
63376137343966333264336135333636643231643464633836636433363831393066373466643338 31346463313236643862303034363737343731343934666632623130613932323137376134653265
6335 35326164303031623235303265613765663263663333353066333633663636323635383832373865
35626135333634346637346537373962646236376431393266306436333634646263646266326234
37383037363364306230646334333532613464353931376338366532326134393437303535393033
34316232326462343662

2
roles/caddy/defaults/main.yml
View File

@ -2,7 +2,7 @@
# file: roles/caddy/defaults/main.yml # file: roles/caddy/defaults/main.yml
# parent directory of vhost document roots # parent directory of vhost document roots
caddy_root_prefix: /var/www caddy_root_prefix: "{{ web_root_prefix }}"
# Email address to use for the ACME account managing the site's certificates. # Email address to use for the ACME account managing the site's certificates.
# Not sure what Caddy does if this doesn't exist. # Not sure what Caddy does if this doesn't exist.

1
roles/caddy/tasks/main.yml
View File

@ -71,6 +71,7 @@
mode: "0755" mode: "0755"
owner: root owner: root
group: root group: root
tags: caddy
# TODO: the variable is still named nginx_vhosts # TODO: the variable is still named nginx_vhosts
- name: Configure Caddy virtual hosts - name: Configure Caddy virtual hosts

23
roles/caddy/templates/etc/caddy/conf.d/vhost.j2
View File

@ -8,6 +8,12 @@
{% set needs_php = item.needs_php | default(false) %} {% set needs_php = item.needs_php | default(false) %}
{% set has_gitea = item.has_gitea | default(false) %} {% set has_gitea = item.has_gitea | default(false) %}
{% set static_site = item.static_site | default(false) %} {% set static_site = item.static_site | default(false) %}
{# Allow sites to override the document root #}
{% if item.document_root is defined %}
{% set document_root = item.document_root %}
{% else %}
{% set document_root = (caddy_root_prefix, domain_name) | ansible.builtin.path_join %}
{% endif %}
{% if domain_aliases %} {% if domain_aliases %}
{# domain_aliases is a string, so we split on space #} {# domain_aliases is a string, so we split on space #}
@ -21,15 +27,20 @@
{{ domain_name }} { {{ domain_name }} {
{% if has_gitea %} {% if has_gitea %}
reverse_proxy :3000 reverse_proxy :3000
{% endif %} {% elif static_site -%}
root * {{ document_root }}
{% if static_site -%} encode
root * {{ item.document_root }}
encode zstd gzip
file_server file_server
{% endif %} {% elif has_wordpress -%}
root * {{ document_root }}
encode
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') -%}
php_fastcgi unix//run/php/php8.2-fpm-{{ domain_name }}.sock
{% endif -%}
file_server
{% endif -%}
import security-headers import security-headers
} }

2
roles/common/files/etc/cron-apt/3-download
View File

@ -1,2 +0,0 @@
autoclean -y
upgrade -y -o APT::Get::Show-Upgraded=true

5
roles/common/files/etc/cron-apt/config
View File

@ -1,5 +0,0 @@
# Configuration for cron-apt. For further information about the possible
# configuration settings see the README file.
MAILON="never"
OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list -o Dir::Etc::SourceParts=\"/dev/null\""

7
roles/common/files/update-firehol-nftables.service
View File

@ -1,10 +1,7 @@
[Unit] [Unit]
Description=Update FireHOL lists Description=Update FireHOL lists
# This service will fail if nftables is not running so we use Requires to make # Make sure the network is up
# sure that nftables is started. After=network-online.target
Requires=nftables.service
# Make sure the network is up and nftables is started
After=network-online.target nftables.service
Wants=network-online.target update-firehol-nftables.timer Wants=network-online.target update-firehol-nftables.timer
[Service] [Service]

20
roles/common/tasks/cron-apt.yml
View File

@ -1,11 +1,17 @@
--- ---
- name: Configure cron-apt (config) - name: Remove cron-apt
ansible.builtin.copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }} owner={{ item.owner }} group={{ item.group }} ansible.builtin.apt:
loop: name: cron-apt
- { src: etc/cron-apt/config, dest: /etc/cron-apt/config, mode: "0644", owner: root, group: root } state: absent
- { src: etc/cron-apt/3-download, dest: /etc/cron-apt/action.d/3-download, mode: "0644", owner: root, group: root } cache_valid_time: 3600
- name: Configure cron-apt (security) - name: Remove cron-apt configs
ansible.builtin.template: src=security.sources.list.j2 dest=/etc/apt/security.sources.list mode=0644 owner=root group=root ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- /etc/cron-apt/config
- /etc/cron-apt/action.d/3-download
- /etc/apt/security.sources.list
# vim: set ts=2 sw=2: # vim: set ts=2 sw=2:

17
roles/common/tasks/packages_Debian.yml
View File

@ -1,19 +1,6 @@
--- ---
- name: Configure Debian packages - name: Configure Debian packages
block: block:
# Create directory for third-party package signing keys. Required on distros
# older than Debian 12 / Ubuntu 22.04.
#
# See: https://wiki.debian.org/DebianRepository/UseThirdParty
- name: Create /etc/apt/keyrings
file:
path: /etc/apt/keyrings
mode: "0755"
owner: root
group: root
state: directory
when: ansible_distribution_major_version is version('12', '<')
# Scaleway seems to use a weird sources.list format as of Debian 12? # Scaleway seems to use a weird sources.list format as of Debian 12?
- name: Check for weird Debian sources - name: Check for weird Debian sources
ansible.builtin.stat: ansible.builtin.stat:
@ -35,7 +22,6 @@
- iotop - iotop
- htop - htop
- strace - strace
- cron-apt
- safe-rm - safe-rm
- debian-goodies - debian-goodies
- mosh - mosh
@ -47,11 +33,12 @@
- zstd - zstd
- rsync - rsync
- lsof - lsof
- unattended-upgrades
- name: Install base packages - name: Install base packages
ansible.builtin.apt: name={{ base_packages }} state=present cache_valid_time=3600 ansible.builtin.apt: name={{ base_packages }} state=present cache_valid_time=3600
- name: Configure cron-apt - name: Remove cron-apt
ansible.builtin.import_tasks: cron-apt.yml ansible.builtin.import_tasks: cron-apt.yml
tags: cron-apt tags: cron-apt

45
roles/common/tasks/packages_Ubuntu.yml
View File

@ -1,19 +1,6 @@
--- ---
- name: Configure Ubuntu packages - name: Configure Ubuntu packages
block: block:
# Create directory for third-party package signing keys. Required on distros
# older than Debian 12 / Ubuntu 22.04.
#
# See: https://wiki.debian.org/DebianRepository/UseThirdParty
- name: Create /etc/apt/keyrings
file:
path: /etc/apt/keyrings
mode: "0755"
owner: root
group: root
state: directory
when: ansible_distribution_major_version is version('22.04', '<')
- name: Configure apt mirror - name: Configure apt mirror
ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
when: ansible_architecture != 'armv7l' when: ansible_architecture != 'armv7l'
@ -45,38 +32,6 @@
- name: Install base packages - name: Install base packages
ansible.builtin.apt: pkg={{ ubuntu_base_packages }} state=present cache_valid_time=3600 ansible.builtin.apt: pkg={{ ubuntu_base_packages }} state=present cache_valid_time=3600
# We have to remove snaps one by one in a specific order because some depend
# on others. Only after that can we remove the corresponding system packages.
- name: Remove lxd snap
community.general.snap: name=lxd state=absent
when: ansible_distribution_version is version('20.04', '==')
ignore_errors: true
- name: Remove core18 snap
community.general.snap: name=core18 state=absent
when: ansible_distribution_version is version('20.04', '==')
ignore_errors: true
- name: Remove snapd snap
community.general.snap: name=snapd state=absent
when: ansible_distribution_version is version('20.04', '==')
ignore_errors: true
- name: Set fact for packages to remove (Ubuntu 20.04)
ansible.builtin.set_fact:
ubuntu_annoying_packages:
- whoopsie # security (CIS 4.1)
- apport # security (CIS 4.1)
- command-not-found # annoying
- command-not-found-data # annoying
- python3-commandnotfound # annoying
- snapd # annoying (Ubuntu >= 16.04)
- lxd-agent-loader # annoying (Ubuntu 20.04)
when: ansible_distribution_version is version('20.04', '==')
- name: Remove packages
ansible.builtin.apt: name={{ ubuntu_annoying_packages }} state=absent purge=true
- name: Disable annoying Canonical spam in MOTD - name: Disable annoying Canonical spam in MOTD
ansible.builtin.file: path={{ item }} mode=0644 state=absent ansible.builtin.file: path={{ item }} mode=0644 state=absent
loop: loop:

4
roles/common/templates/etc/systemd/system/fail2ban.service.d/override.conf.j2
View File

@ -1,3 +1,7 @@
[Unit]
# If nftables is stopped or restarted, propagate to fail2ban as well
PartOf=nftables.service
[Service] [Service]
PrivateDevices=yes PrivateDevices=yes
PrivateTmp=yes PrivateTmp=yes

5
roles/common/templates/security.sources.list.j2
View File

@ -1,5 +0,0 @@
{% if ansible_distribution == 'Ubuntu' %}
deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted universe multiverse
{% elif ansible_distribution == 'Debian' %}
deb http://security.debian.org/debian-security {{ ansible_distribution_release }}/updates main contrib non-free
{% endif %}

14
roles/common/templates/update-firehol-nftables.sh.j2
View File

@ -28,11 +28,14 @@ if [[ -f "firehol_level1.netset" ]]; then
firehol_level1_ipv4_list_temp=$(mktemp) firehol_level1_ipv4_list_temp=$(mktemp)
firehol_level1_ipv4_set_temp=$(mktemp) firehol_level1_ipv4_set_temp=$(mktemp)
# Filter blank lines and comments # Filter blank lines, comments, and bogons we use inside the LAN, DMZ, and
# for local services like systemd-resolved and others on localhost. Ideally
# these are blocked already at the WAN side by network administrators.
cat firehol_level1.netset \ cat firehol_level1.netset \
| sed \ | sed \
-e '/^$/d' \ -e '/^$/d' \
-e '/^#.*/d' \ -e '/^#.*/d' \
-e '/^127\.0\.0\.0\/8/d' \
> "$firehol_level1_ipv4_list_temp" > "$firehol_level1_ipv4_list_temp"
echo "Building firehol_level1-ipv4 set" echo "Building firehol_level1-ipv4 set"
@ -55,13 +58,8 @@ NFT_HEAD
rm -f "$firehol_level1_ipv4_list_temp" "$firehol_level1_ipv4_set_temp" rm -f "$firehol_level1_ipv4_list_temp" "$firehol_level1_ipv4_set_temp"
fi fi
echo "Reloading nftables" echo "Restarting nftables"
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '<=') %}
{% set systemctl_bin = '/bin/systemctl' %}
{% else %}
{% set systemctl_bin = '/usr/bin/systemctl' %}
{% endif -%}
{{ systemctl_bin }} reload nftables.service /usr/bin/systemctl restart nftables.service
rm -v firehol_level1.netset rm -v firehol_level1.netset

14
roles/nginx/defaults/main.yml
View File

@ -5,16 +5,16 @@
nginx_confd_path: /etc/nginx/conf.d nginx_confd_path: /etc/nginx/conf.d
# parent directory of vhost roots # parent directory of vhost roots
nginx_root_prefix: /var/www nginx_root_prefix: "{{ web_root_prefix }}"
# 1 hour timeout # 1 day timeout
nginx_ssl_session_timeout: 1h nginx_ssl_session_timeout: 1d
# 10MB -> 40,000 sessions # 10MB -> 40,000 sessions
nginx_ssl_session_cache: shared:SSL:10m nginx_ssl_session_cache: shared:SSL:10m
# 1400 bytes to fit in one MTU (default is 16k!) nginx_ssl_buffer_size: 4k
nginx_ssl_buffer_size: 1400
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
nginx_ssl_protocols: TLSv1.2 TLSv1.3 nginx_ssl_protocols: TLSv1.2 TLSv1.3
nginx_ssl_ecdh_curve: X25519:prime256v1:secp384r1
# DNS resolvers for OCSP stapling (default to Cloudflare public DNS) # DNS resolvers for OCSP stapling (default to Cloudflare public DNS)
# See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling # See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
@ -37,8 +37,8 @@ letsencrypt_root: /etc/ssl
letsencrypt_acme_script_temp: /root/acme.sh letsencrypt_acme_script_temp: /root/acme.sh
letsencrypt_acme_home: /root/.acme.sh letsencrypt_acme_home: /root/.acme.sh
# stable is 1.20.x # stable is 1.26.x
# mainline is 1.21.x # mainline is 1.27.x
nginx_version: mainline nginx_version: mainline
# vim: set ts=2 sw=2: # vim: set ts=2 sw=2:

6
roles/nginx/templates/blank-vhost.conf.j2
View File

@ -11,9 +11,11 @@ server {
return 444; return 444;
} }
server { server {
listen 443 ssl http2 default_server; listen 443 ssl default_server;
listen [::]:443 ssl http2 default_server; listen [::]:443 ssl default_server;
http2 on;
server_name _; server_name _;
# self-signed "snakeoil" certificate # self-signed "snakeoil" certificate

12
roles/nginx/templates/https.j2
View File

@ -27,8 +27,9 @@
ssl_dhparam {{ nginx_ssl_dhparam }}; ssl_dhparam {{ nginx_ssl_dhparam }};
ssl_protocols {{ nginx_ssl_protocols }}; ssl_protocols {{ nginx_ssl_protocols }};
ssl_ecdh_curve {{ nginx_ssl_ecdh_curve }};
ssl_ciphers "{{ tls_cipher_suite }}"; ssl_ciphers "{{ tls_cipher_suite }}";
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers off;
{# OSCP stapling only works with real certs #} {# OSCP stapling only works with real certs #}
{% if use_letsencrypt == true or item.tls_certificate_path %} {% if use_letsencrypt == true or item.tls_certificate_path %}
@ -38,15 +39,6 @@
resolver {{ nginx_ssl_stapling_resolver }}; resolver {{ nginx_ssl_stapling_resolver }};
{% endif %} {# end: use_letsencrypt #} {% endif %} {# end: use_letsencrypt #}
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous
# sessions. The fix for this is to setup a manual rotation mechanism:
# http://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
#
# Note that you'll have to define and rotate the keys securely by yourself. In absence
# of such infrastructure, consider turning off session tickets:
ssl_session_tickets off;
{% if enable_hsts == true %} {% if enable_hsts == true %}
# Enable this if you want HSTS (recommended, but be careful) # Enable this if you want HSTS (recommended, but be careful)
# Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store # Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store

22
roles/nginx/templates/vhost.conf.j2
View File

@ -8,6 +8,12 @@
{% set has_wordpress = item.has_wordpress | default(false) %} {% set has_wordpress = item.has_wordpress | default(false) %}
{% set needs_php = item.needs_php | default(false) %} {% set needs_php = item.needs_php | default(false) %}
{% set has_gitea = item.has_gitea | default(false) %} {% set has_gitea = item.has_gitea | default(false) %}
{# Allow sites to override the document root #}
{% if item.document_root is defined %}
{% set document_root = item.document_root %}
{% else %}
{% set document_root = (nginx_root_prefix, domain_name) | ansible.builtin.path_join %}
{% endif %}
# http -> https vhost # http -> https vhost
server { server {
@ -26,15 +32,11 @@ server {
} }
server { server {
listen 443 ssl http2; listen 443 ssl;
listen [::]:443 ssl http2; listen [::]:443 ssl;
http2 on;
{# Allow sites to override the nginx document root #} root {{ document_root }};
{% if item.document_root is defined %}
root {{ item.document_root }};
{% else %}
root {{ nginx_root_prefix }}/{{ domain_name }};
{% endif %}
{# will only work if the TLS cert covers the domain + aliases, like example.com and www.example.com #} {# will only work if the TLS cert covers the domain + aliases, like example.com and www.example.com #}
server_name {{ domain_name }} {{ domain_aliases }}; server_name {{ domain_name }} {{ domain_aliases }};
@ -77,10 +79,6 @@ server {
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') %} {% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') %}
fastcgi_pass unix:/run/php/php8.2-fpm-{{ domain_name }}.sock; fastcgi_pass unix:/run/php/php8.2-fpm-{{ domain_name }}.sock;
{% elif (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')) or (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11', '==')) %}
fastcgi_pass unix:/run/php/php7.4-fpm-{{ domain_name }}.sock;
{% else %}
fastcgi_pass unix:/var/run/php5-fpm-{{ domain_name }}.sock;
{% endif %} {% endif %}
fastcgi_index index.php; fastcgi_index index.php;
# set script path relative to document root in server block # set script path relative to document root in server block

4
roles/php-fpm/handlers/main.yml
View File

@ -1,8 +1,4 @@
--- ---
# For Ubuntu 20.04 and Debian 11
- name: reload php7.4-fpm
ansible.builtin.systemd: name=php7.4-fpm state=reloaded
# For Debian 12 # For Debian 12
- name: reload php8.2-fpm - name: reload php8.2-fpm
ansible.builtin.systemd: ansible.builtin.systemd:

35
roles/php-fpm/tasks/Ubuntu_20.04.yml
View File

@ -1,35 +0,0 @@
---
- block:
- name: Set php-fpm packages
ansible.builtin.set_fact:
php_fpm_packages:
- php7.4-fpm
# for WordPress
- php7.4-mysql
- php7.4-gd
- php7.4-curl
- php7.4-xml
- name: Install php-fpm and deps
ansible.builtin.apt: name={{ php_fpm_packages }} state=present update_cache=true
# only copy php-fpm config for vhosts that need WordPress or PHP
- name: Copy php-fpm pool config
ansible.builtin.template: src=php7.4-pool.conf.j2 dest=/etc/php/7.4/fpm/pool.d/{{ item.domain_name }}.conf owner=root group=root mode=0644
loop: "{{ nginx_vhosts }}"
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
notify: reload php7.4-fpm
- name: Remove default www pool
ansible.builtin.file: path=/etc/php/7.4/fpm/pool.d/www.conf state=absent
notify: reload php7.4-fpm
# re-configure php.ini
- name: Update php.ini
ansible.builtin.template: src=php7.4-php.ini.j2 dest=/etc/php/7.4/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.4-fpm
tags: php-fpm
when: install_php
# vim: set ts=2 sw=2:

18
roles/php-fpm/tasks/main.yml
View File

@ -1,6 +1,4 @@
--- ---
# Ubuntu 20.04 uses PHP 7.4
# Debian 11 uses PHP 7.4
# Debian 12 uses PHP 8.2 # Debian 12 uses PHP 8.2
# If any of the vhosts on this host need WordPress then we need to install PHP. # If any of the vhosts on this host need WordPress then we need to install PHP.
@ -26,22 +24,6 @@
install_php: false install_php: false
when: install_php is not defined when: install_php is not defined
- name: Configure php-fpm on Ubuntu 20.04
ansible.builtin.include_tasks: Ubuntu_20.04.yml
when:
- ansible_distribution == 'Ubuntu'
- ansible_distribution_version is version('20.04', '==')
- install_php
tags: php-fpm
- name: Configure php-fpm on Debian 11
ansible.builtin.include_tasks: Ubuntu_20.04.yml
when:
- ansible_distribution == 'Debian'
- ansible_distribution_major_version is version('11', '==')
- install_php
tags: php-fpm
- name: Configure php-fpm on Debian 12 - name: Configure php-fpm on Debian 12
ansible.builtin.include_tasks: Debian_12.yml ansible.builtin.include_tasks: Debian_12.yml
when: when:

1948
roles/php-fpm/templates/php7.4-php.ini.j2
View File

File diff suppressed because it is too large Load Diff

436
roles/php-fpm/templates/php7.4-pool.conf.j2
View File

@ -1,436 +0,0 @@
{% set domain_name = item.domain_name %}
; Start a new pool named '{{ domain_name }}'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('{{ domain_name }}' here)
[{{ domain_name }}]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = nginx
group = nginx
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php/php7.4-fpm-{{ domain_name }}.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = nginx
listen.group = nginx
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/7.4/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

8
roles/php-fpm/templates/php8.2-pool.conf.j2
View File

@ -27,8 +27,8 @@
; --allow-to-run-as-root option to work. ; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default. ; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used. ; If the group is not set, the user's group is used.
user = nginx user = {{ webserver }}
group = nginx group = {{ webserver }}
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:
@ -52,8 +52,8 @@ listen = /run/php/php8.2-fpm-{{ domain_name }}.sock
; and group can be specified either by name or by their numeric IDs. ; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group ; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660. ; is not set, the owner's group is used. Mode is set to 0660.
listen.owner = nginx listen.owner = {{ webserver }}
listen.group = nginx listen.group = {{ webserver }}
;listen.mode = 0660 ;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using ; When POSIX Access Control Lists are supported you can set them using